Merge pull request #13653 from jmontleon/fix-manifest-push-header

Resolves #13629 Add RegistryAuthHeader to manifest push

4 files changed, 208 insertions, 35 deletions

diff --git a/pkg/bindings/manifests/manifests.go b/pkg/bindings/manifests/manifests.go
index f7cd0d262..70b3819f5 100644
--- a/pkg/bindings/manifests/manifests.go
+++ b/pkg/bindings/manifests/manifests.go
@@ -10,7 +10,9 @@ import (
 
 	"github.com/blang/semver"
 	"github.com/containers/image/v5/manifest"
+	imageTypes "github.com/containers/image/v5/types"
 	"github.com/containers/podman/v4/pkg/api/handlers"
+	"github.com/containers/podman/v4/pkg/auth"
 	"github.com/containers/podman/v4/pkg/bindings"
 	"github.com/containers/podman/v4/pkg/bindings/images"
 	"github.com/containers/podman/v4/pkg/domain/entities"
@@ -95,15 +97,19 @@ func Add(ctx context.Context, name string, options *AddOptions) (string, error)
 
 	if bindings.ServiceVersion(ctx).GTE(semver.MustParse("4.0.0")) {
 		optionsv4 := ModifyOptions{
-			All:         options.All,
-			Annotations: options.Annotation,
-			Arch:        options.Arch,
-			Features:    options.Features,
-			Images:      options.Images,
-			OS:          options.OS,
-			OSFeatures:  nil,
-			OSVersion:   options.OSVersion,
-			Variant:     options.Variant,
+			All:           options.All,
+			Annotations:   options.Annotation,
+			Arch:          options.Arch,
+			Features:      options.Features,
+			Images:        options.Images,
+			OS:            options.OS,
+			OSFeatures:    nil,
+			OSVersion:     options.OSVersion,
+			Variant:       options.Variant,
+			Username:      options.Username,
+			Password:      options.Password,
+			Authfile:      options.Authfile,
+			SkipTLSVerify: options.SkipTLSVerify,
 		}
 		optionsv4.WithOperation("update")
 		return Modify(ctx, name, options.Images, &optionsv4)
@@ -120,11 +126,27 @@ func Add(ctx context.Context, name string, options *AddOptions) (string, error)
 	}
 	reader := strings.NewReader(opts)
 
-	headers := make(http.Header)
+	header, err := auth.MakeXRegistryAuthHeader(&imageTypes.SystemContext{AuthFilePath: options.GetAuthfile()}, options.GetUsername(), options.GetPassword())
+	if err != nil {
+		return "", err
+	}
+
+	params, err := options.ToParams()
+	if err != nil {
+		return "", err
+	}
+	// SkipTLSVerify is special.  We need to delete the param added by
+	// ToParams() and change the key and flip the bool
+	if options.SkipTLSVerify != nil {
+		params.Del("SkipTLSVerify")
+		params.Set("tlsVerify", strconv.FormatBool(!options.GetSkipTLSVerify()))
+	}
+
 	v := version.APIVersion[version.Libpod][version.MinimalAPI]
-	headers.Add("API-Version",
+	header.Add("API-Version",
 		fmt.Sprintf("%d.%d.%d", v.Major, v.Minor, v.Patch))
-	response, err := conn.DoRequest(ctx, reader, http.MethodPost, "/manifests/%s/add", nil, headers, name)
+
+	response, err := conn.DoRequest(ctx, reader, http.MethodPost, "/manifests/%s/add", params, header, name)
 	if err != nil {
 		return "", err
 	}
@@ -159,6 +181,14 @@ func Push(ctx context.Context, name, destination string, options *images.PushOpt
 		return "", err
 	}
 
+	header, err := auth.MakeXRegistryAuthHeader(&imageTypes.SystemContext{AuthFilePath: options.GetAuthfile()}, options.GetUsername(), options.GetPassword())
+	if err != nil {
+		return "", err
+	}
+	v := version.APIVersion[version.Libpod][version.MinimalAPI]
+	header.Add("API-Version",
+		fmt.Sprintf("%d.%d.%d", v.Major, v.Minor, v.Patch))
+
 	params, err := options.ToParams()
 	if err != nil {
 		return "", err
@@ -172,18 +202,18 @@ func Push(ctx context.Context, name, destination string, options *images.PushOpt
 
 	var response *bindings.APIResponse
 	if bindings.ServiceVersion(ctx).GTE(semver.MustParse("4.0.0")) {
-		response, err = conn.DoRequest(ctx, nil, http.MethodPost, "/manifests/%s/registry/%s", params, nil, name, destination)
+		response, err = conn.DoRequest(ctx, nil, http.MethodPost, "/manifests/%s/registry/%s", params, header, name, destination)
 	} else {
 		params.Set("image", name)
 		params.Set("destination", destination)
-		response, err = conn.DoRequest(ctx, nil, http.MethodPost, "/manifests/%s/push", params, nil, name)
+		response, err = conn.DoRequest(ctx, nil, http.MethodPost, "/manifests/%s/push", params, header, name)
 	}
 	if err != nil {
 		return "", err
 	}
 	defer response.Body.Close()
 
-	return idr.ID, err
+	return idr.ID, response.Process(&idr)
 }
 
 // Modify modifies the given manifest list using options and the optional list of images
@@ -203,7 +233,23 @@ func Modify(ctx context.Context, name string, images []string, options *ModifyOp
 	}
 	reader := strings.NewReader(opts)
 
-	response, err := conn.DoRequest(ctx, reader, http.MethodPut, "/manifests/%s", nil, nil, name)
+	header, err := auth.MakeXRegistryAuthHeader(&imageTypes.SystemContext{AuthFilePath: options.GetAuthfile()}, options.GetUsername(), options.GetPassword())
+	if err != nil {
+		return "", err
+	}
+
+	params, err := options.ToParams()
+	if err != nil {
+		return "", err
+	}
+	// SkipTLSVerify is special.  We need to delete the param added by
+	// ToParams() and change the key and flip the bool
+	if options.SkipTLSVerify != nil {
+		params.Del("SkipTLSVerify")
+		params.Set("tlsVerify", strconv.FormatBool(!options.GetSkipTLSVerify()))
+	}
+
+	response, err := conn.DoRequest(ctx, reader, http.MethodPut, "/manifests/%s", params, header, name)
 	if err != nil {
 		return "", err
 	}
diff --git a/pkg/bindings/manifests/types.go b/pkg/bindings/manifests/types.go
index 5ff28ee30..d0b0b2e71 100644
--- a/pkg/bindings/manifests/types.go
+++ b/pkg/bindings/manifests/types.go
@@ -20,14 +20,18 @@ type ExistsOptions struct {
 //go:generate go run ../generator/generator.go AddOptions
 // AddOptions are optional options for adding manifest lists
 type AddOptions struct {
-	All        *bool
-	Annotation map[string]string
-	Arch       *string
-	Features   []string
-	Images     []string
-	OS         *string
-	OSVersion  *string
-	Variant    *string
+	All           *bool
+	Annotation    map[string]string
+	Arch          *string
+	Features      []string
+	Images        []string
+	OS            *string
+	OSVersion     *string
+	Variant       *string
+	Authfile      *string
+	Password      *string
+	Username      *string
+	SkipTLSVerify *bool
 }
 
 //go:generate go run ../generator/generator.go RemoveOptions
@@ -40,15 +44,18 @@ type RemoveOptions struct {
 type ModifyOptions struct {
 	// Operation values are "update", "remove" and "annotate". This allows the service to
 	//   efficiently perform each update on a manifest list.
-	Operation   *string
-	All         *bool             // All when true, operate on all images in a manifest list that may be included in Images
-	Annotations map[string]string // Annotations to add to manifest list
-	Arch        *string           // Arch overrides the architecture for the image
-	Features    []string          // Feature list for the image
-	Images      []string          // Images is an optional list of images to add/remove to/from manifest list depending on operation
-	OS          *string           // OS overrides the operating system for the image
-	OSFeatures  []string          // OS features for the image
-	OSVersion   *string           // OSVersion overrides the operating system for the image
-	Variant     *string           // Variant overrides the operating system variant for the image
-
+	Operation     *string
+	All           *bool             // All when true, operate on all images in a manifest list that may be included in Images
+	Annotations   map[string]string // Annotations to add to manifest list
+	Arch          *string           // Arch overrides the architecture for the image
+	Features      []string          // Feature list for the image
+	Images        []string          // Images is an optional list of images to add/remove to/from manifest list depending on operation
+	OS            *string           // OS overrides the operating system for the image
+	OSFeatures    []string          // OS features for the image
+	OSVersion     *string           // OSVersion overrides the operating system for the image
+	Variant       *string           // Variant overrides the operating system variant for the image
+	Authfile      *string
+	Password      *string
+	Username      *string
+	SkipTLSVerify *bool
 }
diff --git a/pkg/bindings/manifests/types_add_options.go b/pkg/bindings/manifests/types_add_options.go
index 0696a69b6..5ba1cc5fa 100644
--- a/pkg/bindings/manifests/types_add_options.go
+++ b/pkg/bindings/manifests/types_add_options.go
@@ -136,3 +136,63 @@ func (o *AddOptions) GetVariant() string {
 	}
 	return *o.Variant
 }
+
+// WithAuthfile set field Authfile to given value
+func (o *AddOptions) WithAuthfile(value string) *AddOptions {
+	o.Authfile = &value
+	return o
+}
+
+// GetAuthfile returns value of field Authfile
+func (o *AddOptions) GetAuthfile() string {
+	if o.Authfile == nil {
+		var z string
+		return z
+	}
+	return *o.Authfile
+}
+
+// WithPassword set field Password to given value
+func (o *AddOptions) WithPassword(value string) *AddOptions {
+	o.Password = &value
+	return o
+}
+
+// GetPassword returns value of field Password
+func (o *AddOptions) GetPassword() string {
+	if o.Password == nil {
+		var z string
+		return z
+	}
+	return *o.Password
+}
+
+// WithUsername set field Username to given value
+func (o *AddOptions) WithUsername(value string) *AddOptions {
+	o.Username = &value
+	return o
+}
+
+// GetUsername returns value of field Username
+func (o *AddOptions) GetUsername() string {
+	if o.Username == nil {
+		var z string
+		return z
+	}
+	return *o.Username
+}
+
+// WithSkipTLSVerify set field SkipTLSVerify to given value
+func (o *AddOptions) WithSkipTLSVerify(value bool) *AddOptions {
+	o.SkipTLSVerify = &value
+	return o
+}
+
+// GetSkipTLSVerify returns value of field SkipTLSVerify
+func (o *AddOptions) GetSkipTLSVerify() bool {
+	if o.SkipTLSVerify == nil {
+		var z bool
+		return z
+	}
+	return *o.SkipTLSVerify
+}
diff --git a/pkg/bindings/manifests/types_modify_options.go b/pkg/bindings/manifests/types_modify_options.go
index 6d75c1e5f..9d2ed2613 100644
--- a/pkg/bindings/manifests/types_modify_options.go
+++ b/pkg/bindings/manifests/types_modify_options.go
@@ -166,3 +166,63 @@ func (o *ModifyOptions) GetVariant() string {
 	}
 	return *o.Variant
 }
+
+// WithAuthfile set field Authfile to given value
+func (o *ModifyOptions) WithAuthfile(value string) *ModifyOptions {
+	o.Authfile = &value
+	return o
+}
+
+// GetAuthfile returns value of field Authfile
+func (o *ModifyOptions) GetAuthfile() string {
+	if o.Authfile == nil {
+		var z string
+		return z
+	}
+	return *o.Authfile
+}
+
+// WithPassword set field Password to given value
+func (o *ModifyOptions) WithPassword(value string) *ModifyOptions {
+	o.Password = &value
+	return o
+}
+
+// GetPassword returns value of field Password
+func (o *ModifyOptions) GetPassword() string {
+	if o.Password == nil {
+		var z string
+		return z
+	}
+	return *o.Password
+}
+
+// WithUsername set field Username to given value
+func (o *ModifyOptions) WithUsername(value string) *ModifyOptions {
+	o.Username = &value
+	return o
+}
+
+// GetUsername returns value of field Username
+func (o *ModifyOptions) GetUsername() string {
+	if o.Username == nil {
+		var z string
+		return z
+	}
+	return *o.Username
+}
+
+// WithSkipTLSVerify set field SkipTLSVerify to given value
+func (o *ModifyOptions) WithSkipTLSVerify(value bool) *ModifyOptions {
+	o.SkipTLSVerify = &value
+	return o
+}
+
+// GetSkipTLSVerify returns value of field SkipTLSVerify
+func (o *ModifyOptions) GetSkipTLSVerify() bool {
+	if o.SkipTLSVerify == nil {
+		var z bool
+		return z
+	}
+	return *o.SkipTLSVerify
+}