Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Do not error out on denied error for signatures #549

Merged
Merged
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
19 changes: 15 additions & 4 deletions pkg/imgpkg/signature/fetch_signatures.go
Original file line number Diff line number Diff line change
Expand Up @@ -4,6 +4,7 @@
package signature

import (
"errors"
"fmt"
"sync"

Expand Down Expand Up @@ -62,9 +63,9 @@ type FetchError struct {

// Error message that contains all errors
func (f *FetchError) Error() string {
msg := "Unable to retrieve the following images:\n"
msg := "Unable to retrieve the following images:"
for _, err := range f.AllErrors {
msg = fmt.Sprintf("%sImage: '%s'\nError:%s", msg, err.ImageRef(), err.Error())
msg = fmt.Sprintf("%s\nImage: '%s'\nError: %s", msg, err.ImageRef(), err.Error())
}
return msg
}
Expand Down Expand Up @@ -104,7 +105,17 @@ func (s *Signatures) Fetch(images *imageset.UnprocessedImageRefs) (*imageset.Unp
}
imagesRefs, err := s.FetchForImageRefs(imgs)
if err != nil {
return nil, err
var fetchError *FetchError
if !errors.As(err, &fetchError) {
return nil, err
}

for _, fError := range fetchError.AllErrors {
var accessDeniedErr AccessDeniedErr
if !errors.As(fError, &accessDeniedErr) {
return nil, fetchError
}
}
}
for _, ref := range imagesRefs {
signatures.Add(imageset.UnprocessedImageRef{
Expand All @@ -113,7 +124,7 @@ func (s *Signatures) Fetch(images *imageset.UnprocessedImageRefs) (*imageset.Unp
})
}

return signatures, err
return signatures, nil
}

// FetchForImageRefs Retrieve the available signatures associated with the images provided
Expand Down
27 changes: 26 additions & 1 deletion pkg/imgpkg/signature/fetch_signatures_test.go
Original file line number Diff line number Diff line change
Expand Up @@ -45,7 +45,32 @@ func TestSignatureRetriever_Signatures(t *testing.T) {
assert.Equal(t, imageset.UnprocessedImageRef{DigestRef: "registry.io/img@sha256:cf31af331f38d1d7158470e095b132acd126a7180a54f263d386da88eb681d93", Tag: "some-tag"}, sign2)
})

t.Run("denied errors are provided as part of the error", func(t *testing.T) {
t.Run("denied errors, when calling Fetch, work as not found", func(t *testing.T) {
fakeSignatureFinder := &signaturefakes.FakeFinder{}
subject := signature.NewSignatures(fakeSignatureFinder, 2)
fakeSignatureFinder.SignatureCalls(func(digest regname.Digest) (imageset.UnprocessedImageRef, error) {
availableResults := map[string]imageset.UnprocessedImageRef{
"sha256:4c8b96d4fffdfae29258d94a22ae4ad1fe36139d47288b8960d9958d1e63a9d0": {DigestRef: "registry.io/img@sha256:cf31af331f38d1d7158470e095b132acd126a7180a54f263d386da88eb681d93", Tag: "some-tag"},
"sha256:56cb33b3b4bc45509c5ff7513ddc6ed78764f9ad5165cc32826e04da49d5462b": {DigestRef: "registry.io/img2@sha256:be154cc2b1211a9f98f4d708f4266650c9129784d0485d4507d9b0fa05d928b6", Tag: "some-other-tag"},
}
if res, ok := availableResults[digest.DigestStr()]; ok {
return res, nil
}
return imageset.UnprocessedImageRef{}, signature.AccessDeniedErr{}
})

args := imageset.NewUnprocessedImageRefs()
args.Add(imageset.UnprocessedImageRef{DigestRef: "registry.io/img@sha256:4c8b96d4fffdfae29258d94a22ae4ad1fe36139d47288b8960d9958d1e63a9d0"})
args.Add(imageset.UnprocessedImageRef{DigestRef: "registry.io/img1@sha256:6716afd7a68262a37d3f67681ed9dedf3b882938ad777f268f44d68894531f7a"})
args.Add(imageset.UnprocessedImageRef{DigestRef: "registry.io/img2@sha256:56cb33b3b4bc45509c5ff7513ddc6ed78764f9ad5165cc32826e04da49d5462b"})
args.Add(imageset.UnprocessedImageRef{DigestRef: "registry.io/img2@sha256:a40a266ca606d8dcbac60b4bb1ec42128ba7063f5eed3a997ec4546edc6cf209"})
signatures, err := subject.Fetch(args)
require.NoError(t, err)

require.Equal(t, 2, signatures.Length())
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

(non-blocking) nit: Should we also assert that the 2 signatures are what we are looking for, like the previous test.

})

t.Run("denied errors are provided as part of the error, when calling FetchForImageRefs", func(t *testing.T) {
fakeSignatureFinder := &signaturefakes.FakeFinder{}
subject := signature.NewSignatures(fakeSignatureFinder, 2)
fakeSignatureFinder.SignatureCalls(func(digest regname.Digest) (imageset.UnprocessedImageRef, error) {
Expand Down