Skip to content
体验新版
项目
组织
正在加载...
登录
切换导航
打开侧边栏
openeuler
iSulad-img
提交
bad628d5
I
iSulad-img
项目概览
openeuler
/
iSulad-img
通知
1
Star
0
Fork
0
代码
文件
提交
分支
Tags
贡献者
分支图
Diff
Issue
0
列表
看板
标记
里程碑
合并请求
0
Wiki
0
Wiki
分析
仓库
DevOps
项目成员
Pages
I
iSulad-img
项目概览
项目概览
详情
发布
仓库
仓库
文件
提交
分支
标签
贡献者
分支图
比较
Issue
0
Issue
0
列表
看板
标记
里程碑
合并请求
0
合并请求
0
Pages
分析
分析
仓库分析
DevOps
Wiki
0
Wiki
成员
成员
收起侧边栏
关闭侧边栏
动态
分支图
创建新Issue
提交
Issue看板
体验新版 GitCode,发现更多精彩内容 >>
提交
bad628d5
编写于
12月 30, 2019
作者:
W
WangFengTu
浏览文件
操作
浏览文件
下载
电子邮件补丁
差异文件
iSulad-kit: Skip TLS Verify if insecure-skip-verify-enforce is true
Signed-off-by:
N
WangFengTu
<
wangfengtu@huawei.com
>
上级
511e6394
变更
1
隐藏空白更改
内联
并排
Showing
1 changed file
with
11 addition
and
21 deletion
+11
-21
cmd/isulad_kit/image.go
cmd/isulad_kit/image.go
+11
-21
未找到文件。
cmd/isulad_kit/image.go
浏览文件 @
bad628d5
...
...
@@ -47,10 +47,6 @@ var (
ErrParseImageID
=
errors
.
New
(
"cannot parse an image ID"
)
// ErrRegistriesConfigure no registries configured
ErrRegistriesConfigure
=
errors
.
New
(
`registries configured error`
)
forceSecureIgnore
=
0
forceSecureTLSVerify
=
1
forceSecureSkipTLSVerify
=
2
)
// HealthConfig means healtch check config in image
...
...
@@ -111,8 +107,8 @@ type imageService struct {
}
type
parsedImageNames
struct
{
name
string
forceSecure
int
name
string
secureSkipTLSVerify
bool
}
// sizer knows its size.
...
...
@@ -143,7 +139,7 @@ type ImageServer interface {
}
func
(
svc
*
imageService
)
InitImage
(
image
parsedImageNames
,
options
*
copy
.
Options
)
(
types
.
Image
,
error
)
{
srcRef
,
err
:=
svc
.
initReference
(
image
.
name
,
image
.
forceSecure
,
options
)
srcRef
,
err
:=
svc
.
initReference
(
image
.
name
,
image
.
secureSkipTLSVerify
,
options
)
if
err
!=
nil
{
return
nil
,
err
}
...
...
@@ -168,7 +164,7 @@ func (svc *imageService) PullImage(systemContext *types.SystemContext, image par
options
=
&
copy
.
Options
{}
}
srcRef
,
err
:=
svc
.
initReference
(
image
.
name
,
image
.
forceSecure
,
options
)
srcRef
,
err
:=
svc
.
initReference
(
image
.
name
,
image
.
secureSkipTLSVerify
,
options
)
if
err
!=
nil
{
return
nil
,
err
}
...
...
@@ -278,7 +274,7 @@ func (svc *imageService) UnrefImage(systemContext *types.SystemContext, imageNam
}
if
!
strings
.
HasPrefix
(
img
.
ID
,
imageName
)
{
namedRef
,
err
:=
svc
.
initReference
(
imageName
,
f
orceSecureIgnor
e
,
&
copy
.
Options
{})
namedRef
,
err
:=
svc
.
initReference
(
imageName
,
f
als
e
,
&
copy
.
Options
{})
if
err
!=
nil
{
return
err
}
...
...
@@ -329,7 +325,7 @@ func (svc *imageService) IsSecureIndex(indexName string) bool {
func
(
svc
*
imageService
)
ParseImageNames
(
imageName
string
)
([]
parsedImageNames
,
error
)
{
if
len
(
imageName
)
>=
minIDLength
&&
svc
.
store
!=
nil
{
if
img
,
err
:=
svc
.
store
.
Image
(
imageName
);
err
==
nil
&&
img
!=
nil
&&
strings
.
HasPrefix
(
img
.
ID
,
imageName
)
{
return
[]
parsedImageNames
{{
img
.
ID
,
f
orceSecureIgnor
e
}},
nil
return
[]
parsedImageNames
{{
img
.
ID
,
f
als
e
}},
nil
}
}
named
,
err
:=
reference
.
ParseNormalizedNamed
(
imageName
)
...
...
@@ -341,7 +337,7 @@ func (svc *imageService) ParseImageNames(imageName string) ([]parsedImageNames,
}
domain
,
_
:=
parseDockerDomain
(
imageName
)
if
domain
!=
""
{
return
[]
parsedImageNames
{{
imageName
,
f
orceSecureIgnor
e
}},
nil
return
[]
parsedImageNames
{{
imageName
,
f
als
e
}},
nil
}
if
len
(
svc
.
registries
)
==
0
{
return
nil
,
fmt
.
Errorf
(
"image %v has no domain and no registry-mirror found"
,
imageName
)
...
...
@@ -349,12 +345,8 @@ func (svc *imageService) ParseImageNames(imageName string) ([]parsedImageNames,
var
images
[]
parsedImageNames
for
_
,
r
:=
range
svc
.
registries
{
var
image
parsedImageNames
if
strings
.
HasPrefix
(
r
,
"https://"
)
{
image
.
forceSecure
=
forceSecureTLSVerify
}
else
if
strings
.
HasPrefix
(
r
,
"http://"
)
{
image
.
forceSecure
=
forceSecureSkipTLSVerify
}
else
{
image
.
forceSecure
=
forceSecureIgnore
if
strings
.
HasPrefix
(
r
,
"http://"
)
{
image
.
secureSkipTLSVerify
=
true
}
r
=
strings
.
TrimPrefix
(
strings
.
TrimPrefix
(
r
,
"https://"
),
"http://"
)
tagged
,
ok
:=
reference
.
TagNameOnly
(
named
)
.
(
reference
.
Tagged
)
...
...
@@ -575,7 +567,7 @@ func getImageDigest(ctx context.Context, image types.ImageSource, instanceDigest
}
// initReference init an image reference
func
(
svc
*
imageService
)
initReference
(
imageName
string
,
forceSecure
int
,
options
*
copy
.
Options
)
(
types
.
ImageReference
,
error
)
{
func
(
svc
*
imageService
)
initReference
(
imageName
string
,
secureSkipTLSVerify
bool
,
options
*
copy
.
Options
)
(
types
.
ImageReference
,
error
)
{
if
imageName
==
""
{
return
nil
,
storage
.
ErrNotAnImage
}
...
...
@@ -596,9 +588,7 @@ func (svc *imageService) initReference(imageName string, forceSecure int, option
options
.
SourceCtx
=
&
types
.
SystemContext
{}
}
if
forceSecure
==
forceSecureTLSVerify
{
options
.
SourceCtx
.
DockerInsecureSkipTLSVerify
=
types
.
NewOptionalBool
(
false
)
}
else
if
forceSecure
==
forceSecureSkipTLSVerify
{
if
secureSkipTLSVerify
{
options
.
SourceCtx
.
DockerInsecureSkipTLSVerify
=
types
.
NewOptionalBool
(
true
)
}
else
{
if
srcRef
.
DockerReference
()
!=
nil
{
...
...
编辑
预览
Markdown
is supported
0%
请重试
或
添加新附件
.
添加附件
取消
You are about to add
0
people
to the discussion. Proceed with caution.
先完成此消息的编辑!
取消
想要评论请
注册
或
登录