Move prefix validation to postProcessRegistries

Fixes: #1191 (comment) Signed-off-by: Lokesh Mandvekar <lsm5@fedoraproject.org>
containers · Sep 1, 2021 · 81627a4 · 81627a4
1 parent 4c1ec49
commit 81627a4
Show file tree

Hide file tree

Showing 2 changed files with 29 additions and 12 deletions.
diff --git a/pkg/sysregistriesv2/system_registries_v2.go b/pkg/sysregistriesv2/system_registries_v2.go
@@ -359,6 +359,10 @@ func (config *V2RegistriesConf) postProcessRegistries() error {
 
 		// Allow config authors to always use Prefix.
 		if reg.Prefix != "" {
+			if isWildcardedPrefix(reg.Prefix) && strings.ContainsAny(reg.Prefix, "/@:") {
+				msg := fmt.Sprintf("Wildcarded prefix should be in the format: *.example.com. Current prefix %q is incorrectly formatted", reg.Prefix)
+				return &InvalidRegistries{s: msg}
+			}
 			reg.Prefix, err = parseLocation(reg.Prefix)
 			if err != nil {
 				return err
@@ -773,6 +777,11 @@ func CredentialHelpers(sys *types.SystemContext) ([]string, error) {
 	return config.partialV2.CredentialHelpers, nil
 }
 
+// isWildcardedPrefix only checks if the first two characters match "*.".
+func isWildcardedPrefix(prefix string) bool {
+	return prefix[:2] == "*."
+}
+
 // refMatchingSubdomainPrefix returns the length of ref
 // iff ref, which is a registry, repository namespace, repository or image reference (as formatted by
 // reference.Domain(), reference.Named.Name() or reference.Reference.String()
@@ -809,7 +818,7 @@ func refMatchingSubdomainPrefix(ref, prefix string) int {
 // (This is split from the caller primarily to make testing easier.)
 func refMatchingPrefix(ref, prefix string) int {
 	switch {
-	case prefix[0:2] == "*.":
+	case isWildcardedPrefix(prefix):
 		return refMatchingSubdomainPrefix(ref, prefix)
 	case len(ref) < len(prefix):
 		return -1
@@ -924,17 +933,6 @@ func loadConfigFile(path string, forceV2 bool) (*parsedConfig, error) {
 		res.shortNameMode = types.ShortNameModeInvalid
 	}
 
-	// Valid wildcarded prefixes must be in the format: *.example.com
-	// FIXME: Move to postProcessRegistries
-	// https://github.com/containers/image/pull/1191#discussion_r610623829
-	for i := range res.partialV2.Registries {
-		prefix := res.partialV2.Registries[i].Prefix
-		if prefix[:2] == "*." && strings.ContainsAny(prefix, "/@:") {
-			msg := fmt.Sprintf("Wildcarded prefix should be in the format: *.example.com. Current prefix %q is incorrectly formatted", prefix)
-			return nil, &InvalidRegistries{s: msg}
-		}
-	}
-
 	// Parse and validate short-name aliases.
 	cache, err := newShortNameAliasCache(path, &res.partialV2.shortNameAliasConf)
 	if err != nil {

diff --git a/pkg/sysregistriesv2/system_registries_v2_test.go b/pkg/sysregistriesv2/system_registries_v2_test.go
@@ -134,6 +134,25 @@ func TestMirrors(t *testing.T) {
 	assert.True(t, reg.Mirrors[1].Insecure)
 }
 
+func TestWildcardedPrefix(t *testing.T) {
+	for _, c := range []struct {
+		prefix   string
+		expected bool
+	}{
+		// Only check if the first two characters are "*."
+		{"*.io", true},
+		{"*.com/foo@bar", true},
+		{"foo.com/bar", false},
+		{"*foo.com/bar", false},
+		{"foo*.com/bar", false},
+		{".foo*.com/bar", false},
+		{"*.foo*.com/bar", true},
+	} {
+		isValid := isWildcardedPrefix(c.prefix)
+		assert.Equal(t, c.expected, isValid)
+	}
+}
+
 func TestRefMatchingSubdomainPrefix(t *testing.T) {
 	for _, c := range []struct {
 		ref, prefix string