Image uploader: use HTTPS for "no verify" registries
Registries with an invalid SSL certificate are insecure, but still
need to be accessed via HTTPS. This patch updates the URL builder
to take this into consideration.
Closes-Bug: #1858672
Change-Id: I71436313098f513c200ecc3f862a2b851fb1060a
(cherry picked from commit dcf99e7167
)
This commit is contained in:
parent
b1b4b06aad
commit
f6bcc3bcdb
|
@ -568,10 +568,11 @@ class BaseImageUploader(object):
|
|||
mirror = cls.mirrors[netloc]
|
||||
return '%sv2%s' % (mirror, path)
|
||||
else:
|
||||
if not cls.is_insecure_registry(registry_host=netloc):
|
||||
scheme = 'https'
|
||||
else:
|
||||
if (cls.is_insecure_registry(registry_host=netloc) and
|
||||
netloc not in cls.no_verify_registries):
|
||||
scheme = 'http'
|
||||
else:
|
||||
scheme = 'https'
|
||||
if netloc == 'docker.io':
|
||||
netloc = 'registry-1.docker.io'
|
||||
return '%s://%s/v2%s' % (scheme, netloc, path)
|
||||
|
|
|
@ -587,6 +587,7 @@ class TestBaseImageUploader(base.TestCase):
|
|||
build = image_uploader.BaseImageUploader._build_url
|
||||
insecure_reg = image_uploader.BaseImageUploader.insecure_registries
|
||||
secure_reg = image_uploader.BaseImageUploader.secure_registries
|
||||
no_verify_reg = image_uploader.BaseImageUploader.no_verify_registries
|
||||
mirrors = image_uploader.BaseImageUploader.mirrors
|
||||
# fix urls
|
||||
self.assertEqual(
|
||||
|
@ -605,6 +606,13 @@ class TestBaseImageUploader(base.TestCase):
|
|||
'https://192.0.2.1:8787/v2/t/nova-api/tags/list',
|
||||
build(url3, '/t/nova-api/tags/list')
|
||||
)
|
||||
# "no verify" registries are insecure but still use https
|
||||
secure_reg.remove('192.0.2.1:8787')
|
||||
no_verify_reg.add('192.0.2.1:8787')
|
||||
self.assertEqual(
|
||||
'https://192.0.2.1:8787/v2/t/nova-api/tags/list',
|
||||
build(url3, '/t/nova-api/tags/list')
|
||||
)
|
||||
|
||||
# test mirrors
|
||||
mirrors['docker.io'] = 'http://192.0.2.2:8081/registry-1.docker/'
|
||||
|
|
Loading…
Reference in New Issue