Merge pull request #2397 from neolit123/1.21-add-config-blob-check-ma…

…nifest-lists test/e2e/manifests: update for 1.21
kubernetes · Mar 4, 2021 · 623bae9 · 623bae9
2 parents 8230fe5 + 916dfe6
commit 623bae9
Show file tree

Hide file tree

Showing 2 changed files with 26 additions and 17 deletions.
diff --git a/tests/e2e/manifests/verify_manifest_lists.go b/tests/e2e/manifests/verify_manifest_lists.go
@@ -109,6 +109,10 @@ var (
 
 // bellow are some types as per the docker specs.
 
+type archContents struct {
+	Architecture string `json:"architecture"`
+}
+
 type imageLayer struct {
 	MediaType string `json:"mediaType"`
 	Size      int    `json:"size"`
@@ -297,10 +301,6 @@ func getImageVersions(ver *version.Version, images map[string]string) error {
 	images["kube-proxy"] = k8sVersionV
 	images["etcd"] = ""
 	images["pause"] = ""
-	// TODO(neolit123): kube-dns is being deprecated eventually [*].
-	images["k8s-dns-kube-dns"] = ""
-	images["k8s-dns-sidecar"] = ""
-	images["k8s-dns-dnsmasq-nanny"] = ""
 
 	// images outside the scope of kubeadm, but still using the k8s version
 
@@ -343,13 +343,6 @@ func getImageVersions(ver *version.Version, images map[string]string) error {
 			line = strings.Split(line, "PauseVersion = ")[1]
 			line = strings.Replace(line, `"`, "", -1)
 			images["pause"] = line
-		} else if strings.Contains(line, "KubeDNSVersion = ") { // [*]
-			line = strings.TrimSpace(line)
-			line = strings.Split(line, "KubeDNSVersion = ")[1]
-			line = strings.Replace(line, `"`, "", -1)
-			images["k8s-dns-kube-dns"] = line
-			images["k8s-dns-sidecar"] = line
-			images["k8s-dns-dnsmasq-nanny"] = line
 		}
 	}
 	// hardcode the tag for pause as older k8s branches lack a constant.
@@ -358,18 +351,18 @@ func getImageVersions(ver *version.Version, images map[string]string) error {
 	}
 	// verify.
 	fmt.Printf("* getImageVersions(): [%s] %#v\n", ver.String(), images)
-	if images[coreDNSPath] == "" || images["etcd"] == "" || images["k8s-dns-kube-dns"] == "" { // [*]
+	if images[coreDNSPath] == "" || images["etcd"] == "" {
 		return fmt.Errorf("at least one image version could not be set: %#v", images)
 	}
 	return nil
 }
 
 // verify an image manifest and it's layers.
-func verifyArchImage(imageName, archImage string) error {
+func verifyArchImage(arch, imageName, archImage string) error {
 	// parse the arch image.
 	image := manifestImage{}
 	if err := json.Unmarshal([]byte(archImage), &image); err != nil {
-		return err
+		return fmt.Errorf("could not unmarshal arch image: %v", err)
 	}
 
 	if image.MediaType != typeManifest {
@@ -382,7 +375,7 @@ func verifyArchImage(imageName, archImage string) error {
 		return fmt.Errorf("no layers for image %#v", image)
 	}
 
-	// verify config.
+	// download the config blob.
 	if image.Config.Digest == "" {
 		return fmt.Errorf("empty digest for image config: %#v", image.Config)
 	}
@@ -391,11 +384,24 @@ func verifyArchImage(imageName, archImage string) error {
 	if err != nil {
 		return fmt.Errorf("cannot download image blob for digest %q: %v", image.Config.Digest, err)
 	}
+
+	// verify the blob size.
 	sz := len(configBlob)
 	if image.Config.Size != sz {
 		return fmt.Errorf("config size and image blob size differ for digest %q; wanted: %d, got: %d", image.Config.Digest, image.Config.Size, sz)
 	}
 
+	// verify the architecture in the config blob
+	contents := archContents{}
+	if err := json.Unmarshal([]byte(configBlob), &contents); err != nil {
+		return fmt.Errorf("could not unmarshal config blob contents: %v", err)
+	}
+	if contents.Architecture != arch {
+		// TODO(neolit123): consider making this an error at some point
+		// https://github.com/kubernetes/kubernetes/issues/98908
+		fmt.Printf("WARNING: in config digest %s: found architecture %q, expected %q\n", image.Config.Digest, contents.Architecture, arch)
+	}
+
 	// verify layers.
 	for i, layer := range image.Layers {
 		// only support the type defined in `typeLayer`?
@@ -498,7 +504,7 @@ func verifyManifestList(manifest, imageName, tag string) error {
 		}
 
 		// verify the arch image.
-		err = verifyArchImage(imageName, archImageSrc)
+		err = verifyArchImage(m.Platform.Architecture, imageName, archImageSrc)
 		if err != nil {
 			return err
 		}

diff --git a/tests/e2e/manifests/verify_manifest_lists.sh b/tests/e2e/manifests/verify_manifest_lists.sh
@@ -22,7 +22,7 @@ fi
 
 # install go if missing
 if ! `go version > /dev/null`; then
-	curl https://dl.google.com/go/go1.13.8.linux-amd64.tar.gz -o /tmp/go.tar.gz
+	curl https://golang.org/dl/go1.16.linux-amd64.tar.gz -o /tmp/go.tar.gz
 	tar -C /usr/local -xzf /tmp/go.tar.gz
 	export PATH="$PATH":/usr/local/go/bin
 	rm /tmp/go.tar.gz
@@ -42,6 +42,9 @@ cd "$LPATH"
 # use go modules. this forces using the latest k8s.io/apimachinery package.
 go mod init verify-manifest-lists
 
+# add module requirements and sums (required in go 1.16)
+go mod tidy
+
 # run unit tests
 go test -v ./verify_manifest_lists.go ./verify_manifest_lists_test.go