From f19c2a2f587f9890d45ef8b9c13503a4c03f3218 Mon Sep 17 00:00:00 2001 From: "Adam D. Cornett" Date: Fri, 1 Mar 2024 12:00:08 -0700 Subject: [PATCH] add allowedArchitectures function to filter out unsupported architectures in manifeslist processing Signed-off-by: Adam D. Cornett --- cmd/preflight/cmd/check_container.go | 14 +++++++++++++- cmd/preflight/cmd/check_container_test.go | 2 +- 2 files changed, 14 insertions(+), 2 deletions(-) diff --git a/cmd/preflight/cmd/check_container.go b/cmd/preflight/cmd/check_container.go index 2283178f..e30c0e4c 100644 --- a/cmd/preflight/cmd/check_container.go +++ b/cmd/preflight/cmd/check_container.go @@ -9,6 +9,7 @@ import ( "os" "path/filepath" rt "runtime" + "slices" "strings" "github.com/redhat-openshift-ecosystem/openshift-preflight/artifacts" @@ -423,7 +424,8 @@ func platformsToBeProcessed(cmd *cobra.Command, cfg *runtime.Config) ([]string, } // Preflight was given a manifest list. --platform was not specified. - // Therefore, all platforms in the manifest list should be processed. + // Therefore, all platforms in the manifest list that we support + // for certification ie: {"arm64", "amd64", "ppc64le", "s390x"}, should be processed. // Create a new slice since the original was for a single platform. containerImagePlatforms = make([]string, 0, len(manifest.Manifests)) for _, img := range manifest.Manifests { @@ -435,6 +437,10 @@ func platformsToBeProcessed(cmd *cobra.Command, cfg *runtime.Config) ([]string, // This must be an attestation manifest. Skip it. continue } + if !slices.Contains(allowedArchitectures(), img.Platform.Architecture) { + // The user has a architecture type in the manifest list that we do not support. + continue + } containerImagePlatforms = append(containerImagePlatforms, img.Platform.Architecture) } if platformChanged && len(containerImagePlatforms) == 0 { @@ -444,3 +450,9 @@ func platformsToBeProcessed(cmd *cobra.Command, cfg *runtime.Config) ([]string, return containerImagePlatforms, nil } + +// allowedArchitectures returns a list of container architectures that are supported for certification. +// Only supported architectures are "arm64", "amd64", "ppc64le", "s390x". +func allowedArchitectures() []string { + return []string{"arm64", "amd64", "ppc64le", "s390x"} +} diff --git a/cmd/preflight/cmd/check_container_test.go b/cmd/preflight/cmd/check_container_test.go index 54f79966..b4454743 100644 --- a/cmd/preflight/cmd/check_container_test.go +++ b/cmd/preflight/cmd/check_container_test.go @@ -91,7 +91,7 @@ var _ = Describe("Check Container Command", func() { manifestListSrc = fmt.Sprintf("%s/test/cranelist", u.Host) manifests["index"] = manifestListSrc - platforms := [4]string{"amd64", "arm64", "ppc64le", "s390x"} + platforms := [5]string{"amd64", "arm64", "ppc64le", "s390x", "arm"} lst, err := random.Index(1024, 5, int64(len(platforms)+1)) Expect(err).ToNot(HaveOccurred())