Support custom CA for registry pruning

openshift · May 21, 2015 · 05d1dae · 05d1dae
1 parent 4d219ff
commit 05d1dae
Show file tree

Hide file tree

Showing 2 changed files with 20 additions and 4 deletions.
diff --git a/pkg/cmd/admin/prune/images.go b/pkg/cmd/admin/prune/images.go
@@ -1,8 +1,10 @@
 package prune
 
 import (
+	"crypto/x509"
 	"fmt"
 	"io"
+	"io/ioutil"
 	"net/http"
 	"os"
 	"strings"
@@ -31,6 +33,7 @@ type pruneImagesConfig struct {
 	DryRun             bool
 	KeepYoungerThan    time.Duration
 	TagRevisionsToKeep int
+	CABundle           string
 }
 
 func NewCmdPruneImages(f *clientcmd.Factory, parentName, name string, out io.Writer) *cobra.Command {
@@ -134,16 +137,29 @@ func NewCmdPruneImages(f *clientcmd.Factory, parentName, name string, out io.Wri
 				manifestPruneFunc    prune.ManifestPruneFunc
 			)
 
+			// get the client config so we can get the TLS config
 			clientConfig, err := f.OpenShiftClientConfig.ClientConfig()
 			cmdutil.CheckErr(err)
 
 			tlsConfig, err := kclient.TLSConfigFor(clientConfig)
 			cmdutil.CheckErr(err)
 
-			tr := http.Transport{
-				TLSClientConfig: tlsConfig,
+			// if the user specified a CA on the command line, add it to the
+			// client config's CA roots
+			if len(cfg.CABundle) > 0 {
+				data, err := ioutil.ReadFile(cfg.CABundle)
+				cmdutil.CheckErr(err)
+				if tlsConfig.RootCAs == nil {
+					tlsConfig.RootCAs = x509.NewCertPool()
+				}
+				tlsConfig.RootCAs.AppendCertsFromPEM(data)
+			}
+
+			registryClient := &http.Client{
+				Transport: &http.Transport{
+					TLSClientConfig: tlsConfig,
+				},
 			}
-			registryClient := &http.Client{Transport: &tr}
 
 			switch cfg.DryRun {
 			case false:
@@ -181,6 +197,7 @@ func NewCmdPruneImages(f *clientcmd.Factory, parentName, name string, out io.Wri
 	cmd.Flags().BoolVar(&cfg.DryRun, "dry-run", cfg.DryRun, "Perform a build pruning dry-run, displaying what would be deleted but not actually deleting anything.")
 	cmd.Flags().DurationVar(&cfg.KeepYoungerThan, "keep-younger-than", cfg.KeepYoungerThan, "Specify the minimum age of a build for it to be considered a candidate for pruning.")
 	cmd.Flags().IntVar(&cfg.TagRevisionsToKeep, "keep-tag-revisions", cfg.TagRevisionsToKeep, "Specify the number of image revisions for a tag in an image stream that will be preserved.")
+	cmd.Flags().StringVar(&cfg.CABundle, "certificate-authority", cfg.CABundle, "The path to a certificate authority bundle to use when communicating with the OpenShift-managed registries. Defaults to the certificate authority data from the current user's config file.")
 
 	return cmd
 }
diff --git a/pkg/image/prune/imagepruner.go b/pkg/image/prune/imagepruner.go
@@ -618,7 +618,6 @@ func deleteFromRegistry(registryClient *http.Client, url string) error {
 		glog.V(4).Infof("Sending request to registry")
 		resp, err := registryClient.Do(req)
 		if err != nil {
-			glog.Errorf("Error sending request: %v", err)
 			return fmt.Errorf("Error sending request: %v", err)
 		}
 		defer resp.Body.Close()