Add --tls-verify, --cert-dir, and --quiet flags to kpod pull

Signed-off-by: umohnani8 <umohnani@redhat.com>
This commit is contained in:
umohnani8 2017-10-25 09:59:28 -04:00
parent 8d78e3cfac
commit f9992d71a3
5 changed files with 58 additions and 10 deletions

View file

@ -90,14 +90,14 @@ func loadCmd(c *cli.Context) error {
} }
} }
var output io.Writer var writer io.Writer
if !c.Bool("quiet") { if !c.Bool("quiet") {
output = os.Stdout writer = os.Stdout
} }
options := libpod.CopyOptions{ options := libpod.CopyOptions{
SignaturePolicyPath: c.String("signature-policy"), SignaturePolicyPath: c.String("signature-policy"),
Writer: output, Writer: writer,
} }
src := libpod.DockerArchive + ":" + input src := libpod.DockerArchive + ":" + input

View file

@ -2,6 +2,7 @@ package main
import ( import (
"fmt" "fmt"
"io"
"os" "os"
"golang.org/x/crypto/ssh/terminal" "golang.org/x/crypto/ssh/terminal"
@ -16,18 +17,30 @@ import (
var ( var (
pullFlags = []cli.Flag{ pullFlags = []cli.Flag{
cli.StringFlag{
Name: "signature-policy",
Usage: "`pathname` of signature policy file (not usually used)",
},
cli.StringFlag{ cli.StringFlag{
Name: "authfile", Name: "authfile",
Usage: "Path of the authentication file. Default is ${XDG_RUNTIME_DIR}/containers/auth.json", Usage: "Path of the authentication file. Default is ${XDG_RUNTIME_DIR}/containers/auth.json",
}, },
cli.StringFlag{
Name: "cert-dir",
Usage: "`pathname` of a directory containing TLS certificates and keys",
},
cli.StringFlag{ cli.StringFlag{
Name: "creds", Name: "creds",
Usage: "`credentials` (USERNAME:PASSWORD) to use for authenticating to a registry", Usage: "`credentials` (USERNAME:PASSWORD) to use for authenticating to a registry",
}, },
cli.BoolFlag{
Name: "quiet, q",
Usage: "Suppress output information when pulling images",
},
cli.StringFlag{
Name: "signature-policy",
Usage: "`pathname` of signature policy file (not usually used)",
},
cli.BoolTFlag{
Name: "tls-verify",
Usage: "require HTTPS and verify certificates when contacting registries (default: true)",
},
} }
pullDescription = "Pulls an image from a registry and stores it locally.\n" + pullDescription = "Pulls an image from a registry and stores it locally.\n" +
@ -84,13 +97,20 @@ func pullCmd(c *cli.Context) error {
registryCreds = creds registryCreds = creds
} }
var writer io.Writer
if !c.Bool("quiet") {
writer = os.Stdout
}
options := libpod.CopyOptions{ options := libpod.CopyOptions{
SignaturePolicyPath: c.String("signature-policy"), SignaturePolicyPath: c.String("signature-policy"),
AuthFile: c.String("authfile"), AuthFile: c.String("authfile"),
DockerRegistryOptions: common.DockerRegistryOptions{ DockerRegistryOptions: common.DockerRegistryOptions{
DockerRegistryCreds: registryCreds, DockerRegistryCreds: registryCreds,
DockerCertPath: c.String("cert-dir"),
DockerInsecureSkipTLSVerify: !c.BoolT("tls-verify"),
}, },
Writer: os.Stdout, Writer: writer,
} }
return runtime.PullImage(image, options) return runtime.PullImage(image, options)

View file

@ -172,10 +172,14 @@ _kpod_pull() {
local options_with_args=" local options_with_args="
--authfile --authfile
--creds --creds
--cert-dir
--signature-policy --signature-policy
" "
local boolean_options=" local boolean_options="
--all-tags -a --all-tags -a
--quiet
-q
--tls-verify
" "
_complete_ "$options_with_args" "$boolean_options" _complete_ "$options_with_args" "$boolean_options"
} }

View file

@ -58,16 +58,28 @@ Image stored in local container/storage
Path of the authentication file. Default is ${XDG_RUNTIME_DIR}/containers/auth.json Path of the authentication file. Default is ${XDG_RUNTIME_DIR}/containers/auth.json
**--cert-dir**
Pathname of a directory containing TLS certificates and keys
**--creds** **--creds**
Credentials (USERNAME:PASSWORD) to use for authenticating to a registry Credentials (USERNAME:PASSWORD) to use for authenticating to a registry
**--quiet, -q**
Suppress output information when pulling images
**--signature-policy="PATHNAME"** **--signature-policy="PATHNAME"**
Pathname of a signature policy file to use. It is not recommended that this Pathname of a signature policy file to use. It is not recommended that this
option be used, as the default behavior of using the system-wide default policy option be used, as the default behavior of using the system-wide default policy
(frequently */etc/containers/policy.json*) is most often preferred (frequently */etc/containers/policy.json*) is most often preferred
**--tls-verify**
Require HTTPS and verify certificates when contacting registries (default: true)
## EXAMPLES ## EXAMPLES
``` ```
@ -95,7 +107,18 @@ Storing signatures
``` ```
``` ```
# kpod pull docker.io/umohnani/finaltest # kpod pull --creds testuser:testpassword docker.io/umohnani/finaltest
Trying to pull docker.io/umohnani/finaltest:latest...Getting image source signatures
Copying blob sha256:6d987f6f42797d81a318c40d442369ba3dc124883a0964d40b0c8f4f7561d913
1.90 MB / 1.90 MB [========================================================] 0s
Copying config sha256:ad4686094d8f0186ec8249fc4917b71faa2c1030d7b5a025c29f26e19d95c156
1.41 KB / 1.41 KB [========================================================] 0s
Writing manifest to image destination
Storing signatures
```
```
# kpod pull --tls-verify=false --cert-dir image/certs docker.io/umohnani/finaltest
Trying to pull docker.io/umohnani/finaltest:latest...Getting image source signatures Trying to pull docker.io/umohnani/finaltest:latest...Getting image source signatures
Copying blob sha256:6d987f6f42797d81a318c40d442369ba3dc124883a0964d40b0c8f4f7561d913 Copying blob sha256:6d987f6f42797d81a318c40d442369ba3dc124883a0964d40b0c8f4f7561d913
1.90 MB / 1.90 MB [========================================================] 0s 1.90 MB / 1.90 MB [========================================================] 0s

View file

@ -201,6 +201,7 @@ func (r *Runtime) getPullStruct(srcRef types.ImageReference, destName string) (*
}, nil }, nil
} }
// returns a list of pullStruct with the srcRef and DstRef based on the transport being used
func (r *Runtime) getPullListFromRef(srcRef types.ImageReference, imgName string, sc *types.SystemContext) ([]*pullStruct, error) { func (r *Runtime) getPullListFromRef(srcRef types.ImageReference, imgName string, sc *types.SystemContext) ([]*pullStruct, error) {
var pullStructs []*pullStruct var pullStructs []*pullStruct
splitArr := strings.Split(imgName, ":") splitArr := strings.Split(imgName, ":")