diff options
| author | Sebastiaan van Stijn <github@gone.nl> | 2020-10-28 12:05:40 +0100 |
|---|---|---|
| committer | Sebastiaan van Stijn <github@gone.nl> | 2020-10-28 14:06:36 +0100 |
| commit | 7782d04141c2056ffad8ae286eba7e7994e42bc1 (patch) | |
| tree | c4f3e9f17de42f0d3f9429e7d0a8478a265a05ea /registry/service.go | |
| parent | ab47fd2f72b4f1d757a4a6cd986c51733535ee2a (diff) | |
| download | docker-7782d04141c2056ffad8ae286eba7e7994e42bc1.tar.gz | |
registry: remove v1 authentication
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
Diffstat (limited to 'registry/service.go')
| -rw-r--r-- | registry/service.go | 32 |
1 files changed, 12 insertions, 20 deletions
diff --git a/registry/service.go b/registry/service.go index 08f5c7a4e1..8d8dbd9c17 100644 --- a/registry/service.go +++ b/registry/service.go @@ -120,24 +120,21 @@ func (s *DefaultService) Auth(ctx context.Context, authConfig *types.AuthConfig, return "", "", errdefs.InvalidParameter(errors.Errorf("unable to parse server address: %v", err)) } + // Lookup endpoints for authentication using "LookupPushEndpoints", which + // excludes mirrors to prevent sending credentials of the upstream registry + // to a mirror. endpoints, err := s.LookupPushEndpoints(u.Host) if err != nil { return "", "", errdefs.InvalidParameter(err) } for _, endpoint := range endpoints { - login := loginV2 - if endpoint.Version == APIVersion1 { - login = loginV1 - } - - status, token, err = login(authConfig, endpoint, userAgent) + status, token, err = loginV2(authConfig, endpoint, userAgent) if err == nil { return } if fErr, ok := err.(fallbackError); ok { - err = fErr.err - logrus.Infof("Error logging in to %s endpoint, trying next endpoint: %v", endpoint.Version, err) + logrus.WithError(fErr.err).Infof("Error logging in to endpoint, trying next endpoint") continue } @@ -259,6 +256,7 @@ type APIEndpoint struct { } // ToV1Endpoint returns a V1 API endpoint based on the APIEndpoint +// Deprecated: this function is deprecated and will be removed in a future update func (e APIEndpoint) ToV1Endpoint(userAgent string, metaHeaders http.Header) *V1Endpoint { return newV1Endpoint(*e.URL, e.TLSConfig, userAgent, metaHeaders) } @@ -280,24 +278,22 @@ func (s *DefaultService) tlsConfigForMirror(mirrorURL *url.URL) (*tls.Config, er return s.tlsConfig(mirrorURL.Host) } -// LookupPullEndpoints creates a list of endpoints to try to pull from, in order of preference. -// It gives preference to v2 endpoints over v1, mirrors over the actual -// registry, and HTTPS over plain HTTP. +// LookupPullEndpoints creates a list of v2 endpoints to try to pull from, in order of preference. +// It gives preference to mirrors over the actual registry, and HTTPS over plain HTTP. func (s *DefaultService) LookupPullEndpoints(hostname string) (endpoints []APIEndpoint, err error) { s.mu.Lock() defer s.mu.Unlock() - return s.lookupEndpoints(hostname) + return s.lookupV2Endpoints(hostname) } -// LookupPushEndpoints creates a list of endpoints to try to push to, in order of preference. -// It gives preference to v2 endpoints over v1, and HTTPS over plain HTTP. -// Mirrors are not included. +// LookupPushEndpoints creates a list of v2 endpoints to try to push to, in order of preference. +// It gives preference to HTTPS over plain HTTP. Mirrors are not included. func (s *DefaultService) LookupPushEndpoints(hostname string) (endpoints []APIEndpoint, err error) { s.mu.Lock() defer s.mu.Unlock() - allEndpoints, err := s.lookupEndpoints(hostname) + allEndpoints, err := s.lookupV2Endpoints(hostname) if err == nil { for _, endpoint := range allEndpoints { if !endpoint.Mirror { @@ -307,7 +303,3 @@ func (s *DefaultService) LookupPushEndpoints(hostname string) (endpoints []APIEn } return endpoints, err } - -func (s *DefaultService) lookupEndpoints(hostname string) (endpoints []APIEndpoint, err error) { - return s.lookupV2Endpoints(hostname) -} |