More validation and error handling

metal-stack · Nov 28, 2023 · 76dbcff · 76dbcff
1 parent da16426
commit 76dbcff
Show file tree

Hide file tree

Showing 4 changed files with 49 additions and 1 deletion.
diff --git a/api/v1/types.go b/api/v1/types.go
@@ -3,8 +3,10 @@ package v1
 import (
 	"errors"
 	"fmt"
+	"strings"
 
 	"github.com/Masterminds/semver/v3"
+	"github.com/google/go-containerregistry/pkg/name"
 )
 
 // Config defines which images should be mirrored
@@ -89,6 +91,24 @@ func (c Config) Validate() error {
 				errs = append(errs, fmt.Errorf("image.match.semver is invalid, image source:%q, semver:%q %w", image.Source, *image.Match.Semver, err))
 			}
 		}
+
+		srcRef, err := name.ParseReference(image.Source)
+		if err != nil {
+			errs = append(errs, err)
+		} else {
+			if !strings.Contains(srcRef.Name(), ":latest") {
+				errs = append(errs, fmt.Errorf("image source contains a tag:%q", srcRef.Name()))
+			}
+		}
+
+		dstRef, err := name.ParseReference(image.Destination)
+		if err != nil {
+			errs = append(errs, err)
+		} else {
+			if !strings.Contains(dstRef.Name(), ":latest") {
+				errs = append(errs, fmt.Errorf("image destination contains a tag:%q", dstRef.Name()))
+			}
+		}
 	}
 
 	if len(errs) > 0 {

diff --git a/api/v1/types_test.go b/api/v1/types_test.go
@@ -80,6 +80,20 @@ func TestConfig_Validate(t *testing.T) {
 			},
 			wantErr: false,
 		},
+		{
+			name: "image source contains tag",
+			Images: []ImageMirror{
+				{Source: "abc:v1.0.0", Destination: "cde"},
+			},
+			wantErr: true,
+		},
+		{
+			name: "image destination contains tag",
+			Images: []ImageMirror{
+				{Source: "abc", Destination: "cde:v1.0.0"},
+			},
+			wantErr: true,
+		},
 	}
 	for _, tt := range tests {
 		t.Run(tt.name, func(t *testing.T) {

diff --git a/oci-mirror-sample-for-test.yml b/oci-mirror-sample-for-test.yml
@@ -1,13 +1,15 @@
 # Sample oci-mirror config of a fresh installed v1.27 cluster
 # fetched with:
 # kubectl get pods --all-namespaces -o jsonpath="{.items[*].spec['initContainers', 'containers'][*].image}" | tr -s '[[:space:]]' '\n' | sort | uniq -c
+
+
 # destination registries which requires authentication
 registries:
   "r.fits.cloud":
     auth:
       username:
       password:
-
+# images to mirror
 images:
   - source: docker.io/calico/cni
     destination: r.fits.cloud/docker.io/calico/cni

diff --git a/pkg/mirror/mirror.go b/pkg/mirror/mirror.go
@@ -32,6 +32,18 @@ func (m *mirror) Mirror(ctx context.Context) error {
 	var errs []error
 	for _, image := range m.config.Images {
 		m.log.Info("consider mirror from", "source", image.Source, "destination", image.Destination)
+
+		if _, err := name.ParseReference(image.Source); err != nil {
+			m.log.Error("given image source is malformed", "image", image.Source, "error", err)
+			errs = append(errs, err)
+			continue
+		}
+		if _, err := name.ParseReference(image.Destination); err != nil {
+			m.log.Error("given image destination is malformed", "image", image.Destination, "error", err)
+			errs = append(errs, err)
+			continue
+		}
+
 		opts, err := m.getAuthOption(image)
 		if err != nil {
 			m.log.Warn("unable detect auth, continue unauthenticated", "error", err)