fix: handle basic auth for OCI client #333

TylerGillson · 2024-07-18T16:26:43Z

Description

Use updated OCI client from validator-plugin-oci
Refactor OCI auth secrets in Helm chart to support passing env vars for ECR
add 'make reviewable' extension to automatically update hauler-manifest.yaml and chart/validator/values.yaml
- updated values.yaml for many plugins in the process + versions in hauler-manifest.yaml

Requires:

feat: public OCI client with proxy from env support validator-plugin-oci#216

… env; init basic auth for OCI client Signed-off-by: Tyler Gillson <tyler.gillson@gmail.com>

Signed-off-by: Tyler Gillson <tyler.gillson@gmail.com>

codecov · 2024-07-19T04:25:44Z

Codecov Report

Attention: Patch coverage is 0% with 7 lines in your changes missing coverage. Please review.

@@            Coverage Diff             @@
##             main     #333      +/-   ##
==========================================
+ Coverage   46.38%   48.62%   +2.23%     
==========================================
  Files          23       22       -1     
  Lines        1343     1273      -70     
==========================================
- Hits          623      619       -4     
+ Misses        653      586      -67     
- Partials       67       68       +1

Files	Coverage Δ
internal/controller/validatorconfig_controller.go	`66.51% <0.00%> (-3.31%)`	⬇️

Continue to review full report in Codecov by Sentry.

Legend - Click here to learn more
Δ = absolute <relative> (impact), ø = not affected, ? = missing data
Powered by Codecov. Last update 8f94947...72e938e. Read the comment docs.

## Issue Addresses #65 ## Description - add public OCI client (that handles basic auth and proxy from env in HTTP transport) - fail validation results if they specify invalid public key secrets - add kv pairs from auth secrets to the environment (for ECR auth keychain) - add support for InsecureSkipTLSVerify Required by: - validator-labs/validator#333 --------- Signed-off-by: Tyler Gillson <tyler.gillson@gmail.com>

Signed-off-by: Tyler Gillson <tyler.gillson@gmail.com>

🤖 I have created a release *beep* *boop* --- ## [0.0.47](v0.0.46...v0.0.47) (2024-07-20) ### Bug Fixes * handle basic auth for OCI client ([#333](#333)) ([5041c4f](5041c4f)) * make string utils avail externally ([#335](#335)) ([81d7d46](81d7d46)) ### Other * move string utils to central location ([#334](#334)) ([44c09ab](44c09ab)) ### Docs * recommend validatorctl; document Hauler ([#326](#326)) ([18a8fef](18a8fef)) * Update air-gapped prereqs in README.md ([de015d9](de015d9)) ### Dependency Updates * **deps:** update golang.org/x/exp digest to 8a7402a ([#336](#336)) ([8f94947](8f94947)) * **deps:** update golang.org/x/exp digest to 8a7402a ([#338](#338)) ([e012a4e](e012a4e)) * **deps:** update golang.org/x/exp digest to e3f2596 ([#329](#329)) ([3419300](3419300)) * **deps:** update kubernetes packages to v0.30.3 ([#332](#332)) ([5d4486c](5d4486c)) * **deps:** update module github.com/google/go-containerregistry to v0.20.1 ([#330](#330)) ([81fd1cf](81fd1cf)) * **deps:** update module github.com/slack-go/slack to v0.13.1 ([#328](#328)) ([089d25d](089d25d)) * **deps:** update module github.com/validator-labs/validator-plugin-oci to v0.0.11 ([#339](#339)) ([70a26e1](70a26e1)) * **deps:** update softprops/action-gh-release digest to c062e08 ([#331](#331)) ([c797383](c797383)) --- This PR was generated with [Release Please](https://github.com/googleapis/release-please). See [documentation](https://github.com/googleapis/release-please#release-please). --------- Signed-off-by: Tyler Gillson <tyler.gillson@gmail.com>

## Description Allow users to specify basic auth credentials _OR_ arbitrary environment variables when configuring OCI registry secrets. Other - Add automation to ensure validator versions stay up-to-date - Remove hacky 20s wait for plugins to being installing. Wait for plugin conditions to appear on ValidatorConfig instead. Requires: - validator-labs/validator#333 --------- Signed-off-by: Tyler Gillson <tyler.gillson@gmail.com>

feat: bring in signature verification from OCI plugin; get proxy from…

48dbee6

… env; init basic auth for OCI client Signed-off-by: Tyler Gillson <tyler.gillson@gmail.com>

TylerGillson requested a review from a team as a code owner July 18, 2024 16:26

TylerGillson requested a review from arturshadnik July 18, 2024 16:26

dosubot bot added the size:XL This PR changes 500-999 lines, ignoring generated files. label Jul 18, 2024

TylerGillson requested review from ahmad-ibra and removed request for arturshadnik July 18, 2024 16:26

dosubot bot added bug Something isn't working enhancement Enhancement to an existing feature labels Jul 18, 2024

refactor: move OCI client to validator-plugin-oci

43cfd73

Signed-off-by: Tyler Gillson <tyler.gillson@gmail.com>

dosubot bot added size:L This PR changes 100-499 lines, ignoring generated files. and removed size:XL This PR changes 500-999 lines, ignoring generated files. labels Jul 18, 2024

TylerGillson changed the title ~~feat: enhance OCI client~~ fix: handle basic auth for OCI client Jul 18, 2024

TylerGillson mentioned this pull request Jul 18, 2024

feat: public OCI client with proxy from env support validator-labs/validator-plugin-oci#216

Merged

ahmad-ibra previously approved these changes Jul 18, 2024

View reviewed changes

dosubot bot added the lgtm This PR has been approved by a maintainer label Jul 18, 2024

refactor: set arbitrary kvs in OCI auth secrets

154c735

Signed-off-by: Tyler Gillson <tyler.gillson@gmail.com>

TylerGillson dismissed ahmad-ibra’s stale review via 154c735 July 18, 2024 18:57

ahmad-ibra previously approved these changes Jul 18, 2024

View reviewed changes

ci: increase golangci timeout

c8e65db

Signed-off-by: Tyler Gillson <tyler.gillson@gmail.com>

TylerGillson dismissed ahmad-ibra’s stale review via c8e65db July 18, 2024 20:37

TylerGillson mentioned this pull request Jul 18, 2024

feat: support env vars in OCI secrets validator-labs/validatorctl#88

Merged

ahmad-ibra previously approved these changes Jul 18, 2024

View reviewed changes

TylerGillson removed the enhancement Enhancement to an existing feature label Jul 19, 2024

chore: bump go version in dev Dockerfile

a51cf1d

Signed-off-by: Tyler Gillson <tyler.gillson@gmail.com>

TylerGillson dismissed ahmad-ibra’s stale review via a51cf1d July 19, 2024 20:04

TylerGillson added 3 commits July 19, 2024 14:16

Merge branch 'main' into feat/enhanced-oci-client

5b4251b

chore: go mod tidy

8671a5a

Signed-off-by: Tyler Gillson <tyler.gillson@gmail.com>

feat: hack scripts for maintaining plugin versions

d034781

Signed-off-by: Tyler Gillson <tyler.gillson@gmail.com>

feat: 'make reviewable' extension to keep plugins up-to-date

49e47b6

Signed-off-by: Tyler Gillson <tyler.gillson@gmail.com>

dosubot bot added size:XXL This PR changes 1000+ lines, ignoring generated files. and removed size:L This PR changes 100-499 lines, ignoring generated files. labels Jul 19, 2024

TylerGillson added 3 commits July 19, 2024 15:43

Merge branch 'main' into feat/enhanced-oci-client

477a66e

chore: go mod tidy

df8d4cb

Signed-off-by: Tyler Gillson <tyler.gillson@gmail.com>

feat: ensure chart README is also updated

60ab39c

Signed-off-by: Tyler Gillson <tyler.gillson@gmail.com>

TylerGillson requested a review from ahmad-ibra July 19, 2024 21:54

ahmad-ibra previously approved these changes Jul 19, 2024

View reviewed changes

chore: truncate newlines to please the helm linter

0bc3504

Signed-off-by: Tyler Gillson <tyler.gillson@gmail.com>

TylerGillson dismissed ahmad-ibra’s stale review via 0bc3504 July 19, 2024 22:10

ahmad-ibra previously approved these changes Jul 19, 2024

View reviewed changes

chore: try to please the helm linter

b30f132

Signed-off-by: Tyler Gillson <tyler.gillson@gmail.com>

TylerGillson dismissed ahmad-ibra’s stale review via b30f132 July 19, 2024 22:42

TylerGillson added 4 commits July 19, 2024 17:05

chore: try to please the helm linter

9c5b519

Signed-off-by: Tyler Gillson <tyler.gillson@gmail.com>

chore: try to please the helm linter

260e913

Signed-off-by: Tyler Gillson <tyler.gillson@gmail.com>

chore: make reviewable

f990cce

Signed-off-by: Tyler Gillson <tyler.gillson@gmail.com>

chore: make reviewable

72e938e

Signed-off-by: Tyler Gillson <tyler.gillson@gmail.com>

TylerGillson merged commit 5041c4f into main Jul 20, 2024
6 of 7 checks passed

TylerGillson deleted the feat/enhanced-oci-client branch July 20, 2024 02:51

TylerGillson mentioned this pull request Jul 20, 2024

chore(main): release 0.0.47 #327

Merged

TylerGillson mentioned this pull request Jul 26, 2024

chore(main): release 0.0.50 #350

Closed

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

fix: handle basic auth for OCI client #333

fix: handle basic auth for OCI client #333

TylerGillson commented Jul 18, 2024 •

edited

Loading

codecov bot commented Jul 19, 2024 •

edited

Loading

fix: handle basic auth for OCI client #333

fix: handle basic auth for OCI client #333

Conversation

TylerGillson commented Jul 18, 2024 • edited Loading

Description

codecov bot commented Jul 19, 2024 • edited Loading

Codecov Report

TylerGillson commented Jul 18, 2024 •

edited

Loading

codecov bot commented Jul 19, 2024 •

edited

Loading