Adjust deploy input normalization produce valid inputs

tianon · tianon · commit dfb595a41e7f · 2025-02-03T15:48:13.000-08:00
The new `deploy --dry-run` feature relies on the assumption that JSON-ified normalized input objects are valid input back, which wasn't an assumption we were validating.

This adjusts `TestNormalizeInput` to take the output of normalization and pass it back through for an added "roundtrip" test.  In doing so, I found a single edge case where our normalized objects were *not* valid/correct inputs (tag-&gt;tag copy of a manifest) and made a minor adjustment to the normalization to close that hole.

I also added a new test case for that edge case, and made sure *it* round-trips correctly too.
diff --git a/.test/deploy-dry-run-test.json b/.test/deploy-dry-run-test.json
@@ -347,7 +347,7 @@
 		"localhost:3000/cirros"
 	],
 	"lookup": {
-		"": "oisupport/staging-amd64"
+		"": "oisupport/staging-amd64:34bb44c7d8b6fb7a337fcee0afa7c3a84148e35db6ab83041714c3e6d4c6238b"
 	},
 	"copyFrom": "oisupport/staging-amd64:34bb44c7d8b6fb7a337fcee0afa7c3a84148e35db6ab83041714c3e6d4c6238b"
 }
@@ -381,5 +381,5 @@
 	"lookup": {
 		"": "tianon/test"
 	},
-	"copyFrom": "tianon/test:eeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeee@sha256:73614cc99c500aa4fa061368ed349df24a81844e3c2e6d0c31f290a7c8d73c22"
+	"copyFrom": "tianon/test@sha256:73614cc99c500aa4fa061368ed349df24a81844e3c2e6d0c31f290a7c8d73c22"
 }
diff --git a/cmd/deploy/input.go b/cmd/deploy/input.go
@@ -223,8 +223,17 @@ func NormalizeInput(raw inputRaw) (inputNormalized, error) {
 		normal.Refs[i].Digest = refsDigest
 	}
 
+	// if we have a digest and we're performing a copy, the tag we're copying *from* is no longer relevant information
+	if refsDigest != "" && normal.CopyFrom != nil {
+		normal.CopyFrom.Tag = ""
+	}
+
 	// explicitly clear tag and digest from lookup entries (now that we've inferred any "CopyFrom" out of them, they no longer have any meaning)
 	for d, ref := range normal.Lookup {
+		if d == "" && refsDigest == "" && ref.Tag != "" && normal.CopyFrom != nil && ref.Tag == normal.CopyFrom.Tag {
+			// let the "fallback" ref keep a tag when it's the tag we're copying and there's no known digest (this allows our normalized objects to still be completely valid "raw" inputs)
+			continue
+		}
 		ref.Tag = ""
 		ref.Digest = ""
 		normal.Lookup[d] = ref
diff --git a/cmd/deploy/input_test.go b/cmd/deploy/input_test.go
@@ -368,7 +368,16 @@ func TestNormalizeInput(t *testing.T) {
 				"refs": [ "localhost:5000/example:test" ],
 				"lookup": { "": "tianon/true:oci" }
 			}`,
-			`{"type":"manifest","refs":["localhost:5000/example:test"],"lookup":{"":"tianon/true"},"copyFrom":"tianon/true:oci"}`,
+			`{"type":"manifest","refs":["localhost:5000/example:test"],"lookup":{"":"tianon/true:oci"},"copyFrom":"tianon/true:oci"}`,
+		},
+		{
+			"copy manifest (tag and digest)",
+			`{
+				"type": "manifest",
+				"refs": [ "localhost:5000/example:test" ],
+				"lookup": { "": "tianon/true:oci@sha256:9ef42f1d602fb423fad935aac1caa0cfdbce1ad7edce64d080a4eb7b13f7cd9d" }
+			}`,
+			`{"type":"manifest","refs":["localhost:5000/example:test@sha256:9ef42f1d602fb423fad935aac1caa0cfdbce1ad7edce64d080a4eb7b13f7cd9d"],"lookup":{"":"tianon/true"},"copyFrom":"tianon/true@sha256:9ef42f1d602fb423fad935aac1caa0cfdbce1ad7edce64d080a4eb7b13f7cd9d"}`,
 		},
 
 		{
@@ -431,19 +440,41 @@ func TestNormalizeInput(t *testing.T) {
 	} {
 		x := x // https://github.com/golang/go/issues/60078
 		t.Run(x.name, func(t *testing.T) {
-			var raw inputRaw
-			if err := json.Unmarshal([]byte(x.raw), &raw); err != nil {
-				t.Fatalf("JSON parse error: %v", err)
-			}
-			normal, err := NormalizeInput(raw)
-			if err != nil {
-				t.Fatalf("normalize error: %v", err)
-			}
-			if b, err := json.Marshal(normal); err != nil {
-				t.Fatalf("JSON generate error: %v", err)
-			} else if string(b) != x.normal {
-				t.Fatalf("got:\n%s\n\nexpected:\n%s\n", string(b), x.normal)
+			var b []byte // this will hold the final "normalized" JSON (so we can test round-trip afterwards)
+
+			{ // start a sub-block to ensure variable scoping is clean and roundtrip has to error if there's a typo
+				var raw inputRaw
+				if err := json.Unmarshal([]byte(x.raw), &raw); err != nil {
+					t.Fatalf("JSON parse error: %v", err)
+				}
+				normal, err := NormalizeInput(raw)
+				if err != nil {
+					t.Fatalf("normalize error: %v", err)
+				}
+				b, err = json.Marshal(normal)
+				if err != nil {
+					t.Fatalf("JSON generate error: %v", err)
+				} else if string(b) != x.normal {
+					t.Fatalf("got:\n%s\n\nexpected:\n%s\n", string(b), x.normal)
+				}
 			}
+
+			t.Run("roundtrip", func(t *testing.T) {
+				// now that we've tested that, let's round trip the normalized copy back through the normalizer to make sure it's valid/correctly parsed input too ("deploy --dry-run" leans on that assumption)
+				var raw inputRaw
+				if err := json.Unmarshal(b, &raw); err != nil {
+					t.Fatalf("JSON parse error: %v", err)
+				}
+				normal, err := NormalizeInput(raw)
+				if err != nil {
+					t.Fatalf("normalize error: %v", err)
+				}
+				if roundtripB, err := json.Marshal(normal); err != nil {
+					t.Fatalf("JSON generate error: %v", err)
+				} else if string(roundtripB) != x.normal {
+					t.Fatalf("got:\n%s\n\nexpected:\n%s\n", string(roundtripB), x.normal)
+				}
+			})
 		})
 	}
 }
