From ba1a81e51b13bb6dc8c6aa77159d98a5f00e94d1 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Markus=20Th=C3=B6mmes?= Date: Tue, 26 Nov 2019 21:31:39 +0100 Subject: [PATCH 1/2] Adjust digest validation for image templating mechanism. We can no longer rely on the image format to be static since we introduced a templating mechanism. This adjusts the relevant validation functions to also take that into account. --- test/conformance/api/v1/util.go | 5 ++++- test/conformance/api/v1alpha1/util.go | 5 ++++- test/conformance/api/v1beta1/util.go | 5 ++++- 3 files changed, 12 insertions(+), 3 deletions(-) diff --git a/test/conformance/api/v1/util.go b/test/conformance/api/v1/util.go index 36f3677f49fb..025a28a24777 100644 --- a/test/conformance/api/v1/util.go +++ b/test/conformance/api/v1/util.go @@ -327,6 +327,9 @@ func validateReleaseServiceShape(objs *v1test.ResourceObjects) error { } func validateImageDigest(imageName string, imageDigest string) (bool, error) { - imageDigestRegex := fmt.Sprintf("%s/%s@sha256:[0-9a-f]{64}", pkgTest.Flags.DockerRepo, imageName) + fullName := pkgTest.ImagePath(imageName) + // Remove the tag portion from the fullName to be able to append the sha instead. + repository := strings.Split(fullName, ":")[0] + imageDigestRegex := repository + "@sha256:[0-9a-f]{64}" return regexp.MatchString(imageDigestRegex, imageDigest) } diff --git a/test/conformance/api/v1alpha1/util.go b/test/conformance/api/v1alpha1/util.go index b150f2e81d16..4314f5724a95 100644 --- a/test/conformance/api/v1alpha1/util.go +++ b/test/conformance/api/v1alpha1/util.go @@ -327,6 +327,9 @@ func validateReleaseServiceShape(objs *v1a1test.ResourceObjects) error { } func validateImageDigest(imageName string, imageDigest string) (bool, error) { - imageDigestRegex := fmt.Sprintf("%s/%s@sha256:[0-9a-f]{64}", pkgTest.Flags.DockerRepo, imageName) + fullName := pkgTest.ImagePath(imageName) + // Remove the tag portion from the fullName to be able to append the sha instead. + repository := strings.Split(fullName, ":")[0] + imageDigestRegex := repository + "@sha256:[0-9a-f]{64}" return regexp.MatchString(imageDigestRegex, imageDigest) } diff --git a/test/conformance/api/v1beta1/util.go b/test/conformance/api/v1beta1/util.go index 128a6058b859..2ce0b4759eaa 100644 --- a/test/conformance/api/v1beta1/util.go +++ b/test/conformance/api/v1beta1/util.go @@ -327,6 +327,9 @@ func validateReleaseServiceShape(objs *v1b1test.ResourceObjects) error { } func validateImageDigest(imageName string, imageDigest string) (bool, error) { - imageDigestRegex := fmt.Sprintf("%s/%s@sha256:[0-9a-f]{64}", pkgTest.Flags.DockerRepo, imageName) + fullName := pkgTest.ImagePath(imageName) + // Remove the tag portion from the fullName to be able to append the sha instead. + repository := strings.Split(fullName, ":")[0] + imageDigestRegex := repository + "@sha256:[0-9a-f]{64}" return regexp.MatchString(imageDigestRegex, imageDigest) } From f3ffb9a8d07b19f390a8bc437e20fe26d809f865 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Markus=20Th=C3=B6mmes?= Date: Tue, 26 Nov 2019 21:49:25 +0100 Subject: [PATCH 2/2] Actually parse references and make sure their repositories are equal. --- test/conformance/api/v1/util.go | 18 ++++++++++++------ test/conformance/api/v1alpha1/util.go | 18 ++++++++++++------ test/conformance/api/v1beta1/util.go | 18 ++++++++++++------ 3 files changed, 36 insertions(+), 18 deletions(-) diff --git a/test/conformance/api/v1/util.go b/test/conformance/api/v1/util.go index 025a28a24777..6d1a6df8fcde 100644 --- a/test/conformance/api/v1/util.go +++ b/test/conformance/api/v1/util.go @@ -22,10 +22,10 @@ import ( "math" "net/http" "net/url" - "regexp" "strings" "testing" + "github.com/google/go-containerregistry/pkg/name" "golang.org/x/sync/errgroup" pkgTest "knative.dev/pkg/test" "knative.dev/pkg/test/spoof" @@ -327,9 +327,15 @@ func validateReleaseServiceShape(objs *v1test.ResourceObjects) error { } func validateImageDigest(imageName string, imageDigest string) (bool, error) { - fullName := pkgTest.ImagePath(imageName) - // Remove the tag portion from the fullName to be able to append the sha instead. - repository := strings.Split(fullName, ":")[0] - imageDigestRegex := repository + "@sha256:[0-9a-f]{64}" - return regexp.MatchString(imageDigestRegex, imageDigest) + ref, err := name.ParseReference(pkgTest.ImagePath(imageName)) + if err != nil { + return false, err + } + + digest, err := name.NewDigest(imageDigest) + if err != nil { + return false, err + } + + return ref.Context().String() == digest.Context().String(), nil } diff --git a/test/conformance/api/v1alpha1/util.go b/test/conformance/api/v1alpha1/util.go index 4314f5724a95..a57fcfeaf882 100644 --- a/test/conformance/api/v1alpha1/util.go +++ b/test/conformance/api/v1alpha1/util.go @@ -22,10 +22,10 @@ import ( "math" "net/http" "net/url" - "regexp" "strings" "testing" + "github.com/google/go-containerregistry/pkg/name" "golang.org/x/sync/errgroup" pkgTest "knative.dev/pkg/test" "knative.dev/pkg/test/spoof" @@ -327,9 +327,15 @@ func validateReleaseServiceShape(objs *v1a1test.ResourceObjects) error { } func validateImageDigest(imageName string, imageDigest string) (bool, error) { - fullName := pkgTest.ImagePath(imageName) - // Remove the tag portion from the fullName to be able to append the sha instead. - repository := strings.Split(fullName, ":")[0] - imageDigestRegex := repository + "@sha256:[0-9a-f]{64}" - return regexp.MatchString(imageDigestRegex, imageDigest) + ref, err := name.ParseReference(pkgTest.ImagePath(imageName)) + if err != nil { + return false, err + } + + digest, err := name.NewDigest(imageDigest) + if err != nil { + return false, err + } + + return ref.Context().String() == digest.Context().String(), nil } diff --git a/test/conformance/api/v1beta1/util.go b/test/conformance/api/v1beta1/util.go index 2ce0b4759eaa..63ba8eed3699 100644 --- a/test/conformance/api/v1beta1/util.go +++ b/test/conformance/api/v1beta1/util.go @@ -22,10 +22,10 @@ import ( "math" "net/http" "net/url" - "regexp" "strings" "testing" + "github.com/google/go-containerregistry/pkg/name" "golang.org/x/sync/errgroup" pkgTest "knative.dev/pkg/test" "knative.dev/pkg/test/spoof" @@ -327,9 +327,15 @@ func validateReleaseServiceShape(objs *v1b1test.ResourceObjects) error { } func validateImageDigest(imageName string, imageDigest string) (bool, error) { - fullName := pkgTest.ImagePath(imageName) - // Remove the tag portion from the fullName to be able to append the sha instead. - repository := strings.Split(fullName, ":")[0] - imageDigestRegex := repository + "@sha256:[0-9a-f]{64}" - return regexp.MatchString(imageDigestRegex, imageDigest) + ref, err := name.ParseReference(pkgTest.ImagePath(imageName)) + if err != nil { + return false, err + } + + digest, err := name.NewDigest(imageDigest) + if err != nil { + return false, err + } + + return ref.Context().String() == digest.Context().String(), nil }