Add validation to reject old OCI package format

rdimitrov · rdimitrov · commit 5d0a5892ebb4 · 2025-10-09T00:30:46.000+03:00
Signed-off-by: Radoslav Dimitrov &lt;radoslav@stacklok.com&gt;
diff --git a/internal/validators/registries/oci.go b/internal/validators/registries/oci.go
@@ -89,6 +89,14 @@ func ValidateOCI(ctx context.Context, pkg model.Package, serverName string) erro
 		return ErrMissingIdentifierForOCI
 	}
 
+	// Validate that old format fields are not present
+	if pkg.RegistryBaseURL != "" {
+		return fmt.Errorf("OCI packages must not have 'registryBaseUrl' field - use canonical reference in 'identifier' instead (e.g., 'docker.io/owner/image:1.0.0')")
+	}
+	if pkg.Version != "" {
+		return fmt.Errorf("OCI packages must not have 'version' field - include version in 'identifier' instead (e.g., 'docker.io/owner/image:1.0.0')")
+	}
+
 	// Parse the canonical OCI reference from the identifier
 	ociRef, err := ParseOCIReference(pkg.Identifier)
 	if err != nil {
diff --git a/internal/validators/registries/oci_test.go b/internal/validators/registries/oci_test.go
@@ -196,3 +196,67 @@ func TestValidateOCI_SupportedRegistries(t *testing.T) {
 		})
 	}
 }
+
+func TestValidateOCI_RejectsOldFormat(t *testing.T) {
+	ctx := context.Background()
+
+	tests := []struct {
+		name         string
+		pkg          model.Package
+		errorMessage string
+	}{
+		{
+			name: "OCI package with registryBaseUrl should be rejected",
+			pkg: model.Package{
+				RegistryType:    model.RegistryTypeOCI,
+				RegistryBaseURL: "https://docker.io",
+				Identifier:      "docker.io/test/image:latest",
+			},
+			errorMessage: "OCI packages must not have 'registryBaseUrl' field",
+		},
+		{
+			name: "OCI package with version field should be rejected",
+			pkg: model.Package{
+				RegistryType: model.RegistryTypeOCI,
+				Identifier:   "docker.io/test/image:latest",
+				Version:      "1.0.0",
+			},
+			errorMessage: "OCI packages must not have 'version' field",
+		},
+		{
+			name: "OCI package with both old format fields should fail on registryBaseUrl first",
+			pkg: model.Package{
+				RegistryType:    model.RegistryTypeOCI,
+				RegistryBaseURL: "https://docker.io",
+				Identifier:      "test/image",
+				Version:         "1.0.0",
+			},
+			errorMessage: "OCI packages must not have 'registryBaseUrl' field",
+		},
+		{
+			name: "OCI package with canonical format should pass old format validation",
+			pkg: model.Package{
+				RegistryType: model.RegistryTypeOCI,
+				Identifier:   "docker.io/test/image:latest",
+			},
+			errorMessage: "", // Should pass old format check (will fail later due to image not existing)
+		},
+	}
+
+	for _, tt := range tests {
+		t.Run(tt.name, func(t *testing.T) {
+			err := registries.ValidateOCI(ctx, tt.pkg, "com.example/test")
+
+			if tt.errorMessage != "" {
+				assert.Error(t, err)
+				assert.Contains(t, err.Error(), tt.errorMessage)
+			} else {
+				// Should not fail with old format error (may fail with other errors like image not found)
+				if err != nil {
+					assert.NotContains(t, err.Error(), "must not have 'registryBaseUrl'")
+					assert.NotContains(t, err.Error(), "must not have 'version'")
+				}
+			}
+		})
+	}
+}
