registry: refactor registry.IsSecure calls into registry.NewEndpoint
Signed-off-by: Tibor Vass <teabee89@gmail.com> Conflicts: registry/endpoint.go registry/endpoint_test.go registry/registry_test.go
This commit is contained in:
parent
96272e1c9a
commit
44d97c1fd0
4 changed files with 82 additions and 18 deletions
|
@ -33,21 +33,15 @@ func scanForApiVersion(hostname string) (string, APIVersion) {
|
||||||
return hostname, DefaultAPIVersion
|
return hostname, DefaultAPIVersion
|
||||||
}
|
}
|
||||||
|
|
||||||
func NewEndpoint(hostname string, secure bool) (*Endpoint, error) {
|
func NewEndpoint(hostname string, insecureRegistries []string) (*Endpoint, error) {
|
||||||
var (
|
endpoint, err := newEndpoint(hostname)
|
||||||
endpoint = Endpoint{secure: secure}
|
|
||||||
trimmedHostname string
|
|
||||||
err error
|
|
||||||
)
|
|
||||||
if !strings.HasPrefix(hostname, "http") {
|
|
||||||
hostname = "https://" + hostname
|
|
||||||
}
|
|
||||||
trimmedHostname, endpoint.Version = scanForApiVersion(hostname)
|
|
||||||
endpoint.URL, err = url.Parse(trimmedHostname)
|
|
||||||
if err != nil {
|
if err != nil {
|
||||||
return nil, err
|
return nil, err
|
||||||
}
|
}
|
||||||
|
|
||||||
|
secure := isSecure(endpoint.URL.Host, insecureRegistries)
|
||||||
|
endpoint.secure = secure
|
||||||
|
|
||||||
// Try HTTPS ping to registry
|
// Try HTTPS ping to registry
|
||||||
endpoint.URL.Scheme = "https"
|
endpoint.URL.Scheme = "https"
|
||||||
if _, err := endpoint.Ping(); err != nil {
|
if _, err := endpoint.Ping(); err != nil {
|
||||||
|
@ -65,12 +59,28 @@ func NewEndpoint(hostname string, secure bool) (*Endpoint, error) {
|
||||||
endpoint.URL.Scheme = "http"
|
endpoint.URL.Scheme = "http"
|
||||||
_, err2 := endpoint.Ping()
|
_, err2 := endpoint.Ping()
|
||||||
if err2 == nil {
|
if err2 == nil {
|
||||||
return &endpoint, nil
|
return endpoint, nil
|
||||||
}
|
}
|
||||||
|
|
||||||
return nil, fmt.Errorf("Invalid registry endpoint %q. HTTPS attempt: %v. HTTP attempt: %v", endpoint, err, err2)
|
return nil, fmt.Errorf("Invalid registry endpoint %q. HTTPS attempt: %v. HTTP attempt: %v", endpoint, err, err2)
|
||||||
}
|
}
|
||||||
|
|
||||||
|
return endpoint, nil
|
||||||
|
}
|
||||||
|
func newEndpoint(hostname string) (*Endpoint, error) {
|
||||||
|
var (
|
||||||
|
endpoint = Endpoint{secure: true}
|
||||||
|
trimmedHostname string
|
||||||
|
err error
|
||||||
|
)
|
||||||
|
if !strings.HasPrefix(hostname, "http") {
|
||||||
|
hostname = "https://" + hostname
|
||||||
|
}
|
||||||
|
trimmedHostname, endpoint.Version = scanForApiVersion(hostname)
|
||||||
|
endpoint.URL, err = url.Parse(trimmedHostname)
|
||||||
|
if err != nil {
|
||||||
|
return nil, err
|
||||||
|
}
|
||||||
return &endpoint, nil
|
return &endpoint, nil
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -141,9 +151,9 @@ func (e Endpoint) Ping() (RegistryInfo, error) {
|
||||||
return info, nil
|
return info, nil
|
||||||
}
|
}
|
||||||
|
|
||||||
// IsSecure returns false if the provided hostname is part of the list of insecure registries.
|
// isSecure returns false if the provided hostname is part of the list of insecure registries.
|
||||||
// Insecure registries accept HTTP and/or accept HTTPS with certificates from unknown CAs.
|
// Insecure registries accept HTTP and/or accept HTTPS with certificates from unknown CAs.
|
||||||
func IsSecure(hostname string, insecureRegistries []string) bool {
|
func isSecure(hostname string, insecureRegistries []string) bool {
|
||||||
if hostname == IndexServerAddress() {
|
if hostname == IndexServerAddress() {
|
||||||
return true
|
return true
|
||||||
}
|
}
|
||||||
|
|
27
docs/endpoint_test.go
Normal file
27
docs/endpoint_test.go
Normal file
|
@ -0,0 +1,27 @@
|
||||||
|
package registry
|
||||||
|
|
||||||
|
import "testing"
|
||||||
|
|
||||||
|
func TestEndpointParse(t *testing.T) {
|
||||||
|
testData := []struct {
|
||||||
|
str string
|
||||||
|
expected string
|
||||||
|
}{
|
||||||
|
{IndexServerAddress(), IndexServerAddress()},
|
||||||
|
{"http://0.0.0.0:5000", "http://0.0.0.0:5000/v1/"},
|
||||||
|
{"0.0.0.0:5000", "https://0.0.0.0:5000/v1/"},
|
||||||
|
}
|
||||||
|
for _, td := range testData {
|
||||||
|
e, err := newEndpoint(td.str)
|
||||||
|
if err != nil {
|
||||||
|
t.Errorf("%q: %s", td.str, err)
|
||||||
|
}
|
||||||
|
if e == nil {
|
||||||
|
t.Logf("something's fishy, endpoint for %q is nil", td.str)
|
||||||
|
continue
|
||||||
|
}
|
||||||
|
if e.String() != td.expected {
|
||||||
|
t.Errorf("expected %q, got %q", td.expected, e.String())
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
|
@ -316,3 +316,32 @@ func TestAddRequiredHeadersToRedirectedRequests(t *testing.T) {
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
func TestIsSecure(t *testing.T) {
|
||||||
|
tests := []struct {
|
||||||
|
addr string
|
||||||
|
insecureRegistries []string
|
||||||
|
expected bool
|
||||||
|
}{
|
||||||
|
{"example.com", []string{}, true},
|
||||||
|
{"example.com", []string{"example.com"}, false},
|
||||||
|
{"localhost", []string{"localhost:5000"}, false},
|
||||||
|
{"localhost:5000", []string{"localhost:5000"}, false},
|
||||||
|
{"localhost", []string{"example.com"}, false},
|
||||||
|
{"127.0.0.1:5000", []string{"127.0.0.1:5000"}, false},
|
||||||
|
{"localhost", []string{}, false},
|
||||||
|
{"localhost:5000", []string{}, false},
|
||||||
|
{"127.0.0.1", []string{}, false},
|
||||||
|
{"localhost", []string{"example.com"}, false},
|
||||||
|
{"127.0.0.1", []string{"example.com"}, false},
|
||||||
|
{"example.com", []string{}, true},
|
||||||
|
{"example.com", []string{"example.com"}, false},
|
||||||
|
{"127.0.0.1", []string{"example.com"}, false},
|
||||||
|
{"127.0.0.1:5000", []string{"example.com"}, false},
|
||||||
|
}
|
||||||
|
for _, tt := range tests {
|
||||||
|
if sec := isSecure(tt.addr, tt.insecureRegistries); sec != tt.expected {
|
||||||
|
t.Errorf("isSecure failed for %q %v, expected %v got %v", tt.addr, tt.insecureRegistries, tt.expected, sec)
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
|
@ -40,7 +40,7 @@ func (s *Service) Auth(job *engine.Job) engine.Status {
|
||||||
job.GetenvJson("authConfig", authConfig)
|
job.GetenvJson("authConfig", authConfig)
|
||||||
|
|
||||||
if addr := authConfig.ServerAddress; addr != "" && addr != IndexServerAddress() {
|
if addr := authConfig.ServerAddress; addr != "" && addr != IndexServerAddress() {
|
||||||
endpoint, err := NewEndpoint(addr, IsSecure(addr, s.insecureRegistries))
|
endpoint, err := NewEndpoint(addr, s.insecureRegistries)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
return job.Error(err)
|
return job.Error(err)
|
||||||
}
|
}
|
||||||
|
@ -92,9 +92,7 @@ func (s *Service) Search(job *engine.Job) engine.Status {
|
||||||
return job.Error(err)
|
return job.Error(err)
|
||||||
}
|
}
|
||||||
|
|
||||||
secure := IsSecure(hostname, s.insecureRegistries)
|
endpoint, err := NewEndpoint(hostname, s.insecureRegistries)
|
||||||
|
|
||||||
endpoint, err := NewEndpoint(hostname, secure)
|
|
||||||
if err != nil {
|
if err != nil {
|
||||||
return job.Error(err)
|
return job.Error(err)
|
||||||
}
|
}
|
||||||
|
|
Loading…
Reference in a new issue