Skip to content

Apply skipping certification verification to authorization as well#287

Merged
AkihiroSuda merged 1 commit into
containerd:masterfrom
ktock:authtlsskip
Jul 20, 2021
Merged

Apply skipping certification verification to authorization as well#287
AkihiroSuda merged 1 commit into
containerd:masterfrom
ktock:authtlsskip

Conversation

@ktock
Copy link
Copy Markdown
Member

@ktock ktock commented Jul 12, 2021

Fixes: #278

This commit fixes the issue that skipping certificate verification didn't applied to the access to the authorization server.
The behaviour that propagates skip-verification config to the authorizer is compatible to the current behaviour of ctr.

@AkihiroSuda
Copy link
Copy Markdown
Member

AkihiroSuda commented Jul 12, 2021

Can we have a test like this?

nerdctl/cmd/nerdctl/push_test.go

Line 121 in f6f48cd

func TestPushPlainHTTPInsecure(t *testing.T) {

Can be a separate PR though

@AkihiroSuda AkihiroSuda added this to the v0.11.0 milestone Jul 12, 2021
AkihiroSuda
AkihiroSuda reviewed Jul 12, 2021
View reviewed changes
Comment thread pkg/imgutil/dockerconfigresolver/dockerconfigresolver.go Outdated
Transport: tr,
}
regOpts = append(regOpts, docker.WithClient(client))
regOpts = append(regOpts, docker.WithClient(newInsecureClient()))
Copy link
Copy Markdown
Member

@AkihiroSuda AkihiroSuda Jul 12, 2021

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

No need to call newInsecureClient() twice

@ktock
Apply skipping certification verification to authorization as well
dcec038 
Signed-off-by: Kohei Tokunaga <ktokunaga.mail@gmail.com>
@ktock
Copy link
Copy Markdown
Member Author

ktock commented Jul 12, 2021

Can we have a test like this?

nerdctl/cmd/nerdctl/push_test.go

Line 121 in f6f48cd

func TestPushPlainHTTPInsecure(t *testing.T) {

Can be a separate PR though

I'll work on it. We'll need to host an authorization server in CI (maybe we can use https://github.com/cesanta/docker_auth).

@AkihiroSuda
Copy link
Copy Markdown
Member

AkihiroSuda commented Jul 19, 2021

@ktock Do you plan to work on tests before merging this PR or after?

@ktock
Copy link
Copy Markdown
Member Author

ktock commented Jul 19, 2021

Sorry for the late. I add the test in this week but please merge it if this patch is needed urgently.

@AkihiroSuda AkihiroSuda merged commit 162724f into containerd:master Jul 20, 2021
@ktock ktock mentioned this pull request Jul 26, 2021
Merged
@ktock ktock deleted the authtlsskip branch September 8, 2022 04:28
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@AkihiroSuda AkihiroSuda AkihiroSuda left review comments

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

v0.11.0

Development

Successfully merging this pull request may close these issues.

How to skip certificate verification

2 participants

@ktock @AkihiroSuda