From 6115a296d8b0adb6aa25944b92a08adcf0b30dea Mon Sep 17 00:00:00 2001 From: Matthew McNew Date: Mon, 16 Sep 2019 11:03:20 -0600 Subject: [PATCH 1/3] Remove dependency on buildpack/imgutil - Create GGCRImage that implements RemoteImage interface - Fixes #128 --- Gopkg.lock | 187 +++++------------- Gopkg.toml | 5 - pkg/apis/build/v1alpha1/build.go | 4 + pkg/apis/build/v1alpha1/builder.go | 2 +- pkg/apis/build/v1alpha1/cluster_builder.go | 2 +- pkg/cnb/cnb_metadata.go | 4 +- pkg/cnb/cnb_metadata_test.go | 20 +- pkg/cnb/file_permission_setup_test.go | 16 +- pkg/registry/ggcr_image.go | 109 ++++++++++ pkg/registry/ggcr_image_test.go | 75 +++++++ pkg/registry/image_factory.go | 21 +- .../registryfakes/fake_remote_image.go | 50 +++++ pkg/secret/secrets_keychain_test.go | 2 +- test/execute_build_test.go | 27 +-- 14 files changed, 321 insertions(+), 203 deletions(-) create mode 100644 pkg/registry/ggcr_image.go create mode 100644 pkg/registry/ggcr_image_test.go create mode 100644 pkg/registry/registryfakes/fake_remote_image.go diff --git a/Gopkg.lock b/Gopkg.lock index 8cdd81c30..b7575efb4 100644 --- a/Gopkg.lock +++ b/Gopkg.lock @@ -2,7 +2,7 @@ [[projects]] - digest = "1:f6ccdf5e57ed8c3ac16c1a674a083da022e747df28ae6967f5b10b42b8d201aa" + digest = "1:e6f7738f08f5e1fc785f0c69c5f0a26b21959de2ea771e00ca260a66ccdf1934" name = "cloud.google.com/go" packages = [ "compute/metadata", @@ -10,8 +10,8 @@ "trace/apiv2", ] pruneopts = "NUT" - revision = "ceeb313ad77b789a7fa5287b36a1d127b69b7093" - version = "v0.44.3" + revision = "6e28f1c34522dae46e9c37119b78c54471b13ac8" + version = "v0.46.2" [[projects]] digest = "1:b6eb7c2538ec2999a072c0e372a18d7b7e3aedac249f26e159586fa5f892909f" @@ -36,17 +36,6 @@ pruneopts = "NUT" revision = "bca49d5b51a50dc5bb17bbf6204c711c6dbded06" -[[projects]] - digest = "1:4816836c291b7f2a0da7deefa679ef234be8ad845a199ed2e48779234536cefa" - name = "github.com/Microsoft/go-winio" - packages = [ - ".", - "pkg/guid", - ] - pruneopts = "NUT" - revision = "6c72808b55902eae4c5943626030429ff20f3b63" - version = "v0.4.14" - [[projects]] branch = "master" digest = "1:c3e9dc7218d3339c0f7a8abfadfa34077a28b953cb09df3231ec70da93a1e33f" @@ -56,7 +45,7 @@ revision = "9c5fe88206d7765837fed3732a42ef88fc51f1a1" [[projects]] - digest = "1:f1ab924a7d8bc5b6dd17ed8f34eb95ac1551bf0a88e63642e26e394cd79cbb08" + digest = "1:259c5c19af5382636394a1ac2ef01c861edd730a223539ebd6d34f7a3faf6974" name = "github.com/aws/aws-sdk-go" packages = [ "aws", @@ -79,6 +68,7 @@ "aws/signer/v4", "internal/ini", "internal/sdkio", + "internal/sdkmath", "internal/sdkrand", "internal/sdkuri", "internal/shareddefaults", @@ -92,8 +82,8 @@ "service/sts/stsiface", ] pruneopts = "NUT" - revision = "b19b0776ce26bb4b6825fd6f06a25ec9d4beba30" - version = "v1.23.0" + revision = "c859aef60e66333774073fe9a17921bb18ac69dd" + version = "v1.23.22" [[projects]] digest = "1:707ebe952a8b3d00b343c01536c79c73771d100f63ec6babeaed5c79e2b8a8dd" @@ -104,18 +94,15 @@ version = "v1.0.1" [[projects]] - digest = "1:5cece0cbb34eacee32a60ade179899b9175793ff2aa42e5d217140a8f01925a8" + branch = "master" + digest = "1:0380c5595b81a848927d702f918b77ae4d23377b2cc910c1138de5321c0598f4" name = "github.com/buildpack/imgutil" - packages = [ - ".", - "fakes", - "remote", - ] + packages = ["."] pruneopts = "NUT" - revision = "1f31ed20483a84a33484db37c125df7778692ed6" + revision = "36282d0caea7f9a6e6369dcc147390a90a6df4b1" [[projects]] - digest = "1:4c067d96eae7ea6634a536c2c223690c912cfd1c8a7ba8885fdf623eafc4c84e" + digest = "1:77a1f5aa24def37af94d1ce8e0d95ec942cbe8fb8fa75e6b74316e42396a3731" name = "github.com/buildpack/lifecycle" packages = [ "cmd", @@ -123,8 +110,8 @@ "metadata", ] pruneopts = "NUT" - revision = "4f14ca20ee105b60862fc76f80e088ca832b023d" - version = "v0.4.0" + revision = "a927d830e69e5cd2f207ea69cd99034cb34c5302" + version = "v0.3.0" [[projects]] digest = "1:fa965c1fd0f17153f608037e109e62104058bc1d08d44849867795fd306fa8b8" @@ -154,62 +141,6 @@ revision = "06ea1031745cb8b3dab3f6a236daf2b0aa468b7e" version = "v3.2.0" -[[projects]] - digest = "1:4ddc17aeaa82cb18c5f0a25d7c253a10682f518f4b2558a82869506eec223d76" - name = "github.com/docker/distribution" - packages = [ - "digestset", - "reference", - ] - pruneopts = "NUT" - revision = "2461543d988979529609e8cb6fca9ca190dc48da" - version = "v2.7.1" - -[[projects]] - digest = "1:b68599a3121a71063743f22a860c840e13eb3ba7a8dffdb57edb0507b19f5fbe" - name = "github.com/docker/docker" - packages = [ - "api/types", - "api/types/blkiodev", - "api/types/container", - "api/types/events", - "api/types/filters", - "api/types/mount", - "api/types/network", - "api/types/reference", - "api/types/registry", - "api/types/strslice", - "api/types/swarm", - "api/types/time", - "api/types/versions", - "api/types/volume", - "client", - "pkg/tlsconfig", - ] - pruneopts = "NUT" - revision = "092cba3727bb9b4a2f0e922cd6c0f93ea270e363" - version = "v1.13.1" - -[[projects]] - digest = "1:2a47f7eb1a2c30428d1ee6808cb66d4deb17e68a3e55d696f03c8068552ba5e8" - name = "github.com/docker/go-connections" - packages = [ - "nat", - "sockets", - "tlsconfig", - ] - pruneopts = "NUT" - revision = "7395e3f8aa162843a74ed6d48e79627d9792ac55" - version = "v0.4.0" - -[[projects]] - digest = "1:97176fe8a268479a527d08df458c269dc27abf59c1643807d4e36398cbd9ef2d" - name = "github.com/docker/go-units" - packages = ["."] - pruneopts = "NUT" - revision = "519db1ee28dcc9fd2474ae59fca29a810482bfb1" - version = "v0.4.0" - [[projects]] digest = "1:b498b36dbb2b306d1c5205ee5236c9e60352be8f9eea9bf08186723a9f75b4f3" name = "github.com/emirpasic/gods" @@ -242,15 +173,15 @@ version = "v1.0.0" [[projects]] - digest = "1:a1b2a5e38f79688ee8250942d5fa960525fceb1024c855c7bc76fa77b0f3cca2" + digest = "1:633dde05baa7afd3544cfe4ac16fe3c5450b868cfc6b1558621ee39ebf2273ea" name = "github.com/gogo/protobuf" packages = [ "proto", "sortkeys", ] pruneopts = "NUT" - revision = "ba06b47c162d49f2af050fb4c75bcbc86a159d5c" - version = "v1.2.1" + revision = "0ca988a254f991240804bf9821f3450d87ccbb1b" + version = "v1.3.0" [[projects]] branch = "master" @@ -309,20 +240,15 @@ revision = "6f77996f0c42f7b84e5a2b252227263f93432e9b" [[projects]] - digest = "1:476ba1ddf3f2329d3677f84c2b5e7d3635465ec5d85bc70050cbead931dda760" + digest = "1:6c8f3d94681aabfdfa54f67e4bba7fa2fb19f0d12f16d0dd1aa7db3dc47d078d" name = "github.com/google/go-containerregistry" packages = [ "pkg/authn", "pkg/name", "pkg/v1", - "pkg/v1/empty", - "pkg/v1/mutate", "pkg/v1/partial", - "pkg/v1/random", "pkg/v1/remote", "pkg/v1/remote/transport", - "pkg/v1/stream", - "pkg/v1/tarball", "pkg/v1/types", "pkg/v1/v1util", ] @@ -369,7 +295,7 @@ version = "v2.0.5" [[projects]] - digest = "1:459a00967aaf06edff3228e128dd243d7c91b0fc11ad2f7ceaa98f094bf66796" + digest = "1:5e092394bed250d7fda36cef8b7e1d22bb2d5f71878bbb137be5fc1c2705f965" name = "github.com/googleapis/gnostic" packages = [ "OpenAPIv2", @@ -377,8 +303,8 @@ "extensions", ] pruneopts = "NUT" - revision = "e73c7ec21d36ddb0711cb36d1502d18363b5c2c9" - version = "v0.3.0" + revision = "ab0dd09aa10e2952b28e12ecd35681b20463ebab" + version = "v0.3.1" [[projects]] digest = "1:80230022ab481c6688b237550bc45017d9d2abfc19e4916e2ce344d24f613a6d" @@ -393,8 +319,8 @@ "pagination", ] pruneopts = "NUT" - revision = "0398b0cd16bfffade0883973c745180adbbe8918" - version = "v0.3.0" + revision = "a84f8b330d669c6dff53ee9743a7579ac9541b69" + version = "v0.4.0" [[projects]] branch = "master" @@ -487,14 +413,14 @@ [[projects]] branch = "master" - digest = "1:39bb1014c454fbf9d8f4eab62a44fcf8d3ade774e2b42015e533e5d9f3fe23d9" + digest = "1:8088406ae072aec06ed42e61e872c4029fc2ab5d77484160877c17d74b822306" name = "github.com/knative/test-infra" packages = [ "scripts", "tools/dep-collector", ] pruneopts = "UT" - revision = "f44c3d6efdefc56f146fd1e4f3fcdc3d22524f9f" + revision = "d5c56732c050b2064c3ee498ede1e04136933314" [[projects]] digest = "1:7b21c7fc5551b46d1308b4ffa9e9e49b66c7a8b0ba88c0130474b0e7a20d859f" @@ -552,14 +478,6 @@ revision = "4b7aa43c6742a2c18fdef89dd197aaae7dac7ccd" version = "1.0.1" -[[projects]] - digest = "1:e0cc8395ea893c898ff5eb0850f4d9851c1f57c78c232304a026379a47a552d0" - name = "github.com/opencontainers/go-digest" - packages = ["."] - pruneopts = "NUT" - revision = "279bed98673dd5bef374d3b6e4b09e2af76183bf" - version = "v1.0.0-rc1" - [[projects]] digest = "1:93b1d84c5fa6d1ea52f4114c37714cddd84d5b78f151b62bb101128dd51399bf" name = "github.com/pborman/uuid" @@ -621,7 +539,7 @@ revision = "14fe0d1b01d4d5fc031dd4bec1823bd3ebbe8016" [[projects]] - digest = "1:d03ca24670416dc8fccc78b05d6736ec655416ca7db0a028e8fb92cfdfe3b55e" + digest = "1:98278956c7c550efc75a027e528aa51743f06fd0e33613d7ed224432a11e5ecf" name = "github.com/prometheus/common" packages = [ "expfmt", @@ -629,19 +547,20 @@ "model", ] pruneopts = "NUT" - revision = "31bed53e4047fd6c510e43a941f90cb31be0972a" - version = "v0.6.0" + revision = "287d3e634a1e550c9e463dd7e5a75a422c614505" + version = "v0.7.0" [[projects]] - digest = "1:19305fc369377c111c865a7a01e11c675c57c52a932353bbd4ea360bd5b72d99" + digest = "1:bbbacd138cb711e328390a2d4bfaca1a41a8575f3c893450bf2ea1b74acdc7be" name = "github.com/prometheus/procfs" packages = [ ".", "internal/fs", + "internal/util", ] pruneopts = "NUT" - revision = "3f98efb27840a48a7a2898ec80be07674d19f9c8" - version = "v0.0.3" + revision = "499c85531f756d1129edd26485a5f73871eeb308" + version = "v0.0.5" [[projects]] digest = "1:cae4aa895a1d90db10fdcb2b21871823aa97e069bc36a7463d146a4dcb1afa07" @@ -760,7 +679,7 @@ [[projects]] branch = "master" - digest = "1:2d4cab5a9ea650aa99394d7e768e280f0cfc1d0b7c0fa08f2447391ab1eb5480" + digest = "1:7f5484d2022018b65e5fcd7acaa2636d70b2f8831c47c24c8539d28ca6cfa301" name = "golang.org/x/crypto" packages = [ "cast5", @@ -782,7 +701,7 @@ "ssh/terminal", ] pruneopts = "NUT" - revision = "4def268fd1a49955bfb3dda92fe3db4f924f2285" + revision = "227b76d455e791cb042b03e633e2f7fbcfdf74a5" [[projects]] digest = "1:dd2f25ad5e3c07e336b543c88c8c690e3f56082a80d23b725b6ee8b96960ac8d" @@ -825,11 +744,11 @@ "semaphore", ] pruneopts = "NUT" - revision = "112230192c580c3556b8cee6403af37a4fc5f28c" + revision = "cd5d95a43a6e21273425c7ae415d3df9ea832eeb" [[projects]] branch = "master" - digest = "1:0288cbca859e66ab17946cdba35d3f9f11a4723e2004bfcc5710a08b6e7cd499" + digest = "1:8582ac983f11ee829582b7488fd6763f393f6052e518637ec58c6f84f5346485" name = "golang.org/x/sys" packages = [ "cpu", @@ -837,7 +756,7 @@ "windows", ] pruneopts = "NUT" - revision = "fde4db37ae7ad8191b03d30d27f258b5291ae4e3" + revision = "8a69140bde95ee56138cac9d942a13d472e4188d" [[projects]] digest = "1:8d8faad6b12a3a4c819a3f9618cb6ee1fa1cfc33253abeeea8b55336721e3405" @@ -874,7 +793,7 @@ [[projects]] branch = "master" - digest = "1:a41ab92ef14095a045e22b0a6b90acc2c024fc081160dd3ceed9f2b18b7d5435" + digest = "1:4d07cfa65b1661b24c43340cb1b8f5721caef6216917f0c59aff23e498c5d7b3" name = "golang.org/x/tools" packages = [ "go/ast/astutil", @@ -891,7 +810,7 @@ "internal/semver", ] pruneopts = "NUT" - revision = "97f12d73768f0481c12570ed574cf04a8879b04b" + revision = "3512ebf574070dbaaeb934f514c1a9ba1330b8f0" [[projects]] branch = "master" @@ -909,7 +828,7 @@ "transport/http/internal/propagation", ] pruneopts = "NUT" - revision = "954df90885a21cbb22088134ab537facda86943c" + revision = "5d8ab9c8e5e8beffc7e6f9968c5d3e390a883464" [[projects]] digest = "1:a955e7c44c2be14b61aa2ddda744edfdfbc6817e993703a16e303c277ba84449" @@ -929,8 +848,8 @@ "urlfetch", ] pruneopts = "NUT" - revision = "b2f4a3cf3c67576a2ee09e1fe62656a5086ce880" - version = "v1.6.1" + revision = "5f2a59506353b8d5ba8cbbcd9f3c1f41f1eaf079" + version = "v1.6.2" [[projects]] branch = "master" @@ -949,10 +868,10 @@ "protobuf/field_mask", ] pruneopts = "NUT" - revision = "fa694d86fc64c7654a660f8908de4e879866748d" + revision = "1774047e7e5133fa3573a4e51b37a586b6b0360c" [[projects]] - digest = "1:2e20cc8120747b862c7a415722466b9599d1e720d186ca2d441e27826822a3fe" + digest = "1:a9e3ffaf92b09cc18bbb3155e5a24a0576ac4b82c4b60fb17f0d087109155d67" name = "google.golang.org/grpc" packages = [ ".", @@ -1001,16 +920,16 @@ "tap", ] pruneopts = "NUT" - revision = "6eaf6f47437a6b4e2153a190160ef39a92c7eceb" - version = "v1.23.0" + revision = "39e8a7b072a67ca2a75f57fa2e0d50995f5b22f6" + version = "v1.23.1" [[projects]] branch = "v1" - digest = "1:1ac47b19a2ad8287a4c6e91630355d63646c480c32f2bbee757a850dabe90bc8" + digest = "1:d4f2248479f9e20953fa78e6052bb2eac501ff0ac1888d35a4df6a89822d9259" name = "gopkg.in/check.v1" packages = ["."] pruneopts = "NUT" - revision = "788fd78401277ebd861206a03c884797c6ec5541" + revision = "41f04d3bba152ddec2103e299fed053415705330" [[projects]] digest = "1:2d1fbdc6777e5408cabeb02bf336305e724b925ff4546ded0fa8715a7267922a" @@ -1417,7 +1336,7 @@ [[projects]] branch = "master" - digest = "1:b3e2f0e1c912c26e82156e4170f9a90f414bd39258c2d7b96a1457df3dd1eb88" + digest = "1:572984b077226ccb4756018e9d2599dd91d5f202cab58a0d09bea0e0bf9dd9fe" name = "k8s.io/gengo" packages = [ "args", @@ -1430,7 +1349,7 @@ "types", ] pruneopts = "NUT" - revision = "955ffa8fcfc983717cd9de5d2a1e9f5c465f4376" + revision = "ebc107f98eab922ef99d645781b87caca01f4f48" [[projects]] digest = "1:c05ad592787fc6cdacf8c5309d826561aa4a7d9e4e7ea28660dfb2c77ff68ab0" @@ -1446,15 +1365,12 @@ name = "k8s.io/kube-openapi" packages = ["pkg/util/proto"] pruneopts = "NUT" - revision = "5e22f3d471e6f24ca20becfdffdc6206c7cecac8" + revision = "743ec37842bffe49dd4221d9026f30fb1d5adbc4" [solve-meta] analyzer-name = "dep" analyzer-version = 1 input-imports = [ - "github.com/buildpack/imgutil", - "github.com/buildpack/imgutil/fakes", - "github.com/buildpack/imgutil/remote", "github.com/buildpack/lifecycle/image/auth", "github.com/buildpack/lifecycle/metadata", "github.com/google/go-cmp/cmp", @@ -1469,7 +1385,6 @@ "github.com/knative/pkg/controller", "github.com/knative/pkg/kmeta", "github.com/knative/pkg/reconciler/testing", - "github.com/knative/pkg/tracker", "github.com/knative/test-infra/scripts", "github.com/knative/test-infra/tools/dep-collector", "github.com/pkg/errors", diff --git a/Gopkg.toml b/Gopkg.toml index 12c9d138a..d805a2679 100644 --- a/Gopkg.toml +++ b/Gopkg.toml @@ -12,7 +12,6 @@ required = [ "k8s.io/code-generator/cmd/informer-gen", "github.com/knative/test-infra/scripts", "github.com/knative/test-infra/tools/dep-collector", - "github.com/buildpack/imgutil", ] [[override]] @@ -99,10 +98,6 @@ required = [ name = "golang.org/x/net" revision = "3b0461eec859c4b73bb64fdc8285971fd33e3938" -[[override]] - name = "github.com/buildpack/imgutil" - revision = "1f31ed20483a84a33484db37c125df7778692ed6" - [[override]] name = "contrib.go.opencensus.io/exporter/stackdriver" # HEAD as of 2019-02-11 diff --git a/pkg/apis/build/v1alpha1/build.go b/pkg/apis/build/v1alpha1/build.go index 726aad8d0..fd1702438 100644 --- a/pkg/apis/build/v1alpha1/build.go +++ b/pkg/apis/build/v1alpha1/build.go @@ -35,6 +35,10 @@ func (b *Build) ServiceAccount() string { return b.Spec.ServiceAccount } +func (b *Build) Identifier() string { + return b.Tag() +} + func (b *Build) Tag() string { return b.Spec.Tags[0] } diff --git a/pkg/apis/build/v1alpha1/builder.go b/pkg/apis/build/v1alpha1/builder.go index 657aec741..b141882d5 100644 --- a/pkg/apis/build/v1alpha1/builder.go +++ b/pkg/apis/build/v1alpha1/builder.go @@ -31,7 +31,7 @@ func (b *Builder) Namespace() string { return b.ObjectMeta.Namespace } -func (b *Builder) Tag() string { +func (b *Builder) Identifier() string { return b.Spec.Image } diff --git a/pkg/apis/build/v1alpha1/cluster_builder.go b/pkg/apis/build/v1alpha1/cluster_builder.go index d1d9baaf4..1bd209c88 100644 --- a/pkg/apis/build/v1alpha1/cluster_builder.go +++ b/pkg/apis/build/v1alpha1/cluster_builder.go @@ -12,7 +12,7 @@ func (in *ClusterBuilder) Namespace() string { return "" } -func (in *ClusterBuilder) Tag() string { +func (in *ClusterBuilder) Identifier() string { return in.Spec.Image } diff --git a/pkg/cnb/cnb_metadata.go b/pkg/cnb/cnb_metadata.go index c60c89bf9..15bd92988 100644 --- a/pkg/cnb/cnb_metadata.go +++ b/pkg/cnb/cnb_metadata.go @@ -57,7 +57,7 @@ func (r *RemoteMetadataRetriever) GetBuilderImage(repo registry.ImageRef) (Build return BuilderImage{ BuilderBuildpackMetadata: metadata.Buildpacks, - Identifier: identifier.String(), + Identifier: identifier, }, nil } @@ -90,7 +90,7 @@ func (r *RemoteMetadataRetriever) GetBuiltImage(ref registry.ImageRef) (BuiltIma } return BuiltImage{ - Identifier: identifier.String(), + Identifier: identifier, CompletedAt: imageCreatedAt, BuildpackMetadata: metadata.Buildpacks, }, nil diff --git a/pkg/cnb/cnb_metadata_test.go b/pkg/cnb/cnb_metadata_test.go index d5fd3745a..2118fc414 100644 --- a/pkg/cnb/cnb_metadata_test.go +++ b/pkg/cnb/cnb_metadata_test.go @@ -3,9 +3,6 @@ package cnb_test import ( "testing" - "github.com/buildpack/imgutil/fakes" - "github.com/buildpack/imgutil/remote" - "github.com/google/go-containerregistry/pkg/name" "github.com/sclevine/spec" "github.com/stretchr/testify/assert" "github.com/stretchr/testify/require" @@ -27,12 +24,8 @@ func testMetadataRetriever(t *testing.T, when spec.G, it spec.S) { when("RemoteMetadataRetriever", func() { when("retrieving from a builder image", func() { it("gets buildpacks from a local image", func() { - digest, err := name.NewDigest("builder/image:tag@sha256:2bc85afc0ee0aec012b3889cf5f2e9690bb504c9d19ce90add2f415b85990895") - require.NoError(t, err) - fakeImage := fakes.NewImage("builder/image:tag", "topLayerSha", remote.DigestIdentifier{ - Digest: digest, - }) - err = fakeImage.SetLabel("io.buildpacks.builder.metadata", `{"buildpacks": [{"id": "test.id", "version": "1.2.3"}]}`) + fakeImage := registryfakes.NewFakeRemoteImage("index.docker.io/builder/image", "sha256:2bc85afc0ee0aec012b3889cf5f2e9690bb504c9d19ce90add2f415b85990895") + err := fakeImage.SetLabel("io.buildpacks.builder.metadata", `{"buildpacks": [{"id": "test.id", "version": "1.2.3"}]}`) assert.NoError(t, err) imageRef := registry.NewNoAuthImageRef("test-repo-name") @@ -53,13 +46,8 @@ func testMetadataRetriever(t *testing.T, when spec.G, it spec.S) { when("GetBuiltImage", func() { it("retrieves the metadata from the registry", func() { - digest, err := name.NewDigest("built/image:tag@sha256:dc7e5e790001c71c2cfb175854dd36e65e0b71c58294b331a519be95bdec4ef4") - require.NoError(t, err) - - fakeImage := fakes.NewImage("built/image:tag", "topLayerSha", remote.DigestIdentifier{ - Digest: digest, - }) - err = fakeImage.SetLabel("io.buildpacks.lifecycle.metadata", `{"buildpacks": [{"key": "test.id", "version": "1.2.3"}]}`) + fakeImage := registryfakes.NewFakeRemoteImage("index.docker.io/built/image", "sha256:dc7e5e790001c71c2cfb175854dd36e65e0b71c58294b331a519be95bdec4ef4") + err := fakeImage.SetLabel("io.buildpacks.lifecycle.metadata", `{"buildpacks": [{"key": "test.id", "version": "1.2.3"}]}`) assert.NoError(t, err) fakeImageRef := registry.NewNoAuthImageRef("built/image:tag") diff --git a/pkg/cnb/file_permission_setup_test.go b/pkg/cnb/file_permission_setup_test.go index f2bd8f1c1..193e77ed1 100644 --- a/pkg/cnb/file_permission_setup_test.go +++ b/pkg/cnb/file_permission_setup_test.go @@ -6,14 +6,13 @@ import ( "os" "testing" - "github.com/buildpack/imgutil/fakes" - "github.com/google/go-containerregistry/pkg/name" - "github.com/pivotal/kpack/pkg/cnb" - "github.com/pivotal/kpack/pkg/registry" - "github.com/pivotal/kpack/pkg/registry/registryfakes" "github.com/sclevine/spec" "github.com/stretchr/testify/assert" "github.com/stretchr/testify/require" + + "github.com/pivotal/kpack/pkg/cnb" + "github.com/pivotal/kpack/pkg/registry" + "github.com/pivotal/kpack/pkg/registry/registryfakes" ) func TestFilePermissionSetup(t *testing.T) { @@ -38,10 +37,7 @@ func testFilePermissionSetup(t *testing.T, when spec.G, it spec.S) { when("#setup", func() { it("sets the owner of all requested", func() { - digest, err := name.NewDigest("some/builder:tag@sha256:2bc85afc0ee0aec012b3889cf5f2e9690bb504c9d19ce90add2f415b85990895") - require.NoError(t, err) - - fakeImage := fakes.NewImage("some/builder", "topLayerSha", digest) + fakeImage := registryfakes.NewFakeRemoteImage("some/builder", "2bc85afc0ee0aec012b3889cf5f2e9690bb504c9d19ce90add2f415b85990895") require.NoError(t, fakeImage.SetEnv("CNB_USER_ID", "1234")) require.NoError(t, fakeImage.SetEnv("CNB_GROUP_ID", "5678")) @@ -55,7 +51,7 @@ func testFilePermissionSetup(t *testing.T, when spec.G, it spec.S) { RemoteImageFactory: fakeRemoteImageFactory, Chowner: chowner, } - err = filePermissionSetup.Setup("builder/builder", testVolume) + err := filePermissionSetup.Setup("builder/builder", testVolume) require.NoError(t, err) require.Equal(t, chowner.chowned[testVolume], "1234:5678") diff --git a/pkg/registry/ggcr_image.go b/pkg/registry/ggcr_image.go new file mode 100644 index 000000000..ee4c5d41f --- /dev/null +++ b/pkg/registry/ggcr_image.go @@ -0,0 +1,109 @@ +package registry + +import ( + "fmt" + "net/http" + "strings" + "time" + + "github.com/google/go-containerregistry/pkg/authn" + "github.com/google/go-containerregistry/pkg/name" + v1 "github.com/google/go-containerregistry/pkg/v1" + "github.com/google/go-containerregistry/pkg/v1/remote" + "github.com/pkg/errors" +) + +type GoContainerRegistryImage struct { + image v1.Image + repoName string +} + +func NewGoContainerRegistryImage(repoName string, keychain authn.Keychain) (*GoContainerRegistryImage, error) { + image, err := newV1Image(keychain, repoName) + if err != nil { + return nil, err + } + + ri := &GoContainerRegistryImage{ + repoName: repoName, + image: image, + } + + return ri, nil +} + +func newV1Image(keychain authn.Keychain, repoName string) (v1.Image, error) { + var auth authn.Authenticator + ref, err := name.ParseReference(repoName, name.WeakValidation) + if err != nil { + return nil, errors.Wrapf(err, "parse reference '%s'", repoName) + } + + auth, err = keychain.Resolve(ref.Context().Registry) + if err != nil { + return nil, errors.Wrapf(err, "resolving keychain for '%s'", ref.Context().Registry) + } + + image, err := remote.Image(ref, remote.WithAuth(auth), remote.WithTransport(http.DefaultTransport)) + if err != nil { + return nil, errors.Wrapf(err, "connect to registry store '%s'", repoName) + } + + return image, nil +} + +func (i *GoContainerRegistryImage) CreatedAt() (time.Time, error) { + cfg, err := i.configFile() + if err != nil { + return time.Time{}, err + } + return cfg.Created.UTC(), nil +} + +func (i *GoContainerRegistryImage) Env(key string) (string, error) { + cfg, err := i.configFile() + if err != nil { + return "", err + } + for _, envVar := range cfg.Config.Env { + parts := strings.Split(envVar, "=") + if parts[0] == key { + return parts[1], nil + } + } + return "", nil +} + +func (i *GoContainerRegistryImage) Label(key string) (string, error) { + cfg, err := i.configFile() + if err != nil { + return "", err + } + labels := cfg.Config.Labels + return labels[key], nil +} + +func (i *GoContainerRegistryImage) Identifier() (string, error) { + ref, err := name.ParseReference(i.repoName, name.WeakValidation) + if err != nil { + return "", err + } + + digest, err := i.image.Digest() + if err != nil { + return "", errors.Wrapf(err, "failed to get digest for image '%s'", i.repoName) + } + + return fmt.Sprintf("%s@%s", ref.Context().Name(), digest), nil +} + +func (i *GoContainerRegistryImage) configFile() (*v1.ConfigFile, error) { + cfg, err := i.image.ConfigFile() + if err != nil { + return nil, errors.Wrapf(err, "failed to get config for image '%s'", i.repoName) + } else if cfg == nil { + return nil, errors.Errorf("failed to get config for image '%s'", i.repoName) + } + + return cfg, nil +} diff --git a/pkg/registry/ggcr_image_test.go b/pkg/registry/ggcr_image_test.go new file mode 100644 index 000000000..5dc1b6e03 --- /dev/null +++ b/pkg/registry/ggcr_image_test.go @@ -0,0 +1,75 @@ +package registry_test + +import ( + "testing" + "time" + + "github.com/google/go-containerregistry/pkg/authn" + "github.com/sclevine/spec" + "github.com/stretchr/testify/require" + + "github.com/pivotal/kpack/pkg/registry" +) + +func TestGGCRImage(t *testing.T) { + spec.Run(t, "GGCR Image", testGGCRImage) +} + +func testGGCRImage(t *testing.T, when spec.G, it spec.S) { + when("#CreatedAt", func() { + it("returns created at from the image", func() { + image, err := registry.NewGoContainerRegistryImage("cloudfoundry/cnb:bionic@sha256:33c3ad8676530f864d51d78483b510334ccc4f03368f7f5bb9d517ff4cbd630f", authn.DefaultKeychain) + require.NoError(t, err) + + createdAt, err := image.CreatedAt() + require.NoError(t, err) + + require.NotEqual(t, time.Time{}, createdAt) + }) + }) + + when("#Label", func() { + it("returns created at from the image", func() { + image, err := registry.NewGoContainerRegistryImage("cloudfoundry/cnb:bionic@sha256:33c3ad8676530f864d51d78483b510334ccc4f03368f7f5bb9d517ff4cbd630f", authn.DefaultKeychain) + require.NoError(t, err) + + metadata, err := image.Label("io.buildpacks.builder.metadata") + require.NoError(t, err) + + require.NotEmpty(t, metadata) + }) + }) + + when("#Env", func() { + it("returns created at from the image", func() { + image, err := registry.NewGoContainerRegistryImage("cloudfoundry/cnb:bionic@sha256:33c3ad8676530f864d51d78483b510334ccc4f03368f7f5bb9d517ff4cbd630f", authn.DefaultKeychain) + require.NoError(t, err) + + cnbUserId, err := image.Env("CNB_USER_ID") + require.NoError(t, err) + + require.NotEmpty(t, cnbUserId) + }) + }) + + when("#identifer", func() { + it("includes digest if repoName does not have a digest", func() { + image, err := registry.NewGoContainerRegistryImage("cloudfoundry/cnb:bionic", authn.DefaultKeychain) + require.NoError(t, err) + + identifier, err := image.Identifier() + require.NoError(t, err) + require.Len(t, identifier, 104) + require.Equal(t, identifier[0:40], "index.docker.io/cloudfoundry/cnb@sha256:") + }) + + it("includes digest if repoName already has a digest", func() { + image, err := registry.NewGoContainerRegistryImage("cloudfoundry/cnb:bionic@sha256:33c3ad8676530f864d51d78483b510334ccc4f03368f7f5bb9d517ff4cbd630f", authn.DefaultKeychain) + require.NoError(t, err) + + identifier, err := image.Identifier() + require.NoError(t, err) + require.Equal(t, identifier, "index.docker.io/cloudfoundry/cnb@sha256:33c3ad8676530f864d51d78483b510334ccc4f03368f7f5bb9d517ff4cbd630f") + }) + }) +} diff --git a/pkg/registry/image_factory.go b/pkg/registry/image_factory.go index 6fa4749e8..8ecccf92b 100644 --- a/pkg/registry/image_factory.go +++ b/pkg/registry/image_factory.go @@ -3,10 +3,7 @@ package registry import ( "time" - "github.com/buildpack/imgutil" - "github.com/buildpack/imgutil/remote" "github.com/google/go-containerregistry/pkg/authn" - "github.com/pkg/errors" ) type ImageFactory struct { @@ -14,8 +11,8 @@ type ImageFactory struct { } func (f *ImageFactory) NewRemote(imageRef ImageRef) (RemoteImage, error) { - remote, err := remote.NewImage(imageRef.Tag(), f.KeychainFactory.KeychainForImageRef(imageRef), remote.FromBaseImage(imageRef.Tag())) - return remote, errors.Wrapf(err, "could not create remote image from ref %s", imageRef.Tag()) + remoteImage, err := NewGoContainerRegistryImage(imageRef.Identifier(), f.KeychainFactory.KeychainForImageRef(imageRef)) + return remoteImage, err } type KeychainFactory interface { @@ -25,25 +22,25 @@ type KeychainFactory interface { type ImageRef interface { ServiceAccount() string Namespace() string - Tag() string + Identifier() string HasSecret() bool SecretName() string } type noAuthImageRef struct { - repoName string + identifier string } func (na *noAuthImageRef) SecretName() string { return "" } -func NewNoAuthImageRef(repoName string) *noAuthImageRef { - return &noAuthImageRef{repoName: repoName} +func NewNoAuthImageRef(identifier string) *noAuthImageRef { + return &noAuthImageRef{identifier: identifier} } -func (na *noAuthImageRef) Tag() string { - return na.repoName +func (na *noAuthImageRef) Identifier() string { + return na.identifier } func (noAuthImageRef) ServiceAccount() string { @@ -60,7 +57,7 @@ func (noAuthImageRef) Namespace() string { type RemoteImage interface { CreatedAt() (time.Time, error) - Identifier() (imgutil.Identifier, error) + Identifier() (string, error) Label(labelName string) (string, error) Env(key string) (string, error) } diff --git a/pkg/registry/registryfakes/fake_remote_image.go b/pkg/registry/registryfakes/fake_remote_image.go new file mode 100644 index 000000000..68fea331c --- /dev/null +++ b/pkg/registry/registryfakes/fake_remote_image.go @@ -0,0 +1,50 @@ +package registryfakes + +import ( + "fmt" + "time" +) + +func NewFakeRemoteImage(image string, digest string) *FakeRemoteImage { + return &FakeRemoteImage{ + image: image, + digest: digest, + labels: make(map[string]string), + env: make(map[string]string), + createdAt: time.Now(), + } +} + +type FakeRemoteImage struct { + image string + digest string + labels map[string]string + env map[string]string + createdAt time.Time +} + +func (f *FakeRemoteImage) CreatedAt() (time.Time, error) { + return f.createdAt, nil +} + +func (f *FakeRemoteImage) Identifier() (string, error) { + return fmt.Sprintf("%s@%s", f.image, f.digest), nil +} + +func (f *FakeRemoteImage) Label(k string) (string, error) { + return f.labels[k], nil +} + +func (f *FakeRemoteImage) Env(k string) (string, error) { + return f.env[k], nil +} + +func (f *FakeRemoteImage) SetLabel(k string, v string) error { + f.labels[k] = v + return nil +} + +func (i *FakeRemoteImage) SetEnv(k string, v string) error { + i.env[k] = v + return nil +} diff --git a/pkg/secret/secrets_keychain_test.go b/pkg/secret/secrets_keychain_test.go index a645f0273..0faf63f16 100644 --- a/pkg/secret/secrets_keychain_test.go +++ b/pkg/secret/secrets_keychain_test.go @@ -100,7 +100,7 @@ func (f *fakeImageRef) Namespace() string { return f.namespace } -func (f *fakeImageRef) Tag() string { +func (f *fakeImageRef) Identifier() string { return "NOT-NEEDED" } diff --git a/test/execute_build_test.go b/test/execute_build_test.go index e7d58c421..a12bfd823 100644 --- a/test/execute_build_test.go +++ b/test/execute_build_test.go @@ -7,7 +7,6 @@ import ( "testing" "time" - imgremote "github.com/buildpack/imgutil/remote" "github.com/google/go-containerregistry/pkg/authn" "github.com/google/go-containerregistry/pkg/name" "github.com/google/go-containerregistry/pkg/v1/remote" @@ -22,6 +21,7 @@ import ( "github.com/pivotal/kpack/pkg/apis/build/v1alpha1" "github.com/pivotal/kpack/pkg/logs" + "github.com/pivotal/kpack/pkg/registry" ) func TestCreateImage(t *testing.T) { @@ -225,7 +225,7 @@ func validateImageCreate(t *testing.T, clients *clients, imageTag, imageName, te }() t.Logf("Waiting for image '%s' to be created", imageTag) - eventually(t, imageExists(t, imageTag), 5*time.Second, 5*time.Minute) + eventually(t, imageExists(imageTag), 5*time.Second, 5*time.Minute) assert.Contains(t, logTail.String(), fmt.Sprintf("%s - succeeded", imageTag)) @@ -241,26 +241,15 @@ func validateImageCreate(t *testing.T, clients *clients, imageTag, imageName, te assert.Equal(t, expectedResources, pod.Spec.Containers[0].Resources) } -func imageExists(t *testing.T, name string) func() bool { +func imageExists(name string) func() bool { return func() bool { - _, found := imageSha(t, name) - return found - } -} - -func imageSha(t *testing.T, name string) (string, bool) { - remoteImage, err := imgremote.NewImage(name, authn.DefaultKeychain) - require.NoError(t, err) + _, err := registry.NewGoContainerRegistryImage(name, authn.DefaultKeychain) + if err != nil { + return false + } - found := remoteImage.Found() - if !found { - return "", found + return true } - - digest, err := remoteImage.Identifier() - require.NoError(t, err) - - return digest.String(), found } func deleteImageTag(t *testing.T, deleteImageTag string) { From cc9782caf90269cb25adb974042c4ebf8879712f Mon Sep 17 00:00:00 2001 From: Matthew McNew Date: Mon, 16 Sep 2019 14:11:34 -0600 Subject: [PATCH 2/3] Update lifecycle to 0.0.4 - Use 'io.buildpacks.build.metadata' to fetch built image metadata - Bump Go Container Registry --- Gopkg.lock | 24 ++++----- Gopkg.toml | 89 ++++++++++++++----------------- cmd/controller/main.go | 2 +- pkg/cnb/cnb_metadata.go | 10 ++-- pkg/cnb/cnb_metadata_test.go | 8 +-- pkg/dockercreds/access_checker.go | 36 ++++--------- pkg/dockercreds/docker_creds.go | 3 +- pkg/secret/secrets_keychain.go | 9 ++-- 8 files changed, 78 insertions(+), 103 deletions(-) diff --git a/Gopkg.lock b/Gopkg.lock index b7575efb4..26c9d87db 100644 --- a/Gopkg.lock +++ b/Gopkg.lock @@ -102,16 +102,12 @@ revision = "36282d0caea7f9a6e6369dcc147390a90a6df4b1" [[projects]] - digest = "1:77a1f5aa24def37af94d1ce8e0d95ec942cbe8fb8fa75e6b74316e42396a3731" + digest = "1:04576b73a5c3db22756988358485c264d6560b171e66bba9b2d4152b3eee4c0a" name = "github.com/buildpack/lifecycle" - packages = [ - "cmd", - "image/auth", - "metadata", - ] + packages = ["metadata"] pruneopts = "NUT" - revision = "a927d830e69e5cd2f207ea69cd99034cb34c5302" - version = "v0.3.0" + revision = "4f14ca20ee105b60862fc76f80e088ca832b023d" + version = "v0.4.0" [[projects]] digest = "1:fa965c1fd0f17153f608037e109e62104058bc1d08d44849867795fd306fa8b8" @@ -240,10 +236,13 @@ revision = "6f77996f0c42f7b84e5a2b252227263f93432e9b" [[projects]] - digest = "1:6c8f3d94681aabfdfa54f67e4bba7fa2fb19f0d12f16d0dd1aa7db3dc47d078d" + digest = "1:0868b736949c82d5ce7806e83b32d9f98ca458ad4e7c66d560430c0f205ef459" name = "github.com/google/go-containerregistry" packages = [ "pkg/authn", + "pkg/internal/retry", + "pkg/internal/retry/wait", + "pkg/logs", "pkg/name", "pkg/v1", "pkg/v1/partial", @@ -253,7 +252,7 @@ "pkg/v1/v1util", ] pruneopts = "NUT" - revision = "1c6c7f61e8a5402b606c3c6db169fdcd1b0712b7" + revision = "650bcbc276f32fe9e40263635bbf4a61a7837739" [[projects]] digest = "1:52c5834e2bebac9030c97cc0798ac11c3aa8a39f098aeb419f142533da6cd3cc" @@ -413,13 +412,13 @@ [[projects]] branch = "master" - digest = "1:8088406ae072aec06ed42e61e872c4029fc2ab5d77484160877c17d74b822306" + digest = "1:b42d6255c0409854d64f4ece0d64e8fcf963f93299408e017fd367d05fb297c1" name = "github.com/knative/test-infra" packages = [ "scripts", "tools/dep-collector", ] - pruneopts = "UT" + pruneopts = "NUT" revision = "d5c56732c050b2064c3ee498ede1e04136933314" [[projects]] @@ -1371,7 +1370,6 @@ analyzer-name = "dep" analyzer-version = 1 input-imports = [ - "github.com/buildpack/lifecycle/image/auth", "github.com/buildpack/lifecycle/metadata", "github.com/google/go-cmp/cmp", "github.com/google/go-cmp/cmp/cmpopts", diff --git a/Gopkg.toml b/Gopkg.toml index d805a2679..9f41fc991 100644 --- a/Gopkg.toml +++ b/Gopkg.toml @@ -14,77 +14,41 @@ required = [ "github.com/knative/test-infra/tools/dep-collector", ] -[[override]] - name = "gopkg.in/yaml.v2" - version = "v2.2.1" - -[[override]] +[[constraint]] name = "github.com/knative/pkg" branch = "release-0.7" -[[override]] +[[constraint]] name = "go.uber.org/zap" revision = "67bc79d13d155c02fd008f721863ff8cc5f30659" [[constraint]] - name = "github.com/google/go-containerregistry" - # HEAD as of 2019-06-04 - revision = "1c6c7f61e8a5402b606c3c6db169fdcd1b0712b7" - -[[override]] name = "k8s.io/api" version = "kubernetes-1.12.6" -[[override]] +[[constraint]] name = "k8s.io/apimachinery" version = "kubernetes-1.12.6" -[[override]] +[[constraint]] name = "k8s.io/code-generator" version = "kubernetes-1.12.6" -[[override]] +[[constraint]] name = "k8s.io/client-go" version = "kubernetes-1.12.6" -[[override]] - name = "github.com/json-iterator/go" - version = "^1.1.6" - # This is the commit at which k8s depends on this in 1.11 - # It seems to be broken at HEAD. - -[[override]] - name = "github.com/rogpeppe/go-internal" - # HEAD as of 2019-01-09 - # Needed because release 1.0.0 does not contain a LICENSE file - revision = "4bbc89b6501cca7dd6b5557d78d70c8d2c6e8b97" - -[[override]] - name = "github.com/census-instrumentation/opencensus-proto" - # Needed to downgrade protobuf to v2 - version = "v0.1.0" - -[prune] - go-tests = true - unused-packages = true - non-go = true - -[[prune.project]] - name = "k8s.io/code-generator" - unused-packages = false - non-go = false - -[[prune.project]] - name = "github.com/knative/test-infra" - non-go = false - [[constraint]] name = "github.com/sclevine/spec" version = "1.2.0" [[constraint]] name = "github.com/buildpack/lifecycle" - version = "0.3.0" + version = "0.4.0" + +[[constraint]] + name = "github.com/google/go-containerregistry" + revision = "650bcbc276f32fe9e40263635bbf4a61a7837739" [[constraint]] name = "github.com/stretchr/testify" @@ -97,7 +61,17 @@ required = [ [[override]] name = "golang.org/x/net" revision = "3b0461eec859c4b73bb64fdc8285971fd33e3938" - + +[[override]] + name = "gopkg.in/yaml.v2" + version = "v2.2.1" + +[[override]] + name = "github.com/json-iterator/go" + version = "^1.1.6" + # This is the commit at which k8s depends on this in 1.11 + # It seems to be broken at HEAD. + [[override]] name = "contrib.go.opencensus.io/exporter/stackdriver" # HEAD as of 2019-02-11 @@ -106,4 +80,23 @@ required = [ [[override]] name = "github.com/Azure/go-autorest" - revision = "bca49d5b51a50dc5bb17bbf6204c711c6dbded06" \ No newline at end of file + revision = "bca49d5b51a50dc5bb17bbf6204c711c6dbded06" + +[[override]] + name = "github.com/rogpeppe/go-internal" + revision = "4bbc89b6501cca7dd6b5557d78d70c8d2c6e8b97" + +[[override]] + name = "github.com/census-instrumentation/opencensus-proto" + # Needed to downgrade protobuf to v2 + version = "v0.1.0" + +[[prune.project]] + name = "k8s.io/code-generator" + unused-packages = false + non-go = false + +[prune] + go-tests = true + unused-packages = true + non-go = true diff --git a/cmd/controller/main.go b/cmd/controller/main.go index ce5f3fe8e..555faa32a 100644 --- a/cmd/controller/main.go +++ b/cmd/controller/main.go @@ -87,7 +87,7 @@ func main() { podInformer := k8sInformerFactory.Core().V1().Pods() metadataRetriever := &cnb.RemoteMetadataRetriever{ - LifecycleImageFactory: ®istry.ImageFactory{ + RemoteImageFactory: ®istry.ImageFactory{ KeychainFactory: secret.NewSecretKeychainFactory(k8sClient), }, } diff --git a/pkg/cnb/cnb_metadata.go b/pkg/cnb/cnb_metadata.go index 15bd92988..f3877b86a 100644 --- a/pkg/cnb/cnb_metadata.go +++ b/pkg/cnb/cnb_metadata.go @@ -29,11 +29,11 @@ type BuilderImage struct { type BuilderMetadata []BuildpackMetadata type RemoteMetadataRetriever struct { - LifecycleImageFactory registry.RemoteImageFactory + RemoteImageFactory registry.RemoteImageFactory } func (r *RemoteMetadataRetriever) GetBuilderImage(repo registry.ImageRef) (BuilderImage, error) { - img, err := r.LifecycleImageFactory.NewRemote(repo) + img, err := r.RemoteImageFactory.NewRemote(repo) if err != nil { return BuilderImage{}, errors.Wrap(err, "unable to fetch remote builder image") } @@ -62,18 +62,18 @@ func (r *RemoteMetadataRetriever) GetBuilderImage(repo registry.ImageRef) (Build } func (r *RemoteMetadataRetriever) GetBuiltImage(ref registry.ImageRef) (BuiltImage, error) { - img, err := r.LifecycleImageFactory.NewRemote(ref) + img, err := r.RemoteImageFactory.NewRemote(ref) if err != nil { return BuiltImage{}, err } var metadataJSON string - metadataJSON, err = img.Label(lcyclemd.AppMetadataLabel) + metadataJSON, err = img.Label(lcyclemd.BuildMetadataLabel) if err != nil { return BuiltImage{}, err } - var metadata lcyclemd.AppImageMetadata + var metadata lcyclemd.BuildMetadata err = json.Unmarshal([]byte(metadataJSON), &metadata) if err != nil { return BuiltImage{}, err diff --git a/pkg/cnb/cnb_metadata_test.go b/pkg/cnb/cnb_metadata_test.go index 2118fc414..3351bee86 100644 --- a/pkg/cnb/cnb_metadata_test.go +++ b/pkg/cnb/cnb_metadata_test.go @@ -31,7 +31,7 @@ func testMetadataRetriever(t *testing.T, when spec.G, it spec.S) { imageRef := registry.NewNoAuthImageRef("test-repo-name") mockFactory.NewRemoteReturns(fakeImage, nil) - subject := cnb.RemoteMetadataRetriever{LifecycleImageFactory: mockFactory} + subject := cnb.RemoteMetadataRetriever{RemoteImageFactory: mockFactory} builderImage, err := subject.GetBuilderImage(imageRef) assert.NoError(t, err) @@ -47,19 +47,19 @@ func testMetadataRetriever(t *testing.T, when spec.G, it spec.S) { when("GetBuiltImage", func() { it("retrieves the metadata from the registry", func() { fakeImage := registryfakes.NewFakeRemoteImage("index.docker.io/built/image", "sha256:dc7e5e790001c71c2cfb175854dd36e65e0b71c58294b331a519be95bdec4ef4") - err := fakeImage.SetLabel("io.buildpacks.lifecycle.metadata", `{"buildpacks": [{"key": "test.id", "version": "1.2.3"}]}`) + err := fakeImage.SetLabel("io.buildpacks.build.metadata", `{"buildpacks": [{"id": "test.id", "version": "1.2.3"}]}`) assert.NoError(t, err) fakeImageRef := registry.NewNoAuthImageRef("built/image:tag") mockFactory.NewRemoteReturns(fakeImage, nil) - subject := cnb.RemoteMetadataRetriever{LifecycleImageFactory: mockFactory} + subject := cnb.RemoteMetadataRetriever{RemoteImageFactory: mockFactory} result, err := subject.GetBuiltImage(fakeImageRef) assert.NoError(t, err) metadata := result.BuildpackMetadata - assert.Len(t, metadata, 1) + require.Len(t, metadata, 1) assert.Equal(t, metadata[0].ID, "test.id") assert.Equal(t, metadata[0].Version, "1.2.3") diff --git a/pkg/dockercreds/access_checker.go b/pkg/dockercreds/access_checker.go index 02d820f11..d92a4cd3b 100644 --- a/pkg/dockercreds/access_checker.go +++ b/pkg/dockercreds/access_checker.go @@ -2,27 +2,31 @@ package dockercreds import ( "fmt" + "github.com/google/go-containerregistry/pkg/name" "net/http" "net/url" - lcAuth "github.com/buildpack/lifecycle/image/auth" "github.com/google/go-containerregistry/pkg/authn" "github.com/google/go-containerregistry/pkg/v1/remote/transport" "github.com/pkg/errors" ) -func HasWriteAccess(tagName string) (bool, error) { +func HasWriteAccess(tag string) (bool, error) { keychain := authn.DefaultKeychain - ref, auth, err := lcAuth.ReferenceForRepoName(keychain, tagName) + var auth authn.Authenticator + ref, err := name.ParseReference(tag, name.WeakValidation) if err != nil { - return false, errors.WithStack(err) + return false, err } - recordingTransport := &unAuthorizedWithoutErrorCodeTransportChecker{} + auth, err = keychain.Resolve(ref.Context().Registry) + if err != nil { + return false, err + } scopes := []string{ref.Scope(transport.PushScope)} - tr, err := transport.New(ref.Context().Registry, auth, recordingTransport, scopes) + tr, err := transport.New(ref.Context().Registry, auth, http.DefaultTransport, scopes) if err != nil { if transportError, ok := err.(*transport.Error); ok { for _, diagnosticError := range transportError.Errors { @@ -31,7 +35,7 @@ func HasWriteAccess(tagName string) (bool, error) { } } - if recordingTransport.wasRequestUnauthorized() { + if transportError.StatusCode == 401 { return false, nil } } @@ -60,21 +64,3 @@ func HasWriteAccess(tagName string) (bool, error) { return true, nil } - -type unAuthorizedWithoutErrorCodeTransportChecker struct { - isToken401 bool -} - -func (h *unAuthorizedWithoutErrorCodeTransportChecker) RoundTrip(r *http.Request) (*http.Response, error) { - response, err := http.DefaultTransport.RoundTrip(r) - - if _, isTokenFetchRequest := r.Header["Authorization"]; isTokenFetchRequest && response != nil { - h.isToken401 = response.StatusCode == 401 - } - - return response, err -} - -func (h *unAuthorizedWithoutErrorCodeTransportChecker) wasRequestUnauthorized() bool { - return h.isToken401 -} diff --git a/pkg/dockercreds/docker_creds.go b/pkg/dockercreds/docker_creds.go index 3f23b6053..34c361fa2 100644 --- a/pkg/dockercreds/docker_creds.go +++ b/pkg/dockercreds/docker_creds.go @@ -7,13 +7,12 @@ import ( "strings" "github.com/google/go-containerregistry/pkg/authn" - "github.com/google/go-containerregistry/pkg/name" "github.com/pkg/errors" ) type DockerCreds map[string]entry -func (c DockerCreds) Resolve(reg name.Registry) (authn.Authenticator, error) { +func (c DockerCreds) Resolve(reg authn.Resource) (authn.Authenticator, error) { for registry, entry := range c { if RegistryMatch(reg.RegistryStr(), registry) { if entry.Auth != "" { diff --git a/pkg/secret/secrets_keychain.go b/pkg/secret/secrets_keychain.go index 5d48ea93c..0985c61b7 100644 --- a/pkg/secret/secrets_keychain.go +++ b/pkg/secret/secrets_keychain.go @@ -2,7 +2,6 @@ package secret import ( "github.com/google/go-containerregistry/pkg/authn" - "github.com/google/go-containerregistry/pkg/name" k8sclient "k8s.io/client-go/kubernetes" "github.com/pivotal/kpack/pkg/apis/build/v1alpha1" @@ -29,7 +28,7 @@ type pullSecretKeychain struct { secretManager *SecretManager } -func (k *pullSecretKeychain) Resolve(registry name.Registry) (authn.Authenticator, error) { +func (k *pullSecretKeychain) Resolve(registry authn.Resource) (authn.Authenticator, error) { base64Auth, err := k.secretManager.SecretForImagePull(k.imageRef.Namespace(), k.imageRef.SecretName(), registry.RegistryStr()) if err != nil { return nil, err @@ -42,8 +41,8 @@ type serviceAccountKeychain struct { secretManager *SecretManager } -func (k *serviceAccountKeychain) Resolve(reg name.Registry) (authn.Authenticator, error) { - creds, err := k.secretManager.SecretForServiceAccountAndURL(k.imageRef.ServiceAccount(), k.imageRef.Namespace(), reg.RegistryStr()) +func (k *serviceAccountKeychain) Resolve(res authn.Resource) (authn.Authenticator, error) { + creds, err := k.secretManager.SecretForServiceAccountAndURL(k.imageRef.ServiceAccount(), k.imageRef.Namespace(), res.RegistryStr()) if err != nil { return nil, err } @@ -64,6 +63,6 @@ func (f *SecretKeychainFactory) KeychainForImageRef(ref registry.ImageRef) authn type anonymousKeychain struct { } -func (anonymousKeychain) Resolve(name.Registry) (authn.Authenticator, error) { +func (anonymousKeychain) Resolve(authn.Resource) (authn.Authenticator, error) { return authn.Anonymous, nil } From 3ee8d250cebed8b6b69bd810a0989b7c346cd782 Mon Sep 17 00:00:00 2001 From: Matthew McNew Date: Mon, 16 Sep 2019 14:14:56 -0600 Subject: [PATCH 3/3] Rename imageRef.Identifier -> imageRef.Image - Prevents confusing Identifier object on builder/build types --- pkg/apis/build/v1alpha1/build.go | 2 +- pkg/apis/build/v1alpha1/builder.go | 2 +- pkg/apis/build/v1alpha1/cluster_builder.go | 2 +- pkg/dockercreds/access_checker.go | 2 +- pkg/registry/image_factory.go | 6 +++--- pkg/secret/secrets_keychain_test.go | 2 +- 6 files changed, 8 insertions(+), 8 deletions(-) diff --git a/pkg/apis/build/v1alpha1/build.go b/pkg/apis/build/v1alpha1/build.go index fd1702438..5ca8932b5 100644 --- a/pkg/apis/build/v1alpha1/build.go +++ b/pkg/apis/build/v1alpha1/build.go @@ -35,7 +35,7 @@ func (b *Build) ServiceAccount() string { return b.Spec.ServiceAccount } -func (b *Build) Identifier() string { +func (b *Build) Image() string { return b.Tag() } diff --git a/pkg/apis/build/v1alpha1/builder.go b/pkg/apis/build/v1alpha1/builder.go index b141882d5..689b17d92 100644 --- a/pkg/apis/build/v1alpha1/builder.go +++ b/pkg/apis/build/v1alpha1/builder.go @@ -31,7 +31,7 @@ func (b *Builder) Namespace() string { return b.ObjectMeta.Namespace } -func (b *Builder) Identifier() string { +func (b *Builder) Image() string { return b.Spec.Image } diff --git a/pkg/apis/build/v1alpha1/cluster_builder.go b/pkg/apis/build/v1alpha1/cluster_builder.go index 1bd209c88..36fe68401 100644 --- a/pkg/apis/build/v1alpha1/cluster_builder.go +++ b/pkg/apis/build/v1alpha1/cluster_builder.go @@ -12,7 +12,7 @@ func (in *ClusterBuilder) Namespace() string { return "" } -func (in *ClusterBuilder) Identifier() string { +func (in *ClusterBuilder) Image() string { return in.Spec.Image } diff --git a/pkg/dockercreds/access_checker.go b/pkg/dockercreds/access_checker.go index d92a4cd3b..bf2ebaf1b 100644 --- a/pkg/dockercreds/access_checker.go +++ b/pkg/dockercreds/access_checker.go @@ -2,11 +2,11 @@ package dockercreds import ( "fmt" - "github.com/google/go-containerregistry/pkg/name" "net/http" "net/url" "github.com/google/go-containerregistry/pkg/authn" + "github.com/google/go-containerregistry/pkg/name" "github.com/google/go-containerregistry/pkg/v1/remote/transport" "github.com/pkg/errors" ) diff --git a/pkg/registry/image_factory.go b/pkg/registry/image_factory.go index 8ecccf92b..a60b0bdb7 100644 --- a/pkg/registry/image_factory.go +++ b/pkg/registry/image_factory.go @@ -11,7 +11,7 @@ type ImageFactory struct { } func (f *ImageFactory) NewRemote(imageRef ImageRef) (RemoteImage, error) { - remoteImage, err := NewGoContainerRegistryImage(imageRef.Identifier(), f.KeychainFactory.KeychainForImageRef(imageRef)) + remoteImage, err := NewGoContainerRegistryImage(imageRef.Image(), f.KeychainFactory.KeychainForImageRef(imageRef)) return remoteImage, err } @@ -22,7 +22,7 @@ type KeychainFactory interface { type ImageRef interface { ServiceAccount() string Namespace() string - Identifier() string + Image() string HasSecret() bool SecretName() string } @@ -39,7 +39,7 @@ func NewNoAuthImageRef(identifier string) *noAuthImageRef { return &noAuthImageRef{identifier: identifier} } -func (na *noAuthImageRef) Identifier() string { +func (na *noAuthImageRef) Image() string { return na.identifier } diff --git a/pkg/secret/secrets_keychain_test.go b/pkg/secret/secrets_keychain_test.go index 0faf63f16..17001e702 100644 --- a/pkg/secret/secrets_keychain_test.go +++ b/pkg/secret/secrets_keychain_test.go @@ -100,7 +100,7 @@ func (f *fakeImageRef) Namespace() string { return f.namespace } -func (f *fakeImageRef) Identifier() string { +func (f *fakeImageRef) Image() string { return "NOT-NEEDED" }