registry/handles/app: always append default urls regexps

[runcom]

Even when validation is off, we don't want to allow manifests with foreign layers urls.

Signed-off-by: Antonio Murdaca [email protected]

[codecov-io]

Current coverage is 51.10% (diff: 100%)

Merging #2035 into master will decrease coverage by 8.72%

@@             master      #2035   diff @@
==========================================
  Files           128        128           
  Lines         11402      11404      +2   
  Methods           0          0           
  Messages          0          0           
  Branches          0          0           
==========================================
- Hits           6822       5828    -994   
- Misses         3714       4825   +1111   
+ Partials        866        751    -115   

Powered by Codecov. Last update 314144a...0fb25dd

[aaronlehmann]

Hi @runcom - I feel like I'm missing some context here. Why should foreign layer URLs be prohibited when validation is disabled? It seems a bit counter-intuitive.

[runcom]

Hi @runcom - I feel like I'm missing some context here. Why should foreign layer URLs be prohibited when validation is disabled? It seems a bit counter-intuitive.

I know, but we didn't want default installation to allow layers urls, did we?

[aaronlehmann]

I wonder why validation is not enabled by default.

[runcom]

I wonder why validation is not enabled by default.

I don't have any clue, great question.

[runcom]

I wonder why validation is not enabled by default.

does anyone have any idea on @aaronlehmann thought?

[dmcgowan]

So this change is effectively changing the default behavior from support ".*" in the URLs to support "$^", not sure if anyone would be effected by this. This would also mean if you want ".*" for some reason, you should have to configure it using validation.

I know, but we didn't want default installation to allow layers urls, did we?

I also don't know if this was an intentional decision, can ping @stevvooe as well. Either way let's make that decision now. I think I agree that it is better to be more restrictive by default with foreign URLs since it has the potential for malicious use.

[stevvooe]

Didn't realize we just plopped all this in the middle of a function. Sigh.

[runcom]

Can we refactor this later but at least agree on whether we should make this change or not....

[stevvooe]

@runcom I'm just lamenting. Let's not make big changes in this PR.

[stevvooe]

@dmcgowan @runcom The backwards compatibility policy would dictate that we continue to be relaxed about extra fields.

Let's introduce a Validation.Disabled field, which should be favored over Validation.Enabled and transition this to the default:

if !Validation.Enabled {
  Validation.Enabled = !Validation.Disabled
}

if Validation.Enabled {
 // default validation, with or without entries
} else {
  // no validation
}

There may be a way to simplify that...

[runcom]

@dmcgowan @aaronlehmann @stevvooe PTAL

[stevvooe]

Add a deprecated note here.

[runcom]

fixed

[stevvooe]

LGTM

May need more to let people know about the deprecation.

[dmcgowan]

LGTM

Could we add note in the ### Disabled doc section about it deprecating enabled?

[runcom]

@dmcgowan updated

[runcom]

is this ready to go?

[dmcgowan]

Note for 2.7 change list,
Existing configurations configuration which had set Enabled: false will need to be updated to do Disabled: true to keep the validation disabled. This needs to be put in the upgrade notes

[stanhu]

I just saw this issue after creating #2795.
This was confusing because our configuration had omitted enabled from the config, which I had erroneously assumed was on by default. We added disabled, and all was well again.