2022-06-24 08:08:47 -05:00
|
|
|
//go:build lint
|
|
|
|
// +build lint
|
|
|
|
|
|
|
|
package lint
|
|
|
|
|
|
|
|
import (
|
|
|
|
"encoding/json"
|
2023-03-16 22:09:30 -05:00
|
|
|
"fmt"
|
2022-06-24 08:08:47 -05:00
|
|
|
|
|
|
|
godigest "github.com/opencontainers/go-digest"
|
|
|
|
ispec "github.com/opencontainers/image-spec/specs-go/v1"
|
2023-03-16 22:09:30 -05:00
|
|
|
"github.com/pkg/errors"
|
2022-10-20 11:39:20 -05:00
|
|
|
|
2023-03-16 22:09:30 -05:00
|
|
|
zerr "zotregistry.io/zot/errors"
|
2022-06-24 08:08:47 -05:00
|
|
|
"zotregistry.io/zot/pkg/extensions/config"
|
|
|
|
"zotregistry.io/zot/pkg/log"
|
|
|
|
"zotregistry.io/zot/pkg/storage"
|
|
|
|
)
|
|
|
|
|
|
|
|
type Linter struct {
|
|
|
|
config *config.LintConfig
|
|
|
|
log log.Logger
|
|
|
|
}
|
|
|
|
|
|
|
|
func NewLinter(config *config.LintConfig, log log.Logger) *Linter {
|
|
|
|
return &Linter{
|
|
|
|
config: config,
|
|
|
|
log: log,
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
func (linter *Linter) CheckMandatoryAnnotations(repo string, manifestDigest godigest.Digest,
|
|
|
|
imgStore storage.ImageStore,
|
|
|
|
) (bool, error) {
|
|
|
|
if linter.config == nil {
|
|
|
|
return true, nil
|
|
|
|
}
|
|
|
|
|
2022-10-21 07:33:54 -05:00
|
|
|
if (linter.config != nil && !*linter.config.Enable) || len(linter.config.MandatoryAnnotations) == 0 {
|
2022-06-24 08:08:47 -05:00
|
|
|
return true, nil
|
|
|
|
}
|
|
|
|
|
|
|
|
mandatoryAnnotationsList := linter.config.MandatoryAnnotations
|
|
|
|
|
2022-10-22 15:46:13 -05:00
|
|
|
content, err := imgStore.GetBlobContent(repo, manifestDigest)
|
2022-06-24 08:08:47 -05:00
|
|
|
if err != nil {
|
|
|
|
linter.log.Error().Err(err).Msg("linter: unable to get image manifest")
|
|
|
|
|
|
|
|
return false, err
|
|
|
|
}
|
|
|
|
|
|
|
|
var manifest ispec.Manifest
|
|
|
|
|
|
|
|
if err := json.Unmarshal(content, &manifest); err != nil {
|
|
|
|
linter.log.Error().Err(err).Msg("linter: couldn't unmarshal manifest JSON")
|
|
|
|
|
|
|
|
return false, err
|
|
|
|
}
|
|
|
|
|
2022-09-23 11:28:30 -05:00
|
|
|
mandatoryAnnotationsMap := make(map[string]bool)
|
|
|
|
for _, annotation := range mandatoryAnnotationsList {
|
|
|
|
mandatoryAnnotationsMap[annotation] = false
|
|
|
|
}
|
2022-06-24 08:08:47 -05:00
|
|
|
|
2022-09-23 11:28:30 -05:00
|
|
|
manifestAnnotations := manifest.Annotations
|
|
|
|
for annotation := range manifestAnnotations {
|
|
|
|
if _, ok := mandatoryAnnotationsMap[annotation]; ok {
|
|
|
|
mandatoryAnnotationsMap[annotation] = true
|
|
|
|
}
|
|
|
|
}
|
2022-06-24 08:08:47 -05:00
|
|
|
|
2022-09-23 11:28:30 -05:00
|
|
|
missingAnnotations := getMissingAnnotations(mandatoryAnnotationsMap)
|
|
|
|
if len(missingAnnotations) == 0 {
|
|
|
|
return true, nil
|
|
|
|
}
|
|
|
|
|
|
|
|
// if there are mandatory annotations missing in the manifest, get config and check these annotations too
|
|
|
|
configDigest := manifest.Config.Digest
|
2022-06-24 08:08:47 -05:00
|
|
|
|
2022-10-22 15:46:13 -05:00
|
|
|
content, err = imgStore.GetBlobContent(repo, configDigest)
|
2022-09-23 11:28:30 -05:00
|
|
|
if err != nil {
|
2022-10-22 15:46:13 -05:00
|
|
|
linter.log.Error().Err(err).Msg("linter: couldn't get config JSON " + configDigest.String())
|
2022-09-23 11:28:30 -05:00
|
|
|
|
|
|
|
return false, err
|
|
|
|
}
|
|
|
|
|
|
|
|
var imageConfig ispec.Image
|
|
|
|
if err := json.Unmarshal(content, &imageConfig); err != nil {
|
2022-10-22 15:46:13 -05:00
|
|
|
linter.log.Error().Err(err).Msg("linter: couldn't unmarshal config JSON " + configDigest.String())
|
2022-09-23 11:28:30 -05:00
|
|
|
|
|
|
|
return false, err
|
|
|
|
}
|
|
|
|
|
|
|
|
configAnnotations := imageConfig.Config.Labels
|
|
|
|
|
|
|
|
for annotation := range configAnnotations {
|
|
|
|
if _, ok := mandatoryAnnotationsMap[annotation]; ok {
|
|
|
|
mandatoryAnnotationsMap[annotation] = true
|
2022-06-24 08:08:47 -05:00
|
|
|
}
|
|
|
|
}
|
|
|
|
|
2022-09-23 11:28:30 -05:00
|
|
|
missingAnnotations = getMissingAnnotations(mandatoryAnnotationsMap)
|
|
|
|
if len(missingAnnotations) > 0 {
|
2023-03-16 22:09:30 -05:00
|
|
|
msg := fmt.Sprintf("\nlinter: manifest %s\nor config %s\nis missing the next annotations: %s",
|
2022-09-23 11:28:30 -05:00
|
|
|
string(manifestDigest), string(configDigest), missingAnnotations)
|
2023-03-16 22:09:30 -05:00
|
|
|
linter.log.Error().Msg(msg)
|
2022-09-23 11:28:30 -05:00
|
|
|
|
2023-03-16 22:09:30 -05:00
|
|
|
return false, errors.WithMessage(zerr.ErrImageLintAnnotations, msg)
|
2022-09-23 11:28:30 -05:00
|
|
|
}
|
|
|
|
|
2022-06-24 08:08:47 -05:00
|
|
|
return true, nil
|
|
|
|
}
|
|
|
|
|
|
|
|
func (linter *Linter) Lint(repo string, manifestDigest godigest.Digest,
|
|
|
|
imageStore storage.ImageStore,
|
|
|
|
) (bool, error) {
|
|
|
|
return linter.CheckMandatoryAnnotations(repo, manifestDigest, imageStore)
|
|
|
|
}
|
2022-09-23 11:28:30 -05:00
|
|
|
|
|
|
|
func getMissingAnnotations(mandatoryAnnotationsMap map[string]bool) []string {
|
|
|
|
var missingAnnotations []string
|
|
|
|
|
|
|
|
for annotation, flag := range mandatoryAnnotationsMap {
|
|
|
|
if !flag {
|
|
|
|
missingAnnotations = append(missingAnnotations, annotation)
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
return missingAnnotations
|
|
|
|
}
|