mirror of
https://github.com/project-zot/zot.git
synced 2025-01-06 22:40:28 -05:00
ac6c6a844c
- Digests were represented by different ways - We needed a uniform way to represent the digests and enforce a format - also replace usage of github.com/google/go-containerregistry/pkg/v1 with github.com/opencontainers/image-spec/specs-go/v1 Signed-off-by: Laurentiu Niculae <niculae.laurentiu1@gmail.com> (cherry picked from commit 96b2f29d6d57070a913ce419149cd481c0723815) (cherry picked from commit 3d41b583daea654c98378ce3dcb78937d71538e8) Co-authored-by: Laurentiu Niculae <niculae.laurentiu1@gmail.com>
126 lines
3.2 KiB
Go
126 lines
3.2 KiB
Go
//go:build lint
|
|
// +build lint
|
|
|
|
package lint
|
|
|
|
import (
|
|
"encoding/json"
|
|
|
|
godigest "github.com/opencontainers/go-digest"
|
|
ispec "github.com/opencontainers/image-spec/specs-go/v1"
|
|
|
|
"zotregistry.io/zot/pkg/extensions/config"
|
|
"zotregistry.io/zot/pkg/log"
|
|
"zotregistry.io/zot/pkg/storage"
|
|
)
|
|
|
|
type Linter struct {
|
|
config *config.LintConfig
|
|
log log.Logger
|
|
}
|
|
|
|
func NewLinter(config *config.LintConfig, log log.Logger) *Linter {
|
|
return &Linter{
|
|
config: config,
|
|
log: log,
|
|
}
|
|
}
|
|
|
|
func (linter *Linter) CheckMandatoryAnnotations(repo string, manifestDigest godigest.Digest,
|
|
imgStore storage.ImageStore,
|
|
) (bool, error) {
|
|
if linter.config == nil {
|
|
return true, nil
|
|
}
|
|
|
|
if (linter.config != nil && !*linter.config.Enable) || len(linter.config.MandatoryAnnotations) == 0 {
|
|
return true, nil
|
|
}
|
|
|
|
mandatoryAnnotationsList := linter.config.MandatoryAnnotations
|
|
|
|
content, err := imgStore.GetBlobContent(repo, manifestDigest)
|
|
if err != nil {
|
|
linter.log.Error().Err(err).Msg("linter: unable to get image manifest")
|
|
|
|
return false, err
|
|
}
|
|
|
|
var manifest ispec.Manifest
|
|
|
|
if err := json.Unmarshal(content, &manifest); err != nil {
|
|
linter.log.Error().Err(err).Msg("linter: couldn't unmarshal manifest JSON")
|
|
|
|
return false, err
|
|
}
|
|
|
|
mandatoryAnnotationsMap := make(map[string]bool)
|
|
for _, annotation := range mandatoryAnnotationsList {
|
|
mandatoryAnnotationsMap[annotation] = false
|
|
}
|
|
|
|
manifestAnnotations := manifest.Annotations
|
|
for annotation := range manifestAnnotations {
|
|
if _, ok := mandatoryAnnotationsMap[annotation]; ok {
|
|
mandatoryAnnotationsMap[annotation] = true
|
|
}
|
|
}
|
|
|
|
missingAnnotations := getMissingAnnotations(mandatoryAnnotationsMap)
|
|
if len(missingAnnotations) == 0 {
|
|
return true, nil
|
|
}
|
|
|
|
// if there are mandatory annotations missing in the manifest, get config and check these annotations too
|
|
configDigest := manifest.Config.Digest
|
|
|
|
content, err = imgStore.GetBlobContent(repo, configDigest)
|
|
if err != nil {
|
|
linter.log.Error().Err(err).Msg("linter: couldn't get config JSON " + configDigest.String())
|
|
|
|
return false, err
|
|
}
|
|
|
|
var imageConfig ispec.Image
|
|
if err := json.Unmarshal(content, &imageConfig); err != nil {
|
|
linter.log.Error().Err(err).Msg("linter: couldn't unmarshal config JSON " + configDigest.String())
|
|
|
|
return false, err
|
|
}
|
|
|
|
configAnnotations := imageConfig.Config.Labels
|
|
|
|
for annotation := range configAnnotations {
|
|
if _, ok := mandatoryAnnotationsMap[annotation]; ok {
|
|
mandatoryAnnotationsMap[annotation] = true
|
|
}
|
|
}
|
|
|
|
missingAnnotations = getMissingAnnotations(mandatoryAnnotationsMap)
|
|
if len(missingAnnotations) > 0 {
|
|
linter.log.Error().Msgf("linter: manifest %s / config %s are missing annotations: %s",
|
|
string(manifestDigest), string(configDigest), missingAnnotations)
|
|
|
|
return false, nil
|
|
}
|
|
|
|
return true, nil
|
|
}
|
|
|
|
func (linter *Linter) Lint(repo string, manifestDigest godigest.Digest,
|
|
imageStore storage.ImageStore,
|
|
) (bool, error) {
|
|
return linter.CheckMandatoryAnnotations(repo, manifestDigest, imageStore)
|
|
}
|
|
|
|
func getMissingAnnotations(mandatoryAnnotationsMap map[string]bool) []string {
|
|
var missingAnnotations []string
|
|
|
|
for annotation, flag := range mandatoryAnnotationsMap {
|
|
if !flag {
|
|
missingAnnotations = append(missingAnnotations, annotation)
|
|
}
|
|
}
|
|
|
|
return missingAnnotations
|
|
}
|