Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

fix: take docker namespace into account during deploy #698

Merged
merged 4 commits into from
Jun 12, 2024
Merged
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
10 changes: 9 additions & 1 deletion src/pkg/utils/boci/oci.go
Original file line number Diff line number Diff line change
Expand Up @@ -20,6 +20,7 @@ import (
"github.com/defenseunicorns/uds-cli/src/types"
"github.com/defenseunicorns/zarf/src/pkg/message"
"github.com/defenseunicorns/zarf/src/pkg/packager/filters"
"github.com/defenseunicorns/zarf/src/pkg/transform"
"github.com/defenseunicorns/zarf/src/pkg/zoci"
zarfTypes "github.com/defenseunicorns/zarf/src/types"
goyaml "github.com/goccy/go-yaml"
Expand Down Expand Up @@ -290,9 +291,16 @@ func FilterImageIndex(components []zarfTypes.ZarfComponent, imgIndex ocispec.Ind
for _, manifest := range imgIndex.Manifests {
for _, component := range components {
for _, imgName := range component.Images {

refInfo, err := transform.ParseImageRef(imgName)
if err != nil {
return nil, fmt.Errorf("failed to parse image ref %q: %w", imgName, err)
}

// include backwards compatibility shim for older Zarf versions that would leave docker.io off of image annotations
dockerShimPath := refInfo.Host + "/" + refInfo.Path + refInfo.TagOrDigest
if manifest.Annotations[ocispec.AnnotationBaseImageName] == imgName ||
manifest.Annotations[ocispec.AnnotationBaseImageName] == fmt.Sprintf("docker.io/%s", imgName) {
(refInfo.Host == "docker.io" && manifest.Annotations[ocispec.AnnotationBaseImageName] == dockerShimPath) {
manifestIncludeMap[manifest.Digest.Hex()] = manifest
}
}
Expand Down
2 changes: 1 addition & 1 deletion src/test/bundles/14-optional-components/uds-bundle.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -22,4 +22,4 @@ packages:
path: ../../packages/podinfo-nginx
ref: 0.0.1
optionalComponents:
- podinfo
- nginx-remote
4 changes: 2 additions & 2 deletions src/test/e2e/bundle_test.go
Original file line number Diff line number Diff line change
Expand Up @@ -664,13 +664,13 @@ func TestListImages(t *testing.T) {
require.NoError(t, err)
require.Contains(t, stderr, "library/registry")
require.Contains(t, stderr, "ghcr.io/defenseunicorns/zarf/agent")
require.Contains(t, stderr, "ghcr.io/stefanprodan/podinfo")
require.Contains(t, stderr, "nginx")
require.Contains(t, stderr, "quay.io/prometheus/node-exporter")

// ensure non-req'd components got filtered
require.NotContains(t, stderr, "grafana")
require.NotContains(t, stderr, "gitea")
require.NotContains(t, stderr, "kiwix")
require.NotContains(t, stderr, "nginx")
require.NotContains(t, stderr, "podinfo")
})
}
8 changes: 4 additions & 4 deletions src/test/e2e/optional_bundle_test.go
Original file line number Diff line number Diff line change
Expand Up @@ -118,11 +118,11 @@ func introspectOptionalComponentsBundle(t *testing.T) {
err = json.Unmarshal(pkgManifestBytes, &localPkgManifest)
require.NoError(t, err)

// ensure nginx not present in bundle bc we didn't specify its component in the optional components
ensureImgNotPresent(t, "docker.io/library/nginx", localPkgManifest, blobsDir)
// ensure podinfo not present in bundle bc we didn't specify its component in the optional components
ensureImgNotPresent(t, "ghcr.io/stefanprodan/podinfo:6.4.0", localPkgManifest, blobsDir)

// for this local pkg, ensure component tars DO NOT exist in img manifest
componentName = "nginx-remote"
componentName = "podinfo"
verifyComponentNotIncluded = true
for _, desc := range localPkgManifest.Layers {
if strings.Contains(desc.Annotations[ocispec.AnnotationTitle], fmt.Sprintf("components/%s.tar", componentName)) {
Expand All @@ -134,7 +134,7 @@ func introspectOptionalComponentsBundle(t *testing.T) {
}

func ensureImgNotPresent(t *testing.T, imgName string, remotePkgManifest ocispec.Manifest, blobsDir string) {
// used to verify that the kiwix img is not included in the bundle (note that kiwix is intentionally excluded!)
// used to verify that the img is not included in the bundle
verifyImgNotIncluded := false

// grab image index from pkg root manifest
Expand Down
10 changes: 1 addition & 9 deletions src/test/packages/nginx/zarf.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -10,23 +10,15 @@ components:
- name: simple-nginx-deployment
namespace: nginx
files:
# remote manifests are specified with a URL and you can verify integrity of a manifest
# by adding a sha256sum to the end of the URL, separated by an @:
- https://k8s.io/examples/application/deployment.yaml@c57f73449b26eae02ca2a549c388807d49ef6d3f2dc040a9bbb1290128d97157
# this sha256 can be discovered using:
# zarf prepare sha256sum https://k8s.io/examples/application/deployment.yaml
actions:
onDeploy:
# the following checks were computed by viewing the success state of the package deployment
# and creating `wait` actions that match
after:
- wait:
cluster:
kind: deployment
name: nginx-deployment
namespace: nginx
condition: available
# image discovery is supported in all manifests and charts using:
# zarf prepare find-images
images:
- docker.io/library/nginx:1.14.2
- nginx:1.14.2 # use shorthand for nginx!
Loading