Merge "Support self-signed certificates docker registry"

This commit is contained in:
Zuul 2019-03-08 15:52:32 +00:00 committed by Gerrit Code Review
commit a51afe952d
3 changed files with 32 additions and 5 deletions

View File

@ -16,6 +16,8 @@ ARG PLUGIN=no
ARG PYTHON3=no
ARG EXTRA_BINDEP=""
ARG EXTRA_PYDEP=""
ARG REGISTRY_PROTOCOL="detect"
ARG REGISTRY_INSECURE="False"
ARG UID=42424
ARG GID=42424

View File

@ -100,6 +100,12 @@ For more advanced building you can use docker build arguments to define:
be considered next to the default bindep.txt.
* `EXTRA_PYDEP` Specify a pydep-* file to add in the container. It would
be considered next to the default pydep.txt.
* `REGISTRY_PROTOCOL` Set this to `https` if you are running your own
registry on https, `http` if you are running on http, or leave it as
`detect` if you want to re-use existing protocol detection.
* `REGISTRY_INSECURE` Set this to `True` if your image registry is
running on HTTPS with self-signed certificates to ignore SSL verification.
(defaults to False)
This makes it really easy to integrate LOCI images into your development or
CI/CD workflow, for example, if you wanted to build an image from [this

View File

@ -3,6 +3,8 @@
import json
import os
import re
import ssl
from distutils.util import strtobool
try:
import urllib2
@ -24,7 +26,10 @@ def get_token(protocol, registry, repo):
print(url)
try:
r = urllib2.Request(url=url)
resp = urllib2.urlopen(r)
if strtobool(os.environ.get('REGISTRY_INSECURE', "False")):
resp = urllib2.urlopen(r, context=ssl._create_unverified_context())
else:
resp = urllib2.urlopen(r)
resp_text = resp.read().decode('utf-8').strip()
return json.loads(resp_text)['token']
except urllib2.HTTPError as err:
@ -37,7 +42,10 @@ def get_sha(repo, tag, registry, protocol, token):
r = urllib2.Request(url=url)
if token:
r.add_header('Authorization', 'Bearer {}'.format(token))
resp = urllib2.urlopen(r)
if strtobool(os.environ.get('REGISTRY_INSECURE', "False")):
resp = urllib2.urlopen(r, context=ssl._create_unverified_context())
else:
resp = urllib2.urlopen(r)
resp_text = resp.read().decode('utf-8').strip()
return json.loads(resp_text)['fsLayers'][0]['blobSum']
@ -49,7 +57,10 @@ def get_blob(repo, tag, protocol, registry=DOCKER_REGISTRY, token=None):
r = urllib2.Request(url=url)
if token:
r.add_header('Authorization', 'Bearer {}'.format(token))
resp = urllib2.urlopen(r)
if strtobool(os.environ.get('REGISTRY_INSECURE', "False")):
resp = urllib2.urlopen(r, context=ssl._create_unverified_context())
else:
resp = urllib2.urlopen(r)
return resp.read()
def protocol_detection(registry, protocol='http'):
@ -73,7 +84,10 @@ def protocol_detection(registry, protocol='http'):
def get_wheels(url):
r = urllib2.Request(url=url)
resp = urllib2.urlopen(r)
if strtobool(os.environ.get('REGISTRY_INSECURE', "False")):
resp = urllib2.urlopen(r, context=ssl._create_unverified_context())
else:
resp = urllib2.urlopen(r)
return resp.read()
def parse_image(full_image):
@ -106,7 +120,12 @@ def main():
data = get_wheels(wheels)
else:
registry, image, tag = parse_image(wheels)
protocol = protocol_detection(registry)
if os.environ.get('REGISTRY_PROTOCOL') in ['http','https']:
protocol = os.environ.get('REGISTRY_PROTOCOL')
elif os.environ.get('REGISTRY_PROTOCOL') == 'detect':
protocol = protocol_detection(registry)
else:
raise ValueError("Unknown protocol given in argument")
kwargs = dict()
if registry:
kwargs.update({'registry': registry})