opensource/podman
1
0
Fork 0
mirror of https://github.com/containers/podman.git synced 2025-06-23 18:59:30 +08:00
Code Issues Packages Projects Releases Wiki Activity

Remove manual handling of insecure registries in (podman search)

Browse Source 
Instead, just set SystemRegistriesConfPath and let the transport do it.

Signed-off-by: Miloslav Trmač <mitr@redhat.com>
This commit is contained in:
Miloslav Trmač
2018-12-03 23:09:21 +01:00
parent 99d9626d71
commit 489164fcfa
1 changed files with 20 additions and 49 deletions
Download Patch File Download Diff File Expand all files Collapse all files

69
cmd/podman/search.go
View File

@ -73,11 +73,12 @@ type searchParams struct {
} }
type searchOpts struct { type searchOpts struct {
filter []string filter []string
limit int limit int
noTrunc bool noTrunc bool
format string format string
authfile string authfile string
insecureSkipTLSVerify types.OptionalBool
} }
type searchFilterParams struct { type searchFilterParams struct {
@ -117,7 +118,10 @@ func searchCmd(c *cli.Context) error {
filter: c.StringSlice("filter"), filter: c.StringSlice("filter"),
authfile: getAuthFile(c.String("authfile")), authfile: getAuthFile(c.String("authfile")),
} }
regAndSkipTLS, err := getRegistriesAndSkipTLS(c, registry) if c.IsSet("tls-verify") {
opts.insecureSkipTLSVerify = types.NewOptionalBool(!c.BoolT("tls-verify"))
}
registries, err := getRegistries(registry)
if err != nil { if err != nil {
return err return err
} }
@ -127,7 +131,7 @@ func searchCmd(c *cli.Context) error {
return err return err
} }
return generateSearchOutput(term, regAndSkipTLS, opts, *filter) return generateSearchOutput(term, registries, opts, *filter)
} }
func genSearchFormat(format string) string { func genSearchFormat(format string) string {
@ -158,16 +162,8 @@ func (s *searchParams) headerMap() map[string]string {
return values return values
} }
// A function for finding which registries can skip TLS // getRegistries returns the list of registries to search, depending on an optional registry specification
func getRegistriesAndSkipTLS(c *cli.Context, registry string) (map[string]bool, error) { func getRegistries(registry string) ([]string, error) {
// Variables for setting up Registry and TLSVerify
tlsVerify := c.BoolT("tls-verify")
forceSecure := false
if c.IsSet("tls-verify") {
forceSecure = c.BoolT("tls-verify")
}
var registries []string var registries []string
if registry != "" { if registry != "" {
registries = append(registries, registry) registries = append(registries, registry)
@ -178,35 +174,10 @@ func getRegistriesAndSkipTLS(c *cli.Context, registry string) (map[string]bool,
return nil, errors.Wrapf(err, "error getting registries to search") return nil, errors.Wrapf(err, "error getting registries to search")
} }
} }
regAndSkipTLS := make(map[string]bool) return registries, nil
// If tls-verify is set to false, allow insecure always.
if !tlsVerify {
for _, reg := range registries {
regAndSkipTLS[reg] = true
}
} else {
// initially set all registries to verify with TLS
for _, reg := range registries {
regAndSkipTLS[reg] = false
}
// if the user didn't allow nor disallow insecure registries, check to see if the registry is insecure
if !forceSecure {
insecureRegistries, err := sysreg.GetInsecureRegistries()
if err != nil {
return nil, errors.Wrapf(err, "error getting insecure registries to search")
}
for _, reg := range insecureRegistries {
// if there are any insecure registries in registries, allow for HTTP
if _, ok := regAndSkipTLS[reg]; ok {
regAndSkipTLS[reg] = true
}
}
}
}
return regAndSkipTLS, nil
} }
func getSearchOutput(term string, regAndSkipTLS map[string]bool, opts searchOpts, filter searchFilterParams) ([]searchParams, error) { func getSearchOutput(term string, registries []string, opts searchOpts, filter searchFilterParams) ([]searchParams, error) {
// Max number of queries by default is 25 // Max number of queries by default is 25
limit := maxQueries limit := maxQueries
if opts.limit != 0 { if opts.limit != 0 {
@ -214,10 +185,10 @@ func getSearchOutput(term string, regAndSkipTLS map[string]bool, opts searchOpts
} }
sc := common.GetSystemContext("", opts.authfile, false) sc := common.GetSystemContext("", opts.authfile, false)
sc.DockerInsecureSkipTLSVerify = opts.insecureSkipTLSVerify
sc.SystemRegistriesConfPath = sysreg.SystemRegistriesConfPath() // FIXME: Set this more globally. Probably no reason not to have it in every types.SystemContext, and to compute the value just once in one place.
var paramsArr []searchParams var paramsArr []searchParams
for reg, skipTLS := range regAndSkipTLS { for _, reg := range registries {
// set the SkipTLSVerify bool depending on the registry being searched through
sc.DockerInsecureSkipTLSVerify = types.NewOptionalBool(skipTLS)
results, err := docker.SearchRegistry(context.TODO(), sc, reg, term, limit) results, err := docker.SearchRegistry(context.TODO(), sc, reg, term, limit)
if err != nil { if err != nil {
logrus.Errorf("error searching registry %q: %v", reg, err) logrus.Errorf("error searching registry %q: %v", reg, err)
@ -277,8 +248,8 @@ func getSearchOutput(term string, regAndSkipTLS map[string]bool, opts searchOpts
return paramsArr, nil return paramsArr, nil
} }
func generateSearchOutput(term string, regAndSkipTLS map[string]bool, opts searchOpts, filter searchFilterParams) error { func generateSearchOutput(term string, registries []string, opts searchOpts, filter searchFilterParams) error {
searchOutput, err := getSearchOutput(term, regAndSkipTLS, opts, filter) searchOutput, err := getSearchOutput(term, registries, opts, filter)
if err != nil { if err != nil {
return err return err
} }