Disable legacy (v1) registries by default
Deprecation of interacting with v1 registries was started in docker 1.8.3, which added a `--disable-legacy-registry` flag. This option was anounced to be the default starting with docker 17.06, and v1 registries completely removed in docker 17.12. This patch updates the default, and disables interaction with v1 registres by default. Signed-off-by: Sebastiaan van Stijn <github@gone.nl> (cherry picked from commit 128280013f2ad90520c97b47a787be0db883e870) Signed-off-by: Andrew Hsu <andrewhsu@docker.com>
This commit is contained in:
Sebastiaan van Stijn
committed by
Andrew Hsu
Andrew Hsu
parent
6f00f5603d
commit
5e671f7b53
@ -13,6 +13,10 @@ import (
|
||||
)
|
||||
|
||||
func (s *DockerRegistryAuthHtpasswdSuite) TestLogoutWithExternalAuth(c *check.C) {
|
||||
|
||||
// @TODO TestLogoutWithExternalAuth expects docker to fall back to a v1 registry, so has to be updated for v17.12, when v1 registries are no longer supported
|
||||
s.d.StartWithBusybox(c, "--disable-legacy-registry=false")
|
||||
|
||||
osPath := os.Getenv("PATH")
|
||||
defer os.Setenv("PATH", osPath)
|
||||
|
||||
@ -28,6 +32,7 @@ func (s *DockerRegistryAuthHtpasswdSuite) TestLogoutWithExternalAuth(c *check.C)
|
||||
|
||||
tmp, err := ioutil.TempDir("", "integration-cli-")
|
||||
c.Assert(err, checker.IsNil)
|
||||
defer os.RemoveAll(tmp)
|
||||
|
||||
externalAuthConfig := `{ "credsStore": "shell-test" }`
|
||||
|
||||
@ -35,24 +40,27 @@ func (s *DockerRegistryAuthHtpasswdSuite) TestLogoutWithExternalAuth(c *check.C)
|
||||
err = ioutil.WriteFile(configPath, []byte(externalAuthConfig), 0644)
|
||||
c.Assert(err, checker.IsNil)
|
||||
|
||||
dockerCmd(c, "--config", tmp, "login", "-u", s.reg.Username(), "-p", s.reg.Password(), privateRegistryURL)
|
||||
_, err = s.d.Cmd("--config", tmp, "login", "-u", s.reg.Username(), "-p", s.reg.Password(), privateRegistryURL)
|
||||
c.Assert(err, checker.IsNil)
|
||||
|
||||
b, err := ioutil.ReadFile(configPath)
|
||||
c.Assert(err, checker.IsNil)
|
||||
c.Assert(string(b), checker.Not(checker.Contains), "\"auth\":")
|
||||
c.Assert(string(b), checker.Contains, privateRegistryURL)
|
||||
|
||||
dockerCmd(c, "--config", tmp, "tag", "busybox", repoName)
|
||||
dockerCmd(c, "--config", tmp, "push", repoName)
|
||||
|
||||
dockerCmd(c, "--config", tmp, "logout", privateRegistryURL)
|
||||
_, err = s.d.Cmd("--config", tmp, "tag", "busybox", repoName)
|
||||
c.Assert(err, checker.IsNil)
|
||||
_, err = s.d.Cmd("--config", tmp, "push", repoName)
|
||||
c.Assert(err, checker.IsNil)
|
||||
_, err = s.d.Cmd("--config", tmp, "logout", privateRegistryURL)
|
||||
c.Assert(err, checker.IsNil)
|
||||
|
||||
b, err = ioutil.ReadFile(configPath)
|
||||
c.Assert(err, checker.IsNil)
|
||||
c.Assert(string(b), checker.Not(checker.Contains), privateRegistryURL)
|
||||
|
||||
// check I cannot pull anymore
|
||||
out, _, err := dockerCmdWithError("--config", tmp, "pull", repoName)
|
||||
out, err := s.d.Cmd("--config", tmp, "pull", repoName)
|
||||
c.Assert(err, check.NotNil, check.Commentf(out))
|
||||
c.Assert(out, checker.Contains, "Error: image dockercli/busybox:authtest not found")
|
||||
}
|
||||
|
||||
@ -258,10 +258,13 @@ func (s *DockerHubPullSuite) TestPullClientDisconnect(c *check.C) {
|
||||
}
|
||||
|
||||
func (s *DockerRegistryAuthHtpasswdSuite) TestPullNoCredentialsNotFound(c *check.C) {
|
||||
// @TODO TestPullNoCredentialsNotFound expects docker to fall back to a v1 registry, so has to be updated for v17.12, when v1 registries are no longer supported
|
||||
s.d.StartWithBusybox(c, "--disable-legacy-registry=false")
|
||||
|
||||
// we don't care about the actual image, we just want to see image not found
|
||||
// because that means v2 call returned 401 and we fell back to v1 which usually
|
||||
// gives a 404 (in this case the test registry doesn't handle v1 at all)
|
||||
out, _, err := dockerCmdWithError("pull", privateRegistryURL+"/busybox")
|
||||
out, err := s.d.Cmd("pull", privateRegistryURL+"/busybox")
|
||||
c.Assert(err, check.NotNil, check.Commentf(out))
|
||||
c.Assert(out, checker.Contains, "Error: image busybox:latest not found")
|
||||
}
|
||||
|
||||
@ -98,8 +98,7 @@ func (s *DockerRegistrySuite) TestUserAgentPassThrough(c *check.C) {
|
||||
"--insecure-registry", buildReg.URL(),
|
||||
"--insecure-registry", pullReg.URL(),
|
||||
"--insecure-registry", pushReg.URL(),
|
||||
"--insecure-registry", loginReg.URL(),
|
||||
"--disable-legacy-registry=true")
|
||||
"--insecure-registry", loginReg.URL())
|
||||
|
||||
dockerfileName, cleanup1, err := makefile(fmt.Sprintf("FROM %s", buildRepoName))
|
||||
c.Assert(err, check.IsNil, check.Commentf("Unable to create test dockerfile"))
|
||||
|
||||
@ -34,7 +34,7 @@ func makefile(contents string) (string, func(), error) {
|
||||
|
||||
}
|
||||
|
||||
// TestV2Only ensures that a daemon in v2-only mode does not
|
||||
// TestV2Only ensures that a daemon by default does not
|
||||
// attempt to contact any v1 registry endpoints.
|
||||
func (s *DockerRegistrySuite) TestV2Only(c *check.C) {
|
||||
reg, err := registry.NewMock(c)
|
||||
@ -51,7 +51,7 @@ func (s *DockerRegistrySuite) TestV2Only(c *check.C) {
|
||||
|
||||
repoName := fmt.Sprintf("%s/busybox", reg.URL())
|
||||
|
||||
s.d.Start(c, "--insecure-registry", reg.URL(), "--disable-legacy-registry=true")
|
||||
s.d.Start(c, "--insecure-registry", reg.URL())
|
||||
|
||||
dockerfileName, cleanup, err := makefile(fmt.Sprintf("FROM %s/busybox", reg.URL()))
|
||||
c.Assert(err, check.IsNil, check.Commentf("Unable to create test dockerfile"))
|
||||
@ -66,7 +66,7 @@ func (s *DockerRegistrySuite) TestV2Only(c *check.C) {
|
||||
s.d.Cmd("pull", repoName)
|
||||
}
|
||||
|
||||
// TestV1 starts a daemon in 'normal' mode
|
||||
// TestV1 starts a daemon with legacy registries enabled
|
||||
// and ensure v1 endpoints are hit for the following operations:
|
||||
// login, push, pull, build & run
|
||||
func (s *DockerRegistrySuite) TestV1(c *check.C) {
|
||||
|
||||
Reference in New Issue
Block a user