Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

feat: public OCI client with proxy from env support #216

Merged
merged 8 commits into from
Jul 19, 2024
Merged

feat: public OCI client with proxy from env support #216

merged 8 commits into from
Jul 19, 2024

Conversation

TylerGillson
Copy link
Member

@TylerGillson TylerGillson commented Jul 18, 2024
edited
Loading

Issue

Addresses #65

Description

  • add public OCI client (that handles basic auth and proxy from env in HTTP transport)
  • fail validation results if they specify invalid public key secrets
  • add kv pairs from auth secrets to the environment (for ECR auth keychain)
  • add support for InsecureSkipTLSVerify

Required by:

@TylerGillson
refactor: use OCI client from validator; rework error handling
9cc756d 
Signed-off-by: Tyler Gillson <tyler.gillson@gmail.com>
@TylerGillson TylerGillson requested a review from a team as a code owner July 18, 2024 16:34
@dosubot dosubot bot added the size:XL This PR changes 500-999 lines, ignoring generated files. label Jul 18, 2024
@TylerGillson
chore: make reviewable
edbc8f4 
Signed-off-by: Tyler Gillson <tyler.gillson@gmail.com>
@TylerGillson TylerGillson requested review from ahmad-ibra and removed request for mattwelke July 18, 2024 16:39
@TylerGillson
chore: update samples, remove unused vars
ab076ff 
Signed-off-by: Tyler Gillson <tyler.gillson@gmail.com>
@TylerGillson TylerGillson force-pushed the refactor/validator-oci-client branch from 0ba1b89 to ab076ff Compare July 18, 2024 17:42
@TylerGillson
feat: add public OCI client; fix tests
77665f1 
Signed-off-by: Tyler Gillson <tyler.gillson@gmail.com>
@dosubot dosubot bot added size:XXL This PR changes 1000+ lines, ignoring generated files. and removed size:XL This PR changes 500-999 lines, ignoring generated files. labels Jul 18, 2024
@TylerGillson
feat: add public OCI client; fix tests
d052315 
Signed-off-by: Tyler Gillson <tyler.gillson@gmail.com>
@TylerGillson TylerGillson mentioned this pull request Jul 18, 2024
Merged
@TylerGillson TylerGillson changed the title refactor: use OCI client from validator; rework error handling feat: public OCI client with proxy from env support Jul 18, 2024
@TylerGillson
refactor: set arbitrary kvs in OCI auth secrets
d06c268 
Signed-off-by: Tyler Gillson <tyler.gillson@gmail.com>
ahmad-ibra
ahmad-ibra previously approved these changes Jul 18, 2024
View reviewed changes
Copy link
Contributor

@ahmad-ibra ahmad-ibra left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Looks good, just have nit preferences around the tests. IMO all tests should have names and use the structure below, but id be ok with just making sure the tests that you gave names followed the format above instead of just printing the test name.

for _, tc := range testCases {
    t.Run(tc.name, func(t *testing.T) {
        // rest of the test
    }
}

@dosubot dosubot bot added the lgtm This PR has been approved by a maintainer label Jul 18, 2024
@TylerGillson
test: use t.Run
2defce2 
Signed-off-by: Tyler Gillson <tyler.gillson@gmail.com>
ahmad-ibra
ahmad-ibra previously approved these changes Jul 18, 2024
View reviewed changes
@TylerGillson
chore: bump golangci timeout, go mod tidy, add launch.json, fix log kvs
64a51ac 
Signed-off-by: Tyler Gillson <tyler.gillson@gmail.com>
@codecov Codecov
Copy link

codecov bot commented Jul 19, 2024

Codecov Report

Attention: Patch coverage is 69.74790% with 72 lines in your changes missing coverage. Please review.

@@            Coverage Diff             @@
##             main     #216      +/-   ##
==========================================
+ Coverage   60.31%   60.42%   +0.10%     
==========================================
  Files           6        7       +1     
  Lines         504      566      +62     
==========================================
+ Hits          304      342      +38     
- Misses        172      196      +24     
  Partials       28       28
Files Coverage Δ
api/v1alpha1/ocivalidator_types.go 100.00% <ø> (ø)
pkg/oci/verifier/verifier.go 71.05% <ø> (ø)
internal/validators/oci_validator.go 70.99% <87.75%> (+3.43%) ⬆️
internal/controller/ocivalidator_controller.go 77.77% <72.54%> (-3.04%) ⬇️
pkg/oci/oci_client.go 62.31% <62.31%> (ø)

Continue to review full report in Codecov by Sentry.

Legend - Click here to learn more
Δ = absolute <relative> (impact), ø = not affected, ? = missing data
Powered by Codecov. Last update 73525b1...64a51ac. Read the comment docs.

@TylerGillson TylerGillson merged commit a0ab6d6 into main Jul 19, 2024
7 checks passed
@TylerGillson TylerGillson deleted the refactor/validator-oci-client branch July 19, 2024 04:35
@TylerGillson TylerGillson mentioned this pull request Jul 19, 2024
Merged
TylerGillson added a commit that referenced this pull request Jul 19, 2024
@TylerGillson
chore(main): release 0.0.11 (#170)
90ebc96 
🤖 I have created a release *beep* *boop*
---


##
[0.0.11](v0.0.10...v0.0.11)
(2024-07-19)


### Features

* public OCI client with proxy from env support
([#216](#216))
([a0ab6d6](a0ab6d6))


### Bug Fixes

* associate unexected errs w/ rules; always include validation result
details
([#219](#219))
([891a318](891a318))


### Dependency Updates

* **deps:** update aws-sdk-go-v2 monorepo
([#152](#152))
([14d7e95](14d7e95))
* **deps:** update aws-sdk-go-v2 monorepo
([#174](#174))
([e166fff](e166fff))
* **deps:** update aws-sdk-go-v2 monorepo
([#184](#184))
([d4d6f31](d4d6f31))
* **deps:** update aws-sdk-go-v2 monorepo
([#191](#191))
([b4941e9](b4941e9))
* **deps:** update aws-sdk-go-v2 monorepo
([#195](#195))
([b5e6e37](b5e6e37))
* **deps:** update aws-sdk-go-v2 monorepo
([#196](#196))
([010cc4f](010cc4f))
* **deps:** update aws-sdk-go-v2 monorepo
([#197](#197))
([5ce52c6](5ce52c6))
* **deps:** update aws-sdk-go-v2 monorepo
([#200](#200))
([c482420](c482420))
* **deps:** update kubernetes packages to v0.30.1
([#165](#165))
([d75bd41](d75bd41))
* **deps:** update kubernetes packages to v0.30.2
([#193](#193))
([9b10260](9b10260))
* **deps:** update module github.com/go-logr/logr to v1.4.2
([#177](#177))
([2ed9dba](2ed9dba))
* **deps:** update module github.com/google/go-containerregistry to
v0.19.2
([#194](#194))
([65ecea1](65ecea1))
* **deps:** update module github.com/onsi/ginkgo/v2 to v2.19.0
([#182](#182))
([c0b10fc](c0b10fc))
* **deps:** update module github.com/sigstore/cosign/v2 to v2.2.4
([#162](#162))
([2bf715f](2bf715f))
* **deps:** update module github.com/sigstore/sigstore to v1.8.4
([#178](#178))
([67e2c8b](67e2c8b))
* **deps:** update module github.com/sigstore/sigstore to v1.8.5
([#199](#199))
([a454b94](a454b94))
* **deps:** update module github.com/validator-labs/validator to v0.0.41
([#179](#179))
([85f388f](85f388f))
* **deps:** update module github.com/validator-labs/validator to v0.0.42
([#190](#190))
([63f3dfd](63f3dfd))
* **deps:** update module github.com/validator-labs/validator to v0.0.43
([#198](#198))
([3dc7de0](3dc7de0))
* **deps:** update module sigs.k8s.io/cluster-api to v1.7.2
([#164](#164))
([27a150c](27a150c))
* **deps:** update module sigs.k8s.io/cluster-api to v1.7.3
([#192](#192))
([f9c2d5d](f9c2d5d))
* **deps:** update module sigs.k8s.io/controller-runtime to v0.18.4
([#188](#188))
([8133d34](8133d34))
* **deps:** pin googleapis/release-please-action action to f3969c0
([#171](#171))
([8374a6f](8374a6f))
* **deps:** update actions/checkout digest to a5ac7e5
([#172](#172))
([c85b724](c85b724))
* **deps:** update actions/setup-go digest to cdcb360
([#175](#175))
([133b586](133b586))
* **deps:** update anchore/sbom-action action to v0.16.0
([#180](#180))
([7743e32](7743e32))
* **deps:** update azure/setup-helm digest to fe7b79c
([#163](#163))
([5d50ba4](5d50ba4))
* **deps:** update codecov/codecov-action digest to 125fc84
([#173](#173))
([0d023a6](0d023a6))
* **deps:** update codecov/codecov-action digest to 6d79887
([#159](#159))
([93abd02](93abd02))
* **deps:** update dependency go to v1.22.4
([#185](#185))
([e4288a5](e4288a5))
* **deps:** update docker/login-action digest to 0d4c9c5
([#176](#176))
([2742f60](2742f60))
* **deps:** update docker/setup-buildx-action digest to d70bba7
([#160](#160))
([23e54a5](23e54a5))
* **deps:** update gcr.io/spectro-images-public/golang docker tag to
v1.22
([#105](#105))
([c5edf12](c5edf12))
* **deps:** update gcr.io/spectro-images-public/golang docker tag to
v1.22.4
([#186](#186))
([3fe407d](3fe407d))
* **deps:** update helm/kind-action action to v1.10.0
([#181](#181))
([03458fd](03458fd))
* **deps:** update softprops/action-gh-release digest to 69320db
([#135](#135))
([9989631](9989631))
* **deps:** update aws-sdk-go-v2 monorepo
([#204](#204))
([0503bee](0503bee))
* **deps:** update aws-sdk-go-v2 monorepo
([#205](#205))
([196ef81](196ef81))
* **deps:** update aws-sdk-go-v2 monorepo
([#211](#211))
([40350f0](40350f0))
* **deps:** update dependency go to v1.22.5
([#206](#206))
([45ad3a8](45ad3a8))
* **deps:** update github.com/validator-labs/validator digest to de015d9
([#218](#218))
([a725d7f](a725d7f))
* **deps:** update kubernetes packages to v0.30.3
([#215](#215))
([290ae5f](290ae5f))
* **deps:** update module github.com/google/go-containerregistry to
v0.20.0
([#207](#207))
([aeeb24c](aeeb24c))
* **deps:** update module github.com/google/go-containerregistry to
v0.20.1
([#214](#214))
([73525b1](73525b1))
* **deps:** update module github.com/sigstore/sigstore to v1.8.6
([#202](#202))
([34d6274](34d6274))
* **deps:** update module github.com/sigstore/sigstore to v1.8.7
([#212](#212))
([21a320a](21a320a))
* **deps:** update module github.com/validator-labs/validator to v0.0.44
([#210](#210))
([b7d8d5b](b7d8d5b))
* **deps:** update module github.com/validator-labs/validator to v0.0.46
([#213](#213))
([be1a840](be1a840))
* **deps:** update module sigs.k8s.io/cluster-api to v1.7.4
([#209](#209))
([1e4bef0](1e4bef0))


### Refactoring

* enable revive and address all lints
([#208](#208))
([be2689d](be2689d))

---
This PR was generated with [Release
Please](https://github.com/googleapis/release-please). See
[documentation](https://github.com/googleapis/release-please#release-please).
TylerGillson added a commit to validator-labs/validator that referenced this pull request Jul 20, 2024
@TylerGillson
fix: handle basic auth for OCI client (#333)
5041c4f 
## Description
- Use updated OCI client from validator-plugin-oci
- Refactor OCI auth secrets in Helm chart to support passing env vars
for ECR
- add 'make reviewable' extension to automatically update
`hauler-manifest.yaml` and `chart/validator/values.yaml`
- updated values.yaml for many plugins in the process + versions in
hauler-manifest.yaml

Requires:
- validator-labs/validator-plugin-oci#216

---------

Signed-off-by: Tyler Gillson <tyler.gillson@gmail.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@ahmad-ibra ahmad-ibra ahmad-ibra left review comments

Assignees
No one assigned
Labels
lgtm This PR has been approved by a maintainer size:XXL This PR changes 1000+ lines, ignoring generated files.
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@TylerGillson @ahmad-ibra