forked from TrueCloudLab/distribution
make http usage for registry explicit
Docker-DCO-1.1-Signed-off-by: Cristian Staretu <cristian.staretu@gmail.com> (github: unclejack) Conflicts: daemon/config.go daemon/daemon.go graph/pull.go graph/push.go graph/tags.go registry/registry.go registry/service.go
This commit is contained in:
parent
5685221c5f
commit
034c1cfb9d
2 changed files with 50 additions and 1 deletions
|
@ -213,6 +213,55 @@ func ResolveRepositoryName(reposName string) (string, string, error) {
|
||||||
return hostname, reposName, nil
|
return hostname, reposName, nil
|
||||||
}
|
}
|
||||||
|
|
||||||
|
// this method expands the registry name as used in the prefix of a repo
|
||||||
|
// to a full url. if it already is a url, there will be no change.
|
||||||
|
func ExpandAndVerifyRegistryUrl(hostname string, secure bool) (endpoint string, err error) {
|
||||||
|
if strings.HasPrefix(hostname, "http:") || strings.HasPrefix(hostname, "https:") {
|
||||||
|
// if there is no slash after https:// (8 characters) then we have no path in the url
|
||||||
|
if strings.LastIndex(hostname, "/") < 9 {
|
||||||
|
// there is no path given. Expand with default path
|
||||||
|
hostname = hostname + "/v1/"
|
||||||
|
}
|
||||||
|
if _, err := pingRegistryEndpoint(hostname); err != nil {
|
||||||
|
return "", errors.New("Invalid Registry endpoint: " + err.Error())
|
||||||
|
}
|
||||||
|
return hostname, nil
|
||||||
|
}
|
||||||
|
|
||||||
|
// use HTTPS if secure, otherwise use HTTP
|
||||||
|
if secure {
|
||||||
|
endpoint = fmt.Sprintf("https://%s/v1/", hostname)
|
||||||
|
} else {
|
||||||
|
endpoint = fmt.Sprintf("http://%s/v1/", hostname)
|
||||||
|
}
|
||||||
|
_, err = pingRegistryEndpoint(endpoint)
|
||||||
|
if err != nil {
|
||||||
|
//TODO: triggering highland build can be done there without "failing"
|
||||||
|
err = fmt.Errorf("Invalid registry endpoint '%s': %s ", endpoint, err)
|
||||||
|
if secure {
|
||||||
|
err = fmt.Errorf("%s. If this private registry supports only HTTP, please add `--insecure-registry %s` to the daemon's arguments.", err, hostname)
|
||||||
|
}
|
||||||
|
return "", err
|
||||||
|
}
|
||||||
|
return endpoint, nil
|
||||||
|
}
|
||||||
|
|
||||||
|
// this method verifies if the provided hostname is part of the list of
|
||||||
|
// insecure registries and returns false if HTTP should be used
|
||||||
|
func IsSecure(hostname string, insecureRegistries []string) (secure bool) {
|
||||||
|
secure = true
|
||||||
|
for _, h := range insecureRegistries {
|
||||||
|
if hostname == h {
|
||||||
|
secure = false
|
||||||
|
break
|
||||||
|
}
|
||||||
|
}
|
||||||
|
if hostname == IndexServerAddress() {
|
||||||
|
secure = true
|
||||||
|
}
|
||||||
|
return
|
||||||
|
}
|
||||||
|
|
||||||
func trustedLocation(req *http.Request) bool {
|
func trustedLocation(req *http.Request) bool {
|
||||||
var (
|
var (
|
||||||
trusteds = []string{"docker.com", "docker.io"}
|
trusteds = []string{"docker.com", "docker.io"}
|
||||||
|
|
|
@ -40,7 +40,7 @@ func (s *Service) Auth(job *engine.Job) engine.Status {
|
||||||
job.GetenvJson("authConfig", authConfig)
|
job.GetenvJson("authConfig", authConfig)
|
||||||
// TODO: this is only done here because auth and registry need to be merged into one pkg
|
// TODO: this is only done here because auth and registry need to be merged into one pkg
|
||||||
if addr := authConfig.ServerAddress; addr != "" && addr != IndexServerAddress() {
|
if addr := authConfig.ServerAddress; addr != "" && addr != IndexServerAddress() {
|
||||||
endpoint, err := NewEndpoint(addr)
|
endpoint, err := NewEndpoint(addr, true)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
return job.Error(err)
|
return job.Error(err)
|
||||||
}
|
}
|
||||||
|
|
Loading…
Reference in a new issue