registry: move allowNondistributableArtifacts, isSecureIndex to config
This felt slightly more natural to make it a function of the config type itself. Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
This commit is contained in:
parent
382b986520
commit
2b5dc81582
|
@ -242,7 +242,7 @@ skip:
|
||||||
// hostname should be a URL.Host (`host:port` or `host`) where the `host` part can be either a domain name
|
// hostname should be a URL.Host (`host:port` or `host`) where the `host` part can be either a domain name
|
||||||
// or an IP address. If it is a domain name, then it will be resolved to IP addresses for matching. If
|
// or an IP address. If it is a domain name, then it will be resolved to IP addresses for matching. If
|
||||||
// resolution fails, CIDR matching is not performed.
|
// resolution fails, CIDR matching is not performed.
|
||||||
func allowNondistributableArtifacts(config *serviceConfig, hostname string) bool {
|
func (config *serviceConfig) allowNondistributableArtifacts(hostname string) bool {
|
||||||
for _, h := range config.AllowNondistributableArtifactsHostnames {
|
for _, h := range config.AllowNondistributableArtifactsHostnames {
|
||||||
if h == hostname {
|
if h == hostname {
|
||||||
return true
|
return true
|
||||||
|
@ -263,7 +263,7 @@ func allowNondistributableArtifacts(config *serviceConfig, hostname string) bool
|
||||||
// or an IP address. If it is a domain name, then it will be resolved in order to check if the IP is contained
|
// or an IP address. If it is a domain name, then it will be resolved in order to check if the IP is contained
|
||||||
// in a subnet. If the resolving is not successful, isSecureIndex will only try to match hostname to any element
|
// in a subnet. If the resolving is not successful, isSecureIndex will only try to match hostname to any element
|
||||||
// of insecureRegistries.
|
// of insecureRegistries.
|
||||||
func isSecureIndex(config *serviceConfig, indexName string) bool {
|
func (config *serviceConfig) isSecureIndex(indexName string) bool {
|
||||||
// Check for configured index, first. This is needed in case isSecureIndex
|
// Check for configured index, first. This is needed in case isSecureIndex
|
||||||
// is called from anything besides newIndexInfo, in order to honor per-index configurations.
|
// is called from anything besides newIndexInfo, in order to honor per-index configurations.
|
||||||
if index, ok := config.IndexConfigs[indexName]; ok {
|
if index, ok := config.IndexConfigs[indexName]; ok {
|
||||||
|
@ -385,7 +385,7 @@ func newIndexInfo(config *serviceConfig, indexName string) (*registry.IndexInfo,
|
||||||
return ®istry.IndexInfo{
|
return ®istry.IndexInfo{
|
||||||
Name: indexName,
|
Name: indexName,
|
||||||
Mirrors: make([]string, 0),
|
Mirrors: make([]string, 0),
|
||||||
Secure: isSecureIndex(config, indexName),
|
Secure: config.isSecureIndex(indexName),
|
||||||
Official: false,
|
Official: false,
|
||||||
}, nil
|
}, nil
|
||||||
}
|
}
|
||||||
|
|
|
@ -660,7 +660,7 @@ func TestAllowNondistributableArtifacts(t *testing.T) {
|
||||||
if err != nil {
|
if err != nil {
|
||||||
t.Error(err)
|
t.Error(err)
|
||||||
}
|
}
|
||||||
if v := allowNondistributableArtifacts(config, tt.addr); v != tt.expected {
|
if v := config.allowNondistributableArtifacts(tt.addr); v != tt.expected {
|
||||||
t.Errorf("allowNondistributableArtifacts failed for %q %v, expected %v got %v", tt.addr, tt.registries, tt.expected, v)
|
t.Errorf("allowNondistributableArtifacts failed for %q %v, expected %v got %v", tt.addr, tt.registries, tt.expected, v)
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
@ -703,7 +703,7 @@ func TestIsSecureIndex(t *testing.T) {
|
||||||
if err != nil {
|
if err != nil {
|
||||||
t.Error(err)
|
t.Error(err)
|
||||||
}
|
}
|
||||||
if sec := isSecureIndex(config, tt.addr); sec != tt.expected {
|
if sec := config.isSecureIndex(tt.addr); sec != tt.expected {
|
||||||
t.Errorf("isSecureIndex failed for %q %v, expected %v got %v", tt.addr, tt.insecureRegistries, tt.expected, sec)
|
t.Errorf("isSecureIndex failed for %q %v, expected %v got %v", tt.addr, tt.insecureRegistries, tt.expected, sec)
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
|
@ -224,7 +224,7 @@ type APIEndpoint struct {
|
||||||
// TLSConfig constructs a client TLS configuration based on server defaults
|
// TLSConfig constructs a client TLS configuration based on server defaults
|
||||||
func (s *defaultService) TLSConfig(hostname string) (*tls.Config, error) {
|
func (s *defaultService) TLSConfig(hostname string) (*tls.Config, error) {
|
||||||
s.mu.RLock()
|
s.mu.RLock()
|
||||||
secure := isSecureIndex(s.config, hostname)
|
secure := s.config.isSecureIndex(hostname)
|
||||||
s.mu.RUnlock()
|
s.mu.RUnlock()
|
||||||
|
|
||||||
return newTLSConfig(hostname, secure)
|
return newTLSConfig(hostname, secure)
|
||||||
|
|
|
@ -17,7 +17,7 @@ func (s *defaultService) lookupV2Endpoints(hostname string) (endpoints []APIEndp
|
||||||
if err != nil {
|
if err != nil {
|
||||||
return nil, invalidParam(err)
|
return nil, invalidParam(err)
|
||||||
}
|
}
|
||||||
mirrorTLSConfig, err := newTLSConfig(mirrorURL.Host, isSecureIndex(s.config, mirrorURL.Host))
|
mirrorTLSConfig, err := newTLSConfig(mirrorURL.Host, s.config.isSecureIndex(mirrorURL.Host))
|
||||||
if err != nil {
|
if err != nil {
|
||||||
return nil, err
|
return nil, err
|
||||||
}
|
}
|
||||||
|
@ -40,12 +40,12 @@ func (s *defaultService) lookupV2Endpoints(hostname string) (endpoints []APIEndp
|
||||||
return endpoints, nil
|
return endpoints, nil
|
||||||
}
|
}
|
||||||
|
|
||||||
tlsConfig, err := newTLSConfig(hostname, isSecureIndex(s.config, hostname))
|
tlsConfig, err := newTLSConfig(hostname, s.config.isSecureIndex(hostname))
|
||||||
if err != nil {
|
if err != nil {
|
||||||
return nil, err
|
return nil, err
|
||||||
}
|
}
|
||||||
|
|
||||||
ana := allowNondistributableArtifacts(s.config, hostname)
|
ana := s.config.allowNondistributableArtifacts(hostname)
|
||||||
endpoints = []APIEndpoint{
|
endpoints = []APIEndpoint{
|
||||||
{
|
{
|
||||||
URL: &url.URL{
|
URL: &url.URL{
|
||||||
|
|
Loading…
Reference in New Issue