summaryrefslogtreecommitdiff
path: root/pkg
diff options
context:
space:
mode:
authorDaniel J Walsh <dwalsh@redhat.com>2019-05-11 07:26:05 -0400
committerDaniel J Walsh <dwalsh@redhat.com>2019-05-20 13:53:32 -0400
commitbaed81029b74c8d801ea9d5cf67a78005472e6ed (patch)
treeb7c8b61992b18df56558d8dfff744990d18e3e26 /pkg
parent8d5432932d21b6863f813437d649044ca2264a2d (diff)
downloadpodman-baed81029b74c8d801ea9d5cf67a78005472e6ed.tar.gz
podman-baed81029b74c8d801ea9d5cf67a78005472e6ed.tar.bz2
podman-baed81029b74c8d801ea9d5cf67a78005472e6ed.zip
Fixup Flags
Mark hidden all references to signature-policy Default all uses of --authfile Add --authfile support to podman run and podman create. Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
Diffstat (limited to 'pkg')
-rw-r--r--pkg/adapter/runtime_remote.go41
-rw-r--r--pkg/varlinkapi/images.go70
2 files changed, 19 insertions, 92 deletions
diff --git a/pkg/adapter/runtime_remote.go b/pkg/adapter/runtime_remote.go
index e86287462..e0c0898bd 100644
--- a/pkg/adapter/runtime_remote.go
+++ b/pkg/adapter/runtime_remote.go
@@ -182,10 +182,7 @@ func (r *LocalRuntime) NewImageFromLocal(name string) (*ContainerImage, error) {
// LoadFromArchiveReference creates an image from a local archive
func (r *LocalRuntime) LoadFromArchiveReference(ctx context.Context, srcRef types.ImageReference, signaturePolicyPath string, writer io.Writer) ([]*ContainerImage, error) {
var iid string
- // TODO We need to find a way to leak certDir, creds, and the tlsverify into this function, normally this would
- // come from cli options but we don't want want those in here either.
- tlsverify := true
- reply, err := iopodman.PullImage().Send(r.Conn, varlink.More, srcRef.DockerReference().String(), "", "", signaturePolicyPath, &tlsverify)
+ reply, err := iopodman.PullImage().Send(r.Conn, varlink.More, srcRef.DockerReference().String())
if err != nil {
return nil, err
}
@@ -217,21 +214,7 @@ func (r *LocalRuntime) New(ctx context.Context, name, signaturePolicyPath, authf
if label != nil {
return nil, errors.New("the remote client function does not support checking a remote image for a label")
}
- var (
- tlsVerify bool
- tlsVerifyPtr *bool
- )
- if dockeroptions.DockerInsecureSkipTLSVerify == types.OptionalBoolFalse {
- tlsVerify = true
- tlsVerifyPtr = &tlsVerify
-
- }
- if dockeroptions.DockerInsecureSkipTLSVerify == types.OptionalBoolTrue {
- tlsVerify = false
- tlsVerifyPtr = &tlsVerify
- }
-
- reply, err := iopodman.PullImage().Send(r.Conn, varlink.More, name, dockeroptions.DockerCertPath, "", signaturePolicyPath, tlsVerifyPtr)
+ reply, err := iopodman.PullImage().Send(r.Conn, varlink.More, name)
if err != nil {
return nil, err
}
@@ -429,9 +412,8 @@ func (r *LocalRuntime) Build(ctx context.Context, c *cliconfig.BuildValues, opti
Quiet: options.Quiet,
RemoteIntermediateCtrs: options.RemoveIntermediateCtrs,
// ReportWriter:
- RuntimeArgs: options.RuntimeArgs,
- SignaturePolicyPath: options.SignaturePolicyPath,
- Squash: options.Squash,
+ RuntimeArgs: options.RuntimeArgs,
+ Squash: options.Squash,
}
// tar the file
outputFile, err := ioutil.TempFile("", "varlink_tar_send")
@@ -570,20 +552,7 @@ func (r *LocalRuntime) RemoveVolumes(ctx context.Context, c *cliconfig.VolumeRmV
func (r *LocalRuntime) Push(ctx context.Context, srcName, destination, manifestMIMEType, authfile, signaturePolicyPath string, writer io.Writer, forceCompress bool, signingOptions image.SigningOptions, dockerRegistryOptions *image.DockerRegistryOptions, additionalDockerArchiveTags []reference.NamedTagged) error {
- var (
- tls *bool
- tlsVerify bool
- )
- if dockerRegistryOptions.DockerInsecureSkipTLSVerify == types.OptionalBoolTrue {
- tlsVerify = false
- tls = &tlsVerify
- }
- if dockerRegistryOptions.DockerInsecureSkipTLSVerify == types.OptionalBoolFalse {
- tlsVerify = true
- tls = &tlsVerify
- }
-
- reply, err := iopodman.PushImage().Send(r.Conn, varlink.More, srcName, destination, tls, signaturePolicyPath, "", dockerRegistryOptions.DockerCertPath, forceCompress, manifestMIMEType, signingOptions.RemoveSignatures, signingOptions.SignBy)
+ reply, err := iopodman.PushImage().Send(r.Conn, varlink.More, srcName, destination, forceCompress, manifestMIMEType, signingOptions.RemoveSignatures, signingOptions.SignBy)
if err != nil {
return err
}
diff --git a/pkg/varlinkapi/images.go b/pkg/varlinkapi/images.go
index 20f82a1c6..fa1a0a109 100644
--- a/pkg/varlinkapi/images.go
+++ b/pkg/varlinkapi/images.go
@@ -188,7 +188,6 @@ func (i *LibpodAPI) BuildImage(call iopodman.VarlinkCall, config iopodman.BuildI
RemoveIntermediateCtrs: config.RemoteIntermediateCtrs,
ReportWriter: &output,
RuntimeArgs: config.RuntimeArgs,
- SignaturePolicyPath: config.SignaturePolicyPath,
Squash: config.Squash,
SystemContext: &systemContext,
}
@@ -311,10 +310,9 @@ func (i *LibpodAPI) HistoryImage(call iopodman.VarlinkCall, name string) error {
}
// PushImage pushes an local image to registry
-func (i *LibpodAPI) PushImage(call iopodman.VarlinkCall, name, tag string, tlsVerify *bool, signaturePolicy, creds, certDir string, compress bool, format string, removeSignatures bool, signBy string) error {
+func (i *LibpodAPI) PushImage(call iopodman.VarlinkCall, name, tag string, compress bool, format string, removeSignatures bool, signBy string) error {
var (
- registryCreds *types.DockerAuthConfig
- manifestType string
+ manifestType string
)
newImage, err := i.Runtime.ImageRuntime().NewFromLocal(name)
if err != nil {
@@ -324,20 +322,7 @@ func (i *LibpodAPI) PushImage(call iopodman.VarlinkCall, name, tag string, tlsVe
if tag != "" {
destname = tag
}
- if creds != "" {
- creds, err := util.ParseRegistryCreds(creds)
- if err != nil {
- return err
- }
- registryCreds = creds
- }
- dockerRegistryOptions := image.DockerRegistryOptions{
- DockerRegistryCreds: registryCreds,
- DockerCertPath: certDir,
- }
- if tlsVerify != nil {
- dockerRegistryOptions.DockerInsecureSkipTLSVerify = types.NewOptionalBool(!*tlsVerify)
- }
+ dockerRegistryOptions := image.DockerRegistryOptions{}
if format != "" {
switch format {
case "oci": //nolint
@@ -362,7 +347,7 @@ func (i *LibpodAPI) PushImage(call iopodman.VarlinkCall, name, tag string, tlsVe
output := bytes.NewBuffer([]byte{})
c := make(chan error)
go func() {
- err := newImage.PushImageToHeuristicDestination(getContext(), destname, manifestType, "", signaturePolicy, output, compress, so, &dockerRegistryOptions, nil)
+ err := newImage.PushImageToHeuristicDestination(getContext(), destname, manifestType, "", "", output, compress, so, &dockerRegistryOptions, nil)
c <- err
close(c)
}()
@@ -439,18 +424,14 @@ func (i *LibpodAPI) RemoveImage(call iopodman.VarlinkCall, name string, force bo
// SearchImages searches all registries configured in /etc/containers/registries.conf for an image
// Requires an image name and a search limit as int
-func (i *LibpodAPI) SearchImages(call iopodman.VarlinkCall, query string, limit *int64, tlsVerify *bool, filter iopodman.ImageSearchFilter) error {
+func (i *LibpodAPI) SearchImages(call iopodman.VarlinkCall, query string, limit *int64, filter iopodman.ImageSearchFilter) error {
// Transform all arguments to proper types first
argLimit := 0
- argTLSVerify := types.OptionalBoolUndefined
argIsOfficial := types.OptionalBoolUndefined
argIsAutomated := types.OptionalBoolUndefined
if limit != nil {
argLimit = int(*limit)
}
- if tlsVerify != nil {
- argTLSVerify = types.NewOptionalBool(!*tlsVerify)
- }
if filter.Is_official != nil {
argIsOfficial = types.NewOptionalBool(*filter.Is_official)
}
@@ -466,9 +447,8 @@ func (i *LibpodAPI) SearchImages(call iopodman.VarlinkCall, query string, limit
}
searchOptions := image.SearchOptions{
- Limit: argLimit,
- Filter: sFilter,
- InsecureSkipTLSVerify: argTLSVerify,
+ Limit: argLimit,
+ Filter: sFilter,
}
results, err := image.SearchImages(query, searchOptions)
if err != nil {
@@ -600,27 +580,11 @@ func (i *LibpodAPI) ExportImage(call iopodman.VarlinkCall, name, destination str
}
// PullImage pulls an image from a registry to the image store.
-func (i *LibpodAPI) PullImage(call iopodman.VarlinkCall, name string, certDir, creds, signaturePolicy string, tlsVerify *bool) error {
+func (i *LibpodAPI) PullImage(call iopodman.VarlinkCall, name string) error {
var (
- registryCreds *types.DockerAuthConfig
- imageID string
+ imageID string
)
- if creds != "" {
- creds, err := util.ParseRegistryCreds(creds)
- if err != nil {
- return err
- }
- registryCreds = creds
- }
-
- dockerRegistryOptions := image.DockerRegistryOptions{
- DockerRegistryCreds: registryCreds,
- DockerCertPath: certDir,
- }
- if tlsVerify != nil {
- dockerRegistryOptions.DockerInsecureSkipTLSVerify = types.NewOptionalBool(!*tlsVerify)
- }
-
+ dockerRegistryOptions := image.DockerRegistryOptions{}
so := image.SigningOptions{}
if call.WantsMore() {
@@ -634,14 +598,14 @@ func (i *LibpodAPI) PullImage(call iopodman.VarlinkCall, name string, certDir, c
if err != nil {
c <- errors.Wrapf(err, "error parsing %q", name)
}
- newImage, err := i.Runtime.ImageRuntime().LoadFromArchiveReference(getContext(), srcRef, signaturePolicy, output)
+ newImage, err := i.Runtime.ImageRuntime().LoadFromArchiveReference(getContext(), srcRef, "", output)
if err != nil {
c <- errors.Wrapf(err, "error pulling image from %q", name)
} else {
imageID = newImage[0].ID()
}
} else {
- newImage, err := i.Runtime.ImageRuntime().New(getContext(), name, signaturePolicy, "", output, &dockerRegistryOptions, so, false, nil)
+ newImage, err := i.Runtime.ImageRuntime().New(getContext(), name, "", "", output, &dockerRegistryOptions, so, false, nil)
if err != nil {
c <- errors.Wrapf(err, "unable to pull %s", name)
} else {
@@ -709,18 +673,12 @@ func (i *LibpodAPI) ImageExists(call iopodman.VarlinkCall, name string) error {
// ContainerRunlabel ...
func (i *LibpodAPI) ContainerRunlabel(call iopodman.VarlinkCall, input iopodman.Runlabel) error {
ctx := getContext()
- dockerRegistryOptions := image.DockerRegistryOptions{
- DockerCertPath: input.CertDir,
- }
- if input.TlsVerify != nil {
- dockerRegistryOptions.DockerInsecureSkipTLSVerify = types.NewOptionalBool(!*input.TlsVerify)
- }
-
+ dockerRegistryOptions := image.DockerRegistryOptions{}
stdErr := os.Stderr
stdOut := os.Stdout
stdIn := os.Stdin
- runLabel, imageName, err := shared.GetRunlabel(input.Label, input.Image, ctx, i.Runtime, input.Pull, input.Creds, dockerRegistryOptions, input.Authfile, input.SignaturePolicyPath, nil)
+ runLabel, imageName, err := shared.GetRunlabel(input.Label, input.Image, ctx, i.Runtime, input.Pull, "", dockerRegistryOptions, input.Authfile, "", nil)
if err != nil {
return call.ReplyErrorOccurred(err.Error())
}