✨ follow-ups for containers/image from catalogd and previous PR

[joelanford]

Description

Reviewer Checklist

• API Go Documentation
• Tests: Unit Tests (and E2E Tests, if appropriate)
• Comprehensive Commit Messages
• Links to related GitHub Issue(s)

[netlify]

✅ Deploy Preview for olmv1 ready!

Name	Link
🔨 Latest commit	eb59925
🔍 Latest deploy log	https://app.netlify.com/sites/olmv1/deploys/66f69d1a62aa3600089de30d
😎 Deploy Preview	https://deploy-preview-1270--olmv1.netlify.app
📱 Preview on mobile	Toggle QR Code... Use your smartphone camera to open QR code link.

---

To edit notification comments on pull requests, go to your Netlify site configuration.

[codecov]

Codecov Report

Attention: Patch coverage is 69.31818% with 27 lines in your changes missing coverage. Please review.

Project coverage is 75.81%. Comparing base (8699d25) to head (eb59925).
Report is 4 commits behind head on main.

Files with missing lines	Patch %	Lines
internal/rukpak/source/containers_image.go	67.85%	19 Missing and 8 partials ⚠️

Additional details and impacted files

@@            Coverage Diff             @@
##             main    #1270      +/-   ##
==========================================
- Coverage   76.07%   75.81%   -0.26%     
==========================================
  Files          40       40              
  Lines        2378     2431      +53     
==========================================
+ Hits         1809     1843      +34     
- Misses        401      414      +13     
- Partials      168      174       +6     

Flag	Coverage Δ
e2e	58.24% <52.27%> (-0.25%)	⬇️
unit	52.28% <61.36%> (+0.18%)	⬆️

Flags with carried forward coverage won't be shown. Click here to find out more.

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

[tmshort]

Should this be deleteRecursive()?

[joelanford]

This one doesn't have to be because layoutDir only ever exists while this function is running, and we never set it to be read-only like we do for the unpack dir.

[tmshort]

It's not clear what the bool return is for. There's no explanation (I assume it's isCanonical?)

[joelanford]

Yeah, its isCanonical. One way to tell is by looking at the call site in line 178.

But, this one is a bit weird because operator-controller doesn't actually use this variable. Keep moving up the stack and you'll see we discard its value on line 49.

As best I can, I'm trying to keep the function signatures the same between catalogd and operator-controller to facilitate merging later.

[tmshort]

Why the restrictive mode?

[tmshort]

Also noting setReadOnlyRecursive... these only set the owner's bits, not group/other.

[LalatenduMohanty]

It is the same mode as we are setting in applyLayerFilter()

[joelanford]

Just trying to be consistent every where. These files are always written and read just by us, so these permissions should be fine. The cache dir is in an emptyDir mount that starts out empty every time a pod starts, so we should never need to be reading files written by another UID.

[LalatenduMohanty]

@joelanford I am curious about this change. What triggered this change?

[LalatenduMohanty]

We are moving from a containers/image method to local implementation, hence the question.

[LalatenduMohanty]

Nevermind I saw that it is just a wrapper on top of reference.ParseNamed(ref)

[joelanford]

It was based on a suggestion from catalogd's implementation PR for containers/image. I'm trying to keep them as close to the same as I can.

[everettraven]

Nit: Should we use the type format directive here?

Suggested change

	return fmt.Errorf("refusing to change ownership of file %q with type %v", path, typ.String())
	return fmt.Errorf("refusing to change ownership of file %q with type %T", path, typ)

[joelanford]

No, I don't think so. This is a file type, not a Go type.

[tmshort]

/lgtm

I'm ok with the explanations.