move read access check to the restorer cmd

Signed-off-by: Pavel Busko <pavel.busko@sap.com>
buildpacks · Jun 19, 2024 · f4f38a2 · f4f38a2
1 parent 499f875
commit f4f38a2
Show file tree

Hide file tree

Showing 3 changed files with 16 additions and 41 deletions.
diff --git a/cmd/lifecycle/restorer.go b/cmd/lifecycle/restorer.go
@@ -50,6 +50,7 @@ func (r *restoreCmd) DefineFlags() {
 		cli.FlagBuildImage(&r.BuildImageRef)
 	}
 	cli.FlagAnalyzedPath(&r.AnalyzedPath)
+	cli.FlagRunPath(&r.RunPath)
 	cli.FlagCacheDir(&r.CacheDir)
 	cli.FlagCacheImage(&r.CacheImageRef)
 	cli.FlagGID(&r.GID)
@@ -103,6 +104,11 @@ func (r *restoreCmd) Exec() error {
 		return err
 	}
 
+	runToml, err := files.Handler.ReadRun(r.RunPath, cmd.DefaultLogger)
+	if err != nil {
+		return err
+	}
+
 	var analyzedMD files.Analyzed
 	if analyzedMD, err = files.Handler.ReadAnalyzed(r.AnalyzedPath, cmd.DefaultLogger); err == nil {
 		if r.supportsBuildImageExtension() && r.BuildImageRef != "" {
@@ -123,6 +129,16 @@ func (r *restoreCmd) Exec() error {
 			runImage imgutil.Image
 		)
 		runImageName := analyzedMD.RunImageImage() // FIXME: if we have a digest reference available in `Reference` (e.g., in the non-daemon case) we should use it
+		if runToml.Contains(runImageName) {
+			runImageName, err = platform.BestRunImageMirrorFor("", runToml.FindByRef(runImageName), r.AccessChecker())
+			if err != nil {
+				return err
+			}
+
+			analyzedMD.RunImage.Image = runImageName
+			analyzedMD.RunImage.Reference = runImageName
+		}
+
 		if r.supportsRunImageExtension() && needsPulling(analyzedMD.RunImage) {
 			cmd.DefaultLogger.Debugf("Pulling run image metadata for %s...", runImageName)
 			runImage, err = r.pullSparse(runImageName)

diff --git a/phase/generator.go b/phase/generator.go
@@ -27,7 +27,6 @@ type Generator struct {
 	DirStore       DirStore
 	Executor       buildpack.GenerateExecutor
 	Extensions     []buildpack.GroupElement
-	AccessChecker  platform.CheckReadAccess
 	Logger         log.Logger
 	Out, Err       io.Writer
 	Plan           files.Plan
@@ -44,7 +43,6 @@ func (f *HermeticFactory) NewGenerator(inputs platform.LifecycleInputs, stdout,
 		PlatformDir:    inputs.PlatformDir,
 		DirStore:       f.dirStore,
 		Executor:       &buildpack.DefaultGenerateExecutor{},
-		AccessChecker:  inputs.AccessChecker(),
 		Logger:         logger,
 		Out:            stdout,
 		Err:            stderr,
@@ -121,11 +119,6 @@ func (g *Generator) Generate() (GenerateResult, error) {
 	if generatedRunImageRef != "" && g.isNew(generatedRunImageRef) {
 		if !g.RunMetadata.Contains(generatedRunImageRef) {
 			g.Logger.Warnf("new runtime base image '%s' not found in run metadata", generatedRunImageRef)
-		} else {
-			generatedRunImageRef, err = platform.BestRunImageMirrorFor("", g.RunMetadata.FindByRef(generatedRunImageRef), g.AccessChecker)
-			if err != nil {
-				return GenerateResult{}, err
-			}
 		}
 		g.Logger.Debugf("Updating analyzed metadata with new run image '%s'", generatedRunImageRef)
 		finalAnalyzedMD.RunImage = &files.RunImage{ // target data is cleared

diff --git a/phase/generator_test.go b/phase/generator_test.go
@@ -13,7 +13,6 @@ import (
 	"github.com/apex/log/handlers/discard"
 	"github.com/apex/log/handlers/memory"
 	"github.com/golang/mock/gomock"
-	"github.com/google/go-containerregistry/pkg/authn"
 	"github.com/pkg/errors"
 	"github.com/sclevine/spec"
 	"github.com/sclevine/spec/report"
@@ -588,39 +587,6 @@ func testGenerator(t *testing.T, when spec.G, it spec.S) {
 								h.AssertLogEntry(t, logHandler, "new runtime base image 'some-other-run-image' not found in run metadata")
 							},
 						},
-						{
-							before: func() {
-								generator.RunMetadata = files.Run{
-									Images: []files.RunImageForExport{
-										{Image: "some-run-image"},
-										{Image: "some-second-run-image", Mirrors: []string{"some-second-run-image-mirror"}},
-									},
-								}
-
-								generator.AccessChecker = func(repo string, _ authn.Keychain) (bool, error) {
-									switch repo {
-									case "some-second-run-image-mirror":
-										return true, nil
-									default:
-										return false, nil
-									}
-								}
-							},
-							descCondition: "run metadata is provided but the image is not accessible",
-							descResult:    "selects the run image mirror",
-							aDockerfiles: []buildpack.DockerfileInfo{
-								{
-									ExtensionID: "A",
-									Kind:        "run",
-									Path:        runDockerfilePathA,
-									WithBase:    "some-second-run-image",
-									Extend:      false,
-								},
-							},
-							bDockerfiles:              []buildpack.DockerfileInfo{},
-							expectedRunImageImage:     "some-second-run-image-mirror",
-							expectedRunImageReference: "some-second-run-image-mirror",
-						},
 					} {
 						tc := tc
 						when := when