diff options
| author | Valentin Rothberg <rothberg@redhat.com> | 2020-05-12 09:48:00 +0200 |
|---|---|---|
| committer | Valentin Rothberg <rothberg@redhat.com> | 2020-05-12 10:20:48 +0200 |
| commit | 1c3bd95b81e5247b7db3f8333aeb01ea58073fe9 (patch) | |
| tree | 70697fa1d2431eb06d8128fa69f2693e156e187a /pkg | |
| parent | 7837bf3c071f1259bc08d8f9e52ed2b4edbda428 (diff) | |
| download | podman-1c3bd95b81e5247b7db3f8333aeb01ea58073fe9.tar.gz podman-1c3bd95b81e5247b7db3f8333aeb01ea58073fe9.tar.bz2 podman-1c3bd95b81e5247b7db3f8333aeb01ea58073fe9.zip | |
auto-update: support authfiles
Support using custom authfiles for auto updates by adding a new
`--authfile` flag and passing it down into the backend.
Also do some minor fixes in the help text and the man page.
Fixes: #6159
Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
Diffstat (limited to 'pkg')
| -rw-r--r-- | pkg/autoupdate/autoupdate.go | 25 | ||||
| -rw-r--r-- | pkg/domain/entities/auto-update.go | 6 | ||||
| -rw-r--r-- | pkg/domain/entities/engine_container.go | 2 | ||||
| -rw-r--r-- | pkg/domain/infra/abi/auto-update.go | 8 | ||||
| -rw-r--r-- | pkg/domain/infra/tunnel/auto-update.go | 2 |
5 files changed, 29 insertions, 14 deletions
diff --git a/pkg/autoupdate/autoupdate.go b/pkg/autoupdate/autoupdate.go index 78d5ac474..1b0419892 100644 --- a/pkg/autoupdate/autoupdate.go +++ b/pkg/autoupdate/autoupdate.go @@ -63,6 +63,12 @@ func LookupPolicy(s string) (Policy, error) { return "", errors.Errorf("invalid auto-update policy %q: valid policies are %+q", s, keys) } +// Options include parameters for auto updates. +type Options struct { + // Authfile to use when contacting registries. + Authfile string +} + // ValidateImageReference checks if the specified imageName is a fully-qualified // image reference to the docker transport (without digest). Such a reference // includes a domain, name and tag (e.g., quay.io/podman/stable:latest). The @@ -96,7 +102,7 @@ func ValidateImageReference(imageName string) error { // // It returns a slice of successfully restarted systemd units and a slice of // errors encountered during auto update. -func AutoUpdate(runtime *libpod.Runtime) ([]string, []error) { +func AutoUpdate(runtime *libpod.Runtime, options Options) ([]string, []error) { // Create a map from `image ID -> []*Container`. containerMap, errs := imageContainersMap(runtime) if len(containerMap) == 0 { @@ -138,7 +144,7 @@ func AutoUpdate(runtime *libpod.Runtime) ([]string, []error) { if rawImageName == "" { errs = append(errs, errors.Errorf("error auto-updating container %q: raw-image name is empty", ctr.ID())) } - needsUpdate, err := newerImageAvailable(runtime, image, rawImageName) + needsUpdate, err := newerImageAvailable(runtime, image, rawImageName, options) if err != nil { errs = append(errs, errors.Wrapf(err, "error auto-updating container %q: image check for %q failed", ctr.ID(), rawImageName)) continue @@ -148,7 +154,7 @@ func AutoUpdate(runtime *libpod.Runtime) ([]string, []error) { } logrus.Infof("Auto-updating container %q using image %q", ctr.ID(), rawImageName) if _, updated := updatedRawImages[rawImageName]; !updated { - _, err = updateImage(runtime, rawImageName) + _, err = updateImage(runtime, rawImageName, options) if err != nil { errs = append(errs, errors.Wrapf(err, "error auto-updating container %q: image update for %q failed", ctr.ID(), rawImageName)) continue @@ -230,13 +236,15 @@ func imageContainersMap(runtime *libpod.Runtime) (map[string][]*libpod.Container // newerImageAvailable returns true if there corresponding image on the remote // registry is newer. -func newerImageAvailable(runtime *libpod.Runtime, img *image.Image, origName string) (bool, error) { +func newerImageAvailable(runtime *libpod.Runtime, img *image.Image, origName string, options Options) (bool, error) { remoteRef, err := docker.ParseReference("//" + origName) if err != nil { return false, err } - remoteImg, err := remoteRef.NewImage(context.Background(), runtime.SystemContext()) + sys := runtime.SystemContext() + sys.AuthFilePath = options.Authfile + remoteImg, err := remoteRef.NewImage(context.Background(), sys) if err != nil { return false, err } @@ -255,25 +263,22 @@ func newerImageAvailable(runtime *libpod.Runtime, img *image.Image, origName str } // updateImage pulls the specified image. -func updateImage(runtime *libpod.Runtime, name string) (*image.Image, error) { +func updateImage(runtime *libpod.Runtime, name string, options Options) (*image.Image, error) { sys := runtime.SystemContext() registryOpts := image.DockerRegistryOptions{} signaturePolicyPath := "" - authFilePath := "" if sys != nil { registryOpts.OSChoice = sys.OSChoice registryOpts.ArchitectureChoice = sys.OSChoice registryOpts.DockerCertPath = sys.DockerCertPath - signaturePolicyPath = sys.SignaturePolicyPath - authFilePath = sys.AuthFilePath } newImage, err := runtime.ImageRuntime().New(context.Background(), docker.Transport.Name()+"://"+name, signaturePolicyPath, - authFilePath, + options.Authfile, os.Stderr, ®istryOpts, image.SigningOptions{}, diff --git a/pkg/domain/entities/auto-update.go b/pkg/domain/entities/auto-update.go index aef8fc46b..c51158816 100644 --- a/pkg/domain/entities/auto-update.go +++ b/pkg/domain/entities/auto-update.go @@ -1,5 +1,11 @@ package entities +// AutoUpdateOptions are the options for running auto-update. +type AutoUpdateOptions struct { + // Authfile to use when contacting registries. + Authfile string +} + // AutoUpdateReport contains the results from running auto-update. type AutoUpdateReport struct { // Units - the restarted systemd units during auto-update. diff --git a/pkg/domain/entities/engine_container.go b/pkg/domain/entities/engine_container.go index 719ac3f9e..e77f0758b 100644 --- a/pkg/domain/entities/engine_container.go +++ b/pkg/domain/entities/engine_container.go @@ -10,7 +10,7 @@ import ( ) type ContainerEngine interface { - AutoUpdate(ctx context.Context) (*AutoUpdateReport, []error) + AutoUpdate(ctx context.Context, options AutoUpdateOptions) (*AutoUpdateReport, []error) Config(ctx context.Context) (*config.Config, error) ContainerAttach(ctx context.Context, nameOrId string, options AttachOptions) error ContainerCheckpoint(ctx context.Context, namesOrIds []string, options CheckpointOptions) ([]*CheckpointReport, error) diff --git a/pkg/domain/infra/abi/auto-update.go b/pkg/domain/infra/abi/auto-update.go index aa20664b4..9fcc451fd 100644 --- a/pkg/domain/infra/abi/auto-update.go +++ b/pkg/domain/infra/abi/auto-update.go @@ -7,7 +7,11 @@ import ( "github.com/containers/libpod/pkg/domain/entities" ) -func (ic *ContainerEngine) AutoUpdate(ctx context.Context) (*entities.AutoUpdateReport, []error) { - units, failures := autoupdate.AutoUpdate(ic.Libpod) +func (ic *ContainerEngine) AutoUpdate(ctx context.Context, options entities.AutoUpdateOptions) (*entities.AutoUpdateReport, []error) { + // Convert the entities options to the autoupdate ones. We can't use + // them in the entities package as low-level packages must not leak + // into the remote client. + autoOpts := autoupdate.Options{Authfile: options.Authfile} + units, failures := autoupdate.AutoUpdate(ic.Libpod, autoOpts) return &entities.AutoUpdateReport{Units: units}, failures } diff --git a/pkg/domain/infra/tunnel/auto-update.go b/pkg/domain/infra/tunnel/auto-update.go index fac033050..5c2dd360d 100644 --- a/pkg/domain/infra/tunnel/auto-update.go +++ b/pkg/domain/infra/tunnel/auto-update.go @@ -7,6 +7,6 @@ import ( "github.com/pkg/errors" ) -func (ic *ContainerEngine) AutoUpdate(ctx context.Context) (*entities.AutoUpdateReport, []error) { +func (ic *ContainerEngine) AutoUpdate(ctx context.Context, options entities.AutoUpdateOptions) (*entities.AutoUpdateReport, []error) { return nil, []error{errors.New("not implemented")} } |