InTheForest/moby
1
0
Fork 0
mirror of https://github.com/moby/moby.git synced 2026-01-11 18:51:37 +00:00
Code Issues Packages Projects Releases Wiki Activity

daemon/config: Validate: add missing validation for registry mirrors

Browse Source 
Validation of registry mirrors was performed during daemon startup,
but after the config-file was validated. As a result, the `--validate`
option would incorrectly print that the configuration was valid, but
the daemon would fail to start;

    echo '{"registry-mirrors":["example.com"]}' > my-config.json
    dockerd --config-file ./my-config.json --validate
    configuration OK

    dockerd --config-file ./my-config.json
    # ...
    failed to start daemon: invalid mirror: no scheme specified for "example.com": must use either 'https://' or 'http://'

With this patch applied, validation is also performed as part of the
daemon config validation;

    echo '{"registry-mirrors":["example.com"]}' > my-config.json
    dockerd --config-file ./my-config.json --validate
    unable to configure the Docker daemon with file ./my-config.json: merged configuration validation from file and command line flags failed: invalid mirror: no scheme specified for "example.com": must use either 'https://' or 'http://'

    # fix the invalid config
    echo '{"registry-mirrors":["https://example.com"]}' > my-config.json
    dockerd --config-file ./my-config.json --validate
    configuration OK

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
(cherry picked from commit 1d8545d60c)
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
This commit is contained in:
Sebastiaan van Stijn
2025-06-19 13:57:10 +02:00
parent 97aa4e8550
commit 06ab9cd1ed
2 changed files with 18 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
daemon/config/config.go
View File

@@ -748,6 +748,12 @@ func Validate(config *Config) error {
}
}
for _, mirror := range config.ServiceOptions.Mirrors {
if _, err := registry.ValidateMirror(mirror); err != nil {
return err
}
}
if config.CorsHeaders != "" {
// TODO(thaJeztah): option is used to produce error when used; remove in next release
return errors.New(`DEPRECATED: The "api-cors-header" config parameter and the dockerd "--api-cors-header" option have been removed; use a reverse proxy if you need CORS headers`)

12
daemon/config/config_test.go
View File

@@ -14,6 +14,7 @@ import (
"github.com/docker/docker/api"
"github.com/docker/docker/libnetwork/ipamutils"
"github.com/docker/docker/opts"
"github.com/docker/docker/registry"
"github.com/google/go-cmp/cmp"
"github.com/google/go-cmp/cmp/cmpopts"
"github.com/spf13/pflag"
@@ -428,6 +429,17 @@ func TestValidateConfigurationErrors(t *testing.T) {
platform: "windows",
expectedErr: "invalid exec-opt (native.cgroupdriver=systemd): option 'native.cgroupdriver' is only supported on linux",
},
{
name: "invalid mirror",
config: &Config{
CommonConfig: CommonConfig{
ServiceOptions: registry.ServiceOptions{
Mirrors: []string{"ftp://example.com"},
},
},
},
expectedErr: `invalid mirror: unsupported scheme "ftp" in "ftp://example.com": must use either 'https://' or 'http://'`,
},
}
for _, tc := range testCases {
t.Run(tc.name, func(t *testing.T) {