Add OCI check for CatalogAvailable. (#6341)

absoludity · web-flow · commit eb5e62c91f99 · 2023-06-28T16:51:42.000+10:00
### Description of the change This PR adds an initial OCI check for `CatalogAvailable` which currently just checks a VMware application catalog specific index. This will later be generalised to support other registries. ### Benefits May provide a quick win for displaying a catalog for VAC registries. Next need to use this when validating an OCI registry in the UI, then use when syncing the registry. ### Applicable issues - ref #6263 Signed-off-by: Michael Nelson <minelson@vmware.com>
diff --git a/cmd/asset-syncer/server/utils.go b/cmd/asset-syncer/server/utils.go
@@ -37,8 +37,9 @@ import (
 )
 
 const (
-	additionalCAFile = "/usr/local/share/ca-certificates/ca.crt"
-	numWorkers       = 10
+	additionalCAFile     = "/usr/local/share/ca-certificates/ca.crt"
+	numWorkers           = 10
+	chartsIndexMediaType = "application/vnd.vmware.charts.index.config.v1+json"
 )
 
 type Config struct {
@@ -320,6 +321,7 @@ type OCIManifest struct {
 type ociAPI interface {
 	TagList(appName, userAgent string) (*TagList, error)
 	IsHelmChart(appName, tag, userAgent string) (bool, error)
+	CatalogAvailable(userAgent string) bool
 }
 
 type ociAPICli struct {
@@ -367,6 +369,38 @@ func (o *ociAPICli) IsHelmChart(appName, tag, userAgent string) (bool, error) {
 	return manifest.Config.MediaType == helmregistry.ConfigMediaType, nil
 }
 
+// CatalogAvailable returns whether Kubeapps can return a catalog for
+// this OCI repository.
+//
+// Currently this checks only for a VMware Application Catalog index as
+// documented at:
+// https://docs.vmware.com/en/VMware-Application-Catalog/services/main/GUID-using-consume-metadata.html#method-2-obtain-metadata-from-the-oci-registry-10
+// although examples have "chart-index" rather than "index" as the artifact
+// name.
+// In the future, this should check the oci-catalog service for possible
+// catalogs.
+func (o *ociAPICli) CatalogAvailable(userAgent string) bool {
+	indexURL := *o.url
+	indexURL.Path = path.Join("v2", indexURL.Path, "charts-index", "manifests", "latest")
+	log.V(4).Infof("getting tag %s", indexURL.String())
+	manifestData, err := doReq(
+		indexURL.String(),
+		o.netClient,
+		map[string]string{
+			"Authorization": o.authHeader,
+			"Accept":        "application/vnd.oci.image.manifest.v1+json",
+		}, userAgent)
+	if err != nil {
+		return false
+	}
+	var manifest OCIManifest
+	err = json.Unmarshal(manifestData, &manifest)
+	if err != nil {
+		return false
+	}
+	return manifest.Config.MediaType == chartsIndexMediaType
+}
+
 func tagCheckerWorker(o ociAPI, tagJobs <-chan checkTagJob, resultChan chan checkTagResult) {
 	for j := range tagJobs {
 		isHelmChart, err := o.IsHelmChart(j.AppName, j.Tag, GetUserAgent("", ""))
diff --git a/cmd/asset-syncer/server/utils_test.go b/cmd/asset-syncer/server/utils_test.go
@@ -36,6 +36,62 @@ import (
 var validRepoIndexYAMLBytes, _ = os.ReadFile("testdata/valid-index.yaml")
 var validRepoIndexYAML = string(validRepoIndexYAMLBytes)
 
+const chartsIndexManifestJSON = `
+{
+	"schemaVersion": 2,
+	"config": {
+	  "mediaType": "application/vnd.vmware.charts.index.config.v1+json",
+	  "digest": "sha256:44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a",
+	  "size": 2
+	},
+	"layers": [
+	  {
+		"mediaType": "application/vnd.vmware.charts.index.layer.v1+json",
+		"digest": "sha256:f9f7df0ae3f50aaf9ff390034cec4286d2aa43f061ce4bc7aa3c9ac862800aba",
+		"size": 1169,
+		"annotations": {
+		  "org.opencontainers.image.title": "charts-index.json"
+		}
+	  }
+	]
+  }
+`
+const chartsIndexJSON = `
+{
+    "entries": {
+        "common": {
+            "versions": [
+                {
+                    "version": "2.4.0",
+                    "appVersion": "2.4.0",
+                    "name": "common",
+                    "urls": [
+                        "harbor.example.com/charts/common:2.4.0"
+                    ],
+                    "digest": "sha256:c85139bbe83ec5af6201fe1bec39fc0d0db475de41bc74cd729acc5af8eed6ba",
+                    "releasedAt": "2023-06-08T12:15:48.149853788Z"
+                }
+            ]
+        },
+        "redis": {
+            "versions": [
+                {
+                    "version": "17.11.0",
+                    "appVersion": "7.0.11",
+                    "name": "redis",
+                    "urls": [
+                        "harbor.example.com/charts/redis:17.11.0"
+                    ],
+                    "digest": "sha256:45925becfe9aa2c6c4741c9fe1dd0ddca627894b696755c73830e4ae6b390c35",
+                    "releasedAt": "2023-06-09T11:50:48.144176763Z"
+                }
+            ]
+        }
+    },
+    "apiVersion": "v1"
+}
+`
+
 type badHTTPClient struct {
 	errMsg string
 }
@@ -797,6 +853,63 @@ func Test_ociAPICli(t *testing.T) {
 			t.Errorf("Tag 8.1.1 should be a helm chart")
 		}
 	})
+
+	urlWithNamespace, _ := parseRepoURL("http://oci-test/test/project")
+	t.Run("CatalogAvailable - successful request", func(t *testing.T) {
+		apiCli := &ociAPICli{
+			url: urlWithNamespace,
+			netClient: &goodOCIAPIHTTPClient{
+				responseByPath: map[string]string{
+					"/v2/test/project/charts-index/manifests/latest": chartsIndexManifestJSON,
+				},
+			},
+		}
+
+		if got, want := apiCli.CatalogAvailable("my-user-agent"), true; got != want {
+			t.Errorf("got: %t, want: %t", got, want)
+		}
+	})
+
+	t.Run("CatalogAvailable - returns false for incorrect media type", func(t *testing.T) {
+		apiCli := &ociAPICli{
+			url: urlWithNamespace,
+			netClient: &goodOCIAPIHTTPClient{
+				responseByPath: map[string]string{
+					"/v2/test/project/charts-index/manifests/latest": `{"config": {"mediaType": "something-else"}}`,
+				},
+			},
+		}
+
+		if got, want := apiCli.CatalogAvailable("my-user-agent"), false; got != want {
+			t.Errorf("got: %t, want: %t", got, want)
+		}
+	})
+
+	t.Run("CatalogAvailable - returns false for a 404", func(t *testing.T) {
+		apiCli := &ociAPICli{
+			url: urlWithNamespace,
+			netClient: &goodOCIAPIHTTPClient{
+				responseByPath: map[string]string{
+					"/v2/test/project/chart-index/manifests/latest": chartsIndexJSON,
+				},
+			},
+		}
+
+		if got, want := apiCli.CatalogAvailable("my-user-agent"), false; got != want {
+			t.Errorf("got: %t, want: %t", got, want)
+		}
+	})
+
+	t.Run("CatalogAvailable - returns false on any other", func(t *testing.T) {
+		apiCli := &ociAPICli{
+			url:       urlWithNamespace,
+			netClient: &badHTTPClient{},
+		}
+
+		if got, want := apiCli.CatalogAvailable("my-user-agent"), false; got != want {
+			t.Errorf("got: %t, want: %t", got, want)
+		}
+	})
 }
 
 type fakeOCIAPICli struct {
@@ -812,6 +925,10 @@ func (o *fakeOCIAPICli) IsHelmChart(appName, tag, userAgent string) (bool, error
 	return true, o.err
 }
 
+func (o *fakeOCIAPICli) CatalogAvailable(userAgent string) bool {
+	return false
+}
+
 func Test_OCIRegistry(t *testing.T) {
 	repo := OCIRegistry{
 		repositories: []string{"apache", "jenkins"},
