From 3e9d6c11a18c6200ffc17e9307a25dd439fe322b Mon Sep 17 00:00:00 2001
From: Saul Paredes <saulparedes@microsoft.com>
Date: Thu, 6 Jun 2024 10:36:34 -0700
Subject: [PATCH] genpolicy: add back support for insecure registries

Adding back changes from
77540503f9b38ac75ead13e4bde6c07ff75ba311.

Fixes: #9008

Signed-off-by: Saul Paredes <saulparedes@microsoft.com>
---
 src/tools/genpolicy/src/registry.rs | 9 +++++----
 1 file changed, 5 insertions(+), 4 deletions(-)

diff --git a/src/tools/genpolicy/src/registry.rs b/src/tools/genpolicy/src/registry.rs
index 87d81fb2cb..97c342887a 100644
--- a/src/tools/genpolicy/src/registry.rs
+++ b/src/tools/genpolicy/src/registry.rs
@@ -16,7 +16,7 @@ use docker_credential::{CredentialRetrievalError, DockerCredential};
 use fs2::FileExt;
 use log::{debug, info, warn, LevelFilter};
 use oci_distribution::{
-    client::{linux_amd64_resolver, ClientConfig},
+    client::{linux_amd64_resolver, ClientConfig, ClientProtocol},
     manifest,
     secrets::RegistryAuth,
     Client, Reference,
@@ -67,13 +67,14 @@ pub struct ImageLayer {
 }
 
 impl Container {
-    pub async fn new(use_cached_files: bool, image: &str) -> Result<Self> {
+    pub async fn new(config: &Config, image: &str) -> Result<Self> {
         info!("============================================");
         info!("Pulling manifest and config for {:?}", image);
         let reference: Reference = image.to_string().parse().unwrap();
         let auth = build_auth(&reference);
 
         let mut client = Client::new(ClientConfig {
+            protocol: ClientProtocol::HttpsExcept(config.insecure_registries.clone()),
             platform_resolver: Some(Box::new(linux_amd64_resolver)),
             ..Default::default()
         });
@@ -96,7 +97,7 @@ impl Container {
                 let config_layer: DockerConfigLayer =
                     serde_json::from_str(&config_layer_str).unwrap();
                 let image_layers = get_image_layers(
-                    use_cached_files,
+                    config.use_cache,
                     &mut client,
                     &reference,
                     &manifest,
@@ -459,7 +460,7 @@ pub async fn get_container(config: &Config, image: &str) -> Result<Container> {
     if let Some(socket_path) = &config.containerd_socket_path {
         return Container::new_containerd_pull(config.use_cache, image, socket_path).await;
     }
-    Container::new(config.use_cache, image).await
+    Container::new(config, image).await
 }
 
 fn build_auth(reference: &Reference) -> RegistryAuth {