warehouse.go

Documentation: edge-infra.dev/pkg/f8n/warehouse/oci/validate

     1  package validate
     2  
     3  import (
     4  	"fmt"
     5  
     6  	v1 "github.com/google/go-containerregistry/pkg/v1"
     7  	"github.com/google/go-containerregistry/pkg/v1/validate"
     8  
     9  	"edge-infra.dev/pkg/f8n/warehouse/oci"
    10  	"edge-infra.dev/pkg/f8n/warehouse/oci/layer"
    11  )
    12  
    13  // Do not validate layers with ggcr as we perform our own validation on the K8s manifest layers.
    14  var skipLayerValidation = validate.Fast
    15  
    16  // Validate a generic Warehouse artifact meets the OCI and Warehouse specifications.
    17  func Warehouse(a oci.Artifact) error {
    18  	err := Validate(a, &Fns{
    19  		Index: whValidateIndex,
    20  		Image: whValidateImage,
    21  		Layer: whValidateLayer,
    22  	})
    23  	if err != nil {
    24  		return fmt.Errorf("invalid Warehouse artifact: %v", err)
    25  	}
    26  	return nil
    27  }
    28  
    29  func whValidateIndex(idx oci.Artifact, _ map[string]string) error {
    30  	// assert the index does not violate the v1.ImageIndex OCI specification
    31  	i := idx.(v1.ImageIndex)
    32  	if err := validate.Index(i, skipLayerValidation); err != nil {
    33  		return err
    34  	}
    35  
    36  	annotations, err := oci.Annotations(idx)
    37  	if err != nil {
    38  		return err
    39  	}
    40  
    41  	// check top-level annotations are as expected for Warehouse artifact
    42  	if err := Annotations(annotations, whAnnotationValidators, nil); err != nil {
    43  		return err
    44  	}
    45  
    46  	idxManifest, err := i.IndexManifest()
    47  	if err != nil {
    48  		return err
    49  	}
    50  
    51  	// check each descriptor has expected annotations for Warehouse manifest
    52  	for n, manifest := range idxManifest.Manifests {
    53  		annotations := manifest.Annotations
    54  		if err := Annotations(annotations, whManifestAnnotationValidators, nil); err != nil {
    55  			return fmt.Errorf("manifest %d is invalid: %v", n, err)
    56  		}
    57  	}
    58  
    59  	return nil
    60  }
    61  
    62  func whValidateImage(img oci.Artifact, _ map[string]string) error {
    63  	// assert the image does not violate the v1.Image OCI specification
    64  	i := img.(v1.Image)
    65  	if err := validate.Image(i, skipLayerValidation); err != nil {
    66  		return err
    67  	}
    68  
    69  	annotations, err := oci.Annotations(img)
    70  	if err != nil {
    71  		return err
    72  	}
    73  
    74  	// check top-level annotations are as expected
    75  	return Annotations(annotations, whAnnotationValidators, nil)
    76  }
    77  
    78  func whValidateLayer(l layer.Layer, _ map[string]string) error {
    79  	annotations := l.Annotations()
    80  
    81  	// check annotations are as expected for Warehouse layer
    82  	return Annotations(annotations, whLayerAnnotationValidators, nil)
    83  }
    84
View as plain text