From 7655a3d91f370135cdde6337d881f91cee119816 Mon Sep 17 00:00:00 2001 From: Huu Nguyen Date: Fri, 3 Mar 2017 11:53:55 -0800 Subject: [PATCH 1/2] Add option to skip certificate verification for the s3 driver Signed-off-by: Huu Nguyen --- registry/storage/driver/s3-aws/s3.go | 40 +++++++++++++++++++++++++--- 1 file changed, 36 insertions(+), 4 deletions(-) diff --git a/registry/storage/driver/s3-aws/s3.go b/registry/storage/driver/s3-aws/s3.go index 0c6f7e5e..3166902b 100644 --- a/registry/storage/driver/s3-aws/s3.go +++ b/registry/storage/driver/s3-aws/s3.go @@ -14,6 +14,7 @@ package s3 import ( "bytes" "context" + "crypto/tls" "fmt" "io" "io/ioutil" @@ -90,6 +91,7 @@ type DriverParameters struct { Encrypt bool KeyID string Secure bool + SkipVerify bool V4Auth bool ChunkSize int64 MultipartCopyChunkSize int64 @@ -248,6 +250,23 @@ func FromParameters(parameters map[string]interface{}) (*Driver, error) { return nil, fmt.Errorf("The secure parameter should be a boolean") } + skipVerifyBool := false + skipVerify := parameters["skipverify"] + switch skipVerify := skipVerify.(type) { + case string: + b, err := strconv.ParseBool(skipVerify) + if err != nil { + return nil, fmt.Errorf("The skipVerify parameter should be a boolean") + } + skipVerifyBool = b + case bool: + skipVerifyBool = skipVerify + case nil: + // do nothing + default: + return nil, fmt.Errorf("The skipVerify parameter should be a boolean") + } + v4Bool := true v4auth := parameters["v4auth"] switch v4auth := v4auth.(type) { @@ -344,6 +363,7 @@ func FromParameters(parameters map[string]interface{}) (*Driver, error) { encryptBool, fmt.Sprint(keyID), secureBool, + skipVerifyBool, v4Bool, chunkSize, multipartCopyChunkSize, @@ -420,10 +440,22 @@ func New(params DriverParameters) (*Driver, error) { awsConfig.WithRegion(params.Region) awsConfig.WithDisableSSL(!params.Secure) - if params.UserAgent != "" { - awsConfig.WithHTTPClient(&http.Client{ - Transport: transport.NewTransport(http.DefaultTransport, transport.NewHeaderRequestModifier(http.Header{http.CanonicalHeaderKey("User-Agent"): []string{params.UserAgent}})), - }) + if params.UserAgent != "" || params.SkipVerify { + httpTransport := http.DefaultTransport + if params.SkipVerify { + httpTransport = &http.Transport{ + TLSClientConfig: &tls.Config{InsecureSkipVerify: true}, + } + } + if params.UserAgent != "" { + awsConfig.WithHTTPClient(&http.Client{ + Transport: transport.NewTransport(httpTransport, transport.NewHeaderRequestModifier(http.Header{http.CanonicalHeaderKey("User-Agent"): []string{params.UserAgent}})), + }) + } else { + awsConfig.WithHTTPClient(&http.Client{ + Transport: transport.NewTransport(httpTransport), + }) + } } s3obj := s3.New(session.New(awsConfig)) From f5c6357c6da1fb947f6c1376352ab9264ff17a49 Mon Sep 17 00:00:00 2001 From: Huu Nguyen Date: Fri, 3 Mar 2017 11:54:16 -0800 Subject: [PATCH 2/2] Update s3_test to account for SkipVerify parameter Signed-off-by: Huu Nguyen --- registry/storage/driver/s3-aws/s3_test.go | 10 ++++++++++ 1 file changed, 10 insertions(+) diff --git a/registry/storage/driver/s3-aws/s3_test.go b/registry/storage/driver/s3-aws/s3_test.go index 363a22eb..66ef6a30 100644 --- a/registry/storage/driver/s3-aws/s3_test.go +++ b/registry/storage/driver/s3-aws/s3_test.go @@ -31,6 +31,7 @@ func init() { encrypt := os.Getenv("S3_ENCRYPT") keyID := os.Getenv("S3_KEY_ID") secure := os.Getenv("S3_SECURE") + skipVerify := os.Getenv("S3_SKIP_VERIFY") v4Auth := os.Getenv("S3_V4_AUTH") region := os.Getenv("AWS_REGION") objectACL := os.Getenv("S3_OBJECT_ACL") @@ -59,6 +60,14 @@ func init() { } } + skipVerifyBool := false + if skipVerify != "" { + skipVerifyBool, err = strconv.ParseBool(skipVerify) + if err != nil { + return nil, err + } + } + v4Bool := true if v4Auth != "" { v4Bool, err = strconv.ParseBool(v4Auth) @@ -76,6 +85,7 @@ func init() { encryptBool, keyID, secureBool, + skipVerifyBool, v4Bool, minChunkSize, defaultMultipartCopyChunkSize,