Image uploader: use HTTPS for "no verify" registries
Registries with an invalid SSL certificate are insecure, but still need to be accessed via HTTPS. This patch updates the URL builder to take this into consideration. Closes-Bug: #1858672 Change-Id: I71436313098f513c200ecc3f862a2b851fb1060a
This commit is contained in:
parent
95c68e6d9b
commit
dcf99e7167
|
@ -590,10 +590,11 @@ class BaseImageUploader(object):
|
|||
mirror = cls.mirrors[netloc]
|
||||
return '%sv2%s' % (mirror, path)
|
||||
else:
|
||||
if not cls.is_insecure_registry(registry_host=netloc):
|
||||
scheme = 'https'
|
||||
else:
|
||||
if (cls.is_insecure_registry(registry_host=netloc) and
|
||||
netloc not in cls.no_verify_registries):
|
||||
scheme = 'http'
|
||||
else:
|
||||
scheme = 'https'
|
||||
if netloc == 'docker.io':
|
||||
netloc = 'registry-1.docker.io'
|
||||
return '%s://%s/v2%s' % (scheme, netloc, path)
|
||||
|
|
|
@ -587,6 +587,7 @@ class TestBaseImageUploader(base.TestCase):
|
|||
build = image_uploader.BaseImageUploader._build_url
|
||||
insecure_reg = image_uploader.BaseImageUploader.insecure_registries
|
||||
secure_reg = image_uploader.BaseImageUploader.secure_registries
|
||||
no_verify_reg = image_uploader.BaseImageUploader.no_verify_registries
|
||||
mirrors = image_uploader.BaseImageUploader.mirrors
|
||||
# fix urls
|
||||
self.assertEqual(
|
||||
|
@ -605,6 +606,13 @@ class TestBaseImageUploader(base.TestCase):
|
|||
'https://192.0.2.1:8787/v2/t/nova-api/tags/list',
|
||||
build(url3, '/t/nova-api/tags/list')
|
||||
)
|
||||
# "no verify" registries are insecure but still use https
|
||||
secure_reg.remove('192.0.2.1:8787')
|
||||
no_verify_reg.add('192.0.2.1:8787')
|
||||
self.assertEqual(
|
||||
'https://192.0.2.1:8787/v2/t/nova-api/tags/list',
|
||||
build(url3, '/t/nova-api/tags/list')
|
||||
)
|
||||
|
||||
# test mirrors
|
||||
mirrors['docker.io'] = 'http://192.0.2.2:8081/registry-1.docker/'
|
||||
|
|
Loading…
Reference in New Issue