Fix image listing

opcr-io · Oct 6, 2021 · e7a9dc4 · e7a9dc4
1 parent bbc715e
commit e7a9dc4
Show file tree

Hide file tree

Showing 6 changed files with 24 additions and 13 deletions.
diff --git a/.vscode/settings.json b/.vscode/settings.json
@@ -36,6 +36,7 @@
     "GOMODCACHE",
     "goreleaser",
     "gosampleproject",
+    "gosec",
     "gotest",
     "gotestsum",
     "goveralls",

diff --git a/cmd/policy/list.go → cmd/policy/images.go b/cmd/policy/list.go → cmd/policy/images.go
@@ -7,12 +7,12 @@ type ImagesCmd struct {
 
 func (c *ImagesCmd) Run(g *Globals) error {
 	if c.Remote {
-		err := g.App.ListRemote(c.Sever)
+		err := g.App.ImagesRemote(c.Sever)
 		if err != nil {
-			g.App.UI.Problem().WithErr(err).Msg("Failed to list local policies.")
+			g.App.UI.Problem().WithErr(err).Msg("Failed to list remote policies.")
 		}
 	} else {
-		err := g.App.List()
+		err := g.App.Images()
 		if err != nil {
 			g.App.UI.Problem().WithErr(err).Msg("Failed to list local policies.")
 		}

diff --git a/cmd/policy/main.go b/cmd/policy/main.go
@@ -27,6 +27,7 @@ type Globals struct {
 	Debug     bool
 	Config    string
 	Verbosity int
+	Insecure  bool
 	App       *app.PolicyApp
 }
 
@@ -36,6 +37,7 @@ var PolicyCLI struct {
 	Config    string `short:"c" type:"path" help:"Path to the policy CLI config file." default:"$HOME/.config/policy/config.yaml"`
 	Debug     bool   `help:"Enable debug mode."`
 	Verbosity int    `short:"v" type:"counter" help:"Use to increase output verbosity."`
+	Insecure  bool   `short:"k" help:"Do not verify TLS connections."`
 
 	Build   BuildCmd   `cmd:"" help:"Build policies."`
 	Images  ImagesCmd  `cmd:"" help:"List policy images."`
@@ -66,6 +68,7 @@ func (g *Globals) setup() func() {
 			default:
 				c.Logging.LogLevel = "trace"
 			}
+			c.Insecure = g.Insecure
 		})
 
 	if err != nil {
@@ -86,6 +89,7 @@ func main() {
 		Debug:     PolicyCLI.Debug,
 		Config:    PolicyCLI.Config,
 		Verbosity: PolicyCLI.Verbosity,
+		Insecure:  PolicyCLI.Insecure,
 	}
 	cleanup := g.setup()
 	defer cleanup()

diff --git a/pkg/app/list.go b/pkg/app/list.go
@@ -14,7 +14,7 @@ import (
 	"oras.land/oras-go/pkg/content"
 )
 
-func (c *PolicyApp) List() error {
+func (c *PolicyApp) Images() error {
 	defer c.Cancel()
 
 	ociStore, err := content.NewOCIStore(c.Configuration.FileStoreRoot)
@@ -62,7 +62,9 @@ func (c *PolicyApp) List() error {
 	return nil
 }
 
-func (c *PolicyApp) ListRemote(server string) error {
+func (c *PolicyApp) ImagesRemote(server string) error {
+	defer c.Cancel()
+
 	creds := c.Configuration.Servers[server]
 
 	xClient := extendedclient.NewExtendedClient(c.Logger, &extendedclient.Config{
@@ -81,17 +83,15 @@ func (c *PolicyApp) ListRemote(server string) error {
 	// Get a list of all images
 	images, err := xClient.ListImages()
 	if err != nil {
-		c.UI.Problem().WithErr(err).Msg("Failed to list images.")
 		return err
 	}
 
 	table := c.UI.Normal().WithTable("Repository", "Tag")
 	for _, image := range images {
-		repo := server + "/" + creds.Username + "/" + image
+		repo := server + "/" + image
 
 		tags, err := c.imageTags(repo, creds.Username, creds.Password)
 		if err != nil {
-			c.UI.Problem().WithErr(err).WithStringValue("image", image).Msg("Failed to list tags for policy image.")
 			return err
 		}
 
@@ -116,10 +116,13 @@ func (c *PolicyApp) imageTags(repoName, username, password string) ([]string, er
 		return nil, errors.Wrapf(err, "invalid repo name [%s]", repoName)
 	}
 
-	tags, err := remote.List(repo, remote.WithAuth(&authn.Basic{
-		Username: username,
-		Password: password,
-	}))
+	tags, err := remote.List(repo,
+		remote.WithAuth(&authn.Basic{
+			Username: username,
+			Password: password,
+		}),
+		remote.WithTransport(c.TransportWithTrustedCAs()))
+
 	if err != nil {
 		if tErr, ok := err.(*transport.Error); ok {
 			switch tErr.StatusCode {

diff --git a/pkg/app/transport.go b/pkg/app/transport.go
@@ -10,6 +10,9 @@ import (
 )
 
 func (c *PolicyApp) TransportWithTrustedCAs() *http.Transport {
+	if c.Configuration.Insecure {
+		return &http.Transport{TLSClientConfig: &tls.Config{InsecureSkipVerify: true}} // nolint:gosec // feature used for debugging
+	}
 	// Get the SystemCertPool, continue with an empty pool on error
 	var (
 		rootCAs *x509.CertPool
@@ -37,7 +40,6 @@ func (c *PolicyApp) TransportWithTrustedCAs() *http.Transport {
 			log.Println("No certs appended, using system certs only")
 			c.UI.Exclamation().Msgf("Cert %q not appended to RootCAs.", localCertFile)
 		}
-
 	}
 
 	// Trust the augmented cert pool in our client

diff --git a/pkg/cc/config/config.go b/pkg/cc/config/config.go
@@ -24,6 +24,7 @@ type Config struct {
 	DefaultDomain string        `json:"default_domain"`
 	Logging       logger.Config `json:"logging"`
 	CA            []string      `json:"ca"`
+	Insecure      bool          `json:"insecure"`
 	Repl          struct {
 		HistoryFile string `json:"history_file"`
 	} `json:"repl"`