mirror of
https://github.com/containers/podman.git
synced 2025-10-25 02:04:43 +08:00
Add --insecure,--tls-verify,--verbose flags to podman manifest inspect
--insecure and --verbose flags for docker compatibility --tls-verify for syntax compatibility and allow users to inspect manifests at remote Container Registiries without requiring tls. Helps fix: https://github.com/containers/podman/issues/14917 Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
This commit is contained in:
Daniel J Walsh
@ -34,7 +34,7 @@ type ImageEngine interface { //nolint:interfacebloat
|
||||
Untag(ctx context.Context, nameOrID string, tags []string, options ImageUntagOptions) error
|
||||
ManifestCreate(ctx context.Context, name string, images []string, opts ManifestCreateOptions) (string, error)
|
||||
ManifestExists(ctx context.Context, name string) (*BoolReport, error)
|
||||
ManifestInspect(ctx context.Context, name string) ([]byte, error)
|
||||
ManifestInspect(ctx context.Context, name string, opts ManifestInspectOptions) ([]byte, error)
|
||||
ManifestAdd(ctx context.Context, listName string, imageNames []string, opts ManifestAddOptions) (string, error)
|
||||
ManifestAnnotate(ctx context.Context, names, image string, opts ManifestAnnotateOptions) (string, error)
|
||||
ManifestRemoveDigest(ctx context.Context, names, image string) (string, error)
|
||||
|
||||
@ -12,6 +12,12 @@ type ManifestCreateOptions struct {
|
||||
SkipTLSVerify types.OptionalBool `json:"-" schema:"-"`
|
||||
}
|
||||
|
||||
// ManifestInspectOptions provides model for inspecting manifest
|
||||
type ManifestInspectOptions struct {
|
||||
// Should TLS registry certificate be verified?
|
||||
SkipTLSVerify types.OptionalBool `json:"-" schema:"-"`
|
||||
}
|
||||
|
||||
// ManifestAddOptions provides model for adding digests to manifest list
|
||||
//
|
||||
// swagger:model
|
||||
|
||||
@ -17,6 +17,7 @@ import (
|
||||
"github.com/containers/image/v5/pkg/shortnames"
|
||||
"github.com/containers/image/v5/transports"
|
||||
"github.com/containers/image/v5/transports/alltransports"
|
||||
"github.com/containers/image/v5/types"
|
||||
"github.com/containers/podman/v4/pkg/domain/entities"
|
||||
"github.com/containers/storage"
|
||||
"github.com/opencontainers/go-digest"
|
||||
@ -67,7 +68,7 @@ func (ir *ImageEngine) ManifestExists(ctx context.Context, name string) (*entiti
|
||||
}
|
||||
|
||||
// ManifestInspect returns the content of a manifest list or image
|
||||
func (ir *ImageEngine) ManifestInspect(ctx context.Context, name string) ([]byte, error) {
|
||||
func (ir *ImageEngine) ManifestInspect(ctx context.Context, name string, opts entities.ManifestInspectOptions) ([]byte, error) {
|
||||
// NOTE: we have to do a bit of a limbo here as `podman manifest
|
||||
// inspect foo` wants to do a remote-inspect of foo iff "foo" in the
|
||||
// containers storage is an ordinary image but not a manifest list.
|
||||
@ -77,7 +78,7 @@ func (ir *ImageEngine) ManifestInspect(ctx context.Context, name string) ([]byte
|
||||
if errors.Is(err, storage.ErrImageUnknown) || errors.Is(err, libimage.ErrNotAManifestList) {
|
||||
// Do a remote inspect if there's no local image or if the
|
||||
// local image is not a manifest list.
|
||||
return ir.remoteManifestInspect(ctx, name)
|
||||
return ir.remoteManifestInspect(ctx, name, opts)
|
||||
}
|
||||
|
||||
return nil, err
|
||||
@ -101,9 +102,14 @@ func (ir *ImageEngine) ManifestInspect(ctx context.Context, name string) ([]byte
|
||||
}
|
||||
|
||||
// inspect a remote manifest list.
|
||||
func (ir *ImageEngine) remoteManifestInspect(ctx context.Context, name string) ([]byte, error) {
|
||||
func (ir *ImageEngine) remoteManifestInspect(ctx context.Context, name string, opts entities.ManifestInspectOptions) ([]byte, error) {
|
||||
sys := ir.Libpod.SystemContext()
|
||||
|
||||
sys.DockerInsecureSkipTLSVerify = opts.SkipTLSVerify
|
||||
if opts.SkipTLSVerify == types.OptionalBoolTrue {
|
||||
sys.OCIInsecureSkipTLSVerify = true
|
||||
}
|
||||
|
||||
resolved, err := shortnames.Resolve(sys, name)
|
||||
if err != nil {
|
||||
return nil, err
|
||||
|
||||
@ -33,8 +33,17 @@ func (ir *ImageEngine) ManifestExists(ctx context.Context, name string) (*entiti
|
||||
}
|
||||
|
||||
// ManifestInspect returns contents of manifest list with given name
|
||||
func (ir *ImageEngine) ManifestInspect(_ context.Context, name string) ([]byte, error) {
|
||||
list, err := manifests.Inspect(ir.ClientCtx, name, nil)
|
||||
func (ir *ImageEngine) ManifestInspect(ctx context.Context, name string, opts entities.ManifestInspectOptions) ([]byte, error) {
|
||||
options := new(manifests.InspectOptions)
|
||||
if s := opts.SkipTLSVerify; s != types.OptionalBoolUndefined {
|
||||
if s == types.OptionalBoolTrue {
|
||||
options.WithSkipTLSVerify(true)
|
||||
} else {
|
||||
options.WithSkipTLSVerify(false)
|
||||
}
|
||||
}
|
||||
|
||||
list, err := manifests.Inspect(ir.ClientCtx, name, options)
|
||||
if err != nil {
|
||||
return nil, fmt.Errorf("getting content of manifest list or image %s: %w", name, err)
|
||||
}
|
||||
|
||||
Reference in New Issue
Block a user