aboutsummaryrefslogtreecommitdiff
path: root/libpod/image/docker_registry_options.go
blob: 62a4af46533a4827fb43015277e5f969449251d4 (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
package image

import (
	"fmt"

	"github.com/containers/image/v5/docker/reference"
	"github.com/containers/image/v5/types"

	podmanVersion "github.com/containers/libpod/version"
)

// DockerRegistryOptions encapsulates settings that affect how we connect or
// authenticate to a remote registry.
type DockerRegistryOptions struct {
	// DockerRegistryCreds is the user name and password to supply in case
	// we need to pull an image from a registry, and it requires us to
	// authenticate.
	DockerRegistryCreds *types.DockerAuthConfig
	// DockerCertPath is the location of a directory containing CA
	// certificates which will be used to verify the registry's certificate
	// (all files with names ending in ".crt"), and possibly client
	// certificates and private keys (pairs of files with the same name,
	// except for ".cert" and ".key" suffixes).
	DockerCertPath string
	// DockerInsecureSkipTLSVerify turns off verification of TLS
	// certificates and allows connecting to registries without encryption
	// - or forces it on even if registries.conf has the registry configured as insecure.
	DockerInsecureSkipTLSVerify types.OptionalBool
	// If not "", overrides the use of platform.GOOS when choosing an image or verifying OS match.
	OSChoice string
	// If not "", overrides the use of platform.GOARCH when choosing an image or verifying architecture match.
	ArchitectureChoice string
}

// GetSystemContext constructs a new system context from a parent context. the values in the DockerRegistryOptions, and other parameters.
func (o DockerRegistryOptions) GetSystemContext(parent *types.SystemContext, additionalDockerArchiveTags []reference.NamedTagged) *types.SystemContext {
	sc := &types.SystemContext{
		DockerAuthConfig:            o.DockerRegistryCreds,
		DockerCertPath:              o.DockerCertPath,
		DockerInsecureSkipTLSVerify: o.DockerInsecureSkipTLSVerify,
		DockerArchiveAdditionalTags: additionalDockerArchiveTags,
		OSChoice:                    o.OSChoice,
		ArchitectureChoice:          o.ArchitectureChoice,
	}
	if parent != nil {
		sc.SignaturePolicyPath = parent.SignaturePolicyPath
		sc.AuthFilePath = parent.AuthFilePath
		sc.DirForceCompress = parent.DirForceCompress
		sc.DockerRegistryUserAgent = parent.DockerRegistryUserAgent
		sc.OSChoice = parent.OSChoice
		sc.ArchitectureChoice = parent.ArchitectureChoice
	}
	return sc
}

// GetSystemContext Constructs a new containers/image/types.SystemContext{} struct from the given signaturePolicy path
func GetSystemContext(signaturePolicyPath, authFilePath string, forceCompress bool) *types.SystemContext {
	sc := &types.SystemContext{}
	if signaturePolicyPath != "" {
		sc.SignaturePolicyPath = signaturePolicyPath
	}
	sc.AuthFilePath = authFilePath
	sc.DirForceCompress = forceCompress
	sc.DockerRegistryUserAgent = fmt.Sprintf("libpod/%s", podmanVersion.Version)

	return sc
}