summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorSuraj Deshmukh <surajd.service@gmail.com>2017-11-27 15:08:21 +0530
committerAtomic Bot <atomic-devel@projectatomic.io>2017-12-20 17:33:31 +0000
commit3607fcb553046b9a51c4b591ddf20236c628dc57 (patch)
tree8fc1c7893fc30bfcc89ae7c5102527b535ce0f62
parent26a6e0de46f6fcc6c80a20068d0019b45465a28d (diff)
downloadpodman-3607fcb553046b9a51c4b591ddf20236c628dc57.tar.gz
podman-3607fcb553046b9a51c4b591ddf20236c628dc57.tar.bz2
podman-3607fcb553046b9a51c4b591ddf20236c628dc57.zip
Add flag --cert-dir and --tls-verify to kpod login
This commit adds a mechanism to override the default certs dir by using command line flag `--cert-dir` for kpod login. Another flag `--tls-verify` is also added which lets you skip certificate validation when contacting container registry. Signed-off-by: Suraj Deshmukh <surajd.service@gmail.com> Closes: #75 Approved by: rhatdan
-rw-r--r--cmd/podman/login.go13
-rw-r--r--docs/podman-login.1.md16
2 files changed, 29 insertions, 0 deletions
diff --git a/cmd/podman/login.go b/cmd/podman/login.go
index 8984d069c..55f97de72 100644
--- a/cmd/podman/login.go
+++ b/cmd/podman/login.go
@@ -5,6 +5,7 @@ import (
"context"
"fmt"
"os"
+ "path/filepath"
"strings"
"github.com/containers/image/docker"
@@ -29,6 +30,14 @@ var (
Name: "authfile",
Usage: "Path of the authentication file. Default is ${XDG_RUNTIME_DIR}/containers/auth.json",
},
+ cli.StringFlag{
+ Name: "cert-dir",
+ Usage: "Pathname of a directory containing TLS certificates and keys",
+ },
+ cli.BoolTFlag{
+ Name: "tls-verify",
+ Usage: "Require HTTPS and verify certificates when contacting registries (default: true)",
+ },
}
loginDescription = "Login to a container registry on a specified server."
loginCommand = cli.Command{
@@ -64,6 +73,10 @@ func loginCmd(c *cli.Context) error {
if err != nil {
return errors.Wrapf(err, "error getting username and password")
}
+ sc.DockerInsecureSkipTLSVerify = !c.BoolT("tls-verify")
+ if c.String("cert-dir") != "" {
+ sc.DockerCertPath = filepath.Join(c.String("cert-dir"), server)
+ }
if err = docker.CheckAuth(context.TODO(), sc, username, password, server); err == nil {
if err := config.SetAuthentication(sc, server, username, password); err != nil {
diff --git a/docs/podman-login.1.md b/docs/podman-login.1.md
index 8d8e688c1..2b136789e 100644
--- a/docs/podman-login.1.md
+++ b/docs/podman-login.1.md
@@ -37,6 +37,12 @@ Username for registry
**--authfile**
Path of the authentication file. Default is ${XDG_\RUNTIME\_DIR}/containers/auth.json
+**--cert-dir**
+Pathname of a directory containing TLS certificates and keys
+
+**--tls-verify**
+Require HTTPS and verify certificates when contacting registries (default: true)
+
## EXAMPLES
```
@@ -58,6 +64,16 @@ Password:
Login Succeeded!
```
+```
+$ kpod login --tls-verify=false -u test -p test localhost:5000
+Login Succeeded!
+```
+
+```
+$ kpod login --cert-dir /etc/containers/certs.d/ -u foo -p bar localhost:5000
+Login Succeeded!
+```
+
## SEE ALSO
podman(1), podman-logout(1), crio(8), crio.conf(5)