goharbor · wy65701436 · May 13, 2024 · May 11, 2024
@@ -206,6 +206,8 @@ type Registry struct {
 	// An optional value of the HTTP Authorization header sent with each request to the Docker Registry for getting or exchanging token.
 	// For example, `Basic: Base64(username:password)`.
 	Authorization string `json:"authorization"`
+	// Insecure is an indicator of https or http.
+	Insecure bool `json:"insecure"`
 }
 
 // ScanRequest represents a structure that is sent to a Scanner Adapter to initiate artifact scanning.

@@ -43,13 +43,13 @@
 )
 
 func init() {
-	scan.RegisterScanHanlder(v1.ScanTypeSbom, &scanHandler{GenAccessoryFunc: scan.GenAccessoryArt, RegistryServer: registryFQDN})
+	scan.RegisterScanHanlder(v1.ScanTypeSbom, &scanHandler{GenAccessoryFunc: scan.GenAccessoryArt, RegistryServer: registry})
 }
 
 // ScanHandler defines the Handler to generate sbom
 type scanHandler struct {
 	GenAccessoryFunc func(scanRep v1.ScanRequest, sbomContent []byte, labels map[string]string, mediaType string, robot *model.Robot) (string, error)
-	RegistryServer   func(ctx context.Context) string
+	RegistryServer   func(ctx context.Context) (string, bool)
 }
 
 // RequestProducesMineTypes defines the mine types produced by the scan handler
@@ -96,7 +96,7 @@
 		Artifact: sr.Artifact,
 	}
 	// the registry server url is core by default, need to replace it with real registry server url
-	scanReq.Registry.URL = v.RegistryServer(ctx.SystemContext())
+	scanReq.Registry.URL, scanReq.Registry.Insecure = v.RegistryServer(ctx.SystemContext())
 	if len(scanReq.Registry.URL) == 0 {
 		return "", fmt.Errorf("empty registry server")
 	}
@@ -139,15 +139,16 @@
 }
 
 // extract server name from config, and remove the protocol prefix
-func registryFQDN(ctx context.Context) string {
+func registry(ctx context.Context) (string, bool) {
 	cfgMgr, ok := config.FromContext(ctx)
 	if ok {
 		extURL := cfgMgr.Get(context.Background(), common.ExtEndpoint).GetString()
+		insecure := strings.HasPrefix(extURL, "http://")
 		server := strings.TrimPrefix(extURL, "https://")
 		server = strings.TrimPrefix(server, "http://")
-		return server
+		return server, insecure
 	}
-	return ""
+	return "", false
 }
 
 // retrieveSBOMContent retrieves the "sbom" field from the raw report

@@ -89,8 +89,8 @@ func Test_scanHandler_RequestProducesMineTypes(t *testing.T) {
 	}
 }
 
-func mockGetRegistry(ctx context.Context) string {
-	return "myharbor.example.com"
+func mockGetRegistry(ctx context.Context) (string, bool) {
+	return "myharbor.example.com", false
 }
 
 func mockGenAccessory(scanRep v1.ScanRequest, sbomContent []byte, labels map[string]string, mediaType string, robot *model.Robot) (string, error) {

@@ -86,6 +86,9 @@
 		return "", err
 	}
 	accRef, err := name.ParseReference(fmt.Sprintf("%s/%s@%s", sq.Registry.URL, sq.Artifact.Repository, dgst.String()))
+	if sq.Registry.Insecure {
+		accRef, err = name.ParseReference(fmt.Sprintf("%s/%s@%s", sq.Registry.URL, sq.Artifact.Repository, dgst.String()), name.Insecure)
+	}
 	if err != nil {
 		return "", err
 	}