Add option for ignoring tls on Container Registry credentials

2026-01-11 10:00:01 -03:30 · 2021-04-19 18:38:35 -04:00 · 2021-04-19 18:38:35 -04:00 · 17b8589ff2
commit 17b8589ff2
parent bcf911daf1
2 changed files with 30 additions and 0 deletions
--- a/awx/main/models/credential/init.py
+++ b/awx/main/models/credential/init.py
@ -1111,6 +1111,12 @@ ManagedCredentialType(
                'secret': True,
                'help_text': ugettext_noop('A password or token used to authenticate with'),
            },
+            {
+                'id': 'verify_ssl',
+                'label': ugettext_noop('Verify SSL'),
+                'type': 'boolean',
+                'default': True,
+            },
        ],
        'required': ['host'],
    },
--- a/awx/main/tasks.py
+++ b/awx/main/tasks.py
@ -1068,6 +1068,30 @@ class BaseTask(object):

        env['AWX_PRIVATE_DATA_DIR'] = private_data_dir

+        ee_cred = self.instance.execution_environment.credential
+        if ee_cred:
+            verify_ssl = ee_cred.get_input('verify_ssl')
+            if not verify_ssl:
+                pdd_wrapper_path = os.path.split(private_data_dir)[0]
+                registries_conf_path = os.path.join(pdd_wrapper_path, 'registries.conf')
+                host = ee_cred.get_input('host')
+
+                with open(registries_conf_path, 'w') as registries_conf:
+                    os.chmod(registries_conf.name, stat.S_IRUSR | stat.S_IWUSR)
+
+                    lines = [
+                        '[[registry]]',
+                        'location = "{}"'.format(host),
+                        'insecure = true',
+                    ]
+
+                    registries_conf.write('\n'.join(lines))
+
+                # Podman >= 3.1.0
+                env['CONTAINERS_REGISTRIES_CONF'] = registries_conf_path
+                # Podman < 3.1.0
+                env['REGISTRIES_CONFIG_PATH'] = registries_conf_path
+
        return env

    def should_use_resource_profiling(self, job):