podmanV2: implement push

* Implement `podman-push` and `podman-image-push` for the podmanV2 client. * Tests for `pkg/bindings` are not possible at the time of writing as we don't have a local registry running. * Implement `/images/{name}/push` compat endpoint. Tests are not implemented for this v2 endpoint. It has been tested manually. General note: The auth config extraction from the http header is not implement for push. Since it's not yet supported for other endpoints either, I deferred it to future work. Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
author: Valentin Rothberg <rothberg@redhat.com> 2020-03-31 12:54:06 +0200
committer: Valentin Rothberg <rothberg@redhat.com> 2020-04-02 17:01:32 +0200
commit: 44a515015c3766809089d260917a508bf94a73fd (patch)
tree: 87847c6b13be0d7e3fd2c52496876288e9a41f1e /pkg/domain
parent: ffd2d783919e6038fe55e3e6b8cf44c0b3356a96 (diff)
download: podman-44a515015c3766809089d260917a508bf94a73fd.tar.gz
podman-44a515015c3766809089d260917a508bf94a73fd.tar.bz2
podman-44a515015c3766809089d260917a508bf94a73fd.zip
4 files changed, 102 insertions, 0 deletions
diff --git a/pkg/domain/entities/engine_image.go b/pkg/domain/entities/engine_image.go
index ac856c05f..04b9d34e6 100644
--- a/pkg/domain/entities/engine_image.go
+++ b/pkg/domain/entities/engine_image.go
@@ -16,4 +16,5 @@ type ImageEngine interface {
 	Untag(ctx context.Context, nameOrId string, tags []string, options ImageUntagOptions) error
 	Load(ctx context.Context, opts ImageLoadOptions) (*ImageLoadReport, error)
 	Import(ctx context.Context, opts ImageImportOptions) (*ImageImportReport, error)
+	Push(ctx context.Context, source string, destination string, opts ImagePushOptions) error
 }
diff --git a/pkg/domain/entities/images.go b/pkg/domain/entities/images.go
index d136f42fd..d66de3c5e 100644
--- a/pkg/domain/entities/images.go
+++ b/pkg/domain/entities/images.go
@@ -144,6 +144,43 @@ type ImagePullReport struct {
 	Images []string
 }
 
+// ImagePushOptions are the arguments for pushing images.
+type ImagePushOptions struct {
+	// Authfile is the path to the authentication file. Ignored for remote
+	// calls.
+	Authfile string
+	// CertDir is the path to certificate directories.  Ignored for remote
+	// calls.
+	CertDir string
+	// Compress tarball image layers when pushing to a directory using the 'dir'
+	// transport. Default is same compression type as source. Ignored for remote
+	// calls.
+	Compress bool
+	// Credentials for authenticating against the registry in the format
+	// USERNAME:PASSWORD.
+	Credentials string
+	// DigestFile, after copying the image, write the digest of the resulting
+	// image to the file.  Ignored for remote calls.
+	DigestFile string
+	// Format is the Manifest type (oci, v2s1, or v2s2) to use when pushing an
+	// image using the 'dir' transport. Default is manifest type of source.
+	// Ignored for remote calls.
+	Format string
+	// Quiet can be specified to suppress pull progress when pulling.  Ignored
+	// for remote calls.
+	Quiet bool
+	// RemoveSignatures, discard any pre-existing signatures in the image.
+	// Ignored for remote calls.
+	RemoveSignatures bool
+	// SignaturePolicy to use when pulling.  Ignored for remote calls.
+	SignaturePolicy string
+	// SignBy adds a signature at the destination using the specified key.
+	// Ignored for remote calls.
+	SignBy string
+	// TLSVerify to enable/disable HTTPS and certificate verification.
+	TLSVerify types.OptionalBool
+}
+
 type ImageListOptions struct {
 	All     bool       `json:"all" schema:"all"`
 	Filter  []string   `json:"Filter,omitempty"`
diff --git a/pkg/domain/infra/abi/images.go b/pkg/domain/infra/abi/images.go
index f8c63730c..94008f287 100644
--- a/pkg/domain/infra/abi/images.go
+++ b/pkg/domain/infra/abi/images.go
@@ -12,6 +12,7 @@ import (
 	"github.com/containers/image/v5/docker"
 	dockerarchive "github.com/containers/image/v5/docker/archive"
 	"github.com/containers/image/v5/docker/reference"
+	"github.com/containers/image/v5/manifest"
 	"github.com/containers/image/v5/transports/alltransports"
 	"github.com/containers/image/v5/types"
 	"github.com/containers/libpod/libpod/image"
@@ -20,6 +21,7 @@ import (
 	domainUtils "github.com/containers/libpod/pkg/domain/utils"
 	"github.com/containers/libpod/pkg/util"
 	"github.com/containers/storage"
+	imgspecv1 "github.com/opencontainers/image-spec/specs-go/v1"
 	"github.com/pkg/errors"
 	"github.com/sirupsen/logrus"
 )
@@ -260,6 +262,64 @@ func (ir *ImageEngine) Inspect(ctx context.Context, names []string, opts entitie
 	return &report, nil
 }
 
+func (ir *ImageEngine) Push(ctx context.Context, source string, destination string, options entities.ImagePushOptions) error {
+	var writer io.Writer
+	if !options.Quiet {
+		writer = os.Stderr
+	}
+
+	var manifestType string
+	switch options.Format {
+	case "":
+		// Default
+	case "oci":
+		manifestType = imgspecv1.MediaTypeImageManifest
+	case "v2s1":
+		manifestType = manifest.DockerV2Schema1SignedMediaType
+	case "v2s2", "docker":
+		manifestType = manifest.DockerV2Schema2MediaType
+	default:
+		return fmt.Errorf("unknown format %q. Choose on of the supported formats: 'oci', 'v2s1', or 'v2s2'", options.Format)
+	}
+
+	var registryCreds *types.DockerAuthConfig
+	if options.Credentials != "" {
+		creds, err := util.ParseRegistryCreds(options.Credentials)
+		if err != nil {
+			return err
+		}
+		registryCreds = creds
+	}
+	dockerRegistryOptions := image.DockerRegistryOptions{
+		DockerRegistryCreds:         registryCreds,
+		DockerCertPath:              options.CertDir,
+		DockerInsecureSkipTLSVerify: options.TLSVerify,
+	}
+
+	signOptions := image.SigningOptions{
+		RemoveSignatures: options.RemoveSignatures,
+		SignBy:           options.SignBy,
+	}
+
+	newImage, err := ir.Libpod.ImageRuntime().NewFromLocal(source)
+	if err != nil {
+		return err
+	}
+
+	return newImage.PushImageToHeuristicDestination(
+		ctx,
+		destination,
+		manifestType,
+		options.Authfile,
+		options.DigestFile,
+		options.SignaturePolicy,
+		writer,
+		options.Compress,
+		signOptions,
+		&dockerRegistryOptions,
+		nil)
+}
+
 // func (r *imageRuntime) Delete(ctx context.Context, nameOrId string, opts entities.ImageDeleteOptions) (*entities.ImageDeleteReport, error) {
 // 	image, err := r.libpod.ImageEngine().NewFromLocal(nameOrId)
 // 	if err != nil {
diff --git a/pkg/domain/infra/tunnel/images.go b/pkg/domain/infra/tunnel/images.go
index 155f5e4bd..028603d98 100644
--- a/pkg/domain/infra/tunnel/images.go
+++ b/pkg/domain/infra/tunnel/images.go
@@ -184,3 +184,7 @@ func (ir *ImageEngine) Import(ctx context.Context, opts entities.ImageImportOpti
 	}
 	return images.Import(ir.ClientCxt, opts.Changes, &opts.Message, &opts.Reference, sourceURL, f)
 }
+
+func (ir *ImageEngine) Push(ctx context.Context, source string, destination string, options entities.ImagePushOptions) error {
+	return images.Push(ir.ClientCxt, source, destination, options)
+}
author	Valentin Rothberg <rothberg@redhat.com>	2020-03-31 12:54:06 +0200
committer	Valentin Rothberg <rothberg@redhat.com>	2020-04-02 17:01:32 +0200
commit	44a515015c3766809089d260917a508bf94a73fd (patch)
tree	87847c6b13be0d7e3fd2c52496876288e9a41f1e /pkg/domain
parent	ffd2d783919e6038fe55e3e6b8cf44c0b3356a96 (diff)
download	podman-44a515015c3766809089d260917a508bf94a73fd.tar.gz podman-44a515015c3766809089d260917a508bf94a73fd.tar.bz2 podman-44a515015c3766809089d260917a508bf94a73fd.zip