Add --tls-verify, --cert-dir, and --quiet flags to kpod pull

Signed-off-by: umohnani8 <umohnani@redhat.com>
2017-10-25 09:59:28 -04:00 · 2017-10-25 09:59:28 -04:00 · f9992d71a3
commit f9992d71a3
parent 8d78e3cfac
5 changed files with 58 additions and 10 deletions
--- a/cmd/kpod/load.go
+++ b/cmd/kpod/load.go
@ -90,14 +90,14 @@ func loadCmd(c *cli.Context) error {
 		}
 	}

-	var output io.Writer
+	var writer io.Writer
 	if !c.Bool("quiet") {
-		output = os.Stdout
+		writer = os.Stdout
 	}

 	options := libpod.CopyOptions{
 		SignaturePolicyPath: c.String("signature-policy"),
-		Writer:              output,
+		Writer:              writer,
 	}

 	src := libpod.DockerArchive + ":" + input
--- a/cmd/kpod/pull.go
+++ b/cmd/kpod/pull.go
@ -2,6 +2,7 @@ package main

 import (
 	"fmt"
+	"io"
 	"os"

 	"golang.org/x/crypto/ssh/terminal"
@ -16,18 +17,30 @@ import (

 var (
 	pullFlags = []cli.Flag{
-		cli.StringFlag{
-			Name:  "signature-policy",
-			Usage: "`pathname` of signature policy file (not usually used)",
-		},
 		cli.StringFlag{
 			Name:  "authfile",
 			Usage: "Path of the authentication file. Default is ${XDG_RUNTIME_DIR}/containers/auth.json",
 		},
+		cli.StringFlag{
+			Name:  "cert-dir",
+			Usage: "`pathname` of a directory containing TLS certificates and keys",
+		},
 		cli.StringFlag{
 			Name:  "creds",
 			Usage: "`credentials` (USERNAME:PASSWORD) to use for authenticating to a registry",
 		},
+		cli.BoolFlag{
+			Name:  "quiet, q",
+			Usage: "Suppress output information when pulling images",
+		},
+		cli.StringFlag{
+			Name:  "signature-policy",
+			Usage: "`pathname` of signature policy file (not usually used)",
+		},
+		cli.BoolTFlag{
+			Name:  "tls-verify",
+			Usage: "require HTTPS and verify certificates when contacting registries (default: true)",
+		},
 	}

 	pullDescription = "Pulls an image from a registry and stores it locally.\n" +
@ -84,13 +97,20 @@ func pullCmd(c *cli.Context) error {
 		registryCreds = creds
 	}

+	var writer io.Writer
+	if !c.Bool("quiet") {
+		writer = os.Stdout
+	}
+
 	options := libpod.CopyOptions{
 		SignaturePolicyPath: c.String("signature-policy"),
 		AuthFile:            c.String("authfile"),
 		DockerRegistryOptions: common.DockerRegistryOptions{
-			DockerRegistryCreds: registryCreds,
+			DockerRegistryCreds:         registryCreds,
+			DockerCertPath:              c.String("cert-dir"),
+			DockerInsecureSkipTLSVerify: !c.BoolT("tls-verify"),
 		},
-		Writer: os.Stdout,
+		Writer: writer,
 	}

 	return runtime.PullImage(image, options)
--- a/completions/bash/kpod
+++ b/completions/bash/kpod
@ -172,10 +172,14 @@ _kpod_pull() {
    local options_with_args="
    --authfile
    --creds
+    --cert-dir
    --signature-policy
    "
    local boolean_options="
    --all-tags -a
+    --quiet
+    -q
+    --tls-verify
    "
    _complete_ "$options_with_args" "$boolean_options"
 }
--- a/docs/kpod-pull.1.md
+++ b/docs/kpod-pull.1.md
@ -58,16 +58,28 @@ Image stored in local container/storage

 Path of the authentication file. Default is ${XDG_RUNTIME_DIR}/containers/auth.json

+**--cert-dir**
+
+Pathname of a directory containing TLS certificates and keys
+
 **--creds**

 Credentials (USERNAME:PASSWORD) to use for authenticating to a registry

+**--quiet, -q**
+
+Suppress output information when pulling images
+
 **--signature-policy="PATHNAME"**

 Pathname of a signature policy file to use.  It is not recommended that this
 option be used, as the default behavior of using the system-wide default policy
 (frequently */etc/containers/policy.json*) is most often preferred

+**--tls-verify**
+
+Require HTTPS and verify certificates when contacting registries (default: true)
+
 ## EXAMPLES

 ```
@ -95,7 +107,18 @@ Storing signatures
 ```

 ```
-# kpod pull docker.io/umohnani/finaltest
+# kpod pull --creds testuser:testpassword docker.io/umohnani/finaltest
+Trying to pull docker.io/umohnani/finaltest:latest...Getting image source signatures
+Copying blob sha256:6d987f6f42797d81a318c40d442369ba3dc124883a0964d40b0c8f4f7561d913
+ 1.90 MB / 1.90 MB [========================================================] 0s
+Copying config sha256:ad4686094d8f0186ec8249fc4917b71faa2c1030d7b5a025c29f26e19d95c156
+ 1.41 KB / 1.41 KB [========================================================] 0s
+Writing manifest to image destination
+Storing signatures
+```
+
+```
+# kpod pull --tls-verify=false --cert-dir image/certs docker.io/umohnani/finaltest
 Trying to pull docker.io/umohnani/finaltest:latest...Getting image source signatures
 Copying blob sha256:6d987f6f42797d81a318c40d442369ba3dc124883a0964d40b0c8f4f7561d913
 1.90 MB / 1.90 MB [========================================================] 0s
--- a/libpod/runtime_img.go
+++ b/libpod/runtime_img.go
@ -201,6 +201,7 @@ func (r *Runtime) getPullStruct(srcRef types.ImageReference, destName string) (*
 	}, nil
 }

+// returns a list of pullStruct with the srcRef and DstRef based on the transport being used
 func (r *Runtime) getPullListFromRef(srcRef types.ImageReference, imgName string, sc *types.SystemContext) ([]*pullStruct, error) {
 	var pullStructs []*pullStruct
 	splitArr := strings.Split(imgName, ":")