Merge "Support self-signed certificates docker registry"

Dockerfile

@@ -16,6 +16,8 @@ ARG PLUGIN=no
 ARG PYTHON3=no
 ARG EXTRA_BINDEP=""
 ARG EXTRA_PYDEP=""
+ARG REGISTRY_PROTOCOL="detect"
+ARG REGISTRY_INSECURE="False"
 
 ARG UID=42424
 ARG GID=42424

README.md

@@ -100,6 +100,12 @@ For more advanced building you can use docker build arguments to define:
      be considered next to the default bindep.txt.
   * `EXTRA_PYDEP` Specify a pydep-* file to add in the container. It would
      be considered next to the default pydep.txt.
+  * `REGISTRY_PROTOCOL` Set this to `https` if you are running your own
+    registry on https, `http` if you are running on http, or leave it as
+    `detect` if you want to re-use existing protocol detection.
+  * `REGISTRY_INSECURE` Set this to `True` if your image registry is
+    running on HTTPS with self-signed certificates to ignore SSL verification.
+    (defaults to False)
 
 This makes it really easy to integrate LOCI images into your development or
 CI/CD workflow, for example, if you wanted to build an image from [this

scripts/fetch_wheels.py

@@ -3,6 +3,8 @@
 import json
 import os
 import re
+import ssl
+from distutils.util import strtobool
 
 try:
     import urllib2
@@ -24,7 +26,10 @@ def get_token(protocol, registry, repo):
     print(url)
     try:
         r = urllib2.Request(url=url)
-        resp = urllib2.urlopen(r)
+        if strtobool(os.environ.get('REGISTRY_INSECURE', "False")):
+            resp = urllib2.urlopen(r, context=ssl._create_unverified_context())
+        else:
+            resp = urllib2.urlopen(r)
         resp_text = resp.read().decode('utf-8').strip()
         return json.loads(resp_text)['token']
     except urllib2.HTTPError as err:
@@ -37,7 +42,10 @@ def get_sha(repo, tag, registry, protocol, token):
     r = urllib2.Request(url=url)
     if token:
         r.add_header('Authorization', 'Bearer {}'.format(token))
-    resp = urllib2.urlopen(r)
+    if strtobool(os.environ.get('REGISTRY_INSECURE', "False")):
+        resp = urllib2.urlopen(r, context=ssl._create_unverified_context())
+    else:
+        resp = urllib2.urlopen(r)
     resp_text = resp.read().decode('utf-8').strip()
     return json.loads(resp_text)['fsLayers'][0]['blobSum']
 
@@ -49,7 +57,10 @@ def get_blob(repo, tag, protocol, registry=DOCKER_REGISTRY, token=None):
     r = urllib2.Request(url=url)
     if token:
         r.add_header('Authorization', 'Bearer {}'.format(token))
-    resp = urllib2.urlopen(r)
+    if strtobool(os.environ.get('REGISTRY_INSECURE', "False")):
+        resp = urllib2.urlopen(r, context=ssl._create_unverified_context())
+    else:
+        resp = urllib2.urlopen(r)
     return resp.read()
 
 def protocol_detection(registry, protocol='http'):
@@ -73,7 +84,10 @@ def protocol_detection(registry, protocol='http'):
 
 def get_wheels(url):
     r = urllib2.Request(url=url)
-    resp = urllib2.urlopen(r)
+    if strtobool(os.environ.get('REGISTRY_INSECURE', "False")):
+        resp = urllib2.urlopen(r, context=ssl._create_unverified_context())
+    else:
+        resp = urllib2.urlopen(r)
     return resp.read()
 
 def parse_image(full_image):
@@ -106,7 +120,12 @@ def main():
         data = get_wheels(wheels)
     else:
         registry, image, tag = parse_image(wheels)
-        protocol = protocol_detection(registry)
+        if os.environ.get('REGISTRY_PROTOCOL') in ['http','https']:
+            protocol = os.environ.get('REGISTRY_PROTOCOL')
+        elif os.environ.get('REGISTRY_PROTOCOL') == 'detect':
+            protocol = protocol_detection(registry)
+        else:
+            raise ValueError("Unknown protocol given in argument")
         kwargs = dict()
         if registry:
             kwargs.update({'registry': registry})