Add tlsVerify bool to SearchImage for varlink
Cockpit wants to be able to search images on systems without tlsverify turned on. tlsverify should be an optional parameter, if not set then we default to the system defaults defined in /etc/containers/registries.conf. Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
This commit is contained in:
Daniel J Walsh
parent
dd82acd8ba
commit
5f7d4ee73f
6
API.md
6
API.md
|
|
@ -91,9 +91,9 @@ in the [API.md](https://github.com/containers/libpod/blob/master/API.md) file in
|
|||
|
||||
[func PausePod(name: string) string](#PausePod)
|
||||
|
||||
[func PullImage(name: string, certDir: string, creds: string, signaturePolicy: string, tlsVerify: bool) string](#PullImage)
|
||||
[func PullImage(name: string, certDir: string, creds: string, signaturePolicy: string, tlsVerify: ?bool) string](#PullImage)
|
||||
|
||||
[func PushImage(name: string, tag: string, tlsverify: bool, signaturePolicy: string, creds: string, certDir: string, compress: bool, format: string, removeSignatures: bool, signBy: string) MoreResponse](#PushImage)
|
||||
[func PushImage(name: string, tag: string, tlsverify: ?bool, signaturePolicy: string, creds: string, certDir: string, compress: bool, format: string, removeSignatures: bool, signBy: string) MoreResponse](#PushImage)
|
||||
|
||||
[func ReceiveFile(path: string, delete: bool) int](#ReceiveFile)
|
||||
|
||||
|
|
@ -107,7 +107,7 @@ in the [API.md](https://github.com/containers/libpod/blob/master/API.md) file in
|
|||
|
||||
[func RestartPod(name: string) string](#RestartPod)
|
||||
|
||||
[func SearchImages(query: string, limit: ) ImageSearchResult](#SearchImages)
|
||||
[func SearchImages(quety: string, limit: int, tlsVerify: ?bool) ImageSearchResult](#SearchImages)
|
||||
|
||||
[func SendFile(type: string, length: int) string](#SendFile)
|
||||
|
||||
|
|
|
|||
|
|
@ -412,7 +412,7 @@ type Runlabel(
|
|||
name: string,
|
||||
pull: bool,
|
||||
signaturePolicyPath: string,
|
||||
tlsVerify: bool,
|
||||
tlsVerify: ?bool,
|
||||
label: string,
|
||||
extraArgs: []string,
|
||||
opts: [string]string
|
||||
|
|
@ -658,7 +658,7 @@ method HistoryImage(name: string) -> (history: []ImageHistory)
|
|||
# and a boolean as to whether tls-verify should be used (with false disabling TLS, not affecting the default behavior).
|
||||
# It will return an [ImageNotFound](#ImageNotFound) error if
|
||||
# the image cannot be found in local storage; otherwise it will return a [MoreResponse](#MoreResponse)
|
||||
method PushImage(name: string, tag: string, tlsverify: bool, signaturePolicy: string, creds: string, certDir: string, compress: bool, format: string, removeSignatures: bool, signBy: string) -> (reply: MoreResponse)
|
||||
method PushImage(name: string, tag: string, tlsverify: ?bool, signaturePolicy: string, creds: string, certDir: string, compress: bool, format: string, removeSignatures: bool, signBy: string) -> (reply: MoreResponse)
|
||||
|
||||
# TagImage takes the name or ID of an image in local storage as well as the desired tag name. If the image cannot
|
||||
# be found, an [ImageNotFound](#ImageNotFound) error will be returned; otherwise, the ID of the image is returned on success.
|
||||
|
|
@ -679,7 +679,7 @@ method RemoveImage(name: string, force: bool) -> (image: string)
|
|||
# SearchImages searches available registries for images that contain the
|
||||
# contents of "query" in their name. If "limit" is given, limits the amount of
|
||||
# search results per registry.
|
||||
method SearchImages(query: string, limit: ?int) -> (results: []ImageSearchResult)
|
||||
method SearchImages(query: string, limit: ?int, tlsVerify: ?bool) -> (results: []ImageSearchResult)
|
||||
|
||||
# DeleteUnusedImages deletes any images not associated with a container. The IDs of the deleted images are returned
|
||||
# in a string array.
|
||||
|
|
@ -726,7 +726,7 @@ method ExportImage(name: string, destination: string, compress: bool, tags: []st
|
|||
# "id": "426866d6fa419873f97e5cbd320eeb22778244c1dfffa01c944db3114f55772e"
|
||||
# }
|
||||
# ~~~
|
||||
method PullImage(name: string, certDir: string, creds: string, signaturePolicy: string, tlsVerify: bool) -> (id: string)
|
||||
method PullImage(name: string, certDir: string, creds: string, signaturePolicy: string, tlsVerify: ?bool) -> (id: string)
|
||||
|
||||
# CreatePod creates a new empty pod. It uses a [PodCreate](#PodCreate) type for input.
|
||||
# On success, the ID of the newly created pod will be returned.
|
||||
|
|
|
|||
|
|
@ -163,7 +163,8 @@ func (r *LocalRuntime) NewImageFromLocal(name string) (*ContainerImage, error) {
|
|||
func (r *LocalRuntime) LoadFromArchiveReference(ctx context.Context, srcRef types.ImageReference, signaturePolicyPath string, writer io.Writer) ([]*ContainerImage, error) {
|
||||
// TODO We need to find a way to leak certDir, creds, and the tlsverify into this function, normally this would
|
||||
// come from cli options but we don't want want those in here either.
|
||||
imageID, err := iopodman.PullImage().Call(r.Conn, srcRef.DockerReference().String(), "", "", signaturePolicyPath, true)
|
||||
tlsverify := true
|
||||
imageID, err := iopodman.PullImage().Call(r.Conn, srcRef.DockerReference().String(), "", "", signaturePolicyPath, &tlsverify)
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
|
|
@ -179,15 +180,21 @@ func (r *LocalRuntime) New(ctx context.Context, name, signaturePolicyPath, authf
|
|||
if label != nil {
|
||||
return nil, errors.New("the remote client function does not support checking a remote image for a label")
|
||||
}
|
||||
// TODO Creds needs to be figured out here too, like above
|
||||
tlsBool := dockeroptions.DockerInsecureSkipTLSVerify
|
||||
// Remember SkipTlsVerify is the opposite of tlsverify
|
||||
// If tlsBook is true or undefined, we do not skip
|
||||
SkipTlsVerify := false
|
||||
if tlsBool == types.OptionalBoolFalse {
|
||||
SkipTlsVerify = true
|
||||
var (
|
||||
tlsVerify bool
|
||||
tlsVerifyPtr *bool
|
||||
)
|
||||
if dockeroptions.DockerInsecureSkipTLSVerify == types.OptionalBoolFalse {
|
||||
tlsVerify = true
|
||||
tlsVerifyPtr = &tlsVerify
|
||||
|
||||
}
|
||||
imageID, err := iopodman.PullImage().Call(r.Conn, name, dockeroptions.DockerCertPath, "", signaturePolicyPath, SkipTlsVerify)
|
||||
if dockeroptions.DockerInsecureSkipTLSVerify == types.OptionalBoolTrue {
|
||||
tlsVerify = false
|
||||
tlsVerifyPtr = &tlsVerify
|
||||
}
|
||||
|
||||
imageID, err := iopodman.PullImage().Call(r.Conn, name, dockeroptions.DockerCertPath, "", signaturePolicyPath, tlsVerifyPtr)
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
|
|
@ -577,10 +584,19 @@ func (r *LocalRuntime) RemoveVolumes(ctx context.Context, c *cliconfig.VolumeRmV
|
|||
|
||||
func (r *LocalRuntime) Push(ctx context.Context, srcName, destination, manifestMIMEType, authfile, signaturePolicyPath string, writer io.Writer, forceCompress bool, signingOptions image.SigningOptions, dockerRegistryOptions *image.DockerRegistryOptions, additionalDockerArchiveTags []reference.NamedTagged) error {
|
||||
|
||||
tls := true
|
||||
var (
|
||||
tls *bool
|
||||
tlsVerify bool
|
||||
)
|
||||
if dockerRegistryOptions.DockerInsecureSkipTLSVerify == types.OptionalBoolTrue {
|
||||
tls = false
|
||||
tlsVerify = false
|
||||
tls = &tlsVerify
|
||||
}
|
||||
if dockerRegistryOptions.DockerInsecureSkipTLSVerify == types.OptionalBoolFalse {
|
||||
tlsVerify = true
|
||||
tls = &tlsVerify
|
||||
}
|
||||
|
||||
reply, err := iopodman.PushImage().Send(r.Conn, varlink.More, srcName, destination, tls, signaturePolicyPath, "", dockerRegistryOptions.DockerCertPath, forceCompress, manifestMIMEType, signingOptions.RemoveSignatures, signingOptions.SignBy)
|
||||
if err != nil {
|
||||
return err
|
||||
|
|
|
|||
|
|
@ -313,7 +313,7 @@ func (i *LibpodAPI) HistoryImage(call iopodman.VarlinkCall, name string) error {
|
|||
}
|
||||
|
||||
// PushImage pushes an local image to registry
|
||||
func (i *LibpodAPI) PushImage(call iopodman.VarlinkCall, name, tag string, tlsVerify bool, signaturePolicy, creds, certDir string, compress bool, format string, removeSignatures bool, signBy string) error {
|
||||
func (i *LibpodAPI) PushImage(call iopodman.VarlinkCall, name, tag string, tlsVerify *bool, signaturePolicy, creds, certDir string, compress bool, format string, removeSignatures bool, signBy string) error {
|
||||
var (
|
||||
registryCreds *types.DockerAuthConfig
|
||||
manifestType string
|
||||
|
|
@ -337,8 +337,8 @@ func (i *LibpodAPI) PushImage(call iopodman.VarlinkCall, name, tag string, tlsVe
|
|||
DockerRegistryCreds: registryCreds,
|
||||
DockerCertPath: certDir,
|
||||
}
|
||||
if !tlsVerify {
|
||||
dockerRegistryOptions.DockerInsecureSkipTLSVerify = types.OptionalBoolTrue
|
||||
if tlsVerify != nil {
|
||||
dockerRegistryOptions.DockerInsecureSkipTLSVerify = types.NewOptionalBool(!*tlsVerify)
|
||||
}
|
||||
if format != "" {
|
||||
switch format {
|
||||
|
|
@ -441,8 +441,11 @@ func (i *LibpodAPI) RemoveImage(call iopodman.VarlinkCall, name string, force bo
|
|||
|
||||
// SearchImages searches all registries configured in /etc/containers/registries.conf for an image
|
||||
// Requires an image name and a search limit as int
|
||||
func (i *LibpodAPI) SearchImages(call iopodman.VarlinkCall, query string, limit *int64) error {
|
||||
func (i *LibpodAPI) SearchImages(call iopodman.VarlinkCall, query string, limit *int64, tlsVerify *bool) error {
|
||||
sc := image.GetSystemContext("", "", false)
|
||||
if tlsVerify != nil {
|
||||
sc.DockerInsecureSkipTLSVerify = types.NewOptionalBool(!*tlsVerify)
|
||||
}
|
||||
registries, err := sysreg.GetRegistries()
|
||||
if err != nil {
|
||||
return call.ReplyErrorOccurred(fmt.Sprintf("unable to get system registries: %q", err))
|
||||
|
|
@ -583,7 +586,7 @@ func (i *LibpodAPI) ExportImage(call iopodman.VarlinkCall, name, destination str
|
|||
}
|
||||
|
||||
// PullImage pulls an image from a registry to the image store.
|
||||
func (i *LibpodAPI) PullImage(call iopodman.VarlinkCall, name string, certDir, creds, signaturePolicy string, tlsVerify bool) error {
|
||||
func (i *LibpodAPI) PullImage(call iopodman.VarlinkCall, name string, certDir, creds, signaturePolicy string, tlsVerify *bool) error {
|
||||
var (
|
||||
registryCreds *types.DockerAuthConfig
|
||||
imageID string
|
||||
|
|
@ -600,8 +603,8 @@ func (i *LibpodAPI) PullImage(call iopodman.VarlinkCall, name string, certDir, c
|
|||
DockerRegistryCreds: registryCreds,
|
||||
DockerCertPath: certDir,
|
||||
}
|
||||
if tlsVerify {
|
||||
dockerRegistryOptions.DockerInsecureSkipTLSVerify = types.NewOptionalBool(!tlsVerify)
|
||||
if tlsVerify != nil {
|
||||
dockerRegistryOptions.DockerInsecureSkipTLSVerify = types.NewOptionalBool(!*tlsVerify)
|
||||
}
|
||||
|
||||
so := image.SigningOptions{}
|
||||
|
|
@ -644,8 +647,8 @@ func (i *LibpodAPI) ContainerRunlabel(call iopodman.VarlinkCall, input iopodman.
|
|||
dockerRegistryOptions := image.DockerRegistryOptions{
|
||||
DockerCertPath: input.CertDir,
|
||||
}
|
||||
if !input.TlsVerify {
|
||||
dockerRegistryOptions.DockerInsecureSkipTLSVerify = types.OptionalBoolTrue
|
||||
if input.TlsVerify != nil {
|
||||
dockerRegistryOptions.DockerInsecureSkipTLSVerify = types.NewOptionalBool(!*input.TlsVerify)
|
||||
}
|
||||
|
||||
stdErr := os.Stderr
|
||||
|
|
|
|||
Loading…
Reference in New Issue