github/skopeo
1
0
Fork 0
mirror of https://github.com/containers/skopeo.git synced 2025-06-19 11:32:27 +00:00
Code Issues Projects Releases Wiki Activity

support cert-path and tls-verify flags

Browse Source 
Signed-off-by: Antonio Murdaca <runcom@redhat.com>
This commit is contained in:
Antonio Murdaca 2016-03-23 15:35:07 +01:00
parent 70a6c7b21d
commit 1ce21cd233
2 changed files with 45 additions and 20 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

47
docker.go
View File

@ -60,6 +60,7 @@ type dockerImage struct {
WWWAuthenticate string WWWAuthenticate string
scheme string scheme string
rawManifest []byte rawManifest []byte
transport *http.Transport
} }
func (i *dockerImage) RawManifest(version string) ([]byte, error) { func (i *dockerImage) RawManifest(version string) ([]byte, error) {
@ -202,9 +203,10 @@ func (i *dockerImage) makeRequest(method, url string, auth bool, headers map[str
return nil, err return nil, err
} }
} }
// insecure by default for now client := &http.Client{}
tr := &http.Transport{TLSClientConfig: &tls.Config{InsecureSkipVerify: true}} if i.transport != nil {
client := &http.Client{Transport: tr} client.Transport = i.transport
}
res, err := client.Do(req) res, err := client.Do(req)
if err != nil { if err != nil {
return nil, err return nil, err
@ -222,9 +224,10 @@ func (i *dockerImage) setupRequestAuth(req *http.Request) error {
req.SetBasicAuth(i.username, i.password) req.SetBasicAuth(i.username, i.password)
return nil return nil
case "Bearer": case "Bearer":
// insecure by default for now client := &http.Client{}
tr := &http.Transport{TLSClientConfig: &tls.Config{InsecureSkipVerify: true}} if i.transport != nil {
client := &http.Client{Transport: tr} client.Transport = i.transport
}
res, err := client.Do(req) res, err := client.Do(req)
if err != nil { if err != nil {
return err return err
@ -285,6 +288,7 @@ func (i *dockerImage) getBearerToken(realm, service, scope string) (string, erro
if i.username != "" && i.password != "" { if i.username != "" && i.password != "" {
authReq.SetBasicAuth(i.username, i.password) authReq.SetBasicAuth(i.username, i.password)
} }
// insecure for now to contact the external token service
tr := &http.Transport{TLSClientConfig: &tls.Config{InsecureSkipVerify: true}} tr := &http.Transport{TLSClientConfig: &tls.Config{InsecureSkipVerify: true}}
client := &http.Client{Transport: tr} client := &http.Client{Transport: tr}
res, err := client.Do(authReq) res, err := client.Do(authReq)
@ -324,7 +328,7 @@ func (i *dockerImage) retrieveRawManifest() error {
if i.rawManifest != nil { if i.rawManifest != nil {
return nil return nil
} }
pr, err := ping(i.registry) pr, err := i.ping()
if err != nil { if err != nil {
return err return err
} }
@ -427,7 +431,7 @@ func (i *dockerImage) getLayer(l, url, tmpDir string) error {
return nil return nil
} }
func parseDockerImage(img string) (types.Image, error) { func parseDockerImage(img, certPath string, tlsVerify bool) (types.Image, error) {
ref, err := reference.ParseNamed(img) ref, err := reference.ParseNamed(img)
if err != nil { if err != nil {
return nil, err return nil, err
@ -453,12 +457,28 @@ func parseDockerImage(img string) (types.Image, error) {
if err != nil { if err != nil {
return nil, err return nil, err
} }
var tr *http.Transport
if certPath != "" {
tlsc := &tls.Config{}
cert, err := tls.LoadX509KeyPair(filepath.Join(certPath, "cert.pem"), filepath.Join(certPath, "key.pem"))
if err != nil {
return nil, fmt.Errorf("Error loading x509 key pair: %s", err)
}
tlsc.Certificates = append(tlsc.Certificates, cert)
tlsc.InsecureSkipVerify = !tlsVerify
tr = &http.Transport{
TLSClientConfig: tlsc,
}
}
return &dockerImage{ return &dockerImage{
ref: ref, ref: ref,
tag: tag, tag: tag,
registry: registry, registry: registry,
username: username, username: username,
password: password, password: password,
transport: tr,
}, nil }, nil
} }
@ -555,12 +575,13 @@ func (pr *pingResponse) needsAuth() bool {
return pr.WWWAuthenticate != "" return pr.WWWAuthenticate != ""
} }
func ping(registry string) (*pingResponse, error) { func (i *dockerImage) ping() (*pingResponse, error) {
// insecure by default for now client := &http.Client{}
tr := &http.Transport{TLSClientConfig: &tls.Config{InsecureSkipVerify: true}} if i.transport != nil {
client := &http.Client{Transport: tr} client.Transport = i.transport
}
ping := func(scheme string) (*pingResponse, error) { ping := func(scheme string) (*pingResponse, error) {
resp, err := client.Get(scheme + "://" + registry + "/v2/") resp, err := client.Get(scheme + "://" + i.registry + "/v2/")
if err != nil { if err != nil {
return nil, err return nil, err
} }

8
utils.go
View File

@ -10,10 +10,14 @@ import (
// ParseImage converts image URL-like string to an initialized handler for that image. // ParseImage converts image URL-like string to an initialized handler for that image.
func ParseImage(c *cli.Context) (types.Image, error) { func ParseImage(c *cli.Context) (types.Image, error) {
imgName := c.Args().First() var (
imgName = c.Args().First()
certPath = c.GlobalString("cert-path")
tlsVerify = c.GlobalBool("tls-verify")
)
switch { switch {
case strings.HasPrefix(imgName, types.DockerPrefix): case strings.HasPrefix(imgName, types.DockerPrefix):
return parseDockerImage(strings.TrimPrefix(imgName, types.DockerPrefix)) return parseDockerImage(strings.TrimPrefix(imgName, types.DockerPrefix), certPath, tlsVerify)
//case strings.HasPrefix(img, appcPrefix): //case strings.HasPrefix(img, appcPrefix):
// //
} }