container/client: rework tls settings
Instead of having an extra field, `TlsVerify`, on the `Client` and then later setting the corresponding `SystemContext` options, use the existing `SystemContext` field of `Client`. The corresponding field is a tri-state: unset, true, false, which is represented as a pointer to boolean in the `Client`'s new getter and setter. This also inverts the boolean logic from verify TLS to skip TLS which aligns very well with the corresponding fields in the upload target struct. In addition we properly capitalize some existing variables.
This commit is contained in:
Christian Kellner
Ondřej Budai
parent
4b67e12958
commit
865a899f70
3 changed files with 36 additions and 10 deletions
|
|
@ -17,14 +17,14 @@ func main() {
|
|||
var username string
|
||||
var password string
|
||||
var tag string
|
||||
var ignoreTls bool
|
||||
var ignoreTLS bool
|
||||
|
||||
flag.StringVar(&filename, "container", "", "path to the oci-archive to upload (required)")
|
||||
flag.StringVar(&destination, "destination", "", "destination to upload to (required)")
|
||||
flag.StringVar(&tag, "tag", "", "destination tag to use for the container")
|
||||
flag.StringVar(&username, "username", "", "username to use for registry")
|
||||
flag.StringVar(&password, "password", "", "password to use for registry")
|
||||
flag.BoolVar(&ignoreTls, "ignore-tls", false, "ignore tls verification for destination")
|
||||
flag.BoolVar(&ignoreTLS, "ignore-tls", false, "ignore tls verification for destination")
|
||||
flag.Parse()
|
||||
|
||||
if filename == "" || destination == "" {
|
||||
|
|
@ -59,7 +59,9 @@ func main() {
|
|||
client.SetCredentials(username, password)
|
||||
}
|
||||
|
||||
client.TlsVerify = !ignoreTls
|
||||
if ignoreTLS {
|
||||
client.SkipTLSVerify()
|
||||
}
|
||||
|
||||
ctx := context.Background()
|
||||
|
||||
|
|
|
|||
|
|
@ -751,10 +751,7 @@ func (impl *OSBuildJobImpl) Run(job worker.Job) error {
|
|||
|
||||
client.Auth.Username = targetOptions.Username
|
||||
client.Auth.Password = targetOptions.Password
|
||||
|
||||
if targetOptions.TlsVerify != nil {
|
||||
client.TlsVerify = *targetOptions.TlsVerify
|
||||
}
|
||||
client.SetTLSVerify(targetOptions.TlsVerify)
|
||||
|
||||
sourcePath := path.Join(outputDirectory, jobTarget.OsbuildArtifact.ExportName, jobTarget.OsbuildArtifact.ExportFilename)
|
||||
|
||||
|
|
|
|||
|
|
@ -12,6 +12,7 @@ import (
|
|||
_ "github.com/containers/image/v5/docker/archive"
|
||||
_ "github.com/containers/image/v5/oci/archive"
|
||||
_ "github.com/containers/image/v5/oci/layout"
|
||||
"github.com/osbuild/osbuild-composer/internal/common"
|
||||
|
||||
"github.com/containers/common/pkg/retry"
|
||||
"github.com/containers/image/v5/copy"
|
||||
|
|
@ -48,7 +49,6 @@ type Client struct {
|
|||
MaxRetries int // how often to retry http requests
|
||||
|
||||
UserAgent string // user agent string to use for requests, defaults to DefaultUserAgent
|
||||
TlsVerify bool // use an insecure connection
|
||||
|
||||
// internal state
|
||||
policy *signature.Policy
|
||||
|
|
@ -89,7 +89,6 @@ func NewClient(target string) (*Client, error) {
|
|||
PrecomputeDigests: true,
|
||||
|
||||
UserAgent: DefaultUserAgent,
|
||||
TlsVerify: true,
|
||||
|
||||
sysCtx: &types.SystemContext{
|
||||
RegistriesDirPath: "",
|
||||
|
|
@ -108,6 +107,35 @@ func (cl *Client) SetCredentials(username, password string) {
|
|||
cl.Auth.Password = password
|
||||
}
|
||||
|
||||
// SetSkipTLSVerify controls if TLS verification happens when
|
||||
// making requests. If nil is passed it falls back to the default.
|
||||
func (cl *Client) SetTLSVerify(verify *bool) {
|
||||
if verify == nil {
|
||||
cl.sysCtx.DockerInsecureSkipTLSVerify = types.OptionalBoolUndefined
|
||||
} else {
|
||||
cl.sysCtx.DockerInsecureSkipTLSVerify = types.NewOptionalBool(!*verify)
|
||||
}
|
||||
}
|
||||
|
||||
// GetSkipTLSVerify returns current TLS verification state.
|
||||
func (cl *Client) GetTLSVerify() *bool {
|
||||
|
||||
skip := cl.sysCtx.DockerInsecureSkipTLSVerify
|
||||
|
||||
if skip == types.OptionalBoolUndefined {
|
||||
return nil
|
||||
}
|
||||
|
||||
// NB: we invert the state, i.e. verify == (skip == false)
|
||||
return common.BoolToPtr(skip == types.OptionalBoolFalse)
|
||||
}
|
||||
|
||||
// SkipTLSVerify is a convenience helper that internally calls
|
||||
// SetTLSVerify with false
|
||||
func (cl *Client) SkipTLSVerify() {
|
||||
cl.SetTLSVerify(common.BoolToPtr(false))
|
||||
}
|
||||
|
||||
func parseImageName(name string) (types.ImageReference, error) {
|
||||
|
||||
parts := strings.SplitN(name, ":", 2)
|
||||
|
|
@ -130,7 +158,6 @@ func parseImageName(name string) (types.ImageReference, error) {
|
|||
func (cl *Client) UploadImage(ctx context.Context, from, tag string) (digest.Digest, error) {
|
||||
|
||||
targetCtx := *cl.sysCtx
|
||||
targetCtx.DockerInsecureSkipTLSVerify = types.NewOptionalBool(!cl.TlsVerify)
|
||||
targetCtx.DockerRegistryPushPrecomputeDigests = cl.PrecomputeDigests
|
||||
|
||||
targetCtx.DockerAuthConfig = &types.DockerAuthConfig{
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue