Skip to content

Commit

Permalink
fix: include key in nightly e2e pull from ecr test (#3351)
Browse files Browse the repository at this point in the history
Signed-off-by: Austin Abro <AustinAbro321@gmail.com>
  • Loading branch information
AustinAbro321 authored Dec 19, 2024
1 parent 9c32160 commit 411b758
Show file tree
Hide file tree
Showing 6 changed files with 22 additions and 17 deletions.
7 changes: 4 additions & 3 deletions site/src/content/docs/commands/zarf_package_pull.md
Original file line number Diff line number Diff line change
Expand Up @@ -31,9 +31,10 @@ $ zarf package pull oci://ghcr.io/defenseunicorns/packages/dos-games:1.0.0 -a sk
### Options

```
-h, --help help for pull
-o, --output-directory string Specify the output directory for the pulled Zarf package
--shasum string Shasum of the package to pull. Required if pulling a https package. A shasum can be retrieved using 'zarf dev sha256sum <url>'
-h, --help help for pull
-o, --output-directory string Specify the output directory for the pulled Zarf package
--shasum string Shasum of the package to pull. Required if pulling a https package. A shasum can be retrieved using 'zarf dev sha256sum <url>'
--skip-signature-validation Skip validating the signature of the Zarf package
```

### Options inherited from parent commands
Expand Down
3 changes: 2 additions & 1 deletion src/cmd/package.go
Original file line number Diff line number Diff line change
Expand Up @@ -615,6 +615,7 @@ func NewPackagePullCommand(v *viper.Viper) *cobra.Command {

cmd.Flags().StringVar(&pkgConfig.PkgOpts.Shasum, "shasum", "", lang.CmdPackagePullFlagShasum)
cmd.Flags().StringVarP(&pkgConfig.PullOpts.OutputDirectory, "output-directory", "o", v.GetString(common.VPkgPullOutputDir), lang.CmdPackagePullFlagOutputDirectory)
cmd.Flags().BoolVar(&pkgConfig.PkgOpts.SkipSignatureValidation, "skip-signature-validation", false, lang.CmdPackageFlagSkipSignatureValidation)

return cmd
}
Expand All @@ -629,7 +630,7 @@ func (o *PackagePullOptions) Run(cmd *cobra.Command, args []string) error {
}
outputDir = wd
}
err := packager2.Pull(cmd.Context(), args[0], outputDir, pkgConfig.PkgOpts.Shasum, filters.Empty(), pkgConfig.PkgOpts.PublicKeyPath)
err := packager2.Pull(cmd.Context(), args[0], outputDir, pkgConfig.PkgOpts.Shasum, filters.Empty(), pkgConfig.PkgOpts.PublicKeyPath, pkgConfig.PkgOpts.SkipSignatureValidation)
if err != nil {
return err
}
Expand Down
9 changes: 5 additions & 4 deletions src/internal/packager2/pull.go
Original file line number Diff line number Diff line change
Expand Up @@ -29,7 +29,7 @@ import (
)

// Pull fetches the Zarf package from the given sources.
func Pull(ctx context.Context, src, dir, shasum string, filter filters.ComponentFilterStrategy, publicKeyPath string) error {
func Pull(ctx context.Context, src, dir, shasum string, filter filters.ComponentFilterStrategy, publicKeyPath string, skipSignatureValidation bool) error {
u, err := url.Parse(src)
if err != nil {
return err
Expand All @@ -48,9 +48,10 @@ func Pull(ctx context.Context, src, dir, shasum string, filter filters.Component
defer os.Remove(tmpDir)
tmpPath := filepath.Join(tmpDir, "data.tar.zst")

isPartial := false
switch u.Scheme {
case "oci":
_, err := pullOCI(ctx, src, tmpPath, shasum, filter)
isPartial, err = pullOCI(ctx, src, tmpPath, shasum, filter)
if err != nil {
return err
}
Expand All @@ -66,8 +67,8 @@ func Pull(ctx context.Context, src, dir, shasum string, filter filters.Component
// This loadFromTar is done so that validatePackageIntegrtiy and validatePackageSignature are called
layoutOpt := layout.PackageLayoutOptions{
PublicKeyPath: publicKeyPath,
SkipSignatureValidation: false,
IsPartial: false,
SkipSignatureValidation: skipSignatureValidation,
IsPartial: isPartial,
}
_, err = layout.LoadFromTar(ctx, tmpPath, layoutOpt)
if err != nil {
Expand Down
2 changes: 1 addition & 1 deletion src/internal/packager2/pull_test.go
Original file line number Diff line number Diff line change
Expand Up @@ -39,7 +39,7 @@ func TestPull(t *testing.T) {

dir := t.TempDir()
shasum := "bef73d652f004d214d5cf9e00195293f7ae8390b8ff6ed45e39c2c9eb622b873"
err := Pull(ctx, srv.URL, dir, shasum, filters.Empty(), "")
err := Pull(ctx, srv.URL, dir, shasum, filters.Empty(), "", false)
require.NoError(t, err)

packageData, err := os.ReadFile(packagePath)
Expand Down
5 changes: 4 additions & 1 deletion src/test/e2e/11_oci_pull_inspect_test.go
Original file line number Diff line number Diff line change
Expand Up @@ -52,7 +52,10 @@ func (suite *PullInspectTestSuite) Test_0_Pull() {
stdOut, stdErr, err = e2e.Zarf(suite.T(), "package", "pull", simplePackageRef, "--plain-http")
suite.Error(err, stdOut, stdErr)

stdOut, stdErr, err = e2e.Zarf(suite.T(), "package", "pull", simplePackageRef, "--plain-http", publicKeyFlag)
stdOut, stdErr, err = e2e.Zarf(suite.T(), "package", "pull", simplePackageRef, "--plain-http", publicKeyFlag, "-o", outputPath)
suite.NoError(err, stdOut, stdErr)

stdOut, stdErr, err = e2e.Zarf(suite.T(), "package", "pull", simplePackageRef, "--plain-http", "--skip-signature-validation", "-o", outputPath)
suite.NoError(err, stdOut, stdErr)

stdOut, stdErr, err = e2e.Zarf(suite.T(), "package", "inspect", simplePackageRef, "--plain-http")
Expand Down
13 changes: 6 additions & 7 deletions src/test/nightly/ecr_publish_test.go
Original file line number Diff line number Diff line change
Expand Up @@ -63,16 +63,15 @@ func TestECRPublishing(t *testing.T) {
require.NoError(t, err, stdOut, stdErr)

// Validate that we can pull the package down from ECR
stdOut, stdErr, err = e2e.Zarf(t, "package", "pull", upstreamPackageURL)
pullTempDir := t.TempDir()
stdOut, stdErr, err = e2e.Zarf(t, "package", "pull", upstreamPackageURL, keyFlag, fmt.Sprintf("-o=%s", pullTempDir))
require.NoError(t, err, stdOut, stdErr)
defer e2e.CleanFiles(t, testPackageFileName)

// Ensure we get a warning when trying to inspect the package without providing the public key
// and the insecure flag
stdOut, stdErr, err = e2e.Zarf(t, "package", "inspect", testPackageFileName, "--skip-signature-validation")
pulledPackagePath := filepath.Join(pullTempDir, testPackageFileName)

stdOut, stdErr, err = e2e.Zarf(t, "package", "inspect", pulledPackagePath, "--skip-signature-validation")
require.NoError(t, err, stdOut, stdErr)

// Validate that we get no warnings when inspecting the package while providing the public key
stdOut, stdErr, err = e2e.Zarf(t, "package", "inspect", testPackageFileName, keyFlag)
stdOut, stdErr, err = e2e.Zarf(t, "package", "inspect", pulledPackagePath, keyFlag)
require.NoError(t, err, stdOut, stdErr)
}

0 comments on commit 411b758

Please sign in to comment.