1 files changed, 21 insertions, 11 deletions
diff --git a/cmd/podman/images/pull.go b/cmd/podman/images/pull.go
index f996d0681..9e137b5d6 100644
--- a/cmd/podman/images/pull.go
+++ b/cmd/podman/images/pull.go
@@ -4,10 +4,11 @@ import (
 	"fmt"
 	"os"
 
-	buildahcli "github.com/containers/buildah/pkg/cli"
+	"github.com/containers/common/pkg/auth"
 	"github.com/containers/image/v5/types"
 	"github.com/containers/libpod/cmd/podman/registry"
 	"github.com/containers/libpod/pkg/domain/entities"
+	"github.com/containers/libpod/pkg/util"
 	"github.com/pkg/errors"
 	"github.com/spf13/cobra"
 	"github.com/spf13/pflag"
@@ -17,7 +18,8 @@ import (
 // CLI-only fields into the API types.
 type pullOptionsWrapper struct {
 	entities.ImagePullOptions
-	TLSVerifyCLI bool // CLI only
+	TLSVerifyCLI   bool // CLI only
+	CredentialsCLI string
 }
 
 var (
@@ -45,6 +47,7 @@ var (
 		Short: pullCmd.Short,
 		Long:  pullCmd.Long,
 		RunE:  pullCmd.RunE,
+		Args:  cobra.ExactArgs(1),
 		Example: `podman image pull imageName
   podman image pull fedora:latest`,
 	}
@@ -74,9 +77,9 @@ func init() {
 // pullFlags set the flags for the pull command.
 func pullFlags(flags *pflag.FlagSet) {
 	flags.BoolVar(&pullOptions.AllTags, "all-tags", false, "All tagged images in the repository will be pulled")
-	flags.StringVar(&pullOptions.Authfile, "authfile", buildahcli.GetDefaultAuthFile(), "Path of the authentication file. Use REGISTRY_AUTH_FILE environment variable to override")
+	flags.StringVar(&pullOptions.Authfile, "authfile", auth.GetDefaultAuthFile(), "Path of the authentication file. Use REGISTRY_AUTH_FILE environment variable to override")
 	flags.StringVar(&pullOptions.CertDir, "cert-dir", "", "`Pathname` of a directory containing TLS certificates and keys")
-	flags.StringVar(&pullOptions.Credentials, "creds", "", "`Credentials` (USERNAME:PASSWORD) to use for authenticating to a registry")
+	flags.StringVar(&pullOptions.CredentialsCLI, "creds", "", "`Credentials` (USERNAME:PASSWORD) to use for authenticating to a registry")
 	flags.StringVar(&pullOptions.OverrideArch, "override-arch", "", "Use `ARCH` instead of the architecture of the machine for choosing images")
 	flags.StringVar(&pullOptions.OverrideOS, "override-os", "", "Use `OS` instead of the running OS for choosing images")
 	flags.BoolVarP(&pullOptions.Quiet, "quiet", "q", false, "Suppress output information when pulling images")
@@ -86,30 +89,37 @@ func pullFlags(flags *pflag.FlagSet) {
 	if registry.IsRemote() {
 		_ = flags.MarkHidden("authfile")
 		_ = flags.MarkHidden("cert-dir")
-		_ = flags.MarkHidden("signature-policy")
 		_ = flags.MarkHidden("tls-verify")
 	}
+	_ = flags.MarkHidden("signature-policy")
 }
 
 // imagePull is implement the command for pulling images.
 func imagePull(cmd *cobra.Command, args []string) error {
-	pullOptsAPI := pullOptions.ImagePullOptions
 	// TLS verification in c/image is controlled via a `types.OptionalBool`
 	// which allows for distinguishing among set-true, set-false, unspecified
 	// which is important to implement a sane way of dealing with defaults of
 	// boolean CLI flags.
 	if cmd.Flags().Changed("tls-verify") {
-		pullOptsAPI.TLSVerify = types.NewOptionalBool(pullOptions.TLSVerifyCLI)
+		pullOptions.SkipTLSVerify = types.NewOptionalBool(!pullOptions.TLSVerifyCLI)
 	}
-	if pullOptsAPI.Authfile != "" {
-		if _, err := os.Stat(pullOptsAPI.Authfile); err != nil {
-			return errors.Wrapf(err, "error getting authfile %s", pullOptsAPI.Authfile)
+	if pullOptions.Authfile != "" {
+		if _, err := os.Stat(pullOptions.Authfile); err != nil {
+			return errors.Wrapf(err, "error getting authfile %s", pullOptions.Authfile)
 		}
 	}
 
+	if pullOptions.CredentialsCLI != "" {
+		creds, err := util.ParseRegistryCreds(pullOptions.CredentialsCLI)
+		if err != nil {
+			return err
+		}
+		pullOptions.Username = creds.Username
+		pullOptions.Password = creds.Password
+	}
 	// Let's do all the remaining Yoga in the API to prevent us from
 	// scattering logic across (too) many parts of the code.
-	pullReport, err := registry.ImageEngine().Pull(registry.GetContext(), args[0], pullOptsAPI)
+	pullReport, err := registry.ImageEngine().Pull(registry.GetContext(), args[0], pullOptions.ImagePullOptions)
 	if err != nil {
 		return err
 	}