Merge pull request #46436 from thaJeztah/search_remove_unused_bits

registry: assorted fixes for search
2023-09-18 21:28:33 +02:00 · 2023-09-18 21:28:33 +02:00 · a24d254397
commit a24d254397
parent 07e28a968b b7d29c1e23
4 changed files with 28 additions and 74 deletions
--- a/registry/registry_mock_test.go
+++ b/registry/registry_mock_test.go
@ -76,35 +76,30 @@ func makeHTTPSURL(req string) string {
 }

 func makeIndex(req string) *registry.IndexInfo {
-	index := &registry.IndexInfo{
+	return &registry.IndexInfo{
 		Name: makeURL(req),
 	}
-	return index
 }

 func makeHTTPSIndex(req string) *registry.IndexInfo {
-	index := &registry.IndexInfo{
+	return &registry.IndexInfo{
 		Name: makeHTTPSURL(req),
 	}
-	return index
 }

 func makePublicIndex() *registry.IndexInfo {
-	index := &registry.IndexInfo{
+	return &registry.IndexInfo{
 		Name:     IndexServer,
 		Secure:   true,
 		Official: true,
 	}
-	return index
 }

 func makeServiceConfig(mirrors []string, insecureRegistries []string) (*serviceConfig, error) {
-	options := ServiceOptions{
+	return newServiceConfig(ServiceOptions{
 		Mirrors:            mirrors,
 		InsecureRegistries: insecureRegistries,
-	}
-
-	return newServiceConfig(options)
+	})
 }

 func writeHeaders(w http.ResponseWriter) {
@ -114,8 +109,6 @@ func writeHeaders(w http.ResponseWriter) {
 	h.Add("Content-Type", "application/json")
 	h.Add("Pragma", "no-cache")
 	h.Add("Cache-Control", "no-cache")
-	h.Add("X-Docker-Registry-Version", "0.0.0")
-	h.Add("X-Docker-Registry-Config", "mock")
 }

 func writeResponse(w http.ResponseWriter, message interface{}, code int) {
@ -156,5 +149,5 @@ func TestPing(t *testing.T) {
 		t.Fatal(err)
 	}
 	assert.Equal(t, res.StatusCode, http.StatusOK, "")
-	assert.Equal(t, res.Header.Get("X-Docker-Registry-Config"), "mock", "This is not a Mocked Registry")
+	assert.Equal(t, res.Header.Get("Server"), "docker-tests/mock")
 }
--- a/registry/registry_test.go
+++ b/registry/registry_test.go
@ -1,14 +1,12 @@
 package registry // import "github.com/docker/docker/registry"

 import (
-	"os"
 	"testing"

 	"github.com/distribution/reference"
 	"github.com/docker/docker/api/types/registry"
 	"gotest.tools/v3/assert"
 	is "gotest.tools/v3/assert/cmp"
-	"gotest.tools/v3/skip"
 )

 func TestParseRepositoryInfo(t *testing.T) {
@ -381,7 +379,6 @@ func TestNewIndexInfo(t *testing.T) {
 }

 func TestMirrorEndpointLookup(t *testing.T) {
-	skip.If(t, os.Getuid() != 0, "skipping test that requires root")
 	containsMirror := func(endpoints []APIEndpoint) bool {
 		for _, pe := range endpoints {
 			if pe.URL.Host == "my.mirror" {
--- a/registry/search_endpoint_v1.go
+++ b/registry/search_endpoint_v1.go
@ -4,7 +4,6 @@ import (
 	"context"
 	"crypto/tls"
 	"encoding/json"
-	"io"
 	"net/http"
 	"net/url"
 	"strings"
@ -15,12 +14,8 @@ import (
 )

 // v1PingResult contains the information returned when pinging a registry. It
-// indicates the registry's version and whether the registry claims to be a
-// standalone registry.
+// indicates whether the registry claims to be a standalone registry.
 type v1PingResult struct {
-	// Version is the registry version supplied by the registry in an HTTP
-	// header
-	Version string `json:"version"`
 	// Standalone is set to true if the registry indicates it is a
 	// standalone registry in the X-Docker-Registry-Standalone
 	// header
@ -47,39 +42,30 @@ func newV1Endpoint(index *registry.IndexInfo, headers http.Header) (*v1Endpoint,
 		return nil, err
 	}

-	err = validateEndpoint(endpoint)
-	if err != nil {
-		return nil, err
+	if endpoint.String() == IndexServer {
+		// Skip the check, we know this one is valid
+		// (and we never want to fall back to http in case of error)
+		return endpoint, nil
 	}

-	return endpoint, nil
-}
-
-func validateEndpoint(endpoint *v1Endpoint) error {
-	log.G(context.TODO()).Debugf("pinging registry endpoint %s", endpoint)
-
 	// Try HTTPS ping to registry
 	endpoint.URL.Scheme = "https"
 	if _, err := endpoint.ping(); err != nil {
 		if endpoint.IsSecure {
 			// If registry is secure and HTTPS failed, show user the error and tell them about `--insecure-registry`
-			// in case that's what they need. DO NOT accept unknown CA certificates, and DO NOT fallback to HTTP.
-			return invalidParamf("invalid registry endpoint %s: %v. If this private registry supports only HTTP or HTTPS with an unknown CA certificate, please add `--insecure-registry %s` to the daemon's arguments. In the case of HTTPS, if you have access to the registry's CA certificate, no need for the flag; simply place the CA certificate at /etc/docker/certs.d/%s/ca.crt", endpoint, err, endpoint.URL.Host, endpoint.URL.Host)
+			// in case that's what they need. DO NOT accept unknown CA certificates, and DO NOT fall back to HTTP.
+			return nil, invalidParamf("invalid registry endpoint %s: %v. If this private registry supports only HTTP or HTTPS with an unknown CA certificate, please add `--insecure-registry %s` to the daemon's arguments. In the case of HTTPS, if you have access to the registry's CA certificate, no need for the flag; simply place the CA certificate at /etc/docker/certs.d/%s/ca.crt", endpoint, err, endpoint.URL.Host, endpoint.URL.Host)
 		}

-		// If registry is insecure and HTTPS failed, fallback to HTTP.
+		// registry is insecure and HTTPS failed, fallback to HTTP.
 		log.G(context.TODO()).WithError(err).Debugf("error from registry %q marked as insecure - insecurely falling back to HTTP", endpoint)
 		endpoint.URL.Scheme = "http"
-
-		var err2 error
-		if _, err2 = endpoint.ping(); err2 == nil {
-			return nil
+		if _, err2 := endpoint.ping(); err2 != nil {
+			return nil, invalidParamf("invalid registry endpoint %q. HTTPS attempt: %v. HTTP attempt: %v", endpoint, err, err2)
 		}
-
-		return invalidParamf("invalid registry endpoint %q. HTTPS attempt: %v. HTTP attempt: %v", endpoint, err, err2)
 	}

-	return nil
+	return endpoint, nil
 }

 // trimV1Address trims the "v1" version suffix off the address and returns
@ -130,8 +116,8 @@ func (e *v1Endpoint) ping() (v1PingResult, error) {
 		return v1PingResult{}, nil
 	}

-	log.G(context.TODO()).Debugf("attempting v1 ping for registry endpoint %s", e)
 	pingURL := e.String() + "_ping"
+	log.G(context.TODO()).WithField("url", pingURL).Debug("attempting v1 ping for registry endpoint")
 	req, err := http.NewRequest(http.MethodGet, pingURL, nil)
 	if err != nil {
 		return v1PingResult{}, invalidParam(err)
@ -144,9 +130,14 @@ func (e *v1Endpoint) ping() (v1PingResult, error) {

 	defer resp.Body.Close()

-	jsonString, err := io.ReadAll(resp.Body)
-	if err != nil {
-		return v1PingResult{}, invalidParamWrapf(err, "error while reading response from %s", pingURL)
+	if v := resp.Header.Get("X-Docker-Registry-Standalone"); v != "" {
+		info := v1PingResult{}
+		// Accepted values are "1", and "true" (case-insensitive).
+		if v == "1" || strings.EqualFold(v, "true") {
+			info.Standalone = true
+		}
+		log.G(context.TODO()).Debugf("v1PingResult.Standalone (from X-Docker-Registry-Standalone header): %t", info.Standalone)
+		return info, nil
 	}

 	// If the header is absent, we assume true for compatibility with earlier
@ -154,24 +145,11 @@ func (e *v1Endpoint) ping() (v1PingResult, error) {
 	info := v1PingResult{
 		Standalone: true,
 	}
-	if err := json.Unmarshal(jsonString, &info); err != nil {
+	if err := json.NewDecoder(resp.Body).Decode(&info); err != nil {
 		log.G(context.TODO()).WithError(err).Debug("error unmarshaling _ping response")
 		// don't stop here. Just assume sane defaults
 	}
-	if hdr := resp.Header.Get("X-Docker-Registry-Version"); hdr != "" {
-		info.Version = hdr
-	}
-	log.G(context.TODO()).Debugf("v1PingResult.Version: %q", info.Version)

-	standalone := resp.Header.Get("X-Docker-Registry-Standalone")
-
-	// Accepted values are "true" (case-insensitive) and "1".
-	if strings.EqualFold(standalone, "true") || standalone == "1" {
-		info.Standalone = true
-	} else if len(standalone) > 0 {
-		// there is a header set, and it is not "true" or "1", so assume fails
-		info.Standalone = false
-	}
 	log.G(context.TODO()).Debugf("v1PingResult.Standalone: %t", info.Standalone)
 	return info, nil
 }
--- a/registry/search_endpoint_v1_test.go
+++ b/registry/search_endpoint_v1_test.go
@ -3,19 +3,15 @@ package registry // import "github.com/docker/docker/registry"
 import (
 	"net/http"
 	"net/http/httptest"
-	"net/url"
-	"os"
 	"strings"
 	"testing"

 	"github.com/docker/docker/api/types/registry"
 	"gotest.tools/v3/assert"
 	is "gotest.tools/v3/assert/cmp"
-	"gotest.tools/v3/skip"
 )

 func TestV1EndpointPing(t *testing.T) {
-	skip.If(t, os.Getuid() != 0, "skipping test that requires root")
 	testPing := func(index *registry.IndexInfo, expectedStandalone bool, assertMessage string) {
 		ep, err := newV1Endpoint(index, nil)
 		if err != nil {
@ -35,7 +31,6 @@ func TestV1EndpointPing(t *testing.T) {
 }

 func TestV1Endpoint(t *testing.T) {
-	skip.If(t, os.Getuid() != 0, "skipping test that requires root")
 	// Simple wrapper to fail test if err != nil
 	expandEndpoint := func(index *registry.IndexInfo) *v1Endpoint {
 		endpoint, err := newV1Endpoint(index, nil)
@ -168,20 +163,11 @@ func TestV1EndpointValidate(t *testing.T) {
 	testServer := httptest.NewServer(requireBasicAuthHandler)
 	defer testServer.Close()

-	testServerURL, err := url.Parse(testServer.URL)
+	testEndpoint, err := newV1Endpoint(&registry.IndexInfo{Name: testServer.URL}, nil)
 	if err != nil {
 		t.Fatal(err)
 	}

-	testEndpoint := v1Endpoint{
-		URL:    testServerURL,
-		client: httpClient(newTransport(nil)),
-	}
-
-	if err = validateEndpoint(&testEndpoint); err != nil {
-		t.Fatal(err)
-	}
-
 	if testEndpoint.URL.Scheme != "http" {
 		t.Fatalf("expecting to validate endpoint as http, got url %s", testEndpoint.String())
 	}