From 02978ac23dd9d28bbdff3c272921d89d160d9204 Mon Sep 17 00:00:00 2001 From: Yoni Bettan Date: Thu, 22 Sep 2022 15:26:24 +0300 Subject: [PATCH] Creating 'TLSOptions' in favor of 'PullOptions' and 'PushOptions'. The `build` object, always push to the same registry that the `kernelMapping` will pull from, therefore, there is not need to duplicate the config. In addition that, I have also renamed some of the fields for better self-documented code. Here is how this field is used in the module: * `kernelMapping[].build.baseImageRegistryTLS` is only meant for pulling the base image of the Dockerfile specified in the build. * `kernelMapping[].registryTLS` is meant for specifying the TLS options for pulling the image we want to deploy or for pushing it in case we are building it in-cluster (because they will always be the same). * `moduleLoaderContainerSpec.registryTLS` is just the global value of all kernelMapping[]'s entries. Signed-off-by: Yoni Bettan --- api/v1beta1/module_types.go | 36 ++--- api/v1beta1/zz_generated.deepcopy.go | 60 +++----- ...kmm.sigs.k8s.io_managedclustermodules.yaml | 128 ++++++++---------- config/crd/bases/kmm.sigs.k8s.io_modules.yaml | 121 +++++++---------- controllers/module_reconciler.go | 4 +- internal/build/job/maker.go | 23 ++-- internal/build/job/maker_test.go | 28 ++-- internal/build/job/manager.go | 2 +- internal/build/job/manager_test.go | 14 +- internal/build/job/mock_maker.go | 8 +- internal/module/helper.go | 8 +- internal/preflight/preflight.go | 4 +- internal/registry/mock_registry_api.go | 16 +-- internal/registry/registry.go | 24 ++-- internal/registry/registry_test.go | 30 ++-- internal/sign/job/manager_test.go | 4 +- 16 files changed, 224 insertions(+), 286 deletions(-) diff --git a/api/v1beta1/module_types.go b/api/v1beta1/module_types.go index 9b3613b2f..20e63812f 100644 --- a/api/v1beta1/module_types.go +++ b/api/v1beta1/module_types.go @@ -27,21 +27,10 @@ type BuildArg struct { Value string `json:"value"` } -type PullOptions struct { +type TLSOptions struct { // +optional - // If Insecure is true, images can be pulled from an insecure (plain HTTP) registry. - Insecure bool `json:"insecure,omitempty"` - - // +optional - // If InsecureSkipTLSVerify, the operator will accept any certificate provided by the registry. - InsecureSkipTLSVerify bool `json:"insecureSkipTLSVerify,omitempty"` -} - -type PushOptions struct { - - // +optional - // If Insecure is true, built images can be pushed to an insecure (plain HTTP) registry. + // If Insecure is true, the operator will be able to access a registry in an insecure (plain HTTP) protocol. Insecure bool `json:"insecure,omitempty"` // +optional @@ -63,12 +52,8 @@ type Build struct { Dockerfile string `json:"dockerfile"` // +optional - // Pull contains settings determining how to pull the base images of the build process. - Pull PullOptions `json:"pull"` - - // +optional - // Push contains settings determining how to push a built DriverContainer image. - Push PushOptions `json:"push"` + // BaseImageRegistryTLS contains settings determining how to pull the base images of the build-process' Dockerfile. + BaseImageRegistryTLS TLSOptions `json:"baseImageRegistryTLS"` // +optional // Secrets is an optional list of secrets to be made available to the build system. @@ -117,9 +102,10 @@ type KernelMapping struct { Literal string `json:"literal"` // +optional - // Pull contains settings determining how to check if the ModuleLoader image already exists - // and allows overriding of the ModuleLoader's pull options - Pull *PullOptions `json:"pull"` + // RegistryTLS plays 2 different roles. + // 1. The TLS configurations determining how to check if the driver container image already exists. + // 2. The TLS configurations determining how to push the driver container image if built in cluster. + RegistryTLS *TLSOptions `json:"registryTLS"` // +optional // Regexp is a regular expression to be match against node kernels. @@ -198,8 +184,10 @@ type ModuleLoaderContainerSpec struct { Modprobe ModprobeSpec `json:"modprobe"` // +optional - // Pull contains settings determining how to check if the ModuleLoader image already exists. - Pull *PullOptions `json:"pull"` + // RegistryTLS plays 2 different roles. + // 1. The TLS configurations determining how to check if the driver container image already exists. + // 2. The TLS configurations determining how to push the driver container image if built in cluster. + RegistryTLS *TLSOptions `json:"registryTLS"` } type ModuleLoaderSpec struct { diff --git a/api/v1beta1/zz_generated.deepcopy.go b/api/v1beta1/zz_generated.deepcopy.go index c8e1de0fd..773bf3038 100644 --- a/api/v1beta1/zz_generated.deepcopy.go +++ b/api/v1beta1/zz_generated.deepcopy.go @@ -34,8 +34,7 @@ func (in *Build) DeepCopyInto(out *Build) { *out = make([]BuildArg, len(*in)) copy(*out, *in) } - out.Pull = in.Pull - out.Push = in.Push + out.BaseImageRegistryTLS = in.BaseImageRegistryTLS if in.Secrets != nil { in, out := &in.Secrets, &out.Secrets *out = make([]v1.LocalObjectReference, len(*in)) @@ -195,9 +194,9 @@ func (in *KernelMapping) DeepCopyInto(out *KernelMapping) { *out = new(Sign) (*in).DeepCopyInto(*out) } - if in.Pull != nil { - in, out := &in.Pull, &out.Pull - *out = new(PullOptions) + if in.RegistryTLS != nil { + in, out := &in.RegistryTLS, &out.RegistryTLS + *out = new(TLSOptions) **out = **in } } @@ -428,9 +427,9 @@ func (in *ModuleLoaderContainerSpec) DeepCopyInto(out *ModuleLoaderContainerSpec } } in.Modprobe.DeepCopyInto(&out.Modprobe) - if in.Pull != nil { - in, out := &in.Pull, &out.Pull - *out = new(PullOptions) + if in.RegistryTLS != nil { + in, out := &in.RegistryTLS, &out.RegistryTLS + *out = new(TLSOptions) **out = **in } } @@ -615,36 +614,6 @@ func (in *PreflightValidationStatus) DeepCopy() *PreflightValidationStatus { return out } -// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *PullOptions) DeepCopyInto(out *PullOptions) { - *out = *in -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new PullOptions. -func (in *PullOptions) DeepCopy() *PullOptions { - if in == nil { - return nil - } - out := new(PullOptions) - in.DeepCopyInto(out) - return out -} - -// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *PushOptions) DeepCopyInto(out *PushOptions) { - *out = *in -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new PushOptions. -func (in *PushOptions) DeepCopy() *PushOptions { - if in == nil { - return nil - } - out := new(PushOptions) - in.DeepCopyInto(out) - return out -} - // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *Sign) DeepCopyInto(out *Sign) { *out = *in @@ -674,3 +643,18 @@ func (in *Sign) DeepCopy() *Sign { in.DeepCopyInto(out) return out } + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *TLSOptions) DeepCopyInto(out *TLSOptions) { + *out = *in +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new TLSOptions. +func (in *TLSOptions) DeepCopy() *TLSOptions { + if in == nil { + return nil + } + out := new(TLSOptions) + in.DeepCopyInto(out) + return out +} diff --git a/config/crd/bases/kmm.sigs.k8s.io_managedclustermodules.yaml b/config/crd/bases/kmm.sigs.k8s.io_managedclustermodules.yaml index ba36d4bd1..a00d9a3c3 100644 --- a/config/crd/bases/kmm.sigs.k8s.io_managedclustermodules.yaml +++ b/config/crd/bases/kmm.sigs.k8s.io_managedclustermodules.yaml @@ -1958,6 +1958,22 @@ spec: build: description: Build contains build instructions. properties: + baseImageRegistryTLS: + description: BaseImageRegistryTLS contains settings + determining how to pull the base images of the build-process' + Dockerfile. + properties: + insecure: + description: If Insecure is true, the operator + will be able to access a registry in an insecure + (plain HTTP) protocol. + type: boolean + insecureSkipTLSVerify: + description: If InsecureSkipTLSVerify, the operator + will accept any certificate provided by the + registry. + type: boolean + type: object buildArgs: description: BuildArgs is an array of build variables that are provided to the image building backend. @@ -1985,34 +2001,6 @@ spec: the build Job type: string type: object - pull: - description: Pull contains settings determining how - to pull the base images of the build process. - properties: - insecure: - description: If Insecure is true, images can be - pulled from an insecure (plain HTTP) registry. - type: boolean - insecureSkipTLSVerify: - description: If InsecureSkipTLSVerify, the operator - will accept any certificate provided by the - registry. - type: boolean - type: object - push: - description: Push contains settings determining how - to push a built DriverContainer image. - properties: - insecure: - description: If Insecure is true, built images - can be pushed to an insecure (plain HTTP) registry. - type: boolean - insecureSkipTLSVerify: - description: If InsecureSkipTLSVerify, the operator - will accept any certificate provided by the - registry. - type: boolean - type: object secrets: description: Secrets is an optional list of secrets to be made available to the build system. Those @@ -2061,6 +2049,22 @@ spec: this mapping and allows overriding the Module's build settings. properties: + baseImageRegistryTLS: + description: BaseImageRegistryTLS contains settings + determining how to pull the base images of + the build-process' Dockerfile. + properties: + insecure: + description: If Insecure is true, the operator + will be able to access a registry in an + insecure (plain HTTP) protocol. + type: boolean + insecureSkipTLSVerify: + description: If InsecureSkipTLSVerify, the + operator will accept any certificate provided + by the registry. + type: boolean + type: object buildArgs: description: BuildArgs is an array of build variables that are provided to the image building @@ -2089,36 +2093,6 @@ spec: creating the build Job type: string type: object - pull: - description: Pull contains settings determining - how to pull the base images of the build process. - properties: - insecure: - description: If Insecure is true, images - can be pulled from an insecure (plain - HTTP) registry. - type: boolean - insecureSkipTLSVerify: - description: If InsecureSkipTLSVerify, the - operator will accept any certificate provided - by the registry. - type: boolean - type: object - push: - description: Push contains settings determining - how to push a built DriverContainer image. - properties: - insecure: - description: If Insecure is true, built - images can be pushed to an insecure (plain - HTTP) registry. - type: boolean - insecureSkipTLSVerify: - description: If InsecureSkipTLSVerify, the - operator will accept any certificate provided - by the registry. - type: boolean - type: object secrets: description: Secrets is an optional list of secrets to be made available to the build @@ -2151,15 +2125,21 @@ spec: description: Literal defines a literal target kernel version to be matched exactly against node kernels. type: string - pull: - description: Pull contains settings determining - how to check if the ModuleLoader image already - exists and allows overriding of the ModuleLoader's - pull options + regexp: + description: Regexp is a regular expression to be + match against node kernels. + type: string + registryTLS: + description: RegistryTLS plays 2 different roles. + 1. The TLS configurations determining how to check + if the driver container image already exists. + 2. The TLS configurations determining how to push + the driver container image if built in cluster. properties: insecure: - description: If Insecure is true, images can - be pulled from an insecure (plain HTTP) registry. + description: If Insecure is true, the operator + will be able to access a registry in an insecure + (plain HTTP) protocol. type: boolean insecureSkipTLSVerify: description: If InsecureSkipTLSVerify, the operator @@ -2167,10 +2147,6 @@ spec: registry. type: boolean type: object - regexp: - description: Regexp is a regular expression to be - match against node kernels. - type: string sign: description: Sign enables in-cluster signing for this mapping @@ -2291,13 +2267,17 @@ spec: required: - moduleName type: object - pull: - description: Pull contains settings determining how to - check if the ModuleLoader image already exists. + registryTLS: + description: RegistryTLS plays 2 different roles. 1. The + TLS configurations determining how to check if the driver + container image already exists. 2. The TLS configurations + determining how to push the driver container image if + built in cluster. properties: insecure: - description: If Insecure is true, images can be pulled - from an insecure (plain HTTP) registry. + description: If Insecure is true, the operator will + be able to access a registry in an insecure (plain + HTTP) protocol. type: boolean insecureSkipTLSVerify: description: If InsecureSkipTLSVerify, the operator diff --git a/config/crd/bases/kmm.sigs.k8s.io_modules.yaml b/config/crd/bases/kmm.sigs.k8s.io_modules.yaml index 1b9bc7111..196fb0d14 100644 --- a/config/crd/bases/kmm.sigs.k8s.io_modules.yaml +++ b/config/crd/bases/kmm.sigs.k8s.io_modules.yaml @@ -1874,6 +1874,20 @@ spec: build: description: Build contains build instructions. properties: + baseImageRegistryTLS: + description: BaseImageRegistryTLS contains settings determining + how to pull the base images of the build-process' Dockerfile. + properties: + insecure: + description: If Insecure is true, the operator will + be able to access a registry in an insecure (plain + HTTP) protocol. + type: boolean + insecureSkipTLSVerify: + description: If InsecureSkipTLSVerify, the operator + will accept any certificate provided by the registry. + type: boolean + type: object buildArgs: description: BuildArgs is an array of build variables that are provided to the image building backend. @@ -1901,32 +1915,6 @@ spec: the build Job type: string type: object - pull: - description: Pull contains settings determining how to - pull the base images of the build process. - properties: - insecure: - description: If Insecure is true, images can be pulled - from an insecure (plain HTTP) registry. - type: boolean - insecureSkipTLSVerify: - description: If InsecureSkipTLSVerify, the operator - will accept any certificate provided by the registry. - type: boolean - type: object - push: - description: Push contains settings determining how to - push a built DriverContainer image. - properties: - insecure: - description: If Insecure is true, built images can - be pushed to an insecure (plain HTTP) registry. - type: boolean - insecureSkipTLSVerify: - description: If InsecureSkipTLSVerify, the operator - will accept any certificate provided by the registry. - type: boolean - type: object secrets: description: Secrets is an optional list of secrets to be made available to the build system. Those secrets @@ -1972,6 +1960,22 @@ spec: description: Build enables in-cluster builds for this mapping and allows overriding the Module's build settings. properties: + baseImageRegistryTLS: + description: BaseImageRegistryTLS contains settings + determining how to pull the base images of the + build-process' Dockerfile. + properties: + insecure: + description: If Insecure is true, the operator + will be able to access a registry in an insecure + (plain HTTP) protocol. + type: boolean + insecureSkipTLSVerify: + description: If InsecureSkipTLSVerify, the operator + will accept any certificate provided by the + registry. + type: boolean + type: object buildArgs: description: BuildArgs is an array of build variables that are provided to the image building backend. @@ -1999,35 +2003,6 @@ spec: the build Job type: string type: object - pull: - description: Pull contains settings determining - how to pull the base images of the build process. - properties: - insecure: - description: If Insecure is true, images can - be pulled from an insecure (plain HTTP) registry. - type: boolean - insecureSkipTLSVerify: - description: If InsecureSkipTLSVerify, the operator - will accept any certificate provided by the - registry. - type: boolean - type: object - push: - description: Push contains settings determining - how to push a built DriverContainer image. - properties: - insecure: - description: If Insecure is true, built images - can be pushed to an insecure (plain HTTP) - registry. - type: boolean - insecureSkipTLSVerify: - description: If InsecureSkipTLSVerify, the operator - will accept any certificate provided by the - registry. - type: boolean - type: object secrets: description: Secrets is an optional list of secrets to be made available to the build system. Those @@ -2059,24 +2034,27 @@ spec: description: Literal defines a literal target kernel version to be matched exactly against node kernels. type: string - pull: - description: Pull contains settings determining how - to check if the ModuleLoader image already exists - and allows overriding of the ModuleLoader's pull options + regexp: + description: Regexp is a regular expression to be match + against node kernels. + type: string + registryTLS: + description: RegistryTLS plays 2 different roles. 1. + The TLS configurations determining how to check if + the driver container image already exists. 2. The + TLS configurations determining how to push the driver + container image if built in cluster. properties: insecure: - description: If Insecure is true, images can be - pulled from an insecure (plain HTTP) registry. + description: If Insecure is true, the operator will + be able to access a registry in an insecure (plain + HTTP) protocol. type: boolean insecureSkipTLSVerify: description: If InsecureSkipTLSVerify, the operator will accept any certificate provided by the registry. type: boolean type: object - regexp: - description: Regexp is a regular expression to be match - against node kernels. - type: string sign: description: Sign enables in-cluster signing for this mapping @@ -2196,13 +2174,16 @@ spec: required: - moduleName type: object - pull: - description: Pull contains settings determining how to check - if the ModuleLoader image already exists. + registryTLS: + description: RegistryTLS plays 2 different roles. 1. The TLS + configurations determining how to check if the driver container + image already exists. 2. The TLS configurations determining + how to push the driver container image if built in cluster. properties: insecure: - description: If Insecure is true, images can be pulled - from an insecure (plain HTTP) registry. + description: If Insecure is true, the operator will be + able to access a registry in an insecure (plain HTTP) + protocol. type: boolean insecureSkipTLSVerify: description: If InsecureSkipTLSVerify, the operator will diff --git a/controllers/module_reconciler.go b/controllers/module_reconciler.go index ee8ef5357..08273b6ca 100644 --- a/controllers/module_reconciler.go +++ b/controllers/module_reconciler.go @@ -380,8 +380,8 @@ func (r *ModuleReconciler) handleSigning(ctx context.Context, func (r *ModuleReconciler) checkImageExists(ctx context.Context, mod *kmmv1beta1.Module, km *kmmv1beta1.KernelMapping, imageName string) (bool, error) { registryAuthGetter := auth.NewRegistryAuthGetterFrom(r.Client, mod) - pullOptions := module.GetRelevantPullOptions(mod, km) - imageAvailable, err := r.registry.ImageExists(ctx, imageName, pullOptions, registryAuthGetter) + tlsOptions := module.GetRelevantTLSOptions(mod, km) + imageAvailable, err := r.registry.ImageExists(ctx, imageName, tlsOptions, registryAuthGetter) if err != nil { return false, fmt.Errorf("could not check if the image is available: %v", err) } diff --git a/internal/build/job/maker.go b/internal/build/job/maker.go index cf8aac4e1..2c7bbc590 100644 --- a/internal/build/job/maker.go +++ b/internal/build/job/maker.go @@ -19,7 +19,8 @@ import ( //go:generate mockgen -source=maker.go -package=job -destination=mock_maker.go type Maker interface { - MakeJobTemplate(mod kmmv1beta1.Module, buildConfig *kmmv1beta1.Build, targetKernel, containerImage string, pushImage bool) (*batchv1.Job, error) + MakeJobTemplate(mod kmmv1beta1.Module, buildConfig *kmmv1beta1.Build, targetKernel, containerImage string, + pushImage bool, registryTLS *kmmv1beta1.TLSOptions) (*batchv1.Job, error) } type maker struct { @@ -36,7 +37,9 @@ func NewMaker(helper build.Helper, jobHelper utils.JobHelper, scheme *runtime.Sc } } -func (m *maker) MakeJobTemplate(mod kmmv1beta1.Module, buildConfig *kmmv1beta1.Build, targetKernel, containerImage string, pushImage bool) (*batchv1.Job, error) { +func (m *maker) MakeJobTemplate(mod kmmv1beta1.Module, buildConfig *kmmv1beta1.Build, targetKernel, containerImage string, + pushImage bool, registryTLS *kmmv1beta1.TLSOptions) (*batchv1.Job, error) { + args := []string{} if pushImage { args = append(args, "--destination", containerImage) @@ -53,20 +56,22 @@ func (m *maker) MakeJobTemplate(mod kmmv1beta1.Module, buildConfig *kmmv1beta1.B args = append(args, "--build-arg", fmt.Sprintf("%s=%s", ba.Name, ba.Value)) } - if buildConfig.Pull.Insecure { + if buildConfig.BaseImageRegistryTLS.Insecure { args = append(args, "--insecure-pull") } - if buildConfig.Pull.InsecureSkipTLSVerify { + if buildConfig.BaseImageRegistryTLS.InsecureSkipTLSVerify { args = append(args, "--skip-tls-verify-pull") } - if buildConfig.Push.Insecure { - args = append(args, "--insecure") - } + if registryTLS != nil { + if registryTLS.Insecure { + args = append(args, "--insecure") + } - if buildConfig.Push.InsecureSkipTLSVerify { - args = append(args, "--skip-tls-verify") + if registryTLS.InsecureSkipTLSVerify { + args = append(args, "--skip-tls-verify") + } } const dockerfileVolumeName = "dockerfile" diff --git a/internal/build/job/maker_test.go b/internal/build/job/maker_test.go index 055db30c9..b1e601bd8 100644 --- a/internal/build/job/maker_test.go +++ b/internal/build/job/maker_test.go @@ -207,7 +207,7 @@ var _ = Describe("MakeJobTemplate", func() { mh.EXPECT().ApplyBuildArgOverrides(buildArgs, override).Return(append(slices.Clone(buildArgs), override)) jobhelper.EXPECT().JobLabels(*mod, kernelVersion, utils.JobTypeBuild).Return(labels) - actual, err := m.MakeJobTemplate(*mod, km.Build, kernelVersion, km.ContainerImage, true) + actual, err := m.MakeJobTemplate(*mod, km.Build, kernelVersion, km.ContainerImage, true, nil) Expect(err).NotTo(HaveOccurred()) Expect( @@ -238,7 +238,7 @@ var _ = Describe("MakeJobTemplate", func() { ), ) - DescribeTable("should set correct kaniko flags", func(b kmmv1beta1.Build, kanikoFlag string, pushFlag bool) { + DescribeTable("should set correct kaniko flags", func(registryTLS *kmmv1beta1.TLSOptions, b kmmv1beta1.Build, kanikoFlag string, pushFlag bool) { km := kmmv1beta1.KernelMapping{ Build: &kmmv1beta1.Build{ @@ -251,7 +251,7 @@ var _ = Describe("MakeJobTemplate", func() { mh.EXPECT().ApplyBuildArgOverrides(nil, kmmv1beta1.BuildArg{Name: "KERNEL_VERSION", Value: kernelVersion}) jobhelper.EXPECT().JobLabels(mod, kernelVersion, utils.JobTypeBuild).Return(map[string]string{}) - actual, err := m.MakeJobTemplate(mod, &b, kernelVersion, km.ContainerImage, pushFlag) + actual, err := m.MakeJobTemplate(mod, &b, kernelVersion, km.ContainerImage, pushFlag, registryTLS) Expect(err).NotTo(HaveOccurred()) Expect(actual.Spec.Template.Spec.Containers[0].Args).To(ContainElement(kanikoFlag)) if pushFlag { @@ -262,26 +262,30 @@ var _ = Describe("MakeJobTemplate", func() { }, Entry( - "PullOptions.Insecure", - kmmv1beta1.Build{Pull: kmmv1beta1.PullOptions{Insecure: true}}, + "BaseImageRegistryTLS.Insecure", + nil, + kmmv1beta1.Build{BaseImageRegistryTLS: kmmv1beta1.TLSOptions{Insecure: true}}, "--insecure-pull", true, ), Entry( - "PullOptions.InsecureSkipTLSVerify", - kmmv1beta1.Build{Pull: kmmv1beta1.PullOptions{InsecureSkipTLSVerify: true}}, + "BaseImageRegistryTLS.InsecureSkipTLSVerify", + nil, + kmmv1beta1.Build{BaseImageRegistryTLS: kmmv1beta1.TLSOptions{InsecureSkipTLSVerify: true}}, "--skip-tls-verify-pull", false, ), Entry( - "PushOptions.Insecure", - kmmv1beta1.Build{Push: kmmv1beta1.PushOptions{Insecure: true}}, + "RegistryTLS.Insecure", + &kmmv1beta1.TLSOptions{Insecure: true}, + nil, "--insecure", true, ), Entry( - "PushOptions.InsecureSkipTLSVerify", - kmmv1beta1.Build{Push: kmmv1beta1.PushOptions{InsecureSkipTLSVerify: true}}, + "RegistryTLS.InsecureSkipTLSVerify", + &kmmv1beta1.TLSOptions{InsecureSkipTLSVerify: true}, + nil, "--skip-tls-verify", false, ), @@ -304,7 +308,7 @@ var _ = Describe("MakeJobTemplate", func() { mh.EXPECT().ApplyBuildArgOverrides(buildArgs, override) jobhelper.EXPECT().JobLabels(mod, kernelVersion, utils.JobTypeBuild).Return(map[string]string{}) - actual, err := m.MakeJobTemplate(mod, km.Build, kernelVersion, km.ContainerImage, false) + actual, err := m.MakeJobTemplate(mod, km.Build, kernelVersion, km.ContainerImage, false, nil) Expect(err).NotTo(HaveOccurred()) Expect(actual.Spec.Template.Spec.Containers[0].Image).To(Equal("gcr.io/kaniko-project/executor:" + customTag)) }) diff --git a/internal/build/job/manager.go b/internal/build/job/manager.go index 0bddf799f..80f3617fd 100644 --- a/internal/build/job/manager.go +++ b/internal/build/job/manager.go @@ -54,7 +54,7 @@ func (jbm *jobManager) Sync(ctx context.Context, mod kmmv1beta1.Module, m kmmv1b buildConfig := jbm.helper.GetRelevantBuild(mod, m) - jobTemplate, err := jbm.maker.MakeJobTemplate(mod, buildConfig, targetKernel, targetImage, pushImage) + jobTemplate, err := jbm.maker.MakeJobTemplate(mod, buildConfig, targetKernel, targetImage, pushImage, m.RegistryTLS) if err != nil { return build.Result{}, fmt.Errorf("could not make Job template: %v", err) } diff --git a/internal/build/job/manager_test.go b/internal/build/job/manager_test.go index 3b1704df9..a8efdbb66 100644 --- a/internal/build/job/manager_test.go +++ b/internal/build/job/manager_test.go @@ -40,10 +40,8 @@ var _ = Describe("Sync", func() { jobhelper = utils.NewMockJobHelper(ctrl) }) - po := &kmmv1beta1.PullOptions{} - km := kmmv1beta1.KernelMapping{ - Build: &kmmv1beta1.Build{Pull: *po}, + Build: &kmmv1beta1.Build{}, ContainerImage: imageName, } @@ -71,7 +69,7 @@ var _ = Describe("Sync", func() { gomock.InOrder( helper.EXPECT().GetRelevantBuild(mod, km).Return(km.Build), - maker.EXPECT().MakeJobTemplate(mod, km.Build, kernelVersion, km.ContainerImage, true).Return(&j, nil), + maker.EXPECT().MakeJobTemplate(mod, km.Build, kernelVersion, km.ContainerImage, true, nil).Return(&j, nil), jobhelper.EXPECT().GetModuleJobByKernel(ctx, mod, kernelVersion, utils.JobTypeBuild).Return(&j, nil), jobhelper.EXPECT().IsJobChanged(&j, &j).Return(false, nil), ) @@ -97,7 +95,7 @@ var _ = Describe("Sync", func() { gomock.InOrder( helper.EXPECT().GetRelevantBuild(mod, km).Return(km.Build), - maker.EXPECT().MakeJobTemplate(mod, km.Build, kernelVersion, km.ContainerImage, true).Return(nil, errors.New("random error")), + maker.EXPECT().MakeJobTemplate(mod, km.Build, kernelVersion, km.ContainerImage, true, nil).Return(nil, errors.New("random error")), ) mgr := NewBuildManager(clnt, maker, helper, jobhelper) @@ -124,7 +122,7 @@ var _ = Describe("Sync", func() { gomock.InOrder( helper.EXPECT().GetRelevantBuild(mod, km).Return(km.Build), - maker.EXPECT().MakeJobTemplate(mod, km.Build, kernelVersion, km.ContainerImage, true).Return(&j, nil), + maker.EXPECT().MakeJobTemplate(mod, km.Build, kernelVersion, km.ContainerImage, true, nil).Return(&j, nil), jobhelper.EXPECT().GetModuleJobByKernel(ctx, mod, kernelVersion, utils.JobTypeBuild).Return(nil, utils.ErrNoMatchingJob), jobhelper.EXPECT().CreateJob(ctx, &j).Return(errors.New("some error")), ) @@ -154,7 +152,7 @@ var _ = Describe("Sync", func() { gomock.InOrder( helper.EXPECT().GetRelevantBuild(mod, km).Return(km.Build), - maker.EXPECT().MakeJobTemplate(mod, km.Build, kernelVersion, km.ContainerImage, true).Return(&j, nil), + maker.EXPECT().MakeJobTemplate(mod, km.Build, kernelVersion, km.ContainerImage, true, nil).Return(&j, nil), jobhelper.EXPECT().GetModuleJobByKernel(ctx, mod, kernelVersion, utils.JobTypeBuild).Return(nil, utils.ErrNoMatchingJob), jobhelper.EXPECT().CreateJob(ctx, &j).Return(nil), ) @@ -197,7 +195,7 @@ var _ = Describe("Sync", func() { gomock.InOrder( helper.EXPECT().GetRelevantBuild(mod, km).Return(km.Build), - maker.EXPECT().MakeJobTemplate(mod, km.Build, kernelVersion, km.ContainerImage, true).Return(&newJob, nil), + maker.EXPECT().MakeJobTemplate(mod, km.Build, kernelVersion, km.ContainerImage, true, nil).Return(&newJob, nil), jobhelper.EXPECT().GetModuleJobByKernel(ctx, mod, kernelVersion, utils.JobTypeBuild).Return(&j, nil), jobhelper.EXPECT().IsJobChanged(&j, &newJob).Return(true, nil), jobhelper.EXPECT().DeleteJob(ctx, &j).Return(nil), diff --git a/internal/build/job/mock_maker.go b/internal/build/job/mock_maker.go index 90c5dec0d..663d70b56 100644 --- a/internal/build/job/mock_maker.go +++ b/internal/build/job/mock_maker.go @@ -36,16 +36,16 @@ func (m *MockMaker) EXPECT() *MockMakerMockRecorder { } // MakeJobTemplate mocks base method. -func (m *MockMaker) MakeJobTemplate(mod v1beta1.Module, buildConfig *v1beta1.Build, targetKernel, containerImage string, pushImage bool) (*v1.Job, error) { +func (m *MockMaker) MakeJobTemplate(mod v1beta1.Module, buildConfig *v1beta1.Build, targetKernel, containerImage string, pushImage bool, registryTLS *v1beta1.TLSOptions) (*v1.Job, error) { m.ctrl.T.Helper() - ret := m.ctrl.Call(m, "MakeJobTemplate", mod, buildConfig, targetKernel, containerImage, pushImage) + ret := m.ctrl.Call(m, "MakeJobTemplate", mod, buildConfig, targetKernel, containerImage, pushImage, registryTLS) ret0, _ := ret[0].(*v1.Job) ret1, _ := ret[1].(error) return ret0, ret1 } // MakeJobTemplate indicates an expected call of MakeJobTemplate. -func (mr *MockMakerMockRecorder) MakeJobTemplate(mod, buildConfig, targetKernel, containerImage, pushImage interface{}) *gomock.Call { +func (mr *MockMakerMockRecorder) MakeJobTemplate(mod, buildConfig, targetKernel, containerImage, pushImage, registryTLS interface{}) *gomock.Call { mr.mock.ctrl.T.Helper() - return mr.mock.ctrl.RecordCallWithMethodType(mr.mock, "MakeJobTemplate", reflect.TypeOf((*MockMaker)(nil).MakeJobTemplate), mod, buildConfig, targetKernel, containerImage, pushImage) + return mr.mock.ctrl.RecordCallWithMethodType(mr.mock, "MakeJobTemplate", reflect.TypeOf((*MockMaker)(nil).MakeJobTemplate), mod, buildConfig, targetKernel, containerImage, pushImage, registryTLS) } diff --git a/internal/module/helper.go b/internal/module/helper.go index 2880b25ff..394129b95 100644 --- a/internal/module/helper.go +++ b/internal/module/helper.go @@ -4,9 +4,9 @@ import ( kmmv1beta1 "github.com/kubernetes-sigs/kernel-module-management/api/v1beta1" ) -func GetRelevantPullOptions(mod *kmmv1beta1.Module, km *kmmv1beta1.KernelMapping) *kmmv1beta1.PullOptions { - if km.Pull != nil { - return km.Pull +func GetRelevantTLSOptions(mod *kmmv1beta1.Module, km *kmmv1beta1.KernelMapping) *kmmv1beta1.TLSOptions { + if km.RegistryTLS != nil { + return km.RegistryTLS } - return mod.Spec.ModuleLoader.Container.Pull + return mod.Spec.ModuleLoader.Container.RegistryTLS } diff --git a/internal/preflight/preflight.go b/internal/preflight/preflight.go index 55f546bf3..91af46e02 100644 --- a/internal/preflight/preflight.go +++ b/internal/preflight/preflight.go @@ -106,9 +106,9 @@ func (p *preflightHelper) verifyImage(ctx context.Context, mapping *kmmv1beta1.K moduleFileName := mod.Spec.ModuleLoader.Container.Modprobe.ModuleName + ".ko" baseDir := mod.Spec.ModuleLoader.Container.Modprobe.DirName - pullOptions := module.GetRelevantPullOptions(mod, mapping) + tlsOptions := module.GetRelevantTLSOptions(mod, mapping) registryAuthGetter := auth.NewRegistryAuthGetterFrom(p.client, mod) - digests, repoConfig, err := p.registryAPI.GetLayersDigests(ctx, image, pullOptions, registryAuthGetter) + digests, repoConfig, err := p.registryAPI.GetLayersDigests(ctx, image, tlsOptions, registryAuthGetter) if err != nil { log.Info("image layers inaccessible, image probably does not exists", "module name", mod.Name, "image", image) return false, fmt.Sprintf("image %s inaccessible or does not exists", image) diff --git a/internal/registry/mock_registry_api.go b/internal/registry/mock_registry_api.go index b4e60cef6..e8ce3afbf 100644 --- a/internal/registry/mock_registry_api.go +++ b/internal/registry/mock_registry_api.go @@ -132,9 +132,9 @@ func (mr *MockRegistryMockRecorder) GetLayerMediaType(image interface{}) *gomock } // GetLayersDigests mocks base method. -func (m *MockRegistry) GetLayersDigests(ctx context.Context, image string, po *v1beta1.PullOptions, registryAuthGetter auth.RegistryAuthGetter) ([]string, *RepoPullConfig, error) { +func (m *MockRegistry) GetLayersDigests(ctx context.Context, image string, tlsOptions *v1beta1.TLSOptions, registryAuthGetter auth.RegistryAuthGetter) ([]string, *RepoPullConfig, error) { m.ctrl.T.Helper() - ret := m.ctrl.Call(m, "GetLayersDigests", ctx, image, po, registryAuthGetter) + ret := m.ctrl.Call(m, "GetLayersDigests", ctx, image, tlsOptions, registryAuthGetter) ret0, _ := ret[0].([]string) ret1, _ := ret[1].(*RepoPullConfig) ret2, _ := ret[2].(error) @@ -142,24 +142,24 @@ func (m *MockRegistry) GetLayersDigests(ctx context.Context, image string, po *v } // GetLayersDigests indicates an expected call of GetLayersDigests. -func (mr *MockRegistryMockRecorder) GetLayersDigests(ctx, image, po, registryAuthGetter interface{}) *gomock.Call { +func (mr *MockRegistryMockRecorder) GetLayersDigests(ctx, image, tlsOptions, registryAuthGetter interface{}) *gomock.Call { mr.mock.ctrl.T.Helper() - return mr.mock.ctrl.RecordCallWithMethodType(mr.mock, "GetLayersDigests", reflect.TypeOf((*MockRegistry)(nil).GetLayersDigests), ctx, image, po, registryAuthGetter) + return mr.mock.ctrl.RecordCallWithMethodType(mr.mock, "GetLayersDigests", reflect.TypeOf((*MockRegistry)(nil).GetLayersDigests), ctx, image, tlsOptions, registryAuthGetter) } // ImageExists mocks base method. -func (m *MockRegistry) ImageExists(ctx context.Context, image string, po *v1beta1.PullOptions, registryAuthGetter auth.RegistryAuthGetter) (bool, error) { +func (m *MockRegistry) ImageExists(ctx context.Context, image string, tlsOptions *v1beta1.TLSOptions, registryAuthGetter auth.RegistryAuthGetter) (bool, error) { m.ctrl.T.Helper() - ret := m.ctrl.Call(m, "ImageExists", ctx, image, po, registryAuthGetter) + ret := m.ctrl.Call(m, "ImageExists", ctx, image, tlsOptions, registryAuthGetter) ret0, _ := ret[0].(bool) ret1, _ := ret[1].(error) return ret0, ret1 } // ImageExists indicates an expected call of ImageExists. -func (mr *MockRegistryMockRecorder) ImageExists(ctx, image, po, registryAuthGetter interface{}) *gomock.Call { +func (mr *MockRegistryMockRecorder) ImageExists(ctx, image, tlsOptions, registryAuthGetter interface{}) *gomock.Call { mr.mock.ctrl.T.Helper() - return mr.mock.ctrl.RecordCallWithMethodType(mr.mock, "ImageExists", reflect.TypeOf((*MockRegistry)(nil).ImageExists), ctx, image, po, registryAuthGetter) + return mr.mock.ctrl.RecordCallWithMethodType(mr.mock, "ImageExists", reflect.TypeOf((*MockRegistry)(nil).ImageExists), ctx, image, tlsOptions, registryAuthGetter) } // ParseReference mocks base method. diff --git a/internal/registry/registry.go b/internal/registry/registry.go index 742a47cb2..52c9fa22a 100644 --- a/internal/registry/registry.go +++ b/internal/registry/registry.go @@ -49,9 +49,9 @@ type RepoPullConfig struct { //go:generate mockgen -source=registry.go -package=registry -destination=mock_registry_api.go type Registry interface { - ImageExists(ctx context.Context, image string, po *kmmv1beta1.PullOptions, registryAuthGetter auth.RegistryAuthGetter) (bool, error) + ImageExists(ctx context.Context, image string, tlsOptions *kmmv1beta1.TLSOptions, registryAuthGetter auth.RegistryAuthGetter) (bool, error) VerifyModuleExists(layer v1.Layer, pathPrefix, kernelVersion, moduleFileName string) bool - GetLayersDigests(ctx context.Context, image string, po *kmmv1beta1.PullOptions, registryAuthGetter auth.RegistryAuthGetter) ([]string, *RepoPullConfig, error) + GetLayersDigests(ctx context.Context, image string, tlsOptions *kmmv1beta1.TLSOptions, registryAuthGetter auth.RegistryAuthGetter) ([]string, *RepoPullConfig, error) GetLayerByDigest(digest string, pullConfig *RepoPullConfig) (v1.Layer, error) WriteImageByName(imageName string, image v1.Image, auth authn.Authenticator) error WalkFilesInImage(image v1.Image, fn func(filename string, header *tar.Header, tarreader io.Reader, data []interface{}) error, data ...interface{}) error @@ -70,8 +70,8 @@ func NewRegistry() Registry { return ®istry{} } -func (r *registry) ImageExists(ctx context.Context, image string, po *kmmv1beta1.PullOptions, registryAuthGetter auth.RegistryAuthGetter) (bool, error) { - _, _, err := r.getImageManifest(ctx, image, po, registryAuthGetter) +func (r *registry) ImageExists(ctx context.Context, image string, tlsOptions *kmmv1beta1.TLSOptions, registryAuthGetter auth.RegistryAuthGetter) (bool, error) { + _, _, err := r.getImageManifest(ctx, image, tlsOptions, registryAuthGetter) if err != nil { te := &transport.Error{} if errors.As(err, &te) && te.StatusCode == http.StatusNotFound { @@ -82,8 +82,8 @@ func (r *registry) ImageExists(ctx context.Context, image string, po *kmmv1beta1 return true, nil } -func (r *registry) GetLayersDigests(ctx context.Context, image string, po *kmmv1beta1.PullOptions, registryAuthGetter auth.RegistryAuthGetter) ([]string, *RepoPullConfig, error) { - manifest, pullConfig, err := r.getImageManifest(ctx, image, po, registryAuthGetter) +func (r *registry) GetLayersDigests(ctx context.Context, image string, tlsOptions *kmmv1beta1.TLSOptions, registryAuthGetter auth.RegistryAuthGetter) ([]string, *RepoPullConfig, error) { + manifest, pullConfig, err := r.getImageManifest(ctx, image, tlsOptions, registryAuthGetter) if err != nil { return nil, nil, fmt.Errorf("failed to get manifest from image %s: %w", image, err) } @@ -107,7 +107,7 @@ func (r *registry) VerifyModuleExists(layer v1.Layer, pathPrefix, kernelVersion, return err == nil } -func (r *registry) getPullOptions(ctx context.Context, image string, po *kmmv1beta1.PullOptions, registryAuthGetter auth.RegistryAuthGetter) (*RepoPullConfig, error) { +func (r *registry) getPullOptions(ctx context.Context, image string, tlsOptions *kmmv1beta1.TLSOptions, registryAuthGetter auth.RegistryAuthGetter) (*RepoPullConfig, error) { var repo string if hash := strings.Split(image, "@"); len(hash) > 1 { repo = hash[0] @@ -123,12 +123,12 @@ func (r *registry) getPullOptions(ctx context.Context, image string, po *kmmv1be crane.WithContext(ctx), } - if po != nil { - if po.Insecure { + if tlsOptions != nil { + if tlsOptions.Insecure { options = append(options, crane.Insecure) } - if po.InsecureSkipTLSVerify { + if tlsOptions.InsecureSkipTLSVerify { rt := http.DefaultTransport.(*http.Transport).Clone() rt.TLSClientConfig.InsecureSkipVerify = true @@ -153,8 +153,8 @@ func (r *registry) getPullOptions(ctx context.Context, image string, po *kmmv1be return &RepoPullConfig{repo: repo, authOptions: options}, nil } -func (r *registry) getImageManifest(ctx context.Context, image string, po *kmmv1beta1.PullOptions, registryAuthGetter auth.RegistryAuthGetter) ([]byte, *RepoPullConfig, error) { - pullConfig, err := r.getPullOptions(ctx, image, po, registryAuthGetter) +func (r *registry) getImageManifest(ctx context.Context, image string, tlsOptions *kmmv1beta1.TLSOptions, registryAuthGetter auth.RegistryAuthGetter) ([]byte, *RepoPullConfig, error) { + pullConfig, err := r.getPullOptions(ctx, image, tlsOptions, registryAuthGetter) if err != nil { return nil, nil, fmt.Errorf("failed to get pull options for image %s: %w", image, err) } diff --git a/internal/registry/registry_test.go b/internal/registry/registry_test.go index 4c57dc51c..3a5479d12 100644 --- a/internal/registry/registry_test.go +++ b/internal/registry/registry_test.go @@ -58,7 +58,7 @@ var _ = Describe("ImageExists", func() { It("should fail if the image name isn't valid", func() { - _, err = reg.ImageExists(ctx, invalidImage, &kmmv1beta1.PullOptions{}, nil) + _, err = reg.ImageExists(ctx, invalidImage, &kmmv1beta1.TLSOptions{}, nil) Expect(err).To(HaveOccurred()) Expect(err.Error()).To(ContainSubstring("does not contain hash or tag")) @@ -68,7 +68,7 @@ var _ = Describe("ImageExists", func() { mockRegistryAuthGetter.EXPECT().GetKeyChain(ctx).Return(nil, errors.New("some error")) - _, err = reg.ImageExists(ctx, validImage, &kmmv1beta1.PullOptions{}, mockRegistryAuthGetter) + _, err = reg.ImageExists(ctx, validImage, &kmmv1beta1.TLSOptions{}, mockRegistryAuthGetter) Expect(err).To(HaveOccurred()) Expect(err.Error()).To(ContainSubstring("cannot get keychain from the registry auth getter")) @@ -93,7 +93,7 @@ var _ = Describe("ImageExists", func() { u := mustParseURL(server.URL) image := fmt.Sprintf("%s/%s/%s:%s", u.Host, validImageOrg, validImageName, validImageTag) - _, err = reg.ImageExists(ctx, image, &kmmv1beta1.PullOptions{}, nil) + _, err = reg.ImageExists(ctx, image, &kmmv1beta1.TLSOptions{}, nil) Expect(err).To(HaveOccurred()) Expect(err.Error()).To(ContainSubstring("failed to get crane manifest from image")) @@ -108,7 +108,7 @@ var _ = Describe("ImageExists", func() { u := mustParseURL(server.URL) image := fmt.Sprintf("%s/%s/%s:%s", u.Host, validImageOrg, validImageName, validImageTag) - _, err = reg.ImageExists(ctx, image, &kmmv1beta1.PullOptions{}, nil) + _, err = reg.ImageExists(ctx, image, &kmmv1beta1.TLSOptions{}, nil) Expect(err).To(HaveOccurred()) Expect(err.Error()).To(ContainSubstring("failed to unmarshal crane manifest")) @@ -134,7 +134,7 @@ var _ = Describe("ImageExists", func() { u := mustParseURL(server.URL) image := fmt.Sprintf("%s/%s/%s:%s", u.Host, validImageOrg, validImageName, validImageTag) - _, err = reg.ImageExists(ctx, image, &kmmv1beta1.PullOptions{}, nil) + _, err = reg.ImageExists(ctx, image, &kmmv1beta1.TLSOptions{}, nil) Expect(err).To(HaveOccurred()) Expect(err.Error()).To(ContainSubstring("mediaType is missing from the image")) @@ -150,7 +150,7 @@ var _ = Describe("ImageExists", func() { u := mustParseURL(server.URL) image := fmt.Sprintf("%s/%s/%s:%s", u.Host, validImageOrg, validImageName, validImageTag) - _, err := reg.ImageExists(ctx, image, &kmmv1beta1.PullOptions{}, nil) + _, err := reg.ImageExists(ctx, image, &kmmv1beta1.TLSOptions{}, nil) Expect(err).ToNot(HaveOccurred()) }) @@ -173,9 +173,9 @@ var _ = Describe("ImageExists", func() { var err error image := fmt.Sprintf("%s/%s/%s:%s", u.Host, validImageOrg, validImageName, validImageTag) if withRegistryAuthGetter { - _, err = reg.ImageExists(ctx, image, &kmmv1beta1.PullOptions{}, mockRegistryAuthGetter) + _, err = reg.ImageExists(ctx, image, &kmmv1beta1.TLSOptions{}, mockRegistryAuthGetter) } else { - _, err = reg.ImageExists(ctx, image, &kmmv1beta1.PullOptions{}, nil) + _, err = reg.ImageExists(ctx, image, &kmmv1beta1.TLSOptions{}, nil) } Expect(err).ToNot(HaveOccurred()) }, @@ -223,7 +223,7 @@ var _ = Describe("GetLayersDigests", func() { It("should fail if the image name isn't valid", func() { - _, err = reg.ImageExists(ctx, invalidImage, &kmmv1beta1.PullOptions{}, nil) + _, err = reg.ImageExists(ctx, invalidImage, &kmmv1beta1.TLSOptions{}, nil) Expect(err).To(HaveOccurred()) Expect(err.Error()).To(ContainSubstring("does not contain hash or tag")) @@ -233,7 +233,7 @@ var _ = Describe("GetLayersDigests", func() { mockRegistryAuthGetter.EXPECT().GetKeyChain(ctx).Return(nil, errors.New("some error")) - _, err = reg.ImageExists(ctx, validImage, &kmmv1beta1.PullOptions{}, mockRegistryAuthGetter) + _, err = reg.ImageExists(ctx, validImage, &kmmv1beta1.TLSOptions{}, mockRegistryAuthGetter) Expect(err).To(HaveOccurred()) Expect(err.Error()).To(ContainSubstring("cannot get keychain from the registry auth getter")) @@ -258,7 +258,7 @@ var _ = Describe("GetLayersDigests", func() { u := mustParseURL(server.URL) image := fmt.Sprintf("%s/%s/%s:%s", u.Host, validImageOrg, validImageName, validImageTag) - _, _, err = reg.GetLayersDigests(ctx, image, &kmmv1beta1.PullOptions{}, nil) + _, _, err = reg.GetLayersDigests(ctx, image, &kmmv1beta1.TLSOptions{}, nil) Expect(err).To(HaveOccurred()) Expect(err.Error()).To(ContainSubstring("failed to get crane manifest from image")) @@ -273,7 +273,7 @@ var _ = Describe("GetLayersDigests", func() { u := mustParseURL(server.URL) image := fmt.Sprintf("%s/%s/%s:%s", u.Host, validImageOrg, validImageName, validImageTag) - _, _, err = reg.GetLayersDigests(ctx, image, &kmmv1beta1.PullOptions{}, nil) + _, _, err = reg.GetLayersDigests(ctx, image, &kmmv1beta1.TLSOptions{}, nil) Expect(err).To(HaveOccurred()) Expect(err.Error()).To(ContainSubstring("failed to unmarshal crane manifest")) @@ -299,7 +299,7 @@ var _ = Describe("GetLayersDigests", func() { u := mustParseURL(server.URL) image := fmt.Sprintf("%s/%s/%s:%s", u.Host, validImageOrg, validImageName, validImageTag) - _, _, err = reg.GetLayersDigests(ctx, image, &kmmv1beta1.PullOptions{}, nil) + _, _, err = reg.GetLayersDigests(ctx, image, &kmmv1beta1.TLSOptions{}, nil) Expect(err).To(HaveOccurred()) Expect(err.Error()).To(ContainSubstring("mediaType is missing from the image")) @@ -324,9 +324,9 @@ var _ = Describe("GetLayersDigests", func() { var err error image := fmt.Sprintf("%s/%s/%s:%s", u.Host, validImageOrg, validImageName, validImageTag) if withRegistryAuthGetter { - _, _, err = reg.GetLayersDigests(ctx, image, &kmmv1beta1.PullOptions{}, mockRegistryAuthGetter) + _, _, err = reg.GetLayersDigests(ctx, image, &kmmv1beta1.TLSOptions{}, mockRegistryAuthGetter) } else { - _, _, err = reg.GetLayersDigests(ctx, image, &kmmv1beta1.PullOptions{}, nil) + _, _, err = reg.GetLayersDigests(ctx, image, &kmmv1beta1.TLSOptions{}, nil) } Expect(err).ToNot(HaveOccurred()) }, diff --git a/internal/sign/job/manager_test.go b/internal/sign/job/manager_test.go index a2c0a7d00..54b7cc7e6 100644 --- a/internal/sign/job/manager_test.go +++ b/internal/sign/job/manager_test.go @@ -42,10 +42,8 @@ var _ = Describe("JobManager", func() { jobhelper = utils.NewMockJobHelper(ctrl) }) - po := &kmmv1beta1.PullOptions{} - km := kmmv1beta1.KernelMapping{ - Build: &kmmv1beta1.Build{Pull: *po}, + Build: &kmmv1beta1.Build{}, ContainerImage: imageName, } labels := map[string]string{"kmm.node.kubernetes.io/job-type": "sign",