diff options
| author | Suraj Deshmukh <surajd.service@gmail.com> | 2017-11-27 15:08:21 +0530 |
|---|---|---|
| committer | Atomic Bot <atomic-devel@projectatomic.io> | 2017-12-20 17:33:31 +0000 |
| commit | 3607fcb553046b9a51c4b591ddf20236c628dc57 (patch) | |
| tree | 8fc1c7893fc30bfcc89ae7c5102527b535ce0f62 | |
| parent | 26a6e0de46f6fcc6c80a20068d0019b45465a28d (diff) | |
| download | podman-3607fcb553046b9a51c4b591ddf20236c628dc57.tar.gz podman-3607fcb553046b9a51c4b591ddf20236c628dc57.tar.bz2 podman-3607fcb553046b9a51c4b591ddf20236c628dc57.zip | |
Add flag --cert-dir and --tls-verify to kpod login
This commit adds a mechanism to override the default certs dir by using
command line flag `--cert-dir` for kpod login.
Another flag `--tls-verify` is also added which lets you skip certificate
validation when contacting container registry.
Signed-off-by: Suraj Deshmukh <surajd.service@gmail.com>
Closes: #75
Approved by: rhatdan
| -rw-r--r-- | cmd/podman/login.go | 13 | ||||
| -rw-r--r-- | docs/podman-login.1.md | 16 |
2 files changed, 29 insertions, 0 deletions
diff --git a/cmd/podman/login.go b/cmd/podman/login.go index 8984d069c..55f97de72 100644 --- a/cmd/podman/login.go +++ b/cmd/podman/login.go @@ -5,6 +5,7 @@ import ( "context" "fmt" "os" + "path/filepath" "strings" "github.com/containers/image/docker" @@ -29,6 +30,14 @@ var ( Name: "authfile", Usage: "Path of the authentication file. Default is ${XDG_RUNTIME_DIR}/containers/auth.json", }, + cli.StringFlag{ + Name: "cert-dir", + Usage: "Pathname of a directory containing TLS certificates and keys", + }, + cli.BoolTFlag{ + Name: "tls-verify", + Usage: "Require HTTPS and verify certificates when contacting registries (default: true)", + }, } loginDescription = "Login to a container registry on a specified server." loginCommand = cli.Command{ @@ -64,6 +73,10 @@ func loginCmd(c *cli.Context) error { if err != nil { return errors.Wrapf(err, "error getting username and password") } + sc.DockerInsecureSkipTLSVerify = !c.BoolT("tls-verify") + if c.String("cert-dir") != "" { + sc.DockerCertPath = filepath.Join(c.String("cert-dir"), server) + } if err = docker.CheckAuth(context.TODO(), sc, username, password, server); err == nil { if err := config.SetAuthentication(sc, server, username, password); err != nil { diff --git a/docs/podman-login.1.md b/docs/podman-login.1.md index 8d8e688c1..2b136789e 100644 --- a/docs/podman-login.1.md +++ b/docs/podman-login.1.md @@ -37,6 +37,12 @@ Username for registry **--authfile** Path of the authentication file. Default is ${XDG_\RUNTIME\_DIR}/containers/auth.json +**--cert-dir** +Pathname of a directory containing TLS certificates and keys + +**--tls-verify** +Require HTTPS and verify certificates when contacting registries (default: true) + ## EXAMPLES ``` @@ -58,6 +64,16 @@ Password: Login Succeeded! ``` +``` +$ kpod login --tls-verify=false -u test -p test localhost:5000 +Login Succeeded! +``` + +``` +$ kpod login --cert-dir /etc/containers/certs.d/ -u foo -p bar localhost:5000 +Login Succeeded! +``` + ## SEE ALSO podman(1), podman-logout(1), crio(8), crio.conf(5) |