Merge pull request #298 from docker/insecure_registry

Don't fallback to HTTP unless insecure_registry is specified when pushing/pulling
2014-09-08 17:04:52 +02:00 · 2014-09-08 17:04:52 +02:00 · 3fc69abdbf
parent 5452670b99 be831c1130
commit 3fc69abdbf
2 changed files with 22 additions and 10 deletions
--- a/docker/auth/auth.py
+++ b/docker/auth/auth.py
@ -34,17 +34,22 @@ def swap_protocol(url):
    return url


-def expand_registry_url(hostname):
+def expand_registry_url(hostname, insecure=False):
    if hostname.startswith('http:') or hostname.startswith('https:'):
        if '/' not in hostname[9:]:
            hostname = hostname + '/v1/'
        return hostname
    if utils.ping('https://' + hostname + '/v1/_ping'):
        return 'https://' + hostname + '/v1/'
+    elif insecure:
        return 'http://' + hostname + '/v1/'
+    else:
+        raise errors.DockerException(
+            "HTTPS endpoint unresponsive and insecure mode isn't enabled."
+        )


-def resolve_repository_name(repo_name):
+def resolve_repository_name(repo_name, insecure=False):
    if '://' in repo_name:
        raise errors.InvalidRepository(
            'Repository name cannot contain a scheme ({0})'.format(repo_name))
@ -56,11 +61,12 @@ def resolve_repository_name(repo_name):
        raise errors.InvalidRepository(
            'Invalid repository name ({0})'.format(repo_name))

-    if 'index.docker.io' in parts[0]:
+    if 'index.docker.io' in parts[0] or 'registry.hub.docker.com' in parts[0]:
        raise errors.InvalidRepository(
-            'Invalid repository name, try "{0}" instead'.format(parts[1]))
+            'Invalid repository name, try "{0}" instead'.format(parts[1])
+        )

-    return expand_registry_url(parts[0]), parts[1]
+    return expand_registry_url(parts[0], insecure), parts[1]


 def resolve_authconfig(authconfig, registry=None):
--- a/docker/client.py
+++ b/docker/client.py
@ -713,10 +713,13 @@ class Client(requests.Session):

        return h_ports

-    def pull(self, repository, tag=None, stream=False):
+    def pull(self, repository, tag=None, stream=False,
+             insecure_registry=False):
        if not tag:
            repository, tag = utils.parse_repository_tag(repository)
-        registry, repo_name = auth.resolve_repository_name(repository)
+        registry, repo_name = auth.resolve_repository_name(
+            repository, insecure=insecure_registry
+        )
        if repo_name.count(":") == 1:
            repository, tag = repository.rsplit(":", 1)

@ -747,10 +750,13 @@ class Client(requests.Session):
        else:
            return self._result(response)

-    def push(self, repository, tag=None, stream=False):
+    def push(self, repository, tag=None, stream=False,
+             insecure_registry=False):
        if not tag:
            repository, tag = utils.parse_repository_tag(repository)
-        registry, repo_name = auth.resolve_repository_name(repository)
+        registry, repo_name = auth.resolve_repository_name(
+            repository, insecure=insecure_registry
+        )
        u = self._url("/images/{0}/push".format(repository))
        params = {
            'tag': tag