Browse Source

Merge "Support self-signed certificates docker registry"

Zuul 1 month ago
parent
commit
a51afe952d
3 changed files with 32 additions and 5 deletions
  1. 2
    0
      Dockerfile
  2. 6
    0
      README.md
  3. 24
    5
      scripts/fetch_wheels.py

+ 2
- 0
Dockerfile View File

@@ -16,6 +16,8 @@ ARG PLUGIN=no
16 16
 ARG PYTHON3=no
17 17
 ARG EXTRA_BINDEP=""
18 18
 ARG EXTRA_PYDEP=""
19
+ARG REGISTRY_PROTOCOL="detect"
20
+ARG REGISTRY_INSECURE="False"
19 21
 
20 22
 ARG UID=42424
21 23
 ARG GID=42424

+ 6
- 0
README.md View File

@@ -100,6 +100,12 @@ For more advanced building you can use docker build arguments to define:
100 100
      be considered next to the default bindep.txt.
101 101
   * `EXTRA_PYDEP` Specify a pydep-* file to add in the container. It would
102 102
      be considered next to the default pydep.txt.
103
+  * `REGISTRY_PROTOCOL` Set this to `https` if you are running your own
104
+    registry on https, `http` if you are running on http, or leave it as
105
+    `detect` if you want to re-use existing protocol detection.
106
+  * `REGISTRY_INSECURE` Set this to `True` if your image registry is
107
+    running on HTTPS with self-signed certificates to ignore SSL verification.
108
+    (defaults to False)
103 109
 
104 110
 This makes it really easy to integrate LOCI images into your development or
105 111
 CI/CD workflow, for example, if you wanted to build an image from [this

+ 24
- 5
scripts/fetch_wheels.py View File

@@ -3,6 +3,8 @@
3 3
 import json
4 4
 import os
5 5
 import re
6
+import ssl
7
+from distutils.util import strtobool
6 8
 
7 9
 try:
8 10
     import urllib2
@@ -24,7 +26,10 @@ def get_token(protocol, registry, repo):
24 26
     print(url)
25 27
     try:
26 28
         r = urllib2.Request(url=url)
27
-        resp = urllib2.urlopen(r)
29
+        if strtobool(os.environ.get('REGISTRY_INSECURE', "False")):
30
+            resp = urllib2.urlopen(r, context=ssl._create_unverified_context())
31
+        else:
32
+            resp = urllib2.urlopen(r)
28 33
         resp_text = resp.read().decode('utf-8').strip()
29 34
         return json.loads(resp_text)['token']
30 35
     except urllib2.HTTPError as err:
@@ -37,7 +42,10 @@ def get_sha(repo, tag, registry, protocol, token):
37 42
     r = urllib2.Request(url=url)
38 43
     if token:
39 44
         r.add_header('Authorization', 'Bearer {}'.format(token))
40
-    resp = urllib2.urlopen(r)
45
+    if strtobool(os.environ.get('REGISTRY_INSECURE', "False")):
46
+        resp = urllib2.urlopen(r, context=ssl._create_unverified_context())
47
+    else:
48
+        resp = urllib2.urlopen(r)
41 49
     resp_text = resp.read().decode('utf-8').strip()
42 50
     return json.loads(resp_text)['fsLayers'][0]['blobSum']
43 51
 
@@ -49,7 +57,10 @@ def get_blob(repo, tag, protocol, registry=DOCKER_REGISTRY, token=None):
49 57
     r = urllib2.Request(url=url)
50 58
     if token:
51 59
         r.add_header('Authorization', 'Bearer {}'.format(token))
52
-    resp = urllib2.urlopen(r)
60
+    if strtobool(os.environ.get('REGISTRY_INSECURE', "False")):
61
+        resp = urllib2.urlopen(r, context=ssl._create_unverified_context())
62
+    else:
63
+        resp = urllib2.urlopen(r)
53 64
     return resp.read()
54 65
 
55 66
 def protocol_detection(registry, protocol='http'):
@@ -73,7 +84,10 @@ def protocol_detection(registry, protocol='http'):
73 84
 
74 85
 def get_wheels(url):
75 86
     r = urllib2.Request(url=url)
76
-    resp = urllib2.urlopen(r)
87
+    if strtobool(os.environ.get('REGISTRY_INSECURE', "False")):
88
+        resp = urllib2.urlopen(r, context=ssl._create_unverified_context())
89
+    else:
90
+        resp = urllib2.urlopen(r)
77 91
     return resp.read()
78 92
 
79 93
 def parse_image(full_image):
@@ -106,7 +120,12 @@ def main():
106 120
         data = get_wheels(wheels)
107 121
     else:
108 122
         registry, image, tag = parse_image(wheels)
109
-        protocol = protocol_detection(registry)
123
+        if os.environ.get('REGISTRY_PROTOCOL') in ['http','https']:
124
+            protocol = os.environ.get('REGISTRY_PROTOCOL')
125
+        elif os.environ.get('REGISTRY_PROTOCOL') == 'detect':
126
+            protocol = protocol_detection(registry)
127
+        else:
128
+            raise ValueError("Unknown protocol given in argument")
110 129
         kwargs = dict()
111 130
         if registry:
112 131
             kwargs.update({'registry': registry})

Loading…
Cancel
Save