resolver: allow setting both insecure tls and http

Signed-off-by: Tonis Tiigi <tonistiigi@gmail.com>
moby · Jul 27, 2020 · 6704487 · 6704487
1 parent e226089
commit 6704487
Showing 1 changed file with 40 additions and 16 deletions.
diff --git a/util/resolver/resolver.go b/util/resolver/resolver.go
@@ -22,29 +22,51 @@ import (
 	"github.com/pkg/errors"
 )
 
-func fillInsecureOpts(host string, c config.RegistryConfig, h *docker.RegistryHost) error {
+func fillInsecureOpts(host string, c config.RegistryConfig, h docker.RegistryHost) ([]docker.RegistryHost, error) {
+	var hosts []docker.RegistryHost
+
 	tc, err := loadTLSConfig(c)
 	if err != nil {
-		return err
+		return nil, err
 	}
+	var isHTTP bool
 
 	if c.PlainHTTP != nil && *c.PlainHTTP {
-		h.Scheme = "http"
-	} else if c.Insecure != nil && *c.Insecure {
-		tc.InsecureSkipVerify = true
-	} else if c.PlainHTTP == nil {
+		isHTTP = true
+	}
+	if c.PlainHTTP == nil {
 		if ok, _ := docker.MatchLocalhost(host); ok {
-			h.Scheme = "http"
+			isHTTP = true
+		}
+	}
+
+	if isHTTP {
+		h2 := h
+		h2.Scheme = "http"
+		hosts = append(hosts, h2)
+	}
+	if c.Insecure != nil && *c.Insecure {
+		h2 := h
+		transport := newDefaultTransport()
+		transport.TLSClientConfig = tc
+		h2.Client = &http.Client{
+			Transport: tracing.NewTransport(transport),
 		}
+		tc.InsecureSkipVerify = true
+		hosts = append(hosts, h2)
 	}
 
-	transport := newDefaultTransport()
-	transport.TLSClientConfig = tc
+	if len(hosts) == 0 {
+		transport := newDefaultTransport()
+		transport.TLSClientConfig = tc
 
-	h.Client = &http.Client{
-		Transport: tracing.NewTransport(transport),
+		h.Client = &http.Client{
+			Transport: tracing.NewTransport(transport),
+		}
+		hosts = append(hosts, h)
 	}
-	return nil
+
+	return hosts, nil
 }
 
 func loadTLSConfig(c config.RegistryConfig) (*tls.Config, error) {
@@ -116,11 +138,12 @@ func NewRegistryConfig(m map[string]config.RegistryConfig) docker.RegistryHosts
 					Capabilities: docker.HostCapabilityPull | docker.HostCapabilityResolve,
 				}
 
-				if err := fillInsecureOpts(mirror, m[mirror], &h); err != nil {
+				hosts, err := fillInsecureOpts(mirror, m[mirror], h)
+				if err != nil {
 					return nil, err
 				}
 
-				out = append(out, h)
+				out = append(out, hosts...)
 			}
 
 			if host == "docker.io" {
@@ -135,11 +158,12 @@ func NewRegistryConfig(m map[string]config.RegistryConfig) docker.RegistryHosts
 				Capabilities: docker.HostCapabilityPush | docker.HostCapabilityPull | docker.HostCapabilityResolve,
 			}
 
-			if err := fillInsecureOpts(host, c, &h); err != nil {
+			hosts, err := fillInsecureOpts(host, c, h)
+			if err != nil {
 				return nil, err
 			}
 
-			out = append(out, h)
+			out = append(out, hosts...)
 			return out, nil
 		},
 		docker.ConfigureDefaultRegistries(