Skip to content

Commit

Permalink
fix issue 20407 (#20416)
Browse files Browse the repository at this point in the history
fixes #20407
It needs to specify the insecure option on parsing the reference

Signed-off-by: wang yan <wangyan@vmware.com>
  • Loading branch information
wy65701436 authored May 13, 2024
1 parent 068ae00 commit 65e266f
Show file tree
Hide file tree
Showing 4 changed files with 14 additions and 8 deletions.
2 changes: 2 additions & 0 deletions src/pkg/scan/rest/v1/models.go
Original file line number Diff line number Diff line change
Expand Up @@ -206,6 +206,8 @@ type Registry struct {
// An optional value of the HTTP Authorization header sent with each request to the Docker Registry for getting or exchanging token.
// For example, `Basic: Base64(username:password)`.
Authorization string `json:"authorization"`
// Insecure is an indicator of https or http.
Insecure bool `json:"insecure"`
}

// ScanRequest represents a structure that is sent to a Scanner Adapter to initiate artifact scanning.
Expand Down
13 changes: 7 additions & 6 deletions src/pkg/scan/sbom/sbom.go
Original file line number Diff line number Diff line change
Expand Up @@ -43,13 +43,13 @@ const (
)

func init() {
scan.RegisterScanHanlder(v1.ScanTypeSbom, &scanHandler{GenAccessoryFunc: scan.GenAccessoryArt, RegistryServer: registryFQDN})
scan.RegisterScanHanlder(v1.ScanTypeSbom, &scanHandler{GenAccessoryFunc: scan.GenAccessoryArt, RegistryServer: registry})
}

// ScanHandler defines the Handler to generate sbom
type scanHandler struct {
GenAccessoryFunc func(scanRep v1.ScanRequest, sbomContent []byte, labels map[string]string, mediaType string, robot *model.Robot) (string, error)
RegistryServer func(ctx context.Context) string
RegistryServer func(ctx context.Context) (string, bool)
}

// RequestProducesMineTypes defines the mine types produced by the scan handler
Expand Down Expand Up @@ -96,7 +96,7 @@ func (v *scanHandler) PostScan(ctx job.Context, sr *v1.ScanRequest, _ *scanModel
Artifact: sr.Artifact,
}
// the registry server url is core by default, need to replace it with real registry server url
scanReq.Registry.URL = v.RegistryServer(ctx.SystemContext())
scanReq.Registry.URL, scanReq.Registry.Insecure = v.RegistryServer(ctx.SystemContext())
if len(scanReq.Registry.URL) == 0 {
return "", fmt.Errorf("empty registry server")
}
Expand Down Expand Up @@ -139,15 +139,16 @@ func (v *scanHandler) generateReport(startTime time.Time, repository, digest, st
}

// extract server name from config, and remove the protocol prefix
func registryFQDN(ctx context.Context) string {
func registry(ctx context.Context) (string, bool) {
cfgMgr, ok := config.FromContext(ctx)
if ok {
extURL := cfgMgr.Get(context.Background(), common.ExtEndpoint).GetString()
insecure := strings.HasPrefix(extURL, "http://")
server := strings.TrimPrefix(extURL, "https://")
server = strings.TrimPrefix(server, "http://")
return server
return server, insecure
}
return ""
return "", false
}

// retrieveSBOMContent retrieves the "sbom" field from the raw report
Expand Down
4 changes: 2 additions & 2 deletions src/pkg/scan/sbom/sbom_test.go
Original file line number Diff line number Diff line change
Expand Up @@ -89,8 +89,8 @@ func Test_scanHandler_RequestProducesMineTypes(t *testing.T) {
}
}

func mockGetRegistry(ctx context.Context) string {
return "myharbor.example.com"
func mockGetRegistry(ctx context.Context) (string, bool) {
return "myharbor.example.com", false
}

func mockGenAccessory(scanRep v1.ScanRequest, sbomContent []byte, labels map[string]string, mediaType string, robot *model.Robot) (string, error) {
Expand Down
3 changes: 3 additions & 0 deletions src/pkg/scan/util.go
Original file line number Diff line number Diff line change
Expand Up @@ -86,6 +86,9 @@ func GenAccessoryArt(sq v1sq.ScanRequest, accData []byte, accAnnotations map[str
return "", err
}
accRef, err := name.ParseReference(fmt.Sprintf("%s/%s@%s", sq.Registry.URL, sq.Artifact.Repository, dgst.String()))
if sq.Registry.Insecure {
accRef, err = name.ParseReference(fmt.Sprintf("%s/%s@%s", sq.Registry.URL, sq.Artifact.Repository, dgst.String()), name.Insecure)
}
if err != nil {
return "", err
}
Expand Down

0 comments on commit 65e266f

Please sign in to comment.