From 6a67b553b478a8f2ad0b5bebbf79e1debdc839a4 Mon Sep 17 00:00:00 2001 From: Scott Rigby Date: Wed, 5 Nov 2025 13:05:50 -0500 Subject: [PATCH] Revert "pkg/registry: Login option for passing TLS config in memory" Signed-off-by: Scott Rigby --- pkg/registry/client.go | 22 ++++------------------ pkg/registry/client_tls_test.go | 26 -------------------------- 2 files changed, 4 insertions(+), 44 deletions(-) diff --git a/pkg/registry/client.go b/pkg/registry/client.go index f9a0511df..347e972e1 100644 --- a/pkg/registry/client.go +++ b/pkg/registry/client.go @@ -357,7 +357,7 @@ func LoginOptPlainText(isPlainText bool) LoginOption { } } -func ensureTLSConfig(client *auth.Client, setConfig *tls.Config) (*tls.Config, error) { +func ensureTLSConfig(client *auth.Client) (*tls.Config, error) { var transport *http.Transport switch t := client.Client.Transport.(type) { @@ -386,10 +386,7 @@ func ensureTLSConfig(client *auth.Client, setConfig *tls.Config) (*tls.Config, e return nil, fmt.Errorf("unable to access TLS client configuration, the provided HTTP Transport is not supported, given: %T", client.Client.Transport) } - switch { - case setConfig != nil: - transport.TLSClientConfig = setConfig - case transport.TLSClientConfig == nil: + if transport.TLSClientConfig == nil { transport.TLSClientConfig = &tls.Config{} } @@ -399,7 +396,7 @@ func ensureTLSConfig(client *auth.Client, setConfig *tls.Config) (*tls.Config, e // LoginOptInsecure returns a function that sets the insecure setting on login func LoginOptInsecure(insecure bool) LoginOption { return func(o *loginOperation) { - tlsConfig, err := ensureTLSConfig(o.client.authorizer, nil) + tlsConfig, err := ensureTLSConfig(o.client.authorizer) if err != nil { panic(err) @@ -415,7 +412,7 @@ func LoginOptTLSClientConfig(certFile, keyFile, caFile string) LoginOption { if (certFile == "" || keyFile == "") && caFile == "" { return } - tlsConfig, err := ensureTLSConfig(o.client.authorizer, nil) + tlsConfig, err := ensureTLSConfig(o.client.authorizer) if err != nil { panic(err) } @@ -442,17 +439,6 @@ func LoginOptTLSClientConfig(certFile, keyFile, caFile string) LoginOption { } } -// LoginOptTLSClientConfigFromConfig returns a function that sets the TLS settings on login -// receiving the configuration in memory rather than from files. -func LoginOptTLSClientConfigFromConfig(conf *tls.Config) LoginOption { - return func(o *loginOperation) { - _, err := ensureTLSConfig(o.client.authorizer, conf) - if err != nil { - panic(err) - } - } -} - type ( // LogoutOption allows specifying various settings on logout LogoutOption func(*logoutOperation) diff --git a/pkg/registry/client_tls_test.go b/pkg/registry/client_tls_test.go index 0897858b5..156ae4816 100644 --- a/pkg/registry/client_tls_test.go +++ b/pkg/registry/client_tls_test.go @@ -17,8 +17,6 @@ limitations under the License. package registry import ( - "crypto/tls" - "crypto/x509" "os" "testing" @@ -54,30 +52,6 @@ func (suite *TLSRegistryClientTestSuite) Test_0_Login() { suite.Nil(err, "no error logging into registry with good credentials") } -func (suite *TLSRegistryClientTestSuite) Test_1_Login() { - err := suite.RegistryClient.Login(suite.DockerRegistryHost, - LoginOptBasicAuth("badverybad", "ohsobad"), - LoginOptTLSClientConfigFromConfig(&tls.Config{})) - suite.NotNil(err, "error logging into registry with bad credentials") - - // Create a *tls.Config from tlsCert, tlsKey, and tlsCA. - cert, err := tls.LoadX509KeyPair(tlsCert, tlsKey) - suite.Nil(err, "error loading x509 key pair") - rootCAs := x509.NewCertPool() - caCert, err := os.ReadFile(tlsCA) - suite.Nil(err, "error reading CA certificate") - rootCAs.AppendCertsFromPEM(caCert) - conf := &tls.Config{ - Certificates: []tls.Certificate{cert}, - RootCAs: rootCAs, - } - - err = suite.RegistryClient.Login(suite.DockerRegistryHost, - LoginOptBasicAuth(testUsername, testPassword), - LoginOptTLSClientConfigFromConfig(conf)) - suite.Nil(err, "no error logging into registry with good credentials") -} - func (suite *TLSRegistryClientTestSuite) Test_1_Push() { testPush(&suite.TestSuite) }