[feat]: [CI-18603]: Give option to disable tls verification for dlc

app.go

@@ -185,6 +185,11 @@ func Run() {
 			Usage:  "Allows you to enable the client to use path-style addressing, i.e., https://s3.amazonaws.com/BUCKET/KEY. By default, the S3 client will use virtual hosted bucket addressing when possible(https://BUCKET.s3.amazonaws.com/KEY).",
 			EnvVar: "PLUGIN_PATH_STYLE,AWS_PLUGIN_PATH_STYLE",
 		},
+		&cli.BoolFlag{
+			Name:   "cache-tls-insecure",
+			Usage:  "Allows you to skip the verification of the server's certificate chain and host name for docker layer caching",
+			EnvVar: "PLUGIN_CACHE_TLS_INSECURE",
+		},
 		cli.BoolFlag{
 			Name:   "squash",
 			Usage:  "squash the layers at build time",
@@ -488,6 +493,7 @@ func run(c *cli.Context) error {
 			Pull:                         c.BoolT("pull-image"),
 			CacheFrom:                    c.Generic("cache-from").(*CustomStringSliceFlag).GetValue(),
 			CacheTo:                      c.Generic("cache-to").(*CustomStringSliceFlag).GetValue(),
+			CacheTlsInsecure:             c.Bool("cache-tls-insecure"),
 			PathStyle:                    c.Bool("path-style"),
 			Compress:                     c.Bool("compress"),
 			Repo:                         c.String("repo"),

buildkit/version.json

@@ -1,3 +1,3 @@
 {
-    "buildkit_version": "harness/buildkit:1.0.8"
+    "buildkit_version": "harness/buildkit:1.0.9"
 }

docker.go

@@ -75,6 +75,7 @@ type (
 		Pull                         bool     // Docker build pull
 		CacheFrom                    []string // Docker buildx cache-from
 		CacheTo                      []string // Docker buildx cache-to
+		CacheTlsInsecure             bool     // Docker buildx cache-tls-insecure
 		PathStyle                    bool     // Docker buildx path-style for s3 DLC
 		Compress                     bool     // Docker build compress
 		Repo                         string   // Docker build repository
@@ -767,6 +768,15 @@ func sanitizeCacheCommand(build *Build) {
 				}
 			}
 
+			if build.CacheTlsInsecure {
+				if strings.Contains(arg, "tls_insecure_skip_verify=false") {
+					fmt.Printf("tls_insecure_skip_verify is set to false in cache-from or cache-to but env var PLUGIN_PATH_STYLE is true\n")
+				} else if !strings.Contains(arg, "tls_insecure_skip_verify=") {
+					// Add use_path_style=true, assuming comma-delimited key=val pairs
+					arg = arg + ",tls_insecure_skip_verify=true"
+				}
+			}
+
 			// Update the argument
 			args[i] = arg
 		}

docker_test.go

@@ -365,6 +365,46 @@ func TestSanitizeCacheCommand(t *testing.T) {
 			expectedCacheFrom: []string{"type=s3,bucket=my-bucket"},
 			expectedCacheTo:   []string{},
 		},
+		{
+			name: "Add tls_insecure_skip_verify=true if not present and CacheTlsInsecure is true",
+			build: Build{
+				CacheFrom:        []string{"type=s3,bucket=my-bucket"},
+				CacheTo:          []string{},
+				CacheTlsInsecure: true,
+			},
+			expectedCacheFrom: []string{"type=s3,bucket=my-bucket,tls_insecure_skip_verify=true"},
+			expectedCacheTo:   []string{},
+		},
+		{
+			name: "Leave tls_insecure_skip_verify=false untouched when CacheTlsInsecure is true",
+			build: Build{
+				CacheFrom:        []string{"type=s3,bucket=my-bucket,tls_insecure_skip_verify=false"},
+				CacheTo:          []string{"type=s3,tls_insecure_skip_verify=false"},
+				CacheTlsInsecure: true,
+			},
+			expectedCacheFrom: []string{"type=s3,bucket=my-bucket,tls_insecure_skip_verify=false"},
+			expectedCacheTo:   []string{"type=s3,tls_insecure_skip_verify=false"},
+		},
+		{
+			name: "Leave tls_insecure_skip_verify=true untouched when already correct",
+			build: Build{
+				CacheFrom:        []string{"type=s3,tls_insecure_skip_verify=true"},
+				CacheTo:          []string{},
+				CacheTlsInsecure: true,
+			},
+			expectedCacheFrom: []string{"type=s3,tls_insecure_skip_verify=true"},
+			expectedCacheTo:   []string{},
+		},
+		{
+			name: "Don't add use_path_style when CacheTlsInsecure is false",
+			build: Build{
+				CacheFrom:        []string{"type=s3,bucket=my-bucket"},
+				CacheTo:          []string{},
+				CacheTlsInsecure: false,
+			},
+			expectedCacheFrom: []string{"type=s3,bucket=my-bucket"},
+			expectedCacheTo:   []string{},
+		},
 	}
 
 	for _, tt := range tests {