Merge pull request #56 from AkihiroSuda/split-create-crypto-config

Decouple CreateCryptoConfig() from github.com/urfave/cli

cmd/ctr/commands/images/crypt_utils.go

@@ -26,7 +26,9 @@ import (
 	"github.com/containerd/containerd/platforms"
 	"github.com/containerd/imgcrypt/cmd/ctr/commands/img"
 	imgenc "github.com/containerd/imgcrypt/images/encryption"
+	"github.com/containerd/imgcrypt/images/encryption/parsehelpers"
 	encconfig "github.com/containers/ocicrypt/config"
+	"github.com/urfave/cli"
 
 	ocispec "github.com/opencontainers/image-spec/specs-go/v1"
 )
@@ -238,3 +240,13 @@ func parsePlatformArray(specifiers []string) ([]ocispec.Platform, error) {
 	}
 	return speclist, nil
 }
+
+func ParseEncArgs(context *cli.Context) parsehelpers.EncArgs {
+	return parsehelpers.EncArgs{
+		GPGHomedir:   context.String("gpg-homedir"),
+		GPGVersion:   context.String("gpg-version"),
+		Key:          context.StringSlice("key"),
+		Recipient:    context.StringSlice("recipient"),
+		DecRecipient: context.StringSlice("dec-recipient"),
+	}
+}

cmd/ctr/commands/images/decrypt.go

@@ -23,6 +23,7 @@ import (
 	"github.com/containerd/containerd/cmd/ctr/commands"
 	"github.com/containerd/imgcrypt/cmd/ctr/commands/flags"
 	imgenc "github.com/containerd/imgcrypt/images/encryption"
+	"github.com/containerd/imgcrypt/images/encryption/parsehelpers"
 
 	"github.com/urfave/cli"
 )
@@ -84,7 +85,7 @@ var decryptCommand = cli.Command{
 			return nil
 		}
 
-		cc, err := CreateDecryptCryptoConfig(context, descs)
+		cc, err := parsehelpers.CreateDecryptCryptoConfig(ParseEncArgs(context), descs)
 		if err != nil {
 			return err
 		}

cmd/ctr/commands/images/encrypt.go

@@ -22,6 +22,7 @@ import (
 
 	"github.com/containerd/containerd/cmd/ctr/commands"
 	"github.com/containerd/imgcrypt/cmd/ctr/commands/flags"
+	"github.com/containerd/imgcrypt/images/encryption/parsehelpers"
 
 	"github.com/urfave/cli"
 )
@@ -88,7 +89,7 @@ var encryptCommand = cli.Command{
 			return err
 		}
 
-		cc, err := CreateCryptoConfig(context, descs)
+		cc, err := parsehelpers.CreateCryptoConfig(ParseEncArgs(context), descs)
 		if err != nil {
 			return err
 		}

cmd/ctr/commands/images/import.go

@@ -29,6 +29,7 @@ import (
 	"github.com/containerd/imgcrypt"
 	"github.com/containerd/imgcrypt/cmd/ctr/commands/flags"
 	"github.com/containerd/imgcrypt/images/encryption"
+	"github.com/containerd/imgcrypt/images/encryption/parsehelpers"
 	"github.com/urfave/cli"
 )
 
@@ -135,7 +136,7 @@ If foobar.tar contains an OCI ref named "latest" and anonymous ref "sha256:deadb
 		}
 
 		if !context.Bool("no-unpack") {
-			cc, err := CreateDecryptCryptoConfig(context, nil)
+			cc, err := parsehelpers.CreateDecryptCryptoConfig(ParseEncArgs(context), nil)
 			if err != nil {
 				return err
 			}

cmd/ctr/commands/images/layerinfo.go

@@ -26,6 +26,7 @@ import (
 
 	"github.com/containerd/containerd/cmd/ctr/commands"
 	"github.com/containerd/containerd/platforms"
+	"github.com/containerd/imgcrypt/images/encryption/parsehelpers"
 	"github.com/containers/ocicrypt"
 
 	"github.com/urfave/cli"
@@ -84,7 +85,7 @@ var layerinfoCommand = cli.Command{
 		var gpgClient ocicrypt.GPGClient
 		if !context.Bool("n") {
 			// create a GPG client to resolve keyIds to names
-			gpgClient, _ = createGPGClient(context)
+			gpgClient, _ = parsehelpers.CreateGPGClient(ParseEncArgs(context))
 		}
 
 		w := tabwriter.NewWriter(os.Stdout, 0, 0, 3, ' ', tabwriter.AlignRight)

cmd/ctr/commands/images/pull.go

@@ -29,6 +29,7 @@ import (
 	"github.com/containerd/imgcrypt"
 	"github.com/containerd/imgcrypt/cmd/ctr/commands/flags"
 	"github.com/containerd/imgcrypt/images/encryption"
+	"github.com/containerd/imgcrypt/images/encryption/parsehelpers"
 
 	"github.com/opencontainers/image-spec/identity"
 	ocispec "github.com/opencontainers/image-spec/specs-go/v1"
@@ -125,7 +126,7 @@ command. As part of this process, we do the following:
 			p = append(p, platforms.DefaultSpec())
 		}
 
-		cc, err := CreateDecryptCryptoConfig(context, nil)
+		cc, err := parsehelpers.CreateDecryptCryptoConfig(ParseEncArgs(context), nil)
 		if err != nil {
 			return err
 		}

cmd/ctr/commands/run/run_unix.go

@@ -38,6 +38,7 @@ import (
 	"github.com/containerd/imgcrypt/cmd/ctr/commands"
 	"github.com/containerd/imgcrypt/cmd/ctr/commands/images"
 	"github.com/containerd/imgcrypt/images/encryption"
+	"github.com/containerd/imgcrypt/images/encryption/parsehelpers"
 
 	"github.com/opencontainers/runtime-spec/specs-go"
 	"github.com/sirupsen/logrus"
@@ -142,7 +143,7 @@ func NewContainer(ctx gocontext.Context, client *containerd.Client, context *cli
 				return nil, err
 			}
 			if !unpacked {
-				cc, err := images.CreateDecryptCryptoConfig(context, nil)
+				cc, err := parsehelpers.CreateDecryptCryptoConfig(images.ParseEncArgs(context), nil)
 				if err != nil {
 					return nil, err
 				}
@@ -293,7 +294,7 @@ func NewContainer(ctx gocontext.Context, client *containerd.Client, context *cli
 
 	cOpts = append(cOpts, spec)
 
-	cc, err := images.CreateDecryptCryptoConfig(context, nil)
+	cc, err := parsehelpers.CreateDecryptCryptoConfig(images.ParseEncArgs(context), nil)
 	if err != nil {
 		return nil, err
 	}

cmd/ctr/commands/run/run_windows.go

@@ -27,6 +27,7 @@ import (
 	"github.com/containerd/imgcrypt/cmd/ctr/commands"
 	"github.com/containerd/imgcrypt/cmd/ctr/commands/images"
 	"github.com/containerd/imgcrypt/images/encryption"
+	"github.com/containerd/imgcrypt/images/encryption/parsehelpers"
 
 	"github.com/Microsoft/hcsshim/cmd/containerd-shim-runhcs-v1/options"
 	specs "github.com/opencontainers/runtime-spec/specs-go"
@@ -87,7 +88,7 @@ func NewContainer(ctx gocontext.Context, client *containerd.Client, context *cli
 			return nil, err
 		}
 		if !unpacked {
-			cc, err := images.CreateDecryptCryptoConfig(context, nil)
+			cc, err := parsehelpers.CreateDecryptCryptoConfig(images.ParseEncArgs(context), nil)
 			if err != nil {
 				return nil, err
 			}
@@ -152,7 +153,7 @@ func NewContainer(ctx gocontext.Context, client *containerd.Client, context *cli
 
 	cOpts = append(cOpts, spec)
 
-	cc, err := images.CreateDecryptCryptoConfig(context, nil)
+	cc, err := parsehelpers.CreateDecryptCryptoConfig(images.ParseEncArgs(context), nil)
 	if err != nil {
 		return nil, err
 	}

cmd/ctr/commands/images/parse_helpers.go → images/encryption/parsehelpers/parsehelpers.go

@@ -14,7 +14,9 @@
    limitations under the License.
 */
 
-package images
+// Package parsehelpers provides parse helpers for CLI applications.
+// This package does not depend on any specific CLI library such as github.com/urfave/cli .
+package parsehelpers
 
 import (
 	"errors"
@@ -30,9 +32,16 @@ import (
 	"github.com/containers/ocicrypt/crypto/pkcs11"
 	encutils "github.com/containers/ocicrypt/utils"
 	ocispec "github.com/opencontainers/image-spec/specs-go/v1"
-	"github.com/urfave/cli"
 )
 
+type EncArgs struct {
+	GPGHomedir   string   // --gpg-homedir
+	GPGVersion   string   // --gpg-version
+	Key          []string // --key
+	Recipient    []string // --recipient
+	DecRecipient []string // --dec-recipient
+}
+
 // processRecipientKeys sorts the array of recipients by type. Recipients may be either
 // x509 certificates, public keys, or PGP public keys identified by email address or name
 func processRecipientKeys(recipients []string) ([][]byte, [][]byte, [][]byte, [][]byte, [][]byte, [][]byte, error) {
@@ -194,12 +203,12 @@ func processPrivateKeyFiles(keyFilesAndPwds []string) ([][]byte, [][]byte, [][]b
 	return gpgSecretKeyRingFiles, gpgSecretKeyPasswords, privkeys, privkeysPasswords, pkcs11Yamls, keyProviders, nil
 }
 
-func createGPGClient(context *cli.Context) (ocicrypt.GPGClient, error) {
-	return ocicrypt.NewGPGClient(context.String("gpg-version"), context.String("gpg-homedir"))
+func CreateGPGClient(args EncArgs) (ocicrypt.GPGClient, error) {
+	return ocicrypt.NewGPGClient(args.GPGVersion, args.GPGHomedir)
 }
 
-func getGPGPrivateKeys(context *cli.Context, gpgSecretKeyRingFiles [][]byte, descs []ocispec.Descriptor, mustFindKey bool) (gpgPrivKeys [][]byte, gpgPrivKeysPwds [][]byte, err error) {
-	gpgClient, err := createGPGClient(context)
+func getGPGPrivateKeys(args EncArgs, gpgSecretKeyRingFiles [][]byte, descs []ocispec.Descriptor, mustFindKey bool) (gpgPrivKeys [][]byte, gpgPrivKeysPwds [][]byte, err error) {
+	gpgClient, err := CreateGPGClient(args)
 	if err != nil {
 		return nil, nil, err
 	}
@@ -218,26 +227,26 @@ func getGPGPrivateKeys(context *cli.Context, gpgSecretKeyRingFiles [][]byte, des
 // CreateDecryptCryptoConfig creates the CryptoConfig object that contains the necessary
 // information to perform decryption from command line options and possibly
 // LayerInfos describing the image and helping us to query for the PGP decryption keys
-func CreateDecryptCryptoConfig(context *cli.Context, descs []ocispec.Descriptor) (encconfig.CryptoConfig, error) {
+func CreateDecryptCryptoConfig(args EncArgs, descs []ocispec.Descriptor) (encconfig.CryptoConfig, error) {
 	ccs := []encconfig.CryptoConfig{}
 
 	// x509 cert is needed for PKCS7 decryption
-	_, _, x509s, _, _, _, err := processRecipientKeys(context.StringSlice("dec-recipient"))
+	_, _, x509s, _, _, _, err := processRecipientKeys(args.DecRecipient)
 	if err != nil {
 		return encconfig.CryptoConfig{}, err
 	}
 
-	gpgSecretKeyRingFiles, gpgSecretKeyPasswords, privKeys, privKeysPasswords, pkcs11Yamls, keyProviders, err := processPrivateKeyFiles(context.StringSlice("key"))
+	gpgSecretKeyRingFiles, gpgSecretKeyPasswords, privKeys, privKeysPasswords, pkcs11Yamls, keyProviders, err := processPrivateKeyFiles(args.Key)
 	if err != nil {
 		return encconfig.CryptoConfig{}, err
 	}
 
-	_, err = createGPGClient(context)
+	_, err = CreateGPGClient(args)
 	gpgInstalled := err == nil
 	if gpgInstalled {
 		if len(gpgSecretKeyRingFiles) == 0 && len(privKeys) == 0 && len(pkcs11Yamls) == 0 && len(keyProviders) == 0 && descs != nil {
 			// Get pgp private keys from keyring only if no private key was passed
-			gpgPrivKeys, gpgPrivKeyPasswords, err := getGPGPrivateKeys(context, gpgSecretKeyRingFiles, descs, true)
+			gpgPrivKeys, gpgPrivKeyPasswords, err := getGPGPrivateKeys(args, gpgSecretKeyRingFiles, descs, true)
 			if err != nil {
 				return encconfig.CryptoConfig{}, err
 			}
@@ -294,14 +303,14 @@ func CreateDecryptCryptoConfig(context *cli.Context, descs []ocispec.Descriptor)
 }
 
 // CreateCryptoConfig from the list of recipient strings and list of key paths of private keys
-func CreateCryptoConfig(context *cli.Context, descs []ocispec.Descriptor) (encconfig.CryptoConfig, error) {
-	recipients := context.StringSlice("recipient")
-	keys := context.StringSlice("key")
+func CreateCryptoConfig(args EncArgs, descs []ocispec.Descriptor) (encconfig.CryptoConfig, error) {
+	recipients := args.Recipient
+	keys := args.Key
 
 	var decryptCc *encconfig.CryptoConfig
 	ccs := []encconfig.CryptoConfig{}
 	if len(keys) > 0 {
-		dcc, err := CreateDecryptCryptoConfig(context, descs)
+		dcc, err := CreateDecryptCryptoConfig(args, descs)
 		if err != nil {
 			return encconfig.CryptoConfig{}, err
 		}
@@ -316,7 +325,7 @@ func CreateCryptoConfig(context *cli.Context, descs []ocispec.Descriptor) (encco
 		}
 		encryptCcs := []encconfig.CryptoConfig{}
 
-		gpgClient, err := createGPGClient(context)
+		gpgClient, err := CreateGPGClient(args)
 		gpgInstalled := err == nil
 		if len(gpgRecipients) > 0 && gpgInstalled {
 			gpgPubRingFile, err := gpgClient.ReadGPGPubRingFile()
@@ -375,7 +384,6 @@ func CreateCryptoConfig(context *cli.Context, descs []ocispec.Descriptor) (encco
 
 	if len(ccs) > 0 {
 		return encconfig.CombineCryptoConfigs(ccs), nil
-	} else {
-		return encconfig.CryptoConfig{}, nil
 	}
+	return encconfig.CryptoConfig{}, nil
 }