Skip to content
This repository has been archived by the owner on Jun 13, 2021. It is now read-only.

Remove --insecure-registries flag #643

Merged
merged 1 commit into from
Sep 27, 2019
Merged

Remove --insecure-registries flag #643

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Jump to
Jump to file
Failed to load files.
Diff view
Diff view
4 changes: 2 additions & 2 deletions e2e/images_test.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -27,7 +27,7 @@ func TestImageList(t *testing.T) {
defer dir.Remove()

// Push an application so that we can later pull it by digest
cmd.Command = dockerCli.Command("app", "push", "--tag", info.registryAddress+"/c-myapp", "--insecure-registries="+info.registryAddress, filepath.Join("testdata", "push-pull", "push-pull.dockerapp"))
cmd.Command = dockerCli.Command("app", "push", "--tag", info.registryAddress+"/c-myapp", filepath.Join("testdata", "push-pull", "push-pull.dockerapp"))
r := icmd.RunCmd(cmd).Assert(t, icmd.Success)

// Get the digest from the output of the pull command
Expand All @@ -36,7 +36,7 @@ func TestImageList(t *testing.T) {
digest := matches[0][1]

// Pull the app by digest
cmd.Command = dockerCli.Command("app", "pull", "--insecure-registries="+info.registryAddress, info.registryAddress+"/c-myapp@"+digest)
cmd.Command = dockerCli.Command("app", "pull", info.registryAddress+"/c-myapp@"+digest)
icmd.RunCmd(cmd).Assert(t, icmd.Success)

cmd.Command = dockerCli.Command("app", "bundle", filepath.Join("testdata", "simple", "simple.dockerapp"), "--tag", "b-simple-app", "--output", dir.Join("simple-bundle.json"))
Expand Down
49 changes: 36 additions & 13 deletions e2e/pushpull_test.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -95,7 +95,7 @@ func TestPushArchs(t *testing.T) {
t.Run(testCase.name, func(t *testing.T) {
cmd := info.configuredCmd
ref := info.registryAddress + "/test/push-pull:1"
args := []string{"app", "push", "--tag", ref, "--insecure-registries=" + info.registryAddress}
args := []string{"app", "push", "--tag", ref}
args = append(args, testCase.args...)
args = append(args, filepath.Join("testdata", "push-pull", "push-pull.dockerapp"))
cmd.Command = dockerCli.Command(args...)
Expand All @@ -121,14 +121,31 @@ func TestPushArchs(t *testing.T) {
})
}

func TestPushInsecureRegistry(t *testing.T) {
runWithDindSwarmAndRegistry(t, func(info dindSwarmAndRegistryInfo) {
ref := info.registryAddress + "/test/push-insecure"

// create a command outside of the dind context so without the insecure registry configured
cmd2, cleanup2 := dockerCli.createTestCmd()
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

cmd2, cleanup2: naming could be better 👼 ?

defer cleanup2()
cmd2.Command = dockerCli.Command("app", "push", "--tag", ref, filepath.Join("testdata", "push-pull", "push-pull.dockerapp"))
icmd.RunCmd(cmd2).Assert(t, icmd.Expected{ExitCode: 1})

// run the push with the command inside dind context configured to allow access to the insecure registry
cmd := info.configuredCmd
cmd.Command = dockerCli.Command("app", "push", "--tag", ref, filepath.Join("testdata", "push-pull", "push-pull.dockerapp"))
icmd.RunCmd(cmd).Assert(t, icmd.Success)
})
}

func TestPushInstall(t *testing.T) {
runWithDindSwarmAndRegistry(t, func(info dindSwarmAndRegistryInfo) {
cmd := info.configuredCmd
ref := info.registryAddress + "/test/push-pull"
cmd.Command = dockerCli.Command("app", "push", "--tag", ref, "--insecure-registries="+info.registryAddress, filepath.Join("testdata", "push-pull", "push-pull.dockerapp"))
cmd.Command = dockerCli.Command("app", "push", "--tag", ref, filepath.Join("testdata", "push-pull", "push-pull.dockerapp"))
icmd.RunCmd(cmd).Assert(t, icmd.Success)

cmd.Command = dockerCli.Command("app", "install", "--insecure-registries="+info.registryAddress, ref, "--name", t.Name())
cmd.Command = dockerCli.Command("app", "install", ref, "--name", t.Name())
icmd.RunCmd(cmd).Assert(t, icmd.Success)
cmd.Command = dockerCli.Command("service", "ls")
assert.Check(t, cmp.Contains(icmd.RunCmd(cmd).Assert(t, icmd.Success).Combined(), ref))
Expand All @@ -140,16 +157,16 @@ func TestPushPullInstall(t *testing.T) {
cmd := info.configuredCmd
ref := info.registryAddress + "/test/push-pull"
tag := ":v.0.0.1"
cmd.Command = dockerCli.Command("app", "push", "--tag", ref+tag, "--insecure-registries="+info.registryAddress, filepath.Join("testdata", "push-pull", "push-pull.dockerapp"))
cmd.Command = dockerCli.Command("app", "push", "--tag", ref+tag, filepath.Join("testdata", "push-pull", "push-pull.dockerapp"))
icmd.RunCmd(cmd).Assert(t, icmd.Success)
cmd.Command = dockerCli.Command("app", "pull", ref+tag, "--insecure-registries="+info.registryAddress)
cmd.Command = dockerCli.Command("app", "pull", ref+tag)
icmd.RunCmd(cmd).Assert(t, icmd.Success)

// stop the registry
info.stopRegistry()

// install without --pull should succeed (rely on local store)
cmd.Command = dockerCli.Command("app", "install", "--insecure-registries="+info.registryAddress, ref+tag, "--name", t.Name())
cmd.Command = dockerCli.Command("app", "install", ref+tag, "--name", t.Name())
icmd.RunCmd(cmd).Assert(t, icmd.Success)
cmd.Command = dockerCli.Command("service", "ls")
assert.Check(t, cmp.Contains(icmd.RunCmd(cmd).Assert(t, icmd.Success).Combined(), ref))
Expand All @@ -162,7 +179,7 @@ func TestPushPullInstall(t *testing.T) {
})

// install with --pull should fail (registry is stopped)
cmd.Command = dockerCli.Command("app", "install", "--pull", "--insecure-registries="+info.registryAddress, ref, "--name", t.Name()+"2")
cmd.Command = dockerCli.Command("app", "install", "--pull", ref, "--name", t.Name()+"2")
assert.Check(t, cmp.Contains(icmd.RunCmd(cmd).Assert(t, icmd.Expected{ExitCode: 1}).Combined(), "failed to resolve bundle manifest"))
})
}
Expand All @@ -183,10 +200,10 @@ func TestPushInstallBundle(t *testing.T) {
// push it and install to check it is available
t.Run("push-bundle", func(t *testing.T) {
name := strings.Replace(t.Name(), "/", "_", 1)
cmd.Command = dockerCli.Command("app", "push", "--insecure-registries="+info.registryAddress, "--tag", ref, bundleFile)
cmd.Command = dockerCli.Command("app", "push", "--tag", ref, bundleFile)
icmd.RunCmd(cmd).Assert(t, icmd.Success)

cmd.Command = dockerCli.Command("app", "install", "--insecure-registries="+info.registryAddress, ref, "--name", name)
cmd.Command = dockerCli.Command("app", "install", ref, "--name", name)
icmd.RunCmd(cmd).Assert(t, icmd.Success)
cmd.Command = dockerCli.Command("service", "ls")
assert.Check(t, cmp.Contains(icmd.RunCmd(cmd).Assert(t, icmd.Success).Combined(), ref))
Expand All @@ -203,10 +220,10 @@ func TestPushInstallBundle(t *testing.T) {
t.Run("push-ref", func(t *testing.T) {
name := strings.Replace(t.Name(), "/", "_", 1)
ref2 := info.registryAddress + "/test/push-ref"
cmd.Command = dockerCli.Command("app", "push", "--insecure-registries="+info.registryAddress, "--tag", ref2, ref+":latest")
cmd.Command = dockerCli.Command("app", "push", "--tag", ref2, ref+":latest")
icmd.RunCmd(cmd).Assert(t, icmd.Success)

cmd.Command = dockerCli.Command("app", "install", "--insecure-registries="+info.registryAddress, ref2, "--name", name)
cmd.Command = dockerCli.Command("app", "install", ref2, "--name", name)
icmd.RunCmd(cmd).Assert(t, icmd.Success)
cmd.Command = dockerCli.Command("service", "ls")
assert.Check(t, cmp.Contains(icmd.RunCmd(cmd).Assert(t, icmd.Success).Combined(), ref2))
Expand All @@ -218,16 +235,22 @@ func TestPushInstallBundle(t *testing.T) {
ref2 := ref + ":v0.42"
// Create a new command so the bundle store can be trashed before installing the app
cmd2, cleanup2 := dockerCli.createTestCmd()

// Enter the same context as `cmd` to run commands within the same environment
cmd2.Command = dockerCli.Command("context", "create", "swarm-context", "--docker", fmt.Sprintf(`"host=tcp://%s"`, info.swarmAddress))
icmd.RunCmd(cmd2).Assert(t, icmd.Success)
cmd2.Env = append(cmd2.Env, "DOCKER_CONTEXT=swarm-context")

// bundle the app again but this time with a tag to store it into the bundle store
cmd2.Command = dockerCli.Command("app", "bundle", "--tag", ref2, "-o", bundleFile, filepath.Join("testdata", "push-pull", "push-pull.dockerapp"))
icmd.RunCmd(cmd2).Assert(t, icmd.Success)
// Push the app without tagging it explicitly
cmd2.Command = dockerCli.Command("app", "push", "--insecure-registries="+info.registryAddress, ref2)
cmd2.Command = dockerCli.Command("app", "push", ref2)
icmd.RunCmd(cmd2).Assert(t, icmd.Success)
// remove the bundle from the bundle store to be sure it won't be used instead of registry
cleanup2()
// install from the registry
cmd.Command = dockerCli.Command("app", "install", "--insecure-registries="+info.registryAddress, ref2, "--name", name)
cmd.Command = dockerCli.Command("app", "install", ref2, "--name", name)
icmd.RunCmd(cmd).Assert(t, icmd.Success)
cmd.Command = dockerCli.Command("service", "ls")
assert.Check(t, cmp.Contains(icmd.RunCmd(cmd).Assert(t, icmd.Success).Combined(), ref))
Expand Down
10 changes: 7 additions & 3 deletions internal/commands/cnab.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -255,7 +255,7 @@ func loadBundleFromFile(filename string) (*bundle.Bundle, error) {
//resolveBundle looks for a CNAB bundle which can be in a Docker App Package format or
// a bundle stored locally or in the bundle store. It returns a built or found bundle,
// a reference to the bundle if it is found in the bundlestore, and an error.
func resolveBundle(dockerCli command.Cli, bundleStore appstore.BundleStore, name string, pullRef bool, insecureRegistries []string) (*bundle.Bundle, string, error) {
func resolveBundle(dockerCli command.Cli, bundleStore appstore.BundleStore, name string, pullRef bool) (*bundle.Bundle, string, error) {
// resolution logic:
// - if there is a docker-app package in working directory, or an http:// / https:// prefix, use packager.Extract result
// - the name has a .json or .cnab extension and refers to an existing file or web resource: load the bundle
Expand Down Expand Up @@ -286,6 +286,10 @@ func resolveBundle(dockerCli command.Cli, bundleStore appstore.BundleStore, name
return nil, "", errors.Wrap(err, name)
}
tagRef := reference.TagNameOnly(ref)
insecureRegistries, err := insecureRegistriesFromEngine(dockerCli)
if err != nil {
return nil, "", fmt.Errorf("could not retrieve insecure registries: %v", err)
}
bndl, err := bundleStore.LookupOrPullBundle(tagRef, pullRef, dockerCli.ConfigFile(), insecureRegistries)
return bndl, tagRef.String(), err
}
Expand Down Expand Up @@ -346,7 +350,7 @@ func isDockerHostLocal(host string) bool {
}

func prepareCustomAction(actionName string, dockerCli command.Cli, appname string, stdout io.Writer,
registryOpts registryOptions, pullOpts pullOptions, paramsOpts parametersOptions) (*action.RunCustom, *appstore.Installation, *bytes.Buffer, error) {
pullOpts pullOptions, paramsOpts parametersOptions) (*action.RunCustom, *appstore.Installation, *bytes.Buffer, error) {
s, err := appstore.NewApplicationStore(config.Dir())
if err != nil {
return nil, nil, nil, err
Expand All @@ -356,7 +360,7 @@ func prepareCustomAction(actionName string, dockerCli command.Cli, appname strin
return nil, nil, nil, err
}
driverImpl, errBuf := prepareDriver(dockerCli, bindMount{}, stdout)
bundle, ref, err := resolveBundle(dockerCli, bundleStore, appname, pullOpts.pull, registryOpts.insecureRegistries)
bundle, ref, err := resolveBundle(dockerCli, bundleStore, appname, pullOpts.pull)
if err != nil {
return nil, nil, nil, err
}
Expand Down
4 changes: 1 addition & 3 deletions internal/commands/inspect.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -11,7 +11,6 @@ import (

type inspectOptions struct {
parametersOptions
registryOptions
pullOptions
}

Expand All @@ -27,14 +26,13 @@ func inspectCmd(dockerCli command.Cli) *cobra.Command {
},
}
opts.parametersOptions.addFlags(cmd.Flags())
opts.registryOptions.addFlags(cmd.Flags())
opts.pullOptions.addFlags(cmd.Flags())
return cmd
}

func runInspect(dockerCli command.Cli, appname string, opts inspectOptions) error {
defer muteDockerCli(dockerCli)()
action, installation, errBuf, err := prepareCustomAction(internal.ActionInspectName, dockerCli, appname, nil, opts.registryOptions, opts.pullOptions, opts.parametersOptions)
action, installation, errBuf, err := prepareCustomAction(internal.ActionInspectName, dockerCli, appname, nil, opts.pullOptions, opts.parametersOptions)
if err != nil {
return err
}
Expand Down
4 changes: 1 addition & 3 deletions internal/commands/install.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -16,7 +16,6 @@ import (
type installOptions struct {
parametersOptions
credentialOptions
registryOptions
pullOptions
orchestrator string
kubeNamespace string
Expand Down Expand Up @@ -59,7 +58,6 @@ func installCmd(dockerCli command.Cli) *cobra.Command {
}
opts.parametersOptions.addFlags(cmd.Flags())
opts.credentialOptions.addFlags(cmd.Flags())
opts.registryOptions.addFlags(cmd.Flags())
opts.pullOptions.addFlags(cmd.Flags())
cmd.Flags().StringVar(&opts.orchestrator, "orchestrator", "", "Orchestrator to install on (swarm, kubernetes)")
cmd.Flags().StringVar(&opts.kubeNamespace, "namespace", "default", "Kubernetes namespace to install into")
Expand All @@ -81,7 +79,7 @@ func runInstall(dockerCli command.Cli, appname string, opts installOptions) erro
return err
}

bndl, ref, err := resolveBundle(dockerCli, bundleStore, appname, opts.pull, opts.insecureRegistries)
bndl, ref, err := resolveBundle(dockerCli, bundleStore, appname, opts.pull)
if err != nil {
return err
}
Expand Down
12 changes: 7 additions & 5 deletions internal/commands/pull.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -14,21 +14,19 @@ import (
)

func pullCmd(dockerCli command.Cli) *cobra.Command {
var opts registryOptions
cmd := &cobra.Command{
Use: "pull NAME:TAG [OPTIONS]",
Short: "Pull an application package from a registry",
Example: `$ docker app pull docker/app-example:0.1.0`,
Args: cli.ExactArgs(1),
RunE: func(cmd *cobra.Command, args []string) error {
return runPull(dockerCli, args[0], opts)
return runPull(dockerCli, args[0])
},
}
opts.addFlags(cmd.Flags())
return cmd
}

func runPull(dockerCli command.Cli, name string, opts registryOptions) error {
func runPull(dockerCli command.Cli, name string) error {
appstore, err := store.NewApplicationStore(config.Dir())
if err != nil {
return err
Expand All @@ -42,7 +40,11 @@ func runPull(dockerCli command.Cli, name string, opts registryOptions) error {
if err != nil {
return errors.Wrap(err, name)
}
bndl, err := bundleStore.LookupOrPullBundle(reference.TagNameOnly(ref), true, dockerCli.ConfigFile(), opts.insecureRegistries)
insecureRegistries, err := insecureRegistriesFromEngine(dockerCli)
if err != nil {
return errors.Wrap(err, "could not retrieve insecure registries")
}
bndl, err := bundleStore.LookupOrPullBundle(reference.TagNameOnly(ref), true, dockerCli.ConfigFile(), insecureRegistries)
if err != nil {
return errors.Wrap(err, name)
}
Expand Down
10 changes: 6 additions & 4 deletions internal/commands/push.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -42,7 +42,6 @@ const ( // Docker specific annotations and values
)

type pushOptions struct {
registry registryOptions
tag string
platforms []string
allPlatforms bool
Expand All @@ -66,7 +65,6 @@ func pushCmd(dockerCli command.Cli) *cobra.Command {
flags.StringVarP(&opts.tag, "tag", "t", "", "Target registry reference (default: <name>:<version> from metadata)")
flags.StringSliceVar(&opts.platforms, "platform", []string{"linux/amd64"}, "For multi-arch service images, push the specified platforms")
flags.BoolVar(&opts.allPlatforms, "all-platforms", false, "If present, push all platforms")
opts.registry.addFlags(flags)
return cmd
}

Expand Down Expand Up @@ -102,7 +100,7 @@ func resolveReferenceAndBundle(dockerCli command.Cli, name string) (*bundle.Bund
return nil, "", err
}

bndl, ref, err := resolveBundle(dockerCli, bundleStore, name, false, nil)
bndl, ref, err := resolveBundle(dockerCli, bundleStore, name, false)
if err != nil {
return nil, "", err
}
Expand Down Expand Up @@ -136,7 +134,11 @@ func pushInvocationImage(dockerCli command.Cli, retag retagResult) error {
}

func pushBundle(dockerCli command.Cli, opts pushOptions, bndl *bundle.Bundle, retag retagResult) error {
resolver := remotes.CreateResolver(dockerCli.ConfigFile(), opts.registry.insecureRegistries...)
insecureRegistries, err := insecureRegistriesFromEngine(dockerCli)
if err != nil {
return errors.Wrap(err, "could not retrive insecure registries")
}
resolver := remotes.CreateResolver(dockerCli.ConfigFile(), insecureRegistries...)
var display fixupDisplay = &plainDisplay{out: os.Stdout}
if term.IsTerminal(os.Stdout.Fd()) {
display = &interactiveDisplay{out: os.Stdout}
Expand Down
4 changes: 1 addition & 3 deletions internal/commands/render.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -13,7 +13,6 @@ import (

type renderOptions struct {
parametersOptions
registryOptions
pullOptions

formatDriver string
Expand All @@ -32,7 +31,6 @@ func renderCmd(dockerCli command.Cli) *cobra.Command {
},
}
opts.parametersOptions.addFlags(cmd.Flags())
opts.registryOptions.addFlags(cmd.Flags())
opts.pullOptions.addFlags(cmd.Flags())
cmd.Flags().StringVarP(&opts.renderOutput, "output", "o", "-", "Output file")
cmd.Flags().StringVar(&opts.formatDriver, "formatter", "yaml", "Configure the output format (yaml|json)")
Expand All @@ -53,7 +51,7 @@ func runRender(dockerCli command.Cli, appname string, opts renderOptions) error
w = f
}

action, installation, errBuf, err := prepareCustomAction(internal.ActionRenderName, dockerCli, appname, w, opts.registryOptions, opts.pullOptions, opts.parametersOptions)
action, installation, errBuf, err := prepareCustomAction(internal.ActionRenderName, dockerCli, appname, w, opts.pullOptions, opts.parametersOptions)
if err != nil {
return err
}
Expand Down
31 changes: 23 additions & 8 deletions internal/commands/root.go
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,6 +1,7 @@
package commands

import (
"context"
"fmt"
"io/ioutil"
"os"
Expand All @@ -10,6 +11,7 @@ import (
"github.com/docker/app/internal/store"
"github.com/docker/cli/cli/command"
"github.com/docker/cli/cli/config"
"github.com/sirupsen/logrus"
"github.com/spf13/cobra"
"github.com/spf13/pflag"
)
Expand Down Expand Up @@ -169,18 +171,31 @@ func (o *credentialOptions) CredentialSetOpts(dockerCli command.Cli, credentialS
}
}

type registryOptions struct {
insecureRegistries []string
}

func (o *registryOptions) addFlags(flags *pflag.FlagSet) {
flags.StringSliceVar(&o.insecureRegistries, "insecure-registries", nil, "Use HTTP instead of HTTPS when pulling from/pushing to those registries")
}

type pullOptions struct {
pull bool
}

func (o *pullOptions) addFlags(flags *pflag.FlagSet) {
flags.BoolVar(&o.pull, "pull", false, "Pull the bundle")
}

// insecureRegistriesFromEngine reads the registry configuration from the daemon and returns
// a list of all insecure ones.
func insecureRegistriesFromEngine(dockerCli command.Cli) ([]string, error) {
registries := []string{}

info, err := dockerCli.Client().Info(context.Background())
if err != nil {
return registries, fmt.Errorf("could not get docker info: %v", err)
}

for _, reg := range info.RegistryConfig.IndexConfigs {
if !reg.Secure {
registries = append(registries, reg.Name)
}
}

logrus.Debugf("insecure registries: %v", registries)

return registries, nil
}