Image uploader: use HTTPS for "no verify" registries
Registries with an invalid SSL certificate are insecure, but still need to be accessed via HTTPS. This patch updates the URL builder to take this into consideration. Closes-Bug: #1858672 Change-Id: I71436313098f513c200ecc3f862a2b851fb1060a (cherry picked from commitdcf99e7167
) (cherry picked from commitf6bcc3bcdb
)
This commit is contained in:
parent
a71a78cf01
commit
cba9fa4e2a
|
@ -558,10 +558,11 @@ class BaseImageUploader(object):
|
|||
mirror = cls.mirrors[netloc]
|
||||
return '%sv2%s' % (mirror, path)
|
||||
else:
|
||||
if not cls.is_insecure_registry(registry_host=netloc):
|
||||
scheme = 'https'
|
||||
else:
|
||||
if (cls.is_insecure_registry(registry_host=netloc) and
|
||||
netloc not in cls.no_verify_registries):
|
||||
scheme = 'http'
|
||||
else:
|
||||
scheme = 'https'
|
||||
if netloc == 'docker.io':
|
||||
netloc = 'registry-1.docker.io'
|
||||
return '%s://%s/v2%s' % (scheme, netloc, path)
|
||||
|
|
|
@ -521,6 +521,7 @@ class TestBaseImageUploader(base.TestCase):
|
|||
build = image_uploader.BaseImageUploader._build_url
|
||||
insecure_reg = image_uploader.BaseImageUploader.insecure_registries
|
||||
secure_reg = image_uploader.BaseImageUploader.secure_registries
|
||||
no_verify_reg = image_uploader.BaseImageUploader.no_verify_registries
|
||||
mirrors = image_uploader.BaseImageUploader.mirrors
|
||||
# fix urls
|
||||
self.assertEqual(
|
||||
|
@ -539,6 +540,13 @@ class TestBaseImageUploader(base.TestCase):
|
|||
'https://192.0.2.1:8787/v2/t/nova-api/tags/list',
|
||||
build(url3, '/t/nova-api/tags/list')
|
||||
)
|
||||
# "no verify" registries are insecure but still use https
|
||||
secure_reg.remove('192.0.2.1:8787')
|
||||
no_verify_reg.add('192.0.2.1:8787')
|
||||
self.assertEqual(
|
||||
'https://192.0.2.1:8787/v2/t/nova-api/tags/list',
|
||||
build(url3, '/t/nova-api/tags/list')
|
||||
)
|
||||
|
||||
# test mirrors
|
||||
mirrors['docker.io'] = 'http://192.0.2.2:8081/registry-1.docker/'
|
||||
|
|
Loading…
Reference in New Issue