Fixes #28698 - route docker registry through apache

for pulp3 This change changes the expectation of the content_app_url setting provided by the pulp3 smart proxy plugin. Now katello will be proxying through apache to a special endpoint /pulpcore_registry/ that requires a client cert with a CN of 'admin'.
Katello · Jan 8, 2020 · c0aafd2 · c0aafd2
1 parent b3dd9e3
commit c0aafd2
Show file tree

Hide file tree

Showing 2 changed files with 11 additions and 3 deletions.
diff --git a/app/lib/katello/http_resource.rb b/app/lib/katello/http_resource.rb
@@ -15,7 +15,8 @@ def initialize(params)
       end
     end
 
-    class_attribute :consumer_secret, :consumer_key, :ca_cert_file, :prefix, :site, :default_headers
+    class_attribute :consumer_secret, :consumer_key, :ca_cert_file, :prefix, :site, :default_headers,
+                    :ssl_client_cert, :ssl_client_key
 
     attr_reader :json
 
@@ -190,6 +191,8 @@ def rest_client(http_type, method, path)
           :timeout => SETTINGS[:katello][:rest_client_timeout]
         }
         options[:ssl_ca_file] = self.ca_cert_file unless self.ca_cert_file.nil?
+        options[:ssl_client_cert] = self.ssl_client_cert unless self.ssl_client_cert.nil?
+        options[:ssl_client_key] = self.ssl_client_key unless self.ssl_client_key.nil?
 
         RestClient::Resource.new(url, options)
       end

diff --git a/app/lib/katello/resources/registry.rb b/app/lib/katello/resources/registry.rb
@@ -12,7 +12,9 @@ def self.logger
 
         def self.get(path, headers = {:accept => :json})
           logger.debug "Sending GET request to Registry: #{path}"
-          client = RegistryResource.load_class.rest_client(Net::HTTP::Get, :get, path)
+          resource = RegistryResource.load_class
+          joined_path = resource.prefix.chomp("/") + path
+          client = resource.rest_client(Net::HTTP::Get, :get, joined_path)
           client.get(headers)
         end
       end
@@ -26,7 +28,10 @@ def load_class
 
             # Pulp 3 has its own registry
             if pulp_master && pulp_master.pulp3_repository_type_support?(::Katello::Repository::DOCKER_TYPE)
-              registry_url = pulp_master.setting(SmartProxy::PULP3_FEATURE, 'content_app_url')
+              uri = pulp_master.setting(SmartProxy::PULP3_FEATURE, 'content_app_url')
+              uri.path = "/pulpcore_registry/"
+              registry_url = uri.to_s
+
               # Assume the registry uses the same CA as the Smart Proxy
               ca_cert_file = Setting[:ssl_ca_file]
             elsif container_config