Skip to content

Commit

Permalink
While copying signatures do not fail on deniedErrors
Browse files Browse the repository at this point in the history
Signed-off-by: Joao Pereira <[email protected]>
  • Loading branch information
joaopapereira committed Jul 13, 2023
1 parent 49c84b7 commit 9a01997
Show file tree
Hide file tree
Showing 2 changed files with 39 additions and 3 deletions.
15 changes: 13 additions & 2 deletions pkg/imgpkg/signature/fetch_signatures.go
Original file line number Diff line number Diff line change
Expand Up @@ -4,6 +4,7 @@
package signature

import (
"errors"
"fmt"
"sync"

Expand Down Expand Up @@ -104,7 +105,17 @@ func (s *Signatures) Fetch(images *imageset.UnprocessedImageRefs) (*imageset.Unp
}
imagesRefs, err := s.FetchForImageRefs(imgs)
if err != nil {
return nil, err
var fetchError *FetchError
if !errors.As(err, &fetchError) {
return nil, err
}

for _, fError := range fetchError.AllErrors {
var accessDeniedErr AccessDeniedErr
if !errors.As(fError, &accessDeniedErr) {
return nil, fetchError
}
}
}
for _, ref := range imagesRefs {
signatures.Add(imageset.UnprocessedImageRef{
Expand All @@ -113,7 +124,7 @@ func (s *Signatures) Fetch(images *imageset.UnprocessedImageRefs) (*imageset.Unp
})
}

return signatures, err
return signatures, nil
}

// FetchForImageRefs Retrieve the available signatures associated with the images provided
Expand Down
27 changes: 26 additions & 1 deletion pkg/imgpkg/signature/fetch_signatures_test.go
Original file line number Diff line number Diff line change
Expand Up @@ -45,7 +45,32 @@ func TestSignatureRetriever_Signatures(t *testing.T) {
assert.Equal(t, imageset.UnprocessedImageRef{DigestRef: "registry.io/img@sha256:cf31af331f38d1d7158470e095b132acd126a7180a54f263d386da88eb681d93", Tag: "some-tag"}, sign2)
})

t.Run("denied errors are provided as part of the error", func(t *testing.T) {
t.Run("denied errors, when calling Fetch, work as not found", func(t *testing.T) {
fakeSignatureFinder := &signaturefakes.FakeFinder{}
subject := signature.NewSignatures(fakeSignatureFinder, 2)
fakeSignatureFinder.SignatureCalls(func(digest regname.Digest) (imageset.UnprocessedImageRef, error) {
availableResults := map[string]imageset.UnprocessedImageRef{
"sha256:4c8b96d4fffdfae29258d94a22ae4ad1fe36139d47288b8960d9958d1e63a9d0": {DigestRef: "registry.io/img@sha256:cf31af331f38d1d7158470e095b132acd126a7180a54f263d386da88eb681d93", Tag: "some-tag"},
"sha256:56cb33b3b4bc45509c5ff7513ddc6ed78764f9ad5165cc32826e04da49d5462b": {DigestRef: "registry.io/img2@sha256:be154cc2b1211a9f98f4d708f4266650c9129784d0485d4507d9b0fa05d928b6", Tag: "some-other-tag"},
}
if res, ok := availableResults[digest.DigestStr()]; ok {
return res, nil
}
return imageset.UnprocessedImageRef{}, signature.AccessDeniedErr{}
})

args := imageset.NewUnprocessedImageRefs()
args.Add(imageset.UnprocessedImageRef{DigestRef: "registry.io/img@sha256:4c8b96d4fffdfae29258d94a22ae4ad1fe36139d47288b8960d9958d1e63a9d0"})
args.Add(imageset.UnprocessedImageRef{DigestRef: "registry.io/img1@sha256:6716afd7a68262a37d3f67681ed9dedf3b882938ad777f268f44d68894531f7a"})
args.Add(imageset.UnprocessedImageRef{DigestRef: "registry.io/img2@sha256:56cb33b3b4bc45509c5ff7513ddc6ed78764f9ad5165cc32826e04da49d5462b"})
args.Add(imageset.UnprocessedImageRef{DigestRef: "registry.io/img2@sha256:a40a266ca606d8dcbac60b4bb1ec42128ba7063f5eed3a997ec4546edc6cf209"})
signatures, err := subject.Fetch(args)
require.NoError(t, err)

require.Equal(t, 2, signatures.Length())
})

t.Run("denied errors are provided as part of the error, when calling FetchForImageRefs", func(t *testing.T) {
fakeSignatureFinder := &signaturefakes.FakeFinder{}
subject := signature.NewSignatures(fakeSignatureFinder, 2)
fakeSignatureFinder.SignatureCalls(func(digest regname.Digest) (imageset.UnprocessedImageRef, error) {
Expand Down

0 comments on commit 9a01997

Please sign in to comment.