From c495ba1e394a316a99c4e8f1ddbeb473681f244e Mon Sep 17 00:00:00 2001
From: Petu Eusebiu <peusebiu@cisco.com>
Date: Thu, 9 Jun 2022 19:18:45 +0300
Subject: [PATCH] Added a flag to specify OCI annotation namespace

Signed-off-by: Petu Eusebiu <peusebiu@cisco.com>
---
 api.go                          | 14 ++++++++++--
 build.go                        | 25 +++++++++++----------
 cmd/build.go                    | 20 +++++++++++------
 squashfs/verity.go              |  2 +-
 test/annotations-namespace.bats | 39 +++++++++++++++++++++++++++++++++
 test/basic.bats                 |  4 ++--
 6 files changed, 80 insertions(+), 24 deletions(-)
 create mode 100644 test/annotations-namespace.bats

diff --git a/api.go b/api.go
index 3f250dfef..804279547 100644
--- a/api.go
+++ b/api.go
@@ -1,6 +1,16 @@
 package stacker
 
+import "fmt"
+
 const (
-	GitVersionAnnotation      = "com.cisco.stacker.git_version"
-	StackerContentsAnnotation = "com.cisco.stacker.stacker_yaml"
+	GitVersionAnnotation      = "%s.stacker.git_version"
+	StackerContentsAnnotation = "%s.stacker.stacker_yaml"
 )
+
+func getGitVersionAnnotation(namespace string) string {
+	return fmt.Sprintf(GitVersionAnnotation, namespace)
+}
+
+func getStackerContentsAnnotation(namespace string) string {
+	return fmt.Sprintf(StackerContentsAnnotation, namespace)
+}
diff --git a/build.go b/build.go
index aa5cc29d7..6e2ed636f 100644
--- a/build.go
+++ b/build.go
@@ -25,16 +25,17 @@ import (
 const DefaultShell = "/usr/bin/sh"
 
 type BuildArgs struct {
-	Config       types.StackerConfig
-	LeaveUnladen bool
-	NoCache      bool
-	Substitute   []string
-	OnRunFailure string
-	LayerTypes   []types.LayerType
-	OrderOnly    bool
-	HashRequired bool
-	SetupOnly    bool
-	Progress     bool
+	Config               types.StackerConfig
+	LeaveUnladen         bool
+	NoCache              bool
+	Substitute           []string
+	OnRunFailure         string
+	LayerTypes           []types.LayerType
+	OrderOnly            bool
+	HashRequired         bool
+	SetupOnly            bool
+	Progress             bool
+	AnnotationsNamespace string
 }
 
 // Builder is responsible for building the layers based on stackerfiles
@@ -226,10 +227,10 @@ func (b *Builder) updateOCIConfigForOutput(sf *types.Stackerfile, s types.Storag
 
 	if gitVersion != "" {
 		log.Debugf("setting git version annotation to %s", gitVersion)
-		annotations[GitVersionAnnotation] = gitVersion
+		annotations[getGitVersionAnnotation(opts.AnnotationsNamespace)] = gitVersion
 	}
 
-	annotations[StackerContentsAnnotation] = sf.AfterSubstitutions
+	annotations[getStackerContentsAnnotation(opts.AnnotationsNamespace)] = sf.AfterSubstitutions
 
 	history := ispec.History{
 		EmptyLayer: true, // this is only the history for imageConfig edit
diff --git a/cmd/build.go b/cmd/build.go
index 38f95193c..f2aaded38 100644
--- a/cmd/build.go
+++ b/cmd/build.go
@@ -62,6 +62,11 @@ func initCommonBuildFlags() []cli.Flag {
 			Name:  "order-only",
 			Usage: "show the build order without running the actual build",
 		},
+		cli.StringFlag{
+			Name:  "annotations-namespace",
+			Usage: "set OCI annotations namespace in the OCI image manifest",
+			Value: "io.stackeroci",
+		},
 	}
 }
 
@@ -82,13 +87,14 @@ func beforeBuild(ctx *cli.Context) error {
 
 func newBuildArgs(ctx *cli.Context) (stacker.BuildArgs, error) {
 	args := stacker.BuildArgs{
-		Config:       config,
-		NoCache:      ctx.Bool("no-cache"),
-		Substitute:   ctx.StringSlice("substitute"),
-		OnRunFailure: ctx.String("on-run-failure"),
-		OrderOnly:    ctx.Bool("order-only"),
-		HashRequired: ctx.Bool("require-hash"),
-		Progress:     shouldShowProgress(ctx),
+		Config:               config,
+		NoCache:              ctx.Bool("no-cache"),
+		Substitute:           ctx.StringSlice("substitute"),
+		OnRunFailure:         ctx.String("on-run-failure"),
+		OrderOnly:            ctx.Bool("order-only"),
+		HashRequired:         ctx.Bool("require-hash"),
+		Progress:             shouldShowProgress(ctx),
+		AnnotationsNamespace: ctx.String("annotations-namespace"),
 	}
 	var err error
 	verity := squashfs.VerityMetadata(!ctx.Bool("no-squashfs-verity"))
diff --git a/squashfs/verity.go b/squashfs/verity.go
index 484857a45..98f89c0c9 100644
--- a/squashfs/verity.go
+++ b/squashfs/verity.go
@@ -81,7 +81,7 @@ import (
 	"golang.org/x/sys/unix"
 )
 
-const VerityRootHashAnnotation = "com.cisco.stacker.squashfs_verity_root_hash"
+const VerityRootHashAnnotation = "io.stackeroci.stacker.squashfs_verity_root_hash"
 
 type verityDeviceType struct {
 	Flags      uint
diff --git a/test/annotations-namespace.bats b/test/annotations-namespace.bats
new file mode 100644
index 000000000..d82102796
--- /dev/null
+++ b/test/annotations-namespace.bats
@@ -0,0 +1,39 @@
+load helpers
+
+function setup() {
+    stacker_setup
+}
+
+function teardown() {
+    cleanup
+}
+
+@test "namespace arg works" {
+    cat > stacker.yaml <<EOF
+thing:
+    from:
+        type: oci
+        url: $CENTOS_OCI
+    run: ls
+EOF
+    stacker build --annotations-namespace=namespace.example
+    [ "$status" -eq 0 ]
+    manifest=$(cat oci/index.json | jq -r .manifests[0].digest | cut -f2 -d:)
+    namespace=$(cat oci/blobs/sha256/$manifest | jq -r .annotations | cut -f1 -d:)
+    [[ "$namespace" == *"namespace.example"* ]]
+}
+
+@test "default namespace arg works" {
+    cat > stacker.yaml <<EOF
+thing:
+    from:
+        type: oci
+        url: $CENTOS_OCI
+    run: ls
+EOF
+    stacker build
+    [ "$status" -eq 0 ]
+    manifest=$(cat oci/index.json | jq -r .manifests[0].digest | cut -f2 -d:)
+    namespace=$(cat oci/blobs/sha256/$manifest | jq -r .annotations | cut -f1 -d:)
+    [[ "$namespace" == *"io.stackeroci"* ]]
+}
diff --git a/test/basic.bats b/test/basic.bats
index 23693145c..293b3e008 100644
--- a/test/basic.bats
+++ b/test/basic.bats
@@ -92,7 +92,7 @@ EOF
     config=$(cat oci/blobs/sha256/$manifest | jq -r .config.digest | cut -f2 -d:)
     [ "$(cat oci/blobs/sha256/$config | jq -r '.config.Entrypoint | join(" ")')" = "echo hello world" ]
 
-    publishedGitVersion=$(cat oci/blobs/sha256/$manifest | jq -r '.annotations."com.cisco.stacker.git_version"')
+    publishedGitVersion=$(cat oci/blobs/sha256/$manifest | jq -r '.annotations."io.stackeroci.stacker.git_version"')
     # ci does not clone tags. There it tests the fallback-to-commit path.
     myGitVersion=$(run_git describe --tags) || myGitVersion=$(run_git rev-parse HEAD)
     [ -n "$(run_git status --porcelain --untracked-files=no)" ] &&
@@ -100,7 +100,7 @@ EOF
     [ "$publishedGitVersion" = "$myGitVersion$dirty" ]
 
     # need to trim the extra newline from jq
-    cat oci/blobs/sha256/$manifest | jq -r '.annotations."com.cisco.stacker.stacker_yaml"' | sed '$ d' > stacker_yaml_annotation
+    cat oci/blobs/sha256/$manifest | jq -r '.annotations."io.stackeroci.stacker.stacker_yaml"' | sed '$ d' > stacker_yaml_annotation
 
     # now we need to do --substitute FAVICON=favicon.ico
     sed -e 's/$FAVICON/favicon.ico/g' stacker.yaml > stacker_after_subs