sync: skip tls verify on /v2/_catalog when a registry is configured with tls-verify false

Signed-off-by: Petu Eusebiu <peusebiu@cisco.com>
2024-12-30 22:34:13 -05:00 · 2021-11-18 13:54:32 +02:00 · 2021-11-18 13:54:32 +02:00 · 7ada50e9c8
commit 7ada50e9c8
parent 5f8f61407e
2 changed files with 6 additions and 1 deletions
--- a/pkg/extensions/sync/sync.go
+++ b/pkg/extensions/sync/sync.go
@ -106,6 +106,11 @@ func getUpstreamCatalog(regCfg *RegistryConfig, credentials Credentials, log log
 		client.SetCertificates(cert)
 	}

+	// nolint: gosec
+	if regCfg.TLSVerify != nil && !*regCfg.TLSVerify {
+		client.SetTLSClientConfig(&tls.Config{InsecureSkipVerify: true})
+	}
+
 	if credentials.Username != "" && credentials.Password != "" {
 		log.Debug().Msgf("sync: using basic auth")
 		client.SetBasicAuth(credentials.Username, credentials.Password)
--- a/pkg/extensions/sync/sync_test.go
+++ b/pkg/extensions/sync/sync_test.go
@ -2105,7 +2105,7 @@ func TestSyncInvalidCerts(t *testing.T) {
 		Convey("Test sync on POST request on /sync", func() {
 			resp, _ := resty.R().Post(destBaseURL + "/sync")
 			So(resp, ShouldNotBeNil)
-			So(string(resp.Body()), ShouldContainSubstring, "signed by unknown authority")
+			So(string(resp.Body()), ShouldContainSubstring, "bad certificate")
 			So(resp.StatusCode(), ShouldEqual, 500)
 		})
 	})