Fix subdomain matching FIXMEs in commit 373440662 #1366
Conversation
lsm5
force-pushed
the
wildcard-cert-fixes
branch
5 times, most recently
from
d66525d
to
b5b7ba0
Compare
lsm5
changed the title
|
ready for review (afaict) |
FIXMEs addressed: 1. containers#1191 (comment) 2. containers#1191 (comment) 3. containers#1191 (comment) 4. containers#1191 (comment) 5. containers#1191 (comment) Signed-off-by: Lokesh Mandvekar <[email protected]>
lsm5
force-pushed
the
wildcard-cert-fixes
branch
from
b5b7ba0
to
207f85d
Compare
|
Before I start looking at the changes: the commit message isn't really helpful since it merely points to 5 comments "somewhere". The reader has to put the puzzle pieces together of what the changes are intended to do but I really want the author to explain the changes in detail. Since there are 5 different comments, it may be worth splitting them into 5 different commits. |
| @@ -343,6 +343,21 @@ func (config *V1RegistriesConf) ConvertToV2() (*V2RegistriesConf, error) { | |||
| // anchoredDomainRegexp is an internal implementation detail of postProcess, defining the valid values of elements of UnqualifiedSearchRegistries. | |||
| var anchoredDomainRegexp = regexp.MustCompile("^" + reference.DomainRegexp.String() + "$") | |||
|
|
|||
| // WildcardedPrefixCheck is the only place to check if a prefix contains "*." | |||
| func WildcardedPrefixCheck(prefix string) bool { | |||
There was a problem hiding this comment.
Please make this private. We try to keep new public APIs at the bare minimum to prevent bumping the major version.
| return prefix[:2] == "*." | ||
| } | ||
|
|
||
| func EmptyLocationWildcardedPrefixCheck(location string, prefix string) int { |
There was a problem hiding this comment.
Same here. Please add a comment on the return value.
| // https://github.com/containers/image/pull/1191#discussion_r610622495 | ||
| if reg.Prefix[:2] != "*." && reg.Location == "" { | ||
| return &InvalidRegistries{s: "invalid condition: location is unset and prefix is not in the format: *.example.com"} | ||
| if reg.Location != "" { |
There was a problem hiding this comment.
This looks suspicious. Why are we allowing a config with an empty location?
If that's desired, we need tests for that case and probably some sanity checks and some massaging of the docs. For instance, unless it's blocked, it would require at least one mirror to make sense which in turn would bring up the question: why lift the requirement to specify a location,
There was a problem hiding this comment.
See all the “prefix is a wildcard” and “prefix is empty” conditions in https://github.com/openshift/runtime-utils/pull/11/files EditRegistriesConfig.
Right now, if the user wants to set properties (insecure/blocked/mirrors) on a registry without redirecting it, there are two different syntaxes: (prefix=*.domain, location="") or (prefix="", location="non-wildcard.domain/…"), with little reason to for the two to differ. It would conceptually be much simpler if we always required prefix to exist as a lookup key, and made location entirely optional for redirection only; we can’t do that any more due to compatibility, but at least allowing software that writes entries from scratch to always use prefix could simplify it.
sgtm, will do. |
| @@ -343,6 +343,21 @@ func (config *V1RegistriesConf) ConvertToV2() (*V2RegistriesConf, error) { | |||
| // anchoredDomainRegexp is an internal implementation detail of postProcess, defining the valid values of elements of UnqualifiedSearchRegistries. | |||
| var anchoredDomainRegexp = regexp.MustCompile("^" + reference.DomainRegexp.String() + "$") | |||
|
|
|||
| // WildcardedPrefixCheck is the only place to check if a prefix contains "*." | |||
| func WildcardedPrefixCheck(prefix string) bool { | |||
There was a problem hiding this comment.
Typically (not quite always), it’s more readable if function names are either commands (saveFile) or predicates (isPrime).
| return prefix[:2] == "*." | ||
| } | ||
|
|
||
| func EmptyLocationWildcardedPrefixCheck(location string, prefix string) int { |
There was a problem hiding this comment.
I don’t think a comment is enough — it should either be structured in some completely different way, or use an enum, not hard-coded 0/1/-1.
| if prefix[:2] != "*." { | ||
| return nil, fmt.Errorf("invalid prefix '%v' for empty location, should be in the format: *.example.com", prefix) | ||
| } | ||
| locationPrefixCheck := EmptyLocationWildcardedPrefixCheck(e.Location, prefix) |
There was a problem hiding this comment.
The FIXME was to drop the check for prefix starting with "*." in this location, (after ensuring postProcessRegistries enforces that constraint), not to keep exactly the same check and move it into a single-use function. That move, along with the undocumented 0/1/-1 values, just makes this harder to read with AFAICS no change to behavior.
| // and does not prevent correct operation. | ||
| // https://github.com/containers/image/pull/1191#discussion_r610122617 | ||
| // | ||
| // if trimmed == "" { |
There was a problem hiding this comment.
The request around #1191 (comment) was to reintroduce this check, and handle the cases that do allow "" into the callers . See more in there.
| // parsePrefix parses the input string, performs some sanity checks and returns | ||
| // the sanitized input string. An error is returned if the input string is | ||
| // empty or if contains an "http{s,}://" prefix. | ||
| func parsePrefix(input string) (string, error) { |
There was a problem hiding this comment.
How does this differ from parseLocation now? Only in the error message? IIRC location was supposed to reject wildcards, and the like…
| } | ||
|
|
||
| // make sure mirrors are valid | ||
| for _, mir := range reg.Mirrors { | ||
| if mir.Location == "" { |
There was a problem hiding this comment.
- I don’t see that the caller of
parseLocationshould need to specifically reject"" - Moving the check for
""beforeparseLocationchanges semantics;"/"was previously rejected, now it is allowed.
| mir.Location, err = parseLocation(mir.Location) | ||
| if err != nil { | ||
| return err | ||
| } | ||
|
|
||
| //FIXME: unqualifiedSearchRegistries now also accepts empty values |
There was a problem hiding this comment.
Has anything been done to fix that?
| // https://github.com/containers/image/pull/1191#discussion_r610623829 | ||
| for i := range res.partialV2.Registries { | ||
| prefix := res.partialV2.Registries[i].Prefix | ||
| if prefix[:2] == "*." && strings.ContainsAny(prefix, "/@:") { |
There was a problem hiding this comment.
What replaces the validation?
|
Thanks for all the comments @mtrmac @vrothberg . Closing this. I'll open a separate PR for each FIXME. Starting with: #1368 |
FIXMEs addressed:
Enable subdomain matching in registries.conf #1191 (comment)
Enable subdomain matching in registries.conf #1191 (comment)
Enable subdomain matching in registries.conf #1191 (comment)
Enable subdomain matching in registries.conf #1191 (comment)
Enable subdomain matching in registries.conf #1191 (comment)
Signed-off-by: Lokesh Mandvekar [email protected]
@vrothberg @mtrmac @ashcrow PTAL