From 31273519b891f545ef14f1f7ec6f78cc51143042 Mon Sep 17 00:00:00 2001 From: Glyn Normington Date: Wed, 14 Aug 2019 11:22:12 +0100 Subject: [PATCH] Revert reading images from the docker daemon See https://github.com/deislabs/duffle/issues/828#issuecomment-521138488 --- README.md | 6 +++ pkg/registry/remote.go | 14 +----- pkg/registry/remote_test.go | 89 +------------------------------------ 3 files changed, 8 insertions(+), 101 deletions(-) diff --git a/README.md b/README.md index 9177eb1..4e55a1b 100644 --- a/README.md +++ b/README.md @@ -67,6 +67,12 @@ The Go packages provided by this repository include: For details, please refer to the [package documentation](https://godoc.org/github.com/pivotal/image-relocation). +### Docker daemon + +This repository reads images directly from their repositories and does not attempt to read images +from the Docker daemon. This is primarily because the daemon doesn't guarantee to provide the +same digest of an image as when the image has been pushed to a repository. + ## Command line interface A CLI, `irel`, is provided for manual use and experimentation. Issue `make irel` to build it. diff --git a/pkg/registry/remote.go b/pkg/registry/remote.go index 182a0f3..2df0107 100644 --- a/pkg/registry/remote.go +++ b/pkg/registry/remote.go @@ -18,19 +18,16 @@ package registry import ( "errors" - "fmt" "net/http" "github.com/google/go-containerregistry/pkg/authn" "github.com/google/go-containerregistry/pkg/name" v1 "github.com/google/go-containerregistry/pkg/v1" - "github.com/google/go-containerregistry/pkg/v1/daemon" "github.com/google/go-containerregistry/pkg/v1/remote" "github.com/pivotal/image-relocation/pkg/image" ) var ( - daemonImageFunc = daemon.Image repoImageFunc = remote.Image resolveFunc = authn.DefaultKeychain.Resolve repoWriteFunc = remote.Write @@ -54,16 +51,7 @@ func readRemoteImage(n image.Name) (v1.Image, error) { return nil, err } - img, err := daemonImageFunc(ref) - if err != nil { - var remoteErr error - img, remoteErr = repoImageFunc(ref, remote.WithAuth(auth)) - if remoteErr != nil { - return nil, fmt.Errorf("reading remote image %s failed: %v; attempting to read from daemon also failed: %v", n.String(), remoteErr, err) - } - } - - return img, nil + return remote.Image(ref, remote.WithAuth(auth)) } func writeRemoteImage(i v1.Image, n image.Name) error { diff --git a/pkg/registry/remote_test.go b/pkg/registry/remote_test.go index 41a5ab0..69be4d2 100644 --- a/pkg/registry/remote_test.go +++ b/pkg/registry/remote_test.go @@ -6,7 +6,6 @@ import ( "github.com/google/go-containerregistry/pkg/authn" "github.com/google/go-containerregistry/pkg/name" v1 "github.com/google/go-containerregistry/pkg/v1" - "github.com/google/go-containerregistry/pkg/v1/daemon" "github.com/google/go-containerregistry/pkg/v1/remote" . "github.com/onsi/ginkgo" . "github.com/onsi/gomega" @@ -36,14 +35,8 @@ var _ = Describe("remote utilities", func() { }) Describe("readRemoteImage", func() { - var ( - mockImage2 *imagefakes.FakeImage - - img v1.Image - ) - JustBeforeEach(func() { - img, err = readRemoteImage(imageName) + _, err = readRemoteImage(imageName) }) BeforeEach(func() { @@ -51,92 +44,12 @@ var _ = Describe("remote utilities", func() { imageName, err = image.NewName("imagename") Expect(err).NotTo(HaveOccurred()) - mockImage2 = &imagefakes.FakeImage{} - h2, err := v1.NewHash("sha256:1111111111111111111111111111111111111111111111111111111111111111") - Expect(err).NotTo(HaveOccurred()) - mockImage2.DigestReturns(h2, nil) - - Expect(mockImage).NotTo(Equal(mockImage2)) // crucial for the correctness of certain tests - // In most tests, keychain resolution succeeds resolveFunc = func(registry name.Registry) (authn.Authenticator, error) { return nil, nil } }) - Context("when the daemon returns an image", func() { - BeforeEach(func() { - daemonImageFunc = func(ref name.Reference, options ...daemon.ImageOption) (v1.Image, error) { - return mockImage, nil - } - }) - - It("should return the image", func() { - Expect(err).NotTo(HaveOccurred()) - Expect(img).To(Equal(mockImage)) - }) - - Context("when the remote repository returns an image", func() { - BeforeEach(func() { - repoImageFunc = func(ref name.Reference, options ...remote.Option) (v1.Image, error) { - return mockImage2, nil - } - }) - - It("should return the image from the daemon", func() { - Expect(err).NotTo(HaveOccurred()) - Expect(img).To(Equal(mockImage)) - }) - }) - - Context("when the remote repository returns an error", func() { - BeforeEach(func() { - repoImageFunc = func(ref name.Reference, options ...remote.Option) (v1.Image, error) { - return nil, testError - } - }) - - It("should return the image from the daemon", func() { - Expect(err).NotTo(HaveOccurred()) - Expect(img).To(Equal(mockImage)) - }) - }) - - }) - - Context("when the daemon returns an error", func() { - BeforeEach(func() { - daemonImageFunc = func(ref name.Reference, options ...daemon.ImageOption) (v1.Image, error) { - return nil, testError - } - }) - - Context("when the remote repository returns an image", func() { - BeforeEach(func() { - repoImageFunc = func(ref name.Reference, options ...remote.Option) (v1.Image, error) { - return mockImage, nil - } - }) - - It("should return the image", func() { - Expect(err).NotTo(HaveOccurred()) - Expect(img).To(Equal(mockImage)) - }) - }) - - Context("when the remote repository returns an error", func() { - BeforeEach(func() { - repoImageFunc = func(ref name.Reference, options ...remote.Option) (v1.Image, error) { - return nil, errors.New("repo error") - } - }) - - It("should return a combined error", func() { - Expect(err).To(MatchError("reading remote image docker.io/library/imagename:latest failed: repo error; attempting to read from daemon also failed: hard cheese")) - }) - }) - }) - Context("when keychain resolution fails", func() { BeforeEach(func() { resolveFunc = func(registry name.Registry) (authn.Authenticator, error) {