Skip to content

Commit

Permalink
Adding a nop-op when trying to check access for run-image against the…
Browse files Browse the repository at this point in the history 
… daemon

Signed-off-by: Juan Bustamante <jbustamante@vmware.com>
  • Loading branch information
@jjbustamante
jjbustamante committed Mar 8, 2024
1 parent ff3ad2b commit 176235b
Show file tree
Hide file tree
Showing 6 changed files with 62 additions and 17 deletions.
5 changes: 4 additions & 1 deletion internal/fakes/fake_access_checker.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -8,7 +8,10 @@ func NewFakeAccessChecker() *FakeAccessChecker {
return &FakeAccessChecker{}
}

func (f *FakeAccessChecker) Check(repo string) bool {
func (f *FakeAccessChecker) Check(repo string, publish bool) bool {
if !publish {
return true
}
for _, toFail := range f.RegistriesToFail {
if toFail == repo {
return false
Expand Down
2 changes: 1 addition & 1 deletion pkg/client/client.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -84,7 +84,7 @@ type BuildpackDownloader interface {

// AccessChecker is an interface for checking remote images for read access
type AccessChecker interface {
Check(repo string) bool
Check(repo string, publish bool) bool
}

// Client is an orchestration object, it contains all parameters needed to
Expand Down
9 changes: 5 additions & 4 deletions pkg/client/common.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -44,6 +44,7 @@ func (c *Client) resolveRunImage(runImage, imgRegistry, bldrRegistry string, run
runImageMetadata.Image,
runImageMetadata.Mirrors,
additionalMirrors[runImageMetadata.Image],
publish,
accessChecker,
)

Expand Down Expand Up @@ -108,8 +109,8 @@ func contains(slc []string, v string) bool {
return false
}

func getBestRunMirror(registry string, runImage string, mirrors []string, preferredMirrors []string, accessChecker AccessChecker) string {
runImageList := filterImageList(append(append(append([]string{}, preferredMirrors...), runImage), mirrors...), accessChecker)
func getBestRunMirror(registry string, runImage string, mirrors []string, preferredMirrors []string, publish bool, accessChecker AccessChecker) string {
runImageList := filterImageList(append(append(append([]string{}, preferredMirrors...), runImage), mirrors...), publish, accessChecker)
for _, img := range runImageList {
ref, err := name.ParseReference(img, name.WeakValidation)
if err != nil {
Expand All @@ -127,11 +128,11 @@ func getBestRunMirror(registry string, runImage string, mirrors []string, prefer
return runImage
}

func filterImageList(imageList []string, accessChecker AccessChecker) []string {
func filterImageList(imageList []string, publish bool, accessChecker AccessChecker) []string {
var accessibleImages []string

for i, img := range imageList {
if accessChecker.Check(img) {
if accessChecker.Check(img, publish) {
accessibleImages = append(accessibleImages, imageList[i])
}
}
Expand Down
27 changes: 24 additions & 3 deletions pkg/client/common_test.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -131,9 +131,30 @@ func testCommon(t *testing.T, when spec.G, it spec.S) {
accessChecker.RegistriesToFail = nil
})

it("selects the first accessible run-image", func() {
runImageName := subject.resolveRunImage("", gcrRegistry, defaultRegistry, stackInfo.RunImage, nil, true, accessChecker)
assert.Equal(runImageName, defaultMirror)
when("publish is true", func() {
it("selects the first accessible run-image", func() {
runImageName := subject.resolveRunImage("", gcrRegistry, defaultRegistry, stackInfo.RunImage, nil, true, accessChecker)
assert.Equal(runImageName, defaultMirror)
})
})

when("publish is false", func() {
it.Before(func() {
stackInfo = builder.StackMetadata{
RunImage: builder.RunImageMetadata{
Image: "stack/run-image",
},
}
accessChecker.RegistriesToFail = []string{
stackInfo.RunImage.Image,
}
})

it("selects the given run-image", func() {
// issue: https://github.com/buildpacks/pack/issues/2078
runImageName := subject.resolveRunImage("", "", "", stackInfo.RunImage, nil, false, accessChecker)
assert.Equal(runImageName, "stack/run-image")
})
})
})
})
Expand Down
7 changes: 6 additions & 1 deletion pkg/image/access_checker.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -25,7 +25,12 @@ func NewAccessChecker(logger logging.Logger, keychain authn.Keychain) *Checker {
return checker
}

func (c *Checker) Check(repo string) bool {
func (c *Checker) Check(repo string, publish bool) bool {
if !publish {
// nop checker, we are running against the daemon
return true
}

img, err := remote.NewImage(repo, c.keychain)
if err != nil {
return false
Expand Down
29 changes: 22 additions & 7 deletions pkg/image/access_checker_test.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -19,16 +19,31 @@ func TestChecker(t *testing.T) {

func testChecker(t *testing.T, when spec.G, it spec.S) {
when("#Check", func() {
it("fails when checking dummy image", func() {
buf := &bytes.Buffer{}
when("publish is false", func() {
// issue: https://github.com/buildpacks/pack/issues/2078
it("returns true", func() {
buf := &bytes.Buffer{}

keychain, err := auth.DefaultKeychain("pack.test/dummy")
h.AssertNil(t, err)
keychain, err := auth.DefaultKeychain("pack-test/dummy")
h.AssertNil(t, err)

ic := image.NewAccessChecker(logging.NewSimpleLogger(buf), keychain)
ic := image.NewAccessChecker(logging.NewSimpleLogger(buf), keychain)
h.AssertTrue(t, ic.Check("pack.test/dummy", false))
})
})

when("publish is true", func() {
it("fails when checking dummy image", func() {
buf := &bytes.Buffer{}

keychain, err := auth.DefaultKeychain("pack.test/dummy")
h.AssertNil(t, err)

ic := image.NewAccessChecker(logging.NewSimpleLogger(buf), keychain)

h.AssertFalse(t, ic.Check("pack.test/dummy"))
h.AssertContains(t, buf.String(), "DEBUG: CheckReadAccess failed for the run image pack.test/dummy")
h.AssertFalse(t, ic.Check("pack.test/dummy", true))
h.AssertContains(t, buf.String(), "DEBUG: CheckReadAccess failed for the run image pack.test/dummy")
})
})
})
}

0 comments on commit 176235b

Please sign in to comment.