defenseunicorns · lucasrod16 · Apr 25, 2024 · Apr 9, 2024 · Apr 9, 2024 · Apr 9, 2024
@@ -14,7 +14,7 @@ require (
 	github.com/anchore/clio v0.0.0-20240307182142-fb5fc4c9db3c
 	github.com/anchore/stereoscope v0.0.1
 	github.com/anchore/syft v0.100.0
-	github.com/defenseunicorns/pkg/helpers v1.0.0
+	github.com/defenseunicorns/pkg/helpers v1.0.1-0.20240416125436-7c54d5ed05a0
 	github.com/defenseunicorns/pkg/oci v0.0.1
 	github.com/derailed/k9s v0.31.7
 	github.com/distribution/reference v0.5.0

@@ -595,6 +595,14 @@ github.com/defenseunicorns/gojsonschema v0.0.0-20231116163348-e00f069122d6 h1:gw
 github.com/defenseunicorns/gojsonschema v0.0.0-20231116163348-e00f069122d6/go.mod h1:StKLYMmPj1R5yIs6CK49EkcW1TvUYuw5Vri+LRk7Dy8=
 github.com/defenseunicorns/pkg/helpers v1.0.0 h1:0o3Rs+J/g0UemZHcENBS1Z2Qw2y4FIUUrGs75iEyPb4=
 github.com/defenseunicorns/pkg/helpers v1.0.0/go.mod h1:F4S5VZLDrlNWQKklzv4v9tFWjjZNhxJ1gT79j4XiLwk=
+github.com/defenseunicorns/pkg/helpers v1.0.1-0.20240411133953-c27224059905 h1:x4KxchKd18SoYFAb/UmqpsJVhOVMB1VYJsVxt7w3s9s=
+github.com/defenseunicorns/pkg/helpers v1.0.1-0.20240411133953-c27224059905/go.mod h1:F4S5VZLDrlNWQKklzv4v9tFWjjZNhxJ1gT79j4XiLwk=
+github.com/defenseunicorns/pkg/helpers v1.0.1-0.20240411154501-d8e8145af112 h1:Z6MQCjpKBA1CQfr3XqaRQsjXt+LYtNzfT4Adm53mfyE=
+github.com/defenseunicorns/pkg/helpers v1.0.1-0.20240411154501-d8e8145af112/go.mod h1:F4S5VZLDrlNWQKklzv4v9tFWjjZNhxJ1gT79j4XiLwk=
+github.com/defenseunicorns/pkg/helpers v1.0.1-0.20240416120542-1f7cefc0731b h1:0GwCv4pz9ncqXW/gDpGeKalXRVZwXmarPubett6GbwU=
+github.com/defenseunicorns/pkg/helpers v1.0.1-0.20240416120542-1f7cefc0731b/go.mod h1:F4S5VZLDrlNWQKklzv4v9tFWjjZNhxJ1gT79j4XiLwk=
+github.com/defenseunicorns/pkg/helpers v1.0.1-0.20240416125436-7c54d5ed05a0 h1:7Pzb4Y6f+GCeCVrgeMW/jD3X7qSGrxdQWeoyfskc4AU=
+github.com/defenseunicorns/pkg/helpers v1.0.1-0.20240416125436-7c54d5ed05a0/go.mod h1:F4S5VZLDrlNWQKklzv4v9tFWjjZNhxJ1gT79j4XiLwk=
 github.com/defenseunicorns/pkg/oci v0.0.1 h1:EFRp3NeiwzhOWKpQ6mAxi0l9chnrAvDcIgjMr0o0fkM=
 github.com/defenseunicorns/pkg/oci v0.0.1/go.mod h1:zVBgRjckEAhfdvbnQrnfOP/3M/GYJkIgWtJtY7pjYdo=
 github.com/deitch/magic v0.0.0-20230404182410-1ff89d7342da h1:ZOjWpVsFZ06eIhnh4mkaceTiVoktdU67+M7KDHJ268M=

@@ -12,11 +12,11 @@ tableOfContents: false
 
 ### Synopsis
 
-yq is a portable command-line data file processor (https://github.com/mikefarah/yq/) 
+yq is a portable command-line data file processor (https://github.com/mikefarah/yq/)
 See https://mikefarah.gitbook.io/yq/ for detailed documentation and examples.
 
 ## Evaluate Sequence ##
-This command iterates over each yaml document from each given file, applies the 
+This command iterates over each yaml document from each given file, applies the
 expression and prints the result in sequence.
 
 ```
@@ -28,21 +28,21 @@ zarf tools yq eval [expression] [yaml_file1]... [flags]
 ```
 
 # Reads field under the given path for each file
-zarf tools yq e '.a.b' f1.yml f2.yml 
+zarf tools yq e '.a.b' f1.yml f2.yml
 
 # Prints out the file
-zarf tools yq e sample.yaml 
+zarf tools yq e sample.yaml
 
 # Pipe from STDIN
 ## use '-' as a filename to pipe from STDIN
 cat file2.yml | zarf tools yq e '.a.b' file1.yml - file3.yml
 
 # Creates a new yaml document
 ## Note that editing an empty file does not work.
-zarf tools yq e -n '.a.b.c = "cat"' 
+zarf tools yq e -n '.a.b.c = "cat"'
 
-# Update a file inplace
-zarf tools yq e '.a.b = "cool"' -i file.yaml 
+# Update a file in place
+zarf tools yq e '.a.b = "cool"' -i file.yaml
 
 ```
 
@@ -98,4 +98,3 @@ zarf tools yq e '.a.b = "cool"' -i file.yaml
 ### SEE ALSO
 
 * [zarf tools yq](/commands/zarf_tools_yq/)	 - yq is a lightweight and portable command-line data file processor.
-
@@ -134,12 +134,11 @@ func GetCraneOptions(insecure bool, archs ...string) []crane.Option {
 		options = append(options, crane.Insecure, crane.WithTransport(roundTripper))
 	}
 
-	// Add the image platform info
+	if archs != nil {
+		options = append(options, crane.WithPlatform(&v1.Platform{OS: "linux", Architecture: GetArch(archs...)}))
+	}
+
 	options = append(options,
-		crane.WithPlatform(&v1.Platform{
-			OS:           "linux",
-			Architecture: GetArch(archs...),
-		}),
 		crane.WithUserAgent("zarf"),
 		crane.WithNoClobber(true),
 		// TODO: (@WSTARR) this is set to limit pushes to registry pods and reduce the likelihood that crane will get stuck.

@@ -506,21 +506,21 @@ cat file2.yml | zarf tools yq ea '.a.b' file1.yml - file3.yml
 `
 	CmdToolsYqEvalExample = `
 # Reads field under the given path for each file
-zarf tools yq e '.a.b' f1.yml f2.yml 
+zarf tools yq e '.a.b' f1.yml f2.yml
 
 # Prints out the file
-zarf tools yq e sample.yaml 
+zarf tools yq e sample.yaml
 
 # Pipe from STDIN
 ## use '-' as a filename to pipe from STDIN
 cat file2.yml | zarf tools yq e '.a.b' file1.yml - file3.yml
 
 # Creates a new yaml document
 ## Note that editing an empty file does not work.
-zarf tools yq e -n '.a.b.c = "cat"' 
+zarf tools yq e -n '.a.b.c = "cat"'
 
-# Update a file inplace
-zarf tools yq e '.a.b = "cool"' -i file.yaml 
+# Update a file in place
+zarf tools yq e '.a.b = "cool"' -i file.yaml
 `
 	CmdToolsMonitorShort = "Launches a terminal UI to monitor the connected cluster using K9s."
 
@@ -728,10 +728,11 @@ const (
 
 // Collection of reusable error messages.
 var (
-	ErrInitNotFound        = errors.New("this command requires a zarf-init package, but one was not found on the local system. Re-run the last command again without '--confirm' to download the package")
-	ErrUnableToCheckArch   = errors.New("unable to get the configured cluster's architecture")
-	ErrInterrupt           = errors.New("execution cancelled due to an interrupt")
-	ErrUnableToGetPackages = errors.New("unable to load the Zarf Package data from the cluster")
+	ErrInitNotFound         = errors.New("this command requires a zarf-init package, but one was not found on the local system. Re-run the last command again without '--confirm' to download the package")
+	ErrUnableToCheckArch    = errors.New("unable to get the configured cluster's architecture")
+	ErrInterrupt            = errors.New("execution cancelled due to an interrupt")
+	ErrUnableToGetPackages  = errors.New("unable to load the Zarf Package data from the cluster")
+	ErrUnsupportedImageType = errors.New("zarf does not currently support image indexes or docker manifest lists")
 )
 
 // Collection of reusable warn messages.

@@ -6,12 +6,14 @@ package images
 
 import (
 	"context"
+	"encoding/json"
 	"fmt"
 	"path/filepath"
 	"strings"
 
 	"github.com/defenseunicorns/pkg/helpers"
 	"github.com/defenseunicorns/zarf/src/config"
+	"github.com/defenseunicorns/zarf/src/config/lang"
 	"github.com/defenseunicorns/zarf/src/pkg/layout"
 	"github.com/defenseunicorns/zarf/src/pkg/message"
 	"github.com/defenseunicorns/zarf/src/pkg/transform"
@@ -25,6 +27,7 @@ import (
 	"github.com/google/go-containerregistry/pkg/v1/empty"
 	clayout "github.com/google/go-containerregistry/pkg/v1/layout"
 	"github.com/google/go-containerregistry/pkg/v1/partial"
+	ctypes "github.com/google/go-containerregistry/pkg/v1/types"
 	"github.com/moby/moby/client"
 )
 
@@ -271,7 +274,7 @@ func (i *ImageConfig) PullImage(src string, spinner *message.Spinner) (img v1.Im
 		if err != nil {
 			return nil, false, err
 		}
-	} else if _, err := crane.Manifest(src, config.GetCraneOptions(i.Insecure, i.Architectures...)...); err != nil {
+	} else if desc, err := crane.Get(src, config.GetCraneOptions(i.Insecure)...); err != nil {
 		// If crane is unable to pull the image, try to load it from the local docker daemon.
 		message.Notef("Falling back to local 'docker' images, failed to find the manifest on a remote: %s", err.Error())
 
@@ -308,6 +311,23 @@ func (i *ImageConfig) PullImage(src string, spinner *message.Spinner) (img v1.Im
 			return nil, false, fmt.Errorf("failed to load image from docker daemon: %w", err)
 		}
 	} else {
+		if strings.Contains(src, "@") && (desc.MediaType == ctypes.OCIImageIndex || desc.MediaType == ctypes.DockerManifestList) {
+			imageOptions := "please select one of the images below based on your platform to use instead"
+			imageBaseName := strings.Split(src, "@")[0]
+			manifest, err := crane.Manifest(src, config.GetCraneOptions(i.Insecure)...)
+			if err != nil {
+				return nil, false, fmt.Errorf("%w: %w", lang.ErrUnsupportedImageType, err)
+			}
+			var idx v1.IndexManifest
+			if err := json.Unmarshal(manifest, &idx); err != nil {
+				return nil, false, fmt.Errorf("%w: %w", lang.ErrUnsupportedImageType, err)
+			}
+			for _, manifest := range idx.Manifests {
+				imageOptions = fmt.Sprintf("%s\n %s@%s for platform %s", imageOptions, imageBaseName, manifest.Digest, manifest.Platform)
+			}
+			return nil, false, fmt.Errorf("%w: %s", lang.ErrUnsupportedImageType, imageOptions)
+		}
+
 		// Manifest was found, so use crane to pull the image.
 		if img, err = crane.Pull(src, config.GetCraneOptions(i.Insecure, i.Architectures...)...); err != nil {
 			return nil, false, fmt.Errorf("failed to pull image: %w", err)

@@ -176,6 +176,7 @@ func (pc *PackageCreator) Assemble(dst *layout.PackagePaths, components []types.
 		var pulled []images.ImgInfo
 		var err error
 
+		ctx, cancel := context.WithCancel(context.TODO())
 		doPull := func() error {
 			imgConfig := images.ImageConfig{
 				ImagesPath:        dst.Images.Base,
@@ -186,11 +187,15 @@ func (pc *PackageCreator) Assemble(dst *layout.PackagePaths, components []types.
 			}
 
 			pulled, err = imgConfig.PullAll()
+			if errors.Is(err, lang.ErrUnsupportedImageType) {
+				cancel()
+			}
+
 			return err
 		}
 
-		if err := helpers.Retry(doPull, 3, 5*time.Second, message.Warnf); err != nil {
-			return fmt.Errorf("unable to pull images after 3 attempts: %w", err)
+		if err := helpers.RetryWithContext(ctx, doPull, 3, 5*time.Second, message.Warnf); err != nil {
+			return fmt.Errorf("unable to pull images: %w", err)
 		}
 
 		for _, imgInfo := range pulled {

@@ -0,0 +1,41 @@
+// SPDX-License-Identifier: Apache-2.0
+// SPDX-FileCopyrightText: 2021-Present The Zarf Authors
+
+// Package test provides e2e tests for Zarf.
+package test
+
+import (
+	"testing"
+
+	"github.com/stretchr/testify/require"
+)
+
+func TestCreateIndexShaErrors(t *testing.T) {
+	t.Log("E2E: CreateIndexShaErrors")
+
+	testCases := []struct {
+		name                  string
+		packagePath           string
+		expectedImageInStderr string
+	}{
+		{
+			name:                  "Image Index",
+			packagePath:           "src/test/packages/14-index-sha/image-index",
+			expectedImageInStderr: "ghcr.io/defenseunicorns/zarf/agent:v0.32.6@sha256:b3fabdc7d4ecd0f396016ef78da19002c39e3ace352ea0ae4baa2ce9d5958376",
+		},
+		{
+			name:                  "Manifest List",
+			packagePath:           "src/test/packages/14-index-sha/manifest-list",
+			expectedImageInStderr: "docker.io/defenseunicorns/zarf-game@sha256:f78e442f0f3eb3e9459b5ae6b1a8fda62f8dfe818112e7d130a4e8ae72b3cbff",
+		},
+	}
+
+	for _, tc := range testCases {
+		t.Run(tc.name, func(t *testing.T) {
+			_, stderr, err := e2e.Zarf("package", "create", tc.packagePath, "--confirm")
+			require.Error(t, err)
+			require.Contains(t, stderr, tc.expectedImageInStderr)
+		})
+	}
+
+}
@@ -27,7 +27,6 @@ func TestRetries(t *testing.T) {
 
 	stdOut, stdErr, err = e2e.Zarf("package", "deploy", path.Join(tmpDir, pkgName), "--retries", "2", "--timeout", "3s", "--tmpdir", tmpDir, "--confirm")
 	require.Error(t, err, stdOut, stdErr)
-	require.Contains(t, stdErr, "Retrying (1/2) in 5s:")
-	require.Contains(t, stdErr, "Retrying (2/2) in 10s:")
+	require.Contains(t, stdErr, "Retrying in 5s")
 	require.Contains(t, stdErr, "unable to install chart after 2 attempts")
 }
@@ -0,0 +1,9 @@
+kind: ZarfPackageConfig
+metadata:
+  name: image-index
+
+components:
+  - name: baseline
+    required: true
+    images:
+      - ghcr.io/defenseunicorns/zarf/agent:v0.32.6@sha256:05a82656df5466ce17c3e364c16792ae21ce68438bfe06eeab309d0520c16b48
@@ -0,0 +1,9 @@
+kind: ZarfPackageConfig
+metadata:
+  name: manifest-list
+
+components:
+  - name: baseline
+    required: true
+    images:
+      - defenseunicorns/zarf-game@sha256:0b694ca1c33afae97b7471488e07968599f1d2470c629f76af67145ca64428af