forked from TrueCloudLab/distribution
ebaa771c3b
Add a daemon flag to control this behaviour. Add a warning message when pulling an image from a v1 registry. The default order of pull is slightly altered with this changset. Previously it was: https v2, https v1, http v2, http v1 now it is: https v2, http v2, https v1, http v1 Prevent login to v1 registries by explicitly setting the version before ping to prevent fallback to v1. Add unit tests for v2 only mode. Create a mock server that can register handlers for various endpoints. Assert no v1 endpoints are hit with legacy registries disabled for the following commands: pull, push, build, run and login. Assert the opposite when legacy registries are not disabled. Signed-off-by: Richard Scothern <richard.scothern@gmail.com>
83 lines
1.9 KiB
Go
83 lines
1.9 KiB
Go
package registry
|
|
|
|
import (
|
|
"fmt"
|
|
"strings"
|
|
|
|
"github.com/docker/distribution/registry/client/auth"
|
|
"github.com/docker/docker/pkg/tlsconfig"
|
|
)
|
|
|
|
func (s *Service) lookupV2Endpoints(repoName string) (endpoints []APIEndpoint, err error) {
|
|
var cfg = tlsconfig.ServerDefault
|
|
tlsConfig := &cfg
|
|
if strings.HasPrefix(repoName, DefaultNamespace+"/") {
|
|
// v2 mirrors
|
|
for _, mirror := range s.Config.Mirrors {
|
|
mirrorTLSConfig, err := s.tlsConfigForMirror(mirror)
|
|
if err != nil {
|
|
return nil, err
|
|
}
|
|
endpoints = append(endpoints, APIEndpoint{
|
|
URL: mirror,
|
|
// guess mirrors are v2
|
|
Version: APIVersion2,
|
|
Mirror: true,
|
|
TrimHostname: true,
|
|
TLSConfig: mirrorTLSConfig,
|
|
})
|
|
}
|
|
// v2 registry
|
|
endpoints = append(endpoints, APIEndpoint{
|
|
URL: DefaultV2Registry,
|
|
Version: APIVersion2,
|
|
Official: true,
|
|
TrimHostname: true,
|
|
TLSConfig: tlsConfig,
|
|
})
|
|
|
|
return endpoints, nil
|
|
}
|
|
|
|
slashIndex := strings.IndexRune(repoName, '/')
|
|
if slashIndex <= 0 {
|
|
return nil, fmt.Errorf("invalid repo name: missing '/': %s", repoName)
|
|
}
|
|
hostname := repoName[:slashIndex]
|
|
|
|
tlsConfig, err = s.TLSConfig(hostname)
|
|
if err != nil {
|
|
return nil, err
|
|
}
|
|
|
|
v2Versions := []auth.APIVersion{
|
|
{
|
|
Type: "registry",
|
|
Version: "2.0",
|
|
},
|
|
}
|
|
endpoints = []APIEndpoint{
|
|
{
|
|
URL: "https://" + hostname,
|
|
Version: APIVersion2,
|
|
TrimHostname: true,
|
|
TLSConfig: tlsConfig,
|
|
VersionHeader: DefaultRegistryVersionHeader,
|
|
Versions: v2Versions,
|
|
},
|
|
}
|
|
|
|
if tlsConfig.InsecureSkipVerify {
|
|
endpoints = append(endpoints, APIEndpoint{
|
|
URL: "http://" + hostname,
|
|
Version: APIVersion2,
|
|
TrimHostname: true,
|
|
// used to check if supposed to be secure via InsecureSkipVerify
|
|
TLSConfig: tlsConfig,
|
|
VersionHeader: DefaultRegistryVersionHeader,
|
|
Versions: v2Versions,
|
|
})
|
|
}
|
|
|
|
return endpoints, nil
|
|
}
|