Skip to content

Commit 68ff66d

Browse files
simon-cjsimon-cj
authored
feat: Support TLS verification skip flag (#105)
1 parent 8f3baae commit 68ff66d

File tree

11 files changed

+23
-5
lines changed

11 files changed

+23
-5
lines changed

cmd/ormb-storage-initializer/cmd/prerun.go

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -23,6 +23,7 @@ func preRunE(cmd *cobra.Command, args []string) error {
2323
oras.ClientOptRootPath(rootPath),
2424
oras.ClientOptWriter(os.Stdout),
2525
oras.ClientOptPlainHTTP(plainHTTPOpt),
26+
oras.ClientOptInsecure(insecureOpt),
2627
)
2728
return err
2829
}

cmd/ormb-storage-initializer/cmd/pull-and-export.go

Lines changed: 4 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -68,6 +68,7 @@ var pullExportCmd = &cobra.Command{
6868
oras.ClientOptRootPath(rootPath),
6969
oras.ClientOptWriter(os.Stdout),
7070
oras.ClientOptPlainHTTP(plainHTTPOpt),
71+
oras.ClientOptInsecure(insecureOpt),
7172
)
7273
if err != nil {
7374
return err
@@ -112,4 +113,7 @@ var pullExportCmd = &cobra.Command{
112113

113114
func init() {
114115
rootCmd.AddCommand(pullExportCmd)
116+
117+
pullExportCmd.Flags().BoolVarP(&plainHTTPOpt, "plain-http", "", false, "use plain http and not https")
118+
pullExportCmd.Flags().BoolVarP(&insecureOpt, "insecure", "", true, "allow connections to TLS registry without certs")
115119
}

cmd/ormb/cmd/login.go

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -124,5 +124,5 @@ func init() {
124124
loginCmd.Flags().StringVarP(&usernameOpt, "username", "u", "", "registry username")
125125
loginCmd.Flags().StringVarP(&passwordOpt, "password", "p", "", "registry password or identity token")
126126
loginCmd.Flags().BoolVarP(&passwordFromStdinOpt, "password-stdin", "", false, "read password or identity token from stdin")
127-
loginCmd.Flags().BoolVarP(&insecureOpt, "insecure", "", false, "allow connections to TLS registry without certs")
127+
loginCmd.Flags().BoolVarP(&insecureOpt, "insecure", "", true, "allow connections to TLS registry without certs")
128128
}

cmd/ormb/cmd/prerun.go

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -26,6 +26,7 @@ func preRunE(cmd *cobra.Command, args []string) error {
2626
oras.ClientOptRootPath(rootPath),
2727
oras.ClientOptWriter(os.Stdout),
2828
oras.ClientOptPlainHTTP(plainHTTPOpt),
29+
oras.ClientOptInsecure(insecureOpt),
2930
)
3031
return err
3132
}

cmd/ormb/cmd/pull.go

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -37,4 +37,5 @@ func init() {
3737
rootCmd.AddCommand(pullCmd)
3838

3939
pullCmd.Flags().BoolVarP(&plainHTTPOpt, "plain-http", "", false, "use plain http and not https")
40+
pullCmd.Flags().BoolVarP(&insecureOpt, "insecure", "", true, "allow connections to TLS registry without certs")
4041
}

cmd/ormb/cmd/push.go

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -37,4 +37,5 @@ func init() {
3737
rootCmd.AddCommand(pushCmd)
3838

3939
pushCmd.Flags().BoolVarP(&plainHTTPOpt, "plain-http", "", false, "use plain http and not https")
40+
pushCmd.Flags().BoolVarP(&insecureOpt, "insecure", "", true, "allow connections to TLS registry without certs")
4041
}

go.mod

Lines changed: 2 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -13,7 +13,7 @@ require (
1313
github.com/docker/libtrust v0.0.0-20160708172513-aabc10ec26b7 // indirect
1414
github.com/garyburd/redigo v1.6.0 // indirect
1515
github.com/gofrs/uuid v3.3.0+incompatible // indirect
16-
github.com/golang/mock v1.4.3
16+
github.com/golang/mock v1.4.4
1717
github.com/gorilla/handlers v1.4.2 // indirect
1818
github.com/gorilla/mux v1.7.4 // indirect
1919
github.com/kardianos/osext v0.0.0-20190222173326-2bc1f35cddc0 // indirect
@@ -39,4 +39,5 @@ require (
3939
gopkg.in/check.v1 v1.0.0-20190902080502-41f04d3bba15 // indirect
4040
gopkg.in/yaml.v2 v2.3.0
4141
rsc.io/letsencrypt v0.0.3 // indirect
42+
rsc.io/quote/v3 v3.1.0 // indirect
4243
)

go.sum

Lines changed: 2 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -144,6 +144,8 @@ github.com/golang/mock v1.3.1 h1:qGJ6qTW+x6xX/my+8YUVl4WNpX9B7+/l2tRsHGZ7f2s=
144144
github.com/golang/mock v1.3.1/go.mod h1:sBzyDLLjw3U8JLTeZvSv8jJB+tU5PVekmnlKIyFUx0Y=
145145
github.com/golang/mock v1.4.3 h1:GV+pQPG/EUUbkh47niozDcADz6go/dUwhVzdUQHIVRw=
146146
github.com/golang/mock v1.4.3/go.mod h1:UOMv5ysSaYNkG+OFQykRIcU/QvvxJf3p21QfJ2Bt3cw=
147+
github.com/golang/mock v1.4.4 h1:l75CXGRSwbaYNpl/Z2X1XIIAMSCquvXgpVZDhwEIJsc=
148+
github.com/golang/mock v1.4.4/go.mod h1:l3mdAwkq5BuhzHwde/uurv3sEJeZMXNpwsxVWU71h+4=
147149
github.com/golang/protobuf v1.2.0/go.mod h1:6lQm79b+lXiMfvg/cZm0SGofjICqVBUtrP5yJMmIC1U=
148150
github.com/golang/protobuf v1.3.1/go.mod h1:6lQm79b+lXiMfvg/cZm0SGofjICqVBUtrP5yJMmIC1U=
149151
github.com/golang/protobuf v1.3.2 h1:6nsPYzhq5kReh6QImI3k5qWzO4PEbvbIW2cwSfR/6xs=

pkg/oras/client.go

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -38,6 +38,7 @@ type Client struct {
3838
orasClient orasclient.Interface
3939
rootPath string
4040
plainHTTP bool
41+
insecure bool
4142
}
4243

4344
// NewClient returns a new registry client with config
@@ -64,9 +65,8 @@ func NewClient(opts ...ClientOption) (Interface, error) {
6465
resolver, err := client.authorizer.Resolver(
6566
context.Background(),
6667
&http.Client{
67-
// TODO(gaocegege): Make it optional.
6868
Transport: &http.Transport{
69-
TLSClientConfig: &tls.Config{InsecureSkipVerify: true},
69+
TLSClientConfig: &tls.Config{InsecureSkipVerify: client.insecure},
7070
},
7171
}, client.plainHTTP)
7272
if err != nil {

pkg/oras/client_opts.go

Lines changed: 7 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -60,3 +60,10 @@ func ClientOptPlainHTTP(plainHTTP bool) ClientOption {
6060
client.plainHTTP = plainHTTP
6161
}
6262
}
63+
64+
// ClientOptInsecure returns a function that sets the insecure setting on client options set
65+
func ClientOptInsecure(insecure bool) ClientOption {
66+
return func(client *Client) {
67+
client.insecure = insecure
68+
}
69+
}

0 commit comments

Comments
 (0)