Browse Source

Image uploader: use HTTPS for "no verify" registries

Registries with an invalid SSL certificate are insecure, but still
need to be accessed via HTTPS. This patch updates the URL builder
to take this into consideration.

Closes-Bug: #1858672
Change-Id: I71436313098f513c200ecc3f862a2b851fb1060a
(cherry picked from commit dcf99e7167)
(cherry picked from commit f6bcc3bcdb)
changes/47/703847/1
Alan Bishop Alex Schultz 1 month ago
parent
commit
cba9fa4e2a
2 changed files with 12 additions and 3 deletions
  1. +4
    -3
      tripleo_common/image/image_uploader.py
  2. +8
    -0
      tripleo_common/tests/image/test_image_uploader.py

+ 4
- 3
tripleo_common/image/image_uploader.py View File

@@ -558,10 +558,11 @@ class BaseImageUploader(object):
mirror = cls.mirrors[netloc]
return '%sv2%s' % (mirror, path)
else:
if not cls.is_insecure_registry(registry_host=netloc):
scheme = 'https'
else:
if (cls.is_insecure_registry(registry_host=netloc) and
netloc not in cls.no_verify_registries):
scheme = 'http'
else:
scheme = 'https'
if netloc == 'docker.io':
netloc = 'registry-1.docker.io'
return '%s://%s/v2%s' % (scheme, netloc, path)


+ 8
- 0
tripleo_common/tests/image/test_image_uploader.py View File

@@ -521,6 +521,7 @@ class TestBaseImageUploader(base.TestCase):
build = image_uploader.BaseImageUploader._build_url
insecure_reg = image_uploader.BaseImageUploader.insecure_registries
secure_reg = image_uploader.BaseImageUploader.secure_registries
no_verify_reg = image_uploader.BaseImageUploader.no_verify_registries
mirrors = image_uploader.BaseImageUploader.mirrors
# fix urls
self.assertEqual(
@@ -539,6 +540,13 @@ class TestBaseImageUploader(base.TestCase):
'https://192.0.2.1:8787/v2/t/nova-api/tags/list',
build(url3, '/t/nova-api/tags/list')
)
# "no verify" registries are insecure but still use https
secure_reg.remove('192.0.2.1:8787')
no_verify_reg.add('192.0.2.1:8787')
self.assertEqual(
'https://192.0.2.1:8787/v2/t/nova-api/tags/list',
build(url3, '/t/nova-api/tags/list')
)

# test mirrors
mirrors['docker.io'] = 'http://192.0.2.2:8081/registry-1.docker/'


Loading…
Cancel
Save