We use cookies to ensure you get the best experience on our website
Home Esplora Aiuto
Registrati Accedi
0ct0pu5
/
moby
1
0
Forka 0
File Problemi 0 Pull Requests 0 Wiki
Sfoglia il codice sorgente

Merge pull request #35751 from thaJeztah/disallow-v1-registries

Disallow using legacy (V1) registries
Victor Vieux 7 anni fa
parent
3b14e5980e 8d6df8a0ad
commit
549a2b9bbe
6 ha cambiato i file con 15 aggiunte e 93 eliminazioni
Visualizzazione separata Mostra Diff Stats
  1. 2 0
      cmd/dockerd/config.go
  2. 10 2
      cmd/dockerd/daemon.go
  3. 0 12
      cmd/dockerd/daemon_unix_test.go
  4. 2 4
      integration-cli/docker_cli_logout_test.go
  5. 0 12
      integration-cli/docker_cli_pull_test.go
  6. 1 63
      integration-cli/docker_cli_v2_only_test.go

+ 2 - 0
cmd/dockerd/config.go
Vedi File 

@@ -92,6 +92,8 @@ func installRegistryServiceFlags(options *registry.ServiceOptions, flags *pflag.
 
 	flags.Var(insecureRegistries, "insecure-registry", "Enable insecure registry communication")
 
 
 	if runtime.GOOS != "windows" {
 
+		// TODO: Remove this flag after 3 release cycles (18.03)
 
 		flags.BoolVar(&options.V2Only, "disable-legacy-registry", true, "Disable contacting legacy registries")
 
+		flags.MarkHidden("disable-legacy-registry")
 
 	}
 
 }

+ 10 - 2
cmd/dockerd/daemon.go
Vedi File 

@@ -6,6 +6,7 @@ import (
 
 	"fmt"
 
 	"os"
 
 	"path/filepath"
 
+	"runtime"
 
 	"strings"
 
 	"time"
 
 
@@ -472,8 +473,15 @@ func loadDaemonCliConfig(opts *daemonOptions) (*config.Config, error) {
 
 		return nil, err
 
 	}
 
 
-	if !conf.V2Only {
 
-		logrus.Warnf(`The "disable-legacy-registry" option is deprecated and wil be removed in Docker v17.12. Interacting with legacy (v1) registries will no longer be supported in Docker v17.12"`)
 
+	if runtime.GOOS != "windows" {
 
+		if flags.Changed("disable-legacy-registry") {
 
+			// TODO: Remove this error after 3 release cycles (18.03)
 
+			return nil, errors.New("ERROR: The '--disable-legacy-registry' flag has been removed. Interacting with legacy (v1) registries is no longer supported")
 
+		}
 
+		if !conf.V2Only {
 
+			// TODO: Remove this error after 3 release cycles (18.03)
 
+			return nil, errors.New("ERROR: The 'disable-legacy-registry' configuration option has been removed. Interacting with legacy (v1) registries is no longer supported")
 
+		}
 
 	}
 
 
 	if flags.Changed("graph") {

+ 0 - 12
cmd/dockerd/daemon_unix_test.go
Vedi File 

@@ -97,15 +97,3 @@ func TestLoadDaemonConfigWithTrueDefaultValuesLeaveDefaults(t *testing.T) {
 
 
 	assert.True(t, loadedConfig.EnableUserlandProxy)
 
 }
 
-
 
-func TestLoadDaemonConfigWithLegacyRegistryOptions(t *testing.T) {
 
-	content := `{"disable-legacy-registry": false}`
 
-	tempFile := fs.NewFile(t, "config", fs.WithContent(content))
 
-	defer tempFile.Remove()
 
-
 
-	opts := defaultOptions(tempFile.Path())
 
-	loadedConfig, err := loadDaemonCliConfig(opts)
 
-	require.NoError(t, err)
 
-	require.NotNil(t, loadedConfig)
 
-	assert.False(t, loadedConfig.V2Only)
 
-}

+ 2 - 4
integration-cli/docker_cli_logout_test.go
Vedi File 

@@ -13,9 +13,7 @@ import (
 
 )
 
 
 func (s *DockerRegistryAuthHtpasswdSuite) TestLogoutWithExternalAuth(c *check.C) {
 
-
 
-	// @TODO TestLogoutWithExternalAuth expects docker to fall back to a v1 registry, so has to be updated for v17.12, when v1 registries are no longer supported
 
-	s.d.StartWithBusybox(c, "--disable-legacy-registry=false")
 
+	s.d.StartWithBusybox(c)
 
 
 	osPath := os.Getenv("PATH")
 
 	defer os.Setenv("PATH", osPath)
 
@@ -62,7 +60,7 @@ func (s *DockerRegistryAuthHtpasswdSuite) TestLogoutWithExternalAuth(c *check.C)
 
 	// check I cannot pull anymore
 
 	out, err := s.d.Cmd("--config", tmp, "pull", repoName)
 
 	c.Assert(err, check.NotNil, check.Commentf(out))
 
-	c.Assert(out, checker.Contains, "Error: image dockercli/busybox:authtest not found")
 
+	c.Assert(out, checker.Contains, "no basic auth credentials")
 
 }
 
 
 // #23100

+ 0 - 12
integration-cli/docker_cli_pull_test.go
Vedi File 

@@ -259,18 +259,6 @@ func (s *DockerHubPullSuite) TestPullClientDisconnect(c *check.C) {
 
 	c.Assert(err, checker.NotNil, check.Commentf("image was pulled after client disconnected"))
 
 }
 
 
-func (s *DockerRegistryAuthHtpasswdSuite) TestPullNoCredentialsNotFound(c *check.C) {
 
-	// @TODO TestPullNoCredentialsNotFound expects docker to fall back to a v1 registry, so has to be updated for v17.12, when v1 registries are no longer supported
 
-	s.d.StartWithBusybox(c, "--disable-legacy-registry=false")
 
-
 
-	// we don't care about the actual image, we just want to see image not found
 
-	// because that means v2 call returned 401 and we fell back to v1 which usually
 
-	// gives a 404 (in this case the test registry doesn't handle v1 at all)
 
-	out, err := s.d.Cmd("pull", privateRegistryURL+"/busybox")
 
-	c.Assert(err, check.NotNil, check.Commentf(out))
 
-	c.Assert(out, checker.Contains, "Error: image busybox:latest not found")
 
-}
 
-
 
 // Regression test for https://github.com/docker/docker/issues/26429
 
 func (s *DockerSuite) TestPullLinuxImageFailsOnWindows(c *check.C) {
 
 	testRequires(c, DaemonIsWindows, Network)

+ 1 - 63
integration-cli/docker_cli_v2_only_test.go
Vedi File 

@@ -22,7 +22,7 @@ func makefile(path string, contents string) (string, error) {
 
 	return f.Name(), nil
 
 }
 
 
-// TestV2Only ensures that a daemon by default does not
 
+// TestV2Only ensures that a daemon does not
 
 // attempt to contact any v1 registry endpoints.
 
 func (s *DockerRegistrySuite) TestV2Only(c *check.C) {
 
 	reg, err := registry.NewMock(c)
 
@@ -56,65 +56,3 @@ func (s *DockerRegistrySuite) TestV2Only(c *check.C) {
 
 	s.d.Cmd("push", repoName)
 
 	s.d.Cmd("pull", repoName)
 
 }
 
-
 
-// TestV1 starts a daemon with legacy registries enabled
 
-// and ensure v1 endpoints are hit for the following operations:
 
-// login, push, pull, build & run
 
-func (s *DockerRegistrySuite) TestV1(c *check.C) {
 
-	reg, err := registry.NewMock(c)
 
-	defer reg.Close()
 
-	c.Assert(err, check.IsNil)
 
-
 
-	v2Pings := 0
 
-	reg.RegisterHandler("/v2/", func(w http.ResponseWriter, r *http.Request) {
 
-		v2Pings++
 
-		// V2 ping 404 causes fallback to v1
 
-		w.WriteHeader(404)
 
-	})
 
-
 
-	v1Pings := 0
 
-	reg.RegisterHandler("/v1/_ping", func(w http.ResponseWriter, r *http.Request) {
 
-		v1Pings++
 
-	})
 
-
 
-	v1Logins := 0
 
-	reg.RegisterHandler("/v1/users/", func(w http.ResponseWriter, r *http.Request) {
 
-		v1Logins++
 
-	})
 
-
 
-	v1Repo := 0
 
-	reg.RegisterHandler("/v1/repositories/busybox/", func(w http.ResponseWriter, r *http.Request) {
 
-		v1Repo++
 
-	})
 
-
 
-	reg.RegisterHandler("/v1/repositories/busybox/images", func(w http.ResponseWriter, r *http.Request) {
 
-		v1Repo++
 
-	})
 
-
 
-	s.d.Start(c, "--insecure-registry", reg.URL(), "--disable-legacy-registry=false")
 
-
 
-	tmp, err := ioutil.TempDir("", "integration-cli-")
 
-	c.Assert(err, check.IsNil)
 
-	defer os.RemoveAll(tmp)
 
-
 
-	dockerfileName, err := makefile(tmp, fmt.Sprintf("FROM %s/busybox", reg.URL()))
 
-	c.Assert(err, check.IsNil, check.Commentf("Unable to create test dockerfile"))
 
-
 
-	s.d.Cmd("build", "--file", dockerfileName, tmp)
 
-	c.Assert(v1Repo, check.Equals, 1, check.Commentf("Expected v1 repository access after build"))
 
-
 
-	repoName := fmt.Sprintf("%s/busybox", reg.URL())
 
-	s.d.Cmd("run", repoName)
 
-	c.Assert(v1Repo, check.Equals, 2, check.Commentf("Expected v1 repository access after run"))
 
-
 
-	s.d.Cmd("login", "-u", "richard", "-p", "testtest", reg.URL())
 
-	c.Assert(v1Logins, check.Equals, 1, check.Commentf("Expected v1 login attempt"))
 
-
 
-	s.d.Cmd("tag", "busybox", repoName)
 
-	s.d.Cmd("push", repoName)
 
-
 
-	c.Assert(v1Repo, check.Equals, 2)
 
-
 
-	s.d.Cmd("pull", repoName)
 
-	c.Assert(v1Repo, check.Equals, 3, check.Commentf("Expected v1 repository access after pull"))
 
-}

Contact | Legal | Takedown | Status
Self-hosted public services - About
NibbleSpot by 0ct0pu5