fix: preserve effective URL after HTTP redirects in registry client#461
Open
cx-shaked-karta wants to merge 1 commit into
Open
fix: preserve effective URL after HTTP redirects in registry client#461cx-shaked-karta wants to merge 1 commit into
cx-shaked-karta wants to merge 1 commit into
Conversation
Fixes anchore#458: Registry client now captures and uses the effective URL after following HTTP redirects instead of reconstructing URLs using the original reference.Named authority. This improves compatibility with registries accessed through tunnels, proxies, or load balancers. Changes: - Added effectiveURLTransport to capture effective URLs after redirects - Modified repoDigest construction to use effective registry host - Added tests to verify correct redirect handling - Ensures repo digest reflects actual registry endpoint used Signed-off-by: Checkmarx Automation <automation@checkmarx.com> Signed-off-by: cx-shaked-karta <cx-shaked-karta@users.noreply.github.com>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
Fixes #458 by modifying the registry client to preserve the effective URL after HTTP redirects. This ensures compatibility with registries accessed through tunnels, proxies, or load balancers.
Problem
The current implementation reconstructs URLs using the original
reference.Namedauthority instead of the effective URL fromresp.Request.URLafter redirects. This causes therepoDigestto reference the original URL rather than the actual endpoint used, creating issues in environments with:Solution
effectiveURLTransport: Custom HTTP transport that captures effective URLs after following redirectsrepoDigestconstruction: Uses effective registry host when redirects occurChanges
Core Implementation (
pkg/image/oci/registry_provider.go)effectiveURLTransportstruct with redirect capture capabilityregistryImageProviderto track URL changesrepoDigestconstruction to use effective registry hostTesting (
pkg/image/oci/registry_provider_test.go)TestEffectiveURLTransportfor unit testing URL captureTestRegistryProviderWithRedirectfor integration testingTesting
Following the CONTRIBUTING.md testing requirements:
make unitsuccessfullyCompliance
Backward Compatibility
This change is fully backward compatible:
Technical Details
The solution works by wrapping the HTTP transport to:
Related Issues
Closes #458