diff --git a/Deploy/prepare b/Deploy/prepare index d861f58e3..5a301ce61 100755 --- a/Deploy/prepare +++ b/Deploy/prepare @@ -98,7 +98,8 @@ render(os.path.join(templates_dir, "ui", "env"), ldap_url=ldap_url, ldap_basedn=ldap_basedn, self_registration=self_registration, - ui_secret=ui_secret) + ui_secret=ui_secret, + verify_remote_cert=verify_remote_cert) render(os.path.join(templates_dir, "ui", "app.conf"), ui_conf, diff --git a/Deploy/templates/ui/env b/Deploy/templates/ui/env index 5098fa1a7..a77452f41 100644 --- a/Deploy/templates/ui/env +++ b/Deploy/templates/ui/env @@ -17,3 +17,4 @@ LOG_LEVEL=debug GODEBUG=netdns=cgo EXT_ENDPOINT=$ui_url TOKEN_URL=http://ui +VERIFY_REMOTE_CERT=$verify_remote_cert diff --git a/api/config.go b/api/config.go new file mode 100644 index 000000000..aceb1c1b3 --- /dev/null +++ b/api/config.go @@ -0,0 +1,35 @@ +/* + Copyright (c) 2016 VMware, Inc. All Rights Reserved. + Licensed under the Apache License, Version 2.0 (the "License"); + you may not use this file except in compliance with the License. + You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + + Unless required by applicable law or agreed to in writing, software + distributed under the License is distributed on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + See the License for the specific language governing permissions and + limitations under the License. +*/ + +package api + +import ( + "os" +) + +var ( + Insecure bool +) + +func init() { + verifyRemoteCert := os.Getenv("VERIFY_REMOTE_CERT") + if len(verifyRemoteCert) == 0 { + verifyRemoteCert = "on" + } + + if verifyRemoteCert == "off" { + Insecure = false + } +} diff --git a/api/repository.go b/api/repository.go index b4b36c090..254349901 100644 --- a/api/repository.go +++ b/api/repository.go @@ -255,12 +255,10 @@ func (ra *RepositoryAPI) GetManifests() { func (ra *RepositoryAPI) initRepositoryClient(repoName string) (r *registry.Repository, err error) { endpoint := os.Getenv("REGISTRY_URL") - // TODO read variable from config file - insecure := true username, password, ok := ra.Ctx.Request.BasicAuth() if ok { - return newRepositoryClient(endpoint, insecure, username, password, + return newRepositoryClient(endpoint, Insecure, username, password, repoName, "repository", repoName, "pull", "push", "*") } @@ -269,7 +267,7 @@ func (ra *RepositoryAPI) initRepositoryClient(repoName string) (r *registry.Repo return nil, err } - return cache.NewRepositoryClient(endpoint, insecure, username, repoName, + return cache.NewRepositoryClient(endpoint, Insecure, username, repoName, "repository", repoName, "pull", "push", "*") } diff --git a/api/target.go b/api/target.go index 2271b142f..e22d91b62 100644 --- a/api/target.go +++ b/api/target.go @@ -92,9 +92,7 @@ func (t *TargetAPI) Ping() { password = t.GetString("password") } - // TODO read variable from config file - insecure := true - registry, err := newRegistryClient(endpoint, insecure, username, password, + registry, err := newRegistryClient(endpoint, Insecure, username, password, "", "", "") if err != nil { // timeout, dns resolve error, connection refused, etc.