diff options
author | Vladimir Kochnev <hashtable@yandex.ru> | 2022-07-25 16:00:23 +0300 |
---|---|---|
committer | Vladimir Kochnev <hashtable@yandex.ru> | 2022-07-26 02:07:56 +0300 |
commit | 52a4642edd8a2c2f62d10c2180d785b4f04f18c5 (patch) | |
tree | c344952b3d6e2de68f8c0187d30ff5d9e4b425ce /pkg/api/handlers | |
parent | b70e2a47887f81af0b32dd6ac362f9c4958f5b7c (diff) | |
download | podman-52a4642edd8a2c2f62d10c2180d785b4f04f18c5.tar.gz podman-52a4642edd8a2c2f62d10c2180d785b4f04f18c5.tar.bz2 podman-52a4642edd8a2c2f62d10c2180d785b4f04f18c5.zip |
Set TLSVerify=true by default for API endpoints
Option defaults in API must be the same as in CLI.
```
% podman image push --help
% podman image pull --help
% podman manifest push --help
% podman image search --help
```
All of these CLI commands them have --tls-verify=true by default:
```
--tls-verify require HTTPS and verify certificates when accessing the registry (default true)
```
As for `podman image build`, it doesn't have any means to control
`tlsVerify` parameter but it must be true by default.
Signed-off-by: Vladimir Kochnev <hashtable@yandex.ru>
Diffstat (limited to 'pkg/api/handlers')
-rw-r--r-- | pkg/api/handlers/compat/images_build.go | 1 | ||||
-rw-r--r-- | pkg/api/handlers/compat/images_search.go | 1 | ||||
-rw-r--r-- | pkg/api/handlers/libpod/images_push.go | 1 | ||||
-rw-r--r-- | pkg/api/handlers/libpod/manifests.go | 1 |
4 files changed, 4 insertions, 0 deletions
diff --git a/pkg/api/handlers/compat/images_build.go b/pkg/api/handlers/compat/images_build.go index a9185c3d3..15cfc824e 100644 --- a/pkg/api/handlers/compat/images_build.go +++ b/pkg/api/handlers/compat/images_build.go @@ -140,6 +140,7 @@ func BuildImage(w http.ResponseWriter, r *http.Request) { Registry: "docker.io", Rm: true, ShmSize: 64 * 1024 * 1024, + TLSVerify: true, } decoder := r.Context().Value(api.DecoderKey).(*schema.Decoder) diff --git a/pkg/api/handlers/compat/images_search.go b/pkg/api/handlers/compat/images_search.go index a6fd3a3a1..2fc95e84e 100644 --- a/pkg/api/handlers/compat/images_search.go +++ b/pkg/api/handlers/compat/images_search.go @@ -26,6 +26,7 @@ func SearchImages(w http.ResponseWriter, r *http.Request) { ListTags bool `json:"listTags"` }{ // This is where you can override the golang default value for one of fields + TLSVerify: true, } if err := decoder.Decode(&query, r.URL.Query()); err != nil { diff --git a/pkg/api/handlers/libpod/images_push.go b/pkg/api/handlers/libpod/images_push.go index f427dc01b..9ee651f5b 100644 --- a/pkg/api/handlers/libpod/images_push.go +++ b/pkg/api/handlers/libpod/images_push.go @@ -32,6 +32,7 @@ func PushImage(w http.ResponseWriter, r *http.Request) { TLSVerify bool `schema:"tlsVerify"` Quiet bool `schema:"quiet"` }{ + TLSVerify: true, // #14971: older versions did not sent *any* data, so we need // to be quiet by default to remain backwards compatible Quiet: true, diff --git a/pkg/api/handlers/libpod/manifests.go b/pkg/api/handlers/libpod/manifests.go index 3235a2972..43c7139d3 100644 --- a/pkg/api/handlers/libpod/manifests.go +++ b/pkg/api/handlers/libpod/manifests.go @@ -310,6 +310,7 @@ func ManifestPush(w http.ResponseWriter, r *http.Request) { TLSVerify bool `schema:"tlsVerify"` }{ // Add defaults here once needed. + TLSVerify: true, } if err := decoder.Decode(&query, r.URL.Query()); err != nil { utils.Error(w, http.StatusBadRequest, |