forked from TrueCloudLab/distribution
registry: parse INDEXSERVERADDRESS into a URL for easier check in isSecure
Signed-off-by: Tibor Vass <teabee89@gmail.com>
This commit is contained in:
parent
cca910e878
commit
f0920e61bf
4 changed files with 18 additions and 9 deletions
10
docs/auth.go
10
docs/auth.go
|
@ -7,6 +7,7 @@ import (
|
||||||
"fmt"
|
"fmt"
|
||||||
"io/ioutil"
|
"io/ioutil"
|
||||||
"net/http"
|
"net/http"
|
||||||
|
"net/url"
|
||||||
"os"
|
"os"
|
||||||
"path"
|
"path"
|
||||||
"strings"
|
"strings"
|
||||||
|
@ -27,8 +28,17 @@ const (
|
||||||
|
|
||||||
var (
|
var (
|
||||||
ErrConfigFileMissing = errors.New("The Auth config file is missing")
|
ErrConfigFileMissing = errors.New("The Auth config file is missing")
|
||||||
|
IndexServerURL *url.URL
|
||||||
)
|
)
|
||||||
|
|
||||||
|
func init() {
|
||||||
|
url, err := url.Parse(INDEXSERVER)
|
||||||
|
if err != nil {
|
||||||
|
panic(err)
|
||||||
|
}
|
||||||
|
IndexServerURL = url
|
||||||
|
}
|
||||||
|
|
||||||
type AuthConfig struct {
|
type AuthConfig struct {
|
||||||
Username string `json:"username,omitempty"`
|
Username string `json:"username,omitempty"`
|
||||||
Password string `json:"password,omitempty"`
|
Password string `json:"password,omitempty"`
|
||||||
|
|
|
@ -35,21 +35,18 @@ func scanForAPIVersion(hostname string) (string, APIVersion) {
|
||||||
}
|
}
|
||||||
|
|
||||||
func NewEndpoint(hostname string, insecureRegistries []string) (*Endpoint, error) {
|
func NewEndpoint(hostname string, insecureRegistries []string) (*Endpoint, error) {
|
||||||
endpoint, err := newEndpoint(hostname)
|
endpoint, err := newEndpoint(hostname, insecureRegistries)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
return nil, err
|
return nil, err
|
||||||
}
|
}
|
||||||
|
|
||||||
secure := isSecure(endpoint.URL.Host, insecureRegistries)
|
|
||||||
endpoint.secure = secure
|
|
||||||
|
|
||||||
// Try HTTPS ping to registry
|
// Try HTTPS ping to registry
|
||||||
endpoint.URL.Scheme = "https"
|
endpoint.URL.Scheme = "https"
|
||||||
if _, err := endpoint.Ping(); err != nil {
|
if _, err := endpoint.Ping(); err != nil {
|
||||||
|
|
||||||
//TODO: triggering highland build can be done there without "failing"
|
//TODO: triggering highland build can be done there without "failing"
|
||||||
|
|
||||||
if secure {
|
if endpoint.secure {
|
||||||
// If registry is secure and HTTPS failed, show user the error and tell them about `--insecure-registry`
|
// If registry is secure and HTTPS failed, show user the error and tell them about `--insecure-registry`
|
||||||
// in case that's what they need. DO NOT accept unknown CA certificates, and DO NOT fallback to HTTP.
|
// in case that's what they need. DO NOT accept unknown CA certificates, and DO NOT fallback to HTTP.
|
||||||
return nil, fmt.Errorf("Invalid registry endpoint %s: %v. If this private registry supports only HTTP or HTTPS with an unknown CA certificate, please add `--insecure-registry %s` to the daemon's arguments. In the case of HTTPS, if you have access to the registry's CA certificate, no need for the flag; simply place the CA certificate at /etc/docker/certs.d/%s/ca.crt", endpoint, err, endpoint.URL.Host, endpoint.URL.Host)
|
return nil, fmt.Errorf("Invalid registry endpoint %s: %v. If this private registry supports only HTTP or HTTPS with an unknown CA certificate, please add `--insecure-registry %s` to the daemon's arguments. In the case of HTTPS, if you have access to the registry's CA certificate, no need for the flag; simply place the CA certificate at /etc/docker/certs.d/%s/ca.crt", endpoint, err, endpoint.URL.Host, endpoint.URL.Host)
|
||||||
|
@ -68,9 +65,9 @@ func NewEndpoint(hostname string, insecureRegistries []string) (*Endpoint, error
|
||||||
|
|
||||||
return endpoint, nil
|
return endpoint, nil
|
||||||
}
|
}
|
||||||
func newEndpoint(hostname string) (*Endpoint, error) {
|
func newEndpoint(hostname string, insecureRegistries []string) (*Endpoint, error) {
|
||||||
var (
|
var (
|
||||||
endpoint = Endpoint{secure: true}
|
endpoint = Endpoint{}
|
||||||
trimmedHostname string
|
trimmedHostname string
|
||||||
err error
|
err error
|
||||||
)
|
)
|
||||||
|
@ -82,6 +79,7 @@ func newEndpoint(hostname string) (*Endpoint, error) {
|
||||||
if err != nil {
|
if err != nil {
|
||||||
return nil, err
|
return nil, err
|
||||||
}
|
}
|
||||||
|
endpoint.secure = isSecure(endpoint.URL.Host, insecureRegistries)
|
||||||
return &endpoint, nil
|
return &endpoint, nil
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -155,7 +153,7 @@ func (e Endpoint) Ping() (RegistryInfo, error) {
|
||||||
// isSecure returns false if the provided hostname is part of the list of insecure registries.
|
// isSecure returns false if the provided hostname is part of the list of insecure registries.
|
||||||
// Insecure registries accept HTTP and/or accept HTTPS with certificates from unknown CAs.
|
// Insecure registries accept HTTP and/or accept HTTPS with certificates from unknown CAs.
|
||||||
func isSecure(hostname string, insecureRegistries []string) bool {
|
func isSecure(hostname string, insecureRegistries []string) bool {
|
||||||
if hostname == IndexServerAddress() {
|
if hostname == IndexServerURL.Host {
|
||||||
return true
|
return true
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
|
@ -12,7 +12,7 @@ func TestEndpointParse(t *testing.T) {
|
||||||
{"0.0.0.0:5000", "https://0.0.0.0:5000/v1/"},
|
{"0.0.0.0:5000", "https://0.0.0.0:5000/v1/"},
|
||||||
}
|
}
|
||||||
for _, td := range testData {
|
for _, td := range testData {
|
||||||
e, err := newEndpoint(td.str)
|
e, err := newEndpoint(td.str, insecureRegistries)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
t.Errorf("%q: %s", td.str, err)
|
t.Errorf("%q: %s", td.str, err)
|
||||||
}
|
}
|
||||||
|
|
|
@ -326,6 +326,7 @@ func TestIsSecure(t *testing.T) {
|
||||||
insecureRegistries []string
|
insecureRegistries []string
|
||||||
expected bool
|
expected bool
|
||||||
}{
|
}{
|
||||||
|
{IndexServerURL.Host, nil, true},
|
||||||
{"example.com", []string{}, true},
|
{"example.com", []string{}, true},
|
||||||
{"example.com", []string{"example.com"}, false},
|
{"example.com", []string{"example.com"}, false},
|
||||||
{"localhost", []string{"localhost:5000"}, false},
|
{"localhost", []string{"localhost:5000"}, false},
|
||||||
|
|
Loading…
Reference in a new issue