cosign sign --allow-insecure-registry does not behave as expected over http/https proxy #3269
Description
Description
Having --allow-insecure-registry should work for BOTH insecure and secure registries (as the name suggests "allow"). If --allow-insecure-registry flag is set, cosign will fail to resolve DNS for even secure registries (e.g. myregistry.azurecr.io)
e.g.
$ export HTTP_PROXY="mycorp.proxy.com"
$ export HTTPS_PROXY="mycorp.proxy.com"
$ cosign sign --key=cosign.key "myregistry.azurecr.io/my-image:some-tag"
Pushing signature to: myregistry.azurecr.io/my-image:some-tag
# WORKS !
$ export HTTP_PROXY="mycorp.proxy.com"
$ export HTTPS_PROXY="mycorp.proxy.com"
$ cosign sign --key=cosign.key --allow-insecure-registry "myregistry.azurecr.io/my-image:some-tag"
Error: signing [myregistry.azurecr.io/my-image:some-tag@sha256]: accessing image: Get "https://myregistry.azurecr.io/v2/": dial tcp: lookup myregistry.azurecr.io: no such host
main.go:74: error during command execution: signing [myregistry.azurecr.io/my-image:some-tag@sha256]: accessing image: Get "https://myregistry.azurecr.io/v2/": dial tcp: lookup myregistry.azurecr.io: no such host
# FAILS
Version
GitVersion: v2.0.2
GitCommit: 871448050b924a7946ebe47678f23aae09ef432d
GitTreeState: clean
BuildDate: 2023-04-24T17:31:42Z
GoVersion: go1.20.3
Compiler: gc
Platform: darwin/amd64