aboutsummaryrefslogtreecommitdiff
path: root/cmd/podman
diff options
context:
space:
mode:
authorhaircommander <pehunt@redhat.com>2018-06-08 17:56:25 -0400
committerAtomic Bot <atomic-devel@projectatomic.io>2018-06-15 17:09:33 +0000
commitb43677c9fd7f04c1ebf8265a0b14fc8ed70e4d66 (patch)
tree7789d0838adc805bcddd680ceb06fadd77195a4f /cmd/podman
parent894ae2bf76ec9877f8a4707d5b978bc23f6556f8 (diff)
downloadpodman-b43677c9fd7f04c1ebf8265a0b14fc8ed70e4d66.tar.gz
podman-b43677c9fd7f04c1ebf8265a0b14fc8ed70e4d66.tar.bz2
podman-b43677c9fd7f04c1ebf8265a0b14fc8ed70e4d66.zip
Added --tls-verify functionality to podman search, with tests
Signed-off-by: haircommander <pehunt@redhat.com> Closes: #932 Approved by: baude
Diffstat (limited to 'cmd/podman')
-rw-r--r--cmd/podman/search.go73
1 files changed, 60 insertions, 13 deletions
diff --git a/cmd/podman/search.go b/cmd/podman/search.go
index 803661753..a5eb580cd 100644
--- a/cmd/podman/search.go
+++ b/cmd/podman/search.go
@@ -2,16 +2,19 @@ package main
import (
"context"
+ "fmt"
"reflect"
"strconv"
"strings"
"github.com/containers/image/docker"
+ "github.com/containers/image/types"
"github.com/pkg/errors"
"github.com/projectatomic/libpod/cmd/podman/formats"
"github.com/projectatomic/libpod/cmd/podman/libpodruntime"
"github.com/projectatomic/libpod/libpod/common"
sysreg "github.com/projectatomic/libpod/pkg/registries"
+ "github.com/projectatomic/libpod/pkg/util"
"github.com/sirupsen/logrus"
"github.com/urfave/cli"
)
@@ -43,6 +46,10 @@ var (
Name: "registry",
Usage: "specific registry to search",
},
+ cli.BoolTFlag{
+ Name: "tls-verify",
+ Usage: "require HTTPS and verify certificates when contacting registries (default: true)",
+ },
}
searchDescription = `
Search registries for a given image. Can search all the default registries or a specific registry.
@@ -106,15 +113,9 @@ func searchCmd(c *cli.Context) error {
limit: c.Int("limit"),
filter: c.StringSlice("filter"),
}
-
- var registries []string
- if len(c.StringSlice("registry")) > 0 {
- registries = c.StringSlice("registry")
- } else {
- registries, err = sysreg.GetRegistries()
- if err != nil {
- return errors.Wrapf(err, "error getting registries to search")
- }
+ registries, sc, err := getSystemContextAndRegistries(c)
+ if err != nil {
+ return err
}
filter, err := parseSearchFilter(&opts)
@@ -122,7 +123,7 @@ func searchCmd(c *cli.Context) error {
return err
}
- return generateSearchOutput(term, registries, opts, *filter)
+ return generateSearchOutput(term, registries, opts, *filter, sc)
}
func genSearchFormat(format string) string {
@@ -153,8 +154,54 @@ func (s *searchParams) headerMap() map[string]string {
return values
}
-func getSearchOutput(term string, registries []string, opts searchOpts, filter searchFilterParams) ([]searchParams, error) {
+// A wrapper for GetSystemContext and GetInsecureRegistries
+// Sets up system context and active list of registries to search with
+func getSystemContextAndRegistries(c *cli.Context) ([]string, *types.SystemContext, error) {
sc := common.GetSystemContext("", "", false)
+
+ // Variables for setting up Registry and TLSVerify
+ tlsVerify := c.BoolT("tls-verify")
+ forceSecure := false
+
+ if c.IsSet("tls-verify") {
+ forceSecure = c.BoolT("tls-verify")
+ }
+
+ var registries []string
+ if len(c.StringSlice("registry")) > 0 {
+ registries = c.StringSlice("registry")
+ } else {
+ var err error
+ registries, err = sysreg.GetRegistries()
+ if err != nil {
+ return nil, nil, errors.Wrapf(err, "error getting registries to search")
+ }
+ }
+
+ // If user flagged to skip verify for HTTP connections, set System Context as such
+ if !tlsVerify {
+ // If tls-verify is set to false, allow insecure always.
+ sc.DockerInsecureSkipTLSVerify = true
+ } else if !forceSecure {
+ // if the user didn't allow nor disallow insecure registries, check to see if the registry is insecure
+ insecureRegistries, err := sysreg.GetInsecureRegistries()
+ if err != nil {
+ return nil, nil, errors.Wrapf(err, "error getting insecure registries to search")
+ }
+
+ for _, reg := range insecureRegistries {
+ // if there are any insecure registries in registries, allow for HTTP
+ if util.StringInSlice(reg, registries) {
+ sc.DockerInsecureSkipTLSVerify = true
+ logrus.Info(fmt.Sprintf("%s is an insecure registry; searching with tls-verify=false", reg))
+ break
+ }
+ }
+ }
+ return registries, sc, nil
+}
+
+func getSearchOutput(term string, registries []string, opts searchOpts, filter searchFilterParams, sc *types.SystemContext) ([]searchParams, error) {
// Max number of queries by default is 25
limit := maxQueries
if opts.limit != 0 {
@@ -222,8 +269,8 @@ func getSearchOutput(term string, registries []string, opts searchOpts, filter s
return paramsArr, nil
}
-func generateSearchOutput(term string, registries []string, opts searchOpts, filter searchFilterParams) error {
- searchOutput, err := getSearchOutput(term, registries, opts, filter)
+func generateSearchOutput(term string, registries []string, opts searchOpts, filter searchFilterParams, sc *types.SystemContext) error {
+ searchOutput, err := getSearchOutput(term, registries, opts, filter, sc)
if err != nil {
return err
}