From 00f756a9ea35d28636de77eb10b3700ed69cacef Mon Sep 17 00:00:00 2001 From: unclegedd Date: Wed, 12 Jun 2024 14:37:06 -0500 Subject: [PATCH 1/4] WIP --- src/pkg/utils/boci/oci.go | 10 +++++++++- .../bundles/14-optional-components/uds-bundle.yaml | 2 +- src/test/e2e/optional_bundle_test.go | 3 ++- 3 files changed, 12 insertions(+), 3 deletions(-) diff --git a/src/pkg/utils/boci/oci.go b/src/pkg/utils/boci/oci.go index be00e717..851b77c1 100644 --- a/src/pkg/utils/boci/oci.go +++ b/src/pkg/utils/boci/oci.go @@ -20,6 +20,7 @@ import ( "github.com/defenseunicorns/uds-cli/src/types" "github.com/defenseunicorns/zarf/src/pkg/message" "github.com/defenseunicorns/zarf/src/pkg/packager/filters" + "github.com/defenseunicorns/zarf/src/pkg/transform" "github.com/defenseunicorns/zarf/src/pkg/zoci" zarfTypes "github.com/defenseunicorns/zarf/src/types" goyaml "github.com/goccy/go-yaml" @@ -290,9 +291,16 @@ func FilterImageIndex(components []zarfTypes.ZarfComponent, imgIndex ocispec.Ind for _, manifest := range imgIndex.Manifests { for _, component := range components { for _, imgName := range component.Images { + + refInfo, err := transform.ParseImageRef(imgName) + if err != nil { + return nil, fmt.Errorf("failed to parse image ref %q: %w", imgName, err) + } + // include backwards compatibility shim for older Zarf versions that would leave docker.io off of image annotations + dockerShimPath := refInfo.Host + "/" + refInfo.Path + refInfo.TagOrDigest if manifest.Annotations[ocispec.AnnotationBaseImageName] == imgName || - manifest.Annotations[ocispec.AnnotationBaseImageName] == fmt.Sprintf("docker.io/%s", imgName) { + (refInfo.Host == "docker.io" && manifest.Annotations[ocispec.AnnotationBaseImageName] == dockerShimPath) { manifestIncludeMap[manifest.Digest.Hex()] = manifest } } diff --git a/src/test/bundles/14-optional-components/uds-bundle.yaml b/src/test/bundles/14-optional-components/uds-bundle.yaml index 0ee9ead3..e5824726 100644 --- a/src/test/bundles/14-optional-components/uds-bundle.yaml +++ b/src/test/bundles/14-optional-components/uds-bundle.yaml @@ -22,4 +22,4 @@ packages: path: ../../packages/podinfo-nginx ref: 0.0.1 optionalComponents: - - podinfo + - nginx diff --git a/src/test/e2e/optional_bundle_test.go b/src/test/e2e/optional_bundle_test.go index 13a52f2f..c1512c63 100644 --- a/src/test/e2e/optional_bundle_test.go +++ b/src/test/e2e/optional_bundle_test.go @@ -119,7 +119,8 @@ func introspectOptionalComponentsBundle(t *testing.T) { require.NoError(t, err) // ensure nginx not present in bundle bc we didn't specify its component in the optional components - ensureImgNotPresent(t, "docker.io/library/nginx", localPkgManifest, blobsDir) + //ensureImgNotPresent(t, "docker.io/library/nginx", localPkgManifest, blobsDir) + ensureImgNotPresent(t, " ghcr.io/stefanprodan/podinfo:6.4.0", localPkgManifest, blobsDir) // for this local pkg, ensure component tars DO NOT exist in img manifest componentName = "nginx-remote" From 93fe6a66e9889f5cf6a71fa96b947e4008e97afd Mon Sep 17 00:00:00 2001 From: unclegedd Date: Wed, 12 Jun 2024 14:50:12 -0500 Subject: [PATCH 2/4] fix: takes docker namespace shorthand into account when deploying --- .../bundles/14-optional-components/uds-bundle.yaml | 10 +++++----- src/test/e2e/optional_bundle_test.go | 7 +++---- src/test/packages/nginx/zarf.yaml | 10 +--------- 3 files changed, 9 insertions(+), 18 deletions(-) diff --git a/src/test/bundles/14-optional-components/uds-bundle.yaml b/src/test/bundles/14-optional-components/uds-bundle.yaml index e5824726..376d09cb 100644 --- a/src/test/bundles/14-optional-components/uds-bundle.yaml +++ b/src/test/bundles/14-optional-components/uds-bundle.yaml @@ -5,10 +5,10 @@ metadata: version: 0.0.1 packages: - - name: init - repository: ghcr.io/defenseunicorns/packages/init - # renovate: datasource=github-tags depName=defenseunicorns/zarf - ref: v0.34.0 +# - name: init +# repository: ghcr.io/defenseunicorns/packages/init +# # renovate: datasource=github-tags depName=defenseunicorns/zarf +# ref: v0.34.0 # deploys prometheus as a required component and upload-image as an optional component (with noOptionalComponents key) - name: prometheus @@ -22,4 +22,4 @@ packages: path: ../../packages/podinfo-nginx ref: 0.0.1 optionalComponents: - - nginx + - nginx-remote diff --git a/src/test/e2e/optional_bundle_test.go b/src/test/e2e/optional_bundle_test.go index c1512c63..3bd6f535 100644 --- a/src/test/e2e/optional_bundle_test.go +++ b/src/test/e2e/optional_bundle_test.go @@ -118,12 +118,11 @@ func introspectOptionalComponentsBundle(t *testing.T) { err = json.Unmarshal(pkgManifestBytes, &localPkgManifest) require.NoError(t, err) - // ensure nginx not present in bundle bc we didn't specify its component in the optional components - //ensureImgNotPresent(t, "docker.io/library/nginx", localPkgManifest, blobsDir) - ensureImgNotPresent(t, " ghcr.io/stefanprodan/podinfo:6.4.0", localPkgManifest, blobsDir) + // ensure podinfo not present in bundle bc we didn't specify its component in the optional components + ensureImgNotPresent(t, "ghcr.io/stefanprodan/podinfo:6.4.0", localPkgManifest, blobsDir) // for this local pkg, ensure component tars DO NOT exist in img manifest - componentName = "nginx-remote" + componentName = "podinfo" verifyComponentNotIncluded = true for _, desc := range localPkgManifest.Layers { if strings.Contains(desc.Annotations[ocispec.AnnotationTitle], fmt.Sprintf("components/%s.tar", componentName)) { diff --git a/src/test/packages/nginx/zarf.yaml b/src/test/packages/nginx/zarf.yaml index abd275e7..162173e5 100644 --- a/src/test/packages/nginx/zarf.yaml +++ b/src/test/packages/nginx/zarf.yaml @@ -10,15 +10,9 @@ components: - name: simple-nginx-deployment namespace: nginx files: - # remote manifests are specified with a URL and you can verify integrity of a manifest - # by adding a sha256sum to the end of the URL, separated by an @: - https://k8s.io/examples/application/deployment.yaml@c57f73449b26eae02ca2a549c388807d49ef6d3f2dc040a9bbb1290128d97157 - # this sha256 can be discovered using: - # zarf prepare sha256sum https://k8s.io/examples/application/deployment.yaml actions: onDeploy: - # the following checks were computed by viewing the success state of the package deployment - # and creating `wait` actions that match after: - wait: cluster: @@ -26,7 +20,5 @@ components: name: nginx-deployment namespace: nginx condition: available - # image discovery is supported in all manifests and charts using: - # zarf prepare find-images images: - - docker.io/library/nginx:1.14.2 + - nginx:1.14.2 # use shorthand for nginx! From a145825e5f83f1eb3929942f759c687f438c5e21 Mon Sep 17 00:00:00 2001 From: unclegedd Date: Wed, 12 Jun 2024 15:01:02 -0500 Subject: [PATCH 3/4] fix test --- src/test/bundles/14-optional-components/uds-bundle.yaml | 8 ++++---- src/test/e2e/optional_bundle_test.go | 2 +- 2 files changed, 5 insertions(+), 5 deletions(-) diff --git a/src/test/bundles/14-optional-components/uds-bundle.yaml b/src/test/bundles/14-optional-components/uds-bundle.yaml index 376d09cb..fd9505a6 100644 --- a/src/test/bundles/14-optional-components/uds-bundle.yaml +++ b/src/test/bundles/14-optional-components/uds-bundle.yaml @@ -5,10 +5,10 @@ metadata: version: 0.0.1 packages: -# - name: init -# repository: ghcr.io/defenseunicorns/packages/init -# # renovate: datasource=github-tags depName=defenseunicorns/zarf -# ref: v0.34.0 + - name: init + repository: ghcr.io/defenseunicorns/packages/init + # renovate: datasource=github-tags depName=defenseunicorns/zarf + ref: v0.34.0 # deploys prometheus as a required component and upload-image as an optional component (with noOptionalComponents key) - name: prometheus diff --git a/src/test/e2e/optional_bundle_test.go b/src/test/e2e/optional_bundle_test.go index 3bd6f535..c07755c1 100644 --- a/src/test/e2e/optional_bundle_test.go +++ b/src/test/e2e/optional_bundle_test.go @@ -134,7 +134,7 @@ func introspectOptionalComponentsBundle(t *testing.T) { } func ensureImgNotPresent(t *testing.T, imgName string, remotePkgManifest ocispec.Manifest, blobsDir string) { - // used to verify that the kiwix img is not included in the bundle (note that kiwix is intentionally excluded!) + // used to verify that the img is not included in the bundle verifyImgNotIncluded := false // grab image index from pkg root manifest From 24ef25dc20fd2566c24fa12a89a319dfb6797d58 Mon Sep 17 00:00:00 2001 From: unclegedd Date: Wed, 12 Jun 2024 15:17:01 -0500 Subject: [PATCH 4/4] fix test --- src/test/e2e/bundle_test.go | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/src/test/e2e/bundle_test.go b/src/test/e2e/bundle_test.go index 8245237f..add6ce3e 100644 --- a/src/test/e2e/bundle_test.go +++ b/src/test/e2e/bundle_test.go @@ -664,13 +664,13 @@ func TestListImages(t *testing.T) { require.NoError(t, err) require.Contains(t, stderr, "library/registry") require.Contains(t, stderr, "ghcr.io/defenseunicorns/zarf/agent") - require.Contains(t, stderr, "ghcr.io/stefanprodan/podinfo") + require.Contains(t, stderr, "nginx") require.Contains(t, stderr, "quay.io/prometheus/node-exporter") // ensure non-req'd components got filtered require.NotContains(t, stderr, "grafana") require.NotContains(t, stderr, "gitea") require.NotContains(t, stderr, "kiwix") - require.NotContains(t, stderr, "nginx") + require.NotContains(t, stderr, "podinfo") }) }