fix: take docker namespace into account during deploy (#698)

defenseunicorns · Jun 12, 2024 · 911beb5 · 911beb5
1 parent a9517f8
commit 911beb5
Show file tree

Hide file tree

Showing 5 changed files with 17 additions and 17 deletions.
diff --git a/src/pkg/utils/boci/oci.go b/src/pkg/utils/boci/oci.go
@@ -20,6 +20,7 @@ import (
 	"github.com/defenseunicorns/uds-cli/src/types"
 	"github.com/defenseunicorns/zarf/src/pkg/message"
 	"github.com/defenseunicorns/zarf/src/pkg/packager/filters"
+	"github.com/defenseunicorns/zarf/src/pkg/transform"
 	"github.com/defenseunicorns/zarf/src/pkg/zoci"
 	zarfTypes "github.com/defenseunicorns/zarf/src/types"
 	goyaml "github.com/goccy/go-yaml"
@@ -290,9 +291,16 @@ func FilterImageIndex(components []zarfTypes.ZarfComponent, imgIndex ocispec.Ind
 	for _, manifest := range imgIndex.Manifests {
 		for _, component := range components {
 			for _, imgName := range component.Images {
+
+				refInfo, err := transform.ParseImageRef(imgName)
+				if err != nil {
+					return nil, fmt.Errorf("failed to parse image ref %q: %w", imgName, err)
+				}
+
 				// include backwards compatibility shim for older Zarf versions that would leave docker.io off of image annotations
+				dockerShimPath := refInfo.Host + "/" + refInfo.Path + refInfo.TagOrDigest
 				if manifest.Annotations[ocispec.AnnotationBaseImageName] == imgName ||
-					manifest.Annotations[ocispec.AnnotationBaseImageName] == fmt.Sprintf("docker.io/%s", imgName) {
+					(refInfo.Host == "docker.io" && manifest.Annotations[ocispec.AnnotationBaseImageName] == dockerShimPath) {
 					manifestIncludeMap[manifest.Digest.Hex()] = manifest
 				}
 			}

diff --git a/src/test/bundles/14-optional-components/uds-bundle.yaml b/src/test/bundles/14-optional-components/uds-bundle.yaml
@@ -22,4 +22,4 @@ packages:
     path: ../../packages/podinfo-nginx
     ref: 0.0.1
     optionalComponents:
-      - podinfo
+      - nginx-remote
diff --git a/src/test/e2e/bundle_test.go b/src/test/e2e/bundle_test.go
@@ -664,13 +664,13 @@ func TestListImages(t *testing.T) {
 		require.NoError(t, err)
 		require.Contains(t, stderr, "library/registry")
 		require.Contains(t, stderr, "ghcr.io/defenseunicorns/zarf/agent")
-		require.Contains(t, stderr, "ghcr.io/stefanprodan/podinfo")
+		require.Contains(t, stderr, "nginx")
 		require.Contains(t, stderr, "quay.io/prometheus/node-exporter")
 
 		// ensure non-req'd components got filtered
 		require.NotContains(t, stderr, "grafana")
 		require.NotContains(t, stderr, "gitea")
 		require.NotContains(t, stderr, "kiwix")
-		require.NotContains(t, stderr, "nginx")
+		require.NotContains(t, stderr, "podinfo")
 	})
 }
diff --git a/src/test/e2e/optional_bundle_test.go b/src/test/e2e/optional_bundle_test.go
@@ -118,11 +118,11 @@ func introspectOptionalComponentsBundle(t *testing.T) {
 	err = json.Unmarshal(pkgManifestBytes, &localPkgManifest)
 	require.NoError(t, err)
 
-	// ensure nginx not present in bundle bc we didn't specify its component in the optional components
-	ensureImgNotPresent(t, "docker.io/library/nginx", localPkgManifest, blobsDir)
+	// ensure podinfo not present in bundle bc we didn't specify its component in the optional components
+	ensureImgNotPresent(t, "ghcr.io/stefanprodan/podinfo:6.4.0", localPkgManifest, blobsDir)
 
 	// for this local pkg, ensure component tars DO NOT exist in img manifest
-	componentName = "nginx-remote"
+	componentName = "podinfo"
 	verifyComponentNotIncluded = true
 	for _, desc := range localPkgManifest.Layers {
 		if strings.Contains(desc.Annotations[ocispec.AnnotationTitle], fmt.Sprintf("components/%s.tar", componentName)) {
@@ -134,7 +134,7 @@ func introspectOptionalComponentsBundle(t *testing.T) {
 }
 
 func ensureImgNotPresent(t *testing.T, imgName string, remotePkgManifest ocispec.Manifest, blobsDir string) {
-	// used to verify that the kiwix img is not included in the bundle (note that kiwix is intentionally excluded!)
+	// used to verify that the img is not included in the bundle
 	verifyImgNotIncluded := false
 
 	// grab image index from pkg root manifest

diff --git a/src/test/packages/nginx/zarf.yaml b/src/test/packages/nginx/zarf.yaml
@@ -10,23 +10,15 @@ components:
       - name: simple-nginx-deployment
         namespace: nginx
         files:
-          # remote manifests are specified with a URL and you can verify integrity of a manifest
-          # by adding a sha256sum to the end of the URL, separated by an @:
           - https://k8s.io/examples/application/deployment.yaml@c57f73449b26eae02ca2a549c388807d49ef6d3f2dc040a9bbb1290128d97157
-          # this sha256 can be discovered using:
-          # zarf prepare sha256sum https://k8s.io/examples/application/deployment.yaml
     actions:
       onDeploy:
-      # the following checks were computed by viewing the success state of the package deployment
-      # and creating `wait` actions that match
         after:
           - wait:
               cluster:
                 kind: deployment
                 name: nginx-deployment
                 namespace: nginx
                 condition: available
-    # image discovery is supported in all manifests and charts using:
-    # zarf prepare find-images
     images:
-      - docker.io/library/nginx:1.14.2
+      - nginx:1.14.2 # use shorthand for nginx!