diff --git a/helpers/image/image.go b/helpers/image/image.go index 65fbed56..55e30705 100644 --- a/helpers/image/image.go +++ b/helpers/image/image.go @@ -15,10 +15,10 @@ package image import ( + "fmt" "net/url" "strings" - "fmt" "github.com/IBM/portieris/helpers/trustmap" "github.com/docker/distribution/reference" ) @@ -97,12 +97,13 @@ func (r Reference) GetPort() string { // HasIBMRepo returns true if the image has an IBM repository, otherwise false. func (r Reference) HasIBMRepo() bool { - prefix := "registry" - suffix := ".bluemix.net" - if !strings.HasPrefix(r.hostname, prefix) || !strings.HasSuffix(r.hostname, suffix) { - return false + if strings.HasPrefix(r.hostname, "registry") && strings.HasSuffix(r.hostname, ".bluemix.net") { + return true + } + if strings.HasSuffix(r.hostname, "icr.io") { + return true } - return true + return false } // GetRegistryURL returns the Registry URL. diff --git a/helpers/image/image_test.go b/helpers/image/image_test.go index d4151b61..6f646b0c 100644 --- a/helpers/image/image_test.go +++ b/helpers/image/image_test.go @@ -179,6 +179,57 @@ func TestReference(t *testing.T) { ContentTrustURL: "https://quay.io:443", }, }, + { + name: "parses an ICR image", + in: "us.icr.io/namespace/name", + expect: expectations{ + Hostname: "us.icr.io", + HasIBMRepo: true, + Port: "", + Tag: "latest", + Digest: "", + NameWithTag: "us.icr.io/namespace/name:latest", + NameWithoutTag: "us.icr.io/namespace/name", + String: "us.icr.io/namespace/name", + RegistryURL: "https://us.icr.io", + ContentTrustErr: false, + ContentTrustURL: "https://us.icr.io:4443", + }, + }, + { + name: "parses a staging ICR image", + in: "stg.icr.io/namespace/name", + expect: expectations{ + Hostname: "stg.icr.io", + HasIBMRepo: true, + Port: "", + Tag: "latest", + Digest: "", + NameWithTag: "stg.icr.io/namespace/name:latest", + NameWithoutTag: "stg.icr.io/namespace/name", + String: "stg.icr.io/namespace/name", + RegistryURL: "https://stg.icr.io", + ContentTrustErr: false, + ContentTrustURL: "https://stg.icr.io:4443", + }, + }, + { + name: "parses an ICR image with a port", + in: "de.icr.io:8080/namespace/name", + expect: expectations{ + Hostname: "de.icr.io", + HasIBMRepo: true, + Port: "8080", + Tag: "latest", + Digest: "", + NameWithTag: "de.icr.io:8080/namespace/name:latest", + NameWithoutTag: "de.icr.io:8080/namespace/name", + String: "de.icr.io:8080/namespace/name", + RegistryURL: "https://de.icr.io:8080", + ContentTrustErr: false, + ContentTrustURL: "https://de.icr.io:4443", + }, + }, } for _, tt := range tests { t.Run(tt.name, func(t *testing.T) { diff --git a/helpers/trustmap/trust_server_map.go b/helpers/trustmap/trust_server_map.go index 74d1cbb2..66694c75 100644 --- a/helpers/trustmap/trust_server_map.go +++ b/helpers/trustmap/trust_server_map.go @@ -34,9 +34,16 @@ func IBMRegional(registryHostname string, imageHostname string) string { return "https://" + strings.TrimSuffix(imageHostname, registryHostname) + trustSuffix } +// ICRRegional IBM Sponsored Trust server, depends on the regional part of the docker image hostname. +func ICRRegional(registryHostname string, imageHostname string) string { + trustSuffix := "icr.io:4443" + return "https://" + strings.TrimSuffix(imageHostname, registryHostname) + trustSuffix +} + // TrustServerMap Easy way to link known registries to their sponsored trust servers var TrustServerMap = map[string]TrustServerFn{ "docker.io": Identity("https://notary.docker.io"), "quay.io": Identity("https://quay.io:443"), "bluemix.net": IBMRegional, + "icr.io": ICRRegional, }