skip TLS option for pulling indexes

Ankita Thomas · Ankita Thomas · commit 5157133ce9b1 · 2020-08-10T08:17:40.000-04:00
diff --git a/cmd/opm/index/add.go b/cmd/opm/index/add.go
@@ -53,7 +53,7 @@ func addIndexAddCmd(parent *cobra.Command) {
 	if err := indexCmd.MarkFlagRequired("bundles"); err != nil {
 		logrus.Panic("Failed to set required `bundles` flag for `index add`")
 	}
-	indexCmd.Flags().Bool("skip-tls", false, "skip TLS certificate verification for container image registries while pulling bundles")
+	indexCmd.Flags().Bool("skip-tls", false, "skip TLS certificate verification for container image registries while pulling bundles or index")
 	indexCmd.Flags().StringP("binary-image", "i", "", "container image for on-image `opm` command")
 	indexCmd.Flags().StringP("container-tool", "c", "", "tool to interact with container images (save, build, etc.). One of: [docker, podman]")
 	indexCmd.Flags().StringP("build-tool", "u", "", "tool to build container images. One of: [docker, podman]. Defaults to podman. Overrides part of container-tool.")
diff --git a/cmd/opm/index/delete.go b/cmd/opm/index/delete.go
@@ -41,6 +41,7 @@ func newIndexDeleteCmd() *cobra.Command {
 	indexCmd.Flags().StringP("pull-tool", "p", "", "tool to pull container images. One of: [none, docker, podman]. Defaults to none. Overrides part of container-tool.")
 	indexCmd.Flags().StringP("tag", "t", "", "custom tag for container image being built")
 	indexCmd.Flags().Bool("permissive", false, "allow registry load errors")
+	indexCmd.Flags().Bool("skip-tls", false, "skip TLS certificate verification for container image registries while pulling index")
 
 	if err := indexCmd.Flags().MarkHidden("debug"); err != nil {
 		logrus.Panic(err.Error())
@@ -91,6 +92,11 @@ func runIndexDeleteCmdFunc(cmd *cobra.Command, args []string) error {
 		return err
 	}
 
+	skipTLS, err := cmd.Flags().GetBool("skip-tls")
+	if err != nil {
+		return err
+	}
+
 	logger := logrus.WithFields(logrus.Fields{"operators": operators})
 
 	logger.Info("building the index")
@@ -108,6 +114,7 @@ func runIndexDeleteCmdFunc(cmd *cobra.Command, args []string) error {
 		Operators:         operators,
 		Tag:               tag,
 		Permissive:        permissive,
+		SkipTLS:           skipTLS,
 	}
 
 	err = indexDeleter.DeleteFromIndex(request)
diff --git a/cmd/opm/index/deprecate.go b/cmd/opm/index/deprecate.go
@@ -57,6 +57,7 @@ func newIndexDeprecateTruncateCmd() *cobra.Command {
 	indexCmd.Flags().StringP("pull-tool", "p", "", "tool to pull container images. One of: [none, docker, podman]. Defaults to none. Overrides part of container-tool.")
 	indexCmd.Flags().StringP("tag", "t", "", "custom tag for container image being built")
 	indexCmd.Flags().Bool("permissive", false, "allow registry load errors")
+	indexCmd.Flags().Bool("skip-tls", false, "skip TLS certificate verification for container image registries while pulling index")
 	if err := indexCmd.Flags().MarkHidden("debug"); err != nil {
 		logrus.Panic(err.Error())
 	}
@@ -105,6 +106,11 @@ func runIndexDeprecateTruncateCmdFunc(cmd *cobra.Command, args []string) error {
 		return err
 	}
 
+	skipTLS, err := cmd.Flags().GetBool("skip-tls")
+	if err != nil {
+		return err
+	}
+
 	logger := logrus.WithFields(logrus.Fields{"bundles": bundles})
 
 	logger.Info("deprecating bundles from the index")
@@ -122,6 +128,7 @@ func runIndexDeprecateTruncateCmdFunc(cmd *cobra.Command, args []string) error {
 		Tag:               tag,
 		Bundles:           bundles,
 		Permissive:        permissive,
+		SkipTLS:           skipTLS,
 	}
 
 	err = indexDeprecator.DeprecateFromIndex(request)
diff --git a/cmd/opm/index/export.go b/cmd/opm/index/export.go
@@ -46,6 +46,7 @@ func newIndexExportCmd() *cobra.Command {
 	}
 	indexCmd.Flags().StringP("download-folder", "f", "downloaded", "directory where downloaded operator bundle(s) will be stored")
 	indexCmd.Flags().StringP("container-tool", "c", "none", "tool to interact with container images (save, build, etc.). One of: [none, docker, podman]")
+	indexCmd.Flags().Bool("skip-tls", false, "skip TLS certificate verification for container image registries while pulling index")
 	if err := indexCmd.Flags().MarkHidden("debug"); err != nil {
 		logrus.Panic(err.Error())
 	}
@@ -75,6 +76,11 @@ func runIndexExportCmdFunc(cmd *cobra.Command, args []string) error {
 		return err
 	}
 
+	skipTLS, err := cmd.Flags().GetBool("skip-tls")
+	if err != nil {
+		return err
+	}
+
 	logger := logrus.WithFields(logrus.Fields{"index": index, "package": packageName})
 
 	logger.Info("export from the index")
@@ -86,6 +92,7 @@ func runIndexExportCmdFunc(cmd *cobra.Command, args []string) error {
 		Package:       packageName,
 		DownloadPath:  downloadPath,
 		ContainerTool: containertools.NewContainerTool(containerTool, containertools.NoneTool),
+		SkipTLS:           skipTLS,
 	}
 
 	err = indexExporter.ExportFromIndex(request)
diff --git a/cmd/opm/index/prune.go b/cmd/opm/index/prune.go
@@ -41,6 +41,7 @@ func newIndexPruneCmd() *cobra.Command {
 	indexCmd.Flags().StringP("container-tool", "c", "podman", "tool to interact with container images (save, build, etc.). One of: [docker, podman]")
 	indexCmd.Flags().StringP("tag", "t", "", "custom tag for container image being built")
 	indexCmd.Flags().Bool("permissive", false, "allow registry load errors")
+	indexCmd.Flags().Bool("skip-tls", false, "skip TLS certificate verification for container image registries while pulling index")
 
 	if err := indexCmd.Flags().MarkHidden("debug"); err != nil {
 		logrus.Panic(err.Error())
@@ -95,6 +96,11 @@ func runIndexPruneCmdFunc(cmd *cobra.Command, args []string) error {
 		return err
 	}
 
+	skipTLS, err := cmd.Flags().GetBool("skip-tls")
+	if err != nil {
+		return err
+	}
+
 	logger := logrus.WithFields(logrus.Fields{"packages": packages})
 
 	logger.Info("pruning the index")
@@ -109,6 +115,7 @@ func runIndexPruneCmdFunc(cmd *cobra.Command, args []string) error {
 		Packages:          packages,
 		Tag:               tag,
 		Permissive:        permissive,
+		SkipTLS:           skipTLS,
 	}
 
 	err = indexPruner.PruneFromIndex(request)
diff --git a/go.sum b/go.sum
@@ -358,11 +358,8 @@ github.com/grpc-ecosystem/go-grpc-middleware v1.0.1-0.20190118093823-f849b5445de
 github.com/grpc-ecosystem/go-grpc-prometheus v1.2.0/go.mod h1:8NvIoxWQoOIhqOTXgfV/d3M/q6VIi02HzZEHgUlZvzk=
 github.com/grpc-ecosystem/grpc-gateway v1.9.0/go.mod h1:vNeuVxBJEsws4ogUvrchl83t/GYV9WGTSLVdBhOQFDY=
 github.com/grpc-ecosystem/grpc-gateway v1.9.5/go.mod h1:vNeuVxBJEsws4ogUvrchl83t/GYV9WGTSLVdBhOQFDY=
-github.com/grpc-ecosystem/grpc-health-probe v0.2.1-0.20181220223928-2bf0a5b182db h1:UxmGBzaBcWDQuQh9E1iT1dWKQFbizZ+SpTd1EL4MSqs=
-github.com/grpc-ecosystem/grpc-health-probe v0.2.1-0.20181220223928-2bf0a5b182db/go.mod h1:uBKkC2RbarFsvS5jMJHpVhTLvGlGQj9JJwkaePE3FWI=
 github.com/grpc-ecosystem/grpc-health-probe v0.3.2 h1:daShAySXI1DnGc8U9B1E4Qm6o7qzmFR4aRIJ4vY/TUo=
 github.com/grpc-ecosystem/grpc-health-probe v0.3.2/go.mod h1:izVOQ4RWbjUR6lm4nn+VLJyQ+FyaiGmprEYgI04Gs7U=
-github.com/grpc/grpc-go v1.30.0 h1:3ttCZRhSqhlKmQ6UrrTukz9LjJF/Bi8RuRo8rlyxKhA=
 github.com/hailocab/go-hostpool v0.0.0-20160125115350-e80d13ce29ed/go.mod h1:tMWxXQ9wFIaZeTI9F+hmhFiGpFmhOHzyShyFUhRm0H4=
 github.com/hashicorp/errwrap v1.0.0/go.mod h1:YH+1FKiLXxHSkmPseP+kNlulaMuP3n2brvKWEqk/Jc4=
 github.com/hashicorp/go-multierror v1.0.0/go.mod h1:dHtQlpGsu+cZNNAkkCN/P3hoUDHhCYQXV3UM06sGGrk=
diff --git a/pkg/lib/indexer/indexer.go b/pkg/lib/indexer/indexer.go
@@ -69,7 +69,7 @@ func (i ImageIndexer) AddToIndex(request AddToIndexRequest) error {
 		return err
 	}
 
-	databasePath, err := i.extractDatabase(buildDir, request.FromIndex)
+	databasePath, err := i.extractDatabase(buildDir, request.FromIndex, request.SkipTLS)
 	if err != nil {
 		return err
 	}
@@ -120,6 +120,7 @@ type DeleteFromIndexRequest struct {
 	OutDockerfile     string
 	Tag               string
 	Operators         []string
+	SkipTLS           bool
 }
 
 // DeleteFromIndex is an aggregate API used to generate a registry index image
@@ -131,7 +132,7 @@ func (i ImageIndexer) DeleteFromIndex(request DeleteFromIndexRequest) error {
 		return err
 	}
 
-	databasePath, err := i.extractDatabase(buildDir, request.FromIndex)
+	databasePath, err := i.extractDatabase(buildDir, request.FromIndex, request.SkipTLS)
 	if err != nil {
 		return err
 	}
@@ -231,6 +232,7 @@ type PruneFromIndexRequest struct {
 	OutDockerfile     string
 	Tag               string
 	Packages          []string
+	SkipTLS           bool
 }
 
 func (i ImageIndexer) PruneFromIndex(request PruneFromIndexRequest) error {
@@ -240,7 +242,7 @@ func (i ImageIndexer) PruneFromIndex(request PruneFromIndexRequest) error {
 		return err
 	}
 
-	databasePath, err := i.extractDatabase(buildDir, request.FromIndex)
+	databasePath, err := i.extractDatabase(buildDir, request.FromIndex, request.SkipTLS)
 	if err != nil {
 		return err
 	}
@@ -279,22 +281,22 @@ func (i ImageIndexer) PruneFromIndex(request PruneFromIndexRequest) error {
 }
 
 // extractDatabase sets a temp directory for unpacking an image
-func (i ImageIndexer) extractDatabase(buildDir, fromIndex string) (string, error) {
+func (i ImageIndexer) extractDatabase(buildDir, fromIndex string, skipTLS bool) (string, error) {
 	tmpDir, err := ioutil.TempDir("./", tmpDirPrefix)
 	if err != nil {
 		return "", err
 	}
 	defer os.RemoveAll(tmpDir)
 
-	databaseFile, err := i.getDatabaseFile(tmpDir, fromIndex)
+	databaseFile, err := i.getDatabaseFile(tmpDir, fromIndex, skipTLS)
 	if err != nil {
 		return "", err
 	}
 	// copy the index to the database folder in the build directory
 	return copyDatabaseTo(databaseFile, filepath.Join(buildDir, defaultDatabaseFolder))
 }
 
-func (i ImageIndexer) getDatabaseFile(workingDir, fromIndex string) (string, error) {
+func (i ImageIndexer) getDatabaseFile(workingDir, fromIndex string, skipTLS bool) (string, error) {
 	if fromIndex == "" {
 		return path.Join(workingDir, defaultDatabaseFile), nil
 	}
@@ -306,7 +308,7 @@ func (i ImageIndexer) getDatabaseFile(workingDir, fromIndex string) (string, err
 	var rerr error
 	switch i.PullTool {
 	case containertools.NoneTool:
-		reg, rerr = containerdregistry.NewRegistry(containerdregistry.WithLog(i.Logger))
+		reg, rerr = containerdregistry.NewRegistry(containerdregistry.SkipTLS(skipTLS), containerdregistry.WithLog(i.Logger))
 	case containertools.PodmanTool:
 		fallthrough
 	case containertools.DockerTool:
@@ -458,6 +460,7 @@ type ExportFromIndexRequest struct {
 	Package       string
 	DownloadPath  string
 	ContainerTool containertools.ContainerTool
+	SkipTLS       bool
 }
 
 // ExportFromIndex is an aggregate API used to specify operators from
@@ -471,7 +474,7 @@ func (i ImageIndexer) ExportFromIndex(request ExportFromIndexRequest) error {
 	defer os.RemoveAll(workingDir)
 
 	// extract the index database to the file
-	databaseFile, err := i.getDatabaseFile(workingDir, request.Index)
+	databaseFile, err := i.getDatabaseFile(workingDir, request.Index, request.SkipTLS)
 	if err != nil {
 		return err
 	}
@@ -592,6 +595,7 @@ type DeprecateFromIndexRequest struct {
 	OutDockerfile     string
 	Bundles           []string
 	Tag               string
+	SkipTLS           bool
 }
 
 // DeprecateFromIndex takes a DeprecateFromIndexRequest and deprecates the requested
@@ -603,7 +607,7 @@ func (i ImageIndexer) DeprecateFromIndex(request DeprecateFromIndexRequest) erro
 		return err
 	}
 
-	databasePath, err := i.extractDatabase(buildDir, request.FromIndex)
+	databasePath, err := i.extractDatabase(buildDir, request.FromIndex, request.SkipTLS)
 	if err != nil {
 		return err
 	}

Original file line number	Diff line number	Diff line change
`@@ -53,7 +53,7 @@ func addIndexAddCmd(parent *cobra.Command) {`
`53`	`53`	`if err := indexCmd.MarkFlagRequired("bundles"); err != nil {`
`54`	`54`	logrus.Panic("Failed to set required `bundles` flag for `index add`")
`55`	`55`	`}`
`56`		`- indexCmd.Flags().Bool("skip-tls", false, "skip TLS certificate verification for container image registries while pulling bundles")`
	`56`	`+ indexCmd.Flags().Bool("skip-tls", false, "skip TLS certificate verification for container image registries while pulling bundles or index")`
`57`	`57`	indexCmd.Flags().StringP("binary-image", "i", "", "container image for on-image `opm` command")
`58`	`58`	`indexCmd.Flags().StringP("container-tool", "c", "", "tool to interact with container images (save, build, etc.). One of: [docker, podman]")`
`59`	`59`	`indexCmd.Flags().StringP("build-tool", "u", "", "tool to build container images. One of: [docker, podman]. Defaults to podman. Overrides part of container-tool.")`
Original file line number	Diff line number	Diff line change
`@@ -46,6 +46,7 @@ func newIndexExportCmd() *cobra.Command {`
`46`	`46`	`}`
`47`	`47`	`indexCmd.Flags().StringP("download-folder", "f", "downloaded", "directory where downloaded operator bundle(s) will be stored")`
`48`	`48`	`indexCmd.Flags().StringP("container-tool", "c", "none", "tool to interact with container images (save, build, etc.). One of: [none, docker, podman]")`
	`49`	`+ indexCmd.Flags().Bool("skip-tls", false, "skip TLS certificate verification for container image registries while pulling index")`
`49`	`50`	`if err := indexCmd.Flags().MarkHidden("debug"); err != nil {`
`50`	`51`	`logrus.Panic(err.Error())`
`51`	`52`	`}`
`@@ -75,6 +76,11 @@ func runIndexExportCmdFunc(cmd *cobra.Command, args []string) error {`
`75`	`76`	`return err`
`76`	`77`	`}`
`77`	`78`
	`79`	`+ skipTLS, err := cmd.Flags().GetBool("skip-tls")`
	`80`	`+ if err != nil {`
	`81`	`+ return err`
	`82`	`+ }`
	`83`	`+`
`78`	`84`	`logger := logrus.WithFields(logrus.Fields{"index": index, "package": packageName})`
`79`	`85`
`80`	`86`	`logger.Info("export from the index")`
`@@ -86,6 +92,7 @@ func runIndexExportCmdFunc(cmd *cobra.Command, args []string) error {`
`86`	`92`	`Package: packageName,`
`87`	`93`	`DownloadPath: downloadPath,`
`88`	`94`	`ContainerTool: containertools.NewContainerTool(containerTool, containertools.NoneTool),`
	`95`	`+ SkipTLS: skipTLS,`
`89`	`96`	`}`
`90`	`97`
`91`	`98`	`err = indexExporter.ExportFromIndex(request)`
Original file line number	Diff line number	Diff line change
`@@ -69,7 +69,7 @@ func (i ImageIndexer) AddToIndex(request AddToIndexRequest) error {`
`69`	`69`	`return err`
`70`	`70`	`}`
`71`	`71`
`72`		`- databasePath, err := i.extractDatabase(buildDir, request.FromIndex)`
	`72`	`+ databasePath, err := i.extractDatabase(buildDir, request.FromIndex, request.SkipTLS)`
`73`	`73`	`if err != nil {`
`74`	`74`	`return err`
`75`	`75`	`}`
`@@ -120,6 +120,7 @@ type DeleteFromIndexRequest struct {`
`120`	`120`	`OutDockerfile string`
`121`	`121`	`Tag string`
`122`	`122`	`Operators []string`
	`123`	`+ SkipTLS bool`
`123`	`124`	`}`
`124`	`125`
`125`	`126`	`// DeleteFromIndex is an aggregate API used to generate a registry index image`
`@@ -131,7 +132,7 @@ func (i ImageIndexer) DeleteFromIndex(request DeleteFromIndexRequest) error {`
`131`	`132`	`return err`
`132`	`133`	`}`
`133`	`134`
`134`		`- databasePath, err := i.extractDatabase(buildDir, request.FromIndex)`
	`135`	`+ databasePath, err := i.extractDatabase(buildDir, request.FromIndex, request.SkipTLS)`
`135`	`136`	`if err != nil {`
`136`	`137`	`return err`
`137`	`138`	`}`
`@@ -231,6 +232,7 @@ type PruneFromIndexRequest struct {`
`231`	`232`	`OutDockerfile string`
`232`	`233`	`Tag string`
`233`	`234`	`Packages []string`
	`235`	`+ SkipTLS bool`
`234`	`236`	`}`
`235`	`237`
`236`	`238`	`func (i ImageIndexer) PruneFromIndex(request PruneFromIndexRequest) error {`
`@@ -240,7 +242,7 @@ func (i ImageIndexer) PruneFromIndex(request PruneFromIndexRequest) error {`
`240`	`242`	`return err`
`241`	`243`	`}`
`242`	`244`
`243`		`- databasePath, err := i.extractDatabase(buildDir, request.FromIndex)`
	`245`	`+ databasePath, err := i.extractDatabase(buildDir, request.FromIndex, request.SkipTLS)`
`244`	`246`	`if err != nil {`
`245`	`247`	`return err`
`246`	`248`	`}`
`@@ -279,22 +281,22 @@ func (i ImageIndexer) PruneFromIndex(request PruneFromIndexRequest) error {`
`279`	`281`	`}`
`280`	`282`
`281`	`283`	`// extractDatabase sets a temp directory for unpacking an image`
`282`		`-func (i ImageIndexer) extractDatabase(buildDir, fromIndex string) (string, error) {`
	`284`	`+func (i ImageIndexer) extractDatabase(buildDir, fromIndex string, skipTLS bool) (string, error) {`
`283`	`285`	`tmpDir, err := ioutil.TempDir("./", tmpDirPrefix)`
`284`	`286`	`if err != nil {`
`285`	`287`	`return "", err`
`286`	`288`	`}`
`287`	`289`	`defer os.RemoveAll(tmpDir)`
`288`	`290`
`289`		`- databaseFile, err := i.getDatabaseFile(tmpDir, fromIndex)`
	`291`	`+ databaseFile, err := i.getDatabaseFile(tmpDir, fromIndex, skipTLS)`
`290`	`292`	`if err != nil {`
`291`	`293`	`return "", err`
`292`	`294`	`}`
`293`	`295`	`// copy the index to the database folder in the build directory`
`294`	`296`	`return copyDatabaseTo(databaseFile, filepath.Join(buildDir, defaultDatabaseFolder))`
`295`	`297`	`}`
`296`	`298`
`297`		`-func (i ImageIndexer) getDatabaseFile(workingDir, fromIndex string) (string, error) {`
	`299`	`+func (i ImageIndexer) getDatabaseFile(workingDir, fromIndex string, skipTLS bool) (string, error) {`
`298`	`300`	`if fromIndex == "" {`
`299`	`301`	`return path.Join(workingDir, defaultDatabaseFile), nil`
`300`	`302`	`}`
`@@ -306,7 +308,7 @@ func (i ImageIndexer) getDatabaseFile(workingDir, fromIndex string) (string, err`
`306`	`308`	`var rerr error`
`307`	`309`	`switch i.PullTool {`
`308`	`310`	`case containertools.NoneTool:`
`309`		`- reg, rerr = containerdregistry.NewRegistry(containerdregistry.WithLog(i.Logger))`
	`311`	`+ reg, rerr = containerdregistry.NewRegistry(containerdregistry.SkipTLS(skipTLS), containerdregistry.WithLog(i.Logger))`
`310`	`312`	`case containertools.PodmanTool:`
`311`	`313`	`fallthrough`
`312`	`314`	`case containertools.DockerTool:`
`@@ -458,6 +460,7 @@ type ExportFromIndexRequest struct {`
`458`	`460`	`Package string`
`459`	`461`	`DownloadPath string`
`460`	`462`	`ContainerTool containertools.ContainerTool`
	`463`	`+ SkipTLS bool`
`461`	`464`	`}`
`462`	`465`
`463`	`466`	`// ExportFromIndex is an aggregate API used to specify operators from`
`@@ -471,7 +474,7 @@ func (i ImageIndexer) ExportFromIndex(request ExportFromIndexRequest) error {`
`471`	`474`	`defer os.RemoveAll(workingDir)`
`472`	`475`
`473`	`476`	`// extract the index database to the file`
`474`		`- databaseFile, err := i.getDatabaseFile(workingDir, request.Index)`
	`477`	`+ databaseFile, err := i.getDatabaseFile(workingDir, request.Index, request.SkipTLS)`
`475`	`478`	`if err != nil {`
`476`	`479`	`return err`
`477`	`480`	`}`
`@@ -592,6 +595,7 @@ type DeprecateFromIndexRequest struct {`
`592`	`595`	`OutDockerfile string`
`593`	`596`	`Bundles []string`
`594`	`597`	`Tag string`
	`598`	`+ SkipTLS bool`
`595`	`599`	`}`
`596`	`600`
`597`	`601`	`// DeprecateFromIndex takes a DeprecateFromIndexRequest and deprecates the requested`
`@@ -603,7 +607,7 @@ func (i ImageIndexer) DeprecateFromIndex(request DeprecateFromIndexRequest) erro`
`603`	`607`	`return err`
`604`	`608`	`}`
`605`	`609`
`606`		`- databasePath, err := i.extractDatabase(buildDir, request.FromIndex)`
	`610`	`+ databasePath, err := i.extractDatabase(buildDir, request.FromIndex, request.SkipTLS)`
`607`	`611`	`if err != nil {`
`608`	`612`	`return err`
`609`	`613`	`}`