@@ -354,9 +354,19 @@ func (r *OCIRepositoryReconciler) reconcileSource(ctx context.Context, sp *patch
354
354
return sreconcile .ResultEmpty , e
355
355
}
356
356
357
+ proxyURL , err := r .getProxyURL (ctx , obj )
358
+ if err != nil {
359
+ e := serror .NewGeneric (
360
+ fmt .Errorf ("failed to get proxy address: %w" , err ),
361
+ sourcev1 .AuthenticationFailedReason ,
362
+ )
363
+ conditions .MarkTrue (obj , sourcev1 .FetchFailedCondition , e .Reason , "%s" , e )
364
+ return sreconcile .ResultEmpty , e
365
+ }
366
+
357
367
if _ , ok := keychain .(soci.Anonymous ); obj .Spec .Provider != ociv1 .GenericOCIProvider && ok {
358
368
var authErr error
359
- auth , authErr = soci .OIDCAuth (ctxTimeout , obj .Spec .URL , obj .Spec .Provider )
369
+ auth , authErr = soci .OIDCAuth (ctxTimeout , obj .Spec .URL , obj .Spec .Provider , proxyURL )
360
370
if authErr != nil && ! errors .Is (authErr , oci .ErrUnconfiguredProvider ) {
361
371
e := serror .NewGeneric (
362
372
fmt .Errorf ("failed to get credential from %s: %w" , obj .Spec .Provider , authErr ),
@@ -368,7 +378,7 @@ func (r *OCIRepositoryReconciler) reconcileSource(ctx context.Context, sp *patch
368
378
}
369
379
370
380
// Generate the transport for remote operations
371
- transport , err := r .transport (ctx , obj )
381
+ transport , err := r .transport (ctx , obj , proxyURL )
372
382
if err != nil {
373
383
e := serror .NewGeneric (
374
384
fmt .Errorf ("failed to generate transport for '%s': %w" , obj .Spec .URL , err ),
@@ -927,7 +937,7 @@ func (r *OCIRepositoryReconciler) keychain(ctx context.Context, obj *ociv1.OCIRe
927
937
// the returned transport will include the TLS client and/or CA certificates.
928
938
// If the insecure flag is set, the transport will skip the verification of the server's certificate.
929
939
// Additionally, if a proxy is specified, transport will use it.
930
- func (r * OCIRepositoryReconciler ) transport (ctx context.Context , obj * ociv1.OCIRepository ) (* http.Transport , error ) {
940
+ func (r * OCIRepositoryReconciler ) transport (ctx context.Context , obj * ociv1.OCIRepository , proxyURL * url. URL ) (* http.Transport , error ) {
931
941
transport := remote .DefaultTransport .(* http.Transport ).Clone ()
932
942
933
943
tlsConfig , err := r .getTLSConfig (ctx , obj )
@@ -938,10 +948,6 @@ func (r *OCIRepositoryReconciler) transport(ctx context.Context, obj *ociv1.OCIR
938
948
transport .TLSClientConfig = tlsConfig
939
949
}
940
950
941
- proxyURL , err := r .getProxyURL (ctx , obj )
942
- if err != nil {
943
- return nil , err
944
- }
945
951
if proxyURL != nil {
946
952
transport .Proxy = http .ProxyURL (proxyURL )
947
953
}
0 commit comments