diff --git a/registry/storage/driver/s3-aws/s3.go b/registry/storage/driver/s3-aws/s3.go index 4bd80b3f..34f82245 100644 --- a/registry/storage/driver/s3-aws/s3.go +++ b/registry/storage/driver/s3-aws/s3.go @@ -14,6 +14,7 @@ package s3 import ( "bytes" "context" + "crypto/tls" "fmt" "io" "io/ioutil" @@ -90,6 +91,7 @@ type DriverParameters struct { Encrypt bool KeyID string Secure bool + SkipVerify bool V4Auth bool ChunkSize int64 MultipartCopyChunkSize int64 @@ -248,6 +250,23 @@ func FromParameters(parameters map[string]interface{}) (*Driver, error) { return nil, fmt.Errorf("The secure parameter should be a boolean") } + skipVerifyBool := false + skipVerify := parameters["skipverify"] + switch skipVerify := skipVerify.(type) { + case string: + b, err := strconv.ParseBool(skipVerify) + if err != nil { + return nil, fmt.Errorf("The skipVerify parameter should be a boolean") + } + skipVerifyBool = b + case bool: + skipVerifyBool = skipVerify + case nil: + // do nothing + default: + return nil, fmt.Errorf("The skipVerify parameter should be a boolean") + } + v4Bool := true v4auth := parameters["v4auth"] switch v4auth := v4auth.(type) { @@ -344,6 +363,7 @@ func FromParameters(parameters map[string]interface{}) (*Driver, error) { encryptBool, fmt.Sprint(keyID), secureBool, + skipVerifyBool, v4Bool, chunkSize, multipartCopyChunkSize, @@ -424,10 +444,22 @@ func New(params DriverParameters) (*Driver, error) { awsConfig.WithRegion(params.Region) awsConfig.WithDisableSSL(!params.Secure) - if params.UserAgent != "" { - awsConfig.WithHTTPClient(&http.Client{ - Transport: transport.NewTransport(http.DefaultTransport, transport.NewHeaderRequestModifier(http.Header{http.CanonicalHeaderKey("User-Agent"): []string{params.UserAgent}})), - }) + if params.UserAgent != "" || params.SkipVerify { + httpTransport := http.DefaultTransport + if params.SkipVerify { + httpTransport = &http.Transport{ + TLSClientConfig: &tls.Config{InsecureSkipVerify: true}, + } + } + if params.UserAgent != "" { + awsConfig.WithHTTPClient(&http.Client{ + Transport: transport.NewTransport(httpTransport, transport.NewHeaderRequestModifier(http.Header{http.CanonicalHeaderKey("User-Agent"): []string{params.UserAgent}})), + }) + } else { + awsConfig.WithHTTPClient(&http.Client{ + Transport: transport.NewTransport(httpTransport), + }) + } } sess, err = session.NewSession(awsConfig) diff --git a/registry/storage/driver/s3-aws/s3_test.go b/registry/storage/driver/s3-aws/s3_test.go index ee0b66d8..be02772e 100644 --- a/registry/storage/driver/s3-aws/s3_test.go +++ b/registry/storage/driver/s3-aws/s3_test.go @@ -31,6 +31,7 @@ func init() { encrypt := os.Getenv("S3_ENCRYPT") keyID := os.Getenv("S3_KEY_ID") secure := os.Getenv("S3_SECURE") + skipVerify := os.Getenv("S3_SKIP_VERIFY") v4Auth := os.Getenv("S3_V4_AUTH") region := os.Getenv("AWS_REGION") objectACL := os.Getenv("S3_OBJECT_ACL") @@ -59,6 +60,14 @@ func init() { } } + skipVerifyBool := false + if skipVerify != "" { + skipVerifyBool, err = strconv.ParseBool(skipVerify) + if err != nil { + return nil, err + } + } + v4Bool := true if v4Auth != "" { v4Bool, err = strconv.ParseBool(v4Auth) @@ -76,6 +85,7 @@ func init() { encryptBool, keyID, secureBool, + skipVerifyBool, v4Bool, minChunkSize, defaultMultipartCopyChunkSize,