From 645a6fb29b4b19573abd68229b195387e2940e2b Mon Sep 17 00:00:00 2001 From: Andrew Melnick Date: Sat, 16 Nov 2024 13:07:36 -0700 Subject: [PATCH] Add fields for TLS material to destination config Signed-off-by: Andrew Melnick --- docs/containers.conf.5.md | 13 +++++++++++++ pkg/config/config.go | 7 +++++++ 2 files changed, 20 insertions(+) diff --git a/docs/containers.conf.5.md b/docs/containers.conf.5.md index cf10cea22..764fdc6b8 100644 --- a/docs/containers.conf.5.md +++ b/docs/containers.conf.5.md @@ -897,11 +897,24 @@ URI to access the Podman service - **rootless remote** - ssh://user@engineering.lab.company.com/run/user/1000/podman/podman.sock - **rootful local** - unix:///run/podman/podman.sock - **rootful remote** - ssh://root@10.10.1.136:22/run/podman/podman.sock +- **tcp/tls remote** - tcp://10.10.1.136:9443 **identity="~/.ssh/id_rsa** Path to file containing ssh identity key +**tls_cert_file="~/certs/podman/tls.crt"** + +Path to PEM file containing TLS client certificate + +**tls_key_file="~/certs/podman/tls.key"** + +Path to PEM file containing TLS client certificate private key + +**tls_ca_file="~/certs/podman/ca.crt"** + +Path to PEM file containing TLS certificate authority (CA) bundle + **[engine.volume_plugins]** A table of all the enabled volume plugins on the system. Volume plugins can be diff --git a/pkg/config/config.go b/pkg/config/config.go index 2d6bf276a..623054f08 100644 --- a/pkg/config/config.go +++ b/pkg/config/config.go @@ -694,6 +694,13 @@ type Destination struct { // Identity file with ssh key, optional Identity string `json:",omitempty" toml:"identity,omitempty"` + // Path to TLS client certificate PEM file, optional + TLSCertFile string `json:",omitempty" toml:"tls_cert_file,omitempty"` + // Path to TLS client certificate private key PEM file, optional + TLSKeyFile string `json:",omitempty" toml:"tls_key_file,omitempty"` + // Path to TLS certificate authority PEM file, optional + TLSCAFile string `json:",omitempty" toml:"tls_ca_file,omitempty"` + // isMachine describes if the remote destination is a machine. IsMachine bool `json:",omitempty" toml:"is_machine,omitempty"` }