Validate containerd-registry setting

Signed-off-by: Connor Kuehl <connor.kuehl@suse.com>
harvester · Oct 27, 2023 · cc7e7dc · cc7e7dc
1 parent 254b7c7
commit cc7e7dc
Show file tree

Hide file tree

Showing 270 changed files with 46,782 additions and 18 deletions.
diff --git a/go.mod b/go.mod
@@ -11,6 +11,7 @@ require (
 	github.com/mudler/yip v0.0.0-20211129144714-088f39125cf7
 	github.com/pkg/errors v0.9.1
 	github.com/rancher/mapper v0.0.0-20190814232720-058a8b7feb99
+	github.com/rancher/wharfie v0.6.2
 	github.com/sirupsen/logrus v1.9.2
 	github.com/stretchr/testify v1.8.1
 	github.com/tredoe/osutil v1.3.6
@@ -27,25 +28,37 @@ require (
 	github.com/coreos/go-systemd/v22 v22.5.0 // indirect
 	github.com/coreos/yaml v0.0.0-20141224210557-6b16a5714269 // indirect
 	github.com/davecgh/go-spew v1.1.1 // indirect
-	github.com/docker/go-units v0.4.0 // indirect
+	github.com/docker/cli v20.10.20+incompatible // indirect
+	github.com/docker/distribution v2.8.1+incompatible // indirect
+	github.com/docker/docker v20.10.20+incompatible // indirect
+	github.com/docker/docker-credential-helpers v0.7.0 // indirect
+	github.com/docker/go-units v0.5.0 // indirect
 	github.com/fsnotify/fsnotify v1.6.0 // indirect
 	github.com/godbus/dbus/v5 v5.0.4 // indirect
+	github.com/google/go-containerregistry v0.12.2-0.20230106184643-b063f6aeac72 // indirect
 	github.com/google/shlex v0.0.0-20191202100458-e7afc7fbc510 // indirect
 	github.com/hashicorp/errwrap v1.0.0 // indirect
 	github.com/hashicorp/go-multierror v1.1.0 // indirect
 	github.com/itchyny/gojq v0.12.2 // indirect
 	github.com/itchyny/timefmt-go v0.1.2 // indirect
+	github.com/klauspost/compress v1.15.11 // indirect
 	github.com/mattn/go-runewidth v0.0.9 // indirect
 	github.com/mattn/go-shellwords v1.0.10 // indirect
 	github.com/mdlayher/ethernet v0.0.0-20190606142754-0394541c37b7 // indirect
 	github.com/mdlayher/raw v0.0.0-20191009151244-50f2db8cc065 // indirect
+	github.com/mitchellh/go-homedir v1.1.0 // indirect
 	github.com/nsf/termbox-go v1.1.1 // indirect
+	github.com/opencontainers/go-digest v1.0.0 // indirect
+	github.com/opencontainers/image-spec v1.1.0-rc2 // indirect
 	github.com/pmezard/go-difflib v1.0.0 // indirect
 	github.com/rancher-sandbox/cloud-init v1.14.3-0.20210913085759-bf90bf5eb77e // indirect
 	github.com/rancher/wrangler v0.0.0-20190426050201-5946f0eaed19 // indirect
 	github.com/twpayne/go-vfs v1.5.0 // indirect
 	github.com/u-root/uio v0.0.0-20210528114334-82958018845c // indirect
 	github.com/vishvananda/netns v0.0.0-20210104183010-2eb08e3e575f // indirect
+	go.uber.org/atomic v1.7.0 // indirect
+	go.uber.org/multierr v1.6.0 // indirect
+	golang.org/x/sync v0.1.0 // indirect
 	golang.org/x/text v0.7.0 // indirect
 	gopkg.in/yaml.v3 v3.0.1 // indirect
 )

diff --git a/go.sum b/go.sum
diff --git a/pkg/console/validator.go b/pkg/console/validator.go
@@ -1,6 +1,7 @@
 package console
 
 import (
+	"encoding/json"
 	"fmt"
 	"io/fs"
 	"net"
@@ -10,6 +11,7 @@ import (
 	"strings"
 
 	"github.com/pkg/errors"
+	"github.com/rancher/wharfie/pkg/registries"
 	"github.com/sirupsen/logrus"
 	"k8s.io/apimachinery/pkg/util/validation"
 
@@ -51,6 +53,8 @@ var (
 
 	ErrMsgManagementInterfaceNotFound = "networks is deprecated, please use management_interface for new config and refer https://docs.harvesterhci.io/v1.1/install/harvester-configuration/#installmanagement_interface"
 	ErrMsgUnsupportedSchemeVersion    = "Unsupported Harvester Scheme Version %d, please use new config and refer https://docs.harvesterhci.io/v1.1/install/harvester-configuration/"
+
+	ErrContainerdRegistrySettingNotValidJSON = "could not parse containerd-registry as JSON"
 )
 
 type ValidatorInterface interface {
@@ -330,14 +334,22 @@ func checkSystemSettings(systemSettings map[string]string) error {
 	}
 
 	allowList := config.GetSystemSettingsAllowList()
-	for systemSetting := range systemSettings {
+	for systemSetting, value := range systemSettings {
 		isValid := false
 		for _, allowSystemSetting := range allowList {
 			if systemSetting == allowSystemSetting {
 				isValid = true
 				break
 			}
 		}
+
+		if systemSetting == "containerd-registry" {
+			var r registries.Registry
+			if err := json.NewDecoder(strings.NewReader(value)).Decode(&r); err != nil {
+				return errors.New(ErrContainerdRegistrySettingNotValidJSON)
+			}
+		}
+
 		if !isValid {
 			return errors.Errorf(ErrMsgSystemSettingsUnknown, systemSetting)
 		}

diff --git a/pkg/console/validator_test.go b/pkg/console/validator_test.go
@@ -163,6 +163,48 @@ func TestValidateConfig(t *testing.T) {
 	}
 }
 
+func TestContainerdRegistrySettingValidation(t *testing.T) {
+	tests := []struct {
+		name        string
+		input       string
+		wantErrText string
+	}{
+		{
+			name:        "empty object",
+			input:       "{}",
+			wantErrText: "",
+		},
+		{
+			name:        "invalid JSON",
+			input:       `{"error"}`,
+			wantErrText: ErrContainerdRegistrySettingNotValidJSON,
+		},
+		{
+			name:        "invalid config type",
+			input:       `{"Configs": 1}`,
+			wantErrText: ErrContainerdRegistrySettingNotValidJSON,
+		},
+		{
+			name:        "invalid mirrors type",
+			input:       `{"Mirrors": 1}`,
+			wantErrText: ErrContainerdRegistrySettingNotValidJSON,
+		},
+	}
+
+	for _, tt := range tests {
+		t.Run(tt.name, func(t *testing.T) {
+			got := checkSystemSettings(map[string]string{
+				"containerd-registry": tt.input,
+			})
+			if got == nil {
+				assert.Equal(t, tt.wantErrText, "")
+			} else {
+				assert.Equal(t, tt.wantErrText, got.Error())
+			}
+		})
+	}
+}
+
 func TestCheckToken(t *testing.T) {
 	testCases := []struct {
 		name       string