fluxcd
/
source-controller
mirror of https://github.com/fluxcd/source-controller.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Select layer by OCI media type 

Allow specifying the media type of the layer which should be extracted from the OCI artifact.

Signed-off-by: Stefan Prodan <stefan.prodan@gmail.com>
This commit is contained in:
Stefan Prodan 2022-08-22 15:51:42 +03:00
parent 02be5deed7
commit 11dc0a3bc7
No known key found for this signature in database
GPG Key ID: 3299AEB0E4085BAF
6 changed files with 160 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

22
api/v1beta2/ocirepository_types.go
View File

@ -60,6 +60,11 @@ type OCIRepositorySpec struct {
// +optional // +optional
Reference *OCIRepositoryRef `json:"ref,omitempty"` Reference *OCIRepositoryRef `json:"ref,omitempty"`
// LayerSelector specifies which layer should be extracted from the OCI artifact.
// When not specified, the first layer found in the artifact is selected.
// +optional
LayerSelector *OCILayerSelector `json:"layerSelector,omitempty"`
// The provider used for authentication, can be 'aws', 'azure', 'gcp' or 'generic'. // The provider used for authentication, can be 'aws', 'azure', 'gcp' or 'generic'.
// When not specified, defaults to 'generic'. // When not specified, defaults to 'generic'.
// +kubebuilder:validation:Enum=generic;aws;azure;gcp // +kubebuilder:validation:Enum=generic;aws;azure;gcp
@ -130,6 +135,14 @@ type OCIRepositoryRef struct {
Tag string `json:"tag,omitempty"` Tag string `json:"tag,omitempty"`
} }
// OCILayerSelector specifies which layer should be extracted from an OCI Artifact
type OCILayerSelector struct {
// MediaType specifies the OCI media type of the layer
// which should be extracted from the OCI Artifact.
// +optional
MediaType string `json:"mediaType,omitempty"`
}
// OCIRepositoryVerification verifies the authenticity of an OCI Artifact // OCIRepositoryVerification verifies the authenticity of an OCI Artifact
type OCIRepositoryVerification struct { type OCIRepositoryVerification struct {
// Provider specifies the technology used to sign the OCI Artifact. // Provider specifies the technology used to sign the OCI Artifact.
@ -192,6 +205,15 @@ func (in *OCIRepository) GetArtifact() *Artifact {
return in.Status.Artifact return in.Status.Artifact
} }
// GetLayerMediaType returns the media type layer selector if found in spec.
func (in *OCIRepository) GetLayerMediaType() string {
if in.Spec.LayerSelector == nil {
return ""
}
return in.Spec.LayerSelector.MediaType
}
// +genclient // +genclient
// +genclient:Namespaced // +genclient:Namespaced
// +kubebuilder:storageversion // +kubebuilder:storageversion

20
api/v1beta2/zz_generated.deepcopy.go
View File

@ -622,6 +622,21 @@ func (in *LocalHelmChartSourceReference) DeepCopy() *LocalHelmChartSourceReferen
return out return out
} }
// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (in *OCILayerSelector) DeepCopyInto(out *OCILayerSelector) {
*out = *in
}
// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new OCILayerSelector.
func (in *OCILayerSelector) DeepCopy() *OCILayerSelector {
if in == nil {
return nil
}
out := new(OCILayerSelector)
in.DeepCopyInto(out)
return out
}
// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (in *OCIRepository) DeepCopyInto(out *OCIRepository) { func (in *OCIRepository) DeepCopyInto(out *OCIRepository) {
*out = *in *out = *in
@ -704,6 +719,11 @@ func (in *OCIRepositorySpec) DeepCopyInto(out *OCIRepositorySpec) {
*out = new(OCIRepositoryRef) *out = new(OCIRepositoryRef)
**out = **in **out = **in
} }
if in.LayerSelector != nil {
in, out := &in.LayerSelector, &out.LayerSelector
*out = new(OCILayerSelector)
**out = **in
}
if in.SecretRef != nil { if in.SecretRef != nil {
in, out := &in.SecretRef, &out.SecretRef in, out := &in.SecretRef, &out.SecretRef
*out = new(meta.LocalObjectReference) *out = new(meta.LocalObjectReference)

10
config/crd/bases/source.toolkit.fluxcd.io_ocirepositories.yaml
View File

@ -75,6 +75,16 @@ spec:
interval: interval:
description: The interval at which to check for image updates. description: The interval at which to check for image updates.
type: string type: string
layerSelector:
description: LayerSelector specifies which layer should be extracted
from the OCI artifact. When not specified, the first layer found
in the artifact is selected.
properties:
mediaType:
description: MediaType specifies the OCI media type of the layer
which should be extracted from the OCI Artifact.
type: string
type: object
provider: provider:
default: generic default: generic
description: The provider used for authentication, can be 'aws', 'azure', description: The provider used for authentication, can be 'aws', 'azure',

36
controllers/ocirepository_controller.go
View File

@ -33,6 +33,7 @@ import (
"github.com/google/go-containerregistry/pkg/authn/k8schain" "github.com/google/go-containerregistry/pkg/authn/k8schain"
"github.com/google/go-containerregistry/pkg/crane" "github.com/google/go-containerregistry/pkg/crane"
"github.com/google/go-containerregistry/pkg/name" "github.com/google/go-containerregistry/pkg/name"
gcrv1 "github.com/google/go-containerregistry/pkg/v1"
"github.com/google/go-containerregistry/pkg/v1/remote" "github.com/google/go-containerregistry/pkg/v1/remote"
corev1 "k8s.io/api/core/v1" corev1 "k8s.io/api/core/v1"
"k8s.io/apimachinery/pkg/runtime" "k8s.io/apimachinery/pkg/runtime"
@ -433,7 +434,40 @@ func (r *OCIRepositoryReconciler) reconcileSource(ctx context.Context, obj *sour
return sreconcile.ResultEmpty, e return sreconcile.ResultEmpty, e
} }
blob, err := layers[0].Compressed() var layer gcrv1.Layer
switch {
case obj.GetLayerMediaType() != "":
var found bool
for i, l := range layers {
md, err := l.MediaType()
if err != nil {
e := serror.NewGeneric(
fmt.Errorf("failed to determine the media type of layer[%v] from artifact: %w", i, err),
sourcev1.OCILayerOperationFailedReason,
)
conditions.MarkTrue(obj, sourcev1.FetchFailedCondition, e.Reason, e.Err.Error())
return sreconcile.ResultEmpty, e
}
if string(md) == obj.GetLayerMediaType() {
layer = layers[i]
found = true
break
}
}
if !found {
e := serror.NewGeneric(
fmt.Errorf("failed to find layer with media type '%s' in artifact: %w", obj.GetLayerMediaType(), err),
sourcev1.OCILayerOperationFailedReason,
)
conditions.MarkTrue(obj, sourcev1.FetchFailedCondition, e.Reason, e.Err.Error())
return sreconcile.ResultEmpty, e
}
default:
layer = layers[0]
}
blob, err := layer.Compressed()
if err != nil { if err != nil {
e := serror.NewGeneric( e := serror.NewGeneric(
fmt.Errorf("failed to extract the first layer from artifact: %w", err), fmt.Errorf("failed to extract the first layer from artifact: %w", err),

14
controllers/ocirepository_controller_test.go
View File

@ -80,13 +80,15 @@ func TestOCIRepository_Reconcile(t *testing.T) {
tag string tag string
semver string semver string
digest string digest string
mediaType string
assertArtifact []artifactFixture assertArtifact []artifactFixture
}{ }{
{ {
name: "public tag", name: "public tag",
url: podinfoVersions["6.1.6"].url, url: podinfoVersions["6.1.6"].url,
tag: podinfoVersions["6.1.6"].tag, tag: podinfoVersions["6.1.6"].tag,
digest: podinfoVersions["6.1.6"].digest.Hex, digest: podinfoVersions["6.1.6"].digest.Hex,
mediaType: "application/vnd.docker.image.rootfs.diff.tar.gzip",
assertArtifact: []artifactFixture{ assertArtifact: []artifactFixture{
{ {
expectedPath: "kustomize/deployment.yaml", expectedPath: "kustomize/deployment.yaml",
@ -142,7 +144,9 @@ func TestOCIRepository_Reconcile(t *testing.T) {
if tt.semver != "" { if tt.semver != "" {
obj.Spec.Reference.SemVer = tt.semver obj.Spec.Reference.SemVer = tt.semver
} }
if tt.mediaType != "" {
obj.Spec.LayerSelector = &sourcev1.OCILayerSelector{MediaType: tt.mediaType}
}
g.Expect(testEnv.Create(ctx, obj)).To(Succeed()) g.Expect(testEnv.Create(ctx, obj)).To(Succeed())
key := client.ObjectKey{Name: obj.Name, Namespace: obj.Namespace} key := client.ObjectKey{Name: obj.Name, Namespace: obj.Namespace}

64
docs/api/source.md
View File

@ -968,6 +968,21 @@ defaults to the latest tag.</p>
</tr> </tr>
<tr> <tr>
<td> <td>
<code>layerSelector</code><br>
<em>
<a href="#source.toolkit.fluxcd.io/v1beta2.OCILayerSelector">
OCILayerSelector
</a>
</em>
</td>
<td>
<em>(Optional)</em>
<p>LayerSelector specifies which layer should be extracted from the OCI artifact.
When not specified, the first layer found in the artifact is selected.</p>
</td>
</tr>
<tr>
<td>
<code>provider</code><br> <code>provider</code><br>
<em> <em>
string string
@ -2529,6 +2544,40 @@ string
</table> </table>
</div> </div>
</div> </div>
<h3 id="source.toolkit.fluxcd.io/v1beta2.OCILayerSelector">OCILayerSelector
</h3>
<p>
(<em>Appears on:</em>
<a href="#source.toolkit.fluxcd.io/v1beta2.OCIRepositorySpec">OCIRepositorySpec</a>)
</p>
<p>OCILayerSelector specifies which layer should be extracted from an OCI Artifact</p>
<div class="md-typeset__scrollwrap">
<div class="md-typeset__table">
<table>
<thead>
<tr>
<th>Field</th>
<th>Description</th>
</tr>
</thead>
<tbody>
<tr>
<td>
<code>mediaType</code><br>
<em>
string
</em>
</td>
<td>
<em>(Optional)</em>
<p>MediaType specifies the OCI media type of the layer
which should be extracted from the OCI Artifact.</p>
</td>
</tr>
</tbody>
</table>
</div>
</div>
<h3 id="source.toolkit.fluxcd.io/v1beta2.OCIRepositoryRef">OCIRepositoryRef <h3 id="source.toolkit.fluxcd.io/v1beta2.OCIRepositoryRef">OCIRepositoryRef
</h3> </h3>
<p> <p>
@ -2634,6 +2683,21 @@ defaults to the latest tag.</p>
</tr> </tr>
<tr> <tr>
<td> <td>
<code>layerSelector</code><br>
<em>
<a href="#source.toolkit.fluxcd.io/v1beta2.OCILayerSelector">
OCILayerSelector
</a>
</em>
</td>
<td>
<em>(Optional)</em>
<p>LayerSelector specifies which layer should be extracted from the OCI artifact.
When not specified, the first layer found in the artifact is selected.</p>
</td>
</tr>
<tr>
<td>
<code>provider</code><br> <code>provider</code><br>
<em> <em>
string string