Browse code
registry: always treat 127.0.0.1 as insecure for all cases anytime anywhere
Docker-DCO-1.1-Signed-off-by: Erik Hollensbe <github@hollensbe.org> (github: erikh)
Erik Hollensbe authored on 2014/11/13 02:08:45Showing 2 changed files
| ... | ... |
@@ -152,19 +152,25 @@ func (e Endpoint) Ping() (RegistryInfo, error) {
|
| 152 | 152 |
// IsSecure returns false if the provided hostname is part of the list of insecure registries. |
| 153 | 153 |
// Insecure registries accept HTTP and/or accept HTTPS with certificates from unknown CAs. |
| 154 | 154 |
func IsSecure(hostname string, insecureRegistries []string) bool {
|
| 155 |
+ |
|
| 155 | 156 |
if hostname == IndexServerAddress() {
|
| 156 | 157 |
return true |
| 157 | 158 |
} |
| 159 |
+ |
|
| 160 |
+ host, _, err := net.SplitHostPort(hostname) |
|
| 161 |
+ |
|
| 162 |
+ if err != nil {
|
|
| 163 |
+ host = hostname |
|
| 164 |
+ } |
|
| 165 |
+ |
|
| 166 |
+ if host == "127.0.0.1" || host == "localhost" {
|
|
| 167 |
+ return false |
|
| 168 |
+ } |
|
| 169 |
+ |
|
| 158 | 170 |
if len(insecureRegistries) == 0 {
|
| 159 |
- host, _, err := net.SplitHostPort(hostname) |
|
| 160 |
- if err != nil {
|
|
| 161 |
- host = hostname |
|
| 162 |
- } |
|
| 163 |
- if host == "127.0.0.1" || host == "localhost" {
|
|
| 164 |
- return false |
|
| 165 |
- } |
|
| 166 | 171 |
return true |
| 167 | 172 |
} |
| 173 |
+ |
|
| 168 | 174 |
for _, h := range insecureRegistries {
|
| 169 | 175 |
if hostname == h {
|
| 170 | 176 |
return false |
| ... | ... |
@@ -328,31 +328,19 @@ func TestIsSecure(t *testing.T) {
|
| 328 | 328 |
}{
|
| 329 | 329 |
{"example.com", []string{}, true},
|
| 330 | 330 |
{"example.com", []string{"example.com"}, false},
|
| 331 |
- {"localhost", []string{"localhost:5000"}, true},
|
|
| 331 |
+ {"localhost", []string{"localhost:5000"}, false},
|
|
| 332 | 332 |
{"localhost:5000", []string{"localhost:5000"}, false},
|
| 333 |
- {"localhost", []string{"example.com"}, true},
|
|
| 333 |
+ {"localhost", []string{"example.com"}, false},
|
|
| 334 | 334 |
{"127.0.0.1:5000", []string{"127.0.0.1:5000"}, false},
|
| 335 |
- } |
|
| 336 |
- for _, tt := range tests {
|
|
| 337 |
- if sec := IsSecure(tt.addr, tt.insecureRegistries); sec != tt.expected {
|
|
| 338 |
- t.Errorf("IsSecure failed for %q %v, expected %v got %v", tt.addr, tt.insecureRegistries, tt.expected, sec)
|
|
| 339 |
- } |
|
| 340 |
- } |
|
| 341 |
-} |
|
| 342 |
- |
|
| 343 |
-func TestIsSecure(t *testing.T) {
|
|
| 344 |
- tests := []struct {
|
|
| 345 |
- addr string |
|
| 346 |
- insecureRegistries []string |
|
| 347 |
- expected bool |
|
| 348 |
- }{
|
|
| 349 | 335 |
{"localhost", []string{}, false},
|
| 350 | 336 |
{"localhost:5000", []string{}, false},
|
| 351 | 337 |
{"127.0.0.1", []string{}, false},
|
| 352 |
- {"localhost", []string{"example.com"}, true},
|
|
| 353 |
- {"127.0.0.1", []string{"example.com"}, true},
|
|
| 338 |
+ {"localhost", []string{"example.com"}, false},
|
|
| 339 |
+ {"127.0.0.1", []string{"example.com"}, false},
|
|
| 354 | 340 |
{"example.com", []string{}, true},
|
| 355 | 341 |
{"example.com", []string{"example.com"}, false},
|
| 342 |
+ {"127.0.0.1", []string{"example.com"}, false},
|
|
| 343 |
+ {"127.0.0.1:5000", []string{"example.com"}, false},
|
|
| 356 | 344 |
} |
| 357 | 345 |
for _, tt := range tests {
|
| 358 | 346 |
if sec := IsSecure(tt.addr, tt.insecureRegistries); sec != tt.expected {
|