Mirrors/flux2
1
0
Fork 0
mirror of synced 2026-02-13 13:06:56 +00:00
Code Issues Packages Projects Releases Wiki Activity

Allow to pull/push artifacts without TLS

Browse Source 
If applied, this commit will introduce a new `--insecure-repository`
flag to the following commands: `push artifacts`, `pull artifact`,
`diff artifact` and `list artifacts`. When used the flag will lead to
the option `crane.Insecure` being passed to the `crane` client allowing
the use of insecure repositories.

Signed-off-by: Matthieu Mottet <m.mottet@outlook.com>
This commit is contained in:
Matthieu Mottet
2025-04-11 17:30:56 +02:00
committed by Matthieu Mottet
parent 7b551b0d35
commit 3f4743037b
4 changed files with 36 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

11
cmd/flux/pull_artifact.go
View File

@@ -22,6 +22,7 @@ import (
"os"
sourcev1 "github.com/fluxcd/source-controller/api/v1beta2"
"github.com/google/go-containerregistry/pkg/crane"
"github.com/spf13/cobra"
"github.com/fluxcd/flux2/v2/internal/flags"
@@ -43,6 +44,7 @@ The command can read the credentials from '~/.docker/config.json' but they can a
type pullArtifactFlags struct {
output string
creds string
insecure bool
provider flags.SourceOCIProvider
}
@@ -58,6 +60,7 @@ func init() {
pullArtifactCmd.Flags().StringVarP(&pullArtifactArgs.output, "output", "o", "", "path where the artifact content should be extracted.")
pullArtifactCmd.Flags().StringVar(&pullArtifactArgs.creds, "creds", "", "credentials for OCI registry in the format <username>[:<password>] if --provider is generic")
pullArtifactCmd.Flags().Var(&pullArtifactArgs.provider, "provider", sourceOCIRepositoryArgs.provider.Description())
pullArtifactCmd.Flags().BoolVar(&pullArtifactArgs.insecure, "insecure-registry", false, "allows artifacts to be pulled without TLS")
pullCmd.AddCommand(pullArtifactCmd)
}
@@ -83,7 +86,13 @@ func pullArtifactCmdRun(cmd *cobra.Command, args []string) error {
ctx, cancel := context.WithTimeout(context.Background(), rootArgs.timeout)
defer cancel()
ociClient := oci.NewClient(oci.DefaultOptions())
opts := oci.DefaultOptions()
if pullArtifactArgs.insecure {
opts = append(opts, crane.Insecure)
}
ociClient := oci.NewClient(opts)
if pullArtifactArgs.provider.String() == sourcev1.GenericOCIProvider && pullArtifactArgs.creds != "" {
logger.Actionf("logging in to registry with credentials")