Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Refactor repo validation so as to not require http-only validators. #6620

Merged
merged 1 commit into from
Aug 16, 2023

Conversation

absoludity
Copy link
Contributor

Description of the change

First part of integration work to update the OCI repo support to use the oci-catalog service. This PR refactors the existing repository validation to remove the assumption of an HTTPValidator (since the gRPC validation doesn't use an httpclient etc.)

Benefits

Step towards adding grpc validation for OCI repositories using the new service.

Possible drawbacks

None

Applicable issues

Signed-off-by: Michael Nelson <minelson@vmware.com>
@netlify
Copy link

netlify bot commented Aug 15, 2023

Deploy Preview for kubeapps-dev canceled.

Name Link
🔨 Latest commit d5b3bbd
🔍 Latest deploy log https://app.netlify.com/sites/kubeapps-dev/deploys/64db165cb04ef40008515c14

@absoludity absoludity merged commit 514b32c into main Aug 16, 2023
@absoludity absoludity deleted the 6263-use-oci-catalog-validation-2 branch August 16, 2023 21:01
absoludity added a commit that referenced this pull request Aug 17, 2023
### Description of the change

Follows on from #6620, uses the grpc Client to check if we can find
repos for an OCI registry. While there I improved a couple of other
things regarding the validation:
- a context.Context can (and must) now be passed through to the
validation (we should always pass the request context through subsequent
requests); and
- the getValidator function is now a method so that the different
validators can have custom data set (such as the OCI catalog address, or
the repo client getter).

I've added a basic test double grpc service for the OCI catalog to use
here in tests, and will undoubtedly improve this test double when adding
the actual sync functionality to use the OCI catalog service next.

### Benefits

OCI Catalog service can be used to check an OCI Registry, without
impacting current behaviour.

### Possible drawbacks

None that I'm aware of.

### Applicable issues

- ref #6263

### Additional information

I'll test IRL locally and update here:

Logs showing the fallback when the OCI catalog is not running:
```
E0816 03:49:15.487354       1 repositories_validation.go:354] unable to query OCI Catalog service at ":50061": error querying OCI Catalog for repos: rpc error: code = Unavailable desc = connection error: desc = "transport: Error while dialing: dial tcp :50061: connect: connection refused"
E0816 03:49:16.462758       1 utils.go:400] unable to get catalog manifest: GET request to [https://registry-1.docker.io/v2/bitnamicharts/charts-index/manifests/latest] failed due to status [401]: {"errors":[{"code":"UNAUTHORIZED","message":"authentication required","detail":[{"Type":"repository","Class":"","Name":"bitnamicharts/charts-index","Action":"pull"}]}]}
E0816 03:49:16.462894       1 repositories_validation.go:52] Failed repository validation validation: &{Code:400 Message:unable to determine the OCI catalog, you need to specify at least one repository}
```

and verified I can add the Bitnami catalog using the OCI
`https://registry-1.docker.io/bitnamicharts` . That is, it passes
validation and gets added. It doesn't yet sync - that'll be the next PR.

---------

Signed-off-by: Michael Nelson <minelson@vmware.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
Development

Successfully merging this pull request may close these issues.

3 participants