From f9992d71a3759293a3b9305f98b8d8eae772913c Mon Sep 17 00:00:00 2001 From: umohnani8 Date: Wed, 25 Oct 2017 09:59:28 -0400 Subject: [PATCH] Add --tls-verify, --cert-dir, and --quiet flags to kpod pull Signed-off-by: umohnani8 --- cmd/kpod/load.go | 6 +++--- cmd/kpod/pull.go | 32 ++++++++++++++++++++++++++------ completions/bash/kpod | 4 ++++ docs/kpod-pull.1.md | 25 ++++++++++++++++++++++++- libpod/runtime_img.go | 1 + 5 files changed, 58 insertions(+), 10 deletions(-) diff --git a/cmd/kpod/load.go b/cmd/kpod/load.go index b93d2fc9..b1cff1e8 100644 --- a/cmd/kpod/load.go +++ b/cmd/kpod/load.go @@ -90,14 +90,14 @@ func loadCmd(c *cli.Context) error { } } - var output io.Writer + var writer io.Writer if !c.Bool("quiet") { - output = os.Stdout + writer = os.Stdout } options := libpod.CopyOptions{ SignaturePolicyPath: c.String("signature-policy"), - Writer: output, + Writer: writer, } src := libpod.DockerArchive + ":" + input diff --git a/cmd/kpod/pull.go b/cmd/kpod/pull.go index 9cd4c2d2..73822127 100644 --- a/cmd/kpod/pull.go +++ b/cmd/kpod/pull.go @@ -2,6 +2,7 @@ package main import ( "fmt" + "io" "os" "golang.org/x/crypto/ssh/terminal" @@ -16,18 +17,30 @@ import ( var ( pullFlags = []cli.Flag{ - cli.StringFlag{ - Name: "signature-policy", - Usage: "`pathname` of signature policy file (not usually used)", - }, cli.StringFlag{ Name: "authfile", Usage: "Path of the authentication file. Default is ${XDG_RUNTIME_DIR}/containers/auth.json", }, + cli.StringFlag{ + Name: "cert-dir", + Usage: "`pathname` of a directory containing TLS certificates and keys", + }, cli.StringFlag{ Name: "creds", Usage: "`credentials` (USERNAME:PASSWORD) to use for authenticating to a registry", }, + cli.BoolFlag{ + Name: "quiet, q", + Usage: "Suppress output information when pulling images", + }, + cli.StringFlag{ + Name: "signature-policy", + Usage: "`pathname` of signature policy file (not usually used)", + }, + cli.BoolTFlag{ + Name: "tls-verify", + Usage: "require HTTPS and verify certificates when contacting registries (default: true)", + }, } pullDescription = "Pulls an image from a registry and stores it locally.\n" + @@ -84,13 +97,20 @@ func pullCmd(c *cli.Context) error { registryCreds = creds } + var writer io.Writer + if !c.Bool("quiet") { + writer = os.Stdout + } + options := libpod.CopyOptions{ SignaturePolicyPath: c.String("signature-policy"), AuthFile: c.String("authfile"), DockerRegistryOptions: common.DockerRegistryOptions{ - DockerRegistryCreds: registryCreds, + DockerRegistryCreds: registryCreds, + DockerCertPath: c.String("cert-dir"), + DockerInsecureSkipTLSVerify: !c.BoolT("tls-verify"), }, - Writer: os.Stdout, + Writer: writer, } return runtime.PullImage(image, options) diff --git a/completions/bash/kpod b/completions/bash/kpod index e23bf693..2c33166a 100644 --- a/completions/bash/kpod +++ b/completions/bash/kpod @@ -172,10 +172,14 @@ _kpod_pull() { local options_with_args=" --authfile --creds + --cert-dir --signature-policy " local boolean_options=" --all-tags -a + --quiet + -q + --tls-verify " _complete_ "$options_with_args" "$boolean_options" } diff --git a/docs/kpod-pull.1.md b/docs/kpod-pull.1.md index a3f5a5e8..254fc584 100644 --- a/docs/kpod-pull.1.md +++ b/docs/kpod-pull.1.md @@ -58,16 +58,28 @@ Image stored in local container/storage Path of the authentication file. Default is ${XDG_RUNTIME_DIR}/containers/auth.json +**--cert-dir** + +Pathname of a directory containing TLS certificates and keys + **--creds** Credentials (USERNAME:PASSWORD) to use for authenticating to a registry +**--quiet, -q** + +Suppress output information when pulling images + **--signature-policy="PATHNAME"** Pathname of a signature policy file to use. It is not recommended that this option be used, as the default behavior of using the system-wide default policy (frequently */etc/containers/policy.json*) is most often preferred +**--tls-verify** + +Require HTTPS and verify certificates when contacting registries (default: true) + ## EXAMPLES ``` @@ -95,7 +107,18 @@ Storing signatures ``` ``` -# kpod pull docker.io/umohnani/finaltest +# kpod pull --creds testuser:testpassword docker.io/umohnani/finaltest +Trying to pull docker.io/umohnani/finaltest:latest...Getting image source signatures +Copying blob sha256:6d987f6f42797d81a318c40d442369ba3dc124883a0964d40b0c8f4f7561d913 + 1.90 MB / 1.90 MB [========================================================] 0s +Copying config sha256:ad4686094d8f0186ec8249fc4917b71faa2c1030d7b5a025c29f26e19d95c156 + 1.41 KB / 1.41 KB [========================================================] 0s +Writing manifest to image destination +Storing signatures +``` + +``` +# kpod pull --tls-verify=false --cert-dir image/certs docker.io/umohnani/finaltest Trying to pull docker.io/umohnani/finaltest:latest...Getting image source signatures Copying blob sha256:6d987f6f42797d81a318c40d442369ba3dc124883a0964d40b0c8f4f7561d913 1.90 MB / 1.90 MB [========================================================] 0s diff --git a/libpod/runtime_img.go b/libpod/runtime_img.go index a614d2e4..feb0ef3f 100644 --- a/libpod/runtime_img.go +++ b/libpod/runtime_img.go @@ -201,6 +201,7 @@ func (r *Runtime) getPullStruct(srcRef types.ImageReference, destName string) (* }, nil } +// returns a list of pullStruct with the srcRef and DstRef based on the transport being used func (r *Runtime) getPullListFromRef(srcRef types.ImageReference, imgName string, sc *types.SystemContext) ([]*pullStruct, error) { var pullStructs []*pullStruct splitArr := strings.Split(imgName, ":")