Use local auth file if present for pulling images

operator-framework · Oct 3, 2024 · aeadb18 · aeadb18
1 parent b5a5d25
commit aeadb18
Show file tree

Hide file tree

Showing 2 changed files with 18 additions and 23 deletions.
diff --git a/cmd/manager/main.go b/cmd/manager/main.go
@@ -27,7 +27,6 @@ import (
 	"time"
 
 	"github.com/containers/image/v5/types"
-	"github.com/go-logr/logr"
 	"github.com/spf13/pflag"
 	corev1 "k8s.io/api/core/v1"
 	apiextensionsv1client "k8s.io/apiextensions-apiserver/pkg/client/clientset/clientset/typed/apiextensions/v1"
@@ -226,10 +225,10 @@ func main() {
 
 	unpacker := &source.ContainersImageRegistry{
 		BaseCachePath: filepath.Join(cachePath, "unpack"),
+		AuthFilePath:  authFilePath,
 		SourceContext: &types.SystemContext{
 			DockerCertPath: caCertDir,
 			OCICertPath:    caCertDir,
-			AuthFilePath:   authFilePathIfPresent(setupLog),
 		},
 	}
 
@@ -353,17 +352,3 @@ type finalizerFunc func(ctx context.Context, obj client.Object) (crfinalizer.Res
 func (f finalizerFunc) Finalize(ctx context.Context, obj client.Object) (crfinalizer.Result, error) {
 	return f(ctx, obj)
 }
-
-func authFilePathIfPresent(logger logr.Logger) string {
-	_, err := os.Stat(authFilePath)
-	if os.IsNotExist(err) {
-		logger.Info("auth file not found, skipping configuration of global auth file", "path", authFilePath)
-		return ""
-	}
-	if err != nil {
-		logger.Error(err, "unable to access auth file path", "path", authFilePath)
-		os.Exit(1)
-	}
-	logger.Info("auth file found, configuring globally for image registry interactions", "path", authFilePath)
-	return authFilePath
-}
diff --git a/internal/rukpak/source/containers_image.go b/internal/rukpak/source/containers_image.go
@@ -27,6 +27,7 @@ import (
 
 type ContainersImageRegistry struct {
 	BaseCachePath string
+	AuthFilePath  string
 	SourceContext *types.SystemContext
 }
 
@@ -41,12 +42,21 @@ func (i *ContainersImageRegistry) Unpack(ctx context.Context, bundle *BundleSour
 		return nil, reconcile.TerminalError(fmt.Errorf("error parsing bundle, bundle %s has a nil image source", bundle.Name))
 	}
 
+	srcCtx := *i.SourceContext
+	if _, err := os.Stat(i.AuthFilePath); err == nil {
+		l.Info("using available authentication information for pulling image")
+		srcCtx.AuthFilePath = i.AuthFilePath
+	} else if os.IsNotExist(err) {
+		l.Info("no authentication information found for pulling image, proceeding without auth")
+	} else {
+		return nil, fmt.Errorf("could not stat auth file, error: %w", err)
+	}
 	//////////////////////////////////////////////////////
 	//
 	// Resolve a canonical reference for the image.
 	//
 	//////////////////////////////////////////////////////
-	imgRef, canonicalRef, _, err := resolveReferences(ctx, bundle.Image.Ref, i.SourceContext)
+	imgRef, canonicalRef, _, err := resolveReferences(ctx, bundle.Image.Ref, &srcCtx)
 	if err != nil {
 		return nil, err
 	}
@@ -102,7 +112,7 @@ func (i *ContainersImageRegistry) Unpack(ctx context.Context, bundle *BundleSour
 	// a policy context for the image pull.
 	//
 	//////////////////////////////////////////////////////
-	policyContext, err := loadPolicyContext(i.SourceContext, l)
+	policyContext, err := loadPolicyContext(&srcCtx, l)
 	if err != nil {
 		return nil, fmt.Errorf("error loading policy context: %w", err)
 	}
@@ -118,7 +128,7 @@ func (i *ContainersImageRegistry) Unpack(ctx context.Context, bundle *BundleSour
 	//
 	//////////////////////////////////////////////////////
 	if _, err := copy.Image(ctx, policyContext, layoutRef, dockerRef, &copy.Options{
-		SourceCtx: i.SourceContext,
+		SourceCtx: &srcCtx,
 	}); err != nil {
 		return nil, fmt.Errorf("error copying image: %w", err)
 	}
@@ -129,7 +139,7 @@ func (i *ContainersImageRegistry) Unpack(ctx context.Context, bundle *BundleSour
 	// Mount the image we just pulled
 	//
 	//////////////////////////////////////////////////////
-	if err := i.unpackImage(ctx, unpackPath, layoutRef); err != nil {
+	if err := i.unpackImage(ctx, unpackPath, layoutRef, srcCtx); err != nil {
 		if cleanupErr := deleteRecursive(unpackPath); cleanupErr != nil {
 			err = errors.Join(err, cleanupErr)
 		}
@@ -225,8 +235,8 @@ func loadPolicyContext(sourceContext *types.SystemContext, l logr.Logger) (*sign
 	return signature.NewPolicyContext(policy)
 }
 
-func (i *ContainersImageRegistry) unpackImage(ctx context.Context, unpackPath string, imageReference types.ImageReference) error {
-	img, err := imageReference.NewImage(ctx, i.SourceContext)
+func (i *ContainersImageRegistry) unpackImage(ctx context.Context, unpackPath string, imageReference types.ImageReference, sourceContext types.SystemContext) error {
+	img, err := imageReference.NewImage(ctx, &sourceContext)
 	if err != nil {
 		return fmt.Errorf("error reading image: %w", err)
 	}
@@ -236,7 +246,7 @@ func (i *ContainersImageRegistry) unpackImage(ctx context.Context, unpackPath st
 		}
 	}()
 
-	layoutSrc, err := imageReference.NewImageSource(ctx, i.SourceContext)
+	layoutSrc, err := imageReference.NewImageSource(ctx, &sourceContext)
 	if err != nil {
 		return fmt.Errorf("error creating image source: %w", err)
 	}