Merge branch 'main' into dev-image-index

buildpacks · Sep 20, 2023 · 47b3689 · 47b3689
2 parents 2fcc6b5 + 4ec9360
commit 47b3689
Show file tree

Hide file tree

Showing 5 changed files with 45 additions and 19 deletions.
diff --git a/remote/new.go b/remote/new.go
@@ -1,7 +1,6 @@
 package remote
 
 import (
-	"crypto/tls"
 	"io"
 	"net/http"
 	"strings"
@@ -218,22 +217,14 @@ func newV1Image(keychain authn.Keychain, repoName string, platform imgutil.Platf
 		OSVersion:    platform.OSVersion,
 	}
 
-	opts := []remote.Option{remote.WithAuth(auth), remote.WithPlatform(v1Platform)}
-	// #nosec G402
-	if reg.insecure {
-		opts = append(opts, remote.WithTransport(&http.Transport{
-			TLSClientConfig: &tls.Config{
-				InsecureSkipVerify: true,
-			},
-		}))
-	} else {
-		opts = append(opts, remote.WithTransport(http.DefaultTransport))
-	}
-
 	var image v1.Image
 	for i := 0; i <= maxRetries; i++ {
 		time.Sleep(100 * time.Duration(i) * time.Millisecond) // wait if retrying
-		image, err = remote.Image(ref, opts...)
+		image, err = remote.Image(ref,
+			remote.WithAuth(auth),
+			remote.WithPlatform(v1Platform),
+			remote.WithTransport(getTransport(reg.insecure)),
+		)
 		if err != nil {
 			if err == io.EOF && i != maxRetries {
 				continue // retry if EOF

diff --git a/remote/options.go b/remote/options.go
@@ -100,10 +100,14 @@ func WithPreviousImage(imageName string) ImageOption {
 // insecure parameter allows image references to be fetched without TLS.
 func WithRegistrySetting(repository string, insecure bool) ImageOption {
 	return func(opts *options) error {
-		opts.registrySettings = make(map[string]registrySetting)
+		if len(opts.registrySettings) == 0 {
+			opts.registrySettings = make(map[string]registrySetting)
+		}
+
 		opts.registrySettings[repository] = registrySetting{
 			insecure: insecure,
 		}
+
 		return nil
 	}
 }

diff --git a/remote/remote.go b/remote/remote.go
@@ -104,7 +104,7 @@ func (i *Image) found() (*v1.Descriptor, error) {
 	if err != nil {
 		return nil, err
 	}
-	return remote.Head(ref, remote.WithAuth(auth), remote.WithTransport(http.DefaultTransport))
+	return remote.Head(ref, remote.WithAuth(auth), remote.WithTransport(getTransport(reg.insecure)))
 }
 
 func (i *Image) Valid() bool {
@@ -117,7 +117,7 @@ func (i *Image) valid() error {
 	if err != nil {
 		return err
 	}
-	desc, err := remote.Get(ref, remote.WithAuth(auth), remote.WithTransport(http.DefaultTransport))
+	desc, err := remote.Get(ref, remote.WithAuth(auth), remote.WithTransport(getTransport(reg.insecure)))
 	if err != nil {
 		return err
 	}
@@ -454,7 +454,7 @@ func (i *Image) Delete() error {
 	if err != nil {
 		return err
 	}
-	return remote.Delete(ref, remote.WithAuth(auth))
+	return remote.Delete(ref, remote.WithAuth(auth), remote.WithTransport(getTransport(reg.insecure)))
 }
 
 func (i *Image) Rebase(baseTopLayer string, newBase imgutil.Image) error {

diff --git a/remote/remote_test.go b/remote/remote_test.go
@@ -211,6 +211,18 @@ func testImage(t *testing.T, when spec.G, it spec.S) {
 						h.AssertError(t, err, "http://")
 					})
 
+					it("tries to pull the image from an insecure registry if WithRegistrySettings insecure has been set, it works with multiple registries", func() {
+						_, err := remote.NewImage(
+							repoName,
+							authn.DefaultKeychain,
+							remote.FromBaseImage("myother-insecure-registry.com/repo/superbase"),
+							remote.WithRegistrySetting("myregistry.domain.com", true),
+							remote.WithRegistrySetting("myother-insecure-registry.com", true),
+						)
+
+						h.AssertError(t, err, "http://myother-insecure-registry.com")
+					})
+
 					it("sets the initial state from a windows/amd64 base image", func() {
 						baseImageName := "mcr.microsoft.com/windows/nanoserver@sha256:06281772b6a561411d4b338820d94ab1028fdeb076c85350bbc01e80c4bfa2b4"
 						existingLayerSha := "sha256:26fd2d9d4c64a4f965bbc77939a454a31b607470f430b5d69fc21ded301fa55e"

diff --git a/remote/save.go b/remote/save.go
@@ -1,7 +1,9 @@
 package remote
 
 import (
+	"crypto/tls"
 	"fmt"
+	"net/http"
 
 	v1 "github.com/google/go-containerregistry/pkg/v1"
 	"github.com/google/go-containerregistry/pkg/v1/mutate"
@@ -89,5 +91,22 @@ func (i *Image) doSave(imageName string) error {
 	if err != nil {
 		return err
 	}
-	return remote.Write(ref, i.image, remote.WithAuth(auth))
+
+	return remote.Write(ref, i.image,
+		remote.WithAuth(auth),
+		remote.WithTransport(getTransport(reg.insecure)),
+	)
+}
+
+func getTransport(insecure bool) http.RoundTripper {
+	// #nosec G402
+	if insecure {
+		return &http.Transport{
+			TLSClientConfig: &tls.Config{
+				InsecureSkipVerify: true,
+			},
+		}
+	}
+
+	return http.DefaultTransport
 }