Don't fallback to HTTP unless insecure_registry is specified when pushing/pulling

shin- · shin- · commit be831c1130cb · 2014-08-22T17:28:59.000+02:00
diff --git a/docker/auth/auth.py b/docker/auth/auth.py
@@ -34,17 +34,22 @@ def swap_protocol(url):
     return url
 
 
-def expand_registry_url(hostname):
+def expand_registry_url(hostname, insecure=False):
     if hostname.startswith('http:') or hostname.startswith('https:'):
         if '/' not in hostname[9:]:
             hostname = hostname + '/v1/'
         return hostname
     if utils.ping('https://' + hostname + '/v1/_ping'):
         return 'https://' + hostname + '/v1/'
-    return 'http://' + hostname + '/v1/'
+    elif insecure:
+        return 'http://' + hostname + '/v1/'
+    else:
+        raise errors.DockerException(
+            "HTTPS endpoint unresponsive and insecure mode isn't enabled."
+        )
 
 
-def resolve_repository_name(repo_name):
+def resolve_repository_name(repo_name, insecure=False):
     if '://' in repo_name:
         raise errors.InvalidRepository(
             'Repository name cannot contain a scheme ({0})'.format(repo_name))
@@ -56,11 +61,12 @@ def resolve_repository_name(repo_name):
         raise errors.InvalidRepository(
             'Invalid repository name ({0})'.format(repo_name))
 
-    if 'index.docker.io' in parts[0]:
+    if 'index.docker.io' in parts[0] or 'registry.hub.docker.com' in parts[0]:
         raise errors.InvalidRepository(
-            'Invalid repository name, try "{0}" instead'.format(parts[1]))
+            'Invalid repository name, try "{0}" instead'.format(parts[1])
+        )
 
-    return expand_registry_url(parts[0]), parts[1]
+    return expand_registry_url(parts[0], insecure), parts[1]
 
 
 def resolve_authconfig(authconfig, registry=None):
diff --git a/docker/client.py b/docker/client.py
@@ -713,10 +713,13 @@ def port(self, container, private_port):
 
         return h_ports
 
-    def pull(self, repository, tag=None, stream=False):
+    def pull(self, repository, tag=None, stream=False,
+             insecure_registry=False):
         if not tag:
             repository, tag = utils.parse_repository_tag(repository)
-        registry, repo_name = auth.resolve_repository_name(repository)
+        registry, repo_name = auth.resolve_repository_name(
+            repository, insecure=insecure_registry
+        )
         if repo_name.count(":") == 1:
             repository, tag = repository.rsplit(":", 1)
 
@@ -747,10 +750,13 @@ def pull(self, repository, tag=None, stream=False):
         else:
             return self._result(response)
 
-    def push(self, repository, tag=None, stream=False):
+    def push(self, repository, tag=None, stream=False,
+             insecure_registry=False):
         if not tag:
             repository, tag = utils.parse_repository_tag(repository)
-        registry, repo_name = auth.resolve_repository_name(repository)
+        registry, repo_name = auth.resolve_repository_name(
+            repository, insecure=insecure_registry
+        )
         u = self._url("/images/{0}/push".format(repository))
         params = {
             'tag': tag
