github.com/jfrazelle/docker@v1.1.2-0.20210712172922-bf78e25fe508/registry/endpoint_v1.go (about)

     1  package registry // import "github.com/docker/docker/registry"
     2  
     3  import (
     4  	"crypto/tls"
     5  	"encoding/json"
     6  	"fmt"
     7  	"io/ioutil"
     8  	"net/http"
     9  	"net/url"
    10  	"strings"
    11  
    12  	"github.com/docker/distribution/registry/client/transport"
    13  	registrytypes "github.com/docker/docker/api/types/registry"
    14  	"github.com/sirupsen/logrus"
    15  )
    16  
    17  // V1Endpoint stores basic information about a V1 registry endpoint.
    18  type V1Endpoint struct {
    19  	client   *http.Client
    20  	URL      *url.URL
    21  	IsSecure bool
    22  }
    23  
    24  // NewV1Endpoint parses the given address to return a registry endpoint.
    25  // TODO: remove. This is only used by search.
    26  func NewV1Endpoint(index *registrytypes.IndexInfo, userAgent string, metaHeaders http.Header) (*V1Endpoint, error) {
    27  	tlsConfig, err := newTLSConfig(index.Name, index.Secure)
    28  	if err != nil {
    29  		return nil, err
    30  	}
    31  
    32  	endpoint, err := newV1EndpointFromStr(GetAuthConfigKey(index), tlsConfig, userAgent, metaHeaders)
    33  	if err != nil {
    34  		return nil, err
    35  	}
    36  
    37  	if err := validateEndpoint(endpoint); err != nil {
    38  		return nil, err
    39  	}
    40  
    41  	return endpoint, nil
    42  }
    43  
    44  func validateEndpoint(endpoint *V1Endpoint) error {
    45  	logrus.Debugf("pinging registry endpoint %s", endpoint)
    46  
    47  	// Try HTTPS ping to registry
    48  	endpoint.URL.Scheme = "https"
    49  	if _, err := endpoint.Ping(); err != nil {
    50  		if endpoint.IsSecure {
    51  			// If registry is secure and HTTPS failed, show user the error and tell them about `--insecure-registry`
    52  			// in case that's what they need. DO NOT accept unknown CA certificates, and DO NOT fallback to HTTP.
    53  			return fmt.Errorf("invalid registry endpoint %s: %v. If this private registry supports only HTTP or HTTPS with an unknown CA certificate, please add `--insecure-registry %s` to the daemon's arguments. In the case of HTTPS, if you have access to the registry's CA certificate, no need for the flag; simply place the CA certificate at /etc/docker/certs.d/%s/ca.crt", endpoint, err, endpoint.URL.Host, endpoint.URL.Host)
    54  		}
    55  
    56  		// If registry is insecure and HTTPS failed, fallback to HTTP.
    57  		logrus.Debugf("Error from registry %q marked as insecure: %v. Insecurely falling back to HTTP", endpoint, err)
    58  		endpoint.URL.Scheme = "http"
    59  
    60  		var err2 error
    61  		if _, err2 = endpoint.Ping(); err2 == nil {
    62  			return nil
    63  		}
    64  
    65  		return fmt.Errorf("invalid registry endpoint %q. HTTPS attempt: %v. HTTP attempt: %v", endpoint, err, err2)
    66  	}
    67  
    68  	return nil
    69  }
    70  
    71  func newV1Endpoint(address url.URL, tlsConfig *tls.Config, userAgent string, metaHeaders http.Header) *V1Endpoint {
    72  	endpoint := &V1Endpoint{
    73  		IsSecure: tlsConfig == nil || !tlsConfig.InsecureSkipVerify,
    74  		URL:      new(url.URL),
    75  	}
    76  
    77  	*endpoint.URL = address
    78  
    79  	// TODO(tiborvass): make sure a ConnectTimeout transport is used
    80  	tr := NewTransport(tlsConfig)
    81  	endpoint.client = HTTPClient(transport.NewTransport(tr, Headers(userAgent, metaHeaders)...))
    82  	return endpoint
    83  }
    84  
    85  // trimV1Address trims the version off the address and returns the
    86  // trimmed address or an error if there is a non-V1 version.
    87  func trimV1Address(address string) (string, error) {
    88  	var (
    89  		chunks        []string
    90  		apiVersionStr string
    91  	)
    92  
    93  	if strings.HasSuffix(address, "/") {
    94  		address = address[:len(address)-1]
    95  	}
    96  
    97  	chunks = strings.Split(address, "/")
    98  	apiVersionStr = chunks[len(chunks)-1]
    99  	if apiVersionStr == "v1" {
   100  		return strings.Join(chunks[:len(chunks)-1], "/"), nil
   101  	}
   102  
   103  	for k, v := range apiVersions {
   104  		if k != APIVersion1 && apiVersionStr == v {
   105  			return "", fmt.Errorf("unsupported V1 version path %s", apiVersionStr)
   106  		}
   107  	}
   108  
   109  	return address, nil
   110  }
   111  
   112  func newV1EndpointFromStr(address string, tlsConfig *tls.Config, userAgent string, metaHeaders http.Header) (*V1Endpoint, error) {
   113  	if !strings.HasPrefix(address, "http://") && !strings.HasPrefix(address, "https://") {
   114  		address = "https://" + address
   115  	}
   116  
   117  	address, err := trimV1Address(address)
   118  	if err != nil {
   119  		return nil, err
   120  	}
   121  
   122  	uri, err := url.Parse(address)
   123  	if err != nil {
   124  		return nil, err
   125  	}
   126  
   127  	endpoint := newV1Endpoint(*uri, tlsConfig, userAgent, metaHeaders)
   128  
   129  	return endpoint, nil
   130  }
   131  
   132  // Get the formatted URL for the root of this registry Endpoint
   133  func (e *V1Endpoint) String() string {
   134  	return e.URL.String() + "/v1/"
   135  }
   136  
   137  // Path returns a formatted string for the URL
   138  // of this endpoint with the given path appended.
   139  func (e *V1Endpoint) Path(path string) string {
   140  	return e.URL.String() + "/v1/" + path
   141  }
   142  
   143  // Ping returns a PingResult which indicates whether the registry is standalone or not.
   144  func (e *V1Endpoint) Ping() (PingResult, error) {
   145  	logrus.Debugf("attempting v1 ping for registry endpoint %s", e)
   146  
   147  	if e.String() == IndexServer {
   148  		// Skip the check, we know this one is valid
   149  		// (and we never want to fallback to http in case of error)
   150  		return PingResult{Standalone: false}, nil
   151  	}
   152  
   153  	req, err := http.NewRequest(http.MethodGet, e.Path("_ping"), nil)
   154  	if err != nil {
   155  		return PingResult{Standalone: false}, err
   156  	}
   157  
   158  	resp, err := e.client.Do(req)
   159  	if err != nil {
   160  		return PingResult{Standalone: false}, err
   161  	}
   162  
   163  	defer resp.Body.Close()
   164  
   165  	jsonString, err := ioutil.ReadAll(resp.Body)
   166  	if err != nil {
   167  		return PingResult{Standalone: false}, fmt.Errorf("error while reading the http response: %s", err)
   168  	}
   169  
   170  	// If the header is absent, we assume true for compatibility with earlier
   171  	// versions of the registry. default to true
   172  	info := PingResult{
   173  		Standalone: true,
   174  	}
   175  	if err := json.Unmarshal(jsonString, &info); err != nil {
   176  		logrus.Debugf("Error unmarshaling the _ping PingResult: %s", err)
   177  		// don't stop here. Just assume sane defaults
   178  	}
   179  	if hdr := resp.Header.Get("X-Docker-Registry-Version"); hdr != "" {
   180  		logrus.Debugf("Registry version header: '%s'", hdr)
   181  		info.Version = hdr
   182  	}
   183  	logrus.Debugf("PingResult.Version: %q", info.Version)
   184  
   185  	standalone := resp.Header.Get("X-Docker-Registry-Standalone")
   186  	logrus.Debugf("Registry standalone header: '%s'", standalone)
   187  	// Accepted values are "true" (case-insensitive) and "1".
   188  	if strings.EqualFold(standalone, "true") || standalone == "1" {
   189  		info.Standalone = true
   190  	} else if len(standalone) > 0 {
   191  		// there is a header set, and it is not "true" or "1", so assume fails
   192  		info.Standalone = false
   193  	}
   194  	logrus.Debugf("PingResult.Standalone: %t", info.Standalone)
   195  	return info, nil
   196  }