From 2f466a9f884f28601c3b15e7f6e2c6aa683b8afd Mon Sep 17 00:00:00 2001 From: Sebastiaan van Stijn Date: Fri, 18 Mar 2022 13:30:13 +0100 Subject: registry: remove unused Service.TLSConfig() Signed-off-by: Sebastiaan van Stijn --- registry/service.go | 10 ---------- 1 file changed, 10 deletions(-) (limited to 'registry') diff --git a/registry/service.go b/registry/service.go index 0cda3a8806..eb9c5c0a29 100644 --- a/registry/service.go +++ b/registry/service.go @@ -29,7 +29,6 @@ type Service interface { ResolveRepository(name reference.Named) (*RepositoryInfo, error) Search(ctx context.Context, term string, limit int, authConfig *types.AuthConfig, userAgent string, headers map[string][]string) (*registry.SearchResults, error) ServiceConfig() *registry.ServiceConfig - TLSConfig(hostname string) (*tls.Config, error) LoadAllowNondistributableArtifacts([]string) error LoadMirrors([]string) error LoadInsecureRegistries([]string) error @@ -221,15 +220,6 @@ type APIEndpoint struct { TLSConfig *tls.Config } -// TLSConfig constructs a client TLS configuration based on server defaults -func (s *defaultService) TLSConfig(hostname string) (*tls.Config, error) { - s.mu.RLock() - secure := s.config.isSecureIndex(hostname) - s.mu.RUnlock() - - return newTLSConfig(hostname, secure) -} - // LookupPullEndpoints creates a list of v2 endpoints to try to pull from, in order of preference. // It gives preference to mirrors over the actual registry, and HTTPS over plain HTTP. func (s *defaultService) LookupPullEndpoints(hostname string) (endpoints []APIEndpoint, err error) { -- cgit v1.2.1 From 894773012427edd14502bbf166f10d70488117d6 Mon Sep 17 00:00:00 2001 From: Sebastiaan van Stijn Date: Fri, 18 Mar 2022 13:52:20 +0100 Subject: registry: un-export AuthTransport() It's only used internally for v1 search Signed-off-by: Sebastiaan van Stijn --- registry/registry_test.go | 2 +- registry/session.go | 6 +++--- 2 files changed, 4 insertions(+), 4 deletions(-) (limited to 'registry') diff --git a/registry/registry_test.go b/registry/registry_test.go index e0f29404e6..7c3a4e16c3 100644 --- a/registry/registry_test.go +++ b/registry/registry_test.go @@ -24,7 +24,7 @@ func spawnTestRegistrySession(t *testing.T) *session { } userAgent := "docker test client" var tr http.RoundTripper = debugTransport{newTransport(nil), t.Log} - tr = transport.NewTransport(AuthTransport(tr, authConfig, false), Headers(userAgent, nil)...) + tr = transport.NewTransport(newAuthTransport(tr, authConfig, false), Headers(userAgent, nil)...) client := httpClient(tr) if err := authorizeClient(client, authConfig, endpoint); err != nil { diff --git a/registry/session.go b/registry/session.go index bf222e43e8..f1204215b8 100644 --- a/registry/session.go +++ b/registry/session.go @@ -39,7 +39,7 @@ type authTransport struct { modReq map[*http.Request]*http.Request // original -> modified } -// AuthTransport handles the auth layer when communicating with a v1 registry (private or official) +// newAuthTransport handles the auth layer when communicating with a v1 registry (private or official) // // For private v1 registries, set alwaysSetBasicAuth to true. // @@ -52,7 +52,7 @@ type authTransport struct { // If the server sends a token without the client having requested it, it is ignored. // // This RoundTripper also has a CancelRequest method important for correct timeout handling. -func AuthTransport(base http.RoundTripper, authConfig *types.AuthConfig, alwaysSetBasicAuth bool) http.RoundTripper { +func newAuthTransport(base http.RoundTripper, authConfig *types.AuthConfig, alwaysSetBasicAuth bool) *authTransport { if base == nil { base = http.DefaultTransport } @@ -165,7 +165,7 @@ func authorizeClient(client *http.Client, authConfig *types.AuthConfig, endpoint // Annotate the transport unconditionally so that v2 can // properly fallback on v1 when an image is not found. - client.Transport = AuthTransport(client.Transport, authConfig, alwaysSetBasicAuth) + client.Transport = newAuthTransport(client.Transport, authConfig, alwaysSetBasicAuth) jar, err := cookiejar.New(nil) if err != nil { -- cgit v1.2.1 From 5e9829b75d4d57a49d1cbe17ccc6bf73b4a18fed Mon Sep 17 00:00:00 2001 From: Sebastiaan van Stijn Date: Fri, 18 Mar 2022 13:57:31 +0100 Subject: registry: remove unused fallbackError Nothing was emitting this error. Signed-off-by: Sebastiaan van Stijn --- registry/auth.go | 8 -------- registry/service.go | 25 +++++++++---------------- 2 files changed, 9 insertions(+), 24 deletions(-) (limited to 'registry') diff --git a/registry/auth.go b/registry/auth.go index 9a4c670213..38f41db221 100644 --- a/registry/auth.go +++ b/registry/auth.go @@ -63,14 +63,6 @@ func (scs staticCredentialStore) RefreshToken(*url.URL, string) string { func (scs staticCredentialStore) SetRefreshToken(*url.URL, string, string) { } -type fallbackError struct { - err error -} - -func (err fallbackError) Error() string { - return err.err.Error() -} - // loginV2 tries to login to the v2 registry server. The given registry // endpoint will be pinged to get authorization challenges. These challenges // will be used to authenticate against the registry to validate credentials. diff --git a/registry/service.go b/registry/service.go index eb9c5c0a29..403d81ee9b 100644 --- a/registry/service.go +++ b/registry/service.go @@ -175,23 +175,16 @@ func (s *defaultService) Search(ctx context.Context, term string, limit int, aut modifiers := Headers(userAgent, nil) v2Client, err := v2AuthHTTPClient(endpoint.URL, endpoint.client.Transport, modifiers, creds, scopes) if err != nil { - if fErr, ok := err.(fallbackError); ok { - logrus.WithError(fErr.err).Error("cannot use identity token for search, v2 auth not supported") - } else { - return nil, err - } - } else { - // Copy non transport http client features - v2Client.Timeout = endpoint.client.Timeout - v2Client.CheckRedirect = endpoint.client.CheckRedirect - v2Client.Jar = endpoint.client.Jar - - logrus.Debugf("using v2 client for search to %s", endpoint.URL) - client = v2Client + return nil, err } - } - - if client == nil { + // Copy non transport http client features + v2Client.Timeout = endpoint.client.Timeout + v2Client.CheckRedirect = endpoint.client.CheckRedirect + v2Client.Jar = endpoint.client.Jar + + logrus.Debugf("using v2 client for search to %s", endpoint.URL) + client = v2Client + } else { client = endpoint.client if err := authorizeClient(client, authConfig, endpoint); err != nil { return nil, err -- cgit v1.2.1