constellation/internal/imagefetcher/imagefetcher.go

174 lines
4.8 KiB
Go
Raw Normal View History

/*
Copyright (c) Edgeless Systems GmbH
SPDX-License-Identifier: AGPL-3.0-only
*/
/*
2023-05-23 03:17:27 -04:00
Package imagefetcher provides helping wrappers around a versionsapi fetcher.
It also enables local image overrides and download of raw images.
*/
2023-05-23 03:17:27 -04:00
package imagefetcher
import (
"context"
"encoding/json"
"errors"
"fmt"
"io/fs"
"regexp"
"github.com/edgelesssys/constellation/v2/internal/api/fetcher"
"github.com/edgelesssys/constellation/v2/internal/api/versionsapi"
"github.com/edgelesssys/constellation/v2/internal/attestation/variant"
"github.com/edgelesssys/constellation/v2/internal/cloud/cloudprovider"
terraform: Azure Marketplace image support (#2651) * terraform: add Azure marketplace variable Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com> * config: add Azure marketplace variable Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com> * cli: use Terraform variables from config Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com> * terraform: pass down marketplace variable * image: pad Azure images to 1GiB * terraform: add version attribute to marketplace image * semver: allow versions to be exported without prefix * cli: boolean var to use marketplace images * config: remove dive key * dev-docs: add instructions on how to use marketplace images * terraform: fix unit test * terraform: only fetch image for non-marketplace images * mpimage: refactor image selection Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com> * [remove] increase minor version for image build Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com> * terraform: ignore changes to source_image_reference on upgrade * operator: add support for parsing Azure marketplace images Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com> * upgrade: fix imagefetcher call * docs: add info about azure marketplace * image: ensure more than 1GiB in size * image: test to pad to 2GiB * version: change back to v2.14.0-pre * image: GPT-conformant image size padding * [remove] increase version * mpimage: inline prefix func Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com> * ci: add marketplace image e2e test Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com> * [remove] register workflow * ci: fix workflow name * ci: only allow azure test * cli: add marketplace image input to interface * cli: fix argument passing * version: roll back to v2.14.0 * ci: add force-flag support * Update docs/docs/overview/license.md * Update dev-docs/workflows/marketplace-images.md Co-authored-by: Moritz Eckert <m1gh7ym0@gmail.com> --------- Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com> Co-authored-by: Moritz Eckert <m1gh7ym0@gmail.com> Co-authored-by: Thomas Tendyck <51411342+thomasten@users.noreply.github.com>
2023-12-08 08:40:31 -05:00
"github.com/edgelesssys/constellation/v2/internal/mpimage"
"github.com/edgelesssys/constellation/v2/internal/semver"
"github.com/spf13/afero"
)
// Fetcher fetches image references using a lookup table.
type Fetcher struct {
fetcher versionsAPIImageInfoFetcher
fs *afero.Afero
}
// New returns a new image fetcher.
func New() *Fetcher {
return &Fetcher{
fetcher: versionsapi.NewFetcher(),
fs: &afero.Afero{Fs: afero.NewOsFs()},
}
}
// FetchReference fetches the image reference for a given image version uid, CSP and image variant.
2023-05-23 03:17:27 -04:00
func (f *Fetcher) FetchReference(ctx context.Context,
provider cloudprovider.Provider, attestationVariant variant.Variant,
terraform: Azure Marketplace image support (#2651) * terraform: add Azure marketplace variable Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com> * config: add Azure marketplace variable Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com> * cli: use Terraform variables from config Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com> * terraform: pass down marketplace variable * image: pad Azure images to 1GiB * terraform: add version attribute to marketplace image * semver: allow versions to be exported without prefix * cli: boolean var to use marketplace images * config: remove dive key * dev-docs: add instructions on how to use marketplace images * terraform: fix unit test * terraform: only fetch image for non-marketplace images * mpimage: refactor image selection Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com> * [remove] increase minor version for image build Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com> * terraform: ignore changes to source_image_reference on upgrade * operator: add support for parsing Azure marketplace images Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com> * upgrade: fix imagefetcher call * docs: add info about azure marketplace * image: ensure more than 1GiB in size * image: test to pad to 2GiB * version: change back to v2.14.0-pre * image: GPT-conformant image size padding * [remove] increase version * mpimage: inline prefix func Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com> * ci: add marketplace image e2e test Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com> * [remove] register workflow * ci: fix workflow name * ci: only allow azure test * cli: add marketplace image input to interface * cli: fix argument passing * version: roll back to v2.14.0 * ci: add force-flag support * Update docs/docs/overview/license.md * Update dev-docs/workflows/marketplace-images.md Co-authored-by: Moritz Eckert <m1gh7ym0@gmail.com> --------- Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com> Co-authored-by: Moritz Eckert <m1gh7ym0@gmail.com> Co-authored-by: Thomas Tendyck <51411342+thomasten@users.noreply.github.com>
2023-12-08 08:40:31 -05:00
image, region string, useMarketplaceImage bool,
2023-05-23 03:17:27 -04:00
) (string, error) {
ver, err := versionsapi.NewVersionFromShortPath(image, versionsapi.VersionKindImage)
if err != nil {
return "", fmt.Errorf("parsing config image short path: %w", err)
}
terraform: Azure Marketplace image support (#2651) * terraform: add Azure marketplace variable Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com> * config: add Azure marketplace variable Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com> * cli: use Terraform variables from config Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com> * terraform: pass down marketplace variable * image: pad Azure images to 1GiB * terraform: add version attribute to marketplace image * semver: allow versions to be exported without prefix * cli: boolean var to use marketplace images * config: remove dive key * dev-docs: add instructions on how to use marketplace images * terraform: fix unit test * terraform: only fetch image for non-marketplace images * mpimage: refactor image selection Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com> * [remove] increase minor version for image build Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com> * terraform: ignore changes to source_image_reference on upgrade * operator: add support for parsing Azure marketplace images Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com> * upgrade: fix imagefetcher call * docs: add info about azure marketplace * image: ensure more than 1GiB in size * image: test to pad to 2GiB * version: change back to v2.14.0-pre * image: GPT-conformant image size padding * [remove] increase version * mpimage: inline prefix func Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com> * ci: add marketplace image e2e test Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com> * [remove] register workflow * ci: fix workflow name * ci: only allow azure test * cli: add marketplace image input to interface * cli: fix argument passing * version: roll back to v2.14.0 * ci: add force-flag support * Update docs/docs/overview/license.md * Update dev-docs/workflows/marketplace-images.md Co-authored-by: Moritz Eckert <m1gh7ym0@gmail.com> --------- Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com> Co-authored-by: Moritz Eckert <m1gh7ym0@gmail.com> Co-authored-by: Thomas Tendyck <51411342+thomasten@users.noreply.github.com>
2023-12-08 08:40:31 -05:00
if useMarketplaceImage {
return buildMarketplaceImage(ver, provider)
}
imgInfoReq := versionsapi.ImageInfo{
Ref: ver.Ref(),
Stream: ver.Stream(),
Version: ver.Version(),
}
url, err := imgInfoReq.URL()
if err != nil {
return "", err
}
imgInfo, err := getFromFile(f.fs, imgInfoReq)
if err != nil && errors.Is(err, fs.ErrNotExist) {
imgInfo, err = f.fetcher.FetchImageInfo(ctx, imgInfoReq)
}
var notFoundErr *fetcher.NotFoundError
switch {
case errors.As(err, &notFoundErr):
overridePath := imageInfoFilename(imgInfoReq)
return "", fmt.Errorf("image info file not found locally at %q or remotely at %s", overridePath, url)
case err != nil:
return "", err
}
if err := imgInfo.Validate(); err != nil {
return "", fmt.Errorf("validating image info file: %w", err)
}
2023-05-23 03:17:27 -04:00
return getReferenceFromImageInfo(provider, attestationVariant.String(), imgInfo, filters(provider, region)...)
}
terraform: Azure Marketplace image support (#2651) * terraform: add Azure marketplace variable Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com> * config: add Azure marketplace variable Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com> * cli: use Terraform variables from config Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com> * terraform: pass down marketplace variable * image: pad Azure images to 1GiB * terraform: add version attribute to marketplace image * semver: allow versions to be exported without prefix * cli: boolean var to use marketplace images * config: remove dive key * dev-docs: add instructions on how to use marketplace images * terraform: fix unit test * terraform: only fetch image for non-marketplace images * mpimage: refactor image selection Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com> * [remove] increase minor version for image build Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com> * terraform: ignore changes to source_image_reference on upgrade * operator: add support for parsing Azure marketplace images Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com> * upgrade: fix imagefetcher call * docs: add info about azure marketplace * image: ensure more than 1GiB in size * image: test to pad to 2GiB * version: change back to v2.14.0-pre * image: GPT-conformant image size padding * [remove] increase version * mpimage: inline prefix func Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com> * ci: add marketplace image e2e test Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com> * [remove] register workflow * ci: fix workflow name * ci: only allow azure test * cli: add marketplace image input to interface * cli: fix argument passing * version: roll back to v2.14.0 * ci: add force-flag support * Update docs/docs/overview/license.md * Update dev-docs/workflows/marketplace-images.md Co-authored-by: Moritz Eckert <m1gh7ym0@gmail.com> --------- Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com> Co-authored-by: Moritz Eckert <m1gh7ym0@gmail.com> Co-authored-by: Thomas Tendyck <51411342+thomasten@users.noreply.github.com>
2023-12-08 08:40:31 -05:00
// buildMarketplaceImage returns a marketplace image URI for the given CSP and version.
func buildMarketplaceImage(ver versionsapi.Version, provider cloudprovider.Provider) (string, error) {
sv, err := semver.New(ver.Version())
if err != nil {
return "", fmt.Errorf("parsing image version: %w", err)
}
switch provider {
case cloudprovider.Azure:
return mpimage.NewAzureMarketplaceImage(sv).URI(), nil
default:
return "", fmt.Errorf("marketplace images are not supported for csp %s", provider.String())
}
}
2023-05-23 03:17:27 -04:00
func filters(provider cloudprovider.Provider, region string) []filter {
var filters []filter
switch provider {
case cloudprovider.AWS:
2023-05-23 03:17:27 -04:00
filters = append(filters, func(i versionsapi.ImageInfoEntry) bool {
return i.Region == region
})
}
2023-05-23 03:17:27 -04:00
return filters
}
func getFromFile(fs *afero.Afero, imgInfo versionsapi.ImageInfo) (versionsapi.ImageInfo, error) {
fileName := imageInfoFilename(imgInfo)
raw, err := fs.ReadFile(fileName)
if err != nil {
return versionsapi.ImageInfo{}, err
}
var newInfo versionsapi.ImageInfo
if err := json.Unmarshal(raw, &newInfo); err != nil {
return versionsapi.ImageInfo{}, fmt.Errorf("decoding image info file: %w", err)
}
return newInfo, nil
}
var filenameReplaceRegexp = regexp.MustCompile(`([^a-zA-Z0-9.-])`)
func imageInfoFilename(imgInfo versionsapi.ImageInfo) string {
path := imgInfo.JSONPath()
return filenameReplaceRegexp.ReplaceAllString(path, "_")
}
// getReferenceFromImageInfo returns the image reference for a given CSP and image variant.
2023-05-23 03:17:27 -04:00
func getReferenceFromImageInfo(provider cloudprovider.Provider,
attestationVariant string, imgInfo versionsapi.ImageInfo,
filt ...filter,
) (string, error) {
2023-05-23 03:17:27 -04:00
var correctVariant versionsapi.ImageInfoEntry
var found bool
variantLoop:
for _, variant := range imgInfo.List {
gotCSP := cloudprovider.FromString(variant.CSP)
if gotCSP != provider || variant.AttestationVariant != attestationVariant {
continue
}
for _, f := range filt {
if !f(variant) {
continue variantLoop
}
}
correctVariant = variant
found = true
break
}
2023-05-23 03:17:27 -04:00
if !found {
return "", fmt.Errorf("image not available in image info for CSP %q, variant %q and other filters", provider.String(), attestationVariant)
}
2023-05-23 03:17:27 -04:00
return correctVariant.Reference, nil
}
type versionsAPIImageInfoFetcher interface {
FetchImageInfo(ctx context.Context, imageInfo versionsapi.ImageInfo) (versionsapi.ImageInfo, error)
}
2023-05-23 03:17:27 -04:00
type filter func(versionsapi.ImageInfoEntry) bool