Skip to content

Honor --allow-private-ip on thv registry login --registry#5353

Merged
reyortiz3 merged 1 commit into
mainfrom
fix/registry-login-allow-private-ip
May 20, 2026
Merged

Honor --allow-private-ip on thv registry login --registry#5353
reyortiz3 merged 1 commit into
mainfrom
fix/registry-login-allow-private-ip

Conversation

@reyortiz3
Copy link
Copy Markdown
Contributor

@reyortiz3 reyortiz3 commented May 20, 2026
edited
Loading

Summary

thv config set-registry --allow-private-ip <url> lets an operator point the CLI at a registry behind a private/corp IP. The matching option is missing from thv registry login, and even via the Go API the boolean was hardcoded one layer down — so an operator combining registration + login in a single step (thv registry login --registry http://10.x.y.z/api --issuer ... --client-id ...) always hits the private-IP rejection regardless of intent.

The same gap applies to auth.Login when used programmatically: LoginOptions had no way to express "this registry is allowed on a private IP."

This PR closes the gap symmetrically:

  • pkg/registry/auth/login.go — adds AllowPrivateIP bool to LoginOptions. ensureRegistryURL threads it into config.DetectRegistryType (so the API-vs-static probe can actually reach the registry) and into the SetRegistryAPI / SetRegistryURL calls (which were false literals).
  • cmd/thv/app/registry_login.go — adds -p / --allow-private-ip, mirroring the flag on thv config set-registry. Default is false.
  • docs/cli/thv_registry_login.md — regenerated via task docs.
  • pkg/registry/auth/login_test.go — new table case in TestEnsureRegistryURL proving AllowPrivateIP: true propagates to SetRegistryURL. The existing false-cases stay untouched, so the no-flag path is regression-guarded.

No behavior change for callers that leave the new field at its zero value.

Fixes #5351

Type of change

  • Bug fix

Test plan

  • Unit tests (task test)
  • Linting (task lint-fix)
  • CLI docs regenerated (task docs)
  • Manual: go build ./cmd/thv + thv registry login --help shows the new -p, --allow-private-ip flag.

🤖 Generated with Claude Code

@reyortiz3 @claude
Honor --allow-private-ip when registering registry via thv registry l…
828ef4a 
…ogin

`thv config set-registry --allow-private-ip <url>` lets an operator point
the CLI at a registry behind a private/corp IP. The same option was
missing from `thv registry login`, and even via the Go API the boolean
was hardcoded to false one layer down — so an operator using
`thv registry login --registry http://10.x.y.z/...` to register and
authenticate in one step always hit the private-IP rejection regardless
of intent.

- LoginOptions: add AllowPrivateIP.
- ensureRegistryURL: thread it into DetectRegistryType and the
  SetRegistryAPI / SetRegistryURL calls (which were `false` literals).
- registry_login.go: add -p/--allow-private-ip mirroring the flag on
  set-registry.

No behavior change for callers that leave the new field at its
zero value.

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
@github-actions github-actions Bot added the size/XS Extra small PR: < 100 lines changed label May 20, 2026
@codecov
Copy link
Copy Markdown

codecov Bot commented May 20, 2026

Codecov Report

❌ Patch coverage is 66.66667% with 1 line in your changes missing coverage. Please review.
✅ Project coverage is 68.43%. Comparing base (2894982) to head (828ef4a).

Files with missing lines Patch % Lines
pkg/registry/auth/login.go 66.66% 1 Missing ⚠️
Additional details and impacted files 
@@            Coverage Diff             @@
##             main    #5353      +/-   ##
==========================================
+ Coverage   68.38%   68.43%   +0.05%     
==========================================
  Files         624      624              
  Lines       63442    63442              
==========================================
+ Hits        43386    43419      +33     
+ Misses      16818    16784      -34     
- Partials     3238     3239       +1

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:
  • ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.

@github-actions github-actions Bot added size/XS Extra small PR: < 100 lines changed and removed size/XS Extra small PR: < 100 lines changed labels May 20, 2026
@reyortiz3 reyortiz3 merged commit bd73817 into main May 20, 2026
45 of 46 checks passed
@reyortiz3 reyortiz3 deleted the fix/registry-login-allow-private-ip branch May 20, 2026 21:10
@claude claude Bot mentioned this pull request May 22, 2026
Open
1 task
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@ChrisJBurns ChrisJBurns ChrisJBurns approved these changes

@JAORMX JAORMX Awaiting requested review from JAORMX JAORMX is a code owner

@rdimitrov rdimitrov Awaiting requested review from rdimitrov rdimitrov is a code owner

@yrobla yrobla Awaiting requested review from yrobla yrobla is a code owner

@amirejaz amirejaz Awaiting requested review from amirejaz amirejaz is a code owner

@lujunsan lujunsan Awaiting requested review from lujunsan lujunsan is a code owner

@jhrozek jhrozek Awaiting requested review from jhrozek jhrozek is a code owner

Assignees

No one assigned

Labels

size/XS Extra small PR: < 100 lines changed

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

thv registry login --registry should support --allow-private-ip

2 participants

@reyortiz3 @ChrisJBurns