From a0b13947b9b345b09ce23e6d848bd587012f1bc3 Mon Sep 17 00:00:00 2001 From: Megamind <882485+jeff-mccoy@users.noreply.github.com> Date: Wed, 1 Feb 2023 23:44:26 -0600 Subject: [PATCH] add common insecure flag (#1280) Migrated from #1191 ## Description Adding support for insecure flag for external registry in `zarf init`. Fixing `zarf package create` and `zarf package deploy` failures with external self signed cert registry as mentioned in https://github.com/defenseunicorns/zarf/issues/1190 and https://github.com/defenseunicorns/zarf/issues/1181 ## Related Issue Fixes # https://github.com/defenseunicorns/zarf/issues/1190 Fixes # https://github.com/defenseunicorns/zarf/issues/1181 Fixes # https://github.com/defenseunicorns/zarf/issues/561 Fixes # https://github.com/defenseunicorns/zarf/issues/1015 --------- Co-authored-by: Rishi --- .../1-the-zarf-cli/100-cli-commands/zarf.md | 1 + .../100-cli-commands/zarf_completion.md | 1 + .../100-cli-commands/zarf_completion_bash.md | 1 + .../100-cli-commands/zarf_completion_fish.md | 1 + .../zarf_completion_powershell.md | 1 + .../100-cli-commands/zarf_completion_zsh.md | 1 + .../100-cli-commands/zarf_connect.md | 1 + .../100-cli-commands/zarf_connect_list.md | 1 + .../100-cli-commands/zarf_destroy.md | 1 + .../1-the-zarf-cli/100-cli-commands/zarf_init.md | 1 + .../100-cli-commands/zarf_package.md | 1 + .../100-cli-commands/zarf_package_create.md | 2 +- .../100-cli-commands/zarf_package_deploy.md | 4 ++-- .../100-cli-commands/zarf_package_inspect.md | 1 + .../100-cli-commands/zarf_package_list.md | 1 + .../100-cli-commands/zarf_package_remove.md | 1 + .../100-cli-commands/zarf_prepare.md | 1 + .../100-cli-commands/zarf_prepare_find-images.md | 1 + .../zarf_prepare_generate-config.md | 1 + .../100-cli-commands/zarf_prepare_patch-git.md | 1 + .../100-cli-commands/zarf_prepare_sha256sum.md | 1 + .../1-the-zarf-cli/100-cli-commands/zarf_tools.md | 1 + .../100-cli-commands/zarf_tools_archiver.md | 1 + .../zarf_tools_archiver_compress.md | 1 + .../zarf_tools_archiver_decompress.md | 1 + .../100-cli-commands/zarf_tools_clear-cache.md | 1 + .../100-cli-commands/zarf_tools_gen-pki.md | 1 + .../100-cli-commands/zarf_tools_get-creds.md | 1 + .../100-cli-commands/zarf_tools_monitor.md | 1 + .../100-cli-commands/zarf_tools_registry.md | 1 + .../zarf_tools_registry_catalog.md | 1 + .../100-cli-commands/zarf_tools_registry_copy.md | 1 + .../100-cli-commands/zarf_tools_registry_login.md | 1 + .../100-cli-commands/zarf_tools_registry_pull.md | 1 + .../100-cli-commands/zarf_tools_registry_push.md | 1 + .../100-cli-commands/zarf_tools_sbom.md | 1 + .../100-cli-commands/zarf_tools_sbom_attest.md | 1 + .../100-cli-commands/zarf_tools_sbom_convert.md | 1 + .../100-cli-commands/zarf_tools_sbom_login.md | 1 + .../100-cli-commands/zarf_tools_sbom_packages.md | 1 + .../100-cli-commands/zarf_tools_sbom_version.md | 1 + .../100-cli-commands/zarf_version.md | 1 + src/cmd/package.go | 8 +------- src/cmd/root.go | 2 ++ src/cmd/viper.go | 3 +-- src/config/config.go | 8 +++++++- src/config/lang/english.go | 4 +--- src/internal/packager/images/push.go | 6 ++++-- src/pkg/packager/create.go | 2 +- src/pkg/packager/deploy.go | 2 ++ src/pkg/packager/network.go | 6 +++--- src/pkg/packager/prepare.go | 2 +- src/test/e2e/30_config_file_test.go | 3 +-- src/test/zarf-config-test.toml | 3 +-- src/types/runtime.go | 3 +-- src/ui/lib/api-types.ts | 15 +++++---------- 56 files changed, 74 insertions(+), 39 deletions(-) diff --git a/docs/4-user-guide/1-the-zarf-cli/100-cli-commands/zarf.md b/docs/4-user-guide/1-the-zarf-cli/100-cli-commands/zarf.md index d07c59e2c9..0d6a5363d5 100644 --- a/docs/4-user-guide/1-the-zarf-cli/100-cli-commands/zarf.md +++ b/docs/4-user-guide/1-the-zarf-cli/100-cli-commands/zarf.md @@ -17,6 +17,7 @@ zarf [COMMAND] [flags] ``` -a, --architecture string Architecture for OCI images -h, --help help for zarf + --insecure Allow access to insecure registries and disable other recommended security enforcements. This flag should only be used if you have a specific reason and accept the reduced security posture. -l, --log-level string Log level when running Zarf. Valid options are: warn, info, debug, trace (default "info") --no-log-file Disable log file creation --no-progress Disable fancy UI progress bars, spinners, logos, etc diff --git a/docs/4-user-guide/1-the-zarf-cli/100-cli-commands/zarf_completion.md b/docs/4-user-guide/1-the-zarf-cli/100-cli-commands/zarf_completion.md index 7fb666277c..4d23e22999 100644 --- a/docs/4-user-guide/1-the-zarf-cli/100-cli-commands/zarf_completion.md +++ b/docs/4-user-guide/1-the-zarf-cli/100-cli-commands/zarf_completion.md @@ -19,6 +19,7 @@ See each sub-command's help for details on how to use the generated script. ``` -a, --architecture string Architecture for OCI images + --insecure Allow access to insecure registries and disable other recommended security enforcements. This flag should only be used if you have a specific reason and accept the reduced security posture. -l, --log-level string Log level when running Zarf. Valid options are: warn, info, debug, trace (default "info") --no-log-file Disable log file creation --no-progress Disable fancy UI progress bars, spinners, logos, etc diff --git a/docs/4-user-guide/1-the-zarf-cli/100-cli-commands/zarf_completion_bash.md b/docs/4-user-guide/1-the-zarf-cli/100-cli-commands/zarf_completion_bash.md index 484306540c..3bdb59af05 100644 --- a/docs/4-user-guide/1-the-zarf-cli/100-cli-commands/zarf_completion_bash.md +++ b/docs/4-user-guide/1-the-zarf-cli/100-cli-commands/zarf_completion_bash.md @@ -42,6 +42,7 @@ zarf completion bash ``` -a, --architecture string Architecture for OCI images + --insecure Allow access to insecure registries and disable other recommended security enforcements. This flag should only be used if you have a specific reason and accept the reduced security posture. -l, --log-level string Log level when running Zarf. Valid options are: warn, info, debug, trace (default "info") --no-log-file Disable log file creation --no-progress Disable fancy UI progress bars, spinners, logos, etc diff --git a/docs/4-user-guide/1-the-zarf-cli/100-cli-commands/zarf_completion_fish.md b/docs/4-user-guide/1-the-zarf-cli/100-cli-commands/zarf_completion_fish.md index a25b40268f..a572b657a8 100644 --- a/docs/4-user-guide/1-the-zarf-cli/100-cli-commands/zarf_completion_fish.md +++ b/docs/4-user-guide/1-the-zarf-cli/100-cli-commands/zarf_completion_fish.md @@ -33,6 +33,7 @@ zarf completion fish [flags] ``` -a, --architecture string Architecture for OCI images + --insecure Allow access to insecure registries and disable other recommended security enforcements. This flag should only be used if you have a specific reason and accept the reduced security posture. -l, --log-level string Log level when running Zarf. Valid options are: warn, info, debug, trace (default "info") --no-log-file Disable log file creation --no-progress Disable fancy UI progress bars, spinners, logos, etc diff --git a/docs/4-user-guide/1-the-zarf-cli/100-cli-commands/zarf_completion_powershell.md b/docs/4-user-guide/1-the-zarf-cli/100-cli-commands/zarf_completion_powershell.md index b711a49724..05963e1059 100644 --- a/docs/4-user-guide/1-the-zarf-cli/100-cli-commands/zarf_completion_powershell.md +++ b/docs/4-user-guide/1-the-zarf-cli/100-cli-commands/zarf_completion_powershell.md @@ -30,6 +30,7 @@ zarf completion powershell [flags] ``` -a, --architecture string Architecture for OCI images + --insecure Allow access to insecure registries and disable other recommended security enforcements. This flag should only be used if you have a specific reason and accept the reduced security posture. -l, --log-level string Log level when running Zarf. Valid options are: warn, info, debug, trace (default "info") --no-log-file Disable log file creation --no-progress Disable fancy UI progress bars, spinners, logos, etc diff --git a/docs/4-user-guide/1-the-zarf-cli/100-cli-commands/zarf_completion_zsh.md b/docs/4-user-guide/1-the-zarf-cli/100-cli-commands/zarf_completion_zsh.md index f1900efc5d..5330635f91 100644 --- a/docs/4-user-guide/1-the-zarf-cli/100-cli-commands/zarf_completion_zsh.md +++ b/docs/4-user-guide/1-the-zarf-cli/100-cli-commands/zarf_completion_zsh.md @@ -44,6 +44,7 @@ zarf completion zsh [flags] ``` -a, --architecture string Architecture for OCI images + --insecure Allow access to insecure registries and disable other recommended security enforcements. This flag should only be used if you have a specific reason and accept the reduced security posture. -l, --log-level string Log level when running Zarf. Valid options are: warn, info, debug, trace (default "info") --no-log-file Disable log file creation --no-progress Disable fancy UI progress bars, spinners, logos, etc diff --git a/docs/4-user-guide/1-the-zarf-cli/100-cli-commands/zarf_connect.md b/docs/4-user-guide/1-the-zarf-cli/100-cli-commands/zarf_connect.md index 72795229c2..05754dc130 100644 --- a/docs/4-user-guide/1-the-zarf-cli/100-cli-commands/zarf_connect.md +++ b/docs/4-user-guide/1-the-zarf-cli/100-cli-commands/zarf_connect.md @@ -33,6 +33,7 @@ zarf connect {REGISTRY|LOGGING|GIT|connect-name} [flags] ``` -a, --architecture string Architecture for OCI images + --insecure Allow access to insecure registries and disable other recommended security enforcements. This flag should only be used if you have a specific reason and accept the reduced security posture. -l, --log-level string Log level when running Zarf. Valid options are: warn, info, debug, trace (default "info") --no-log-file Disable log file creation --no-progress Disable fancy UI progress bars, spinners, logos, etc diff --git a/docs/4-user-guide/1-the-zarf-cli/100-cli-commands/zarf_connect_list.md b/docs/4-user-guide/1-the-zarf-cli/100-cli-commands/zarf_connect_list.md index 77b75cb711..f427ef2c42 100644 --- a/docs/4-user-guide/1-the-zarf-cli/100-cli-commands/zarf_connect_list.md +++ b/docs/4-user-guide/1-the-zarf-cli/100-cli-commands/zarf_connect_list.md @@ -17,6 +17,7 @@ zarf connect list [flags] ``` -a, --architecture string Architecture for OCI images + --insecure Allow access to insecure registries and disable other recommended security enforcements. This flag should only be used if you have a specific reason and accept the reduced security posture. -l, --log-level string Log level when running Zarf. Valid options are: warn, info, debug, trace (default "info") --no-log-file Disable log file creation --no-progress Disable fancy UI progress bars, spinners, logos, etc diff --git a/docs/4-user-guide/1-the-zarf-cli/100-cli-commands/zarf_destroy.md b/docs/4-user-guide/1-the-zarf-cli/100-cli-commands/zarf_destroy.md index 1e4ccc1724..edf1b8b0a5 100644 --- a/docs/4-user-guide/1-the-zarf-cli/100-cli-commands/zarf_destroy.md +++ b/docs/4-user-guide/1-the-zarf-cli/100-cli-commands/zarf_destroy.md @@ -29,6 +29,7 @@ zarf destroy [flags] ``` -a, --architecture string Architecture for OCI images + --insecure Allow access to insecure registries and disable other recommended security enforcements. This flag should only be used if you have a specific reason and accept the reduced security posture. -l, --log-level string Log level when running Zarf. Valid options are: warn, info, debug, trace (default "info") --no-log-file Disable log file creation --no-progress Disable fancy UI progress bars, spinners, logos, etc diff --git a/docs/4-user-guide/1-the-zarf-cli/100-cli-commands/zarf_init.md b/docs/4-user-guide/1-the-zarf-cli/100-cli-commands/zarf_init.md index 016c26518b..30fe604abb 100644 --- a/docs/4-user-guide/1-the-zarf-cli/100-cli-commands/zarf_init.md +++ b/docs/4-user-guide/1-the-zarf-cli/100-cli-commands/zarf_init.md @@ -63,6 +63,7 @@ zarf init [flags] ``` -a, --architecture string Architecture for OCI images + --insecure Allow access to insecure registries and disable other recommended security enforcements. This flag should only be used if you have a specific reason and accept the reduced security posture. -l, --log-level string Log level when running Zarf. Valid options are: warn, info, debug, trace (default "info") --no-log-file Disable log file creation --no-progress Disable fancy UI progress bars, spinners, logos, etc diff --git a/docs/4-user-guide/1-the-zarf-cli/100-cli-commands/zarf_package.md b/docs/4-user-guide/1-the-zarf-cli/100-cli-commands/zarf_package.md index 2e8a783acb..d367d81e3c 100644 --- a/docs/4-user-guide/1-the-zarf-cli/100-cli-commands/zarf_package.md +++ b/docs/4-user-guide/1-the-zarf-cli/100-cli-commands/zarf_package.md @@ -13,6 +13,7 @@ Zarf package commands for creating, deploying, and inspecting packages ``` -a, --architecture string Architecture for OCI images + --insecure Allow access to insecure registries and disable other recommended security enforcements. This flag should only be used if you have a specific reason and accept the reduced security posture. -l, --log-level string Log level when running Zarf. Valid options are: warn, info, debug, trace (default "info") --no-log-file Disable log file creation --no-progress Disable fancy UI progress bars, spinners, logos, etc diff --git a/docs/4-user-guide/1-the-zarf-cli/100-cli-commands/zarf_package_create.md b/docs/4-user-guide/1-the-zarf-cli/100-cli-commands/zarf_package_create.md index b293c63dda..cbedae294b 100644 --- a/docs/4-user-guide/1-the-zarf-cli/100-cli-commands/zarf_package_create.md +++ b/docs/4-user-guide/1-the-zarf-cli/100-cli-commands/zarf_package_create.md @@ -18,7 +18,6 @@ zarf package create [DIRECTORY] [flags] ``` --confirm Confirm package creation without prompting -h, --help help for create - --insecure Allow insecure registry connections when pulling OCI images -m, --max-package-size int Specify the maximum size of the package in megabytes, packages larger than this will be split into multiple parts. Use 0 to disable splitting. --no-local-images Do not use local container images when creating this package -o, --output-directory string Specify the output directory for the created Zarf package @@ -32,6 +31,7 @@ zarf package create [DIRECTORY] [flags] ``` -a, --architecture string Architecture for OCI images + --insecure Allow access to insecure registries and disable other recommended security enforcements. This flag should only be used if you have a specific reason and accept the reduced security posture. -l, --log-level string Log level when running Zarf. Valid options are: warn, info, debug, trace (default "info") --no-log-file Disable log file creation --no-progress Disable fancy UI progress bars, spinners, logos, etc diff --git a/docs/4-user-guide/1-the-zarf-cli/100-cli-commands/zarf_package_deploy.md b/docs/4-user-guide/1-the-zarf-cli/100-cli-commands/zarf_package_deploy.md index e0bd7f81d1..c42afea493 100644 --- a/docs/4-user-guide/1-the-zarf-cli/100-cli-commands/zarf_package_deploy.md +++ b/docs/4-user-guide/1-the-zarf-cli/100-cli-commands/zarf_package_deploy.md @@ -17,16 +17,16 @@ zarf package deploy [PACKAGE] [flags] --components string Comma-separated list of components to install. Adding this flag will skip the init prompts for which components to install --confirm Confirm package deployment without prompting -h, --help help for deploy - --insecure --shasum Skip shasum validation of remote package. Required if deploying a remote package and --shasum is not provided --set stringToString Specify deployment variables to set on the command line (KEY=value) (default []) --sget string Path to public sget key file for remote packages signed via cosign - --shasum --insecure Shasum of the package to deploy. Required if deploying a remote package and --insecure is not provided + --shasum string Shasum of the package to deploy. Required if deploying a remote package and "--insecure" is not provided ``` ## Options inherited from parent commands ``` -a, --architecture string Architecture for OCI images + --insecure Allow access to insecure registries and disable other recommended security enforcements. This flag should only be used if you have a specific reason and accept the reduced security posture. -l, --log-level string Log level when running Zarf. Valid options are: warn, info, debug, trace (default "info") --no-log-file Disable log file creation --no-progress Disable fancy UI progress bars, spinners, logos, etc diff --git a/docs/4-user-guide/1-the-zarf-cli/100-cli-commands/zarf_package_inspect.md b/docs/4-user-guide/1-the-zarf-cli/100-cli-commands/zarf_package_inspect.md index 988b320f26..78bbde2c5f 100644 --- a/docs/4-user-guide/1-the-zarf-cli/100-cli-commands/zarf_package_inspect.md +++ b/docs/4-user-guide/1-the-zarf-cli/100-cli-commands/zarf_package_inspect.md @@ -24,6 +24,7 @@ zarf package inspect [PACKAGE] [flags] ``` -a, --architecture string Architecture for OCI images + --insecure Allow access to insecure registries and disable other recommended security enforcements. This flag should only be used if you have a specific reason and accept the reduced security posture. -l, --log-level string Log level when running Zarf. Valid options are: warn, info, debug, trace (default "info") --no-log-file Disable log file creation --no-progress Disable fancy UI progress bars, spinners, logos, etc diff --git a/docs/4-user-guide/1-the-zarf-cli/100-cli-commands/zarf_package_list.md b/docs/4-user-guide/1-the-zarf-cli/100-cli-commands/zarf_package_list.md index dd5f6da188..4caa9b6cc0 100644 --- a/docs/4-user-guide/1-the-zarf-cli/100-cli-commands/zarf_package_list.md +++ b/docs/4-user-guide/1-the-zarf-cli/100-cli-commands/zarf_package_list.md @@ -17,6 +17,7 @@ zarf package list [flags] ``` -a, --architecture string Architecture for OCI images + --insecure Allow access to insecure registries and disable other recommended security enforcements. This flag should only be used if you have a specific reason and accept the reduced security posture. -l, --log-level string Log level when running Zarf. Valid options are: warn, info, debug, trace (default "info") --no-log-file Disable log file creation --no-progress Disable fancy UI progress bars, spinners, logos, etc diff --git a/docs/4-user-guide/1-the-zarf-cli/100-cli-commands/zarf_package_remove.md b/docs/4-user-guide/1-the-zarf-cli/100-cli-commands/zarf_package_remove.md index 0f8171342b..3368acf776 100644 --- a/docs/4-user-guide/1-the-zarf-cli/100-cli-commands/zarf_package_remove.md +++ b/docs/4-user-guide/1-the-zarf-cli/100-cli-commands/zarf_package_remove.md @@ -19,6 +19,7 @@ zarf package remove {PACKAGE_NAME|PACKAGE_FILE} [flags] ``` -a, --architecture string Architecture for OCI images + --insecure Allow access to insecure registries and disable other recommended security enforcements. This flag should only be used if you have a specific reason and accept the reduced security posture. -l, --log-level string Log level when running Zarf. Valid options are: warn, info, debug, trace (default "info") --no-log-file Disable log file creation --no-progress Disable fancy UI progress bars, spinners, logos, etc diff --git a/docs/4-user-guide/1-the-zarf-cli/100-cli-commands/zarf_prepare.md b/docs/4-user-guide/1-the-zarf-cli/100-cli-commands/zarf_prepare.md index 4b9271a9cc..ce3a207d2a 100644 --- a/docs/4-user-guide/1-the-zarf-cli/100-cli-commands/zarf_prepare.md +++ b/docs/4-user-guide/1-the-zarf-cli/100-cli-commands/zarf_prepare.md @@ -13,6 +13,7 @@ Tools to help prepare assets for packaging ``` -a, --architecture string Architecture for OCI images + --insecure Allow access to insecure registries and disable other recommended security enforcements. This flag should only be used if you have a specific reason and accept the reduced security posture. -l, --log-level string Log level when running Zarf. Valid options are: warn, info, debug, trace (default "info") --no-log-file Disable log file creation --no-progress Disable fancy UI progress bars, spinners, logos, etc diff --git a/docs/4-user-guide/1-the-zarf-cli/100-cli-commands/zarf_prepare_find-images.md b/docs/4-user-guide/1-the-zarf-cli/100-cli-commands/zarf_prepare_find-images.md index 21a41c30e3..ee15f3ab50 100644 --- a/docs/4-user-guide/1-the-zarf-cli/100-cli-commands/zarf_prepare_find-images.md +++ b/docs/4-user-guide/1-the-zarf-cli/100-cli-commands/zarf_prepare_find-images.md @@ -25,6 +25,7 @@ zarf prepare find-images [PACKAGE] [flags] ``` -a, --architecture string Architecture for OCI images + --insecure Allow access to insecure registries and disable other recommended security enforcements. This flag should only be used if you have a specific reason and accept the reduced security posture. -l, --log-level string Log level when running Zarf. Valid options are: warn, info, debug, trace (default "info") --no-log-file Disable log file creation --no-progress Disable fancy UI progress bars, spinners, logos, etc diff --git a/docs/4-user-guide/1-the-zarf-cli/100-cli-commands/zarf_prepare_generate-config.md b/docs/4-user-guide/1-the-zarf-cli/100-cli-commands/zarf_prepare_generate-config.md index 0212a50637..531b573a31 100644 --- a/docs/4-user-guide/1-the-zarf-cli/100-cli-commands/zarf_prepare_generate-config.md +++ b/docs/4-user-guide/1-the-zarf-cli/100-cli-commands/zarf_prepare_generate-config.md @@ -26,6 +26,7 @@ zarf prepare generate-config [FILENAME] [flags] ``` -a, --architecture string Architecture for OCI images + --insecure Allow access to insecure registries and disable other recommended security enforcements. This flag should only be used if you have a specific reason and accept the reduced security posture. -l, --log-level string Log level when running Zarf. Valid options are: warn, info, debug, trace (default "info") --no-log-file Disable log file creation --no-progress Disable fancy UI progress bars, spinners, logos, etc diff --git a/docs/4-user-guide/1-the-zarf-cli/100-cli-commands/zarf_prepare_patch-git.md b/docs/4-user-guide/1-the-zarf-cli/100-cli-commands/zarf_prepare_patch-git.md index 3cc22ff6eb..f220e29678 100644 --- a/docs/4-user-guide/1-the-zarf-cli/100-cli-commands/zarf_prepare_patch-git.md +++ b/docs/4-user-guide/1-the-zarf-cli/100-cli-commands/zarf_prepare_patch-git.md @@ -19,6 +19,7 @@ zarf prepare patch-git [HOST] [FILE] [flags] ``` -a, --architecture string Architecture for OCI images + --insecure Allow access to insecure registries and disable other recommended security enforcements. This flag should only be used if you have a specific reason and accept the reduced security posture. -l, --log-level string Log level when running Zarf. Valid options are: warn, info, debug, trace (default "info") --no-log-file Disable log file creation --no-progress Disable fancy UI progress bars, spinners, logos, etc diff --git a/docs/4-user-guide/1-the-zarf-cli/100-cli-commands/zarf_prepare_sha256sum.md b/docs/4-user-guide/1-the-zarf-cli/100-cli-commands/zarf_prepare_sha256sum.md index 736f96530a..d61aaabf31 100644 --- a/docs/4-user-guide/1-the-zarf-cli/100-cli-commands/zarf_prepare_sha256sum.md +++ b/docs/4-user-guide/1-the-zarf-cli/100-cli-commands/zarf_prepare_sha256sum.md @@ -17,6 +17,7 @@ zarf prepare sha256sum [FILE|URL] [flags] ``` -a, --architecture string Architecture for OCI images + --insecure Allow access to insecure registries and disable other recommended security enforcements. This flag should only be used if you have a specific reason and accept the reduced security posture. -l, --log-level string Log level when running Zarf. Valid options are: warn, info, debug, trace (default "info") --no-log-file Disable log file creation --no-progress Disable fancy UI progress bars, spinners, logos, etc diff --git a/docs/4-user-guide/1-the-zarf-cli/100-cli-commands/zarf_tools.md b/docs/4-user-guide/1-the-zarf-cli/100-cli-commands/zarf_tools.md index 02353838e2..850c3c50d0 100644 --- a/docs/4-user-guide/1-the-zarf-cli/100-cli-commands/zarf_tools.md +++ b/docs/4-user-guide/1-the-zarf-cli/100-cli-commands/zarf_tools.md @@ -13,6 +13,7 @@ Collection of additional tools to make airgap easier ``` -a, --architecture string Architecture for OCI images + --insecure Allow access to insecure registries and disable other recommended security enforcements. This flag should only be used if you have a specific reason and accept the reduced security posture. -l, --log-level string Log level when running Zarf. Valid options are: warn, info, debug, trace (default "info") --no-log-file Disable log file creation --no-progress Disable fancy UI progress bars, spinners, logos, etc diff --git a/docs/4-user-guide/1-the-zarf-cli/100-cli-commands/zarf_tools_archiver.md b/docs/4-user-guide/1-the-zarf-cli/100-cli-commands/zarf_tools_archiver.md index 1f8e31e046..76e382a185 100644 --- a/docs/4-user-guide/1-the-zarf-cli/100-cli-commands/zarf_tools_archiver.md +++ b/docs/4-user-guide/1-the-zarf-cli/100-cli-commands/zarf_tools_archiver.md @@ -13,6 +13,7 @@ Compress/Decompress generic archives, including Zarf packages. ``` -a, --architecture string Architecture for OCI images + --insecure Allow access to insecure registries and disable other recommended security enforcements. This flag should only be used if you have a specific reason and accept the reduced security posture. -l, --log-level string Log level when running Zarf. Valid options are: warn, info, debug, trace (default "info") --no-log-file Disable log file creation --no-progress Disable fancy UI progress bars, spinners, logos, etc diff --git a/docs/4-user-guide/1-the-zarf-cli/100-cli-commands/zarf_tools_archiver_compress.md b/docs/4-user-guide/1-the-zarf-cli/100-cli-commands/zarf_tools_archiver_compress.md index e75e9ed84c..96e3631a4b 100644 --- a/docs/4-user-guide/1-the-zarf-cli/100-cli-commands/zarf_tools_archiver_compress.md +++ b/docs/4-user-guide/1-the-zarf-cli/100-cli-commands/zarf_tools_archiver_compress.md @@ -17,6 +17,7 @@ zarf tools archiver compress {SOURCES} {ARCHIVE} [flags] ``` -a, --architecture string Architecture for OCI images + --insecure Allow access to insecure registries and disable other recommended security enforcements. This flag should only be used if you have a specific reason and accept the reduced security posture. -l, --log-level string Log level when running Zarf. Valid options are: warn, info, debug, trace (default "info") --no-log-file Disable log file creation --no-progress Disable fancy UI progress bars, spinners, logos, etc diff --git a/docs/4-user-guide/1-the-zarf-cli/100-cli-commands/zarf_tools_archiver_decompress.md b/docs/4-user-guide/1-the-zarf-cli/100-cli-commands/zarf_tools_archiver_decompress.md index 1c3a5bed68..f6b4385aed 100644 --- a/docs/4-user-guide/1-the-zarf-cli/100-cli-commands/zarf_tools_archiver_decompress.md +++ b/docs/4-user-guide/1-the-zarf-cli/100-cli-commands/zarf_tools_archiver_decompress.md @@ -17,6 +17,7 @@ zarf tools archiver decompress {ARCHIVE} {DESTINATION} [flags] ``` -a, --architecture string Architecture for OCI images + --insecure Allow access to insecure registries and disable other recommended security enforcements. This flag should only be used if you have a specific reason and accept the reduced security posture. -l, --log-level string Log level when running Zarf. Valid options are: warn, info, debug, trace (default "info") --no-log-file Disable log file creation --no-progress Disable fancy UI progress bars, spinners, logos, etc diff --git a/docs/4-user-guide/1-the-zarf-cli/100-cli-commands/zarf_tools_clear-cache.md b/docs/4-user-guide/1-the-zarf-cli/100-cli-commands/zarf_tools_clear-cache.md index 1766aad372..6b8732270a 100644 --- a/docs/4-user-guide/1-the-zarf-cli/100-cli-commands/zarf_tools_clear-cache.md +++ b/docs/4-user-guide/1-the-zarf-cli/100-cli-commands/zarf_tools_clear-cache.md @@ -18,6 +18,7 @@ zarf tools clear-cache [flags] ``` -a, --architecture string Architecture for OCI images + --insecure Allow access to insecure registries and disable other recommended security enforcements. This flag should only be used if you have a specific reason and accept the reduced security posture. -l, --log-level string Log level when running Zarf. Valid options are: warn, info, debug, trace (default "info") --no-log-file Disable log file creation --no-progress Disable fancy UI progress bars, spinners, logos, etc diff --git a/docs/4-user-guide/1-the-zarf-cli/100-cli-commands/zarf_tools_gen-pki.md b/docs/4-user-guide/1-the-zarf-cli/100-cli-commands/zarf_tools_gen-pki.md index 94b1a5bc96..fe422e5e93 100644 --- a/docs/4-user-guide/1-the-zarf-cli/100-cli-commands/zarf_tools_gen-pki.md +++ b/docs/4-user-guide/1-the-zarf-cli/100-cli-commands/zarf_tools_gen-pki.md @@ -18,6 +18,7 @@ zarf tools gen-pki {HOST} [flags] ``` -a, --architecture string Architecture for OCI images + --insecure Allow access to insecure registries and disable other recommended security enforcements. This flag should only be used if you have a specific reason and accept the reduced security posture. -l, --log-level string Log level when running Zarf. Valid options are: warn, info, debug, trace (default "info") --no-log-file Disable log file creation --no-progress Disable fancy UI progress bars, spinners, logos, etc diff --git a/docs/4-user-guide/1-the-zarf-cli/100-cli-commands/zarf_tools_get-creds.md b/docs/4-user-guide/1-the-zarf-cli/100-cli-commands/zarf_tools_get-creds.md index 56e1f25284..cddf991228 100644 --- a/docs/4-user-guide/1-the-zarf-cli/100-cli-commands/zarf_tools_get-creds.md +++ b/docs/4-user-guide/1-the-zarf-cli/100-cli-commands/zarf_tools_get-creds.md @@ -21,6 +21,7 @@ zarf tools get-creds [flags] ``` -a, --architecture string Architecture for OCI images + --insecure Allow access to insecure registries and disable other recommended security enforcements. This flag should only be used if you have a specific reason and accept the reduced security posture. -l, --log-level string Log level when running Zarf. Valid options are: warn, info, debug, trace (default "info") --no-log-file Disable log file creation --no-progress Disable fancy UI progress bars, spinners, logos, etc diff --git a/docs/4-user-guide/1-the-zarf-cli/100-cli-commands/zarf_tools_monitor.md b/docs/4-user-guide/1-the-zarf-cli/100-cli-commands/zarf_tools_monitor.md index bf90abee9a..ea8c085249 100644 --- a/docs/4-user-guide/1-the-zarf-cli/100-cli-commands/zarf_tools_monitor.md +++ b/docs/4-user-guide/1-the-zarf-cli/100-cli-commands/zarf_tools_monitor.md @@ -17,6 +17,7 @@ zarf tools monitor [flags] ``` -a, --architecture string Architecture for OCI images + --insecure Allow access to insecure registries and disable other recommended security enforcements. This flag should only be used if you have a specific reason and accept the reduced security posture. -l, --log-level string Log level when running Zarf. Valid options are: warn, info, debug, trace (default "info") --no-log-file Disable log file creation --no-progress Disable fancy UI progress bars, spinners, logos, etc diff --git a/docs/4-user-guide/1-the-zarf-cli/100-cli-commands/zarf_tools_registry.md b/docs/4-user-guide/1-the-zarf-cli/100-cli-commands/zarf_tools_registry.md index 198713cf1a..fadd6cedf7 100644 --- a/docs/4-user-guide/1-the-zarf-cli/100-cli-commands/zarf_tools_registry.md +++ b/docs/4-user-guide/1-the-zarf-cli/100-cli-commands/zarf_tools_registry.md @@ -13,6 +13,7 @@ Tools for working with container registries using go-containertools. ``` -a, --architecture string Architecture for OCI images + --insecure Allow access to insecure registries and disable other recommended security enforcements. This flag should only be used if you have a specific reason and accept the reduced security posture. -l, --log-level string Log level when running Zarf. Valid options are: warn, info, debug, trace (default "info") --no-log-file Disable log file creation --no-progress Disable fancy UI progress bars, spinners, logos, etc diff --git a/docs/4-user-guide/1-the-zarf-cli/100-cli-commands/zarf_tools_registry_catalog.md b/docs/4-user-guide/1-the-zarf-cli/100-cli-commands/zarf_tools_registry_catalog.md index ac1da23d57..3326be27af 100644 --- a/docs/4-user-guide/1-the-zarf-cli/100-cli-commands/zarf_tools_registry_catalog.md +++ b/docs/4-user-guide/1-the-zarf-cli/100-cli-commands/zarf_tools_registry_catalog.md @@ -27,6 +27,7 @@ zarf tools registry catalog [REGISTRY] [flags] ``` -a, --architecture string Architecture for OCI images + --insecure Allow access to insecure registries and disable other recommended security enforcements. This flag should only be used if you have a specific reason and accept the reduced security posture. -l, --log-level string Log level when running Zarf. Valid options are: warn, info, debug, trace (default "info") --no-log-file Disable log file creation --no-progress Disable fancy UI progress bars, spinners, logos, etc diff --git a/docs/4-user-guide/1-the-zarf-cli/100-cli-commands/zarf_tools_registry_copy.md b/docs/4-user-guide/1-the-zarf-cli/100-cli-commands/zarf_tools_registry_copy.md index 8cda766367..cd1a289ffe 100644 --- a/docs/4-user-guide/1-the-zarf-cli/100-cli-commands/zarf_tools_registry_copy.md +++ b/docs/4-user-guide/1-the-zarf-cli/100-cli-commands/zarf_tools_registry_copy.md @@ -17,6 +17,7 @@ zarf tools registry copy SRC DST [flags] ``` -a, --architecture string Architecture for OCI images + --insecure Allow access to insecure registries and disable other recommended security enforcements. This flag should only be used if you have a specific reason and accept the reduced security posture. -l, --log-level string Log level when running Zarf. Valid options are: warn, info, debug, trace (default "info") --no-log-file Disable log file creation --no-progress Disable fancy UI progress bars, spinners, logos, etc diff --git a/docs/4-user-guide/1-the-zarf-cli/100-cli-commands/zarf_tools_registry_login.md b/docs/4-user-guide/1-the-zarf-cli/100-cli-commands/zarf_tools_registry_login.md index 7d40ed7807..28bd91e5dd 100644 --- a/docs/4-user-guide/1-the-zarf-cli/100-cli-commands/zarf_tools_registry_login.md +++ b/docs/4-user-guide/1-the-zarf-cli/100-cli-commands/zarf_tools_registry_login.md @@ -20,6 +20,7 @@ zarf tools registry login [OPTIONS] [SERVER] [flags] ``` -a, --architecture string Architecture for OCI images + --insecure Allow access to insecure registries and disable other recommended security enforcements. This flag should only be used if you have a specific reason and accept the reduced security posture. -l, --log-level string Log level when running Zarf. Valid options are: warn, info, debug, trace (default "info") --no-log-file Disable log file creation --no-progress Disable fancy UI progress bars, spinners, logos, etc diff --git a/docs/4-user-guide/1-the-zarf-cli/100-cli-commands/zarf_tools_registry_pull.md b/docs/4-user-guide/1-the-zarf-cli/100-cli-commands/zarf_tools_registry_pull.md index 85862fb29c..7142d8f544 100644 --- a/docs/4-user-guide/1-the-zarf-cli/100-cli-commands/zarf_tools_registry_pull.md +++ b/docs/4-user-guide/1-the-zarf-cli/100-cli-commands/zarf_tools_registry_pull.md @@ -20,6 +20,7 @@ zarf tools registry pull IMAGE TARBALL [flags] ``` -a, --architecture string Architecture for OCI images + --insecure Allow access to insecure registries and disable other recommended security enforcements. This flag should only be used if you have a specific reason and accept the reduced security posture. -l, --log-level string Log level when running Zarf. Valid options are: warn, info, debug, trace (default "info") --no-log-file Disable log file creation --no-progress Disable fancy UI progress bars, spinners, logos, etc diff --git a/docs/4-user-guide/1-the-zarf-cli/100-cli-commands/zarf_tools_registry_push.md b/docs/4-user-guide/1-the-zarf-cli/100-cli-commands/zarf_tools_registry_push.md index df6914d0d8..72cf8c1084 100644 --- a/docs/4-user-guide/1-the-zarf-cli/100-cli-commands/zarf_tools_registry_push.md +++ b/docs/4-user-guide/1-the-zarf-cli/100-cli-commands/zarf_tools_registry_push.md @@ -23,6 +23,7 @@ zarf tools registry push PATH IMAGE [flags] ``` -a, --architecture string Architecture for OCI images + --insecure Allow access to insecure registries and disable other recommended security enforcements. This flag should only be used if you have a specific reason and accept the reduced security posture. -l, --log-level string Log level when running Zarf. Valid options are: warn, info, debug, trace (default "info") --no-log-file Disable log file creation --no-progress Disable fancy UI progress bars, spinners, logos, etc diff --git a/docs/4-user-guide/1-the-zarf-cli/100-cli-commands/zarf_tools_sbom.md b/docs/4-user-guide/1-the-zarf-cli/100-cli-commands/zarf_tools_sbom.md index c5b9a1109e..cc307b034a 100644 --- a/docs/4-user-guide/1-the-zarf-cli/100-cli-commands/zarf_tools_sbom.md +++ b/docs/4-user-guide/1-the-zarf-cli/100-cli-commands/zarf_tools_sbom.md @@ -32,6 +32,7 @@ zarf tools sbom [flags] ``` -a, --architecture string Architecture for OCI images + --insecure Allow access to insecure registries and disable other recommended security enforcements. This flag should only be used if you have a specific reason and accept the reduced security posture. -l, --log-level string Log level when running Zarf. Valid options are: warn, info, debug, trace (default "info") --no-log-file Disable log file creation --no-progress Disable fancy UI progress bars, spinners, logos, etc diff --git a/docs/4-user-guide/1-the-zarf-cli/100-cli-commands/zarf_tools_sbom_attest.md b/docs/4-user-guide/1-the-zarf-cli/100-cli-commands/zarf_tools_sbom_attest.md index da8ba36b4d..c700293afb 100644 --- a/docs/4-user-guide/1-the-zarf-cli/100-cli-commands/zarf_tools_sbom_attest.md +++ b/docs/4-user-guide/1-the-zarf-cli/100-cli-commands/zarf_tools_sbom_attest.md @@ -31,6 +31,7 @@ zarf tools sbom attest --output [FORMAT] [flags] ``` -a, --architecture string Architecture for OCI images -c, --config string application config file + --insecure Allow access to insecure registries and disable other recommended security enforcements. This flag should only be used if you have a specific reason and accept the reduced security posture. -l, --log-level string Log level when running Zarf. Valid options are: warn, info, debug, trace (default "info") --no-log-file Disable log file creation --no-progress Disable fancy UI progress bars, spinners, logos, etc diff --git a/docs/4-user-guide/1-the-zarf-cli/100-cli-commands/zarf_tools_sbom_convert.md b/docs/4-user-guide/1-the-zarf-cli/100-cli-commands/zarf_tools_sbom_convert.md index 375f63bcf9..b8bd9459b8 100644 --- a/docs/4-user-guide/1-the-zarf-cli/100-cli-commands/zarf_tools_sbom_convert.md +++ b/docs/4-user-guide/1-the-zarf-cli/100-cli-commands/zarf_tools_sbom_convert.md @@ -30,6 +30,7 @@ zarf tools sbom convert [SOURCE-SBOM] -o [FORMAT] [flags] ``` -a, --architecture string Architecture for OCI images -c, --config string application config file + --insecure Allow access to insecure registries and disable other recommended security enforcements. This flag should only be used if you have a specific reason and accept the reduced security posture. -l, --log-level string Log level when running Zarf. Valid options are: warn, info, debug, trace (default "info") --no-log-file Disable log file creation --no-progress Disable fancy UI progress bars, spinners, logos, etc diff --git a/docs/4-user-guide/1-the-zarf-cli/100-cli-commands/zarf_tools_sbom_login.md b/docs/4-user-guide/1-the-zarf-cli/100-cli-commands/zarf_tools_sbom_login.md index f52e71a221..9c3a93171d 100644 --- a/docs/4-user-guide/1-the-zarf-cli/100-cli-commands/zarf_tools_sbom_login.md +++ b/docs/4-user-guide/1-the-zarf-cli/100-cli-commands/zarf_tools_sbom_login.md @@ -21,6 +21,7 @@ zarf tools sbom login [OPTIONS] [SERVER] [flags] ``` -a, --architecture string Architecture for OCI images -c, --config string application config file + --insecure Allow access to insecure registries and disable other recommended security enforcements. This flag should only be used if you have a specific reason and accept the reduced security posture. -l, --log-level string Log level when running Zarf. Valid options are: warn, info, debug, trace (default "info") --no-log-file Disable log file creation --no-progress Disable fancy UI progress bars, spinners, logos, etc diff --git a/docs/4-user-guide/1-the-zarf-cli/100-cli-commands/zarf_tools_sbom_packages.md b/docs/4-user-guide/1-the-zarf-cli/100-cli-commands/zarf_tools_sbom_packages.md index ce9e94f5e2..5c77015ebd 100644 --- a/docs/4-user-guide/1-the-zarf-cli/100-cli-commands/zarf_tools_sbom_packages.md +++ b/docs/4-user-guide/1-the-zarf-cli/100-cli-commands/zarf_tools_sbom_packages.md @@ -30,6 +30,7 @@ zarf tools sbom packages [SOURCE] [flags] ``` -a, --architecture string Architecture for OCI images -c, --config string application config file + --insecure Allow access to insecure registries and disable other recommended security enforcements. This flag should only be used if you have a specific reason and accept the reduced security posture. -l, --log-level string Log level when running Zarf. Valid options are: warn, info, debug, trace (default "info") --no-log-file Disable log file creation --no-progress Disable fancy UI progress bars, spinners, logos, etc diff --git a/docs/4-user-guide/1-the-zarf-cli/100-cli-commands/zarf_tools_sbom_version.md b/docs/4-user-guide/1-the-zarf-cli/100-cli-commands/zarf_tools_sbom_version.md index 4cc3da0f2f..4c73e21599 100644 --- a/docs/4-user-guide/1-the-zarf-cli/100-cli-commands/zarf_tools_sbom_version.md +++ b/docs/4-user-guide/1-the-zarf-cli/100-cli-commands/zarf_tools_sbom_version.md @@ -19,6 +19,7 @@ zarf tools sbom version [flags] ``` -a, --architecture string Architecture for OCI images -c, --config string application config file + --insecure Allow access to insecure registries and disable other recommended security enforcements. This flag should only be used if you have a specific reason and accept the reduced security posture. -l, --log-level string Log level when running Zarf. Valid options are: warn, info, debug, trace (default "info") --no-log-file Disable log file creation --no-progress Disable fancy UI progress bars, spinners, logos, etc diff --git a/docs/4-user-guide/1-the-zarf-cli/100-cli-commands/zarf_version.md b/docs/4-user-guide/1-the-zarf-cli/100-cli-commands/zarf_version.md index 4f4c510763..2b900fb0e4 100644 --- a/docs/4-user-guide/1-the-zarf-cli/100-cli-commands/zarf_version.md +++ b/docs/4-user-guide/1-the-zarf-cli/100-cli-commands/zarf_version.md @@ -21,6 +21,7 @@ zarf version [flags] ``` -a, --architecture string Architecture for OCI images + --insecure Allow access to insecure registries and disable other recommended security enforcements. This flag should only be used if you have a specific reason and accept the reduced security posture. -l, --log-level string Log level when running Zarf. Valid options are: warn, info, debug, trace (default "info") --no-log-file Disable log file creation --no-progress Disable fancy UI progress bars, spinners, logos, etc diff --git a/src/cmd/package.go b/src/cmd/package.go index 67f52965f0..c701ea509d 100644 --- a/src/cmd/package.go +++ b/src/cmd/package.go @@ -24,8 +24,6 @@ import ( "github.com/spf13/cobra" ) -var insecureDeploy bool -var shasum string var includeInspectSBOM bool var outputInspectSBOM string @@ -249,7 +247,6 @@ func bindCreateFlags() { v.SetDefault(V_PKG_CREATE_SBOM, false) v.SetDefault(V_PKG_CREATE_SBOM_OUTPUT, "") v.SetDefault(V_PKG_CREATE_SKIP_SBOM, false) - v.SetDefault(V_PKG_CREATE_INSECURE, false) v.SetDefault(V_PKG_CREATE_MAX_PACKAGE_SIZE, 0) v.SetDefault(V_PKG_CREATE_NO_LOCAL_IMAGES, false) @@ -258,7 +255,6 @@ func bindCreateFlags() { createFlags.BoolVarP(&pkgConfig.CreateOpts.ViewSBOM, "sbom", "s", v.GetBool(V_PKG_CREATE_SBOM), "View SBOM contents after creating the package") createFlags.StringVar(&pkgConfig.CreateOpts.SBOMOutputDir, "sbom-out", v.GetString(V_PKG_CREATE_SBOM_OUTPUT), "Specify an output directory for the SBOMs from the created Zarf package") createFlags.BoolVar(&pkgConfig.CreateOpts.SkipSBOM, "skip-sbom", v.GetBool(V_PKG_CREATE_SKIP_SBOM), "Skip generating SBOM for this package") - createFlags.BoolVar(&pkgConfig.CreateOpts.Insecure, "insecure", v.GetBool(V_PKG_CREATE_INSECURE), "Allow insecure registry connections when pulling OCI images") createFlags.IntVarP(&pkgConfig.CreateOpts.MaxPackageSizeMB, "max-package-size", "m", v.GetInt(V_PKG_CREATE_MAX_PACKAGE_SIZE), "Specify the maximum size of the package in megabytes, packages larger than this will be split into multiple parts. Use 0 to disable splitting.") createFlags.BoolVar(&pkgConfig.CreateOpts.NoLocalImages, "no-local-images", v.GetBool(V_PKG_CREATE_NO_LOCAL_IMAGES), "Do not use local container images when creating this package") } @@ -271,14 +267,12 @@ func bindDeployFlags() { v.SetDefault(V_PKG_DEPLOY_SET, map[string]string{}) v.SetDefault(V_PKG_DEPLOY_COMPONENTS, "") - v.SetDefault(V_PKG_DEPLOY_INSECURE, false) v.SetDefault(V_PKG_DEPLOY_SHASUM, "") v.SetDefault(V_PKG_DEPLOY_SGET, "") deployFlags.StringToStringVar(&pkgConfig.DeployOpts.SetVariables, "set", v.GetStringMapString(V_PKG_DEPLOY_SET), "Specify deployment variables to set on the command line (KEY=value)") deployFlags.StringVar(&pkgConfig.DeployOpts.Components, "components", v.GetString(V_PKG_DEPLOY_COMPONENTS), "Comma-separated list of components to install. Adding this flag will skip the init prompts for which components to install") - deployFlags.BoolVar(&insecureDeploy, "insecure", v.GetBool(V_PKG_DEPLOY_INSECURE), "Skip shasum validation of remote package. Required if deploying a remote package and `--shasum` is not provided") - deployFlags.StringVar(&shasum, "shasum", v.GetString(V_PKG_DEPLOY_SHASUM), "Shasum of the package to deploy. Required if deploying a remote package and `--insecure` is not provided") + deployFlags.StringVar(&pkgConfig.DeployOpts.Shasum, "shasum", v.GetString(V_PKG_DEPLOY_SHASUM), "Shasum of the package to deploy. Required if deploying a remote package and \"--insecure\" is not provided") deployFlags.StringVar(&pkgConfig.DeployOpts.SGetKeyPath, "sget", v.GetString(V_PKG_DEPLOY_SGET), "Path to public sget key file for remote packages signed via cosign") } diff --git a/src/cmd/root.go b/src/cmd/root.go index 2a78f7e734..50d8532c88 100644 --- a/src/cmd/root.go +++ b/src/cmd/root.go @@ -71,6 +71,7 @@ func init() { v.SetDefault(V_ARCHITECTURE, "") v.SetDefault(V_NO_LOG_FILE, false) v.SetDefault(V_NO_PROGRESS, false) + v.SetDefault(V_INSECURE, false) v.SetDefault(V_ZARF_CACHE, config.ZarfDefaultCachePath) v.SetDefault(V_TMP_DIR, "") @@ -80,6 +81,7 @@ func init() { rootCmd.PersistentFlags().BoolVar(&message.NoProgress, "no-progress", v.GetBool(V_NO_PROGRESS), lang.RootCmdFlagNoProgress) rootCmd.PersistentFlags().StringVar(&config.CommonOptions.CachePath, "zarf-cache", v.GetString(V_ZARF_CACHE), lang.RootCmdFlagCachePath) rootCmd.PersistentFlags().StringVar(&config.CommonOptions.TempDirectory, "tmpdir", v.GetString(V_TMP_DIR), lang.RootCmdFlagTempDir) + rootCmd.PersistentFlags().BoolVar(&config.CommonOptions.Insecure, "insecure", v.GetBool(V_INSECURE), lang.RootCmdFlagInseure) } func cliSetup() { diff --git a/src/cmd/viper.go b/src/cmd/viper.go index 854e51573f..226db8150a 100644 --- a/src/cmd/viper.go +++ b/src/cmd/viper.go @@ -20,6 +20,7 @@ const ( V_NO_PROGRESS = "no_progress" V_ZARF_CACHE = "zarf_cache" V_TMP_DIR = "tmp_dir" + V_INSECURE = "insecure" // Init config keys V_INIT_COMPONENTS = "init.components" @@ -47,14 +48,12 @@ const ( V_PKG_CREATE_SBOM = "package.create.sbom" V_PKG_CREATE_SBOM_OUTPUT = "package.create.sbom_output" V_PKG_CREATE_SKIP_SBOM = "package.create.skip_sbom" - V_PKG_CREATE_INSECURE = "package.create.insecure" V_PKG_CREATE_MAX_PACKAGE_SIZE = "package.create.max_package_size" V_PKG_CREATE_NO_LOCAL_IMAGES = "package.create.no_local_images" // Package deploy config keys V_PKG_DEPLOY_SET = "package.deploy.set" V_PKG_DEPLOY_COMPONENTS = "package.deploy.components" - V_PKG_DEPLOY_INSECURE = "package.deploy.insecure" V_PKG_DEPLOY_SHASUM = "package.deploy.shasum" V_PKG_DEPLOY_SGET = "package.deploy.sget" ) diff --git a/src/config/config.go b/src/config/config.go index 21378deeb1..b7d2c35a9d 100644 --- a/src/config/config.go +++ b/src/config/config.go @@ -5,8 +5,10 @@ package config import ( + "crypto/tls" "embed" "fmt" + "net/http" "os" "path/filepath" "runtime" @@ -118,7 +120,11 @@ func GetCraneOptions(insecure bool) []crane.Option { // Handle insecure registry option if insecure { - options = append(options, crane.Insecure) + roundTripper := http.DefaultTransport.(*http.Transport).Clone() + roundTripper.TLSClientConfig = &tls.Config{ + InsecureSkipVerify: true, + } + options = append(options, crane.Insecure, crane.WithTransport(roundTripper)) } // Add the image platform info diff --git a/src/config/lang/english.go b/src/config/lang/english.go index 8c78e3cad8..92c65f8ca3 100644 --- a/src/config/lang/english.go +++ b/src/config/lang/english.go @@ -37,6 +37,7 @@ const ( RootCmdFlagNoProgress = "Disable fancy UI progress bars, spinners, logos, etc" RootCmdFlagCachePath = "Specify the location of the Zarf cache directory" RootCmdFlagTempDir = "Specify the temporary directory to use for intermediate files" + RootCmdFlagInseure = "Allow access to insecure registries and disable other recommended security enforcements. This flag should only be used if you have a specific reason and accept the reduced security posture." RootCmdDeprecatedDeploy = "Please use \"zarf package deploy %s\" to deploy this package." RootCmdDeprecatedCreate = "Please use \"zarf package create\" to create this package." @@ -90,15 +91,12 @@ const ( CmdInitLong = "Injects a docker registry as well as other optional useful things (such as a git server " + "and a logging stack) into a k8s cluster under the 'zarf' namespace " + "to support future application deployments. \n" + - "If you do not have a k8s cluster already configured, this command will give you " + "the ability to install a cluster locally.\n\n" + - "This command looks for a zarf-init package in the local directory that the command was executed " + "from. If no package is found in the local directory and the Zarf CLI exists somewhere outside of " + "the current directory, Zarf will failover and attempt to find a zarf-init package in the directory " + "that the Zarf binary is located in.\n\n\n\n" + - "Example Usage:\n" + "# Initializing without any optional components:\nzarf init\n\n" + "# Initializing w/ Zarfs internal git server:\nzarf init --components=git-server\n\n" + diff --git a/src/internal/packager/images/push.go b/src/internal/packager/images/push.go index a1a9ff5717..28f1cc7d7a 100644 --- a/src/internal/packager/images/push.go +++ b/src/internal/packager/images/push.go @@ -24,6 +24,7 @@ func (i *ImgConfig) PushToZarfRegistry() error { target string ) + registryURL = i.RegInfo.Address if i.RegInfo.InternalRegistry { // Establish a registry tunnel to send the images to the zarf registry if tunnel, err = cluster.NewZarfTunnel(); err != nil { @@ -51,9 +52,10 @@ func (i *ImgConfig) PushToZarfRegistry() error { spinner := message.NewProgressSpinner("Storing images in the zarf registry") defer spinner.Stop() - pushOptions := []crane.Option{config.GetCraneAuthOption(i.RegInfo.PushUsername, i.RegInfo.PushPassword)} - message.Debugf("crane pushOptions = %#v", pushOptions) + pushOptions := config.GetCraneOptions(i.Insecure) + pushOptions = append(pushOptions, config.GetCraneAuthOption(i.RegInfo.PushUsername, i.RegInfo.PushPassword)) + message.Debugf("crane pushOptions = %#v", pushOptions) for _, src := range i.ImgList { spinner.Updatef("Updating image %s", src) img, err := crane.LoadTag(i.TarballPath, src, config.GetCraneOptions(i.Insecure)...) diff --git a/src/pkg/packager/create.go b/src/pkg/packager/create.go index ef4c81c259..eaa4e86cad 100644 --- a/src/pkg/packager/create.go +++ b/src/pkg/packager/create.go @@ -224,7 +224,7 @@ func (p *Packager) pullImages(imgList []string, path string) (map[name.Tag]v1.Im imgConfig := images.ImgConfig{ TarballPath: path, ImgList: imgList, - Insecure: p.cfg.CreateOpts.Insecure, + Insecure: config.CommonOptions.Insecure, NoLocalImages: p.cfg.CreateOpts.NoLocalImages, } diff --git a/src/pkg/packager/deploy.go b/src/pkg/packager/deploy.go index 52f6edcf69..7dfa6f7254 100644 --- a/src/pkg/packager/deploy.go +++ b/src/pkg/packager/deploy.go @@ -165,6 +165,7 @@ func (p *Packager) deployInitComponent(component types.ZarfComponent) (charts [] ImgList: []string{seedImage}, NoChecksum: true, RegInfo: p.cfg.State.RegistryInfo, + Insecure: config.CommonOptions.Insecure, } // Push the seed images into to Zarf registry @@ -386,6 +387,7 @@ func (p *Packager) pushImagesToRegistry(componentImages []string, noImgChecksum ImgList: componentImages, NoChecksum: noImgChecksum, RegInfo: p.cfg.State.RegistryInfo, + Insecure: config.CommonOptions.Insecure, } return utils.Retry(func() error { diff --git a/src/pkg/packager/network.go b/src/pkg/packager/network.go index 28f0891164..ae7de2486c 100644 --- a/src/pkg/packager/network.go +++ b/src/pkg/packager/network.go @@ -35,8 +35,8 @@ func (p *Packager) handlePackagePath() error { return p.handleSgetPackage() } - if !opts.Insecure && opts.Shasum == "" { - return fmt.Errorf("remote package provided without a shasum, use --insecure-deploy to ignore") + if !config.CommonOptions.Insecure && opts.Shasum == "" { + return fmt.Errorf("remote package provided without a shasum, use --insecure to ignore") } // Check the extension on the package is what we expect @@ -60,7 +60,7 @@ func (p *Packager) handlePackagePath() error { } // Check the shasum if necessary - if !opts.Insecure { + if !config.CommonOptions.Insecure { hasher := sha256.New() _, err = io.Copy(hasher, packageFile) if err != nil { diff --git a/src/pkg/packager/prepare.go b/src/pkg/packager/prepare.go index 4484ea0add..e76f682847 100644 --- a/src/pkg/packager/prepare.go +++ b/src/pkg/packager/prepare.go @@ -212,7 +212,7 @@ func (p *Packager) FindImages(baseDir, repoHelmChartPath string) error { if sortedImages := k8s.SortImages(maybeImages, matchedImages); len(sortedImages) > 0 { var realImages []string for _, image := range sortedImages { - if descriptor, err := crane.Head(image, config.GetCraneOptions(p.cfg.CreateOpts.Insecure)...); err != nil { + if descriptor, err := crane.Head(image, config.GetCraneOptions(config.CommonOptions.Insecure)...); err != nil { // Test if this is a real image, if not just quiet log to debug, this is normal message.Debugf("Suspected image does not appear to be valid: %#v", err) } else { diff --git a/src/test/e2e/30_config_file_test.go b/src/test/e2e/30_config_file_test.go index 172eed44f0..47828c5e30 100644 --- a/src/test/e2e/30_config_file_test.go +++ b/src/test/e2e/30_config_file_test.go @@ -66,6 +66,7 @@ func configFileDefaultTests(t *testing.T) { "Disable log file creation (default true)", "Disable fancy UI progress bars, spinners, logos, etc (default true)", "zarf_cache: 978499a5", + "Allow access to insecure registries and disable other recommended security enforcements. This flag should only be used if you have a specific reason and accept the reduced security posture.", "tmp_dir: c457359e", } @@ -87,7 +88,6 @@ func configFileDefaultTests(t *testing.T) { } packageCreateFlags := []string{ - "Allow insecure registry connections when pulling OCI images (default true)", "create.output_directory: 52d061d5", "Skip generating SBOM for this package (default true)", "[thing1=1a2b3c4d]", @@ -96,7 +96,6 @@ func configFileDefaultTests(t *testing.T) { packageDeployFlags := []string{ "deploy.components: 8d6fde37", - "Required if deploying a remote package and --shasum is not provided (default true)", "deploy.sget: ee7905de", "deploy.shasum: 7606fe19", "[thing2=2b3c4d5e]", diff --git a/src/test/zarf-config-test.toml b/src/test/zarf-config-test.toml index 2c1183d414..55bcca0fb4 100644 --- a/src/test/zarf-config-test.toml +++ b/src/test/zarf-config-test.toml @@ -4,6 +4,7 @@ no_log_file = true no_progress = true tmp_dir = 'tmp_dir: c457359e' zarf_cache = 'zarf_cache: 978499a5' +insecure = true [init] components = 'components: 359049b9' @@ -27,7 +28,6 @@ url = 'registry.url: c0ac2e47' [package] [package.create] -insecure = true output_directory = 'create.output_directory: 52d061d5' skip_sbom = true max_package_size = 42 @@ -37,7 +37,6 @@ thing1 = '1a2b3c4d' [package.deploy] components = 'deploy.components: 8d6fde37' -insecure = true sget = 'deploy.sget: ee7905de' shasum = 'deploy.shasum: 7606fe19' diff --git a/src/types/runtime.go b/src/types/runtime.go index 6e6d18e891..d03b3e8c41 100644 --- a/src/types/runtime.go +++ b/src/types/runtime.go @@ -7,13 +7,13 @@ package types // ZarfCommonOptions tracks the user-defined preferences used across commands. type ZarfCommonOptions struct { Confirm bool `json:"confirm" jsonschema:"description=Verify that Zarf should perform an action"` + Insecure bool `json:"insecure" jsonschema:"description=Allow insecure connections for remote packages"` CachePath string `json:"cachePath" jsonschema:"description=Path to use to cache images and git repos on package create"` TempDirectory string `json:"tempDirectory" jsonschema:"description=Location Zarf should use as a staging ground when managing files and images for package creation and deployment"` } // ZarfDeployOptions tracks the user-defined preferences during a package deployment. type ZarfDeployOptions struct { - Insecure bool `json:"insecure" jsonschema:"description=Allow insecure connections for remote packages"` Shasum string `json:"shasum" jsonschema:"description=The SHA256 checksum of the package to deploy"` PackagePath string `json:"packagePath" jsonschema:"description=Location where a Zarf package to deploy can be found"` Components string `json:"components" jsonschema:"description=Comma separated list of optional components to deploy"` @@ -37,7 +37,6 @@ type ZarfInitOptions struct { // ZarfCreateOptions tracks the user-defined options used to create the package. type ZarfCreateOptions struct { SkipSBOM bool `json:"skipSBOM" jsonschema:"description=Disable the generation of SBOM materials during package creation"` - Insecure bool `json:"insecure" jsonschema:"description=Disable the need for shasum validations when pulling down files from the internet"` OutputDirectory string `json:"outputDirectory" jsonschema:"description=Location where the finalized Zarf package will be placed"` ViewSBOM bool `json:"sbom" jsonschema:"description=Whether to pause to allow for viewing the SBOM post-creation"` SBOMOutputDir string `json:"sbomOutput" jsonschema:"description=Location to output an SBOM into after package creation"` diff --git a/src/ui/lib/api-types.ts b/src/ui/lib/api-types.ts index edf5435361..f1423173b7 100644 --- a/src/ui/lib/api-types.ts +++ b/src/ui/lib/api-types.ts @@ -31,10 +31,6 @@ export interface ZarfDeployOptions { * Comma separated list of optional components to deploy */ components: string; - /** - * Allow insecure connections for remote packages - */ - insecure: boolean; /** * Location where a Zarf package to deploy can be found */ @@ -742,6 +738,10 @@ export interface ZarfCommonOptions { * Verify that Zarf should perform an action */ confirm: boolean; + /** + * Allow insecure connections for remote packages + */ + insecure: boolean; /** * Location Zarf should use as a staging ground when managing files and images for package * creation and deployment @@ -750,10 +750,6 @@ export interface ZarfCommonOptions { } export interface ZarfCreateOptions { - /** - * Disable the need for shasum validations when pulling down files from the internet - */ - insecure: boolean; /** * Size of chunks to use when splitting a zarf package into multiple files in megabytes */ @@ -969,7 +965,6 @@ const typeMap: any = { ], false), "ZarfDeployOptions": o([ { json: "components", js: "components", typ: "" }, - { json: "insecure", js: "insecure", typ: true }, { json: "packagePath", js: "packagePath", typ: "" }, { json: "setVariables", js: "setVariables", typ: m("") }, { json: "sGetKeyPath", js: "sGetKeyPath", typ: "" }, @@ -1185,10 +1180,10 @@ const typeMap: any = { "ZarfCommonOptions": o([ { json: "cachePath", js: "cachePath", typ: "" }, { json: "confirm", js: "confirm", typ: true }, + { json: "insecure", js: "insecure", typ: true }, { json: "tempDirectory", js: "tempDirectory", typ: "" }, ], false), "ZarfCreateOptions": o([ - { json: "insecure", js: "insecure", typ: true }, { json: "maxPackageSizeMB", js: "maxPackageSizeMB", typ: 0 }, { json: "noLocalImages", js: "noLocalImages", typ: true }, { json: "outputDirectory", js: "outputDirectory", typ: "" },