-
Notifications
You must be signed in to change notification settings - Fork 62
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Move URLsMatch fns to separate package
- Loading branch information
1 parent
1cf5b97
commit 5d61736
Showing
3 changed files
with
93 additions
and
81 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,87 @@ | ||
// Copyright 2022 VMware, Inc. | ||
// SPDX-License-Identifier: Apache-2.0 | ||
|
||
package credentialprovider | ||
|
||
import ( | ||
"net" | ||
"net/url" | ||
"path/filepath" | ||
"strings" | ||
) | ||
|
||
// Extracted from https://github.com/kubernetes/kubernetes/blob/6b6558a4639b556f2723dea8df62bcaa7f9846ed/pkg/credentialprovider/keyring.go | ||
|
||
// URLsMatchStr is wrapper for URLsMatch, operating on strings instead of URLs. | ||
func URLsMatchStr(glob string, target string) (bool, error) { | ||
globURL, err := ParseSchemelessURL(glob) | ||
if err != nil { | ||
return false, err | ||
} | ||
targetURL, err := ParseSchemelessURL(target) | ||
if err != nil { | ||
return false, err | ||
} | ||
return URLsMatch(globURL, targetURL) | ||
} | ||
|
||
// URLsMatch checks whether the given target url matches the glob url, which may have | ||
// glob wild cards in the host name. | ||
// | ||
// Examples: | ||
// globURL=*.docker.io, targetURL=blah.docker.io => match | ||
// globURL=*.docker.io, targetURL=not.right.io => no match | ||
// | ||
// Note that we don't support wildcards in ports and paths yet. | ||
func URLsMatch(globURL *url.URL, targetURL *url.URL) (bool, error) { | ||
globURLParts, globPort := SplitURL(globURL) | ||
targetURLParts, targetPort := SplitURL(targetURL) | ||
if globPort != targetPort { | ||
// port doesn't match | ||
return false, nil | ||
} | ||
if len(globURLParts) != len(targetURLParts) { | ||
// host name does not have the same number of parts | ||
return false, nil | ||
} | ||
if !strings.HasPrefix(targetURL.Path, globURL.Path) { | ||
// the path of the credential must be a prefix | ||
return false, nil | ||
} | ||
for k, globURLPart := range globURLParts { | ||
targetURLPart := targetURLParts[k] | ||
matched, err := filepath.Match(globURLPart, targetURLPart) | ||
if err != nil { | ||
return false, err | ||
} | ||
if !matched { | ||
// glob mismatch for some part | ||
return false, nil | ||
} | ||
} | ||
// everything matches | ||
return true, nil | ||
} | ||
|
||
// ParseSchemelessURL parses a schemeless url and returns a url.URL | ||
// url.Parse require a scheme, but ours don't have schemes. Adding a | ||
// scheme to make url.Parse happy, then clear out the resulting scheme. | ||
func ParseSchemelessURL(schemelessURL string) (*url.URL, error) { | ||
parsed, err := url.Parse("https://" + schemelessURL) | ||
if err != nil { | ||
return nil, err | ||
} | ||
// clear out the resulting scheme | ||
parsed.Scheme = "" | ||
return parsed, nil | ||
} | ||
|
||
// SplitURL splits the host name into parts, as well as the port | ||
func SplitURL(url *url.URL) (parts []string, port string) { | ||
host, port, err := net.SplitHostPort(url.Host) | ||
if err != nil { | ||
// could not parse port | ||
host, port = url.Host, "" | ||
} | ||
return strings.Split(host, "."), port | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters