add parameter to allow ignore cert

Signed-off-by: shaowenchen <mail@chenshaowen.com>

pkg/kapis/resources/v1alpha2/handler.go

@@ -18,6 +18,10 @@ package v1alpha2
 
 import (
 	"fmt"
+	"net/http"
+	"strconv"
+	"strings"
+
 	"github.com/emicklei/go-restful"
 	v1 "k8s.io/api/core/v1"
 	k8serr "k8s.io/apimachinery/pkg/api/errors"
@@ -37,9 +41,6 @@ import (
 	"kubesphere.io/kubesphere/pkg/models/routers"
 	"kubesphere.io/kubesphere/pkg/server/errors"
 	"kubesphere.io/kubesphere/pkg/server/params"
-	"net/http"
-	"strconv"
-	"strings"
 )
 
 type resourceHandler struct {
@@ -325,8 +326,9 @@ func (r *resourceHandler) handleGetRegistryEntry(request *restful.Request, respo
 	imageName := request.QueryParameter("image")
 	namespace := request.QueryParameter("namespace")
 	secretName := request.QueryParameter("secret")
+	insecure := request.QueryParameter("insecure") == "true"
 
-	detail, err := r.registryGetter.GetEntry(namespace, secretName, imageName)
+	detail, err := r.registryGetter.GetEntry(namespace, secretName, imageName, insecure)
 	if err != nil {
 		api.HandleBadRequest(response, nil, err)
 		return

pkg/kapis/resources/v1alpha2/register.go

@@ -17,8 +17,10 @@ limitations under the License.
 package v1alpha2
 
 import (
+	"net/http"
+
 	"github.com/emicklei/go-restful"
-	"github.com/emicklei/go-restful-openapi"
+	restfulspec "github.com/emicklei/go-restful-openapi"
 	appsv1 "k8s.io/api/apps/v1"
 	corev1 "k8s.io/api/core/v1"
 	"k8s.io/apimachinery/pkg/runtime/schema"
@@ -33,7 +35,6 @@ import (
 	registriesmodel "kubesphere.io/kubesphere/pkg/models/registries"
 	"kubesphere.io/kubesphere/pkg/server/errors"
 	"kubesphere.io/kubesphere/pkg/server/params"
-	"net/http"
 )
 
 const (
@@ -145,6 +146,9 @@ func AddToContainer(c *restful.Container, k8sClient kubernetes.Interface, factor
 		Param(webservice.QueryParameter("secret", "secret name").
 			Required(false).
 			DataFormat("secret=%s")).
+		Param(webservice.QueryParameter("insecure", "whether verify cert if using https repo").
+			Required(false).
+			DataFormat("insecure=%s")).
 		Metadata(restfulspec.KeyOpenAPITags, []string{constants.RegistryTag}).
 		Doc("Retrieve the blob from the registry identified").
 		Writes(registriesmodel.ImageDetails{}).

pkg/models/registries/manifest_test.go

@@ -23,7 +23,7 @@ import (
 func TestDigestFromDockerHub(t *testing.T) {
 
 	testImage := Image{Domain: "docker.io", Path: "library/alpine", Tag: "latest"}
-	r, err := CreateRegistryClient("", "", "docker.io", true)
+	r, err := CreateRegistryClient("", "", "docker.io", true, false)
 	if err != nil {
 		t.Fatalf("Could not get client: %s", err)
 	}

pkg/models/registries/registries.go

@@ -21,6 +21,8 @@ import (
 	"encoding/base64"
 	"encoding/json"
 	"fmt"
+	"strings"
+
 	"github.com/docker/docker/api/types"
 	"github.com/docker/docker/client"
 	"github.com/emicklei/go-restful"
@@ -28,7 +30,6 @@ import (
 	"k8s.io/client-go/informers"
 	"k8s.io/klog"
 	"kubesphere.io/kubesphere/pkg/api"
-	"strings"
 )
 
 const (
@@ -55,7 +56,7 @@ type DockerConfigEntry struct {
 
 type RegistryGetter interface {
 	VerifyRegistryCredential(credential api.RegistryCredential) error
-	GetEntry(namespace, secretName, imageName string) (ImageDetails, error)
+	GetEntry(namespace, secretName, imageName string, insecure bool) (ImageDetails, error)
 }
 
 type registryGetter struct {
@@ -96,8 +97,8 @@ func (c *registryGetter) VerifyRegistryCredential(credential api.RegistryCredent
 	}
 }
 
-func (c *registryGetter) GetEntry(namespace, secretName, imageName string) (ImageDetails, error) {
+func (c *registryGetter) GetEntry(namespace, secretName, imageName string, insecure bool) (ImageDetails, error) {
-	imageDetails, err := c.getEntryBySecret(namespace, secretName, imageName)
+	imageDetails, err := c.getEntryBySecret(namespace, secretName, imageName, insecure)
 	if imageDetails.Status == StatusFailed {
 		imageDetails.Message = err.Error()
 	}
@@ -105,7 +106,7 @@ func (c *registryGetter) GetEntry(namespace, secretName, imageName string) (Imag
 	return imageDetails, err
 }
 
-func (c *registryGetter) getEntryBySecret(namespace, secretName, imageName string) (ImageDetails, error) {
+func (c *registryGetter) getEntryBySecret(namespace, secretName, imageName string, insecure bool) (ImageDetails, error) {
 	failedImageDetails := ImageDetails{
 		Status:  StatusFailed,
 		Message: "",
@@ -152,7 +153,7 @@ func (c *registryGetter) getEntryBySecret(namespace, secretName, imageName strin
 	useSSL := checkSSl(config.ServerAddress)
 
 	// Create the registry client.
-	r, err := CreateRegistryClient(config.Username, config.Password, image.Domain, useSSL)
+	r, err := CreateRegistryClient(config.Username, config.Password, image.Domain, useSSL, insecure)
 	if err != nil {
 		return failedImageDetails, err
 	}

pkg/models/registries/registry_client.go

@@ -18,17 +18,19 @@ package registries
 
 import (
 	"compress/gzip"
+	"crypto/tls"
 	"errors"
 	"fmt"
-	"github.com/docker/docker/api/types"
 	"io"
 	"io/ioutil"
-	log "k8s.io/klog"
 	"net/http"
 	"net/url"
 	"regexp"
 	"strings"
 	"time"
+
+	"github.com/docker/docker/api/types"
+	log "k8s.io/klog"
 )
 
 const (
@@ -67,6 +69,7 @@ type RegistryOpt struct {
 	Timeout  time.Duration
 	Headers  map[string]string
 	UseSSL   bool
+	Insecure bool
 }
 
 type authToken struct {
@@ -80,7 +83,7 @@ type authService struct {
 	Scope   []string
 }
 
-func CreateRegistryClient(username, password, domain string, useSSL bool) (*Registry, error) {
+func CreateRegistryClient(username, password, domain string, useSSL bool, insecure bool) (*Registry, error) {
 	authDomain := domain
 	auth, err := GetAuthConfig(username, password, authDomain)
 	if err != nil {
@@ -92,6 +95,7 @@ func CreateRegistryClient(username, password, domain string, useSSL bool) (*Regi
 	return New(auth, RegistryOpt{
 		Domain:   domain,
 		UseSSL:   useSSL,
+		Insecure: insecure,
 	})
 }
 
@@ -135,11 +139,16 @@ func newFromTransport(auth types.AuthConfig, opt RegistryOpt) (*Registry, error)
 	}
 
 	registryURL, _ := url.Parse(registryUrl)
+
+	tr := &http.Transport{
+		TLSClientConfig: &tls.Config{InsecureSkipVerify: opt.Insecure},
+	}
 	registry := &Registry{
 		URL:    registryURL.String(),
 		Domain: registryURL.Host,
 		Client: &http.Client{
 			Timeout:   DefaultTimeout,
+			Transport: tr,
 		},
 		Username: auth.Username,
 		Password: auth.Password,

pkg/models/registries/registry_client_test.go

@@ -41,7 +41,7 @@ func TestCreateRegistryClient(t *testing.T) {
 	}
 
 	for _, testImage := range testImages {
-		reg, err := CreateRegistryClient(testImage.Username, testImage.Password, testImage.Domain, testImage.UseSSL)
+		reg, err := CreateRegistryClient(testImage.Username, testImage.Password, testImage.Domain, testImage.UseSSL, false)
 		if err != nil {
 			t.Fatalf("Get err %s", err)
 		}
@@ -57,7 +57,7 @@ func TestCreateRegistryClient(t *testing.T) {
 	}
 
 	testImage := Image{Domain: DockerHub, Path: "library/alpine", Tag: "latest"}
-	r, err := CreateRegistryClient("", "", DockerHub, true)
+	r, err := CreateRegistryClient("", "", DockerHub, true, false)
 	if err != nil {
 		t.Fatalf("Could not get client: %s", err)
 	}

pkg/models/registries/token_test.go

@@ -48,7 +48,7 @@ func (asm authServiceMock) equalTo(v *authService) bool {
 
 func TestToken(t *testing.T) {
 	testImage := Image{Domain: "docker.io", Path: "library/alpine", Tag: "latest"}
-	r, err := CreateRegistryClient("", "", "docker.io", true)
+	r, err := CreateRegistryClient("", "", "docker.io", true, false)
 	if err != nil {
 		t.Fatalf("Could not get registry client: %s", err)
 	}