1
0
Fork 0
mirror of https://github.com/kyverno/kyverno.git synced 2024-12-14 11:57:48 +00:00
kyverno/pkg/notary/registry.go
Pradeep Lakshmi Narasimha 373f942ea9
fix: Allow images to be pulled from insecure registry when allowInsecureRegistry flag is set to true (#10934) (#11243)
* fix: Allow images to be pulled from insecure registry when allowInsecureRegistry flag is set to true (#10934)

Signed-off-by: Pradeep Lakshmi Narasimha <pradeep.vaishnav4@gmail.com>

* Update pkg/registryclient/client.go

Signed-off-by: Vishal Choudhary <vishal.chdhry.work@gmail.com>

---------

Signed-off-by: Pradeep Lakshmi Narasimha <pradeep.vaishnav4@gmail.com>
Signed-off-by: Vishal Choudhary <vishal.chdhry.work@gmail.com>
Co-authored-by: Vishal Choudhary <vishal.choudhary@nirmata.com>
Co-authored-by: Vishal Choudhary <vishal.chdhry.work@gmail.com>
2024-10-07 15:29:12 +00:00

76 lines
1.9 KiB
Go

package notary
import (
"context"
"strings"
"github.com/google/go-containerregistry/pkg/name"
gcrremote "github.com/google/go-containerregistry/pkg/v1/remote"
"github.com/kyverno/kyverno/pkg/images"
notationregistry "github.com/notaryproject/notation-go/registry"
ocispec "github.com/opencontainers/image-spec/specs-go/v1"
"github.com/pkg/errors"
)
type parsedReference struct {
Repo notationregistry.Repository
RemoteOpts []gcrremote.Option
Ref name.Reference
Desc ocispec.Descriptor
}
func parseReferenceCrane(ctx context.Context, ref string, registryClient images.Client) (*parsedReference, error) {
nameOpts := registryClient.NameOptions()
nameRef, err := name.ParseReference(ref, nameOpts...)
if err != nil {
return nil, err
}
remoteOpts, err := registryClient.Options(ctx)
if err != nil {
return nil, err
}
desc, err := gcrremote.Head(nameRef, remoteOpts...)
if err != nil {
return nil, err
}
if !isDigestReference(ref) {
nameRef, err = name.ParseReference(GetReferenceFromDescriptor(v1ToOciSpecDescriptor(*desc), nameRef), nameOpts...)
if err != nil {
return nil, err
}
}
repository := NewRepository(remoteOpts, nameRef)
err = resolveDigestCrane(repository, remoteOpts, nameRef)
if err != nil {
return nil, errors.Wrapf(err, "failed to resolve digest")
}
return &parsedReference{
Repo: repository,
RemoteOpts: remoteOpts,
Ref: nameRef,
Desc: v1ToOciSpecDescriptor(*desc),
}, nil
}
func isDigestReference(reference string) bool {
parts := strings.SplitN(reference, "/", 2)
if len(parts) == 1 {
return false
}
index := strings.Index(parts[1], "@")
return index != -1
}
func resolveDigestCrane(repo notationregistry.Repository, remoteOpts []gcrremote.Option, ref name.Reference) error {
_, err := repo.Resolve(context.Background(), ref.Identifier())
if err != nil {
return err
}
return nil
}