Add flag --cert-dir and --tls-verify to kpod login

This commit adds a mechanism to override the default certs dir by using
command line flag `--cert-dir` for kpod login.

Another flag `--tls-verify` is also added which lets you skip certificate
validation when contacting container registry.

Signed-off-by: Suraj Deshmukh <surajd.service@gmail.com>

Closes: #75
Approved by: rhatdan

1 files changed, 13 insertions, 0 deletions

diff --git a/cmd/podman/login.go b/cmd/podman/login.go
index 8984d069c..55f97de72 100644
--- a/cmd/podman/login.go
+++ b/cmd/podman/login.go
@@ -5,6 +5,7 @@ import (
 	"context"
 	"fmt"
 	"os"
+	"path/filepath"
 	"strings"
 
 	"github.com/containers/image/docker"
@@ -29,6 +30,14 @@ var (
 			Name:  "authfile",
 			Usage: "Path of the authentication file. Default is ${XDG_RUNTIME_DIR}/containers/auth.json",
 		},
+		cli.StringFlag{
+			Name:  "cert-dir",
+			Usage: "Pathname of a directory containing TLS certificates and keys",
+		},
+		cli.BoolTFlag{
+			Name:  "tls-verify",
+			Usage: "Require HTTPS and verify certificates when contacting registries (default: true)",
+		},
 	}
 	loginDescription = "Login to a container registry on a specified server."
 	loginCommand     = cli.Command{
@@ -64,6 +73,10 @@ func loginCmd(c *cli.Context) error {
 	if err != nil {
 		return errors.Wrapf(err, "error getting username and password")
 	}
+	sc.DockerInsecureSkipTLSVerify = !c.BoolT("tls-verify")
+	if c.String("cert-dir") != "" {
+		sc.DockerCertPath = filepath.Join(c.String("cert-dir"), server)
+	}
 
 	if err = docker.CheckAuth(context.TODO(), sc, username, password, server); err == nil {
 		if err := config.SetAuthentication(sc, server, username, password); err != nil {