Move determining ImageStrategy to ResolveInputs

Co-authored-by: Johannes Dillmann <j.dillmann@sap.com>
buildpacks · Apr 17, 2023 · d4cf0e6 · d4cf0e6
1 parent 5dc951a
commit d4cf0e6
Show file tree

Hide file tree

Showing 7 changed files with 20 additions and 7 deletions.
diff --git a/cmd/lifecycle/analyzer.go b/cmd/lifecycle/analyzer.go
@@ -67,7 +67,6 @@ func (a *analyzeCmd) Args(nargs int, args []string) error {
 		return cmd.FailErrCode(err, cmd.CodeForInvalidArgs, "parse arguments")
 	}
 	a.LifecycleInputs.OutputImageRef = args[0]
-	a.LifecycleInputs.AccessChecker = &platform.RemoteImageStrategy{}
 	if err := platform.ResolveInputs(platform.Analyze, a.LifecycleInputs, cmd.DefaultLogger); err != nil {
 		return cmd.FailErrCode(err, cmd.CodeForInvalidArgs, "resolve inputs")
 	}

diff --git a/cmd/lifecycle/rebaser.go b/cmd/lifecycle/rebaser.go
@@ -176,7 +176,7 @@ func (r *rebaseCmd) setAppImage() error {
 		}
 
 		// for older platforms, we find the best mirror for the run image as this point
-		r.RunImageRef, err = md.Stack.BestRunImageMirror(registry, &platform.RemoteImageStrategy{})
+		r.RunImageRef, err = md.Stack.BestRunImageMirror(registry, r.LifecycleInputs.AccessChecker)
 		if err != nil {
 			return err
 		}

diff --git a/platform/files.go b/platform/files.go
@@ -433,6 +433,14 @@ func (a *RemoteImageStrategy) CheckReadAccess(repo string, keychain authn.Keycha
 	return img.CheckReadAccess(), nil
 }
 
+type LocalImageStrategy struct{}
+
+var _ ImageStrategy = &LocalImageStrategy{}
+
+func (a *LocalImageStrategy) CheckReadAccess(_ string, _ authn.Keychain) (bool, error) {
+	return true, nil
+}
+
 func (rm *RunImageForExport) BestRunImageMirror(registry string, accessChecker ImageStrategy) (string, error) {
 	if rm.Image == "" {
 		return "", errors.New("missing run-image metadata")

diff --git a/platform/resolve_analyze_inputs_test.go b/platform/resolve_analyze_inputs_test.go
@@ -14,7 +14,6 @@ import (
 	"github.com/buildpacks/lifecycle/internal/str"
 	llog "github.com/buildpacks/lifecycle/log"
 	"github.com/buildpacks/lifecycle/platform"
-	"github.com/buildpacks/lifecycle/platform/testhelpers"
 	h "github.com/buildpacks/lifecycle/testhelpers"
 )
 
@@ -37,7 +36,7 @@ func testResolveAnalyzeInputs(platformAPI string) func(t *testing.T, when spec.G
 			inputs.OutputImageRef = "some-output-image" // satisfy validation
 			logHandler = memory.New()
 			logger = &log.Logger{Handler: logHandler}
-			inputs.AccessChecker = &testhelpers.SimpleImageStrategy{}
+			inputs.UseDaemon = true //to prevent access checking of run images
 		})
 
 		when("latest Platform API(s)", func() {
@@ -126,6 +125,7 @@ func testResolveAnalyzeInputs(platformAPI string) func(t *testing.T, when spec.G
 			it.Before(func() {
 				h.SkipIf(t, api.MustParse(platformAPI).LessThan("0.7"), "")
 				inputs.RunImageRef = "some-run-image" // satisfy validation
+				inputs.UseDaemon = false
 			})
 
 			when("provided destination tags are on different registries", func() {

diff --git a/platform/resolve_create_inputs_test.go b/platform/resolve_create_inputs_test.go
@@ -14,7 +14,6 @@ import (
 	"github.com/buildpacks/lifecycle/internal/str"
 	llog "github.com/buildpacks/lifecycle/log"
 	"github.com/buildpacks/lifecycle/platform"
-	"github.com/buildpacks/lifecycle/platform/testhelpers"
 	h "github.com/buildpacks/lifecycle/testhelpers"
 )
 
@@ -38,7 +37,7 @@ func testResolveCreateInputs(platformAPI string) func(t *testing.T, when spec.G,
 			inputs.RunImageRef = "some-run-image"       // satisfy validation
 			logHandler = memory.New()
 			logger = &log.Logger{Handler: logHandler}
-			inputs.AccessChecker = &testhelpers.SimpleImageStrategy{}
+			inputs.UseDaemon = true // to prevent read access check for run image
 		})
 
 		when("latest Platform API(s)", func() {
@@ -124,6 +123,7 @@ func testResolveCreateInputs(platformAPI string) func(t *testing.T, when spec.G,
 		when("Platform API >= 0.7", func() {
 			it.Before(func() {
 				h.SkipIf(t, api.MustParse(platformAPI).LessThan("0.7"), "")
+				inputs.UseDaemon = false
 			})
 
 			when("provided destination tags are on different registries", func() {

diff --git a/platform/resolve_inputs.go b/platform/resolve_inputs.go
@@ -20,6 +20,12 @@ var (
 )
 
 func ResolveInputs(phase LifecyclePhase, i *LifecycleInputs, logger log.Logger) error {
+	if i.UseDaemon || i.UseLayout {
+		i.AccessChecker = &LocalImageStrategy{}
+	} else {
+		i.AccessChecker = &RemoteImageStrategy{}
+	}
+
 	// order of operations is important
 	ops := []LifecycleInputsOperation{UpdatePlaceholderPaths, ResolveAbsoluteDirPaths}
 	switch phase {

diff --git a/platform/testhelpers/image_strategy.go b/platform/testhelpers/image_strategy.go
@@ -39,6 +39,6 @@ type StubImageStrategy struct {
 
 var _ platform.ImageStrategy = &StubImageStrategy{}
 
-func (s *StubImageStrategy) CheckReadAccess(repo string, keychain authn.Keychain) (bool, error) {
+func (s *StubImageStrategy) CheckReadAccess(repo string, _ authn.Keychain) (bool, error) {
 	return strings.Contains(repo, s.AllowedRepo), nil
 }