add containersimageregistry to standard registry test suite

Signed-off-by: Joe Lanford <[email protected]>

Author: joelanford

Makefile

@@ -73,7 +73,7 @@ static: build
 
 .PHONY: unit
 unit:
-	$(GO) test -coverprofile=coverage.out $(SPECIFIC_UNIT_TEST) $(SPECIFIC_SKIP_UNIT_TEST) $(TAGS) $(TEST_RACE) -count=1 ./pkg/... ./alpha/...
+	$(GO) test -coverprofile=coverage.out --coverpkg=./... $(SPECIFIC_UNIT_TEST) $(SPECIFIC_SKIP_UNIT_TEST) $(TAGS) $(TEST_RACE) -count=1 ./pkg/... ./alpha/...
 
 .PHONY: tidy
 tidy:

go.mod

@@ -30,7 +30,6 @@ require (
 	github.com/opencontainers/image-spec v1.1.1
 	github.com/operator-framework/api v0.30.0
 	github.com/otiai10/copy v1.14.1
-	github.com/phayes/freeport v0.0.0-20180830031419-95f893ade6f2
 	github.com/pkg/errors v0.9.1
 	github.com/sirupsen/logrus v1.9.3
 	github.com/spf13/cobra v1.9.1
@@ -73,7 +72,6 @@ require (
 	github.com/antlr4-go/antlr/v4 v4.13.0 // indirect
 	github.com/asaskevich/govalidator v0.0.0-20230301143203-a9d515a09cc2 // indirect
 	github.com/beorn7/perks v1.0.1 // indirect
-	github.com/bshuster-repo/logrus-logstash-hook v1.0.0 // indirect
 	github.com/cenkalti/backoff/v4 v4.3.0 // indirect
 	github.com/cespare/xxhash/v2 v2.3.0 // indirect
 	github.com/containerd/cgroups/v3 v3.0.3 // indirect
@@ -87,7 +85,6 @@ require (
 	github.com/containers/libtrust v0.0.0-20230121012942-c1716e8a8d01 // indirect
 	github.com/containers/ocicrypt v1.2.1 // indirect
 	github.com/containers/storage v1.57.2 // indirect
-	github.com/coreos/go-systemd/v22 v22.5.0 // indirect
 	github.com/cyberphone/json-canonicalization v0.0.0-20231217050601-ba74d44ecf5f // indirect
 	github.com/davecgh/go-spew v1.1.2-0.20180830191138-d8f796af33cc // indirect
 	github.com/dgryski/go-rendezvous v0.0.0-20200823014737-9f7001d12a5f // indirect

go.sum

@@ -38,8 +38,6 @@ github.com/beorn7/perks v1.0.1 h1:VlbKKnNfV8bJzeqoa4cOKqO6bYr3WgKZxO8Z16+hsOM=
 github.com/beorn7/perks v1.0.1/go.mod h1:G2ZrVWU2WbWT9wwq4/hrbKbnv/1ERSJQ0ibhJ6rlkpw=
 github.com/blang/semver/v4 v4.0.0 h1:1PFHFE6yCCTv8C1TeyNNarDzntLi7wMI5i/pzqYIsAM=
 github.com/blang/semver/v4 v4.0.0/go.mod h1:IbckMUScFkM3pff0VJDNKRiT6TG/YpiHIM2yvyW5YoQ=
-github.com/bshuster-repo/logrus-logstash-hook v1.0.0 h1:e+C0SB5R1pu//O4MQ3f9cFuPGoOVeF2fE4Og9otCc70=
-github.com/bshuster-repo/logrus-logstash-hook v1.0.0/go.mod h1:zsTqEiSzDgAa/8GZR7E1qaXrhYNDKBYy5/dWPTIflbk=
 github.com/bsm/ginkgo/v2 v2.7.0/go.mod h1:AiKlXPm7ItEHNc/2+OkrNG4E0ITzojb9/xWzvQ9XZ9w=
 github.com/bsm/ginkgo/v2 v2.12.0 h1:Ny8MWAHyOepLGlLKYmXG4IEkioBysk6GpaRTLC8zwWs=
 github.com/bsm/ginkgo/v2 v2.12.0/go.mod h1:SwYbGRRDovPVboqFv0tPTcG1sN61LM1Z4ARdbAV9g4c=
@@ -174,7 +172,6 @@ github.com/go-task/slim-sprig/v3 v3.0.0 h1:sUs3vkvUymDpBKi3qH1YSqBQk9+9D/8M2mN1v
 github.com/go-task/slim-sprig/v3 v3.0.0/go.mod h1:W848ghGpv3Qj3dhTPRyJypKRiqCdHZiAzKg9hl15HA8=
 github.com/go-test/deep v1.1.1 h1:0r/53hagsehfO4bzD2Pgr/+RgHqhmf+k1Bpse2cTu1U=
 github.com/go-test/deep v1.1.1/go.mod h1:5C2ZWiW0ErCdrYzpqxLbTX7MG14M9iiw8DgHncVwcsE=
-github.com/godbus/dbus/v5 v5.0.4/go.mod h1:xhWf0FNVPg57R7Z0UbKHbJfkEywrmjJnf7w5xrFpKfA=
 github.com/gogo/protobuf v1.1.1/go.mod h1:r8qH/GZQm5c6nD/R0oafs1akxWv10x8SbQlK7atdtwQ=
 github.com/gogo/protobuf v1.3.2 h1:Ov1cvc58UF3b5XjBnZv7+opcTcQFZebYjWzi34vdm4Q=
 github.com/gogo/protobuf v1.3.2/go.mod h1:P1XiOD3dCwIKUDQYPy72D8LYyHL2YPYrpS2s69NZV8Q=
@@ -355,8 +352,6 @@ github.com/otiai10/mint v1.6.3 h1:87qsV/aw1F5as1eH1zS/yqHY85ANKVMgkDrf9rcxbQs=
 github.com/otiai10/mint v1.6.3/go.mod h1:MJm72SBthJjz8qhefc4z1PYEieWmy8Bku7CjcAqyUSM=
 github.com/pelletier/go-toml v1.9.5 h1:4yBQzkHv+7BHq2PQUZF3Mx0IYxG7LsP222s7Agd3ve8=
 github.com/pelletier/go-toml v1.9.5/go.mod h1:u1nR/EPcESfeI/szUZKdtJ0xRNbUoANCkoOuaOx1Y+c=
-github.com/phayes/freeport v0.0.0-20180830031419-95f893ade6f2 h1:JhzVVoYvbOACxoUmOs6V/G4D5nPVUW73rKvXxP4XUJc=
-github.com/phayes/freeport v0.0.0-20180830031419-95f893ade6f2/go.mod h1:iIss55rKnNBTvrwdmkUpLnDpZoAHvWaiq5+iMmen4AE=
 github.com/pkg/errors v0.8.0/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0=
 github.com/pkg/errors v0.9.1 h1:FEBLx1zS214owpjy7qsBeixbURkuhQAwrK5UwLGTwt4=
 github.com/pkg/errors v0.9.1/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0=

pkg/image/registry_test.go

@@ -4,19 +4,21 @@ import (
 	"context"
 	"crypto/rand"
 	"crypto/x509"
+	"encoding/pem"
 	"errors"
 	"fmt"
 	"io"
 	"math"
 	"math/big"
 	"net/http"
+	"net/url"
 	"os"
+	"path/filepath"
 	"sync"
 	"testing"
 
-	distribution "github.com/distribution/distribution/v3"
-	"github.com/distribution/distribution/v3/configuration"
-	repositorymiddleware "github.com/distribution/distribution/v3/registry/middleware/repository"
+	"github.com/containers/image/v5/types"
+	"github.com/distribution/distribution/v3"
 	"github.com/distribution/reference"
 	"github.com/opencontainers/go-digest"
 	"github.com/sirupsen/logrus"
@@ -25,32 +27,60 @@ import (
 
 	"github.com/operator-framework/operator-registry/pkg/image"
 	"github.com/operator-framework/operator-registry/pkg/image/containerdregistry"
+	"github.com/operator-framework/operator-registry/pkg/image/containersimageregistry"
 	libimage "github.com/operator-framework/operator-registry/pkg/lib/image"
 )
 
 // cleanupFunc is a function that cleans up after some test infra.
 type cleanupFunc func()
 
 // newRegistryFunc is a function that creates and returns a new image.Registry to test its cleanupFunc.
-type newRegistryFunc func(t *testing.T, cafile string) (image.Registry, cleanupFunc)
+type newRegistryFunc func(t *testing.T, serverCert *x509.Certificate) (image.Registry, cleanupFunc)
 
-func poolForCertFile(t *testing.T, file string) *x509.CertPool {
-	rootCAs := x509.NewCertPool()
-	certs, err := os.ReadFile(file)
+func caDirForCert(t *testing.T, serverCert *x509.Certificate) string {
+	caDir, err := os.MkdirTemp("", "opm-registry-test-ca-")
+	require.NoError(t, err)
+	caFile, err := os.Create(filepath.Join(caDir, "ca.crt"))
 	require.NoError(t, err)
-	require.True(t, rootCAs.AppendCertsFromPEM(certs))
+
+	require.NoError(t, pem.Encode(caFile, &pem.Block{
+		Type:  "CERTIFICATE",
+		Bytes: serverCert.Raw,
+	}))
+	require.NoError(t, caFile.Close())
+	return caDir
+}
+
+func poolForCert(serverCert *x509.Certificate) *x509.CertPool {
+	rootCAs := x509.NewCertPool()
+	rootCAs.AddCert(serverCert)
 	return rootCAs
 }
 
 func TestRegistries(t *testing.T) {
 	registries := map[string]newRegistryFunc{
-		"containerd": func(t *testing.T, cafile string) (image.Registry, cleanupFunc) {
+		"containersimage": func(t *testing.T, serverCert *x509.Certificate) (image.Registry, cleanupFunc) {
+			caDir := caDirForCert(t, serverCert)
+			sourceCtx := &types.SystemContext{
+				OCICertPath:              caDir,
+				DockerCertPath:           caDir,
+				DockerPerHostCertDirPath: caDir,
+			}
+			r, err := containersimageregistry.New(sourceCtx, containersimageregistry.ForceTemporaryImageCache())
+			require.NoError(t, err)
+			cleanup := func() {
+				require.NoError(t, os.RemoveAll(caDir))
+				require.NoError(t, r.Destroy())
+			}
+			return r, cleanup
+		},
+		"containerd": func(t *testing.T, serverCert *x509.Certificate) (image.Registry, cleanupFunc) {
 			val, err := rand.Int(rand.Reader, big.NewInt(math.MaxInt64))
 			require.NoError(t, err)
 			r, err := containerdregistry.NewRegistry(
 				containerdregistry.WithLog(logrus.New().WithField("test", t.Name())),
 				containerdregistry.WithCacheDir(fmt.Sprintf("cache-%x", val)),
-				containerdregistry.WithRootCAs(poolForCertFile(t, cafile)),
+				containerdregistry.WithRootCAs(poolForCert(serverCert)),
 			)
 			require.NoError(t, err)
 			cleanup := func() {
@@ -59,37 +89,25 @@ func TestRegistries(t *testing.T) {
 
 			return r, cleanup
 		},
-		// TODO: enable docker tests - currently blocked on a cross-platform way to configure either insecure registries
-		// or CA certs
-		//"docker": func(t *testing.T, cafile string) (image.Registry, cleanupFunc) {
-		//	r, err := execregistry.NewRegistry(containertools.DockerTool,
-		//		logrus.New().WithField("test", t.Name()),
-		//		cafile,
-		//	)
-		//	require.NoError(t, err)
-		//	cleanup := func() {
-		//		require.NoError(t, r.Destroy())
-		//	}
-		//
-		//	return r, cleanup
-		//},
-		// TODO: Enable buildah tests
-		// func(t *testing.T) image.Registry {
-		// 	r, err := buildahregistry.NewRegistry(
-		// 		buildahregistry.WithLog(logrus.New().WithField("test", t.Name())),
-		// 		buildahregistry.WithCacheDir(fmt.Sprintf("cache-%x", rand.Int())),
-		// 	)
-		// 	require.NoError(t, err)
-
-		// 	return r
-		// },
 	}
 
 	for name, registry := range registries {
 		testPullAndUnpack(t, name, registry)
 	}
 }
 
+type httpError struct {
+	statusCode int
+	error      error
+}
+
+func (e *httpError) Error() string {
+	if e.error != nil {
+		return e.error.Error()
+	}
+	return http.StatusText(e.statusCode)
+}
+
 func testPullAndUnpack(t *testing.T, name string, newRegistry newRegistryFunc) {
 	type args struct {
 		dockerRootDir string
@@ -100,7 +118,18 @@ func testPullAndUnpack(t *testing.T, name string, newRegistry newRegistryFunc) {
 	type expected struct {
 		checksum      string
 		pullAssertion require.ErrorAssertionFunc
+		labels        map[string]string
 	}
+
+	expectedLabels := map[string]string{
+		"operators.operatorframework.io.bundle.mediatype.v1":       "registry+v1",
+		"operators.operatorframework.io.bundle.manifests.v1":       "manifests/",
+		"operators.operatorframework.io.bundle.metadata.v1":        "metadata/",
+		"operators.operatorframework.io.bundle.package.v1":         "kiali",
+		"operators.operatorframework.io.bundle.channels.v1":        "stable,alpha",
+		"operators.operatorframework.io.bundle.channel.default.v1": "stable",
+	}
+
 	tests := []struct {
 		description string
 		args        args
@@ -114,6 +143,7 @@ func testPullAndUnpack(t *testing.T, name string, newRegistry newRegistryFunc) {
 			},
 			expected: expected{
 				checksum:      dirChecksum(t, "testdata/golden/bundles/kiali"),
+				labels:        expectedLabels,
 				pullAssertion: require.NoError,
 			},
 		},
@@ -125,6 +155,7 @@ func testPullAndUnpack(t *testing.T, name string, newRegistry newRegistryFunc) {
 			},
 			expected: expected{
 				checksum:      dirChecksum(t, "testdata/golden/bundles/kiali"),
+				labels:        expectedLabels,
 				pullAssertion: require.NoError,
 			},
 		},
@@ -134,10 +165,11 @@ func testPullAndUnpack(t *testing.T, name string, newRegistry newRegistryFunc) {
 				dockerRootDir: "testdata/golden",
 				img:           "/olmtest/kiali:1.4.2",
 				pullErrCount:  1,
-				pullErr:       errors.New("dummy"),
+				pullErr:       &httpError{statusCode: http.StatusTooManyRequests},
 			},
 			expected: expected{
 				checksum:      dirChecksum(t, "testdata/golden/bundles/kiali"),
+				labels:        expectedLabels,
 				pullAssertion: require.NoError,
 			},
 		},
@@ -158,7 +190,7 @@ func testPullAndUnpack(t *testing.T, name string, newRegistry newRegistryFunc) {
 				dockerRootDir: "testdata/golden",
 				img:           "/olmtest/kiali:1.4.2",
 				pullErrCount:  math.MaxInt64,
-				pullErr:       errors.New("dummy"),
+				pullErr:       &httpError{statusCode: http.StatusTooManyRequests},
 			},
 			expected: expected{
 				pullAssertion: require.Error,
@@ -168,51 +200,43 @@ func testPullAndUnpack(t *testing.T, name string, newRegistry newRegistryFunc) {
 	for _, tt := range tests {
 		t.Run(tt.description, func(t *testing.T) {
 			logrus.SetLevel(logrus.DebugLevel)
-			ctx, close := context.WithCancel(context.Background())
-			defer close()
-
-			configOpts := []libimage.ConfigOpt{}
+			ctx, cancel := context.WithCancel(context.Background())
+			defer cancel()
 
+			var middlewares []func(next http.Handler) http.Handler
 			if tt.args.pullErrCount > 0 {
-				configOpts = append(configOpts, func(config *configuration.Configuration) {
-					if config.Middleware == nil {
-						config.Middleware = make(map[string][]configuration.Middleware)
-					}
-
-					mockRepo := &mockRepo{blobStore: &mockBlobStore{
-						maxCount: tt.args.pullErrCount,
-						err:      tt.args.pullErr,
-					}}
-					val, err := rand.Int(rand.Reader, big.NewInt(math.MaxInt64))
-					require.NoError(t, err)
-
-					middlewareName := fmt.Sprintf("test-%x", val)
-					require.NoError(t, repositorymiddleware.Register(middlewareName, mockRepo.init))
-					config.Middleware["repository"] = append(config.Middleware["repository"], configuration.Middleware{
-						Name: middlewareName,
-					})
-				})
+				middlewares = append(middlewares, failureMiddleware(tt.args.pullErrCount, tt.args.pullErr))
 			}
 
-			host, cafile, err := libimage.RunDockerRegistry(ctx, tt.args.dockerRootDir, configOpts...)
-			require.NoError(t, err)
+			dockerServer := libimage.RunDockerRegistry(ctx, tt.args.dockerRootDir, middlewares...)
+			defer dockerServer.Close()
 
-			r, cleanup := newRegistry(t, cafile)
+			r, cleanup := newRegistry(t, dockerServer.Certificate())
 			defer cleanup()
 
-			ref := image.SimpleReference(host + tt.args.img)
-			tt.expected.pullAssertion(t, r.Pull(ctx, ref))
+			url, err := url.Parse(dockerServer.URL)
+			require.NoError(t, err)
 
-			if tt.expected.checksum != "" {
-				// Copy golden manifests to a temp dir
-				dir := "kiali-unpacked"
-				require.NoError(t, r.Unpack(ctx, ref, dir))
+			ref := image.SimpleReference(fmt.Sprintf("%s%s", url.Host, tt.args.img))
+			t.Log("pulling image", ref)
+			pullErr := r.Pull(ctx, ref)
+			tt.expected.pullAssertion(t, pullErr)
+			if pullErr != nil {
+				return
+			}
 
-				checksum := dirChecksum(t, dir)
-				require.Equal(t, tt.expected.checksum, checksum)
+			labels, err := r.Labels(ctx, ref)
+			require.NoError(t, err)
+			require.Equal(t, tt.expected.labels, labels)
 
-				require.NoError(t, os.RemoveAll(dir))
-			}
+			// Copy golden manifests to a temp dir
+			dir := "kiali-unpacked"
+			require.NoError(t, r.Unpack(ctx, ref, dir))
+
+			checksum := dirChecksum(t, dir)
+			require.Equal(t, tt.expected.checksum, checksum)
+
+			require.NoError(t, os.RemoveAll(dir))
 		})
 	}
 }
@@ -303,3 +327,24 @@ func (f *mockBlobStore) ServeBlob(ctx context.Context, w http.ResponseWriter, r
 func (f *mockBlobStore) Delete(ctx context.Context, dgst digest.Digest) error {
 	return f.base.Delete(ctx, dgst)
 }
+
+func failureMiddleware(totalCount int, err error) func(next http.Handler) http.Handler {
+	return func(next http.Handler) http.Handler {
+		count := 0
+		return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
+			if count >= totalCount {
+				next.ServeHTTP(w, r)
+				return
+			}
+			count++
+			statusCode := http.StatusInternalServerError
+
+			var httpErr *httpError
+			if errors.As(err, &httpErr) {
+				statusCode = httpErr.statusCode
+			}
+
+			http.Error(w, err.Error(), statusCode)
+		})
+	}
+}