Skip to content

Commit

Permalink
Remove insecure-registry filter based on the imageRef
Browse files Browse the repository at this point in the history
Signed-off-by: Domenico Luciani <[email protected]>
  • Loading branch information
Domenico Luciani committed Sep 20, 2023
1 parent 22114fc commit baf4c82
Show file tree
Hide file tree
Showing 6 changed files with 14 additions and 24 deletions.
2 changes: 1 addition & 1 deletion cmd/lifecycle/exporter.go
Original file line number Diff line number Diff line change
Expand Up @@ -357,7 +357,7 @@ func (e *exportCmd) initRemoteAppImage(analyzedMD files.Analyzed) (imgutil.Image
opts = append(opts, remote.WithHistory())
}

opts = append(opts, image.GetInsecureOptions(e.InsecureRegistries, e.RunImageRef)...)
opts = append(opts, image.GetInsecureOptions(e.InsecureRegistries)...)

if analyzedMD.PreviousImageRef() != "" {
cmd.DefaultLogger.Infof("Reusing layers from image '%s'", analyzedMD.PreviousImageRef())
Expand Down
4 changes: 2 additions & 2 deletions cmd/lifecycle/rebaser.go
Original file line number Diff line number Diff line change
Expand Up @@ -113,7 +113,7 @@ func (r *rebaseCmd) Exec() error {
)
} else {
var opts []remote.ImageOption
opts = append(opts, append(image.GetInsecureOptions(r.InsecureRegistries, r.RunImageRef), remote.FromBaseImage(r.RunImageRef))...)
opts = append(opts, append(image.GetInsecureOptions(r.InsecureRegistries), remote.FromBaseImage(r.RunImageRef))...)

newBaseImage, err = remote.NewImage(
r.RunImageRef,
Expand Down Expand Up @@ -172,7 +172,7 @@ func (r *rebaseCmd) setAppImage() error {
remote.FromBaseImage(targetImageRef),
}

opts = append(opts, image.GetInsecureOptions(r.InsecureRegistries, targetImageRef)...)
opts = append(opts, image.GetInsecureOptions(r.InsecureRegistries)...)

r.appImage, err = remote.NewImage(
targetImageRef,
Expand Down
2 changes: 1 addition & 1 deletion cmd/lifecycle/restorer.go
Original file line number Diff line number Diff line change
Expand Up @@ -220,7 +220,7 @@ func (r *restoreCmd) pullSparse(imageRef string) (imgutil.Image, error) {
}

var opts []remote.ImageOption
opts = append(opts, append(image.GetInsecureOptions(r.InsecureRegistries, imageRef), remote.FromBaseImage(imageRef))...)
opts = append(opts, append(image.GetInsecureOptions(r.InsecureRegistries), remote.FromBaseImage(imageRef))...)

// get remote image
remoteImage, err := remote.NewImage(imageRef, r.keychain, opts...)
Expand Down
12 changes: 4 additions & 8 deletions image/registry_handler.go
Original file line number Diff line number Diff line change
@@ -1,8 +1,6 @@
package image

import (
"strings"

"github.com/buildpacks/imgutil/remote"
"github.com/google/go-containerregistry/pkg/authn"
"github.com/pkg/errors"
Expand Down Expand Up @@ -35,7 +33,7 @@ func NewRegistryHandler(keychain authn.Keychain, insecureRegistries []string) *D
// EnsureReadAccess ensures that we can read from the registry
func (rv *DefaultRegistryHandler) EnsureReadAccess(imageRefs ...string) error {
for _, imageRef := range imageRefs {
if err := verifyReadAccess(imageRef, rv.keychain, GetInsecureOptions(rv.insecureRegistry, imageRef)); err != nil {
if err := verifyReadAccess(imageRef, rv.keychain, GetInsecureOptions(rv.insecureRegistry)); err != nil {
return err
}
}
Expand All @@ -45,7 +43,7 @@ func (rv *DefaultRegistryHandler) EnsureReadAccess(imageRefs ...string) error {
// EnsureWriteAccess ensures that we can write to the registry
func (rv *DefaultRegistryHandler) EnsureWriteAccess(imageRefs ...string) error {
for _, imageRef := range imageRefs {
if err := verifyReadWriteAccess(imageRef, rv.keychain, GetInsecureOptions(rv.insecureRegistry, imageRef)); err != nil {
if err := verifyReadWriteAccess(imageRef, rv.keychain, GetInsecureOptions(rv.insecureRegistry)); err != nil {
return err
}
}
Expand All @@ -58,13 +56,11 @@ TODO: This is a temporary solution in order to get insecure registries in other
TODO: Ideally we should fix the `imgutil.options` struct visibility in order to mock and test the `remote.WithRegistrySetting`
TODO: function correctly and use the RegistryHandler everywhere it is needed.
*/
func GetInsecureOptions(insecureRegistries []string, imageRef string) []remote.ImageOption {
func GetInsecureOptions(insecureRegistries []string) []remote.ImageOption {
var opts []remote.ImageOption
if len(insecureRegistries) > 0 {
for _, insecureRegistry := range insecureRegistries {
if strings.HasPrefix(imageRef, insecureRegistry) {
opts = append(opts, remote.WithRegistrySetting(insecureRegistry, true))
}
opts = append(opts, remote.WithRegistrySetting(insecureRegistry, true))
}
}
return opts
Expand Down
16 changes: 5 additions & 11 deletions image/registry_handler_test.go
Original file line number Diff line number Diff line change
Expand Up @@ -15,25 +15,19 @@ func TestRegistryHandler(t *testing.T) {
func testRegistryHandler(t *testing.T, when spec.G, it spec.S) {
when("insecure registry", func() {
it("returns WithRegistrySetting options for the domains specified", func() {
registryOptions := GetInsecureOptions([]string{"host.docker.internal"}, "host.docker.internal/bar")
registryOptions := GetInsecureOptions([]string{"host.docker.internal"})

h.AssertEq(t, len(registryOptions), 1)
})

it("returns WithRegistrySetting options only for the domains specified", func() {
registryOptions := GetInsecureOptions([]string{"host.docker.internal", "this.is.just.a.try"}, "host.docker.internal/bar")

h.AssertEq(t, len(registryOptions), 1)
})

it("returns empty options if any domain hasn't been specified and the imageRef is empty", func() {
options := GetInsecureOptions(nil, "")
it("returns empty options if any domain hasn't been specified", func() {
options := GetInsecureOptions(nil)

h.AssertEq(t, len(options), 0)
})

it("returns empty options if an empty list of insecure registries has been passed but the imageRef has been passed anyway", func() {
options := GetInsecureOptions([]string{}, "host.docker.container")
it("returns empty options if an empty list of insecure registries has been passed", func() {
options := GetInsecureOptions([]string{})

h.AssertEq(t, len(options), 0)
})
Expand Down
2 changes: 1 addition & 1 deletion image/remote_handler.go
Original file line number Diff line number Diff line change
Expand Up @@ -22,7 +22,7 @@ func (h *RemoteHandler) InitImage(imageRef string) (imgutil.Image, error) {
remote.FromBaseImage(imageRef),
}

options = append(options, GetInsecureOptions(h.insecureRegistries, imageRef)...)
options = append(options, GetInsecureOptions(h.insecureRegistries)...)

return remote.NewImage(
imageRef,
Expand Down

0 comments on commit baf4c82

Please sign in to comment.