openshift · openshift-merge-robot · Aug 22, 2023 · Mar 9, 2023 · Sep 22, 2022
diff --git a/pkg/dockerregistry/server/client/client.go b/pkg/dockerregistry/server/client/client.go
@@ -5,6 +5,7 @@ import (
 	coreclientv1 "k8s.io/client-go/kubernetes/typed/core/v1"
 	restclient "k8s.io/client-go/rest"
 
+	cfgv1 "github.com/openshift/client-go/config/clientset/versioned/typed/config/v1"
 	imageclientv1 "github.com/openshift/client-go/image/clientset/versioned/typed/image/v1"
 	operatorclientv1alpha1 "github.com/openshift/client-go/operator/clientset/versioned/typed/operator/v1alpha1"
 	userclientv1 "github.com/openshift/client-go/user/clientset/versioned/typed/user/v1"
@@ -42,6 +43,7 @@ type apiClient struct {
 	image    imageclientv1.ImageV1Interface
 	user     userclientv1.UserV1Interface
 	operator operatorclientv1alpha1.OperatorV1alpha1Interface
+	config   cfgv1.ConfigV1Interface
 }
 
 func newAPIClient(
@@ -50,20 +52,30 @@ func newAPIClient(
 	imageClient imageclientv1.ImageV1Interface,
 	userClient userclientv1.UserV1Interface,
 	operatorClient operatorclientv1alpha1.OperatorV1alpha1Interface,
+	configClient cfgv1.ConfigV1Interface,
 ) Interface {
 	return &apiClient{
 		kube:     kc,
 		auth:     authClient,
 		image:    imageClient,
 		user:     userClient,
 		operator: operatorClient,
+		config:   configClient,
 	}
 }
 
 func (c *apiClient) ImageContentSourcePolicy() operatorclientv1alpha1.ImageContentSourcePolicyInterface {
 	return c.operator.ImageContentSourcePolicies()
 }
 
+func (c *apiClient) ImageDigestMirrorSet() cfgv1.ImageDigestMirrorSetInterface {
+	return c.config.ImageDigestMirrorSets()
+}
+
+func (c *apiClient) ImageTagMirrorSet() cfgv1.ImageTagMirrorSetInterface {
+	return c.config.ImageTagMirrorSets()
+}
+
 func (c *apiClient) Users() UserInterface {
 	return c.user.Users()
 }
@@ -127,6 +139,7 @@ func (c *registryClient) Client() (Interface, error) {
 		imageclientv1.NewForConfigOrDie(c.kubeConfig),
 		userclientv1.NewForConfigOrDie(c.kubeConfig),
 		operatorclientv1alpha1.NewForConfigOrDie(c.kubeConfig),
+		cfgv1.NewForConfigOrDie(c.kubeConfig),
 	), nil
 }
 

diff --git a/pkg/dockerregistry/server/client/interfaces.go b/pkg/dockerregistry/server/client/interfaces.go
@@ -15,6 +15,7 @@ import (
 	operatorclientv1alpha1 "github.com/openshift/client-go/operator/clientset/versioned/typed/operator/v1alpha1"
 	userclientv1 "github.com/openshift/client-go/user/clientset/versioned/typed/user/v1"
 
+	cfgv1 "github.com/openshift/client-go/config/clientset/versioned/typed/config/v1"
 	authclientv1 "k8s.io/client-go/kubernetes/typed/authorization/v1"
 )
 
@@ -24,6 +25,8 @@ type UsersInterfacer interface {
 
 type ImageContentSourcePolicyInterfacer interface {
 	ImageContentSourcePolicy() operatorclientv1alpha1.ImageContentSourcePolicyInterface
+	ImageDigestMirrorSet() cfgv1.ImageDigestMirrorSetInterface
+	ImageTagMirrorSet() cfgv1.ImageTagMirrorSetInterface
 }
 
 type ImagesInterfacer interface {

diff --git a/pkg/dockerregistry/server/client/test.go b/pkg/dockerregistry/server/client/test.go
@@ -3,6 +3,7 @@ package client
 import (
 	coreclientv1 "k8s.io/client-go/kubernetes/typed/core/v1"
 
+	cfgfake "github.com/openshift/client-go/config/clientset/versioned/fake"
 	imageclientv1 "github.com/openshift/client-go/image/clientset/versioned/typed/image/v1"
 	operatorfake "github.com/openshift/client-go/operator/clientset/versioned/fake"
 )
@@ -22,10 +23,12 @@ func NewFakeRegistryClient(imageclient imageclientv1.ImageV1Interface) RegistryC
 
 func (c *fakeRegistryClient) Client() (Interface, error) {
 	icsp := operatorfake.NewSimpleClientset().OperatorV1alpha1()
-	return newAPIClient(nil, nil, c.images, nil, icsp), nil
+	cfgclient := cfgfake.NewSimpleClientset().ConfigV1()
+	return newAPIClient(nil, nil, c.images, nil, icsp, cfgclient), nil
 }
 
 func NewFakeRegistryAPIClient(kc coreclientv1.CoreV1Interface, imageclient imageclientv1.ImageV1Interface) Interface {
 	icsp := operatorfake.NewSimpleClientset().OperatorV1alpha1()
-	return newAPIClient(nil, nil, imageclient, nil, icsp)
+	idms := cfgfake.NewSimpleClientset().ConfigV1()
+	return newAPIClient(nil, nil, imageclient, nil, icsp, idms)
 }
diff --git a/pkg/dockerregistry/server/pullthroughblobstore_test.go b/pkg/dockerregistry/server/pullthroughblobstore_test.go
@@ -20,6 +20,7 @@ import (
 	"github.com/opencontainers/go-digest"
 
 	imageapiv1 "github.com/openshift/api/image/v1"
+	cfgfake "github.com/openshift/client-go/config/clientset/versioned/fake"
 	operatorfake "github.com/openshift/client-go/operator/clientset/versioned/fake"
 	"github.com/openshift/library-go/pkg/image/registryclient"
 
@@ -35,6 +36,8 @@ import (
 
 func TestPullthroughServeBlob(t *testing.T) {
 	icsp := operatorfake.NewSimpleClientset().OperatorV1alpha1().ImageContentSourcePolicies()
+	idms := cfgfake.NewSimpleClientset().ConfigV1().ImageDigestMirrorSets()
+	itms := cfgfake.NewSimpleClientset().ConfigV1().ImageTagMirrorSets()
 	ctx := context.Background()
 	ctx = testutil.WithTestLogger(ctx, t)
 
@@ -171,6 +174,8 @@ func TestPullthroughServeBlob(t *testing.T) {
 			cache,
 			metrics.NewNoopMetrics(),
 			icsp,
+			idms,
+			itms,
 		)
 
 		ptbs := &pullthroughBlobStore{
@@ -331,6 +336,8 @@ func TestPullthroughServeNotSeekableBlob(t *testing.T) {
 
 func TestPullthroughServeBlobInsecure(t *testing.T) {
 	icsp := operatorfake.NewSimpleClientset().OperatorV1alpha1().ImageContentSourcePolicies()
+	idms := cfgfake.NewSimpleClientset().ConfigV1().ImageDigestMirrorSets()
+	itms := cfgfake.NewSimpleClientset().ConfigV1().ImageTagMirrorSets()
 	namespace := "user"
 	repo1 := "app1"
 	repo2 := "app2"
@@ -608,6 +615,8 @@ func TestPullthroughServeBlobInsecure(t *testing.T) {
 				cache,
 				metrics.NewNoopMetrics(),
 				icsp,
+				idms,
+				itms,
 			)
 
 			ptbs := &pullthroughBlobStore{
@@ -675,6 +684,8 @@ func TestPullthroughServeBlobInsecure(t *testing.T) {
 
 func TestPullthroughMetrics(t *testing.T) {
 	icsp := operatorfake.NewSimpleClientset().OperatorV1alpha1().ImageContentSourcePolicies()
+	idms := cfgfake.NewSimpleClientset().ConfigV1().ImageDigestMirrorSets()
+	itms := cfgfake.NewSimpleClientset().ConfigV1().ImageTagMirrorSets()
 	ctx := context.Background()
 	ctx = testutil.WithTestLogger(ctx, t)
 
@@ -735,6 +746,8 @@ func TestPullthroughMetrics(t *testing.T) {
 		cache,
 		metrics.NewMetrics(sink),
 		icsp,
+		idms,
+		itms,
 	)
 
 	ptbs := &pullthroughBlobStore{

diff --git a/pkg/dockerregistry/server/pullthroughmanifestservice.go b/pkg/dockerregistry/server/pullthroughmanifestservice.go
@@ -11,6 +11,7 @@ import (
 	"github.com/distribution/distribution/v3/registry/client"
 	"github.com/opencontainers/go-digest"
 
+	cfgv1 "github.com/openshift/client-go/config/clientset/versioned/typed/config/v1"
 	operatorv1alpha1 "github.com/openshift/client-go/operator/clientset/versioned/typed/operator/v1alpha1"
 
 	"github.com/openshift/image-registry/pkg/dockerregistry/server/cache"
@@ -32,6 +33,8 @@ type pullthroughManifestService struct {
 	mirror                  bool
 	registryAddr            string
 	metrics                 metrics.Pullthrough
+	idms                    cfgv1.ImageDigestMirrorSetInterface
+	itms                    cfgv1.ImageTagMirrorSetInterface
 	icsp                    operatorv1alpha1.ImageContentSourcePolicyInterface
 }
 
@@ -129,7 +132,7 @@ func (m *pullthroughManifestService) getRemoteRepositoryClient(ctx context.Conte
 		dcontext.GetLogger(ctx).Errorf("error getting secrets: %v", err)
 	}
 
-	retriever, impErr := getImportContext(ctx, ref, secrets, m.metrics, m.icsp)
+	retriever, impErr := getImportContext(ctx, ref, secrets, m.metrics, m.icsp, m.idms, m.itms)
 	if impErr != nil {
 		return nil, impErr
 	}

diff --git a/pkg/dockerregistry/server/pullthroughmanifestservice_test.go b/pkg/dockerregistry/server/pullthroughmanifestservice_test.go
@@ -18,6 +18,7 @@ import (
 	"github.com/opencontainers/go-digest"
 
 	imageapiv1 "github.com/openshift/api/image/v1"
+	cfgfake "github.com/openshift/client-go/config/clientset/versioned/fake"
 	operatorfake "github.com/openshift/client-go/operator/clientset/versioned/fake"
 
 	"github.com/openshift/image-registry/pkg/dockerregistry/server/cache"
@@ -55,6 +56,8 @@ func createTestRegistryServer(t *testing.T, ctx context.Context) *httptest.Serve
 
 func TestPullthroughManifests(t *testing.T) {
 	icsp := operatorfake.NewSimpleClientset().OperatorV1alpha1().ImageContentSourcePolicies()
+	idms := cfgfake.NewSimpleClientset().ConfigV1().ImageDigestMirrorSets()
+	itms := cfgfake.NewSimpleClientset().ConfigV1().ImageTagMirrorSets()
 	namespace := "fuser"
 	repo := "zapp"
 	repoName := fmt.Sprintf("%s/%s", namespace, repo)
@@ -188,6 +191,8 @@ func TestPullthroughManifests(t *testing.T) {
 			cache:           cache,
 			registryAddr:    "localhost:5000",
 			metrics:         metrics.NewNoopMetrics(),
+			idms:            idms,
+			itms:            itms,
 			icsp:            icsp,
 		}
 
@@ -228,6 +233,8 @@ func TestPullthroughManifests(t *testing.T) {
 
 func TestPullthroughManifestInsecure(t *testing.T) {
 	icsp := operatorfake.NewSimpleClientset().OperatorV1alpha1().ImageContentSourcePolicies()
+	idms := cfgfake.NewSimpleClientset().ConfigV1().ImageDigestMirrorSets()
+	itms := cfgfake.NewSimpleClientset().ConfigV1().ImageTagMirrorSets()
 	namespace := "fuser"
 	repo := "zapp"
 	repoName := fmt.Sprintf("%s/%s", namespace, repo)
@@ -431,6 +438,8 @@ func TestPullthroughManifestInsecure(t *testing.T) {
 				imageStream:     imageStream,
 				cache:           cache,
 				metrics:         metrics.NewNoopMetrics(),
+				idms:            idms,
+				itms:            itms,
 				icsp:            icsp,
 			}
 
@@ -473,6 +482,8 @@ func TestPullthroughManifestInsecure(t *testing.T) {
 
 func TestPullthroughManifestDockerReference(t *testing.T) {
 	icsp := operatorfake.NewSimpleClientset().OperatorV1alpha1().ImageContentSourcePolicies()
+	idms := cfgfake.NewSimpleClientset().ConfigV1().ImageDigestMirrorSets()
+	itms := cfgfake.NewSimpleClientset().ConfigV1().ImageTagMirrorSets()
 	namespace := "user"
 	repo1 := "repo1"
 	repo2 := "repo2"
@@ -572,6 +583,8 @@ func TestPullthroughManifestDockerReference(t *testing.T) {
 			ManifestService: newTestManifestService(tc.repoName, nil),
 			imageStream:     imageStream,
 			metrics:         metrics.NewNoopMetrics(),
+			idms:            idms,
+			itms:            itms,
 			icsp:            icsp,
 		}
 
@@ -668,6 +681,8 @@ func (ms *putWaiterManifestService) Put(ctx context.Context, manifest distributi
 
 func TestPullthroughManifestMirroring(t *testing.T) {
 	icsp := operatorfake.NewSimpleClientset().OperatorV1alpha1().ImageContentSourcePolicies()
+	idms := cfgfake.NewSimpleClientset().ConfigV1().ImageDigestMirrorSets()
+	itms := cfgfake.NewSimpleClientset().ConfigV1().ImageTagMirrorSets()
 	const timeout = 5 * time.Second
 
 	namespace := "myproject"
@@ -732,6 +747,8 @@ func TestPullthroughManifestMirroring(t *testing.T) {
 		imageStream:             imageStream,
 		mirror:                  true,
 		metrics:                 metrics.NewNoopMetrics(),
+		idms:                    idms,
+		itms:                    itms,
 		icsp:                    icsp,
 	}
 
@@ -749,6 +766,8 @@ func TestPullthroughManifestMirroring(t *testing.T) {
 
 func TestPullthroughManifestMetrics(t *testing.T) {
 	icsp := operatorfake.NewSimpleClientset().OperatorV1alpha1().ImageContentSourcePolicies()
+	idms := cfgfake.NewSimpleClientset().ConfigV1().ImageDigestMirrorSets()
+	itms := cfgfake.NewSimpleClientset().ConfigV1().ImageTagMirrorSets()
 	namespace := "myproject"
 	repo := "myapp"
 	repoName := fmt.Sprintf("%s/%s", namespace, repo)
@@ -810,6 +829,8 @@ func TestPullthroughManifestMetrics(t *testing.T) {
 		newLocalManifestService: func(ctx context.Context) (distribution.ManifestService, error) { return ms, nil },
 		imageStream:             imageStream,
 		metrics:                 metrics.NewMetrics(sink),
+		idms:                    idms,
+		itms:                    itms,
 		icsp:                    icsp,
 	}
 

diff --git a/pkg/dockerregistry/server/remoteblobgetter.go b/pkg/dockerregistry/server/remoteblobgetter.go
@@ -13,6 +13,7 @@ import (
 
 	corev1 "k8s.io/api/core/v1"
 
+	cfgv1 "github.com/openshift/client-go/config/clientset/versioned/typed/config/v1"
 	operatorv1alpha1 "github.com/openshift/client-go/operator/clientset/versioned/typed/operator/v1alpha1"
 	"github.com/openshift/library-go/pkg/image/registryclient"
 
@@ -72,6 +73,8 @@ type remoteBlobGetterService struct {
 	digestToStore *digestBlobStoreCache
 	metrics       metrics.Pullthrough
 	icsp          operatorv1alpha1.ImageContentSourcePolicyInterface
+	idms          cfgv1.ImageDigestMirrorSetInterface
+	itms          cfgv1.ImageTagMirrorSetInterface
 }
 
 var _ BlobGetterService = &remoteBlobGetterService{}
@@ -84,6 +87,8 @@ func NewBlobGetterService(
 	cache cache.RepositoryDigest,
 	m metrics.Pullthrough,
 	icsp operatorv1alpha1.ImageContentSourcePolicyInterface,
+	idms cfgv1.ImageDigestMirrorSetInterface,
+	itms cfgv1.ImageTagMirrorSetInterface,
 ) BlobGetterService {
 	return &remoteBlobGetterService{
 		imageStream:   imageStream,
@@ -92,6 +97,8 @@ func NewBlobGetterService(
 		digestToStore: newDigestBlobStoreCache(m),
 		metrics:       m,
 		icsp:          icsp,
+		idms:          idms,
+		itms:          itms,
 	}
 }
 
@@ -295,7 +302,7 @@ func (rbgs *remoteBlobGetterService) findCandidateRepository(
 			continue
 		}
 
-		retriever, impErr := getImportContext(ctx, spec.DockerImageReference, secrets, rbgs.metrics, rbgs.icsp)
+		retriever, impErr := getImportContext(ctx, spec.DockerImageReference, secrets, rbgs.metrics, rbgs.icsp, rbgs.idms, rbgs.itms)
 		if impErr != nil {
 			return distribution.Descriptor{}, nil, impErr
 		}
@@ -317,7 +324,7 @@ func (rbgs *remoteBlobGetterService) findCandidateRepository(
 			continue
 		}
 
-		retriever, impErr := getImportContext(ctx, spec.DockerImageReference, secrets, rbgs.metrics, rbgs.icsp)
+		retriever, impErr := getImportContext(ctx, spec.DockerImageReference, secrets, rbgs.metrics, rbgs.icsp, rbgs.idms, rbgs.itms)
 		if impErr != nil {
 			return distribution.Descriptor{}, nil, impErr
 		}

diff --git a/pkg/dockerregistry/server/repository.go b/pkg/dockerregistry/server/repository.go
@@ -11,6 +11,7 @@ import (
 
 	restclient "k8s.io/client-go/rest"
 
+	cfgv1 "github.com/openshift/client-go/config/clientset/versioned/typed/config/v1"
 	operatorv1alpha1 "github.com/openshift/client-go/operator/clientset/versioned/typed/operator/v1alpha1"
 
 	"github.com/openshift/image-registry/pkg/dockerregistry/server/audit"
@@ -47,6 +48,8 @@ type repository struct {
 
 	imageStream imagestream.ImageStream
 	icsp        operatorv1alpha1.ImageContentSourcePolicyInterface
+	idms        cfgv1.ImageDigestMirrorSetInterface
+	itms        cfgv1.ImageTagMirrorSetInterface
 
 	// remoteBlobGetter is used to fetch blobs from remote registries if pullthrough is enabled.
 	remoteBlobGetter BlobGetterService
@@ -75,6 +78,8 @@ func (app *App) Repository(ctx context.Context, repo distribution.Repository, cr
 		imageStream: imagestream.New(ctx, namespace, name, registryOSClient),
 		cache:       cache.NewRepositoryDigest(app.cache),
 		icsp:        registryOSClient.ImageContentSourcePolicy(),
+		idms:        registryOSClient.ImageDigestMirrorSet(),
+		itms:        registryOSClient.ImageTagMirrorSet(),
 	}
 
 	r.remoteBlobGetter = NewBlobGetterService(
@@ -83,6 +88,8 @@ func (app *App) Repository(ctx context.Context, repo distribution.Repository, cr
 		r.cache,
 		r.app.metrics,
 		r.icsp,
+		r.idms,
+		r.itms,
 	)
 
 	repo = distribution.Repository(r)
@@ -128,7 +135,9 @@ func (r *repository) Manifests(ctx context.Context, options ...distribution.Mani
 		mirror:       r.app.config.Pullthrough.Mirror,
 		registryAddr: r.app.config.Server.Addr,
 		metrics:      r.app.metrics,
+		idms:         r.idms,
 		icsp:         r.icsp,
+		itms:         r.itms,
 	}
 
 	ms = newPendingErrorsManifestService(ms, r)