From 6ec0a28c3154bb7b27dc1f00300916c3926fd985 Mon Sep 17 00:00:00 2001 From: Sean Pines Date: Fri, 22 Dec 2023 00:10:32 -0500 Subject: [PATCH] respecting insecure flag, tests/lint passing, no new tests --- cmd/dt/push.go | 1 + cmd/dt/unwrap.go | 1 + pkg/artifacts/artifacts.go | 41 +++++++++++++++++++++----------------- pkg/chartutils/images.go | 27 ++++++++++++++----------- pkg/chartutils/options.go | 9 +++++++++ 5 files changed, 49 insertions(+), 30 deletions(-) diff --git a/cmd/dt/push.go b/cmd/dt/push.go index 80cf58b..5b732a2 100644 --- a/cmd/dt/push.go +++ b/cmd/dt/push.go @@ -64,6 +64,7 @@ func newPushCmd() *cobra.Command { chartutils.WithContext(ctx), chartutils.WithProgressBar(subLog.ProgressBar()), chartutils.WithArtifactsDir(chart.ImageArtifactsDir()), + chartutils.WithInsecureMode(insecure), ); err != nil { return subLog.Failf("Failed to push images: %w", err) } diff --git a/cmd/dt/unwrap.go b/cmd/dt/unwrap.go index ef843dc..9410826 100644 --- a/cmd/dt/unwrap.go +++ b/cmd/dt/unwrap.go @@ -139,6 +139,7 @@ func pushChartImagesAndVerify(ctx context.Context, wrap wrapping.Wrap, l log.Sec chartutils.WithContext(ctx), chartutils.WithArtifactsDir(wrap.ImageArtifactsDir()), chartutils.WithProgressBar(l.ProgressBar()), + chartutils.WithInsecureMode(insecure), ); err != nil { return err } diff --git a/pkg/artifacts/artifacts.go b/pkg/artifacts/artifacts.go index 1b3a715..cd3665f 100644 --- a/pkg/artifacts/artifacts.go +++ b/pkg/artifacts/artifacts.go @@ -5,8 +5,6 @@ import ( "context" "errors" "fmt" - "net/http" - "crypto/tls" "os" "path/filepath" "strings" @@ -42,11 +40,19 @@ var ( // Config defines the configuration when pulling/pushing artifacts to a registry type Config struct { ResolveReference bool + InsecureMode bool } // Option defines a Config option type Option func(*Config) +// WithInsecureMode configures Insecure transport +func WithInsecureMode(insecure bool) func(cfg *Config) { + return func(cfg *Config) { + cfg.InsecureMode = insecure + } +} + // WithResolveReference configures the ResolveReference setting func WithResolveReference(v bool) func(cfg *Config) { return func(cfg *Config) { @@ -56,14 +62,14 @@ func WithResolveReference(v bool) func(cfg *Config) { // NewConfig creates a new Config func NewConfig(opts ...Option) *Config { - cfg := &Config{ResolveReference: true} + cfg := &Config{ResolveReference: true, InsecureMode: false} for _, opt := range opts { opt(cfg) } return cfg } -func getImageTagAndDigest(image string) (string, string, error) { +func getImageTagAndDigest(image string, opts ...Option) (string, string, error) { ref, err := name.ParseReference(image) if err != nil { return "", "", fmt.Errorf("failed to parse image reference: %w", err) @@ -74,13 +80,12 @@ func getImageTagAndDigest(image string) (string, string, error) { switch v := ref.(type) { case name.Tag: - // Hack -- needs to respect insecure flag instead - httpClient := &http.Client{ - Transport: &http.Transport{ - TLSClientConfig: &tls.Config{InsecureSkipVerify: true}, - }, + cfg := NewConfig(opts...) + craneOpts := make([]crane.Option, 0) + if cfg.InsecureMode { + craneOpts = append(craneOpts, crane.Insecure) } - desc, err := imagelock.GetImageRemoteDescriptor(image, crane.WithTransport(httpClient.Transport)) + desc, err := imagelock.GetImageRemoteDescriptor(image, craneOpts...) if err != nil { return "", "", fmt.Errorf("error getting descriptor: %w", err) } @@ -100,8 +105,8 @@ func getImageTagAndDigest(image string) (string, string, error) { return imgTag, hex, nil } -func getImageArtifactsDir(image *imagelock.ChartImage, destDir string, suffix string) (string, error) { - imgTag, _, err := getImageTagAndDigest(image.Image) +func getImageArtifactsDir(image *imagelock.ChartImage, destDir string, suffix string, opts ...Option) (string, error) { + imgTag, _, err := getImageTagAndDigest(image.Image, opts...) if err != nil { return "", fmt.Errorf("failed to parse image reference: %w", err) } @@ -120,7 +125,7 @@ func pushArtifact(ctx context.Context, image string, dest string, tagSuffix stri return "", fmt.Errorf("failed to get image repository: %w", err) } - imgTag, hex, err := getImageTagAndDigest(image) + imgTag, hex, err := getImageTagAndDigest(image, opts...) if err != nil { return "", err } @@ -171,7 +176,7 @@ func pushAssetMetadata(ctx context.Context, imageRef string, destDir string, opt func PushImageMetadata(ctx context.Context, image *imagelock.ChartImage, destDir string, opts ...Option) error { imageRef := image.Image - dir, err := getImageArtifactsDir(image, destDir, "metadata") + dir, err := getImageArtifactsDir(image, destDir, "metadata", opts...) if err != nil { return fmt.Errorf("failed to obtain signature location: %v", err) } @@ -182,7 +187,7 @@ func PushImageMetadata(ctx context.Context, image *imagelock.ChartImage, destDir // PushImageSignatures pushes a oci-layout directory to the registry as the image signature func PushImageSignatures(ctx context.Context, image *imagelock.ChartImage, destDir string, opts ...Option) error { imageRef := image.Image - dir, err := getImageArtifactsDir(image, destDir, "sig") + dir, err := getImageArtifactsDir(image, destDir, "sig", opts...) if err != nil { return fmt.Errorf("failed to obtain signature location: %v", err) } @@ -213,7 +218,7 @@ func pullArtifact(ctx context.Context, image string, destDir string, tagSuffix s } var tag string - imgTag, hex, err := getImageTagAndDigest(image) + imgTag, hex, err := getImageTagAndDigest(image, opts...) if err != nil { return "", err } @@ -251,7 +256,7 @@ func pullArtifact(ctx context.Context, image string, destDir string, tagSuffix s func PullImageMetadata(ctx context.Context, image *imagelock.ChartImage, destDir string, opts ...Option) error { imageRef := image.Image - dir, err := getImageArtifactsDir(image, destDir, "metadata") + dir, err := getImageArtifactsDir(image, destDir, "metadata", opts...) if err != nil { return fmt.Errorf("failed to obtain signature location: %v", err) } @@ -283,7 +288,7 @@ func pullAssetMetadata(ctx context.Context, imageRef string, dir string, opts .. // PullImageSignatures pulls the image signature and stores it locally as an oci-layout func PullImageSignatures(ctx context.Context, image *imagelock.ChartImage, destDir string, opts ...Option) error { imageRef := image.Image - dir, err := getImageArtifactsDir(image, destDir, "sig") + dir, err := getImageArtifactsDir(image, destDir, "sig", opts...) if err != nil { return fmt.Errorf("failed to obtain signature location: %v", err) } diff --git a/pkg/chartutils/images.go b/pkg/chartutils/images.go index a7025a3..9d74e88 100644 --- a/pkg/chartutils/images.go +++ b/pkg/chartutils/images.go @@ -3,8 +3,6 @@ package chartutils import ( "context" "fmt" - "net/http" - "crypto/tls" "os" "path/filepath" @@ -122,7 +120,13 @@ func PushImages(lock *imagelock.ImagesLock, imagesDir string, opts ...Option) er p, _ := cfg.ProgressBar.WithTotal(len(lock.Images)).UpdateTitle("Pushing images").Start() defer p.Stop() - o := crane.GetOptions(crane.WithContext(ctx)) + craneOpts := make([]crane.Option, 0) + craneOpts = append(craneOpts, crane.WithContext(ctx)) + if cfg.InsecureMode { + craneOpts = append(craneOpts, crane.Insecure) + } + o := crane.GetOptions(craneOpts...) + maxRetries := cfg.MaxRetries for _, imgData := range lock.Images { @@ -145,7 +149,10 @@ func PushImages(lock *imagelock.ImagesLock, imagesDir string, opts ...Option) er if err := pushImage(imgData, imagesDir, o); err != nil { return err } - if err := artifacts.PushImageSignatures(context.Background(), imgData, artifactsDir); err != nil { + if err := artifacts.PushImageSignatures(context.Background(), + imgData, + artifactsDir, + artifacts.WithInsecureMode(cfg.InsecureMode)); err != nil { if err == artifacts.ErrLocalArtifactNotExist { l.Debugf("image %q does not have a local signature stored", imgData.Image) } else { @@ -155,7 +162,10 @@ func PushImages(lock *imagelock.ImagesLock, imagesDir string, opts ...Option) er p.UpdateTitle(fmt.Sprintf("Pushed image %q signature", imgData.Image)) } - if err := artifacts.PushImageMetadata(context.Background(), imgData, artifactsDir); err != nil { + if err := artifacts.PushImageMetadata(context.Background(), + imgData, + artifactsDir, + artifacts.WithInsecureMode(cfg.InsecureMode)); err != nil { if err == artifacts.ErrLocalArtifactNotExist { l.Debugf("image %q does not have a local metadata artifact stored", imgData.Image) } else { @@ -214,13 +224,6 @@ func pushImage(imgData *imagelock.ChartImage, imagesDir string, o crane.Options) return fmt.Errorf("failed to parse image reference %q: %w", imgData.Image, err) } - // Hack -- needs to respect insecure flag instead - httpClient := &http.Client{ - Transport: &http.Transport{ - TLSClientConfig: &tls.Config{InsecureSkipVerify: true}, - }, - } - o.Remote = append(o.Remote, remote.WithTransport(httpClient.Transport)) if err := remote.WriteIndex(ref, idx, o.Remote...); err != nil { return fmt.Errorf("failed to write image index: %w", err) } diff --git a/pkg/chartutils/options.go b/pkg/chartutils/options.go index 3694428..a91bede 100644 --- a/pkg/chartutils/options.go +++ b/pkg/chartutils/options.go @@ -18,6 +18,14 @@ type Configuration struct { ArtifactsDir string FetchArtifacts bool MaxRetries int + InsecureMode bool +} + +// WithInsecureMode configures Insecure transport +func WithInsecureMode(insecure bool) func(cfg *Configuration) { + return func(cfg *Configuration) { + cfg.InsecureMode = insecure + } } // WithArtifactsDir configures the ArtifactsDir @@ -65,6 +73,7 @@ func NewConfiguration(opts ...Option) *Configuration { FetchArtifacts: false, MaxRetries: 3, Log: log.NewSilentLogger(), + InsecureMode: false, } for _, opt := range opts { opt(cfg)