✨ Add oci as assets client

Implemented the oci client to download artifacts from an oci registry.

Signed-off-by: Janis Kemper <[email protected]>
Co-authored-by: Roman Hros <[email protected]>

Author: janiskemper

.github/workflows/test.yml

@@ -69,3 +69,19 @@ jobs:
           GO111MODULE: "on"
           GIT_ACCESS_TOKEN: ${{ secrets.GIT_ACCESS_TOKEN }}
         run: make test-integration-workloadcluster
+
+      - name: Running integration tests github
+        env:
+          GIT_PROVIDER: github
+          GIT_ORG_NAME: SovereignCloudStack
+          GIT_REPOSITORY_NAME: cluster-stacks
+          GO111MODULE: "on"
+          GIT_ACCESS_TOKEN: ${{ secrets.GIT_ACCESS_TOKEN }}
+        run: make test-integration-github
+
+      # - name: Running integration tests oci
+      #   env:
+      #     OCI_REGISTRY: registry.scs.community
+      #     OCI_REPOSITORY: registry.scs.community/csctl-oci/docker
+      #     GO111MODULE: "on"
+      #   run: make test-integration-oci

Makefile

@@ -304,7 +304,7 @@ $(WORKER_CLUSTER_KUBECONFIG):
 KUBEBUILDER_ASSETS ?= $(shell $(SETUP_ENVTEST) use --use-env --bin-dir $(abspath $(TOOLS_BIN_DIR)) -p path $(KUBEBUILDER_ENVTEST_KUBERNETES_VERSION))
 
 .PHONY: test-integration
-test-integration: test-integration-workloadcluster  test-integration-github
+test-integration: test-integration-workloadcluster test-integration-github test-integration-oci
 	echo done
 
 .PHONY: test-unit
@@ -325,6 +325,12 @@ test-integration-github: $(SETUP_ENVTEST) $(GOTESTSUM)
 	CREATE_KIND_CLUSTER=false KUBEBUILDER_ASSETS="$(KUBEBUILDER_ASSETS)" $(GOTESTSUM) --junitfile=.coverage/junit.xml --format testname -- -mod=vendor \
 	-covermode=atomic -coverprofile=.coverage/cover.out -p=1  ./internal/test/integration/github/...
 
+.PHONY: test-integration-oci
+test-integration-oci: $(SETUP_ENVTEST) $(GOTESTSUM)
+	@mkdir -p $(shell pwd)/.coverage
+	CREATE_KIND_CLUSTER=false KUBEBUILDER_ASSETS="$(KUBEBUILDER_ASSETS)" $(GOTESTSUM) --junitfile=.coverage/junit.xml --format testname -- -mod=vendor \
+	-covermode=atomic -coverprofile=.coverage/cover.out -p=1  ./internal/test/integration/oci/...
+
 ##@ Verify
 ##########
 # Verify #

cmd/main.go

@@ -18,6 +18,7 @@ limitations under the License.
 package main
 
 import (
+	"errors"
 	"flag"
 	"fmt"
 	"os"
@@ -31,6 +32,7 @@ import (
 	"github.com/SovereignCloudStack/cluster-stack-operator/pkg/assetsclient"
 	"github.com/SovereignCloudStack/cluster-stack-operator/pkg/assetsclient/fake"
 	"github.com/SovereignCloudStack/cluster-stack-operator/pkg/assetsclient/github"
+	"github.com/SovereignCloudStack/cluster-stack-operator/pkg/assetsclient/oci"
 	"github.com/SovereignCloudStack/cluster-stack-operator/pkg/csoversion"
 	"github.com/SovereignCloudStack/cluster-stack-operator/pkg/kube"
 	"github.com/SovereignCloudStack/cluster-stack-operator/pkg/utillog"
@@ -83,6 +85,7 @@ var (
 	logLevel                       string
 	releaseDir                     string
 	localMode                      bool
+	source                         string
 	qps                            float64
 	burst                          int
 	hookPort                       int
@@ -101,7 +104,8 @@ func main() {
 	flag.IntVar(&clusterAddonConcurrency, "clusteraddon-concurrency", 1, "Number of ClusterAddons to process simultaneously")
 	flag.StringVar(&logLevel, "log-level", "info", "Specifies log level. Options are 'debug', 'info' and 'error'")
 	flag.StringVar(&releaseDir, "release-dir", "/tmp/downloads/", "Specify release directory for cluster-stack releases")
-	flag.BoolVar(&localMode, "local", false, "Enable local mode where no release assets will be downloaded from a remote Git repository. Useful for implementing cluster stacks.")
+	flag.BoolVar(&localMode, "local", false, "Enable local mode where no release assets will be downloaded from a remote repository. Useful for implementing cluster stacks.")
+	flag.StringVar(&source, "source", "github", "Specifies the source from which release assets would be downloaded. Allowed sources are 'github' and 'oci'")
 	flag.Float64Var(&qps, "qps", 50, "Enable custom query per second for kubernetes API server")
 	flag.IntVar(&burst, "burst", 100, "Enable custom burst defines how many queries the API server will accept before enforcing the limit established by qps")
 	flag.IntVar(&hookPort, "hook-port", 9442, "hook server port")
@@ -150,7 +154,15 @@ func main() {
 	if localMode {
 		assetsClientFactory = fake.NewFactory()
 	} else {
-		assetsClientFactory = github.NewFactory()
+		switch source {
+		case "oci":
+			assetsClientFactory = oci.NewFactory()
+		case "github":
+			assetsClientFactory = github.NewFactory()
+		default:
+			setupLog.Error(errors.New("invalid asset source"), "no valid source specified, allowed sources are 'github' and 'oci'")
+			os.Exit(1)
+		}
 	}
 
 	restConfig := mgr.GetConfig()

config/manager/credentials.yaml

@@ -9,3 +9,8 @@ data:
   git-org-name: ${GIT_ORG_NAME_B64:=""}
   git-repo-name: ${GIT_REPOSITORY_NAME_B64:=""}
   git-access-token: ${GIT_ACCESS_TOKEN_B64:=""}
+  oci-registry: ${OCI_REGISTRY_B64:=""}
+  oci-repository: ${OCI_REPOSITORY_B64:=""}
+  oci-access-token: ${OCI_ACCESS_TOKEN_B64:=""}
+  oci-username: ${OCI_USERNAME_B64:=""}
+  oci-password: ${OCI_PASSWORD_B64:=""}

config/manager/manager.yaml

@@ -27,8 +27,6 @@ spec:
       containers:
         - command:
             - /manager
-          args:
-            - --leader-elect=true
           env:
             - name: GIT_PROVIDER
               valueFrom:
@@ -50,6 +48,34 @@ spec:
                 secretKeyRef:
                   name: cso-cluster-stack-variables
                   key: git-access-token
+            - name: OCI_REGISTRY
+              valueFrom:
+                secretKeyRef:
+                  name: cso-cluster-stack-variables
+                  key: oci-registry
+            - name: OCI_REPOSITORY
+              valueFrom:
+                secretKeyRef:
+                  name: cso-cluster-stack-variables
+                  key: oci-repository
+            - name: OCI_ACCESS_TOKEN
+              valueFrom:
+                secretKeyRef:
+                  name: cso-cluster-stack-variables
+                  key: oci-access-token
+            - name: OCI_USERNAME
+              valueFrom:
+                secretKeyRef:
+                  name: cso-cluster-stack-variables
+                  key: oci-username
+            - name: OCI_PASSWORD
+              valueFrom:
+                secretKeyRef:
+                  name: cso-cluster-stack-variables
+                  key: oci-password
+          args:
+            - --leader-elect=true
+            - --log-level=info
           image: controller:latest
           name: manager
           ports:

go.mod

@@ -5,7 +5,7 @@ go 1.22
 require (
 	github.com/go-logr/logr v1.4.2
 	github.com/go-task/slim-sprig v0.0.0-20230315185526-52ccab3ef572
-	github.com/google/cel-go v0.19.0
+	github.com/google/cel-go v0.20.1
 	github.com/google/go-github/v52 v52.0.0
 	github.com/onsi/ginkgo/v2 v2.19.0
 	github.com/onsi/gomega v1.33.1
@@ -17,6 +17,7 @@ require (
 	k8s.io/cli-runtime v0.29.3
 	k8s.io/client-go v0.29.3
 	k8s.io/klog/v2 v2.110.1
+	oras.land/oras-go/v2 v2.5.0
 	sigs.k8s.io/cluster-api v1.7.2
 	sigs.k8s.io/cluster-api/test v1.7.2
 	sigs.k8s.io/controller-runtime v0.17.5
@@ -35,6 +36,8 @@ require (
 	github.com/inconshreveable/mousetrap v1.1.0 // indirect
 	github.com/mattn/go-isatty v0.0.20 // indirect
 	github.com/matttproud/golang_protobuf_extensions/v2 v2.0.0 // indirect
+	github.com/opencontainers/go-digest v1.0.0 // indirect
+	github.com/opencontainers/image-spec v1.1.0 // indirect
 	github.com/pelletier/go-toml v1.9.5 // indirect
 	github.com/pkg/errors v0.9.1 // indirect
 	github.com/pmezard/go-difflib v1.0.0 // indirect

go.sum

@@ -90,8 +90,8 @@ github.com/golang/protobuf v1.4.0/go.mod h1:jodUvKwWbYaEsadDk5Fwe5c77LiNKVO9IDvq
 github.com/golang/protobuf v1.4.1/go.mod h1:U8fpvMrcmy5pZrNK1lt4xCsGvpyWQ/VVv6QDs8UjoX8=
 github.com/golang/protobuf v1.5.4 h1:i7eJL8qZTpSEXOPTxNKhASYpMn+8e5Q6AdndVa1dWek=
 github.com/golang/protobuf v1.5.4/go.mod h1:lnTiLA8Wa4RWRcIUkrtSVa5nRhsEGBg48fD6rSs7xps=
-github.com/google/cel-go v0.19.0 h1:vVgaZoHPBDd1lXCYGQOh5A06L4EtuIfmqQ/qnSXSKiU=
-github.com/google/cel-go v0.19.0/go.mod h1:kWcIzTsPX0zmQ+H3TirHstLLf9ep5QTsZBN9u4dOYLg=
+github.com/google/cel-go v0.20.1 h1:nDx9r8S3L4pE61eDdt8igGj8rf5kjYR3ILxWIpWNi84=
+github.com/google/cel-go v0.20.1/go.mod h1:kWcIzTsPX0zmQ+H3TirHstLLf9ep5QTsZBN9u4dOYLg=
 github.com/google/gnostic-models v0.6.8 h1:yo/ABAfM5IMRsS1VnXjTBvUb61tFIHozhlYvRgGre9I=
 github.com/google/gnostic-models v0.6.8/go.mod h1:5n7qKqH0f5wFt+aWF8CW6pZLLNOfYuF5OpfBSENuI8U=
 github.com/google/go-cmp v0.2.0/go.mod h1:oXzfMopK8JAjlY9xF4vHSVASa0yLyX7SntLO5aqRK0M=
@@ -163,6 +163,8 @@ github.com/onsi/gomega v1.33.1 h1:dsYjIxxSR755MDmKVsaFQTE22ChNBcuuTWgkUDSubOk=
 github.com/onsi/gomega v1.33.1/go.mod h1:U4R44UsT+9eLIaYRB2a5qajjtQYn0hauxvRm16AVYg0=
 github.com/opencontainers/go-digest v1.0.0 h1:apOUWs51W5PlhuyGyz9FCeeBIOUDA/6nW8Oi/yOhh5U=
 github.com/opencontainers/go-digest v1.0.0/go.mod h1:0JzlMkj0TRzQZfJkVvzbP0HBR3IKzErnv2BNG4W4MAM=
+github.com/opencontainers/image-spec v1.1.0 h1:8SG7/vwALn54lVB/0yZ/MMwhFrPYtpEHQb2IpWsCzug=
+github.com/opencontainers/image-spec v1.1.0/go.mod h1:W4s4sFTMaBeK1BQLXbG4AdM2szdn85PY75RI83NrTrM=
 github.com/pelletier/go-toml v1.9.5 h1:4yBQzkHv+7BHq2PQUZF3Mx0IYxG7LsP222s7Agd3ve8=
 github.com/pelletier/go-toml v1.9.5/go.mod h1:u1nR/EPcESfeI/szUZKdtJ0xRNbUoANCkoOuaOx1Y+c=
 github.com/pkg/errors v0.9.1 h1:FEBLx1zS214owpjy7qsBeixbURkuhQAwrK5UwLGTwt4=
@@ -352,6 +354,8 @@ k8s.io/kube-openapi v0.0.0-20231010175941-2dd684a91f00 h1:aVUu9fTY98ivBPKR9Y5w/A
 k8s.io/kube-openapi v0.0.0-20231010175941-2dd684a91f00/go.mod h1:AsvuZPBlUDVuCdzJ87iajxtXuR9oktsTctW/R9wwouA=
 k8s.io/utils v0.0.0-20231127182322-b307cd553661 h1:FepOBzJ0GXm8t0su67ln2wAZjbQ6RxQGZDnzuLcrUTI=
 k8s.io/utils v0.0.0-20231127182322-b307cd553661/go.mod h1:OLgZIPagt7ERELqWJFomSt595RzquPNLL48iOWgYOg0=
+oras.land/oras-go/v2 v2.5.0 h1:o8Me9kLY74Vp5uw07QXPiitjsw7qNXi8Twd+19Zf02c=
+oras.land/oras-go/v2 v2.5.0/go.mod h1:z4eisnLP530vwIOUOJeBIj0aGI0L1C3d53atvCBqZHg=
 sigs.k8s.io/cluster-api v1.7.2 h1:bRE8zoao7ajuLC0HijqfZVcubKQCPlZ04HMgcA53FGE=
 sigs.k8s.io/cluster-api v1.7.2/go.mod h1:V9ZhKLvQtsDODwjXOKgbitjyCmC71yMBwDcMyNNIov0=
 sigs.k8s.io/cluster-api/test v1.7.2 h1:muacGu5G/DGz2uTv3CUxml2QLi8fxbIra4CxA2S31KE=

internal/controller/clusterstack_controller.go

@@ -113,7 +113,7 @@ func (r *ClusterStackReconciler) Reconcile(ctx context.Context, req reconcile.Re
 	var latest *string
 
 	if clusterStack.Spec.AutoSubscribe {
-		gc, err := r.AssetsClientFactory.NewClient(ctx)
+		ac, err := r.AssetsClientFactory.NewClient(ctx)
 		if err != nil {
 			isSet := conditions.IsFalse(clusterStack, csov1alpha1.AssetsClientAPIAvailableCondition)
 			conditions.MarkFalse(clusterStack,
@@ -133,7 +133,7 @@ func (r *ClusterStackReconciler) Reconcile(ctx context.Context, req reconcile.Re
 
 		conditions.MarkTrue(clusterStack, csov1alpha1.AssetsClientAPIAvailableCondition)
 
-		latest, err = getLatestReleaseFromRemoteRepository(ctx, clusterStack, gc)
+		latest, err = getLatestReleaseFromRemoteRepository(ctx, clusterStack, ac)
 		if err != nil {
 			// only log error and mark condition as false, but continue
 			conditions.MarkFalse(clusterStack,

internal/test/integration/github/integration_test.go

@@ -144,7 +144,7 @@ var _ = Describe("ClusterStackReconciler", func() {
 
 			clusterStackKey = types.NamespacedName{Name: clusterStack.Name, Namespace: testNs.Name}
 
-			cs, err := clusterstack.New(clusterStack.Spec.Provider, clusterStack.Spec.Name, clusterStack.Spec.KubernetesVersion, version)
+			cs, err := clusterstack.New(clusterStack.Spec.Provider, clusterStack.Spec.Name, clusterStack.Spec.KubernetesVersion, "v2")
 			Expect(err).To(BeNil())
 
 			clusterStackReleaseKey = types.NamespacedName{Name: cs.String(), Namespace: testNs.Name}

internal/test/integration/oci/integration_suite_test.go

@@ -0,0 +1,93 @@
+/*
+Copyright 2023 The Kubernetes Authors.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
+package oci
+
+import (
+	"path/filepath"
+	"testing"
+	"time"
+
+	"github.com/SovereignCloudStack/cluster-stack-operator/internal/controller"
+	"github.com/SovereignCloudStack/cluster-stack-operator/internal/test/helpers"
+	ociclient "github.com/SovereignCloudStack/cluster-stack-operator/pkg/assetsclient/oci"
+	"github.com/SovereignCloudStack/cluster-stack-operator/pkg/kube"
+	fakekube "github.com/SovereignCloudStack/cluster-stack-operator/pkg/kube/fake"
+	fakeworkloadcluster "github.com/SovereignCloudStack/cluster-stack-operator/pkg/workloadcluster/fake"
+	. "github.com/onsi/ginkgo/v2"
+	. "github.com/onsi/gomega"
+	ctrl "sigs.k8s.io/controller-runtime"
+	controllerruntimecontroller "sigs.k8s.io/controller-runtime/pkg/controller"
+)
+
+const (
+	timeout    = time.Second * 10
+	interval   = 1000 * time.Millisecond
+	releaseDir = "/tmp/downloads"
+)
+
+func TestControllers(t *testing.T) {
+	RegisterFailHandler(Fail)
+	RunSpecs(t, "Controller Suite")
+}
+
+var (
+	ctx     = ctrl.SetupSignalHandler()
+	testEnv *helpers.TestEnvironment
+)
+
+var _ = BeforeSuite(func() {
+	testEnv = helpers.NewTestEnvironment()
+
+	Expect((&controller.ClusterStackReconciler{
+		Client:              testEnv.Manager.GetClient(),
+		AssetsClientFactory: ociclient.NewFactory(),
+		ReleaseDirectory:    releaseDir,
+	}).SetupWithManager(ctx, testEnv.Manager, controllerruntimecontroller.Options{})).To(Succeed())
+
+	Expect((&controller.ClusterStackReleaseReconciler{
+		Client:              testEnv.Manager.GetClient(),
+		RESTConfig:          testEnv.Manager.GetConfig(),
+		KubeClientFactory:   kube.NewFactory(),
+		AssetsClientFactory: ociclient.NewFactory(),
+		ReleaseDirectory:    releaseDir,
+	}).SetupWithManager(ctx, testEnv.Manager, controllerruntimecontroller.Options{})).To(Succeed())
+
+	Expect((&controller.ClusterAddonCreateReconciler{
+		Client: testEnv.Manager.GetClient(),
+	}).SetupWithManager(ctx, testEnv.Manager, controllerruntimecontroller.Options{})).To(Succeed())
+
+	Expect((&controller.ClusterAddonReconciler{
+		Client:                 testEnv.Manager.GetClient(),
+		KubeClientFactory:      fakekube.NewFactory(),
+		ReleaseDirectory:       filepath.Join(releaseDir, "cluster-stacks"),
+		WorkloadClusterFactory: fakeworkloadcluster.NewFactory(),
+	}).SetupWithManager(ctx, testEnv.Manager, controllerruntimecontroller.Options{})).To(Succeed())
+
+	go func() {
+		defer GinkgoRecover()
+		Expect(testEnv.StartManager(ctx)).To(Succeed())
+	}()
+
+	<-testEnv.Manager.Elected()
+
+	// wait for webhook port to be open prior to running tests
+	testEnv.WaitForWebhooks()
+})
+
+var _ = AfterSuite(func() {
+	Expect(testEnv.Stop()).To(Succeed())
+})