From 81ea8946a221816afcef39c48a76737be66b048d Mon Sep 17 00:00:00 2001
From: Michele Baldessari <michele@acksyn.org>
Date: Tue, 1 Aug 2023 17:09:45 +0200
Subject: [PATCH] Add docker.io to the whitelisted registries when loading an
 IIB

Medical diagnosis for example uses docker.io/obsidiandynamics/kafdrop:latest
which would be denied by policy.
---
 ansible/roles/iib_ci/tasks/setup-internal-registry.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/ansible/roles/iib_ci/tasks/setup-internal-registry.yml b/ansible/roles/iib_ci/tasks/setup-internal-registry.yml
index 82ee7ac4..4e31928f 100644
--- a/ansible/roles/iib_ci/tasks/setup-internal-registry.yml
+++ b/ansible/roles/iib_ci/tasks/setup-internal-registry.yml
@@ -45,7 +45,7 @@
 
 - name: Set registry allowedRegistries
   ansible.builtin.shell: >
-    oc patch image.config.openshift.io/cluster --patch "{\"spec\":{\"registrySources\":{\"allowedRegistries\":[ \"registry.stage.redhat.io\", \"registry.access.redhat.com\", \"registry.connect.redhat.com\", \"ghcr.io\", \"gcr.io\", \"quay.io\", \"registry.redhat.io\",
+    oc patch image.config.openshift.io/cluster --patch "{\"spec\":{\"registrySources\":{\"allowedRegistries\":[ \"registry.stage.redhat.io\", \"registry.access.redhat.com\", \"registry.connect.redhat.com\", \"ghcr.io\", \"gcr.io\", \"quay.io\", \"registry.redhat.io\", \"docker.io\",
     \"registry-proxy.engineering.redhat.com\", \"image-registry.openshift-image-registry.svc:5000\", \"{{ registry_route }}\"]}}}" --type=merge
 
 - name: Set registry insecureRegistries