diff options
| -rw-r--r-- | cmd/podman/login.go | 43 | ||||
| -rw-r--r-- | libpod/container.go | 21 | ||||
| -rw-r--r-- | libpod/container_internal.go | 6 | ||||
| -rw-r--r-- | libpod/container_internal_linux.go | 16 |
4 files changed, 73 insertions, 13 deletions
diff --git a/cmd/podman/login.go b/cmd/podman/login.go index aa26d1466..33ce8635f 100644 --- a/cmd/podman/login.go +++ b/cmd/podman/login.go @@ -2,7 +2,6 @@ package main import ( "bufio" - "context" "fmt" "os" "strings" @@ -60,27 +59,48 @@ func loginCmd(c *cli.Context) error { if len(args) == 0 { return errors.Errorf("registry must be given") } - server := scrubServer(args[0]) + server := registryFromFullName(scrubServer(args[0])) authfile := getAuthFile(c.String("authfile")) sc := common.GetSystemContext("", authfile, false) // username of user logged in to server (if one exists) - userFromAuthFile, err := config.GetUserLoggedIn(sc, server) + userFromAuthFile, passFromAuthFile, err := config.GetAuthentication(sc, server) if err != nil { return errors.Wrapf(err, "error getting logged-in user") } - username, password, err := getUserAndPass(c.String("username"), c.String("password"), userFromAuthFile) + + ctx := getContext() + + var ( + username string + password string + ) + + if userFromAuthFile != "" { + username = userFromAuthFile + password = passFromAuthFile + fmt.Println("Authenticating with existing credentials...") + if err := docker.CheckAuth(ctx, sc, username, password, server); err == nil { + fmt.Println("Existing credentials are valid. Already logged in to", server) + return nil + } + fmt.Println("Existing credentials are invalid, please enter valid username and password") + } + + username, password, err = getUserAndPass(c.String("username"), c.String("password"), userFromAuthFile) if err != nil { return errors.Wrapf(err, "error getting username and password") } + sc.DockerInsecureSkipTLSVerify = !c.BoolT("tls-verify") if c.String("cert-dir") != "" { sc.DockerCertPath = c.String("cert-dir") } - if err = docker.CheckAuth(context.TODO(), sc, username, password, server); err == nil { - if err := config.SetAuthentication(sc, server, username, password); err != nil { + if err = docker.CheckAuth(ctx, sc, username, password, server); err == nil { + // Write the new credentials to the authfile + if err = config.SetAuthentication(sc, server, username, password); err != nil { return err } } @@ -126,3 +146,14 @@ func getUserAndPass(username, password, userFromAuthFile string) (string, string } return strings.TrimSpace(username), password, err } + +// registryFromFullName gets the registry from the input. If the input is of the form +// quay.io/myuser/myimage, it will parse it and just return quay.io +// It also returns true if a full image name was given +func registryFromFullName(input string) string { + split := strings.Split(input, "/") + if len(split) > 1 { + return split[0] + } + return split[0] +} diff --git a/libpod/container.go b/libpod/container.go index b6155a809..b5346e581 100644 --- a/libpod/container.go +++ b/libpod/container.go @@ -1001,13 +1001,28 @@ func (c *Container) IsReadOnly() bool { } // NetworkDisabled returns whether the container is running with a disabled network -func (c *Container) NetworkDisabled() bool { +func (c *Container) NetworkDisabled() (bool, error) { + if c.config.NetNsCtr != "" { + container, err := c.runtime.LookupContainer(c.config.NetNsCtr) + if err != nil { + return false, err + } + return networkDisabled(container) + } + return networkDisabled(c) + +} + +func networkDisabled(c *Container) (bool, error) { + if c.config.CreateNetNS { + return false, nil + } if !c.config.PostConfigureNetNS { for _, ns := range c.config.Spec.Linux.Namespaces { if ns.Type == spec.NetworkNamespace { - return ns.Path == "" + return ns.Path == "", nil } } } - return false + return false, nil } diff --git a/libpod/container_internal.go b/libpod/container_internal.go index 934ad7a22..0148e3e7c 100644 --- a/libpod/container_internal.go +++ b/libpod/container_internal.go @@ -601,7 +601,11 @@ func (c *Container) checkDependenciesRunningLocked(depCtrs map[string]*Container } func (c *Container) completeNetworkSetup() error { - if !c.config.PostConfigureNetNS || c.NetworkDisabled() { + netDisabled, err := c.NetworkDisabled() + if err != nil { + return err + } + if !c.config.PostConfigureNetNS || netDisabled { return nil } if err := c.syncContainer(); err != nil { diff --git a/libpod/container_internal_linux.go b/libpod/container_internal_linux.go index b540bbeb8..f9b0592f9 100644 --- a/libpod/container_internal_linux.go +++ b/libpod/container_internal_linux.go @@ -136,7 +136,14 @@ func (c *Container) prepare() (err error) { // cleanupNetwork unmounts and cleans up the container's network func (c *Container) cleanupNetwork() error { - if c.NetworkDisabled() { + if c.config.NetNsCtr != "" { + return nil + } + netDisabled, err := c.NetworkDisabled() + if err != nil { + return err + } + if netDisabled { return nil } if c.state.NetNS == nil { @@ -180,7 +187,6 @@ func (c *Container) generateSpec(ctx context.Context) (*spec.Spec, error) { if err := c.makeBindMounts(); err != nil { return nil, err } - // Check if the spec file mounts contain the label Relabel flags z or Z. // If they do, relabel the source directory and then remove the option. for _, m := range g.Mounts() { @@ -633,8 +639,12 @@ func (c *Container) makeBindMounts() error { if c.state.BindMounts == nil { c.state.BindMounts = make(map[string]string) } + netDisabled, err := c.NetworkDisabled() + if err != nil { + return err + } - if !c.NetworkDisabled() { + if !netDisabled { // Make /etc/resolv.conf if _, ok := c.state.BindMounts["/etc/resolv.conf"]; ok { // If it already exists, delete so we can recreate |