Update lifecycle to 0.0.4

- Use 'io.buildpacks.build.metadata' to fetch built image metadata - Bump Go Container Registry
buildpacks-community · Sep 16, 2019 · cc9782c · cc9782c
1 parent 6115a29
commit cc9782c
Show file tree

Hide file tree

Showing 8 changed files with 78 additions and 103 deletions.
diff --git a/Gopkg.lock b/Gopkg.lock
diff --git a/Gopkg.toml b/Gopkg.toml
@@ -14,77 +14,41 @@ required = [
   "github.com/knative/test-infra/tools/dep-collector",
 ]
 
-[[override]]
-  name = "gopkg.in/yaml.v2"
-  version = "v2.2.1"
-
-[[override]]
+[[constraint]]
   name = "github.com/knative/pkg"
   branch = "release-0.7"
 
-[[override]]
+[[constraint]]
   name = "go.uber.org/zap"
   revision = "67bc79d13d155c02fd008f721863ff8cc5f30659"
 
 [[constraint]]
-  name = "github.com/google/go-containerregistry"
-  # HEAD as of 2019-06-04
-  revision = "1c6c7f61e8a5402b606c3c6db169fdcd1b0712b7"
-
-[[override]]
   name = "k8s.io/api"
   version = "kubernetes-1.12.6"
 
-[[override]]
+[[constraint]]
   name = "k8s.io/apimachinery"
   version = "kubernetes-1.12.6"
 
-[[override]]
+[[constraint]]
   name = "k8s.io/code-generator"
   version = "kubernetes-1.12.6"
 
-[[override]]
+[[constraint]]
   name = "k8s.io/client-go"
   version = "kubernetes-1.12.6"
 
-[[override]]
-  name = "github.com/json-iterator/go"
-  version = "^1.1.6"
-  # This is the commit at which k8s depends on this in 1.11
-  # It seems to be broken at HEAD.
-
-[[override]]
-  name = "github.com/rogpeppe/go-internal"
-  # HEAD as of 2019-01-09
-  # Needed because release 1.0.0 does not contain a LICENSE file
-  revision = "4bbc89b6501cca7dd6b5557d78d70c8d2c6e8b97"
-
-[[override]]
-  name = "github.com/census-instrumentation/opencensus-proto"
-  # Needed to downgrade protobuf to v2
-  version = "v0.1.0"
-
-[prune]
-  go-tests = true
-  unused-packages = true
-  non-go = true
-
-[[prune.project]]
-  name = "k8s.io/code-generator"
-  unused-packages = false
-  non-go = false
-
-[[prune.project]]
-  name = "github.com/knative/test-infra"
-  non-go = false
-
 [[constraint]]
   name = "github.com/sclevine/spec"
   version = "1.2.0"
 
 [[constraint]]
   name = "github.com/buildpack/lifecycle"
-  version = "0.3.0"
+  version = "0.4.0"
+
+[[constraint]]
+  name = "github.com/google/go-containerregistry"
+  revision = "650bcbc276f32fe9e40263635bbf4a61a7837739"
 
 [[constraint]]
   name = "github.com/stretchr/testify"
@@ -97,7 +61,17 @@ required = [
 [[override]]
   name = "golang.org/x/net"
   revision = "3b0461eec859c4b73bb64fdc8285971fd33e3938"
-
+
+[[override]]
+  name = "gopkg.in/yaml.v2"
+  version = "v2.2.1"
+
+[[override]]
+  name = "github.com/json-iterator/go"
+  version = "^1.1.6"
+  # This is the commit at which k8s depends on this in 1.11
+  # It seems to be broken at HEAD.
+
 [[override]]
   name = "contrib.go.opencensus.io/exporter/stackdriver"
   # HEAD as of 2019-02-11
@@ -106,4 +80,23 @@ required = [
 
 [[override]]
   name = "github.com/Azure/go-autorest"
-  revision = "bca49d5b51a50dc5bb17bbf6204c711c6dbded06"
+  revision = "bca49d5b51a50dc5bb17bbf6204c711c6dbded06"
+
+[[override]]
+  name = "github.com/rogpeppe/go-internal"
+  revision = "4bbc89b6501cca7dd6b5557d78d70c8d2c6e8b97"
+
+[[override]]
+  name = "github.com/census-instrumentation/opencensus-proto"
+  # Needed to downgrade protobuf to v2
+  version = "v0.1.0"
+
+[[prune.project]]
+  name = "k8s.io/code-generator"
+  unused-packages = false
+  non-go = false
+
+[prune]
+  go-tests = true
+  unused-packages = true
+  non-go = true
diff --git a/cmd/controller/main.go b/cmd/controller/main.go
@@ -87,7 +87,7 @@ func main() {
 	podInformer := k8sInformerFactory.Core().V1().Pods()
 
 	metadataRetriever := &cnb.RemoteMetadataRetriever{
-		LifecycleImageFactory: &registry.ImageFactory{
+		RemoteImageFactory: &registry.ImageFactory{
 			KeychainFactory: secret.NewSecretKeychainFactory(k8sClient),
 		},
 	}

diff --git a/pkg/cnb/cnb_metadata.go b/pkg/cnb/cnb_metadata.go
@@ -29,11 +29,11 @@ type BuilderImage struct {
 type BuilderMetadata []BuildpackMetadata
 
 type RemoteMetadataRetriever struct {
-	LifecycleImageFactory registry.RemoteImageFactory
+	RemoteImageFactory registry.RemoteImageFactory
 }
 
 func (r *RemoteMetadataRetriever) GetBuilderImage(repo registry.ImageRef) (BuilderImage, error) {
-	img, err := r.LifecycleImageFactory.NewRemote(repo)
+	img, err := r.RemoteImageFactory.NewRemote(repo)
 	if err != nil {
 		return BuilderImage{}, errors.Wrap(err, "unable to fetch remote builder image")
 	}
@@ -62,18 +62,18 @@ func (r *RemoteMetadataRetriever) GetBuilderImage(repo registry.ImageRef) (Build
 }
 
 func (r *RemoteMetadataRetriever) GetBuiltImage(ref registry.ImageRef) (BuiltImage, error) {
-	img, err := r.LifecycleImageFactory.NewRemote(ref)
+	img, err := r.RemoteImageFactory.NewRemote(ref)
 	if err != nil {
 		return BuiltImage{}, err
 	}
 
 	var metadataJSON string
-	metadataJSON, err = img.Label(lcyclemd.AppMetadataLabel)
+	metadataJSON, err = img.Label(lcyclemd.BuildMetadataLabel)
 	if err != nil {
 		return BuiltImage{}, err
 	}
 
-	var metadata lcyclemd.AppImageMetadata
+	var metadata lcyclemd.BuildMetadata
 	err = json.Unmarshal([]byte(metadataJSON), &metadata)
 	if err != nil {
 		return BuiltImage{}, err

diff --git a/pkg/cnb/cnb_metadata_test.go b/pkg/cnb/cnb_metadata_test.go
@@ -31,7 +31,7 @@ func testMetadataRetriever(t *testing.T, when spec.G, it spec.S) {
 				imageRef := registry.NewNoAuthImageRef("test-repo-name")
 				mockFactory.NewRemoteReturns(fakeImage, nil)
 
-				subject := cnb.RemoteMetadataRetriever{LifecycleImageFactory: mockFactory}
+				subject := cnb.RemoteMetadataRetriever{RemoteImageFactory: mockFactory}
 				builderImage, err := subject.GetBuilderImage(imageRef)
 				assert.NoError(t, err)
 
@@ -47,19 +47,19 @@ func testMetadataRetriever(t *testing.T, when spec.G, it spec.S) {
 		when("GetBuiltImage", func() {
 			it("retrieves the metadata from the registry", func() {
 				fakeImage := registryfakes.NewFakeRemoteImage("index.docker.io/built/image", "sha256:dc7e5e790001c71c2cfb175854dd36e65e0b71c58294b331a519be95bdec4ef4")
-				err := fakeImage.SetLabel("io.buildpacks.lifecycle.metadata", `{"buildpacks": [{"key": "test.id", "version": "1.2.3"}]}`)
+				err := fakeImage.SetLabel("io.buildpacks.build.metadata", `{"buildpacks": [{"id": "test.id", "version": "1.2.3"}]}`)
 				assert.NoError(t, err)
 
 				fakeImageRef := registry.NewNoAuthImageRef("built/image:tag")
 				mockFactory.NewRemoteReturns(fakeImage, nil)
 
-				subject := cnb.RemoteMetadataRetriever{LifecycleImageFactory: mockFactory}
+				subject := cnb.RemoteMetadataRetriever{RemoteImageFactory: mockFactory}
 
 				result, err := subject.GetBuiltImage(fakeImageRef)
 				assert.NoError(t, err)
 
 				metadata := result.BuildpackMetadata
-				assert.Len(t, metadata, 1)
+				require.Len(t, metadata, 1)
 				assert.Equal(t, metadata[0].ID, "test.id")
 				assert.Equal(t, metadata[0].Version, "1.2.3")
 

diff --git a/pkg/dockercreds/access_checker.go b/pkg/dockercreds/access_checker.go
@@ -2,27 +2,31 @@ package dockercreds
 
 import (
 	"fmt"
+	"github.com/google/go-containerregistry/pkg/name"
 	"net/http"
 	"net/url"
 
-	lcAuth "github.com/buildpack/lifecycle/image/auth"
 	"github.com/google/go-containerregistry/pkg/authn"
 	"github.com/google/go-containerregistry/pkg/v1/remote/transport"
 	"github.com/pkg/errors"
 )
 
-func HasWriteAccess(tagName string) (bool, error) {
+func HasWriteAccess(tag string) (bool, error) {
 	keychain := authn.DefaultKeychain
 
-	ref, auth, err := lcAuth.ReferenceForRepoName(keychain, tagName)
+	var auth authn.Authenticator
+	ref, err := name.ParseReference(tag, name.WeakValidation)
 	if err != nil {
-		return false, errors.WithStack(err)
+		return false, err
 	}
 
-	recordingTransport := &unAuthorizedWithoutErrorCodeTransportChecker{}
+	auth, err = keychain.Resolve(ref.Context().Registry)
+	if err != nil {
+		return false, err
+	}
 
 	scopes := []string{ref.Scope(transport.PushScope)}
-	tr, err := transport.New(ref.Context().Registry, auth, recordingTransport, scopes)
+	tr, err := transport.New(ref.Context().Registry, auth, http.DefaultTransport, scopes)
 	if err != nil {
 		if transportError, ok := err.(*transport.Error); ok {
 			for _, diagnosticError := range transportError.Errors {
@@ -31,7 +35,7 @@ func HasWriteAccess(tagName string) (bool, error) {
 				}
 			}
 
-			if recordingTransport.wasRequestUnauthorized() {
+			if transportError.StatusCode == 401 {
 				return false, nil
 			}
 		}
@@ -60,21 +64,3 @@ func HasWriteAccess(tagName string) (bool, error) {
 
 	return true, nil
 }
-
-type unAuthorizedWithoutErrorCodeTransportChecker struct {
-	isToken401 bool
-}
-
-func (h *unAuthorizedWithoutErrorCodeTransportChecker) RoundTrip(r *http.Request) (*http.Response, error) {
-	response, err := http.DefaultTransport.RoundTrip(r)
-
-	if _, isTokenFetchRequest := r.Header["Authorization"]; isTokenFetchRequest && response != nil {
-		h.isToken401 = response.StatusCode == 401
-	}
-
-	return response, err
-}
-
-func (h *unAuthorizedWithoutErrorCodeTransportChecker) wasRequestUnauthorized() bool {
-	return h.isToken401
-}
diff --git a/pkg/dockercreds/docker_creds.go b/pkg/dockercreds/docker_creds.go
@@ -7,13 +7,12 @@ import (
 	"strings"
 
 	"github.com/google/go-containerregistry/pkg/authn"
-	"github.com/google/go-containerregistry/pkg/name"
 	"github.com/pkg/errors"
 )
 
 type DockerCreds map[string]entry
 
-func (c DockerCreds) Resolve(reg name.Registry) (authn.Authenticator, error) {
+func (c DockerCreds) Resolve(reg authn.Resource) (authn.Authenticator, error) {
 	for registry, entry := range c {
 		if RegistryMatch(reg.RegistryStr(), registry) {
 			if entry.Auth != "" {

diff --git a/pkg/secret/secrets_keychain.go b/pkg/secret/secrets_keychain.go
@@ -2,7 +2,6 @@ package secret
 
 import (
 	"github.com/google/go-containerregistry/pkg/authn"
-	"github.com/google/go-containerregistry/pkg/name"
 	k8sclient "k8s.io/client-go/kubernetes"
 
 	"github.com/pivotal/kpack/pkg/apis/build/v1alpha1"
@@ -29,7 +28,7 @@ type pullSecretKeychain struct {
 	secretManager *SecretManager
 }
 
-func (k *pullSecretKeychain) Resolve(registry name.Registry) (authn.Authenticator, error) {
+func (k *pullSecretKeychain) Resolve(registry authn.Resource) (authn.Authenticator, error) {
 	base64Auth, err := k.secretManager.SecretForImagePull(k.imageRef.Namespace(), k.imageRef.SecretName(), registry.RegistryStr())
 	if err != nil {
 		return nil, err
@@ -42,8 +41,8 @@ type serviceAccountKeychain struct {
 	secretManager *SecretManager
 }
 
-func (k *serviceAccountKeychain) Resolve(reg name.Registry) (authn.Authenticator, error) {
-	creds, err := k.secretManager.SecretForServiceAccountAndURL(k.imageRef.ServiceAccount(), k.imageRef.Namespace(), reg.RegistryStr())
+func (k *serviceAccountKeychain) Resolve(res authn.Resource) (authn.Authenticator, error) {
+	creds, err := k.secretManager.SecretForServiceAccountAndURL(k.imageRef.ServiceAccount(), k.imageRef.Namespace(), res.RegistryStr())
 	if err != nil {
 		return nil, err
 	}
@@ -64,6 +63,6 @@ func (f *SecretKeychainFactory) KeychainForImageRef(ref registry.ImageRef) authn
 type anonymousKeychain struct {
 }
 
-func (anonymousKeychain) Resolve(name.Registry) (authn.Authenticator, error) {
+func (anonymousKeychain) Resolve(authn.Resource) (authn.Authenticator, error) {
 	return authn.Anonymous, nil
 }