Revert "pkg/registry: Login option for passing TLS config in memory"

scottrigby · scottrigby · commit 6a67b553b478 · 2025-11-05T13:25:07.000-05:00
Signed-off-by: Scott Rigby &lt;scott@r6by.com&gt;
diff --git a/pkg/registry/client.go b/pkg/registry/client.go
@@ -357,7 +357,7 @@ func LoginOptPlainText(isPlainText bool) LoginOption {
 	}
 }
 
-func ensureTLSConfig(client *auth.Client, setConfig *tls.Config) (*tls.Config, error) {
+func ensureTLSConfig(client *auth.Client) (*tls.Config, error) {
 	var transport *http.Transport
 
 	switch t := client.Client.Transport.(type) {
@@ -386,10 +386,7 @@ func ensureTLSConfig(client *auth.Client, setConfig *tls.Config) (*tls.Config, e
 		return nil, fmt.Errorf("unable to access TLS client configuration, the provided HTTP Transport is not supported, given: %T", client.Client.Transport)
 	}
 
-	switch {
-	case setConfig != nil:
-		transport.TLSClientConfig = setConfig
-	case transport.TLSClientConfig == nil:
+	if transport.TLSClientConfig == nil {
 		transport.TLSClientConfig = &tls.Config{}
 	}
 
@@ -399,7 +396,7 @@ func ensureTLSConfig(client *auth.Client, setConfig *tls.Config) (*tls.Config, e
 // LoginOptInsecure returns a function that sets the insecure setting on login
 func LoginOptInsecure(insecure bool) LoginOption {
 	return func(o *loginOperation) {
-		tlsConfig, err := ensureTLSConfig(o.client.authorizer, nil)
+		tlsConfig, err := ensureTLSConfig(o.client.authorizer)
 
 		if err != nil {
 			panic(err)
@@ -415,7 +412,7 @@ func LoginOptTLSClientConfig(certFile, keyFile, caFile string) LoginOption {
 		if (certFile == "" || keyFile == "") && caFile == "" {
 			return
 		}
-		tlsConfig, err := ensureTLSConfig(o.client.authorizer, nil)
+		tlsConfig, err := ensureTLSConfig(o.client.authorizer)
 		if err != nil {
 			panic(err)
 		}
@@ -442,17 +439,6 @@ func LoginOptTLSClientConfig(certFile, keyFile, caFile string) LoginOption {
 	}
 }
 
-// LoginOptTLSClientConfigFromConfig returns a function that sets the TLS settings on login
-// receiving the configuration in memory rather than from files.
-func LoginOptTLSClientConfigFromConfig(conf *tls.Config) LoginOption {
-	return func(o *loginOperation) {
-		_, err := ensureTLSConfig(o.client.authorizer, conf)
-		if err != nil {
-			panic(err)
-		}
-	}
-}
-
 type (
 	// LogoutOption allows specifying various settings on logout
 	LogoutOption func(*logoutOperation)
diff --git a/pkg/registry/client_tls_test.go b/pkg/registry/client_tls_test.go
@@ -17,8 +17,6 @@ limitations under the License.
 package registry
 
 import (
-	"crypto/tls"
-	"crypto/x509"
 	"os"
 	"testing"
 
@@ -54,30 +52,6 @@ func (suite *TLSRegistryClientTestSuite) Test_0_Login() {
 	suite.Nil(err, "no error logging into registry with good credentials")
 }
 
-func (suite *TLSRegistryClientTestSuite) Test_1_Login() {
-	err := suite.RegistryClient.Login(suite.DockerRegistryHost,
-		LoginOptBasicAuth("badverybad", "ohsobad"),
-		LoginOptTLSClientConfigFromConfig(&tls.Config{}))
-	suite.NotNil(err, "error logging into registry with bad credentials")
-
-	// Create a *tls.Config from tlsCert, tlsKey, and tlsCA.
-	cert, err := tls.LoadX509KeyPair(tlsCert, tlsKey)
-	suite.Nil(err, "error loading x509 key pair")
-	rootCAs := x509.NewCertPool()
-	caCert, err := os.ReadFile(tlsCA)
-	suite.Nil(err, "error reading CA certificate")
-	rootCAs.AppendCertsFromPEM(caCert)
-	conf := &tls.Config{
-		Certificates: []tls.Certificate{cert},
-		RootCAs:      rootCAs,
-	}
-
-	err = suite.RegistryClient.Login(suite.DockerRegistryHost,
-		LoginOptBasicAuth(testUsername, testPassword),
-		LoginOptTLSClientConfigFromConfig(conf))
-	suite.Nil(err, "no error logging into registry with good credentials")
-}
-
 func (suite *TLSRegistryClientTestSuite) Test_1_Push() {
 	testPush(&suite.TestSuite)
 }
