From 17b8589ff2d8f39f3061d1db848ba45f3bb01ee0 Mon Sep 17 00:00:00 2001 From: Shane McDonald Date: Mon, 19 Apr 2021 18:38:35 -0400 Subject: [PATCH] Add option for ignoring tls on Container Registry credentials --- awx/main/models/credential/__init__.py | 6 ++++++ awx/main/tasks.py | 24 ++++++++++++++++++++++++ 2 files changed, 30 insertions(+) diff --git a/awx/main/models/credential/__init__.py b/awx/main/models/credential/__init__.py index 01e71302bf..c7ef7cf635 100644 --- a/awx/main/models/credential/__init__.py +++ b/awx/main/models/credential/__init__.py @@ -1111,6 +1111,12 @@ ManagedCredentialType( 'secret': True, 'help_text': ugettext_noop('A password or token used to authenticate with'), }, + { + 'id': 'verify_ssl', + 'label': ugettext_noop('Verify SSL'), + 'type': 'boolean', + 'default': True, + }, ], 'required': ['host'], }, diff --git a/awx/main/tasks.py b/awx/main/tasks.py index 15c0dc9c6c..f2e77b632c 100644 --- a/awx/main/tasks.py +++ b/awx/main/tasks.py @@ -1068,6 +1068,30 @@ class BaseTask(object): env['AWX_PRIVATE_DATA_DIR'] = private_data_dir + ee_cred = self.instance.execution_environment.credential + if ee_cred: + verify_ssl = ee_cred.get_input('verify_ssl') + if not verify_ssl: + pdd_wrapper_path = os.path.split(private_data_dir)[0] + registries_conf_path = os.path.join(pdd_wrapper_path, 'registries.conf') + host = ee_cred.get_input('host') + + with open(registries_conf_path, 'w') as registries_conf: + os.chmod(registries_conf.name, stat.S_IRUSR | stat.S_IWUSR) + + lines = [ + '[[registry]]', + 'location = "{}"'.format(host), + 'insecure = true', + ] + + registries_conf.write('\n'.join(lines)) + + # Podman >= 3.1.0 + env['CONTAINERS_REGISTRIES_CONF'] = registries_conf_path + # Podman < 3.1.0 + env['REGISTRIES_CONFIG_PATH'] = registries_conf_path + return env def should_use_resource_profiling(self, job):