From 3607fcb553046b9a51c4b591ddf20236c628dc57 Mon Sep 17 00:00:00 2001 From: Suraj Deshmukh Date: Mon, 27 Nov 2017 15:08:21 +0530 Subject: Add flag --cert-dir and --tls-verify to kpod login This commit adds a mechanism to override the default certs dir by using command line flag `--cert-dir` for kpod login. Another flag `--tls-verify` is also added which lets you skip certificate validation when contacting container registry. Signed-off-by: Suraj Deshmukh Closes: #75 Approved by: rhatdan --- cmd/podman/login.go | 13 +++++++++++++ 1 file changed, 13 insertions(+) (limited to 'cmd/podman') diff --git a/cmd/podman/login.go b/cmd/podman/login.go index 8984d069c..55f97de72 100644 --- a/cmd/podman/login.go +++ b/cmd/podman/login.go @@ -5,6 +5,7 @@ import ( "context" "fmt" "os" + "path/filepath" "strings" "github.com/containers/image/docker" @@ -29,6 +30,14 @@ var ( Name: "authfile", Usage: "Path of the authentication file. Default is ${XDG_RUNTIME_DIR}/containers/auth.json", }, + cli.StringFlag{ + Name: "cert-dir", + Usage: "Pathname of a directory containing TLS certificates and keys", + }, + cli.BoolTFlag{ + Name: "tls-verify", + Usage: "Require HTTPS and verify certificates when contacting registries (default: true)", + }, } loginDescription = "Login to a container registry on a specified server." loginCommand = cli.Command{ @@ -64,6 +73,10 @@ func loginCmd(c *cli.Context) error { if err != nil { return errors.Wrapf(err, "error getting username and password") } + sc.DockerInsecureSkipTLSVerify = !c.BoolT("tls-verify") + if c.String("cert-dir") != "" { + sc.DockerCertPath = filepath.Join(c.String("cert-dir"), server) + } if err = docker.CheckAuth(context.TODO(), sc, username, password, server); err == nil { if err := config.SetAuthentication(sc, server, username, password); err != nil { -- cgit v1.2.3-54-g00ecf