From 48afd62710520eac8bfecf7ee5499c5a395698f1 Mon Sep 17 00:00:00 2001 From: tanner-bruce Date: Wed, 24 Jul 2019 13:58:10 -0400 Subject: [PATCH] Allow skipping TLS verification while publishing (#65) Why this is necessary: when using a local docker registry, users may not want to support https, or there may be other troubles not allowing verifiable TLS support. This commit adds this functionality by adding an `--insecure-registry` flag. --- pkg/commands/options/local.go | 3 +++ pkg/commands/resolver.go | 3 ++- pkg/publish/default.go | 20 ++++++++++++++------ pkg/publish/options.go | 7 +++++++ 4 files changed, 26 insertions(+), 7 deletions(-) diff --git a/pkg/commands/options/local.go b/pkg/commands/options/local.go index bfe468e2..d6e7fc81 100644 --- a/pkg/commands/options/local.go +++ b/pkg/commands/options/local.go @@ -22,9 +22,12 @@ import ( type LocalOptions struct { // Local publishes images to a local docker daemon. Local bool + InsecureRegistry bool } func AddLocalArg(cmd *cobra.Command, lo *LocalOptions) { cmd.Flags().BoolVarP(&lo.Local, "local", "L", lo.Local, "Whether to publish images to a local docker daemon vs. a registry.") + cmd.Flags().BoolVar(&lo.InsecureRegistry, "insecure-registry", lo.InsecureRegistry, + "Whether to skip TLS verification on the registry") } diff --git a/pkg/commands/resolver.go b/pkg/commands/resolver.go index e82f9eea..c8eb98c4 100644 --- a/pkg/commands/resolver.go +++ b/pkg/commands/resolver.go @@ -99,7 +99,8 @@ func makePublisher(no *options.NameOptions, lo *options.LocalOptions, ta *option return publish.NewDefault(repoName, publish.WithAuthFromKeychain(authn.DefaultKeychain), publish.WithNamer(namer), - publish.WithTags(ta.Tags)) + publish.WithTags(ta.Tags), + publish.Insecure(lo.InsecureRegistry)) }() if err != nil { return nil, err diff --git a/pkg/publish/default.go b/pkg/publish/default.go index bd28e1af..8457cd14 100644 --- a/pkg/publish/default.go +++ b/pkg/publish/default.go @@ -33,6 +33,7 @@ type defalt struct { auth authn.Authenticator namer Namer tags []string + insecure bool } // Option is a functional option for NewDefault. @@ -44,6 +45,7 @@ type defaultOpener struct { auth authn.Authenticator namer Namer tags []string + insecure bool } // Namer is a function from a supported import path to the portion of the resulting @@ -62,11 +64,12 @@ var defaultTags = []string{"latest"} func (do *defaultOpener) Open() (Interface, error) { return &defalt{ - base: do.base, - t: do.t, - auth: do.auth, - namer: do.namer, - tags: do.tags, + base: do.base, + t: do.t, + auth: do.auth, + namer: do.namer, + tags: do.tags, + insecure: do.insecure, }, nil } @@ -95,7 +98,12 @@ func (d *defalt) Publish(img v1.Image, s string) (name.Reference, error) { s = strings.ToLower(s) for _, tagName := range d.tags { - tag, err := name.NewTag(fmt.Sprintf("%s/%s:%s", d.base, d.namer(s), tagName)) + + var os []name.Option + if d.insecure { + os = []name.Option{name.Insecure} + } + tag, err := name.NewTag(fmt.Sprintf("%s/%s:%s", d.base, d.namer(s), tagName), os...) if err != nil { return nil, err } diff --git a/pkg/publish/options.go b/pkg/publish/options.go index 1b5cfbb1..ddb3c697 100644 --- a/pkg/publish/options.go +++ b/pkg/publish/options.go @@ -80,3 +80,10 @@ func WithTags(tags []string) Option { return nil } } + +func Insecure(b bool) Option { + return func(i *defaultOpener) error { + i.insecure = b + return nil + } +} \ No newline at end of file