opensource/podman
1
0
Fork 0
mirror of https://github.com/containers/podman.git synced 2025-07-02 00:30:00 +08:00
Code Issues Packages Projects Releases Wiki Activity

Switch podman image push handlers to use abi

Browse Source 
Change API Handlers to use the same functions that the
local podman uses.

At the same time:

Cleanup and pass proper bindings.  Remove cli options from
podman-remote push.  Cleanup manifest push.

Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
This commit is contained in:
Daniel J Walsh
2021-01-20 17:13:54 -05:00
parent 179b9d1745
commit 84f7bdc4db
12 changed files with 89 additions and 209 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
cmd/podman/images/push.go
View File

@ -114,7 +114,11 @@ func pushFlags(cmd *cobra.Command) {
if registry.IsRemote() { if registry.IsRemote() {
_ = flags.MarkHidden("cert-dir") _ = flags.MarkHidden("cert-dir")
_ = flags.MarkHidden("compress") _ = flags.MarkHidden("compress")
_ = flags.MarkHidden("digestfile")
_ = flags.MarkHidden("format")
_ = flags.MarkHidden("quiet") _ = flags.MarkHidden("quiet")
_ = flags.MarkHidden("remove-signatures")
_ = flags.MarkHidden("sign-by")
} }
_ = flags.MarkHidden("signature-policy") _ = flags.MarkHidden("signature-policy")
} }

6
docs/source/markdown/podman-push.1.md
View File

@ -91,7 +91,7 @@ solely for scripting compatibility.
#### **--format**, **-f**=*format* #### **--format**, **-f**=*format*
Manifest Type (oci, v2s1, or v2s2) to use when pushing an image to a directory using the 'dir:' transport (default is manifest type of source) Manifest Type (oci, v2s1, or v2s2) to use when pushing an image to a directory using the 'dir:' transport (default is manifest type of source)
Note: This flag can only be set when using the **dir** transport Note: This flag can only be set when using the **dir** transport. (Not available for remote commands)
#### **--quiet**, **-q** #### **--quiet**, **-q**
@ -99,11 +99,11 @@ When writing the output image, suppress progress output
#### **--remove-signatures** #### **--remove-signatures**
Discard any pre-existing signatures in the image Discard any pre-existing signatures in the image. (Not available for remote commands)
#### **--sign-by**=*key* #### **--sign-by**=*key*
Add a signature at the destination using the specified key Add a signature at the destination using the specified key. (Not available for remote commands)
#### **--tls-verify**=*true|false* #### **--tls-verify**=*true|false*

56
pkg/api/handlers/compat/images_push.go
View File

@ -3,13 +3,14 @@ package compat
import ( import (
"context" "context"
"net/http" "net/http"
"os"
"strings" "strings"
"github.com/containers/podman/v2/libpod" "github.com/containers/podman/v2/libpod"
"github.com/containers/podman/v2/libpod/image"
"github.com/containers/podman/v2/pkg/api/handlers/utils" "github.com/containers/podman/v2/pkg/api/handlers/utils"
"github.com/containers/podman/v2/pkg/auth" "github.com/containers/podman/v2/pkg/auth"
"github.com/containers/podman/v2/pkg/domain/entities"
"github.com/containers/podman/v2/pkg/domain/infra/abi"
"github.com/containers/storage"
"github.com/gorilla/schema" "github.com/gorilla/schema"
"github.com/pkg/errors" "github.com/pkg/errors"
) )
@ -18,11 +19,19 @@ import (
func PushImage(w http.ResponseWriter, r *http.Request) { func PushImage(w http.ResponseWriter, r *http.Request) {
decoder := r.Context().Value("decoder").(*schema.Decoder) decoder := r.Context().Value("decoder").(*schema.Decoder)
runtime := r.Context().Value("runtime").(*libpod.Runtime) runtime := r.Context().Value("runtime").(*libpod.Runtime)
// Now use the ABI implementation to prevent us from having duplicate
// code.
imageEngine := abi.ImageEngine{Libpod: runtime}
query := struct { query := struct {
All bool `schema:"all"`
Compress bool `schema:"compress"`
Destination string `schema:"destination"`
Tag string `schema:"tag"` Tag string `schema:"tag"`
TLSVerify bool `schema:"tlsVerify"`
}{ }{
// This is where you can override the golang default value for one of fields // This is where you can override the golang default value for one of fields
TLSVerify: true,
} }
if err := decoder.Decode(&query, r.URL.Query()); err != nil { if err := decoder.Decode(&query, r.URL.Query()); err != nil {
@ -43,39 +52,30 @@ func PushImage(w http.ResponseWriter, r *http.Request) {
return return
} }
newImage, err := runtime.ImageRuntime().NewFromLocal(imageName) authconf, authfile, key, err := auth.GetCredentials(r)
if err != nil {
utils.ImageNotFound(w, imageName, errors.Wrapf(err, "failed to find image %s", imageName))
return
}
authConf, authfile, key, err := auth.GetCredentials(r)
if err != nil { if err != nil {
utils.Error(w, "Something went wrong.", http.StatusBadRequest, errors.Wrapf(err, "failed to parse %q header for %s", key, r.URL.String())) utils.Error(w, "Something went wrong.", http.StatusBadRequest, errors.Wrapf(err, "failed to parse %q header for %s", key, r.URL.String()))
return return
} }
defer auth.RemoveAuthfile(authfile) defer auth.RemoveAuthfile(authfile)
var username, password string
dockerRegistryOptions := &image.DockerRegistryOptions{DockerRegistryCreds: authConf} if authconf != nil {
if sys := runtime.SystemContext(); sys != nil { username = authconf.Username
dockerRegistryOptions.DockerCertPath = sys.DockerCertPath password = authconf.Password
dockerRegistryOptions.RegistriesConfPath = sys.SystemRegistriesConfPath }
options := entities.ImagePushOptions{
All: query.All,
Authfile: authfile,
Compress: query.Compress,
Username: username,
Password: password,
}
if err := imageEngine.Push(context.Background(), imageName, query.Destination, options); err != nil {
if errors.Cause(err) != storage.ErrImageUnknown {
utils.ImageNotFound(w, imageName, errors.Wrapf(err, "failed to find image %s", imageName))
return
} }
err = newImage.PushImageToHeuristicDestination(
context.Background(),
imageName,
"", // manifest type
authfile,
"", // digest file
"", // signature policy
os.Stderr,
false, // force compression
image.SigningOptions{},
dockerRegistryOptions,
nil, // additional tags
)
if err != nil {
utils.Error(w, "Something went wrong.", http.StatusBadRequest, errors.Wrapf(err, "error pushing image %q", imageName)) utils.Error(w, "Something went wrong.", http.StatusBadRequest, errors.Wrapf(err, "error pushing image %q", imageName))
return return
} }

12
pkg/api/handlers/libpod/manifests.go
View File

@ -147,7 +147,6 @@ func ManifestPush(w http.ResponseWriter, r *http.Request) {
query := struct { query := struct {
All bool `schema:"all"` All bool `schema:"all"`
Destination string `schema:"destination"` Destination string `schema:"destination"`
Format string `schema:"format"`
TLSVerify bool `schema:"tlsVerify"` TLSVerify bool `schema:"tlsVerify"`
}{ }{
// Add defaults here once needed. // Add defaults here once needed.
@ -163,24 +162,21 @@ func ManifestPush(w http.ResponseWriter, r *http.Request) {
} }
source := utils.GetName(r) source := utils.GetName(r)
authConf, authfile, key, err := auth.GetCredentials(r) authconf, authfile, key, err := auth.GetCredentials(r)
if err != nil { if err != nil {
utils.Error(w, "failed to retrieve repository credentials", http.StatusBadRequest, errors.Wrapf(err, "failed to parse %q header for %s", key, r.URL.String())) utils.Error(w, "failed to retrieve repository credentials", http.StatusBadRequest, errors.Wrapf(err, "failed to parse %q header for %s", key, r.URL.String()))
return return
} }
defer auth.RemoveAuthfile(authfile) defer auth.RemoveAuthfile(authfile)
var username, password string var username, password string
if authConf != nil { if authconf != nil {
username = authConf.Username username = authconf.Username
password = authConf.Password password = authconf.Password
} }
options := entities.ImagePushOptions{ options := entities.ImagePushOptions{
Authfile: authfile, Authfile: authfile,
Username: username, Username: username,
Password: password, Password: password,
Format: query.Format,
All: query.All, All: query.All,
} }
if sys := runtime.SystemContext(); sys != nil { if sys := runtime.SystemContext(); sys != nil {

12
pkg/api/server/register_images.go
View File

@ -235,6 +235,18 @@ func (s *APIServer) registerImagesHandlers(r *mux.Router) error {
// name: tag // name: tag
// type: string // type: string
// description: The tag to associate with the image on the registry. // description: The tag to associate with the image on the registry.
// - in: query
// name: all
// type: boolean
// description: All indicates whether to push all images related to the image list
// - in: query
// name: compress
// type: boolean
// description: use compression on image
// - in: query
// name: destination
// type: string
// description: destination name for the image being pushed
// - in: header // - in: header
// name: X-Registry-Auth // name: X-Registry-Auth
// type: string // type: string

29
pkg/bindings/images/types.go
View File

@ -104,37 +104,14 @@ type PushOptions struct {
// Authfile is the path to the authentication file. Ignored for remote // Authfile is the path to the authentication file. Ignored for remote
// calls. // calls.
Authfile *string Authfile *string
// CertDir is the path to certificate directories. Ignored for remote // Compress tarball image layers when pushing to a directory using the 'dir' transport.
// calls.
CertDir *string
// Compress tarball image layers when pushing to a directory using the 'dir'
// transport. Default is same compression type as source. Ignored for remote
// calls.
Compress *bool Compress *bool
// Username for authenticating against the registry.
Username *string
// Password for authenticating against the registry. // Password for authenticating against the registry.
Password *string Password *string
// DigestFile, after copying the image, write the digest of the resulting
// image to the file. Ignored for remote calls.
DigestFile *string
// Format is the Manifest type (oci, v2s1, or v2s2) to use when pushing an
// image using the 'dir' transport. Default is manifest type of source.
// Ignored for remote calls.
Format *string
// Quiet can be specified to suppress pull progress when pulling. Ignored
// for remote calls.
Quiet *bool
// RemoveSignatures, discard any pre-existing signatures in the image.
// Ignored for remote calls.
RemoveSignatures *bool
// SignaturePolicy to use when pulling. Ignored for remote calls.
SignaturePolicy *string
// SignBy adds a signature at the destination using the specified key.
// Ignored for remote calls.
SignBy *string
// SkipTLSVerify to skip HTTPS and certificate verification. // SkipTLSVerify to skip HTTPS and certificate verification.
SkipTLSVerify *bool SkipTLSVerify *bool
// Username for authenticating against the registry.
Username *string
} }
//go:generate go run ../generator/generator.go SearchOptions //go:generate go run ../generator/generator.go SearchOptions

144
pkg/bindings/images/types_push_options.go
View File

@ -119,22 +119,6 @@ func (o *PushOptions) GetAuthfile() string {
return *o.Authfile return *o.Authfile
} }
// WithCertDir
func (o *PushOptions) WithCertDir(value string) *PushOptions {
v := &value
o.CertDir = v
return o
}
// GetCertDir
func (o *PushOptions) GetCertDir() string {
var certDir string
if o.CertDir == nil {
return certDir
}
return *o.CertDir
}
// WithCompress // WithCompress
func (o *PushOptions) WithCompress(value bool) *PushOptions { func (o *PushOptions) WithCompress(value bool) *PushOptions {
v := &value v := &value
@ -151,22 +135,6 @@ func (o *PushOptions) GetCompress() bool {
return *o.Compress return *o.Compress
} }
// WithUsername
func (o *PushOptions) WithUsername(value string) *PushOptions {
v := &value
o.Username = v
return o
}
// GetUsername
func (o *PushOptions) GetUsername() string {
var username string
if o.Username == nil {
return username
}
return *o.Username
}
// WithPassword // WithPassword
func (o *PushOptions) WithPassword(value string) *PushOptions { func (o *PushOptions) WithPassword(value string) *PushOptions {
v := &value v := &value
@ -183,102 +151,6 @@ func (o *PushOptions) GetPassword() string {
return *o.Password return *o.Password
} }
// WithDigestFile
func (o *PushOptions) WithDigestFile(value string) *PushOptions {
v := &value
o.DigestFile = v
return o
}
// GetDigestFile
func (o *PushOptions) GetDigestFile() string {
var digestFile string
if o.DigestFile == nil {
return digestFile
}
return *o.DigestFile
}
// WithFormat
func (o *PushOptions) WithFormat(value string) *PushOptions {
v := &value
o.Format = v
return o
}
// GetFormat
func (o *PushOptions) GetFormat() string {
var format string
if o.Format == nil {
return format
}
return *o.Format
}
// WithQuiet
func (o *PushOptions) WithQuiet(value bool) *PushOptions {
v := &value
o.Quiet = v
return o
}
// GetQuiet
func (o *PushOptions) GetQuiet() bool {
var quiet bool
if o.Quiet == nil {
return quiet
}
return *o.Quiet
}
// WithRemoveSignatures
func (o *PushOptions) WithRemoveSignatures(value bool) *PushOptions {
v := &value
o.RemoveSignatures = v
return o
}
// GetRemoveSignatures
func (o *PushOptions) GetRemoveSignatures() bool {
var removeSignatures bool
if o.RemoveSignatures == nil {
return removeSignatures
}
return *o.RemoveSignatures
}
// WithSignaturePolicy
func (o *PushOptions) WithSignaturePolicy(value string) *PushOptions {
v := &value
o.SignaturePolicy = v
return o
}
// GetSignaturePolicy
func (o *PushOptions) GetSignaturePolicy() string {
var signaturePolicy string
if o.SignaturePolicy == nil {
return signaturePolicy
}
return *o.SignaturePolicy
}
// WithSignBy
func (o *PushOptions) WithSignBy(value string) *PushOptions {
v := &value
o.SignBy = v
return o
}
// GetSignBy
func (o *PushOptions) GetSignBy() string {
var signBy string
if o.SignBy == nil {
return signBy
}
return *o.SignBy
}
// WithSkipTLSVerify // WithSkipTLSVerify
func (o *PushOptions) WithSkipTLSVerify(value bool) *PushOptions { func (o *PushOptions) WithSkipTLSVerify(value bool) *PushOptions {
v := &value v := &value
@ -294,3 +166,19 @@ func (o *PushOptions) GetSkipTLSVerify() bool {
} }
return *o.SkipTLSVerify return *o.SkipTLSVerify
} }
// WithUsername
func (o *PushOptions) WithUsername(value string) *PushOptions {
v := &value
o.Username = v
return o
}
// GetUsername
func (o *PushOptions) GetUsername() string {
var username string
if o.Username == nil {
return username
}
return *o.Username
}

1
pkg/bindings/manifests/manifests.go
View File

@ -153,7 +153,6 @@ func Push(ctx context.Context, name, destination string, options *images.PushOpt
} }
params.Set("image", name) params.Set("image", name)
params.Set("destination", destination) params.Set("destination", destination)
params.Set("format", *options.Format)
_, err = conn.DoRequest(nil, http.MethodPost, "/manifests/%s/push", params, nil, name) _, err = conn.DoRequest(nil, http.MethodPost, "/manifests/%s/push", params, nil, name)
if err != nil { if err != nil {
return "", err return "", err

5
pkg/domain/infra/tunnel/images.go
View File

@ -236,10 +236,7 @@ func (ir *ImageEngine) Import(ctx context.Context, opts entities.ImageImportOpti
func (ir *ImageEngine) Push(ctx context.Context, source string, destination string, opts entities.ImagePushOptions) error { func (ir *ImageEngine) Push(ctx context.Context, source string, destination string, opts entities.ImagePushOptions) error {
options := new(images.PushOptions) options := new(images.PushOptions)
options.WithUsername(opts.Username).WithSignaturePolicy(opts.SignaturePolicy).WithQuiet(opts.Quiet) options.WithAll(opts.All).WithCompress(opts.Compress).WithUsername(opts.Username).WithPassword(opts.Password).WithAuthfile(opts.Authfile)
options.WithPassword(opts.Password).WithCertDir(opts.CertDir).WithAuthfile(opts.Authfile)
options.WithCompress(opts.Compress).WithDigestFile(opts.DigestFile).WithFormat(opts.Format)
options.WithRemoveSignatures(opts.RemoveSignatures).WithSignBy(opts.SignBy)
if s := opts.SkipTLSVerify; s != types.OptionalBoolUndefined { if s := opts.SkipTLSVerify; s != types.OptionalBoolUndefined {
if s == types.OptionalBoolTrue { if s == types.OptionalBoolTrue {

6
pkg/domain/infra/tunnel/manifest.go
View File

@ -86,10 +86,8 @@ func (ir *ImageEngine) ManifestRemove(ctx context.Context, names []string) (stri
// ManifestPush pushes a manifest list or image index to the destination // ManifestPush pushes a manifest list or image index to the destination
func (ir *ImageEngine) ManifestPush(ctx context.Context, name, destination string, opts entities.ImagePushOptions) (string, error) { func (ir *ImageEngine) ManifestPush(ctx context.Context, name, destination string, opts entities.ImagePushOptions) (string, error) {
options := new(images.PushOptions) options := new(images.PushOptions)
options.WithUsername(opts.Username).WithSignaturePolicy(opts.SignaturePolicy).WithQuiet(opts.Quiet) options.WithUsername(opts.Username).WithPassword(opts.Password).WithAuthfile(opts.Authfile)
options.WithPassword(opts.Password).WithCertDir(opts.CertDir).WithAuthfile(opts.Authfile) options.WithAll(opts.All)
options.WithCompress(opts.Compress).WithDigestFile(opts.DigestFile).WithFormat(opts.Format)
options.WithRemoveSignatures(opts.RemoveSignatures).WithSignBy(opts.SignBy)
if s := opts.SkipTLSVerify; s != types.OptionalBoolUndefined { if s := opts.SkipTLSVerify; s != types.OptionalBoolUndefined {
if s == types.OptionalBoolTrue { if s == types.OptionalBoolTrue {

14
test/e2e/push_test.go
View File

@ -54,10 +54,16 @@ var _ = Describe("Podman push", func() {
fmt.Sprintf("dir:%s", bbdir)}) fmt.Sprintf("dir:%s", bbdir)})
session.WaitWithDefaultTimeout() session.WaitWithDefaultTimeout()
Expect(session.ExitCode()).To(Equal(0)) Expect(session.ExitCode()).To(Equal(0))
bbdir = filepath.Join(podmanTest.TempDir, "busybox")
session = podmanTest.Podman([]string{"push", "--format", "oci", ALPINE,
fmt.Sprintf("dir:%s", bbdir)})
session.WaitWithDefaultTimeout()
Expect(session.ExitCode()).To(Equal(0))
}) })
It("podman push to local registry", func() { It("podman push to local registry", func() {
SkipIfRemote("FIXME: This should work") SkipIfRemote("Remote does not support --digestfile or --remove-sginatures")
if podmanTest.Host.Arch == "ppc64le" { if podmanTest.Host.Arch == "ppc64le" {
Skip("No registry image for ppc64le") Skip("No registry image for ppc64le")
} }
@ -74,7 +80,7 @@ var _ = Describe("Podman push", func() {
Skip("Cannot start docker registry.") Skip("Cannot start docker registry.")
} }
push := podmanTest.Podman([]string{"push", "--tls-verify=false", "--remove-signatures", ALPINE, "localhost:5000/my-alpine"}) push := podmanTest.Podman([]string{"push", "-q", "--tls-verify=false", "--remove-signatures", ALPINE, "localhost:5000/my-alpine"})
push.WaitWithDefaultTimeout() push.WaitWithDefaultTimeout()
Expect(push.ExitCode()).To(Equal(0)) Expect(push.ExitCode()).To(Equal(0))
@ -88,7 +94,6 @@ var _ = Describe("Podman push", func() {
}) })
It("podman push to local registry with authorization", func() { It("podman push to local registry with authorization", func() {
SkipIfRemote("FIXME: This does not seem to be returning an error")
SkipIfRootless("FIXME: Creating content in certs.d we use directories in homedir") SkipIfRootless("FIXME: Creating content in certs.d we use directories in homedir")
if podmanTest.Host.Arch == "ppc64le" { if podmanTest.Host.Arch == "ppc64le" {
Skip("No registry image for ppc64le") Skip("No registry image for ppc64le")
@ -155,9 +160,12 @@ var _ = Describe("Podman push", func() {
push.WaitWithDefaultTimeout() push.WaitWithDefaultTimeout()
Expect(push).To(ExitWithError()) Expect(push).To(ExitWithError())
if !IsRemote() {
// remote does not support --cert-dir
push = podmanTest.Podman([]string{"push", "--creds=podmantest:test", "--cert-dir=fakedir", ALPINE, "localhost:5000/certdirtest"}) push = podmanTest.Podman([]string{"push", "--creds=podmantest:test", "--cert-dir=fakedir", ALPINE, "localhost:5000/certdirtest"})
push.WaitWithDefaultTimeout() push.WaitWithDefaultTimeout()
Expect(push).To(ExitWithError()) Expect(push).To(ExitWithError())
}
push = podmanTest.Podman([]string{"push", "--creds=podmantest:test", ALPINE, "localhost:5000/defaultflags"}) push = podmanTest.Podman([]string{"push", "--creds=podmantest:test", ALPINE, "localhost:5000/defaultflags"})
push.WaitWithDefaultTimeout() push.WaitWithDefaultTimeout()

1
test/system/150-login.bats
View File

@ -197,6 +197,7 @@ EOF
destname=ok-$(random_string 10 | tr A-Z a-z)-ok destname=ok-$(random_string 10 | tr A-Z a-z)-ok
# Use command-line credentials # Use command-line credentials
run_podman push --tls-verify=false \ run_podman push --tls-verify=false \
--format docker \
--creds ${PODMAN_LOGIN_USER}:${PODMAN_LOGIN_PASS} \ --creds ${PODMAN_LOGIN_USER}:${PODMAN_LOGIN_PASS} \
$IMAGE localhost:${PODMAN_LOGIN_REGISTRY_PORT}/$destname $IMAGE localhost:${PODMAN_LOGIN_REGISTRY_PORT}/$destname