Merge "Image uploader: use HTTPS for "no verify" registries" into stable/train

This commit is contained in:
Zuul 2020-01-22 10:58:22 +00:00 committed by Gerrit Code Review
commit bf969fe66a
2 changed files with 12 additions and 3 deletions

View File

@ -568,10 +568,11 @@ class BaseImageUploader(object):
mirror = cls.mirrors[netloc]
return '%sv2%s' % (mirror, path)
else:
if not cls.is_insecure_registry(registry_host=netloc):
scheme = 'https'
else:
if (cls.is_insecure_registry(registry_host=netloc) and
netloc not in cls.no_verify_registries):
scheme = 'http'
else:
scheme = 'https'
if netloc == 'docker.io':
netloc = 'registry-1.docker.io'
return '%s://%s/v2%s' % (scheme, netloc, path)

View File

@ -625,6 +625,7 @@ class TestBaseImageUploader(base.TestCase):
build = image_uploader.BaseImageUploader._build_url
insecure_reg = image_uploader.BaseImageUploader.insecure_registries
secure_reg = image_uploader.BaseImageUploader.secure_registries
no_verify_reg = image_uploader.BaseImageUploader.no_verify_registries
mirrors = image_uploader.BaseImageUploader.mirrors
# fix urls
self.assertEqual(
@ -643,6 +644,13 @@ class TestBaseImageUploader(base.TestCase):
'https://192.0.2.1:8787/v2/t/nova-api/tags/list',
build(url3, '/t/nova-api/tags/list')
)
# "no verify" registries are insecure but still use https
secure_reg.remove('192.0.2.1:8787')
no_verify_reg.add('192.0.2.1:8787')
self.assertEqual(
'https://192.0.2.1:8787/v2/t/nova-api/tags/list',
build(url3, '/t/nova-api/tags/list')
)
# test mirrors
mirrors['docker.io'] = 'http://192.0.2.2:8081/registry-1.docker/'