Address follow-ups: metadata reading, cert/key path for registry, remove crane.Insecure

Signed-off-by: dtfranz <[email protected]>

Author: dtfranz

Makefile

@@ -167,8 +167,8 @@ test-unit: $(SETUP_ENVTEST) #HELP Run the unit tests
 
 E2E_REGISTRY_IMAGE=localhost/e2e-test-registry:devel
 image-registry: ## Build the testdata catalog used for e2e tests and push it to the image registry
-	go build -o ./testdata/registry/bin/registry ./testdata/registry/registry.go
-	go build -o ./testdata/push/bin/push         ./testdata/push/push.go
+	go build $(GO_BUILD_FLAGS) -tags '$(GO_BUILD_TAGS)' -ldflags '$(GO_BUILD_LDFLAGS)' -gcflags '$(GO_BUILD_GCFLAGS)' -asmflags '$(GO_BUILD_ASMFLAGS)' -o ./testdata/registry/bin/registry ./testdata/registry/registry.go
+	go build $(GO_BUILD_FLAGS) -tags '$(GO_BUILD_TAGS)' -ldflags '$(GO_BUILD_LDFLAGS)' -gcflags '$(GO_BUILD_GCFLAGS)' -asmflags '$(GO_BUILD_ASMFLAGS)' -o ./testdata/push/bin/push         ./testdata/push/push.go
 	$(CONTAINER_RUNTIME) build -f ./testdata/Dockerfile -t $(E2E_REGISTRY_IMAGE) ./testdata
 	$(CONTAINER_RUNTIME) save $(E2E_REGISTRY_IMAGE) | $(KIND) load image-archive /dev/stdin --name $(KIND_CLUSTER_NAME)
 	./testdata/build-test-registry.sh $(E2E_REGISTRY_NAMESPACE) $(E2E_REGISTRY_NAME) $(E2E_REGISTRY_IMAGE)

testdata/Dockerfile

@@ -1,4 +1,4 @@
-from gcr.io/distroless/static:debug-nonroot
+from gcr.io/distroless/static:nonroot
 
 WORKDIR /
 

testdata/build-test-registry.sh

@@ -122,16 +122,14 @@ spec:
         command:
         - /push
         args: 
-        - "--registry-address=${name}:5000"
+        - "--registry-address=${name}.${namespace}.svc:5000"
         - "--images-path=/images"
         volumeMounts:
         - name: certs-vol
           mountPath: "/certs"
         env:
-        - name: REGISTRY_HTTP_TLS_CERTIFICATE
-          value: "/certs/tls.crt"
-        - name: REGISTRY_HTTP_TLS_KEY
-          value: "/certs/tls.key"
+        - name: SSL_CERT_DIR
+          value: "/certs/"
       volumes:
         - name: certs-vol
           secret:

testdata/push/README.md

@@ -15,7 +15,9 @@ $ tree ./testdata/images/
 ./testdata/images/
 ├── bundles
 │   └── prometheus-operator
-│       └── v2.0.0
+│       └── v1.0.0
+│           ├── metadata
+│           │   └── annotations.yaml
 │           └── manifests
 │               └── example.yaml
 └── catalogs
@@ -29,4 +31,16 @@ $ tree ./testdata/images/
 ```
 The inside of each tag folder will be placed directly into `/` of the built container i.e. `test-catalog:v1` will have `/configs/catalog.yaml`. 
 
-To add a new image or tag to the tool, simply create the folders required and populate them with the files to be mounted - no other action should be necessary.
+To add a new image or tag for the tool, create the folders required and populate them with the files to be mounted. Bundle images requiring metadata should contain a `metadata` folder with `annotations.yaml`. Example content:
+```yaml
+annotations:
+  # Core bundle annotations.
+  operators.operatorframework.io.bundle.mediatype.v1: registry+v1
+  operators.operatorframework.io.bundle.manifests.v1: manifests/
+  operators.operatorframework.io.bundle.metadata.v1: metadata/
+  operators.operatorframework.io.bundle.package.v1: prometheus
+  operators.operatorframework.io.bundle.channels.v1: beta
+  operators.operatorframework.io.metrics.builder: operator-sdk-v1.28.0
+  operators.operatorframework.io.metrics.mediatype.v1: metrics+v1
+  operators.operatorframework.io.metrics.project_layout: unknown
+```

testdata/push/push.go

@@ -6,6 +6,7 @@ import (
 	"io/fs"
 	"log"
 	"os"
+	"strings"
 
 	"github.com/google/go-containerregistry/pkg/crane"
 	v1 "github.com/google/go-containerregistry/pkg/v1"
@@ -29,7 +30,7 @@ func main() {
 	pflag.CommandLine.AddGoFlagSet(flag.CommandLine)
 	pflag.Parse()
 
-	log.Printf("registry configured with path %s, listening on %s", imagesPath, registryAddr)
+	log.Printf("push operation configured with images path %s and destination %s", imagesPath, registryAddr)
 
 	bundlesFullPath := fmt.Sprintf("%s/%s", imagesPath, bundlesSubPath)
 	catalogsFullPath := fmt.Sprintf("%s/%s", imagesPath, catalogsSubPath)
@@ -42,16 +43,14 @@ func main() {
 	if err != nil {
 		log.Fatalf("failed to build catalogs: %s", err.Error())
 	}
-
 	// Push the images
-	// TODO without insecure option
 	for name, image := range bundles {
-		if err := crane.Push(image, fmt.Sprintf("%s/%s", registryAddr, name), crane.Insecure); err != nil {
+		if err := crane.Push(image, fmt.Sprintf("%s/%s", registryAddr, name)); err != nil {
 			log.Fatalf("failed to push bundle images: %s", err.Error())
 		}
 	}
 	for name, image := range catalogs {
-		if err := crane.Push(image, fmt.Sprintf("%s/%s", registryAddr, name), crane.Insecure); err != nil {
+		if err := crane.Push(image, fmt.Sprintf("%s/%s", registryAddr, name)); err != nil {
 			log.Fatalf("failed to push catalog images: %s", err.Error())
 		}
 	}
@@ -60,26 +59,25 @@ func main() {
 }
 
 func buildBundles(path string) (map[string]v1.Image, error) {
-	bundles, err := processImageDirTree(path, "bundles/registry-v1/")
+	bundles, err := processImageDirTree(path)
 	if err != nil {
 		return nil, err
 	}
+	mutatedMap := make(map[string]v1.Image, 0)
 	// Apply required bundle labels
 	for key, img := range bundles {
-		//TODO
-		labels, err := getBundleLabels(fmt.Sprintf("%s/%s", path, "prometheus-operator/v1.0.0/metadata/annotations.yaml"))
+		// Replace ':' between image name and image tag for file path
+		metadataPath := strings.Replace(key, ":", "/", 1)
+		labels, err := getBundleLabels(fmt.Sprintf("%s/%s/%s", path, metadataPath, "metadata/annotations.yaml"))
 		if err != nil {
 			return nil, err
 		}
-		cfg := v1.Config{
-			Labels: labels,
-		}
-		bundles[key], err = mutate.Config(img, cfg)
+		mutatedMap[fmt.Sprintf("bundles/registry-v1/%s", key)], err = mutate.Config(img, v1.Config{Labels: labels})
 		if err != nil {
 			return nil, fmt.Errorf("failed to apply image labels: %w", err)
 		}
 	}
-	return bundles, nil
+	return mutatedMap, nil
 }
 
 type bundleAnnotations struct {
@@ -100,26 +98,27 @@ func getBundleLabels(path string) (map[string]string, error) {
 }
 
 func buildCatalogs(path string) (map[string]v1.Image, error) {
-	catalogs, err := processImageDirTree(path, "e2e/")
+	catalogs, err := processImageDirTree(path)
 	if err != nil {
 		return nil, err
 	}
+	mutatedMap := make(map[string]v1.Image, 0)
 	// Apply required catalog label
 	for key, img := range catalogs {
 		cfg := v1.Config{
 			Labels: map[string]string{
 				"operators.operatorframework.io.index.configs.v1": "/configs",
 			},
 		}
-		catalogs[key], err = mutate.Config(img, cfg)
+		mutatedMap[fmt.Sprintf("e2e/%s", key)], err = mutate.Config(img, cfg)
 		if err != nil {
 			return nil, fmt.Errorf("failed to apply image labels: %w", err)
 		}
 	}
-	return catalogs, nil
+	return mutatedMap, nil
 }
 
-func processImageDirTree(path string, repoPrefix string) (map[string]v1.Image, error) {
+func processImageDirTree(path string) (map[string]v1.Image, error) {
 	imageMap := make(map[string]v1.Image, 0)
 	images, err := os.ReadDir(path)
 	if err != nil {
@@ -153,7 +152,7 @@ func processImageDirTree(path string, repoPrefix string) (map[string]v1.Image, e
 			if err != nil {
 				return nil, fmt.Errorf("failed to generate image: %w", err)
 			}
-			imageMap[fmt.Sprintf("%s%s:%s", repoPrefix, entry.Name(), tag.Name())] = image
+			imageMap[fmt.Sprintf("%s:%s", entry.Name(), tag.Name())] = image
 		}
 	}
 	return imageMap, nil

testdata/registry/README.md

@@ -8,9 +8,8 @@ Usage of registry:
       --registry-address string   The address the registry binds to. (default ":12345")
 ```
 
-<!--TODO makes these arguments-->
-The server key and cert should be placed in:
+The server key and cert locations should be set under the following environment variables:
 ```
-	certPath = "/certs/tls.crt"
-	keyPath  = "/certs/tls.key"
+	REGISTRY_HTTP_TLS_CERTIFICATE
+	REGISTRY_HTTP_TLS_KEY
 ```

testdata/registry/registry.go

@@ -4,15 +4,16 @@ import (
 	"flag"
 	"log"
 	"net/http"
+	"os"
 	"time"
 
 	"github.com/google/go-containerregistry/pkg/registry"
 	"github.com/spf13/pflag"
 )
 
 const (
-	certPath = "/certs/tls.crt"
-	keyPath  = "/certs/tls.key"
+	certEnv = "REGISTRY_HTTP_TLS_CERTIFICATE"
+	keyEnv  = "REGISTRY_HTTP_TLS_KEY"
 )
 
 func main() {
@@ -30,7 +31,7 @@ func main() {
 		WriteTimeout: 60 * time.Second,
 	}
 
-	err := s.ListenAndServeTLS(certPath, keyPath)
+	err := s.ListenAndServeTLS(os.Getenv(certEnv), os.Getenv(keyEnv))
 	if err != nil {
 		log.Fatalf("failed to start image registry: %s", err.Error())
 	}