Add --tls-verify, --cert-dir, and --quiet flags to kpod pull
Signed-off-by: umohnani8 <umohnani@redhat.com>
This commit is contained in:
parent
8d78e3cfac
commit
f9992d71a3
5 changed files with 58 additions and 10 deletions
|
@ -90,14 +90,14 @@ func loadCmd(c *cli.Context) error {
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
var output io.Writer
|
var writer io.Writer
|
||||||
if !c.Bool("quiet") {
|
if !c.Bool("quiet") {
|
||||||
output = os.Stdout
|
writer = os.Stdout
|
||||||
}
|
}
|
||||||
|
|
||||||
options := libpod.CopyOptions{
|
options := libpod.CopyOptions{
|
||||||
SignaturePolicyPath: c.String("signature-policy"),
|
SignaturePolicyPath: c.String("signature-policy"),
|
||||||
Writer: output,
|
Writer: writer,
|
||||||
}
|
}
|
||||||
|
|
||||||
src := libpod.DockerArchive + ":" + input
|
src := libpod.DockerArchive + ":" + input
|
||||||
|
|
|
@ -2,6 +2,7 @@ package main
|
||||||
|
|
||||||
import (
|
import (
|
||||||
"fmt"
|
"fmt"
|
||||||
|
"io"
|
||||||
"os"
|
"os"
|
||||||
|
|
||||||
"golang.org/x/crypto/ssh/terminal"
|
"golang.org/x/crypto/ssh/terminal"
|
||||||
|
@ -16,18 +17,30 @@ import (
|
||||||
|
|
||||||
var (
|
var (
|
||||||
pullFlags = []cli.Flag{
|
pullFlags = []cli.Flag{
|
||||||
cli.StringFlag{
|
|
||||||
Name: "signature-policy",
|
|
||||||
Usage: "`pathname` of signature policy file (not usually used)",
|
|
||||||
},
|
|
||||||
cli.StringFlag{
|
cli.StringFlag{
|
||||||
Name: "authfile",
|
Name: "authfile",
|
||||||
Usage: "Path of the authentication file. Default is ${XDG_RUNTIME_DIR}/containers/auth.json",
|
Usage: "Path of the authentication file. Default is ${XDG_RUNTIME_DIR}/containers/auth.json",
|
||||||
},
|
},
|
||||||
|
cli.StringFlag{
|
||||||
|
Name: "cert-dir",
|
||||||
|
Usage: "`pathname` of a directory containing TLS certificates and keys",
|
||||||
|
},
|
||||||
cli.StringFlag{
|
cli.StringFlag{
|
||||||
Name: "creds",
|
Name: "creds",
|
||||||
Usage: "`credentials` (USERNAME:PASSWORD) to use for authenticating to a registry",
|
Usage: "`credentials` (USERNAME:PASSWORD) to use for authenticating to a registry",
|
||||||
},
|
},
|
||||||
|
cli.BoolFlag{
|
||||||
|
Name: "quiet, q",
|
||||||
|
Usage: "Suppress output information when pulling images",
|
||||||
|
},
|
||||||
|
cli.StringFlag{
|
||||||
|
Name: "signature-policy",
|
||||||
|
Usage: "`pathname` of signature policy file (not usually used)",
|
||||||
|
},
|
||||||
|
cli.BoolTFlag{
|
||||||
|
Name: "tls-verify",
|
||||||
|
Usage: "require HTTPS and verify certificates when contacting registries (default: true)",
|
||||||
|
},
|
||||||
}
|
}
|
||||||
|
|
||||||
pullDescription = "Pulls an image from a registry and stores it locally.\n" +
|
pullDescription = "Pulls an image from a registry and stores it locally.\n" +
|
||||||
|
@ -84,13 +97,20 @@ func pullCmd(c *cli.Context) error {
|
||||||
registryCreds = creds
|
registryCreds = creds
|
||||||
}
|
}
|
||||||
|
|
||||||
|
var writer io.Writer
|
||||||
|
if !c.Bool("quiet") {
|
||||||
|
writer = os.Stdout
|
||||||
|
}
|
||||||
|
|
||||||
options := libpod.CopyOptions{
|
options := libpod.CopyOptions{
|
||||||
SignaturePolicyPath: c.String("signature-policy"),
|
SignaturePolicyPath: c.String("signature-policy"),
|
||||||
AuthFile: c.String("authfile"),
|
AuthFile: c.String("authfile"),
|
||||||
DockerRegistryOptions: common.DockerRegistryOptions{
|
DockerRegistryOptions: common.DockerRegistryOptions{
|
||||||
DockerRegistryCreds: registryCreds,
|
DockerRegistryCreds: registryCreds,
|
||||||
|
DockerCertPath: c.String("cert-dir"),
|
||||||
|
DockerInsecureSkipTLSVerify: !c.BoolT("tls-verify"),
|
||||||
},
|
},
|
||||||
Writer: os.Stdout,
|
Writer: writer,
|
||||||
}
|
}
|
||||||
|
|
||||||
return runtime.PullImage(image, options)
|
return runtime.PullImage(image, options)
|
||||||
|
|
|
@ -172,10 +172,14 @@ _kpod_pull() {
|
||||||
local options_with_args="
|
local options_with_args="
|
||||||
--authfile
|
--authfile
|
||||||
--creds
|
--creds
|
||||||
|
--cert-dir
|
||||||
--signature-policy
|
--signature-policy
|
||||||
"
|
"
|
||||||
local boolean_options="
|
local boolean_options="
|
||||||
--all-tags -a
|
--all-tags -a
|
||||||
|
--quiet
|
||||||
|
-q
|
||||||
|
--tls-verify
|
||||||
"
|
"
|
||||||
_complete_ "$options_with_args" "$boolean_options"
|
_complete_ "$options_with_args" "$boolean_options"
|
||||||
}
|
}
|
||||||
|
|
|
@ -58,16 +58,28 @@ Image stored in local container/storage
|
||||||
|
|
||||||
Path of the authentication file. Default is ${XDG_RUNTIME_DIR}/containers/auth.json
|
Path of the authentication file. Default is ${XDG_RUNTIME_DIR}/containers/auth.json
|
||||||
|
|
||||||
|
**--cert-dir**
|
||||||
|
|
||||||
|
Pathname of a directory containing TLS certificates and keys
|
||||||
|
|
||||||
**--creds**
|
**--creds**
|
||||||
|
|
||||||
Credentials (USERNAME:PASSWORD) to use for authenticating to a registry
|
Credentials (USERNAME:PASSWORD) to use for authenticating to a registry
|
||||||
|
|
||||||
|
**--quiet, -q**
|
||||||
|
|
||||||
|
Suppress output information when pulling images
|
||||||
|
|
||||||
**--signature-policy="PATHNAME"**
|
**--signature-policy="PATHNAME"**
|
||||||
|
|
||||||
Pathname of a signature policy file to use. It is not recommended that this
|
Pathname of a signature policy file to use. It is not recommended that this
|
||||||
option be used, as the default behavior of using the system-wide default policy
|
option be used, as the default behavior of using the system-wide default policy
|
||||||
(frequently */etc/containers/policy.json*) is most often preferred
|
(frequently */etc/containers/policy.json*) is most often preferred
|
||||||
|
|
||||||
|
**--tls-verify**
|
||||||
|
|
||||||
|
Require HTTPS and verify certificates when contacting registries (default: true)
|
||||||
|
|
||||||
## EXAMPLES
|
## EXAMPLES
|
||||||
|
|
||||||
```
|
```
|
||||||
|
@ -95,7 +107,18 @@ Storing signatures
|
||||||
```
|
```
|
||||||
|
|
||||||
```
|
```
|
||||||
# kpod pull docker.io/umohnani/finaltest
|
# kpod pull --creds testuser:testpassword docker.io/umohnani/finaltest
|
||||||
|
Trying to pull docker.io/umohnani/finaltest:latest...Getting image source signatures
|
||||||
|
Copying blob sha256:6d987f6f42797d81a318c40d442369ba3dc124883a0964d40b0c8f4f7561d913
|
||||||
|
1.90 MB / 1.90 MB [========================================================] 0s
|
||||||
|
Copying config sha256:ad4686094d8f0186ec8249fc4917b71faa2c1030d7b5a025c29f26e19d95c156
|
||||||
|
1.41 KB / 1.41 KB [========================================================] 0s
|
||||||
|
Writing manifest to image destination
|
||||||
|
Storing signatures
|
||||||
|
```
|
||||||
|
|
||||||
|
```
|
||||||
|
# kpod pull --tls-verify=false --cert-dir image/certs docker.io/umohnani/finaltest
|
||||||
Trying to pull docker.io/umohnani/finaltest:latest...Getting image source signatures
|
Trying to pull docker.io/umohnani/finaltest:latest...Getting image source signatures
|
||||||
Copying blob sha256:6d987f6f42797d81a318c40d442369ba3dc124883a0964d40b0c8f4f7561d913
|
Copying blob sha256:6d987f6f42797d81a318c40d442369ba3dc124883a0964d40b0c8f4f7561d913
|
||||||
1.90 MB / 1.90 MB [========================================================] 0s
|
1.90 MB / 1.90 MB [========================================================] 0s
|
||||||
|
|
|
@ -201,6 +201,7 @@ func (r *Runtime) getPullStruct(srcRef types.ImageReference, destName string) (*
|
||||||
}, nil
|
}, nil
|
||||||
}
|
}
|
||||||
|
|
||||||
|
// returns a list of pullStruct with the srcRef and DstRef based on the transport being used
|
||||||
func (r *Runtime) getPullListFromRef(srcRef types.ImageReference, imgName string, sc *types.SystemContext) ([]*pullStruct, error) {
|
func (r *Runtime) getPullListFromRef(srcRef types.ImageReference, imgName string, sc *types.SystemContext) ([]*pullStruct, error) {
|
||||||
var pullStructs []*pullStruct
|
var pullStructs []*pullStruct
|
||||||
splitArr := strings.Split(imgName, ":")
|
splitArr := strings.Split(imgName, ":")
|
||||||
|
|
Loading…
Reference in a new issue