From e30eee12de5e2d9eca3bdf935e9785d2028e7171 Mon Sep 17 00:00:00 2001 From: Domenico Luciani Date: Tue, 8 Aug 2023 16:29:09 +0200 Subject: [PATCH] Exporter now accept insecure registries Signed-off-by: Domenico Luciani --- acceptance/exporter_test.go | 27 +++++++++++++++++++ .../container/layers/analyzed_insecure.toml | 2 ++ cmd/lifecycle/exporter.go | 11 ++++++++ cmd/lifecycle/restorer.go | 2 +- testhelpers/docker.go | 7 +++++ 5 files changed, 48 insertions(+), 1 deletion(-) create mode 100644 acceptance/testdata/exporter/container/layers/analyzed_insecure.toml diff --git a/acceptance/exporter_test.go b/acceptance/exporter_test.go index ba57caac8..0b62c1e3c 100644 --- a/acceptance/exporter_test.go +++ b/acceptance/exporter_test.go @@ -259,6 +259,33 @@ func testExporterFunc(platformAPI string) func(t *testing.T, when spec.G, it spe }) }) + when("app using insecure registry", func() { + it.Before(func() { + h.SkipIf(t, api.MustParse(platformAPI).LessThan("0.12"), "") + }) + + it("does an http request", func() { + var exportFlags []string + exportArgs := append([]string{ctrPath(exporterPath)}, exportFlags...) + exportedImageName = exportTest.RegRepoName("some-insecure-exported-image-" + h.RandString(10)) + exportArgs = append(exportArgs, exportedImageName) + insecureRegistry := "host.docker.internal/bar" + insecureAnalyzed := "/layers/analyzed_insecure.toml" + + _, _, err := h.DockerRunWithError(t, + exportImage, + h.WithFlags( + "--env", "CNB_PLATFORM_API="+platformAPI, + "--env", "CNB_INSECURE_REGISTRIES="+insecureRegistry, + "--env", "CNB_ANALYZED_PATH="+insecureAnalyzed, + "--network", exportRegNetwork, + ), + h.WithArgs(exportArgs...), + ) + h.AssertStringContains(t, err.Error(), "http://host.docker.internal") + }) + }) + when("SOURCE_DATE_EPOCH is set", func() { it("Image CreatedAt is set to SOURCE_DATE_EPOCH", func() { h.SkipIf(t, api.MustParse(platformAPI).LessThan("0.9"), "SOURCE_DATE_EPOCH support added in 0.9") diff --git a/acceptance/testdata/exporter/container/layers/analyzed_insecure.toml b/acceptance/testdata/exporter/container/layers/analyzed_insecure.toml new file mode 100644 index 000000000..69678202a --- /dev/null +++ b/acceptance/testdata/exporter/container/layers/analyzed_insecure.toml @@ -0,0 +1,2 @@ +[run-image] + reference = "host.docker.internal/bar" \ No newline at end of file diff --git a/cmd/lifecycle/exporter.go b/cmd/lifecycle/exporter.go index f45d2be8c..60c2dee1c 100644 --- a/cmd/lifecycle/exporter.go +++ b/cmd/lifecycle/exporter.go @@ -5,6 +5,7 @@ import ( "os" "path/filepath" "strconv" + "strings" "time" "github.com/BurntSushi/toml" @@ -75,6 +76,7 @@ func (e *exportCmd) DefineFlags() { cli.FlagRunImage(&e.RunImageRef) // FIXME: this flag isn't valid on Platform 0.7 and later cli.FlagUID(&e.UID) cli.FlagUseDaemon(&e.UseDaemon) + cli.FlagInsecureRegistries(&e.InsecureRegistries) cli.DeprecatedFlagRunImage(&e.DeprecatedRunImageRef) // FIXME: this flag isn't valid on Platform 0.7 and later } @@ -355,6 +357,15 @@ func (e *exportCmd) initRemoteAppImage(analyzedMD files.Analyzed) (imgutil.Image opts = append(opts, remote.WithHistory()) } + if len(e.InsecureRegistries) > 0 { + cmd.DefaultLogger.Infof("Found Insecure Registries: %+q", e.InsecureRegistries) + for _, insecureRegistry := range e.InsecureRegistries { + if strings.HasPrefix(e.RunImageRef, insecureRegistry) { + opts = append(opts, remote.WithRegistrySetting(insecureRegistry, true, true)) + } + } + } + if analyzedMD.PreviousImageRef() != "" { cmd.DefaultLogger.Infof("Reusing layers from image '%s'", analyzedMD.PreviousImageRef()) opts = append(opts, remote.WithPreviousImage(analyzedMD.PreviousImageRef())) diff --git a/cmd/lifecycle/restorer.go b/cmd/lifecycle/restorer.go index bcdf38df9..f2d40c529 100644 --- a/cmd/lifecycle/restorer.go +++ b/cmd/lifecycle/restorer.go @@ -127,7 +127,7 @@ func (r *restoreCmd) Exec() error { } } else if r.supportsTargetData() && needsUpdating(analyzedMD.RunImage) { cmd.DefaultLogger.Debugf("Updating run image info in analyzed metadata...") - h := image.NewHandler(r.docker, r.keychain, r.LayoutDir, r.UseLayout) + h := image.NewHandler(r.docker, r.keychain, r.LayoutDir, r.UseLayout, r.InsecureRegistries) runImage, err = h.InitImage(runImageName) if err != nil || !runImage.Found() { return cmd.FailErr(err, fmt.Sprintf("pull run image %s", runImageName)) diff --git a/testhelpers/docker.go b/testhelpers/docker.go index 8a0a3ba7c..0779d5294 100644 --- a/testhelpers/docker.go +++ b/testhelpers/docker.go @@ -49,6 +49,13 @@ func DockerRun(t *testing.T, image string, ops ...DockerCmdOp) string { return Run(t, exec.Command("docker", append([]string{"run", "--rm"}, args...)...)) // #nosec G204 } +// DockerRunWithError allows to run docker command that might fail, reporting the error back to the caller +func DockerRunWithError(t *testing.T, image string, ops ...DockerCmdOp) (string, int, error) { + t.Helper() + args := formatArgs([]string{image}, ops...) + return RunE(exec.Command("docker", append([]string{"run", "--rm"}, args...)...)) // #nosec G204 +} + func DockerRunWithCombinedOutput(t *testing.T, image string, ops ...DockerCmdOp) string { t.Helper() args := formatArgs([]string{image}, ops...)