1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
|
package main
import (
"context"
"os"
"github.com/containers/common/pkg/auth"
"github.com/containers/common/pkg/completion"
"github.com/containers/image/v5/types"
"github.com/containers/podman/v4/cmd/podman/common"
"github.com/containers/podman/v4/cmd/podman/registry"
"github.com/spf13/cobra"
)
type loginOptionsWrapper struct {
auth.LoginOptions
tlsVerify bool
}
var (
loginOptions = loginOptionsWrapper{}
loginCommand = &cobra.Command{
Use: "login [options] [REGISTRY]",
Short: "Login to a container registry",
Long: "Login to a container registry on a specified server.",
RunE: login,
Args: cobra.MaximumNArgs(1),
ValidArgsFunction: common.AutocompleteRegistries,
Example: `podman login quay.io
podman login --username ... --password ... quay.io
podman login --authfile dir/auth.json quay.io`,
}
)
func init() {
// Note that the local and the remote client behave the same: both
// store credentials locally while the remote client will pass them
// over the wire to the endpoint.
registry.Commands = append(registry.Commands, registry.CliCommand{
Command: loginCommand,
})
flags := loginCommand.Flags()
// Flags from the auth package.
flags.AddFlagSet(auth.GetLoginFlags(&loginOptions.LoginOptions))
// Add flag completion
completion.CompleteCommandFlags(loginCommand, auth.GetLoginFlagsCompletions())
// Podman flags.
flags.BoolVarP(&loginOptions.tlsVerify, "tls-verify", "", false, "Require HTTPS and verify certificates when contacting registries")
loginOptions.Stdin = os.Stdin
loginOptions.Stdout = os.Stdout
loginOptions.AcceptUnspecifiedRegistry = true
loginOptions.AcceptRepositories = true
}
// Implementation of podman-login.
func login(cmd *cobra.Command, args []string) error {
var skipTLS types.OptionalBool
if cmd.Flags().Changed("tls-verify") {
skipTLS = types.NewOptionalBool(!loginOptions.tlsVerify)
}
sysCtx := &types.SystemContext{
AuthFilePath: loginOptions.AuthFile,
DockerCertPath: loginOptions.CertDir,
DockerInsecureSkipTLSVerify: skipTLS,
}
setRegistriesConfPath(sysCtx)
loginOptions.GetLoginSet = cmd.Flag("get-login").Changed
return auth.Login(context.Background(), sysCtx, &loginOptions.LoginOptions, args)
}
// setRegistriesConfPath sets the registries.conf path for the specified context.
// NOTE: this is a verbatim copy from c/common/libimage which we're not using
// to prevent leaking c/storage into this file. Maybe this should go into c/image?
func setRegistriesConfPath(systemContext *types.SystemContext) {
if systemContext.SystemRegistriesConfPath != "" {
return
}
if envOverride, ok := os.LookupEnv("CONTAINERS_REGISTRIES_CONF"); ok {
systemContext.SystemRegistriesConfPath = envOverride
return
}
if envOverride, ok := os.LookupEnv("REGISTRIES_CONFIG_PATH"); ok {
systemContext.SystemRegistriesConfPath = envOverride
return
}
}
|
