Image uploader: use HTTPS for "no verify" registries

Registries with an invalid SSL certificate are insecure, but still
need to be accessed via HTTPS. This patch updates the URL builder
to take this into consideration.

Closes-Bug: #1858672
Change-Id: I71436313098f513c200ecc3f862a2b851fb1060a
(cherry picked from commit dcf99e7167)
(cherry picked from commit f6bcc3bcdb)
This commit is contained in:
Alan Bishop 2020-01-07 08:54:18 -08:00 committed by Alex Schultz
parent a71a78cf01
commit cba9fa4e2a
2 changed files with 12 additions and 3 deletions

View File

@ -558,10 +558,11 @@ class BaseImageUploader(object):
mirror = cls.mirrors[netloc]
return '%sv2%s' % (mirror, path)
else:
if not cls.is_insecure_registry(registry_host=netloc):
scheme = 'https'
else:
if (cls.is_insecure_registry(registry_host=netloc) and
netloc not in cls.no_verify_registries):
scheme = 'http'
else:
scheme = 'https'
if netloc == 'docker.io':
netloc = 'registry-1.docker.io'
return '%s://%s/v2%s' % (scheme, netloc, path)

View File

@ -521,6 +521,7 @@ class TestBaseImageUploader(base.TestCase):
build = image_uploader.BaseImageUploader._build_url
insecure_reg = image_uploader.BaseImageUploader.insecure_registries
secure_reg = image_uploader.BaseImageUploader.secure_registries
no_verify_reg = image_uploader.BaseImageUploader.no_verify_registries
mirrors = image_uploader.BaseImageUploader.mirrors
# fix urls
self.assertEqual(
@ -539,6 +540,13 @@ class TestBaseImageUploader(base.TestCase):
'https://192.0.2.1:8787/v2/t/nova-api/tags/list',
build(url3, '/t/nova-api/tags/list')
)
# "no verify" registries are insecure but still use https
secure_reg.remove('192.0.2.1:8787')
no_verify_reg.add('192.0.2.1:8787')
self.assertEqual(
'https://192.0.2.1:8787/v2/t/nova-api/tags/list',
build(url3, '/t/nova-api/tags/list')
)
# test mirrors
mirrors['docker.io'] = 'http://192.0.2.2:8081/registry-1.docker/'