diff options
Diffstat (limited to 'libpod/common')
-rw-r--r-- | libpod/common/common.go | 99 | ||||
-rw-r--r-- | libpod/common/docker_registry_options.go | 34 | ||||
-rw-r--r-- | libpod/common/output_interfaces.go | 1 | ||||
-rw-r--r-- | libpod/common/signing_options.go | 10 |
4 files changed, 144 insertions, 0 deletions
diff --git a/libpod/common/common.go b/libpod/common/common.go new file mode 100644 index 000000000..775d391da --- /dev/null +++ b/libpod/common/common.go @@ -0,0 +1,99 @@ +package common + +import ( + "io" + "strings" + "syscall" + + cp "github.com/containers/image/copy" + "github.com/containers/image/signature" + "github.com/containers/image/types" + "github.com/pkg/errors" +) + +var ( + // ErrNoPassword is returned if the user did not supply a password + ErrNoPassword = errors.Wrapf(syscall.EINVAL, "password was not supplied") +) + +// GetCopyOptions constructs a new containers/image/copy.Options{} struct from the given parameters +func GetCopyOptions(reportWriter io.Writer, signaturePolicyPath string, srcDockerRegistry, destDockerRegistry *DockerRegistryOptions, signing SigningOptions, authFile string) *cp.Options { + if srcDockerRegistry == nil { + srcDockerRegistry = &DockerRegistryOptions{} + } + if destDockerRegistry == nil { + destDockerRegistry = &DockerRegistryOptions{} + } + srcContext := srcDockerRegistry.GetSystemContext(signaturePolicyPath, authFile) + destContext := destDockerRegistry.GetSystemContext(signaturePolicyPath, authFile) + return &cp.Options{ + RemoveSignatures: signing.RemoveSignatures, + SignBy: signing.SignBy, + ReportWriter: reportWriter, + SourceCtx: srcContext, + DestinationCtx: destContext, + } +} + +// GetSystemContext Constructs a new containers/image/types.SystemContext{} struct from the given signaturePolicy path +func GetSystemContext(signaturePolicyPath, authFilePath string) *types.SystemContext { + sc := &types.SystemContext{} + if signaturePolicyPath != "" { + sc.SignaturePolicyPath = signaturePolicyPath + } + sc.AuthFilePath = authFilePath + return sc +} + +// CopyStringStringMap deep copies a map[string]string and returns the result +func CopyStringStringMap(m map[string]string) map[string]string { + n := map[string]string{} + for k, v := range m { + n[k] = v + } + return n +} + +// IsTrue determines whether the given string equals "true" +func IsTrue(str string) bool { + return str == "true" +} + +// IsFalse determines whether the given string equals "false" +func IsFalse(str string) bool { + return str == "false" +} + +// IsValidBool determines whether the given string equals "true" or "false" +func IsValidBool(str string) bool { + return IsTrue(str) || IsFalse(str) +} + +// GetPolicyContext creates a signature policy context for the given signature policy path +func GetPolicyContext(path string) (*signature.PolicyContext, error) { + policy, err := signature.DefaultPolicy(&types.SystemContext{SignaturePolicyPath: path}) + if err != nil { + return nil, err + } + return signature.NewPolicyContext(policy) +} + +// ParseRegistryCreds takes a credentials string in the form USERNAME:PASSWORD +// and returns a DockerAuthConfig +func ParseRegistryCreds(creds string) (*types.DockerAuthConfig, error) { + if creds == "" { + return nil, errors.New("no credentials supplied") + } + if !strings.Contains(creds, ":") { + return &types.DockerAuthConfig{ + Username: creds, + Password: "", + }, ErrNoPassword + } + v := strings.SplitN(creds, ":", 2) + cfg := &types.DockerAuthConfig{ + Username: v[0], + Password: v[1], + } + return cfg, nil +} diff --git a/libpod/common/docker_registry_options.go b/libpod/common/docker_registry_options.go new file mode 100644 index 000000000..24fa5c03e --- /dev/null +++ b/libpod/common/docker_registry_options.go @@ -0,0 +1,34 @@ +package common + +import "github.com/containers/image/types" + +// DockerRegistryOptions encapsulates settings that affect how we connect or +// authenticate to a remote registry. +type DockerRegistryOptions struct { + // DockerRegistryCreds is the user name and password to supply in case + // we need to pull an image from a registry, and it requires us to + // authenticate. + DockerRegistryCreds *types.DockerAuthConfig + // DockerCertPath is the location of a directory containing CA + // certificates which will be used to verify the registry's certificate + // (all files with names ending in ".crt"), and possibly client + // certificates and private keys (pairs of files with the same name, + // except for ".cert" and ".key" suffixes). + DockerCertPath string + // DockerInsecureSkipTLSVerify turns off verification of TLS + // certificates and allows connecting to registries without encryption. + DockerInsecureSkipTLSVerify bool +} + +// GetSystemContext constructs a new system context from the given signaturePolicy path and the +// values in the DockerRegistryOptions +func (o DockerRegistryOptions) GetSystemContext(signaturePolicyPath, authFile string) *types.SystemContext { + sc := &types.SystemContext{ + SignaturePolicyPath: signaturePolicyPath, + DockerAuthConfig: o.DockerRegistryCreds, + DockerCertPath: o.DockerCertPath, + DockerInsecureSkipTLSVerify: o.DockerInsecureSkipTLSVerify, + AuthFilePath: authFile, + } + return sc +} diff --git a/libpod/common/output_interfaces.go b/libpod/common/output_interfaces.go new file mode 100644 index 000000000..805d0c79a --- /dev/null +++ b/libpod/common/output_interfaces.go @@ -0,0 +1 @@ +package common diff --git a/libpod/common/signing_options.go b/libpod/common/signing_options.go new file mode 100644 index 000000000..b7e14be82 --- /dev/null +++ b/libpod/common/signing_options.go @@ -0,0 +1,10 @@ +package common + +// SigningOptions encapsulates settings that control whether or not we strip or +// add signatures to images when writing them. +type SigningOptions struct { + // RemoveSignatures directs us to remove any signatures which are already present. + RemoveSignatures bool + // SignBy is a key identifier of some kind, indicating that a signature should be generated using the specified private key and stored with the image. + SignBy string +} |