Introduce nfd client tool with a subset of image compatibility commands

Signed-off-by: Marcin Franczyk <[email protected]>

Author: mfranczy

Makefile

@@ -90,7 +90,7 @@ IMAGE_BUILD_ARGS_MINIMAL = --target minimal \
 
 all: image
 
-BUILD_BINARIES := nfd-master nfd-worker nfd-topology-updater nfd-gc kubectl-nfd
+BUILD_BINARIES := nfd-master nfd-worker nfd-topology-updater nfd-gc kubectl-nfd nfd
 
 build-%:
 	$(GO_CMD) build -v -o bin/ $(BUILD_FLAGS) ./cmd/$*

cmd/nfd/main.go

@@ -0,0 +1,27 @@
+/*
+Copyright 2024 The Kubernetes Authors.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
+package main
+
+import (
+	"sigs.k8s.io/node-feature-discovery/cmd/nfd/subcmd"
+)
+
+const ProgramName = "nfd"
+
+func main() {
+	subcmd.Execute()
+}

cmd/nfd/subcmd/compat/compat.go

@@ -0,0 +1,36 @@
+/*
+Copyright 2024 The Kubernetes Authors.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
+package compat
+
+import (
+	"fmt"
+	"os"
+
+	"github.com/spf13/cobra"
+)
+
+var CompatCmd = &cobra.Command{
+	Use:   "compat",
+	Short: "Image compatibility commands",
+}
+
+func Execute() {
+	if err := CompatCmd.Execute(); err != nil {
+		fmt.Println(err)
+		os.Exit(1)
+	}
+}

cmd/nfd/subcmd/compat/options/platform.go

@@ -0,0 +1,70 @@
+/*
+Copyright 2024 The Kubernetes Authors.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
+package options
+
+import (
+	"fmt"
+	"runtime"
+	"strings"
+
+	ocispec "github.com/opencontainers/image-spec/specs-go/v1"
+	"github.com/spf13/cobra"
+)
+
+// PlatformOption represents
+type PlatformOption struct {
+	// PlatformStr contains the raw platform argument provided by the user.
+	PlatformStr string
+	// Platform represents the OCI platform specification, built from PlatformStr.
+	Platform *ocispec.Platform
+}
+
+// Parse takes the PlatformStr argument provided by the user
+// to build OCI platform specification.
+func (opt *PlatformOption) Parse(*cobra.Command) error {
+	var pStr string
+
+	if opt.PlatformStr == "" {
+		return nil
+	}
+
+	platform := &ocispec.Platform{}
+	pStr, platform.OSVersion, _ = strings.Cut(opt.PlatformStr, ":")
+	parts := strings.Split(pStr, "/")
+
+	switch len(parts) {
+	case 3:
+		platform.Variant = parts[2]
+		fallthrough
+	case 2:
+		platform.Architecture = parts[1]
+	case 1:
+		platform.Architecture = runtime.GOARCH
+	default:
+		return fmt.Errorf("failed to parse platform %q: expected format os[/arch[/variant]]", opt.PlatformStr)
+	}
+
+	platform.OS = parts[0]
+	if platform.OS == "" {
+		return fmt.Errorf("invalid platform: OS cannot be empty")
+	}
+	if platform.Architecture == "" {
+		return fmt.Errorf("invalid platform: Architecture cannot be empty")
+	}
+	opt.Platform = platform
+	return nil
+}

cmd/nfd/subcmd/compat/validate-node.go

@@ -0,0 +1,224 @@
+/*
+Copyright 2024 The Kubernetes Authors.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
+package compat
+
+import (
+	"context"
+	"encoding/json"
+	"fmt"
+	"io"
+	"os"
+	"strings"
+	"time"
+
+	"github.com/jedib0t/go-pretty/v6/table"
+	"github.com/jedib0t/go-pretty/v6/text"
+	"github.com/spf13/cobra"
+	"oras.land/oras-go/v2/registry"
+
+	"sigs.k8s.io/node-feature-discovery/cmd/nfd/subcmd/compat/options"
+	artifactcli "sigs.k8s.io/node-feature-discovery/pkg/client-nfd/compat/artifact-client"
+	nodevalidator "sigs.k8s.io/node-feature-discovery/pkg/client-nfd/compat/node-validator"
+	"sigs.k8s.io/node-feature-discovery/source"
+)
+
+var (
+	image      string
+	tags       []string
+	platform   options.PlatformOption
+	plainHTTP  bool
+	outputJSON bool
+
+	// secrets
+	readPassword    bool
+	readAccessToken bool
+	username        string
+	password        string
+	accessToken     string
+)
+
+var validateNodeCmd = &cobra.Command{
+	Use:   "validate-node",
+	Short: "Perform node validation based on its associated image compatibility artifact",
+	PreRunE: func(cmd *cobra.Command, args []string) error {
+		var err error
+
+		if err = platform.Parse(cmd); err != nil {
+			return err
+		}
+
+		if readAccessToken && readPassword {
+			return fmt.Errorf("cannot use --read-access-token and --read-password at the same time")
+		} else if readAccessToken {
+			accessToken, err = readStdin()
+			if err != nil {
+				return err
+			}
+		} else if readPassword {
+			password, err = readStdin()
+			if err != nil {
+				return err
+			}
+		}
+
+		return nil
+	},
+	RunE: func(cmd *cobra.Command, args []string) error {
+		ctx, cancel := context.WithTimeout(context.Background(), time.Minute)
+		defer cancel()
+
+		ref, err := registry.ParseReference(image)
+		if err != nil {
+			return err
+		}
+
+		sources := map[string]source.FeatureSource{}
+		for k, v := range source.GetAllFeatureSources() {
+			if ts, ok := v.(source.SupplementalSource); ok && ts.DisableByDefault() {
+				continue
+			}
+			sources[k] = v
+		}
+
+		authOpt := artifactcli.WithAuthDefault()
+		if username != "" && password != "" {
+			authOpt = artifactcli.WithAuthPassword(username, password)
+		} else if accessToken != "" {
+			authOpt = artifactcli.WithAuthToken(accessToken)
+		}
+
+		ac := artifactcli.New(
+			&ref,
+			artifactcli.WithArgs(artifactcli.Args{PlainHttp: plainHTTP}),
+			artifactcli.WithPlatform(platform.Platform),
+			authOpt,
+		)
+
+		nv := nodevalidator.New(
+			nodevalidator.WithArgs(&nodevalidator.Args{Tags: tags}),
+			nodevalidator.WithArtifactClient(ac),
+			nodevalidator.WithSources(sources),
+		)
+
+		out, err := nv.Execute(ctx)
+		if err != nil {
+			return err
+		}
+		if outputJSON {
+			b, err := json.Marshal(out)
+			if err != nil {
+				return err
+			}
+			fmt.Printf("%s", b)
+		} else {
+			pprintResult(out)
+		}
+
+		return nil
+	},
+}
+
+func readStdin() (string, error) {
+	secretRaw, err := io.ReadAll(os.Stdin)
+	if err != nil {
+		return "", err
+	}
+	secret := strings.TrimSuffix(string(secretRaw), "\n")
+	secret = strings.TrimSuffix(secret, "\r")
+
+	return secret, nil
+}
+
+func pprintResult(css []*nodevalidator.CompatibilityStatus) {
+	for i, cs := range css {
+		fmt.Print(text.Colors{text.FgCyan, text.Bold}.Sprintf("COMPATIBILITY SET #%d ", i+1))
+		fmt.Print(text.FgCyan.Sprintf("Weight: %d", cs.Weight))
+		if cs.Tag != "" {
+			fmt.Print(text.FgCyan.Sprintf("; Tag: %s", cs.Tag))
+		}
+		fmt.Println()
+		fmt.Println(text.FgWhite.Sprintf("Description: %s", cs.Description))
+
+		for _, r := range cs.Rules {
+			printTable(r)
+		}
+		fmt.Println()
+	}
+}
+
+func printTable(rs nodevalidator.ProcessedRuleStatus) {
+	t := table.NewWriter()
+	t.SetStyle(table.StyleLight)
+	t.SetOutputMirror(os.Stdout)
+	t.Style().Format.Header = text.FormatDefault
+	t.SetAutoIndex(true)
+
+	validTxt := text.BgRed.Sprint(" FAIL ")
+	if rs.IsMatch {
+		validTxt = text.BgGreen.Sprint(" OK ")
+	}
+	ruleTxt := strings.ToUpper(fmt.Sprintf("rule: %s", rs.Name))
+
+	t.SetTitle(text.Bold.Sprintf("%s - %s", ruleTxt, validTxt))
+	t.AppendHeader(table.Row{"Feature", "Expression", "Matcher Type", "Status"})
+
+	if mf := rs.MatchedExpressions; len(mf) > 0 {
+		renderMatchFeatures(t, mf)
+	}
+	if ma := rs.MatchedAny; len(ma) > 0 {
+		for _, elem := range ma {
+			t.AppendSeparator()
+			renderMatchFeatures(t, elem.MatchedExpressions)
+		}
+	}
+	t.Render()
+}
+
+func renderMatchFeatures(t table.Writer, matchedExpressions []nodevalidator.MatchedExpression) {
+	for _, fm := range matchedExpressions {
+		fullFeatureDomain := fm.Feature
+		if fm.Name != "" {
+			fullFeatureDomain = fmt.Sprintf("%s.%s", fm.Feature, fm.Name)
+		}
+
+		addTableRows(t, fullFeatureDomain, fm.Expression.String(), fm.MatcherType, fm.IsMatch)
+	}
+}
+
+func addTableRows(t table.Writer, fullFeatureDomain, expression string, matcherType nodevalidator.MatcherType, isMatch bool) {
+	status := text.FgHiRed.Sprint("FAIL")
+	if isMatch {
+		status = text.FgHiGreen.Sprint("OK")
+	}
+	t.AppendRow(table.Row{fullFeatureDomain, expression, matcherType, status})
+}
+
+func init() {
+	CompatCmd.AddCommand(validateNodeCmd)
+	validateNodeCmd.Flags().StringVar(&image, "image", "", "the URL of the image containing compatibility metadata")
+	validateNodeCmd.Flags().StringSliceVar(&tags, "tags", []string{}, "a list of tags that must match the tags set on the compatibility objects")
+	validateNodeCmd.Flags().StringVar(&platform.PlatformStr, "platform", "", "the artifact platform in the format os[/arch][/variant][:os_version]")
+	validateNodeCmd.Flags().BoolVar(&plainHTTP, "plain-http", false, "use of HTTP protocol for all registry communications")
+	validateNodeCmd.Flags().BoolVar(&outputJSON, "output-json", false, "print a JSON object")
+	validateNodeCmd.Flags().StringVar(&username, "reg-username", "", "registry username")
+	validateNodeCmd.Flags().BoolVar(&readPassword, "reg-password-stdin", false, "read registry password from stdin")
+	validateNodeCmd.Flags().BoolVar(&readAccessToken, "reg-token-stdin", false, "read registry access token from stdin")
+
+	if err := validateNodeCmd.MarkFlagRequired("image"); err != nil {
+		panic(err)
+	}
+}