Revert "pkg/registry: Login option for passing TLS config in memory"

Signed-off-by: Scott Rigby <scott@r6by.com>
2 months ago · 6a67b553b4
parent 65f528495d
commit 6a67b553b4
2 changed files with 4 additions and 44 deletions
--- a/pkg/registry/client.go
+++ b/pkg/registry/client.go
@ -357,7 +357,7 @@ func LoginOptPlainText(isPlainText bool) LoginOption {
 	}
 }

-func ensureTLSConfig(client *auth.Client, setConfig *tls.Config) (*tls.Config, error) {
+func ensureTLSConfig(client *auth.Client) (*tls.Config, error) {
 	var transport *http.Transport

 	switch t := client.Client.Transport.(type) {
@ -386,10 +386,7 @@ func ensureTLSConfig(client *auth.Client, setConfig *tls.Config) (*tls.Config, e
 		return nil, fmt.Errorf("unable to access TLS client configuration, the provided HTTP Transport is not supported, given: %T", client.Client.Transport)
 	}

-	switch {
-	case setConfig != nil:
-		transport.TLSClientConfig = setConfig
-	case transport.TLSClientConfig == nil:
+	if transport.TLSClientConfig == nil {
 		transport.TLSClientConfig = &tls.Config{}
 	}

@ -399,7 +396,7 @@ func ensureTLSConfig(client *auth.Client, setConfig *tls.Config) (*tls.Config, e
 // LoginOptInsecure returns a function that sets the insecure setting on login
 func LoginOptInsecure(insecure bool) LoginOption {
 	return func(o *loginOperation) {
-		tlsConfig, err := ensureTLSConfig(o.client.authorizer, nil)
+		tlsConfig, err := ensureTLSConfig(o.client.authorizer)

 		if err != nil {
 			panic(err)
@ -415,7 +412,7 @@ func LoginOptTLSClientConfig(certFile, keyFile, caFile string) LoginOption {
 		if (certFile == "" || keyFile == "") && caFile == "" {
 			return
 		}
-		tlsConfig, err := ensureTLSConfig(o.client.authorizer, nil)
+		tlsConfig, err := ensureTLSConfig(o.client.authorizer)
 		if err != nil {
 			panic(err)
 		}
@ -442,17 +439,6 @@ func LoginOptTLSClientConfig(certFile, keyFile, caFile string) LoginOption {
 	}
 }

-// LoginOptTLSClientConfigFromConfig returns a function that sets the TLS settings on login
-// receiving the configuration in memory rather than from files.
-func LoginOptTLSClientConfigFromConfig(conf *tls.Config) LoginOption {
-	return func(o *loginOperation) {
-		_, err := ensureTLSConfig(o.client.authorizer, conf)
-		if err != nil {
-			panic(err)
-		}
-	}
-}
-
 type (
 	// LogoutOption allows specifying various settings on logout
 	LogoutOption func(*logoutOperation)
--- a/pkg/registry/client_tls_test.go
+++ b/pkg/registry/client_tls_test.go
@ -17,8 +17,6 @@ limitations under the License.
 package registry

 import (
-	"crypto/tls"
-	"crypto/x509"
 	"os"
 	"testing"

@ -54,30 +52,6 @@ func (suite *TLSRegistryClientTestSuite) Test_0_Login() {
 	suite.Nil(err, "no error logging into registry with good credentials")
 }

-func (suite *TLSRegistryClientTestSuite) Test_1_Login() {
-	err := suite.RegistryClient.Login(suite.DockerRegistryHost,
-		LoginOptBasicAuth("badverybad", "ohsobad"),
-		LoginOptTLSClientConfigFromConfig(&tls.Config{}))
-	suite.NotNil(err, "error logging into registry with bad credentials")
-
-	// Create a *tls.Config from tlsCert, tlsKey, and tlsCA.
-	cert, err := tls.LoadX509KeyPair(tlsCert, tlsKey)
-	suite.Nil(err, "error loading x509 key pair")
-	rootCAs := x509.NewCertPool()
-	caCert, err := os.ReadFile(tlsCA)
-	suite.Nil(err, "error reading CA certificate")
-	rootCAs.AppendCertsFromPEM(caCert)
-	conf := &tls.Config{
-		Certificates: []tls.Certificate{cert},
-		RootCAs:      rootCAs,
-	}
-
-	err = suite.RegistryClient.Login(suite.DockerRegistryHost,
-		LoginOptBasicAuth(testUsername, testPassword),
-		LoginOptTLSClientConfigFromConfig(conf))
-	suite.Nil(err, "no error logging into registry with good credentials")
-}
-
 func (suite *TLSRegistryClientTestSuite) Test_1_Push() {
 	testPush(&suite.TestSuite)
 }