diff --git a/cmd/flux/diff_artifact.go b/cmd/flux/diff_artifact.go index edfd9382..3eacc231 100644 --- a/cmd/flux/diff_artifact.go +++ b/cmd/flux/diff_artifact.go @@ -23,6 +23,7 @@ import ( oci "github.com/fluxcd/pkg/oci/client" sourcev1 "github.com/fluxcd/source-controller/api/v1beta2" + "github.com/google/go-containerregistry/pkg/crane" "github.com/spf13/cobra" "github.com/fluxcd/flux2/v2/internal/flags" @@ -42,6 +43,7 @@ type diffArtifactFlags struct { creds string provider flags.SourceOCIProvider ignorePaths []string + insecure bool } var diffArtifactArgs = newDiffArtifactArgs() @@ -57,6 +59,7 @@ func init() { diffArtifactCmd.Flags().StringVar(&diffArtifactArgs.creds, "creds", "", "credentials for OCI registry in the format [:] if --provider is generic") diffArtifactCmd.Flags().Var(&diffArtifactArgs.provider, "provider", sourceOCIRepositoryArgs.provider.Description()) diffArtifactCmd.Flags().StringSliceVar(&diffArtifactArgs.ignorePaths, "ignore-paths", excludeOCI, "set paths to ignore in .gitignore format") + diffArtifactCmd.Flags().BoolVar(&diffArtifactArgs.insecure, "insecure-registry", false, "allows the remote artifact to be pulled without TLS") diffCmd.AddCommand(diffArtifactCmd) } @@ -82,7 +85,13 @@ func diffArtifactCmdRun(cmd *cobra.Command, args []string) error { ctx, cancel := context.WithTimeout(context.Background(), rootArgs.timeout) defer cancel() - ociClient := oci.NewClient(oci.DefaultOptions()) + opts := oci.DefaultOptions() + + if diffArtifactArgs.insecure { + opts = append(opts, crane.Insecure) + } + + ociClient := oci.NewClient(opts) if diffArtifactArgs.provider.String() == sourcev1.GenericOCIProvider && diffArtifactArgs.creds != "" { logger.Actionf("logging in to registry with credentials") diff --git a/cmd/flux/list_artifact.go b/cmd/flux/list_artifact.go index 23a61b94..6649947c 100644 --- a/cmd/flux/list_artifact.go +++ b/cmd/flux/list_artifact.go @@ -20,6 +20,7 @@ import ( "context" "fmt" + "github.com/google/go-containerregistry/pkg/crane" "github.com/spf13/cobra" oci "github.com/fluxcd/pkg/oci/client" @@ -34,6 +35,7 @@ type listArtifactFlags struct { regexFilter string creds string provider flags.SourceOCIProvider + insecure bool } var listArtifactArgs = newListArtifactFlags() @@ -60,6 +62,7 @@ func init() { listArtifactsCmd.Flags().StringVar(&listArtifactArgs.regexFilter, "filter-regex", "", "filter tags returned from the oci repository using regex") listArtifactsCmd.Flags().StringVar(&listArtifactArgs.creds, "creds", "", "credentials for OCI registry in the format [:] if --provider is generic") listArtifactsCmd.Flags().Var(&listArtifactArgs.provider, "provider", listArtifactArgs.provider.Description()) + listArtifactsCmd.Flags().BoolVar(&listArtifactArgs.insecure, "insecure-registry", false, "allows the remote artifacts list to be fetched without TLS") listCmd.AddCommand(listArtifactsCmd) } @@ -78,7 +81,13 @@ func listArtifactsCmdRun(cmd *cobra.Command, args []string) error { return err } - ociClient := oci.NewClient(oci.DefaultOptions()) + ociOpts := oci.DefaultOptions() + + if listArtifactArgs.insecure { + ociOpts = append(ociOpts, crane.Insecure) + } + + ociClient := oci.NewClient(ociOpts) if listArtifactArgs.provider.String() == sourcev1.GenericOCIProvider && listArtifactArgs.creds != "" { logger.Actionf("logging in to registry with credentials") diff --git a/cmd/flux/pull_artifact.go b/cmd/flux/pull_artifact.go index 114368bd..8bd7ca45 100644 --- a/cmd/flux/pull_artifact.go +++ b/cmd/flux/pull_artifact.go @@ -22,6 +22,7 @@ import ( "os" sourcev1 "github.com/fluxcd/source-controller/api/v1beta2" + "github.com/google/go-containerregistry/pkg/crane" "github.com/spf13/cobra" "github.com/fluxcd/flux2/v2/internal/flags" @@ -43,6 +44,7 @@ The command can read the credentials from '~/.docker/config.json' but they can a type pullArtifactFlags struct { output string creds string + insecure bool provider flags.SourceOCIProvider } @@ -58,6 +60,7 @@ func init() { pullArtifactCmd.Flags().StringVarP(&pullArtifactArgs.output, "output", "o", "", "path where the artifact content should be extracted.") pullArtifactCmd.Flags().StringVar(&pullArtifactArgs.creds, "creds", "", "credentials for OCI registry in the format [:] if --provider is generic") pullArtifactCmd.Flags().Var(&pullArtifactArgs.provider, "provider", sourceOCIRepositoryArgs.provider.Description()) + pullArtifactCmd.Flags().BoolVar(&pullArtifactArgs.insecure, "insecure-registry", false, "allows artifacts to be pulled without TLS") pullCmd.AddCommand(pullArtifactCmd) } @@ -83,7 +86,13 @@ func pullArtifactCmdRun(cmd *cobra.Command, args []string) error { ctx, cancel := context.WithTimeout(context.Background(), rootArgs.timeout) defer cancel() - ociClient := oci.NewClient(oci.DefaultOptions()) + opts := oci.DefaultOptions() + + if pullArtifactArgs.insecure { + opts = append(opts, crane.Insecure) + } + + ociClient := oci.NewClient(opts) if pullArtifactArgs.provider.String() == sourcev1.GenericOCIProvider && pullArtifactArgs.creds != "" { logger.Actionf("logging in to registry with credentials") diff --git a/cmd/flux/push_artifact.go b/cmd/flux/push_artifact.go index 735b78d5..2ae53fd7 100644 --- a/cmd/flux/push_artifact.go +++ b/cmd/flux/push_artifact.go @@ -115,6 +115,7 @@ type pushArtifactFlags struct { output string debug bool reproducible bool + insecure bool } var pushArtifactArgs = newPushArtifactFlags() @@ -137,6 +138,7 @@ func init() { "the format in which the artifact digest should be printed, can be 'json' or 'yaml'") pushArtifactCmd.Flags().BoolVarP(&pushArtifactArgs.debug, "debug", "", false, "display logs from underlying library") pushArtifactCmd.Flags().BoolVar(&pushArtifactArgs.reproducible, "reproducible", false, "ensure reproducible image digests by setting the created timestamp to '1970-01-01T00:00:00Z'") + pushArtifactCmd.Flags().BoolVar(&pushArtifactArgs.insecure, "insecure-registry", false, "allows artifacts to be pushed without TLS") pushCmd.AddCommand(pushArtifactCmd) } @@ -266,6 +268,10 @@ func pushArtifactCmdRun(cmd *cobra.Command, args []string) error { logger.Actionf("pushing artifact to %s", url) } + if pushArtifactArgs.insecure { + opts = append(opts, crane.Insecure) + } + ociClient := client.NewClient(opts) digestURL, err := ociClient.Push(ctx, url, path, client.WithPushMetadata(meta),