oras icon indicating copy to clipboard operation
oras copied to clipboard

Published 20 hours ago verified publisher icon oras-project

feat: retry plain http in secure mode

Open qweeah opened this issue 1 year ago • 5 comments

What this PR does / why we need it: This PR avoid requiring passing --plain-http when --insecure is specified

Which issue(s) this PR fixes (optional, in fixes #<issue number>(, fixes #<issue_number>, ...) format, will close the issue(s) when PR gets merged): Fixes #914

Please check the following list:

  • [ ] Does the affected code have corresponding tests, e.g. unit test, E2E test?
  • [ ] Does this change require a documentation update?
  • [x] Does this introduce breaking changes that would require an announcement or bumping the major version?
  • [ ] Do all new files have an appropriate license header?

qweeah avatar Apr 06 '23 08:04 qweeah

Codecov Report

Attention: 3 lines in your changes are missing coverage. Please review.

:exclamation: No coverage uploaded for pull request base (main@04f0c33). Click here to learn what that means.

:exclamation: Current head 367f9ab differs from pull request most recent head abe55c3. Consider uploading reports for the commit abe55c3 to get more accurate results

Files Patch % Lines
internal/net/insecure/insecure.go 88.00% 2 Missing and 1 partial :warning:
Additional details and impacted files 
@@           Coverage Diff           @@
##             main     #920   +/-   ##
=======================================
  Coverage        ?   81.09%           
=======================================
  Files           ?       54           
  Lines           ?     2804           
  Branches        ?        0           
=======================================
  Hits            ?     2274           
  Misses          ?      360           
  Partials        ?      170

:umbrella: View full report in Codecov by Sentry.
:loudspeaker: Have feedback on the report? Share it here.

codecov-commenter avatar Apr 06 '23 08:04 codecov-commenter

I'm confused by this because normally a --insecure option does not necessarily mean http

TerryHowe avatar Apr 08 '23 16:04 TerryHowe

I'm confused by this because normally a --insecure option does not necessarily mean http

Feeling the same. But it is a proven user experience in docker. Users can provide one less flag --plain-http with minor performance cost. Considering the flag --insecure is targeting non-prod usage, such cost is acceptable.

qweeah avatar Apr 08 '23 20:04 qweeah

+1 on reducing the number of flags in ORAS CLI. My understanding is that this is a fallback behavior and not that --insecure will make the transport default to http. Is that the case?

sajayantony avatar Apr 11 '23 17:04 sajayantony

+1 on reducing the number of flags in ORAS CLI. My understanding is that this is a fallback behavior and not that --insecure will make the transport default to http. Is that the case?

Yes, --insecure will not set plain http.

  • using --insecure=true --plain-http=false
    • First, try using HTTPS.
      • If HTTPS is available but the certificate is invalid, ignore the error about the certificate.
      • Else if HTTPS is not available, fall back to HTTP.

Removing --plain-http is breaking change and can be done in oras 2.0

qweeah avatar Apr 12 '23 01:04 qweeah

Should we kill this PR? Just because docker does something does not make it the correct approach in my book.

TerryHowe avatar Jul 05 '24 17:07 TerryHowe

Let's close it and keep tracking in #914

qweeah avatar Jul 23 '24 01:07 qweeah