fixup! fix: allow http registries by disabling TLS check

faiq · faiq · commit 8ae32cb53144 · 2025-07-08T11:59:46.000-07:00
diff --git a/pkg/webhook/preflight/generic/registry.go b/pkg/webhook/preflight/generic/registry.go
@@ -93,8 +93,11 @@ func (r *registryCheck) checkRegistry(
 		result.Allowed = false
 		result.Causes = append(result.Causes,
 			preflight.Cause{
-				Message: fmt.Sprintf("failed to parse registry url must be http or https %s", registryURL),
-				Field:   r.field + ".url",
+				Message: fmt.Sprintf(
+					"Registry URL scheme %q is not supported. Use http or https.",
+					registryURLParsed.Scheme,
+				),
+				Field: r.field + ".url",
 			},
 		)
 		return result
@@ -104,14 +107,14 @@ func (r *registryCheck) checkRegistry(
 	}
 
 	if credentials != nil && credentials.SecretRef != nil {
-		mirrorCredentialsSecret := &corev1.Secret{}
+		credentialsSecret := &corev1.Secret{}
 		err := r.kclient.Get(
 			ctx,
 			types.NamespacedName{
 				Namespace: r.cluster.Namespace,
 				Name:      credentials.SecretRef.Name,
 			},
-			mirrorCredentialsSecret,
+			credentialsSecret,
 		)
 		if apierrors.IsNotFound(err) {
 			result.Allowed = false
@@ -135,15 +138,15 @@ func (r *registryCheck) checkRegistry(
 			)
 			return result
 		}
-		username, ok := mirrorCredentialsSecret.Data["username"]
+		username, ok := credentialsSecret.Data["username"]
 		if ok {
 			registryHost.User = string(username)
 		}
-		password, ok := mirrorCredentialsSecret.Data["password"]
+		password, ok := credentialsSecret.Data["password"]
 		if ok {
 			registryHost.Pass = string(password)
 		}
-		if caCert, ok := mirrorCredentialsSecret.Data["ca.crt"]; ok {
+		if caCert, ok := credentialsSecret.Data["ca.crt"]; ok {
 			registryHost.RegCert = string(caCert)
 		}
 	}
diff --git a/pkg/webhook/preflight/generic/registry_test.go b/pkg/webhook/preflight/generic/registry_test.go
@@ -343,7 +343,7 @@ func TestRegistryCheck(t *testing.T) {
 				InternalError: false,
 				Causes: []preflight.Cause{
 					{
-						Message: "failed to parse registry url must be http or https tcp://some-registry.lol",
+						Message: "Registry URL scheme \"tcp\" is not supported. Use http or https.",
 						Field:   "cluster.spec.topology.variables[.name=clusterConfig].value.imageRegistries[0].url",
 					},
 				},

Original file line number	Diff line number	Diff line change
`@@ -93,8 +93,11 @@ func (r *registryCheck) checkRegistry(`
`93`	`93`	`result.Allowed = false`
`94`	`94`	`result.Causes = append(result.Causes,`
`95`	`95`	`preflight.Cause{`
`96`		`- Message: fmt.Sprintf("failed to parse registry url must be http or https %s", registryURL),`
`97`		`- Field: r.field + ".url",`
	`96`	`+ Message: fmt.Sprintf(`
	`97`	`+ "Registry URL scheme %q is not supported. Use http or https.",`
	`98`	`+ registryURLParsed.Scheme,`
	`99`	`+ ),`
	`100`	`+ Field: r.field + ".url",`
`98`	`101`	`},`
`99`	`102`	`)`
`100`	`103`	`return result`
`@@ -104,14 +107,14 @@ func (r *registryCheck) checkRegistry(`
`104`	`107`	`}`
`105`	`108`
`106`	`109`	`if credentials != nil && credentials.SecretRef != nil {`
`107`		`- mirrorCredentialsSecret := &corev1.Secret{}`
	`110`	`+ credentialsSecret := &corev1.Secret{}`
`108`	`111`	`err := r.kclient.Get(`
`109`	`112`	`ctx,`
`110`	`113`	`types.NamespacedName{`
`111`	`114`	`Namespace: r.cluster.Namespace,`
`112`	`115`	`Name: credentials.SecretRef.Name,`
`113`	`116`	`},`
`114`		`- mirrorCredentialsSecret,`
	`117`	`+ credentialsSecret,`
`115`	`118`	`)`
`116`	`119`	`if apierrors.IsNotFound(err) {`
`117`	`120`	`result.Allowed = false`
`@@ -135,15 +138,15 @@ func (r *registryCheck) checkRegistry(`
`135`	`138`	`)`
`136`	`139`	`return result`
`137`	`140`	`}`
`138`		`- username, ok := mirrorCredentialsSecret.Data["username"]`
	`141`	`+ username, ok := credentialsSecret.Data["username"]`
`139`	`142`	`if ok {`
`140`	`143`	`registryHost.User = string(username)`
`141`	`144`	`}`
`142`		`- password, ok := mirrorCredentialsSecret.Data["password"]`
	`145`	`+ password, ok := credentialsSecret.Data["password"]`
`143`	`146`	`if ok {`
`144`	`147`	`registryHost.Pass = string(password)`
`145`	`148`	`}`
`146`		`- if caCert, ok := mirrorCredentialsSecret.Data["ca.crt"]; ok {`
	`149`	`+ if caCert, ok := credentialsSecret.Data["ca.crt"]; ok {`
`147`	`150`	`registryHost.RegCert = string(caCert)`
`148`	`151`	`}`
`149`	`152`	`}`
Original file line number	Diff line number	Diff line change
`@@ -343,7 +343,7 @@ func TestRegistryCheck(t *testing.T) {`
`343`	`343`	`InternalError: false,`
`344`	`344`	`Causes: []preflight.Cause{`
`345`	`345`	`{`
`346`		`- Message: "failed to parse registry url must be http or https tcp://some-registry.lol",`
	`346`	`+ Message: "Registry URL scheme \"tcp\" is not supported. Use http or https.",`
`347`	`347`	`Field: "cluster.spec.topology.variables[.name=clusterConfig].value.imageRegistries[0].url",`
`348`	`348`	`},`
`349`	`349`	`},`