forked from TrueCloudLab/distribution
Merge pull request #2035 from runcom/fix-foreign-urls-check
registry/handles/app: always append default urls regexps
This commit is contained in:
commit
67095fbce3
3 changed files with 16 additions and 9 deletions
|
@ -188,8 +188,11 @@ type Configuration struct {
|
||||||
|
|
||||||
// Validation configures validation options for the registry.
|
// Validation configures validation options for the registry.
|
||||||
Validation struct {
|
Validation struct {
|
||||||
// Enabled enables the other options in this section.
|
// Enabled enables the other options in this section. This field is
|
||||||
|
// deprecated in favor of Disabled.
|
||||||
Enabled bool `yaml:"enabled,omitempty"`
|
Enabled bool `yaml:"enabled,omitempty"`
|
||||||
|
// Disabled disables the other options in this section.
|
||||||
|
Disabled bool `yaml:"disabled,omitempty"`
|
||||||
// Manifests configures manifest validation.
|
// Manifests configures manifest validation.
|
||||||
Manifests struct {
|
Manifests struct {
|
||||||
// URLs configures validation for URLs in pushed manifests.
|
// URLs configures validation for URLs in pushed manifests.
|
||||||
|
|
|
@ -251,7 +251,6 @@ information about each option that appears later in this page.
|
||||||
schema1:
|
schema1:
|
||||||
signingkeyfile: /etc/registry/key.json
|
signingkeyfile: /etc/registry/key.json
|
||||||
validation:
|
validation:
|
||||||
enabled: true
|
|
||||||
manifests:
|
manifests:
|
||||||
urls:
|
urls:
|
||||||
allow:
|
allow:
|
||||||
|
@ -1871,7 +1870,6 @@ defines such a feature with configurable behavior.
|
||||||
## Validation
|
## Validation
|
||||||
|
|
||||||
validation:
|
validation:
|
||||||
enabled: true
|
|
||||||
manifests:
|
manifests:
|
||||||
urls:
|
urls:
|
||||||
allow:
|
allow:
|
||||||
|
@ -1879,16 +1877,18 @@ defines such a feature with configurable behavior.
|
||||||
deny:
|
deny:
|
||||||
- ^https?://www\.example\.com/
|
- ^https?://www\.example\.com/
|
||||||
|
|
||||||
### Enabled
|
### disabled
|
||||||
|
|
||||||
Use the `enabled` flag to enable the other options in the `validation`
|
Use the `disabled` flag to disable the other options in the `validation`
|
||||||
section. They are disabled by default.
|
section. They are enabled by default.
|
||||||
|
This option deprecates the `enabled` flag.
|
||||||
|
|
||||||
### Manifests
|
### manifests
|
||||||
|
|
||||||
Use the `manifest` subsection to configure manifest validation.
|
Use the `manifests` subsection to configure manifests validation. If `disabled` is
|
||||||
|
`false` the validation allows nothing.
|
||||||
|
|
||||||
#### URLs
|
#### urls
|
||||||
|
|
||||||
The `allow` and `deny` options are both lists of
|
The `allow` and `deny` options are both lists of
|
||||||
[regular expressions](https://godoc.org/regexp/syntax) that restrict the URLs in
|
[regular expressions](https://godoc.org/regexp/syntax) that restrict the URLs in
|
||||||
|
|
|
@ -213,6 +213,10 @@ func NewApp(ctx context.Context, config *configuration.Configuration) *App {
|
||||||
options = append(options, storage.EnableRedirect)
|
options = append(options, storage.EnableRedirect)
|
||||||
}
|
}
|
||||||
|
|
||||||
|
if !config.Validation.Enabled {
|
||||||
|
config.Validation.Enabled = !config.Validation.Disabled
|
||||||
|
}
|
||||||
|
|
||||||
// configure validation
|
// configure validation
|
||||||
if config.Validation.Enabled {
|
if config.Validation.Enabled {
|
||||||
if len(config.Validation.Manifests.URLs.Allow) == 0 && len(config.Validation.Manifests.URLs.Deny) == 0 {
|
if len(config.Validation.Manifests.URLs.Allow) == 0 && len(config.Validation.Manifests.URLs.Deny) == 0 {
|
||||||
|
|
Loading…
Reference in a new issue