From 7ada50e9c85beadc80378238d049a49a4e5c0e33 Mon Sep 17 00:00:00 2001 From: Petu Eusebiu Date: Thu, 18 Nov 2021 13:54:32 +0200 Subject: [PATCH] sync: skip tls verify on /v2/_catalog when a registry is configured with tls-verify false Signed-off-by: Petu Eusebiu --- pkg/extensions/sync/sync.go | 5 +++++ pkg/extensions/sync/sync_test.go | 2 +- 2 files changed, 6 insertions(+), 1 deletion(-) diff --git a/pkg/extensions/sync/sync.go b/pkg/extensions/sync/sync.go index 178b46eb..6633a7ec 100644 --- a/pkg/extensions/sync/sync.go +++ b/pkg/extensions/sync/sync.go @@ -106,6 +106,11 @@ func getUpstreamCatalog(regCfg *RegistryConfig, credentials Credentials, log log client.SetCertificates(cert) } + // nolint: gosec + if regCfg.TLSVerify != nil && !*regCfg.TLSVerify { + client.SetTLSClientConfig(&tls.Config{InsecureSkipVerify: true}) + } + if credentials.Username != "" && credentials.Password != "" { log.Debug().Msgf("sync: using basic auth") client.SetBasicAuth(credentials.Username, credentials.Password) diff --git a/pkg/extensions/sync/sync_test.go b/pkg/extensions/sync/sync_test.go index af8d5df7..96e347d7 100644 --- a/pkg/extensions/sync/sync_test.go +++ b/pkg/extensions/sync/sync_test.go @@ -2105,7 +2105,7 @@ func TestSyncInvalidCerts(t *testing.T) { Convey("Test sync on POST request on /sync", func() { resp, _ := resty.R().Post(destBaseURL + "/sync") So(resp, ShouldNotBeNil) - So(string(resp.Body()), ShouldContainSubstring, "signed by unknown authority") + So(string(resp.Body()), ShouldContainSubstring, "bad certificate") So(resp.StatusCode(), ShouldEqual, 500) }) })