From 774cefcbee2fe6784a8bb882bf1049f1923a1b02 Mon Sep 17 00:00:00 2001
From: shaowenchen <mail@chenshaowen.com>
Date: Thu, 28 Jan 2021 14:06:03 +0800
Subject: [PATCH] add parameter to allow ignore cert

Signed-off-by: shaowenchen <mail@chenshaowen.com>
---
 pkg/kapis/resources/v1alpha2/handler.go       | 10 ++++---
 pkg/kapis/resources/v1alpha2/register.go      |  8 +++--
 pkg/models/registries/manifest_test.go        |  2 +-
 pkg/models/registries/registries.go           | 13 +++++----
 pkg/models/registries/registry_client.go      | 29 ++++++++++++-------
 pkg/models/registries/registry_client_test.go |  4 +--
 pkg/models/registries/token_test.go           |  2 +-
 7 files changed, 42 insertions(+), 26 deletions(-)

diff --git a/pkg/kapis/resources/v1alpha2/handler.go b/pkg/kapis/resources/v1alpha2/handler.go
index f81fe668d..6f93dc5f1 100644
--- a/pkg/kapis/resources/v1alpha2/handler.go
+++ b/pkg/kapis/resources/v1alpha2/handler.go
@@ -18,6 +18,10 @@ package v1alpha2
 
 import (
 	"fmt"
+	"net/http"
+	"strconv"
+	"strings"
+
 	"github.com/emicklei/go-restful"
 	v1 "k8s.io/api/core/v1"
 	k8serr "k8s.io/apimachinery/pkg/api/errors"
@@ -37,9 +41,6 @@ import (
 	"kubesphere.io/kubesphere/pkg/models/routers"
 	"kubesphere.io/kubesphere/pkg/server/errors"
 	"kubesphere.io/kubesphere/pkg/server/params"
-	"net/http"
-	"strconv"
-	"strings"
 )
 
 type resourceHandler struct {
@@ -325,8 +326,9 @@ func (r *resourceHandler) handleGetRegistryEntry(request *restful.Request, respo
 	imageName := request.QueryParameter("image")
 	namespace := request.QueryParameter("namespace")
 	secretName := request.QueryParameter("secret")
+	insecure := request.QueryParameter("insecure") == "true"
 
-	detail, err := r.registryGetter.GetEntry(namespace, secretName, imageName)
+	detail, err := r.registryGetter.GetEntry(namespace, secretName, imageName, insecure)
 	if err != nil {
 		api.HandleBadRequest(response, nil, err)
 		return
diff --git a/pkg/kapis/resources/v1alpha2/register.go b/pkg/kapis/resources/v1alpha2/register.go
index a1d28d77a..03418ee5b 100644
--- a/pkg/kapis/resources/v1alpha2/register.go
+++ b/pkg/kapis/resources/v1alpha2/register.go
@@ -17,8 +17,10 @@ limitations under the License.
 package v1alpha2
 
 import (
+	"net/http"
+
 	"github.com/emicklei/go-restful"
-	"github.com/emicklei/go-restful-openapi"
+	restfulspec "github.com/emicklei/go-restful-openapi"
 	appsv1 "k8s.io/api/apps/v1"
 	corev1 "k8s.io/api/core/v1"
 	"k8s.io/apimachinery/pkg/runtime/schema"
@@ -33,7 +35,6 @@ import (
 	registriesmodel "kubesphere.io/kubesphere/pkg/models/registries"
 	"kubesphere.io/kubesphere/pkg/server/errors"
 	"kubesphere.io/kubesphere/pkg/server/params"
-	"net/http"
 )
 
 const (
@@ -145,6 +146,9 @@ func AddToContainer(c *restful.Container, k8sClient kubernetes.Interface, factor
 		Param(webservice.QueryParameter("secret", "secret name").
 			Required(false).
 			DataFormat("secret=%s")).
+		Param(webservice.QueryParameter("insecure", "whether verify cert if using https repo").
+			Required(false).
+			DataFormat("insecure=%s")).
 		Metadata(restfulspec.KeyOpenAPITags, []string{constants.RegistryTag}).
 		Doc("Retrieve the blob from the registry identified").
 		Writes(registriesmodel.ImageDetails{}).
diff --git a/pkg/models/registries/manifest_test.go b/pkg/models/registries/manifest_test.go
index 1ef4bfba6..5ba3abe8f 100644
--- a/pkg/models/registries/manifest_test.go
+++ b/pkg/models/registries/manifest_test.go
@@ -23,7 +23,7 @@ import (
 func TestDigestFromDockerHub(t *testing.T) {
 
 	testImage := Image{Domain: "docker.io", Path: "library/alpine", Tag: "latest"}
-	r, err := CreateRegistryClient("", "", "docker.io", true)
+	r, err := CreateRegistryClient("", "", "docker.io", true, false)
 	if err != nil {
 		t.Fatalf("Could not get client: %s", err)
 	}
diff --git a/pkg/models/registries/registries.go b/pkg/models/registries/registries.go
index 1b6e36cf0..aab53a541 100644
--- a/pkg/models/registries/registries.go
+++ b/pkg/models/registries/registries.go
@@ -21,6 +21,8 @@ import (
 	"encoding/base64"
 	"encoding/json"
 	"fmt"
+	"strings"
+
 	"github.com/docker/docker/api/types"
 	"github.com/docker/docker/client"
 	"github.com/emicklei/go-restful"
@@ -28,7 +30,6 @@ import (
 	"k8s.io/client-go/informers"
 	"k8s.io/klog"
 	"kubesphere.io/kubesphere/pkg/api"
-	"strings"
 )
 
 const (
@@ -55,7 +56,7 @@ type DockerConfigEntry struct {
 
 type RegistryGetter interface {
 	VerifyRegistryCredential(credential api.RegistryCredential) error
-	GetEntry(namespace, secretName, imageName string) (ImageDetails, error)
+	GetEntry(namespace, secretName, imageName string, insecure bool) (ImageDetails, error)
 }
 
 type registryGetter struct {
@@ -96,8 +97,8 @@ func (c *registryGetter) VerifyRegistryCredential(credential api.RegistryCredent
 	}
 }
 
-func (c *registryGetter) GetEntry(namespace, secretName, imageName string) (ImageDetails, error) {
-	imageDetails, err := c.getEntryBySecret(namespace, secretName, imageName)
+func (c *registryGetter) GetEntry(namespace, secretName, imageName string, insecure bool) (ImageDetails, error) {
+	imageDetails, err := c.getEntryBySecret(namespace, secretName, imageName, insecure)
 	if imageDetails.Status == StatusFailed {
 		imageDetails.Message = err.Error()
 	}
@@ -105,7 +106,7 @@ func (c *registryGetter) GetEntry(namespace, secretName, imageName string) (Imag
 	return imageDetails, err
 }
 
-func (c *registryGetter) getEntryBySecret(namespace, secretName, imageName string) (ImageDetails, error) {
+func (c *registryGetter) getEntryBySecret(namespace, secretName, imageName string, insecure bool) (ImageDetails, error) {
 	failedImageDetails := ImageDetails{
 		Status:  StatusFailed,
 		Message: "",
@@ -152,7 +153,7 @@ func (c *registryGetter) getEntryBySecret(namespace, secretName, imageName strin
 	useSSL := checkSSl(config.ServerAddress)
 
 	// Create the registry client.
-	r, err := CreateRegistryClient(config.Username, config.Password, image.Domain, useSSL)
+	r, err := CreateRegistryClient(config.Username, config.Password, image.Domain, useSSL, insecure)
 	if err != nil {
 		return failedImageDetails, err
 	}
diff --git a/pkg/models/registries/registry_client.go b/pkg/models/registries/registry_client.go
index ab4ed949a..845e97147 100644
--- a/pkg/models/registries/registry_client.go
+++ b/pkg/models/registries/registry_client.go
@@ -18,17 +18,19 @@ package registries
 
 import (
 	"compress/gzip"
+	"crypto/tls"
 	"errors"
 	"fmt"
-	"github.com/docker/docker/api/types"
 	"io"
 	"io/ioutil"
-	log "k8s.io/klog"
 	"net/http"
 	"net/url"
 	"regexp"
 	"strings"
 	"time"
+
+	"github.com/docker/docker/api/types"
+	log "k8s.io/klog"
 )
 
 const (
@@ -63,10 +65,11 @@ type Registry struct {
 
 // Opt holds the options for a new registry.
 type RegistryOpt struct {
-	Domain  string
-	Timeout time.Duration
-	Headers map[string]string
-	UseSSL  bool
+	Domain   string
+	Timeout  time.Duration
+	Headers  map[string]string
+	UseSSL   bool
+	Insecure bool
 }
 
 type authToken struct {
@@ -80,7 +83,7 @@ type authService struct {
 	Scope   []string
 }
 
-func CreateRegistryClient(username, password, domain string, useSSL bool) (*Registry, error) {
+func CreateRegistryClient(username, password, domain string, useSSL bool, insecure bool) (*Registry, error) {
 	authDomain := domain
 	auth, err := GetAuthConfig(username, password, authDomain)
 	if err != nil {
@@ -90,8 +93,9 @@ func CreateRegistryClient(username, password, domain string, useSSL bool) (*Regi
 
 	// Create the registry client.
 	return New(auth, RegistryOpt{
-		Domain: domain,
-		UseSSL: useSSL,
+		Domain:   domain,
+		UseSSL:   useSSL,
+		Insecure: insecure,
 	})
 }
 
@@ -135,11 +139,16 @@ func newFromTransport(auth types.AuthConfig, opt RegistryOpt) (*Registry, error)
 	}
 
 	registryURL, _ := url.Parse(registryUrl)
+
+	tr := &http.Transport{
+		TLSClientConfig: &tls.Config{InsecureSkipVerify: opt.Insecure},
+	}
 	registry := &Registry{
 		URL:    registryURL.String(),
 		Domain: registryURL.Host,
 		Client: &http.Client{
-			Timeout: DefaultTimeout,
+			Timeout:   DefaultTimeout,
+			Transport: tr,
 		},
 		Username: auth.Username,
 		Password: auth.Password,
diff --git a/pkg/models/registries/registry_client_test.go b/pkg/models/registries/registry_client_test.go
index 4127bddcd..9e9760e90 100644
--- a/pkg/models/registries/registry_client_test.go
+++ b/pkg/models/registries/registry_client_test.go
@@ -41,7 +41,7 @@ func TestCreateRegistryClient(t *testing.T) {
 	}
 
 	for _, testImage := range testImages {
-		reg, err := CreateRegistryClient(testImage.Username, testImage.Password, testImage.Domain, testImage.UseSSL)
+		reg, err := CreateRegistryClient(testImage.Username, testImage.Password, testImage.Domain, testImage.UseSSL, false)
 		if err != nil {
 			t.Fatalf("Get err %s", err)
 		}
@@ -57,7 +57,7 @@ func TestCreateRegistryClient(t *testing.T) {
 	}
 
 	testImage := Image{Domain: DockerHub, Path: "library/alpine", Tag: "latest"}
-	r, err := CreateRegistryClient("", "", DockerHub, true)
+	r, err := CreateRegistryClient("", "", DockerHub, true, false)
 	if err != nil {
 		t.Fatalf("Could not get client: %s", err)
 	}
diff --git a/pkg/models/registries/token_test.go b/pkg/models/registries/token_test.go
index 9e640cd33..ceff94292 100644
--- a/pkg/models/registries/token_test.go
+++ b/pkg/models/registries/token_test.go
@@ -48,7 +48,7 @@ func (asm authServiceMock) equalTo(v *authService) bool {
 
 func TestToken(t *testing.T) {
 	testImage := Image{Domain: "docker.io", Path: "library/alpine", Tag: "latest"}
-	r, err := CreateRegistryClient("", "", "docker.io", true)
+	r, err := CreateRegistryClient("", "", "docker.io", true, false)
 	if err != nil {
 		t.Fatalf("Could not get registry client: %s", err)
 	}