From bec4e50966531e3e9fe826dab93a5fc7ce668df9 Mon Sep 17 00:00:00 2001 From: Anik Bhattacharjee Date: Thu, 3 Oct 2024 19:37:27 +0530 Subject: [PATCH] Use local auth file if present for pulling images --- cmd/manager/main.go | 17 +-------------- internal/rukpak/source/containers_image.go | 24 +++++++++++++++------- 2 files changed, 18 insertions(+), 23 deletions(-) diff --git a/cmd/manager/main.go b/cmd/manager/main.go index 5fc69bdcc..969544d06 100644 --- a/cmd/manager/main.go +++ b/cmd/manager/main.go @@ -27,7 +27,6 @@ import ( "time" "github.com/containers/image/v5/types" - "github.com/go-logr/logr" "github.com/spf13/pflag" corev1 "k8s.io/api/core/v1" apiextensionsv1client "k8s.io/apiextensions-apiserver/pkg/client/clientset/clientset/typed/apiextensions/v1" @@ -227,10 +226,10 @@ func main() { unpacker := &source.ContainersImageRegistry{ BaseCachePath: filepath.Join(cachePath, "unpack"), + AuthFilePath: authFilePath, SourceContext: &types.SystemContext{ DockerCertPath: caCertDir, OCICertPath: caCertDir, - AuthFilePath: authFilePathIfPresent(setupLog), }, } @@ -348,17 +347,3 @@ func main() { os.Exit(1) } } - -func authFilePathIfPresent(logger logr.Logger) string { - _, err := os.Stat(authFilePath) - if os.IsNotExist(err) { - logger.Info("auth file not found, skipping configuration of global auth file", "path", authFilePath) - return "" - } - if err != nil { - logger.Error(err, "unable to access auth file path", "path", authFilePath) - os.Exit(1) - } - logger.Info("auth file found, configuring globally for image registry interactions", "path", authFilePath) - return authFilePath -} diff --git a/internal/rukpak/source/containers_image.go b/internal/rukpak/source/containers_image.go index 2248e6477..46d4e2231 100644 --- a/internal/rukpak/source/containers_image.go +++ b/internal/rukpak/source/containers_image.go @@ -27,6 +27,7 @@ import ( type ContainersImageRegistry struct { BaseCachePath string + AuthFilePath string SourceContext *types.SystemContext } @@ -41,12 +42,21 @@ func (i *ContainersImageRegistry) Unpack(ctx context.Context, bundle *BundleSour return nil, reconcile.TerminalError(fmt.Errorf("error parsing bundle, bundle %s has a nil image source", bundle.Name)) } + srcCtx := *i.SourceContext + if _, err := os.Stat(i.AuthFilePath); err == nil { + l.Info("using available authentication information for pulling image") + srcCtx.AuthFilePath = i.AuthFilePath + } else if os.IsNotExist(err) { + l.Info("no authentication information found for pulling image, proceeding without auth") + } else { + return nil, fmt.Errorf("could not stat auth file, error: %w", err) + } ////////////////////////////////////////////////////// // // Resolve a canonical reference for the image. // ////////////////////////////////////////////////////// - imgRef, canonicalRef, _, err := resolveReferences(ctx, bundle.Image.Ref, i.SourceContext) + imgRef, canonicalRef, _, err := resolveReferences(ctx, bundle.Image.Ref, &srcCtx) if err != nil { return nil, err } @@ -102,7 +112,7 @@ func (i *ContainersImageRegistry) Unpack(ctx context.Context, bundle *BundleSour // a policy context for the image pull. // ////////////////////////////////////////////////////// - policyContext, err := loadPolicyContext(i.SourceContext, l) + policyContext, err := loadPolicyContext(&srcCtx, l) if err != nil { return nil, fmt.Errorf("error loading policy context: %w", err) } @@ -118,7 +128,7 @@ func (i *ContainersImageRegistry) Unpack(ctx context.Context, bundle *BundleSour // ////////////////////////////////////////////////////// if _, err := copy.Image(ctx, policyContext, layoutRef, dockerRef, ©.Options{ - SourceCtx: i.SourceContext, + SourceCtx: &srcCtx, }); err != nil { return nil, fmt.Errorf("error copying image: %w", err) } @@ -129,7 +139,7 @@ func (i *ContainersImageRegistry) Unpack(ctx context.Context, bundle *BundleSour // Mount the image we just pulled // ////////////////////////////////////////////////////// - if err := i.unpackImage(ctx, unpackPath, layoutRef); err != nil { + if err := i.unpackImage(ctx, unpackPath, layoutRef, srcCtx); err != nil { if cleanupErr := deleteRecursive(unpackPath); cleanupErr != nil { err = errors.Join(err, cleanupErr) } @@ -225,8 +235,8 @@ func loadPolicyContext(sourceContext *types.SystemContext, l logr.Logger) (*sign return signature.NewPolicyContext(policy) } -func (i *ContainersImageRegistry) unpackImage(ctx context.Context, unpackPath string, imageReference types.ImageReference) error { - img, err := imageReference.NewImage(ctx, i.SourceContext) +func (i *ContainersImageRegistry) unpackImage(ctx context.Context, unpackPath string, imageReference types.ImageReference, sourceContext types.SystemContext) error { + img, err := imageReference.NewImage(ctx, &sourceContext) if err != nil { return fmt.Errorf("error reading image: %w", err) } @@ -236,7 +246,7 @@ func (i *ContainersImageRegistry) unpackImage(ctx context.Context, unpackPath st } }() - layoutSrc, err := imageReference.NewImageSource(ctx, i.SourceContext) + layoutSrc, err := imageReference.NewImageSource(ctx, &sourceContext) if err != nil { return fmt.Errorf("error creating image source: %w", err) }