From 93b4bf937949195c82ee8eec9a5e2ed3e5a3aec4 Mon Sep 17 00:00:00 2001 From: Keith Zantow Date: Tue, 17 Aug 2021 12:52:51 -0400 Subject: [PATCH] Add option to enable http registry connections (#482) Signed-off-by: Keith Zantow --- README.md | 3 + go.mod | 2 +- go.sum | 6 +- internal/config/registry.go | 3 + internal/config/registry_test.go | 55 +++++++++++++++++++ .../snapshot/TestJSONPresenter.golden | 1 + test/cli/packages_cmd_test.go | 10 ++++ 7 files changed, 75 insertions(+), 5 deletions(-) diff --git a/README.md b/README.md index 351328d2b..624dd7887 100644 --- a/README.md +++ b/README.md @@ -204,6 +204,9 @@ registry: # skip TLS verification when communicating with the registry # SYFT_REGISTRY_INSECURE_SKIP_TLS_VERIFY env var insecure-skip-tls-verify: false + # use http instead of https when connecting to the registry + # SYFT_REGISTRY_INSECURE_USE_HTTP env var + insecure-use-http: false # credentials for specific registries auth: diff --git a/go.mod b/go.mod index 1f156f568..1d6f08a37 100644 --- a/go.mod +++ b/go.mod @@ -10,7 +10,7 @@ require ( github.com/anchore/go-rpmdb v0.0.0-20210602151223-1f0f707a2894 github.com/anchore/go-testutils v0.0.0-20200925183923-d5f45b0d3c04 github.com/anchore/go-version v1.2.2-0.20200701162849-18adb9c92b9b - github.com/anchore/stereoscope v0.0.0-20210524175238-3b7662f3a66f + github.com/anchore/stereoscope v0.0.0-20210817160504-0f4abc2a5a5a github.com/antihax/optional v1.0.0 github.com/bmatcuk/doublestar/v2 v2.0.4 github.com/docker/docker v17.12.0-ce-rc1.0.20200309214505-aa6a9891b09c+incompatible diff --git a/go.sum b/go.sum index c1e50da0a..4eac605d7 100644 --- a/go.sum +++ b/go.sum @@ -117,13 +117,12 @@ github.com/anchore/go-version v1.2.2-0.20200701162849-18adb9c92b9b h1:e1bmaoJfZV github.com/anchore/go-version v1.2.2-0.20200701162849-18adb9c92b9b/go.mod h1:Bkc+JYWjMCF8OyZ340IMSIi2Ebf3uwByOk6ho4wne1E= github.com/anchore/packageurl-go v0.1.0-fixed h1:2QJUTALDF7m2WHPOS1NyHguSX4ciG0xD3idaBQwHJS8= github.com/anchore/packageurl-go v0.1.0-fixed/go.mod h1:C/ApiuWpmbpni4DIOECf6WCjFUZV7O1Fx7VAzrZHgBw= -github.com/anchore/stereoscope v0.0.0-20210524175238-3b7662f3a66f h1:bFadyOLOkzME3BrZFZ5m8cf/b2hsn3aMSS9s+SKubRk= -github.com/anchore/stereoscope v0.0.0-20210524175238-3b7662f3a66f/go.mod h1:vhh1M99rfWx5ejMvz1lkQiFZUrC5wu32V12R4JXH+ZI= +github.com/anchore/stereoscope v0.0.0-20210817160504-0f4abc2a5a5a h1:RQb+Gft1MKxjDfJCnHP/f1mwfy0Jz50Kp9QGgSWKQiY= +github.com/anchore/stereoscope v0.0.0-20210817160504-0f4abc2a5a5a/go.mod h1:165DfE5jApgEkHTWwu7Bijeml9fofudrgcpuWaD9+tk= github.com/andreyvit/diff v0.0.0-20170406064948-c7f18ee00883/go.mod h1:rCTlJbsFo29Kk6CurOXKm700vrz8f0KW0JNfpkRJY/8= github.com/antihax/optional v1.0.0 h1:xK2lYat7ZLaVVcIuj82J8kIro4V6kDe0AUDFboUCwcg= github.com/antihax/optional v1.0.0/go.mod h1:uupD/76wgC+ih3iEmQUL+0Ugr19nfwCT1kdvxnR2qWY= github.com/apex/log v1.1.4/go.mod h1:AlpoD9aScyQfJDVHmLMEcx4oU6LqzkWp4Mg9GdAcEvQ= -github.com/apex/log v1.3.0 h1:1fyfbPvUwD10nMoh3hY6MXzvZShJQn9/ck7ATgAt5pA= github.com/apex/log v1.3.0/go.mod h1:jd8Vpsr46WAe3EZSQ/IUMs2qQD/GOycT5rPWCO1yGcs= github.com/apex/logs v0.0.4/go.mod h1:XzxuLZ5myVHDy9SAmYpamKKRNApGj54PfYLcFrXqDwo= github.com/aphistic/golf v0.0.0-20180712155816-02c07f170c5a/go.mod h1:3NqKYiepwy8kCu4PNA+aP7WUV72eXWJeP9/r3/K9aLE= @@ -722,7 +721,6 @@ github.com/tetafro/godot v0.3.7/go.mod h1:/7NLHhv08H1+8DNj0MElpAACw1ajsCuf3TKNQx github.com/tetafro/godot v0.4.2/go.mod h1:/7NLHhv08H1+8DNj0MElpAACw1ajsCuf3TKNQxA5S+0= github.com/timakin/bodyclose v0.0.0-20190930140734-f7f2e9bca95e/go.mod h1:Qimiffbc6q9tBWlVV6x0P9sat/ao1xEkREYPPj9hphk= github.com/timakin/bodyclose v0.0.0-20200424151742-cb6215831a94/go.mod h1:Qimiffbc6q9tBWlVV6x0P9sat/ao1xEkREYPPj9hphk= -github.com/tj/assert v0.0.0-20171129193455-018094318fb0 h1:Rw8kxzWo1mr6FSaYXjQELRe88y2KdfynXdnK72rdjtA= github.com/tj/assert v0.0.0-20171129193455-018094318fb0/go.mod h1:mZ9/Rh9oLWpLLDRpvE+3b7gP/C2YyLFYxNmcLnPTMe0= github.com/tj/go-elastic v0.0.0-20171221160941-36157cbbebc2/go.mod h1:WjeM0Oo1eNAjXGDx2yma7uG2XoyRZTq1uv3M/o7imD0= github.com/tj/go-kinesis v0.0.0-20171128231115-08b17f58cb1b/go.mod h1:/yhzCV0xPfx6jb1bBgRFjl5lytqVqZXEaeqWP8lTEao= diff --git a/internal/config/registry.go b/internal/config/registry.go index 5fad4f61e..0506d25fe 100644 --- a/internal/config/registry.go +++ b/internal/config/registry.go @@ -20,11 +20,13 @@ type RegistryCredentials struct { type registry struct { InsecureSkipTLSVerify bool `yaml:"insecure-skip-tls-verify" json:"insecure-skip-tls-verify" mapstructure:"insecure-skip-tls-verify"` + InsecureUseHTTP bool `yaml:"insecure-use-http" json:"insecure-use-http" mapstructure:"insecure-use-http"` Auth []RegistryCredentials `yaml:"auth" json:"auth" mapstructure:"auth"` } func (cfg registry) loadDefaultValues(v *viper.Viper) { v.SetDefault("registry.insecure-skip-tls-verify", false) + v.SetDefault("registry.insecure-use-http", false) v.SetDefault("registry.auth", []RegistryCredentials{}) } @@ -67,6 +69,7 @@ func (cfg *registry) ToOptions() *image.RegistryOptions { } return &image.RegistryOptions{ InsecureSkipTLSVerify: cfg.InsecureSkipTLSVerify, + InsecureUseHTTP: cfg.InsecureUseHTTP, Credentials: auth, } } diff --git a/internal/config/registry_test.go b/internal/config/registry_test.go index af4013ff2..816b2b8e5 100644 --- a/internal/config/registry_test.go +++ b/internal/config/registry_test.go @@ -2,6 +2,7 @@ package config import ( "fmt" + "github.com/anchore/stereoscope/pkg/image" "testing" "github.com/stretchr/testify/assert" @@ -54,3 +55,57 @@ func TestHasNonEmptyCredentials(t *testing.T) { }) } } + +func Test_registry_ToOptions(t *testing.T) { + tests := []struct { + name string + input registry + expected image.RegistryOptions + }{ + { + name: "no registry options", + input: registry{}, + expected: image.RegistryOptions{ + Credentials: []image.RegistryCredentials{}, + }, + }, + { + name: "set InsecureSkipTLSVerify", + input: registry{ + InsecureSkipTLSVerify: true, + }, + expected: image.RegistryOptions{ + InsecureSkipTLSVerify: true, + Credentials: []image.RegistryCredentials{}, + }, + }, + { + name: "set InsecureUseHTTP", + input: registry{ + InsecureUseHTTP: true, + }, + expected: image.RegistryOptions{ + InsecureUseHTTP: true, + Credentials: []image.RegistryCredentials{}, + }, + }, + { + name: "set all bool options", + input: registry{ + InsecureSkipTLSVerify: true, + InsecureUseHTTP: true, + }, + expected: image.RegistryOptions{ + InsecureSkipTLSVerify: true, + InsecureUseHTTP: true, + Credentials: []image.RegistryCredentials{}, + }, + }, + } + + for _, test := range tests { + t.Run(test.name, func(t *testing.T) { + assert.Equal(t, &test.expected, test.input.ToOptions()) + }) + } +} diff --git a/internal/presenter/poweruser/test-fixtures/snapshot/TestJSONPresenter.golden b/internal/presenter/poweruser/test-fixtures/snapshot/TestJSONPresenter.golden index 8fa206105..d3ebc0253 100644 --- a/internal/presenter/poweruser/test-fixtures/snapshot/TestJSONPresenter.golden +++ b/internal/presenter/poweruser/test-fixtures/snapshot/TestJSONPresenter.golden @@ -227,6 +227,7 @@ }, "registry": { "insecure-skip-tls-verify": false, + "insecure-use-http": false, "auth": null } } diff --git a/test/cli/packages_cmd_test.go b/test/cli/packages_cmd_test.go index f9a0ecf76..0b2141cc8 100644 --- a/test/cli/packages_cmd_test.go +++ b/test/cli/packages_cmd_test.go @@ -202,6 +202,16 @@ func TestRegistryAuth(t *testing.T) { assertInOutput(`no registry credentials configured, using the default keychain`), }, }, + { + name: "allows insecure http flag", + args: []string{"packages", "-vv", "registry:localhost:5000/something:latest"}, + env: map[string]string{ + "SYFT_REGISTRY_INSECURE_USE_HTTP": "true", + }, + assertions: []traitAssertion{ + assertInOutput("insecure-use-http: true"), + }, + }, } for _, test := range tests {