Skip to content

Commit

Permalink
Pass certs and tls config when checking for registry signature extent…
Browse files Browse the repository at this point in the history
…ions API during

sync

closes #1552

In sync we are checking whether the remot registry implrementations
signsture extentions API. We need to pass respective remote tls and
certs config if they were provided, hence no need to override core's
``_make_aiohttp_session_from_remote`` and use it directly from core.

We do not need to pass auth since we care only about response headers
that we check.

(cherry picked from commit 03c1923)
  • Loading branch information
ipanova authored and patchback[bot] committed Mar 15, 2024
1 parent 34571e5 commit eb85c6d
Show file tree
Hide file tree
Showing 2 changed files with 1 addition and 39 deletions.
1 change: 1 addition & 0 deletions CHANGES/1552.bugfix
Original file line number Diff line number Diff line change
@@ -0,0 +1 @@
Fixed sync failure due to ignored certs during registry signature extentions API check.
39 changes: 0 additions & 39 deletions pulp_container/app/downloaders.py
Original file line number Diff line number Diff line change
@@ -1,12 +1,10 @@
import aiohttp
import asyncio
import json
import ssl
import re

from aiohttp.client_exceptions import ClientResponseError
from logging import getLogger
from multidict import MultiDict
from urllib import parse

from pulpcore.plugin.download import DownloaderFactory, HttpDownloader
Expand Down Expand Up @@ -195,43 +193,6 @@ class NoAuthDownloaderFactory(DownloaderFactory):
A downloader factory without any preset auth configuration, TLS or basic auth.
"""

def _make_aiohttp_session_from_remote(self):
"""
Same as DownloaderFactory._make_aiohttp_session_from_remote, excluding TLS configuration.
Returns:
:class:`aiohttp.ClientSession`
"""
tcp_conn_opts = {"force_close": True}

if not self._remote.tls_validation:
sslcontext = ssl.create_default_context()
sslcontext.check_hostname = False
sslcontext.verify_mode = ssl.CERT_NONE
tcp_conn_opts["ssl_context"] = sslcontext

headers = MultiDict({"User-Agent": NoAuthDownloaderFactory.user_agent()})
if self._remote.headers is not None:
for header_dict in self._remote.headers:
user_agent_header = header_dict.pop("User-Agent", None)
if user_agent_header:
headers["User-Agent"] = f"{headers['User-Agent']}, {user_agent_header}"
headers.extend(header_dict)

conn = aiohttp.TCPConnector(**tcp_conn_opts)
total = self._remote.total_timeout
sock_connect = self._remote.sock_connect_timeout
sock_read = self._remote.sock_read_timeout
connect = self._remote.connect_timeout

timeout = aiohttp.ClientTimeout(
total=total, sock_connect=sock_connect, sock_read=sock_read, connect=connect
)
return aiohttp.ClientSession(
connector=conn, timeout=timeout, headers=headers, requote_redirect_url=False
)

def _http_or_https(self, download_class, url, **kwargs):
"""
Same as DownloaderFactory._http_or_https, excluding the basic auth credentials.
Expand Down

0 comments on commit eb85c6d

Please sign in to comment.