From 598896f0075843710ed8315a483aeea1406450c8 Mon Sep 17 00:00:00 2001 From: Harshal Patil Date: Tue, 14 Nov 2023 11:35:32 -0500 Subject: [PATCH] Add support for setting decryption keys Signed-off-by: Harshal Patil --- src/imageproxy.rs | 20 ++++++++++++++++++++ 1 file changed, 20 insertions(+) diff --git a/src/imageproxy.rs b/src/imageproxy.rs index a34dc99..5798cae 100644 --- a/src/imageproxy.rs +++ b/src/imageproxy.rs @@ -119,6 +119,10 @@ pub struct ImageProxyConfig { // Equivalent to `skopeo --cert-dir` pub certificate_directory: Option, + /// Decryption keys to decrypt an encrypted container image. + /// equivalent to `skopeo copy --decryption-key ` + pub decryption_keys: Option>, + /// If set, disable TLS verification. Equivalent to `skopeo --tls-verify=false`. pub insecure_skip_tls_verification: Option, @@ -208,6 +212,14 @@ impl TryFrom for Command { c.arg("--cert-dir"); c.arg(certificate_directory); } + + if let Some(decryption_keys) = config.decryption_keys { + for decryption_key in &decryption_keys { + c.arg("--decryption-key"); + c.arg(decryption_key); + } + } + if config.insecure_skip_tls_verification.unwrap_or_default() { c.arg("--tls-verify=false"); } @@ -555,6 +567,14 @@ mod tests { .unwrap(); validate(c, &[r"--authfile", "/path/to/authfile"], &[]); + let decryption_key_path = "/path/to/decryption_key"; + let c = Command::try_from(ImageProxyConfig { + decryption_keys: Some(vec![decryption_key_path.to_string()]), + ..Default::default() + }) + .unwrap(); + validate(c, &[r"--decryption-key", "/path/to/decryption_key"], &[]); + let c = Command::try_from(ImageProxyConfig { certificate_directory: Some(PathBuf::from("/path/to/certs")), ..Default::default()