Merge "Support self-signed certificates docker registry"

2019-03-08 15:52:32 +00:00 · 2019-03-08 15:52:32 +00:00 · a51afe952d
commit a51afe952d
parent c47dc363ef cc50c3048b
3 changed files with 32 additions and 5 deletions
--- a/2
+++ b/2
@ -16,6 +16,8 @@ ARG PLUGIN=no
 ARG PYTHON3=no
 ARG EXTRA_BINDEP=""
 ARG EXTRA_PYDEP=""
+ARG REGISTRY_PROTOCOL="detect"
+ARG REGISTRY_INSECURE="False"

 ARG UID=42424
 ARG GID=42424
--- a/README.md
+++ b/README.md
@ -100,6 +100,12 @@ For more advanced building you can use docker build arguments to define:
     be considered next to the default bindep.txt.
  * `EXTRA_PYDEP` Specify a pydep-* file to add in the container. It would
     be considered next to the default pydep.txt.
+  * `REGISTRY_PROTOCOL` Set this to `https` if you are running your own
+    registry on https, `http` if you are running on http, or leave it as
+    `detect` if you want to re-use existing protocol detection.
+  * `REGISTRY_INSECURE` Set this to `True` if your image registry is
+    running on HTTPS with self-signed certificates to ignore SSL verification.
+    (defaults to False)

 This makes it really easy to integrate LOCI images into your development or
 CI/CD workflow, for example, if you wanted to build an image from [this
--- a/scripts/fetch_wheels.py
+++ b/scripts/fetch_wheels.py
@ -3,6 +3,8 @@
 import json
 import os
 import re
+import ssl
+from distutils.util import strtobool

 try:
    import urllib2
@ -24,7 +26,10 @@ def get_token(protocol, registry, repo):
    print(url)
    try:
        r = urllib2.Request(url=url)
-        resp = urllib2.urlopen(r)
+        if strtobool(os.environ.get('REGISTRY_INSECURE', "False")):
+            resp = urllib2.urlopen(r, context=ssl._create_unverified_context())
+        else:
+            resp = urllib2.urlopen(r)
        resp_text = resp.read().decode('utf-8').strip()
        return json.loads(resp_text)['token']
    except urllib2.HTTPError as err:
@ -37,7 +42,10 @@ def get_sha(repo, tag, registry, protocol, token):
    r = urllib2.Request(url=url)
    if token:
        r.add_header('Authorization', 'Bearer {}'.format(token))
-    resp = urllib2.urlopen(r)
+    if strtobool(os.environ.get('REGISTRY_INSECURE', "False")):
+        resp = urllib2.urlopen(r, context=ssl._create_unverified_context())
+    else:
+        resp = urllib2.urlopen(r)
    resp_text = resp.read().decode('utf-8').strip()
    return json.loads(resp_text)['fsLayers'][0]['blobSum']

@ -49,7 +57,10 @@ def get_blob(repo, tag, protocol, registry=DOCKER_REGISTRY, token=None):
    r = urllib2.Request(url=url)
    if token:
        r.add_header('Authorization', 'Bearer {}'.format(token))
-    resp = urllib2.urlopen(r)
+    if strtobool(os.environ.get('REGISTRY_INSECURE', "False")):
+        resp = urllib2.urlopen(r, context=ssl._create_unverified_context())
+    else:
+        resp = urllib2.urlopen(r)
    return resp.read()

 def protocol_detection(registry, protocol='http'):
@ -73,7 +84,10 @@ def protocol_detection(registry, protocol='http'):

 def get_wheels(url):
    r = urllib2.Request(url=url)
-    resp = urllib2.urlopen(r)
+    if strtobool(os.environ.get('REGISTRY_INSECURE', "False")):
+        resp = urllib2.urlopen(r, context=ssl._create_unverified_context())
+    else:
+        resp = urllib2.urlopen(r)
    return resp.read()

 def parse_image(full_image):
@ -106,7 +120,12 @@ def main():
        data = get_wheels(wheels)
    else:
        registry, image, tag = parse_image(wheels)
-        protocol = protocol_detection(registry)
+        if os.environ.get('REGISTRY_PROTOCOL') in ['http','https']:
+            protocol = os.environ.get('REGISTRY_PROTOCOL')
+        elif os.environ.get('REGISTRY_PROTOCOL') == 'detect':
+            protocol = protocol_detection(registry)
+        else:
+            raise ValueError("Unknown protocol given in argument")
        kwargs = dict()
        if registry:
            kwargs.update({'registry': registry})