diff options
author | haircommander <pehunt@redhat.com> | 2018-06-08 17:56:25 -0400 |
---|---|---|
committer | Atomic Bot <atomic-devel@projectatomic.io> | 2018-06-15 17:09:33 +0000 |
commit | b43677c9fd7f04c1ebf8265a0b14fc8ed70e4d66 (patch) | |
tree | 7789d0838adc805bcddd680ceb06fadd77195a4f /cmd | |
parent | 894ae2bf76ec9877f8a4707d5b978bc23f6556f8 (diff) | |
download | podman-b43677c9fd7f04c1ebf8265a0b14fc8ed70e4d66.tar.gz podman-b43677c9fd7f04c1ebf8265a0b14fc8ed70e4d66.tar.bz2 podman-b43677c9fd7f04c1ebf8265a0b14fc8ed70e4d66.zip |
Added --tls-verify functionality to podman search, with tests
Signed-off-by: haircommander <pehunt@redhat.com>
Closes: #932
Approved by: baude
Diffstat (limited to 'cmd')
-rw-r--r-- | cmd/podman/search.go | 73 |
1 files changed, 60 insertions, 13 deletions
diff --git a/cmd/podman/search.go b/cmd/podman/search.go index 803661753..a5eb580cd 100644 --- a/cmd/podman/search.go +++ b/cmd/podman/search.go @@ -2,16 +2,19 @@ package main import ( "context" + "fmt" "reflect" "strconv" "strings" "github.com/containers/image/docker" + "github.com/containers/image/types" "github.com/pkg/errors" "github.com/projectatomic/libpod/cmd/podman/formats" "github.com/projectatomic/libpod/cmd/podman/libpodruntime" "github.com/projectatomic/libpod/libpod/common" sysreg "github.com/projectatomic/libpod/pkg/registries" + "github.com/projectatomic/libpod/pkg/util" "github.com/sirupsen/logrus" "github.com/urfave/cli" ) @@ -43,6 +46,10 @@ var ( Name: "registry", Usage: "specific registry to search", }, + cli.BoolTFlag{ + Name: "tls-verify", + Usage: "require HTTPS and verify certificates when contacting registries (default: true)", + }, } searchDescription = ` Search registries for a given image. Can search all the default registries or a specific registry. @@ -106,15 +113,9 @@ func searchCmd(c *cli.Context) error { limit: c.Int("limit"), filter: c.StringSlice("filter"), } - - var registries []string - if len(c.StringSlice("registry")) > 0 { - registries = c.StringSlice("registry") - } else { - registries, err = sysreg.GetRegistries() - if err != nil { - return errors.Wrapf(err, "error getting registries to search") - } + registries, sc, err := getSystemContextAndRegistries(c) + if err != nil { + return err } filter, err := parseSearchFilter(&opts) @@ -122,7 +123,7 @@ func searchCmd(c *cli.Context) error { return err } - return generateSearchOutput(term, registries, opts, *filter) + return generateSearchOutput(term, registries, opts, *filter, sc) } func genSearchFormat(format string) string { @@ -153,8 +154,54 @@ func (s *searchParams) headerMap() map[string]string { return values } -func getSearchOutput(term string, registries []string, opts searchOpts, filter searchFilterParams) ([]searchParams, error) { +// A wrapper for GetSystemContext and GetInsecureRegistries +// Sets up system context and active list of registries to search with +func getSystemContextAndRegistries(c *cli.Context) ([]string, *types.SystemContext, error) { sc := common.GetSystemContext("", "", false) + + // Variables for setting up Registry and TLSVerify + tlsVerify := c.BoolT("tls-verify") + forceSecure := false + + if c.IsSet("tls-verify") { + forceSecure = c.BoolT("tls-verify") + } + + var registries []string + if len(c.StringSlice("registry")) > 0 { + registries = c.StringSlice("registry") + } else { + var err error + registries, err = sysreg.GetRegistries() + if err != nil { + return nil, nil, errors.Wrapf(err, "error getting registries to search") + } + } + + // If user flagged to skip verify for HTTP connections, set System Context as such + if !tlsVerify { + // If tls-verify is set to false, allow insecure always. + sc.DockerInsecureSkipTLSVerify = true + } else if !forceSecure { + // if the user didn't allow nor disallow insecure registries, check to see if the registry is insecure + insecureRegistries, err := sysreg.GetInsecureRegistries() + if err != nil { + return nil, nil, errors.Wrapf(err, "error getting insecure registries to search") + } + + for _, reg := range insecureRegistries { + // if there are any insecure registries in registries, allow for HTTP + if util.StringInSlice(reg, registries) { + sc.DockerInsecureSkipTLSVerify = true + logrus.Info(fmt.Sprintf("%s is an insecure registry; searching with tls-verify=false", reg)) + break + } + } + } + return registries, sc, nil +} + +func getSearchOutput(term string, registries []string, opts searchOpts, filter searchFilterParams, sc *types.SystemContext) ([]searchParams, error) { // Max number of queries by default is 25 limit := maxQueries if opts.limit != 0 { @@ -222,8 +269,8 @@ func getSearchOutput(term string, registries []string, opts searchOpts, filter s return paramsArr, nil } -func generateSearchOutput(term string, registries []string, opts searchOpts, filter searchFilterParams) error { - searchOutput, err := getSearchOutput(term, registries, opts, filter) +func generateSearchOutput(term string, registries []string, opts searchOpts, filter searchFilterParams, sc *types.SystemContext) error { + searchOutput, err := getSearchOutput(term, registries, opts, filter, sc) if err != nil { return err } |