Merge remote-tracking branch 'origin/main' into containerd-support

Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>

examples/basic.go

@@ -21,7 +21,7 @@ func main() {
 
 	lctx, err := logrus.New(logrus.Config{
 		EnableConsole: true,
-		Level:         logger.DebugLevel,
+		Level:         logger.TraceLevel,
 	})
 	if err != nil {
 		panic(err)

go.mod

@@ -4,6 +4,7 @@ go 1.19
 
 require (
 	github.com/GoogleCloudPlatform/docker-credential-gcr v2.0.5+incompatible
+	github.com/adrg/xdg v0.4.0
 	github.com/anchore/go-logger v0.0.0-20220728155337-03b66a5207d8
 	github.com/anchore/go-testutils v0.0.0-20200925183923-d5f45b0d3c04
 	github.com/awslabs/amazon-ecr-credential-helper/ecr-login v0.0.0-20220517224237-e6f29200ae04
@@ -34,7 +35,12 @@ require (
 )
 
 require (
+	cloud.google.com/go/compute v1.19.0 // indirect
+	cloud.google.com/go/compute/metadata v0.2.3 // indirect
+	github.com/AdaLogics/go-fuzz-headers v0.0.0-20230106234847-43070de90fa1 // indirect
+	github.com/AdamKorcz/go-118-fuzz-build v0.0.0-20221215162035-5330a85ea652 // indirect
 	github.com/Microsoft/go-winio v0.6.0 // indirect
+	github.com/Microsoft/hcsshim v0.10.0-rc.7 // indirect
 	github.com/aws/aws-sdk-go-v2 v1.7.1 // indirect
 	github.com/aws/aws-sdk-go-v2/config v1.5.0 // indirect
 	github.com/aws/aws-sdk-go-v2/credentials v1.3.1 // indirect
@@ -46,14 +52,24 @@ require (
 	github.com/aws/aws-sdk-go-v2/service/sso v1.3.1 // indirect
 	github.com/aws/aws-sdk-go-v2/service/sts v1.6.0 // indirect
 	github.com/aws/smithy-go v1.6.0 // indirect
+	github.com/containerd/cgroups v1.1.0 // indirect
+	github.com/containerd/continuity v0.3.0 // indirect
+	github.com/containerd/fifo v1.1.0 // indirect
 	github.com/containerd/stargz-snapshotter/estargz v0.12.1 // indirect
+	github.com/containerd/ttrpc v1.2.1 // indirect
+	github.com/containerd/typeurl/v2 v2.1.0 // indirect
+	github.com/cyphar/filepath-securejoin v0.2.3 // indirect
 	github.com/davecgh/go-spew v1.1.1 // indirect
 	// docker/distribution for https://github.com/advisories/GHSA-qq97-vm5h-rrhg
 	github.com/docker/distribution v2.8.2+incompatible // indirect
 	github.com/docker/docker-credential-helpers v0.7.0 // indirect
 	github.com/docker/go-connections v0.4.0
+	github.com/docker/go-events v0.0.0-20190806004212-e31b211e4f1c // indirect
 	github.com/docker/go-units v0.5.0 // indirect
+	github.com/go-logr/logr v1.2.3 // indirect
+	github.com/go-logr/stdr v1.2.2 // indirect
 	github.com/gogo/protobuf v1.3.2 // indirect
+	github.com/golang/groupcache v0.0.0-20210331224755-41bb18bfe9da // indirect
 	github.com/golang/protobuf v1.5.3 // indirect
 	github.com/google/uuid v1.3.0 // indirect
 	github.com/hashicorp/errwrap v1.1.0 // indirect
@@ -62,56 +78,36 @@ require (
 	github.com/mattn/go-colorable v0.1.12 // indirect
 	github.com/mattn/go-isatty v0.0.14 // indirect
 	github.com/mgutz/ansi v0.0.0-20200706080929-d51e80ef957d // indirect
+	github.com/moby/locker v1.0.1 // indirect
+	github.com/moby/sys/mountinfo v0.6.2 // indirect
+	github.com/moby/sys/sequential v0.5.0 // indirect
+	github.com/moby/sys/signal v0.7.0 // indirect
 	github.com/opencontainers/go-digest v1.0.0
 	github.com/opencontainers/image-spec v1.1.0-rc2.0.20221005185240-3a7f492d3f1b
+	github.com/opencontainers/runc v1.1.4 // indirect
+	github.com/opencontainers/runtime-spec v1.1.0-rc.1 // indirect
+	github.com/opencontainers/selinux v1.11.0 // indirect
 	github.com/pierrec/lz4/v4 v4.1.15 // indirect
 	github.com/pmezard/go-difflib v1.0.0 // indirect
 	github.com/sirupsen/logrus v1.9.0 // indirect
 	github.com/stretchr/objx v0.5.0 // indirect
 	github.com/therootcompany/xz v1.0.1 // indirect
 	github.com/ulikunitz/xz v0.5.10 // indirect
 	github.com/vbatts/tar-split v0.11.2 // indirect
+	go.opencensus.io v0.24.0 // indirect
+	go.opentelemetry.io/otel v1.14.0 // indirect
+	go.opentelemetry.io/otel/trace v1.14.0 // indirect
+	golang.org/x/mod v0.10.0 // indirect
 	golang.org/x/net v0.9.0 // indirect
 	golang.org/x/oauth2 v0.6.0 // indirect
 	golang.org/x/sync v0.1.0 // indirect
 	golang.org/x/sys v0.7.0 // indirect
 	golang.org/x/term v0.7.0 // indirect
 	golang.org/x/text v0.9.0 // indirect
+	golang.org/x/tools v0.8.0 // indirect
 	google.golang.org/appengine v1.6.7 // indirect
 	google.golang.org/genproto v0.0.0-20230403163135-c38d8f061ccd // indirect
 	google.golang.org/grpc v1.54.0 // indirect
 	google.golang.org/protobuf v1.30.0 // indirect
 	gopkg.in/yaml.v3 v3.0.1 // indirect
 )
-
-require github.com/adrg/xdg v0.4.0
-
-require (
-	cloud.google.com/go/compute v1.19.0 // indirect
-	cloud.google.com/go/compute/metadata v0.2.3 // indirect
-	github.com/AdaLogics/go-fuzz-headers v0.0.0-20230106234847-43070de90fa1 // indirect
-	github.com/AdamKorcz/go-118-fuzz-build v0.0.0-20221215162035-5330a85ea652 // indirect
-	github.com/Microsoft/hcsshim v0.10.0-rc.7 // indirect
-	github.com/containerd/cgroups v1.1.0 // indirect
-	github.com/containerd/continuity v0.3.0 // indirect
-	github.com/containerd/fifo v1.1.0 // indirect
-	github.com/containerd/ttrpc v1.2.1 // indirect
-	github.com/containerd/typeurl/v2 v2.1.0 // indirect
-	github.com/cyphar/filepath-securejoin v0.2.3 // indirect
-	github.com/docker/go-events v0.0.0-20190806004212-e31b211e4f1c // indirect
-	github.com/go-logr/logr v1.2.3 // indirect
-	github.com/go-logr/stdr v1.2.2 // indirect
-	github.com/golang/groupcache v0.0.0-20210331224755-41bb18bfe9da // indirect
-	github.com/moby/locker v1.0.1 // indirect
-	github.com/moby/sys/mountinfo v0.6.2 // indirect
-	github.com/moby/sys/sequential v0.5.0 // indirect
-	github.com/moby/sys/signal v0.7.0 // indirect
-	github.com/opencontainers/runc v1.1.4 // indirect
-	github.com/opencontainers/runtime-spec v1.1.0-rc.1 // indirect
-	github.com/opencontainers/selinux v1.11.0 // indirect
-	go.opencensus.io v0.24.0 // indirect
-	go.opentelemetry.io/otel v1.14.0 // indirect
-	go.opentelemetry.io/otel/trace v1.14.0 // indirect
-	golang.org/x/mod v0.10.0 // indirect
-	golang.org/x/tools v0.8.0 // indirect
-)

internal/podman/client.go

@@ -6,8 +6,10 @@ import (
 	"os"
 	"time"
 
+	"github.com/adrg/xdg"
 	"github.com/docker/docker/client"
 	"github.com/pkg/errors"
+	"github.com/spf13/afero"
 
 	"github.com/anchore/stereoscope/internal/log"
 )
@@ -17,12 +19,14 @@ var (
 	ErrNoHostAddress   = errors.New("no host address")
 )
 
+const defaultSocketPath = "/run/podman/podman.sock"
+
 func ClientOverSSH() (*client.Client, error) {
 	var clientOpts = []client.Opt{
 		client.WithAPIVersionNegotiation(),
 	}
 
-	host, identity := getSSHAddress(configPaths)
+	host, identity := getSSHAddress(afero.NewOsFs(), configPaths)
 
 	if v, found := os.LookupEnv("CONTAINER_HOST"); found && v != "" {
 		host = v
@@ -70,31 +74,9 @@ func ClientOverUnixSocket() (*client.Client, error) {
 		client.WithAPIVersionNegotiation(),
 	}
 
-	addr := getUnixSocketAddress(configPaths)
-	if v, found := os.LookupEnv("CONTAINER_HOST"); found && v != "" {
-		addr = v
-	}
-
-	if addr == "" { // in some cases there might not be any config file
-		// we can try guessing; podman CLI does that
-
-		var socketPath string
-		uid := os.Getuid()
-		switch uid {
-		case 0:
-			socketPath = "/run/podman/podman.sock"
-		default:
-			socketPath = fmt.Sprintf("/run/user/%d/podman/podman.sock", os.Getuid())
-		}
-
-		log.Debugf("no socket address was provided, trying default address: %s", socketPath)
-		_, err := os.Stat(socketPath)
-		if err != nil {
-			log.Debugf("unable to find socket file: %v", err)
-			return nil, ErrNoSocketAddress
-		}
-
-		addr = fmt.Sprintf("unix://%s", socketPath)
+	addr, err := getContainerHostAddress(afero.NewOsFs(), configPaths, xdg.RuntimeDir, defaultSocketPath)
+	if err != nil {
+		return nil, err
 	}
 
 	clientOpts = append(clientOpts, client.WithHost(addr))
@@ -111,6 +93,43 @@ func ClientOverUnixSocket() (*client.Client, error) {
 	return c, err
 }
 
+func getContainerHostAddress(fs afero.Fs, configPaths []string, xdgRuntimeDir, defaultSocketPath string) (string, error) {
+	var addr string
+	if v, found := os.LookupEnv("CONTAINER_HOST"); found && v != "" {
+		addr = v
+	} else {
+		addr = getUnixSocketAddressFromConfig(fs, configPaths)
+	}
+
+	if addr != "" {
+		return addr, nil
+	}
+
+	// in some cases there might not be any config file, in which case we can try guessing (the same way the podman CLI does)
+	candidateAddresses := []string{
+		// default rootless address for the podman-system-service
+		fmt.Sprintf("%s/podman/podman.sock", xdgRuntimeDir),
+
+		// typically accessible to only root, but last ditch effort
+		defaultSocketPath,
+	}
+
+	for _, candidate := range candidateAddresses {
+		log.WithFields("path", candidate).Trace("trying podman socket")
+		_, err := fs.Stat(candidate)
+		if err == nil {
+			addr = fmt.Sprintf("unix://%s", candidate)
+			break
+		}
+	}
+
+	if addr == "" {
+		return "", ErrNoSocketAddress
+	}
+
+	return addr, nil
+}
+
 func GetClient() (*client.Client, error) {
 	c, err := ClientOverUnixSocket()
 	if err == nil {

internal/podman/client_test.go

@@ -0,0 +1,94 @@
+package podman
+
+import (
+	"fmt"
+	"testing"
+
+	"github.com/spf13/afero"
+	"github.com/stretchr/testify/assert"
+)
+
+func Test_getContainerHostAddress(t *testing.T) {
+	type args struct {
+		containerHostEnvVar string
+		configPaths         []string
+		xdgRuntimeDir       string
+		defaultSocketPath   string
+	}
+	tests := []struct {
+		name    string
+		args    args
+		want    string
+		wantErr assert.ErrorAssertionFunc
+	}{
+		{
+			name: "env vars > config",
+			args: args{
+				containerHostEnvVar: "unix:///somewhere/podman.sock",
+				configPaths: []string{
+					"containers.conf",
+				},
+				xdgRuntimeDir:     "/xdg-runtime",
+				defaultSocketPath: "/default/podman.sock",
+			},
+			want:    "unix:///somewhere/podman.sock",
+			wantErr: assert.NoError,
+		},
+		{
+			name: "config > candidates",
+			args: args{
+				containerHostEnvVar: "",
+				configPaths: []string{
+					"containers-relative.conf",
+				},
+				xdgRuntimeDir:     "/xdg-runtime",
+				defaultSocketPath: "/default/podman.sock",
+			},
+			want:    "unix:///user/podman.sock",
+			wantErr: assert.NoError,
+		},
+		{
+			name: "attempt candidate socket from xdg runtime dir",
+			args: args{
+				containerHostEnvVar: "",
+				configPaths:         []string{},
+				xdgRuntimeDir:       "/xdg-runtime",
+				defaultSocketPath:   "/default/podman.sock",
+			},
+			want:    "unix:///xdg-runtime/podman/podman.sock",
+			wantErr: assert.NoError,
+		},
+		{
+			name: "use default socket candidate last",
+			args: args{
+				containerHostEnvVar: "",
+				configPaths:         []string{},
+				xdgRuntimeDir:       "does-not-exist",
+				defaultSocketPath:   "/default/podman.sock",
+			},
+			want:    "unix:///default/podman.sock",
+			wantErr: assert.NoError,
+		},
+		{
+			name: "error when there are no candidates",
+			args: args{
+				containerHostEnvVar: "",
+				configPaths:         []string{},
+				xdgRuntimeDir:       "does-not-exist",
+				defaultSocketPath:   "does-not-exist",
+			},
+			wantErr: assert.Error,
+		},
+	}
+	for _, tt := range tests {
+		t.Run(tt.name, func(t *testing.T) {
+			t.Setenv("CONTAINER_HOST", tt.args.containerHostEnvVar)
+			fs := afero.NewBasePathFs(afero.NewOsFs(), "test-fixtures")
+			got, err := getContainerHostAddress(fs, tt.args.configPaths, tt.args.xdgRuntimeDir, tt.args.defaultSocketPath)
+			if !tt.wantErr(t, err, fmt.Sprintf("getContainerHostAddress(%v, %v)", tt.args.configPaths, tt.args.xdgRuntimeDir)) {
+				return
+			}
+			assert.Equalf(t, tt.want, got, "getContainerHostAddress(%v, %v)", tt.args.configPaths, tt.args.xdgRuntimeDir)
+		})
+	}
+}