Merge pull request #2035 from runcom/fix-foreign-urls-check

registry/handles/app: always append default urls regexps
This commit is contained in:
Derek McGowan 2016-12-06 10:21:14 -08:00 committed by GitHub
commit 67095fbce3
3 changed files with 16 additions and 9 deletions

View file

@ -188,8 +188,11 @@ type Configuration struct {
// Validation configures validation options for the registry. // Validation configures validation options for the registry.
Validation struct { Validation struct {
// Enabled enables the other options in this section. // Enabled enables the other options in this section. This field is
// deprecated in favor of Disabled.
Enabled bool `yaml:"enabled,omitempty"` Enabled bool `yaml:"enabled,omitempty"`
// Disabled disables the other options in this section.
Disabled bool `yaml:"disabled,omitempty"`
// Manifests configures manifest validation. // Manifests configures manifest validation.
Manifests struct { Manifests struct {
// URLs configures validation for URLs in pushed manifests. // URLs configures validation for URLs in pushed manifests.

View file

@ -251,7 +251,6 @@ information about each option that appears later in this page.
schema1: schema1:
signingkeyfile: /etc/registry/key.json signingkeyfile: /etc/registry/key.json
validation: validation:
enabled: true
manifests: manifests:
urls: urls:
allow: allow:
@ -1871,7 +1870,6 @@ defines such a feature with configurable behavior.
## Validation ## Validation
validation: validation:
enabled: true
manifests: manifests:
urls: urls:
allow: allow:
@ -1879,16 +1877,18 @@ defines such a feature with configurable behavior.
deny: deny:
- ^https?://www\.example\.com/ - ^https?://www\.example\.com/
### Enabled ### disabled
Use the `enabled` flag to enable the other options in the `validation` Use the `disabled` flag to disable the other options in the `validation`
section. They are disabled by default. section. They are enabled by default.
This option deprecates the `enabled` flag.
### Manifests ### manifests
Use the `manifest` subsection to configure manifest validation. Use the `manifests` subsection to configure manifests validation. If `disabled` is
`false` the validation allows nothing.
#### URLs #### urls
The `allow` and `deny` options are both lists of The `allow` and `deny` options are both lists of
[regular expressions](https://godoc.org/regexp/syntax) that restrict the URLs in [regular expressions](https://godoc.org/regexp/syntax) that restrict the URLs in

View file

@ -213,6 +213,10 @@ func NewApp(ctx context.Context, config *configuration.Configuration) *App {
options = append(options, storage.EnableRedirect) options = append(options, storage.EnableRedirect)
} }
if !config.Validation.Enabled {
config.Validation.Enabled = !config.Validation.Disabled
}
// configure validation // configure validation
if config.Validation.Enabled { if config.Validation.Enabled {
if len(config.Validation.Manifests.URLs.Allow) == 0 && len(config.Validation.Manifests.URLs.Deny) == 0 { if len(config.Validation.Manifests.URLs.Allow) == 0 && len(config.Validation.Manifests.URLs.Deny) == 0 {