diff options
author | Urvashi Mohnani <umohnani@redhat.com> | 2024-01-24 08:11:51 -0500 |
---|---|---|
committer | Urvashi Mohnani <umohnani@redhat.com> | 2024-01-25 11:10:41 -0500 |
commit | 7c8c945496fcd8674d2765a95d55275dfe11ea35 (patch) | |
tree | 7f4d4076a04453d238a9c6aa6b6ce100f73b6784 /vendor/github.com/containers/common/libimage | |
parent | d66b18f5afbbea16f88fe77eaa449ca9739698ea (diff) |
Vendor in latest c/common
Pull in updates made to the filters code for
images. Filters now perform an AND operation
except for th reference filter which does an
OR operation for positive case but an AND operation
for negative cases.
Signed-off-by: Urvashi Mohnani <umohnani@redhat.com>
Diffstat (limited to 'vendor/github.com/containers/common/libimage')
21 files changed, 132 insertions, 100 deletions
diff --git a/vendor/github.com/containers/common/libimage/copier.go b/vendor/github.com/containers/common/libimage/copier.go index 1edf7d6cb..fe6eb9784 100644 --- a/vendor/github.com/containers/common/libimage/copier.go +++ b/vendor/github.com/containers/common/libimage/copier.go @@ -1,5 +1,4 @@ //go:build !remote -// +build !remote package libimage @@ -518,8 +517,8 @@ func checkRegistrySourcesAllows(dest types.ImageReference) (insecure *bool, err return nil, fmt.Errorf("registry %q denied by policy: not in allowed registries list (%s)", reference.Domain(dref), registrySources) } - for _, inseureDomain := range sources.InsecureRegistries { - if inseureDomain == reference.Domain(dref) { + for _, insecureDomain := range sources.InsecureRegistries { + if insecureDomain == reference.Domain(dref) { insecure := true return &insecure, nil } diff --git a/vendor/github.com/containers/common/libimage/disk_usage.go b/vendor/github.com/containers/common/libimage/disk_usage.go index 765b0df86..6264b25ec 100644 --- a/vendor/github.com/containers/common/libimage/disk_usage.go +++ b/vendor/github.com/containers/common/libimage/disk_usage.go @@ -1,5 +1,4 @@ //go:build !remote -// +build !remote package libimage @@ -37,7 +36,7 @@ func (r *Runtime) DiskUsage(ctx context.Context) ([]ImageDiskUsage, int64, error return nil, -1, err } - layerTree, err := r.layerTree(images) + layerTree, err := r.layerTree(ctx, images) if err != nil { return nil, -1, err } @@ -80,7 +79,7 @@ func (r *Runtime) DiskUsage(ctx context.Context) ([]ImageDiskUsage, int64, error // diskUsageForImage returns the disk-usage baseistics for the specified image. func diskUsageForImage(ctx context.Context, image *Image, tree *layerTree) ([]ImageDiskUsage, error) { - if err := image.isCorrupted(""); err != nil { + if err := image.isCorrupted(ctx, ""); err != nil { return nil, err } diff --git a/vendor/github.com/containers/common/libimage/events.go b/vendor/github.com/containers/common/libimage/events.go index 5d82efa6a..e43c39d95 100644 --- a/vendor/github.com/containers/common/libimage/events.go +++ b/vendor/github.com/containers/common/libimage/events.go @@ -1,5 +1,4 @@ //go:build !remote -// +build !remote package libimage diff --git a/vendor/github.com/containers/common/libimage/filters.go b/vendor/github.com/containers/common/libimage/filters.go index b51853af1..369eff94a 100644 --- a/vendor/github.com/containers/common/libimage/filters.go +++ b/vendor/github.com/containers/common/libimage/filters.go @@ -1,5 +1,4 @@ //go:build !remote -// +build !remote package libimage @@ -21,33 +20,28 @@ import ( // indicates that the image matches the criteria. type filterFunc func(*Image) (bool, error) -// Apply the specified filters. At least one filter of each key must apply. -func (i *Image) applyFilters(filters map[string][]filterFunc) (bool, error) { - matches := false - for key := range filters { // and - matches = false - for _, filter := range filters[key] { // or - var err error - matches, err = filter(i) +// Apply the specified filters. All filters of each key must apply. +func (i *Image) applyFilters(ctx context.Context, filters map[string][]filterFunc) (bool, error) { + for key := range filters { + for _, filter := range filters[key] { + matches, err := filter(i) if err != nil { // Some images may have been corrupted in the // meantime, so do an extra check and make the // error non-fatal (see containers/podman/issues/12582). - if errCorrupted := i.isCorrupted(""); errCorrupted != nil { + if errCorrupted := i.isCorrupted(ctx, ""); errCorrupted != nil { logrus.Errorf(errCorrupted.Error()) return false, nil } return false, err } - if matches { - break + // If any filter within a group doesn't match, return false + if !matches { + return false, nil } } - if !matches { - return false, nil - } } - return matches, nil + return true, nil } // filterImages returns a slice of images which are passing all specified @@ -63,7 +57,7 @@ func (r *Runtime) filterImages(ctx context.Context, images []*Image, options *Li } result := []*Image{} for i := range images { - match, err := images[i].applyFilters(filters) + match, err := images[i].applyFilters(ctx, filters) if err != nil { return nil, err } @@ -84,7 +78,7 @@ func (r *Runtime) compileImageFilters(ctx context.Context, options *ListImagesOp var tree *layerTree getTree := func() (*layerTree, error) { if tree == nil { - t, err := r.layerTree(nil) + t, err := r.layerTree(ctx, nil) if err != nil { return nil, err } @@ -93,6 +87,7 @@ func (r *Runtime) compileImageFilters(ctx context.Context, options *ListImagesOp return tree, nil } + var wantedReferenceMatches, unwantedReferenceMatches []string filters := map[string][]filterFunc{} duplicate := map[string]string{} for _, f := range options.Filters { @@ -184,7 +179,12 @@ func (r *Runtime) compileImageFilters(ctx context.Context, options *ListImagesOp filter = filterManifest(ctx, manifest) case "reference": - filter = filterReferences(r, value) + if negate { + unwantedReferenceMatches = append(unwantedReferenceMatches, value) + } else { + wantedReferenceMatches = append(wantedReferenceMatches, value) + } + continue case "until": until, err := r.until(value) @@ -202,6 +202,11 @@ func (r *Runtime) compileImageFilters(ctx context.Context, options *ListImagesOp filters[key] = append(filters[key], filter) } + // reference filters is a special case as it does an OR for positive matches + // and an AND logic for negative matches + filter := filterReferences(r, wantedReferenceMatches, unwantedReferenceMatches) + filters["reference"] = append(filters["reference"], filter) + return filters, nil } @@ -273,55 +278,97 @@ func filterManifest(ctx context.Context, value bool) filterFunc { } } -// filterReferences creates a reference filter for matching the specified value. -func filterReferences(r *Runtime, value string) filterFunc { - lookedUp, _, _ := r.LookupImage(value, nil) +// filterReferences creates a reference filter for matching the specified wantedReferenceMatches value (OR logic) +// and for matching the unwantedReferenceMatches values (AND logic) +func filterReferences(r *Runtime, wantedReferenceMatches, unwantedReferenceMatches []string) filterFunc { return func(img *Image) (bool, error) { - if lookedUp != nil { - if lookedUp.ID() == img.ID() { + // Empty reference filters, return true + if len(wantedReferenceMatches) == 0 && len(unwantedReferenceMatches) == 0 { + return true, nil + } + + unwantedMatched := false + // Go through the unwanted matches first + for _, value := range unwantedReferenceMatches { + matches, err := imageMatchesReferenceFilter(r, img, value) + if err != nil { + return false, err + } + if matches { + unwantedMatched = true + } + } + + // If there are no wanted match filters, then return false for the image + // that matched the unwanted value otherwise return true + if len(wantedReferenceMatches) == 0 { + return !unwantedMatched, nil + } + + // Go through the wanted matches + // If an image matches the wanted filter but it also matches the unwanted + // filter, don't add it to the output + for _, value := range wantedReferenceMatches { + matches, err := imageMatchesReferenceFilter(r, img, value) + if err != nil { + return false, err + } + if matches && !unwantedMatched { return true, nil } } - refs, err := img.NamesReferences() - if err != nil { - return false, err + return false, nil + } +} + +// imageMatchesReferenceFilter returns true if an image matches the filter value given +func imageMatchesReferenceFilter(r *Runtime, img *Image, value string) (bool, error) { + lookedUp, _, _ := r.LookupImage(value, nil) + if lookedUp != nil { + if lookedUp.ID() == img.ID() { + return true, nil } + } - for _, ref := range refs { - refString := ref.String() // FQN with tag/digest - candidates := []string{refString} + refs, err := img.NamesReferences() + if err != nil { + return false, err + } - // Split the reference into 3 components (twice if digested/tagged): - // 1) Fully-qualified reference - // 2) Without domain - // 3) Without domain and path - if named, isNamed := ref.(reference.Named); isNamed { + for _, ref := range refs { + refString := ref.String() // FQN with tag/digest + candidates := []string{refString} + + // Split the reference into 3 components (twice if digested/tagged): + // 1) Fully-qualified reference + // 2) Without domain + // 3) Without domain and path + if named, isNamed := ref.(reference.Named); isNamed { + candidates = append(candidates, + reference.Path(named), // path/name without tag/digest (Path() removes it) + refString[strings.LastIndex(refString, "/")+1:]) // name with tag/digest + + trimmedString := reference.TrimNamed(named).String() + if refString != trimmedString { + tagOrDigest := refString[len(trimmedString):] candidates = append(candidates, - reference.Path(named), // path/name without tag/digest (Path() removes it) - refString[strings.LastIndex(refString, "/")+1:]) // name with tag/digest - - trimmedString := reference.TrimNamed(named).String() - if refString != trimmedString { - tagOrDigest := refString[len(trimmedString):] - candidates = append(candidates, - trimmedString, // FQN without tag/digest - reference.Path(named)+tagOrDigest, // path/name with tag/digest - trimmedString[strings.LastIndex(trimmedString, "/")+1:]) // name without tag/digest - } + trimmedString, // FQN without tag/digest + reference.Path(named)+tagOrDigest, // path/name with tag/digest + trimmedString[strings.LastIndex(trimmedString, "/")+1:]) // name without tag/digest } + } - for _, candidate := range candidates { - // path.Match() is also used by Docker's reference.FamiliarMatch(). - matched, _ := path.Match(value, candidate) - if matched { - return true, nil - } + for _, candidate := range candidates { + // path.Match() is also used by Docker's reference.FamiliarMatch(). + matched, _ := path.Match(value, candidate) + if matched { + return true, nil } } - - return false, nil } + + return false, nil } // filterLabel creates a label for matching the specified value. diff --git a/vendor/github.com/containers/common/libimage/history.go b/vendor/github.com/containers/common/libimage/history.go index ccd810962..56f84e37a 100644 --- a/vendor/github.com/containers/common/libimage/history.go +++ b/vendor/github.com/containers/common/libimage/history.go @@ -1,5 +1,4 @@ //go:build !remote -// +build !remote package libimage @@ -26,7 +25,7 @@ func (i *Image) History(ctx context.Context) ([]ImageHistory, error) { return nil, err } - layerTree, err := i.runtime.layerTree(nil) + layerTree, err := i.runtime.layerTree(ctx, nil) if err != nil { return nil, err } diff --git a/vendor/github.com/containers/common/libimage/image.go b/vendor/github.com/containers/common/libimage/image.go index 4d106d42f..9cc77cdb2 100644 --- a/vendor/github.com/containers/common/libimage/image.go +++ b/vendor/github.com/containers/common/libimage/image.go @@ -1,5 +1,4 @@ //go:build !remote -// +build !remote package libimage @@ -67,7 +66,7 @@ type Image struct { } } -// reload the image and pessimitically clear all cached data. +// reload the image and pessimistically clear all cached data. func (i *Image) reload() error { logrus.Tracef("Reloading image %s", i.ID()) img, err := i.runtime.store.Image(i.ID()) @@ -85,7 +84,7 @@ func (i *Image) reload() error { } // isCorrupted returns an error if the image may be corrupted. -func (i *Image) isCorrupted(name string) error { +func (i *Image) isCorrupted(ctx context.Context, name string) error { // If it's a manifest list, we're good for now. if _, err := i.getManifestList(); err == nil { return nil @@ -96,7 +95,7 @@ func (i *Image) isCorrupted(name string) error { return err } - img, err := ref.NewImage(context.Background(), nil) + img, err := ref.NewImage(ctx, nil) if err != nil { if name == "" { name = i.ID()[:12] @@ -258,7 +257,7 @@ func (i *Image) TopLayer() string { // Parent returns the parent image or nil if there is none func (i *Image) Parent(ctx context.Context) (*Image, error) { - tree, err := i.runtime.layerTree(nil) + tree, err := i.runtime.layerTree(ctx, nil) if err != nil { return nil, err } @@ -292,7 +291,7 @@ func (i *Image) Children(ctx context.Context) ([]*Image, error) { // created for this invocation only. func (i *Image) getChildren(ctx context.Context, all bool, tree *layerTree) ([]*Image, error) { if tree == nil { - t, err := i.runtime.layerTree(nil) + t, err := i.runtime.layerTree(ctx, nil) if err != nil { return nil, err } @@ -611,7 +610,7 @@ func (i *Image) Untag(name string) error { } // FIXME: this is breaking Podman CI but must be re-enabled once - // c/storage supports alterting the digests of an image. Then, + // c/storage supports altering the digests of an image. Then, // Podman will do the right thing. // // !!! Also make sure to re-enable the tests !!! @@ -1031,7 +1030,7 @@ func getImageID(ctx context.Context, src types.ImageReference, sys *types.System // - 2) a bool indicating whether architecture, os or variant were set (some callers need that to decide whether they need to throw an error) // - 3) a fatal error that occurred prior to check for matches (e.g., storage errors etc.) func (i *Image) matchesPlatform(ctx context.Context, os, arch, variant string) (error, bool, error) { - if err := i.isCorrupted(""); err != nil { + if err := i.isCorrupted(ctx, ""); err != nil { return err, false, nil } inspectInfo, err := i.inspectInfo(ctx) diff --git a/vendor/github.com/containers/common/libimage/image_config.go b/vendor/github.com/containers/common/libimage/image_config.go index 9f5841fe1..cd4ed3c4e 100644 --- a/vendor/github.com/containers/common/libimage/image_config.go +++ b/vendor/github.com/containers/common/libimage/image_config.go @@ -1,5 +1,4 @@ //go:build !remote -// +build !remote package libimage diff --git a/vendor/github.com/containers/common/libimage/image_tree.go b/vendor/github.com/containers/common/libimage/image_tree.go index 8143d3779..8b9d1f4c4 100644 --- a/vendor/github.com/containers/common/libimage/image_tree.go +++ b/vendor/github.com/containers/common/libimage/image_tree.go @@ -1,9 +1,9 @@ //go:build !remote -// +build !remote package libimage import ( + "context" "fmt" "strings" @@ -38,7 +38,7 @@ func (i *Image) Tree(traverseChildren bool) (string, error) { fmt.Fprintf(sb, "No Image Layers") } - layerTree, err := i.runtime.layerTree(nil) + layerTree, err := i.runtime.layerTree(context.Background(), nil) if err != nil { return "", err } @@ -53,7 +53,7 @@ func (i *Image) Tree(traverseChildren bool) (string, error) { return tree.Print(), nil } - // Walk all layers of the image and assemlbe their data. Note that the + // Walk all layers of the image and assemble their data. Note that the // tree is constructed in reverse order to remain backwards compatible // with Podman. contents := []string{} diff --git a/vendor/github.com/containers/common/libimage/import.go b/vendor/github.com/containers/common/libimage/import.go index 5519f02ba..552c48eae 100644 --- a/vendor/github.com/containers/common/libimage/import.go +++ b/vendor/github.com/containers/common/libimage/import.go @@ -1,5 +1,4 @@ //go:build !remote -// +build !remote package libimage diff --git a/vendor/github.com/containers/common/libimage/inspect.go b/vendor/github.com/containers/common/libimage/inspect.go index ed1ae719d..0db94708d 100644 --- a/vendor/github.com/containers/common/libimage/inspect.go +++ b/vendor/github.com/containers/common/libimage/inspect.go @@ -1,5 +1,4 @@ //go:build !remote -// +build !remote package libimage diff --git a/vendor/github.com/containers/common/libimage/layer_tree.go b/vendor/github.com/containers/common/libimage/layer_tree.go index 71eafb0e7..b140e648c 100644 --- a/vendor/github.com/containers/common/libimage/layer_tree.go +++ b/vendor/github.com/containers/common/libimage/layer_tree.go @@ -1,5 +1,4 @@ //go:build !remote -// +build !remote package libimage @@ -92,14 +91,14 @@ func (l *layerNode) repoTags() ([]string, error) { // layerTree extracts a layerTree from the layers in the local storage and // relates them to the specified images. -func (r *Runtime) layerTree(images []*Image) (*layerTree, error) { +func (r *Runtime) layerTree(ctx context.Context, images []*Image) (*layerTree, error) { layers, err := r.store.Layers() if err != nil { return nil, err } if images == nil { - images, err = r.ListImages(context.Background(), nil, nil) + images, err = r.ListImages(ctx, nil, nil) if err != nil { return nil, err } diff --git a/vendor/github.com/containers/common/libimage/load.go b/vendor/github.com/containers/common/libimage/load.go index 36283a99b..c250de626 100644 --- a/vendor/github.com/containers/common/libimage/load.go +++ b/vendor/github.com/containers/common/libimage/load.go @@ -1,5 +1,4 @@ //go:build !remote -// +build !remote package libimage diff --git a/vendor/github.com/containers/common/libimage/manifest_list.go b/vendor/github.com/containers/common/libimage/manifest_list.go index c36bfda96..8f4d6877f 100644 --- a/vendor/github.com/containers/common/libimage/manifest_list.go +++ b/vendor/github.com/containers/common/libimage/manifest_list.go @@ -1,5 +1,4 @@ //go:build !remote -// +build !remote package libimage @@ -314,7 +313,7 @@ func (m *ManifestList) Add(ctx context.Context, name string, options *ManifestLi return newDigest, nil } -// Options for annotationg a manifest list. +// Options for annotating a manifest list. type ManifestListAnnotateOptions struct { // Add the specified annotations to the added image. Annotations map[string]string diff --git a/vendor/github.com/containers/common/libimage/normalize.go b/vendor/github.com/containers/common/libimage/normalize.go index 2b3402861..b00af66a0 100644 --- a/vendor/github.com/containers/common/libimage/normalize.go +++ b/vendor/github.com/containers/common/libimage/normalize.go @@ -1,5 +1,4 @@ //go:build !remote -// +build !remote package libimage diff --git a/vendor/github.com/containers/common/libimage/oci.go b/vendor/github.com/containers/common/libimage/oci.go index fcbd10ada..80aefc974 100644 --- a/vendor/github.com/containers/common/libimage/oci.go +++ b/vendor/github.com/containers/common/libimage/oci.go @@ -1,5 +1,4 @@ //go:build !remote -// +build !remote package libimage diff --git a/vendor/github.com/containers/common/libimage/platform.go b/vendor/github.com/containers/common/libimage/platform.go index c378bc27f..bf8b054b1 100644 --- a/vendor/github.com/containers/common/libimage/platform.go +++ b/vendor/github.com/containers/common/libimage/platform.go @@ -1,5 +1,4 @@ //go:build !remote -// +build !remote package libimage diff --git a/vendor/github.com/containers/common/libimage/pull.go b/vendor/github.com/containers/common/libimage/pull.go index bc8e84981..ea51cd294 100644 --- a/vendor/github.com/containers/common/libimage/pull.go +++ b/vendor/github.com/containers/common/libimage/pull.go @@ -1,5 +1,4 @@ //go:build !remote -// +build !remote package libimage @@ -31,7 +30,7 @@ import ( "github.com/sirupsen/logrus" ) -// PullOptions allows for custommizing image pulls. +// PullOptions allows for customizing image pulls. type PullOptions struct { CopyOptions @@ -511,7 +510,7 @@ func (r *Runtime) copySingleImageFromRegistry(ctx context.Context, imageName str // If the local image is corrupted, we need to repull it. if localImage != nil { - if err := localImage.isCorrupted(imageName); err != nil { + if err := localImage.isCorrupted(ctx, imageName); err != nil { logrus.Error(err) localImage = nil } diff --git a/vendor/github.com/containers/common/libimage/push.go b/vendor/github.com/containers/common/libimage/push.go index ed1d90c14..c71f036c8 100644 --- a/vendor/github.com/containers/common/libimage/push.go +++ b/vendor/github.com/containers/common/libimage/push.go @@ -1,5 +1,4 @@ //go:build !remote -// +build !remote package libimage @@ -13,7 +12,7 @@ import ( "github.com/sirupsen/logrus" ) -// PushOptions allows for custommizing image pushes. +// PushOptions allows for customizing image pushes. type PushOptions struct { CopyOptions } diff --git a/vendor/github.com/containers/common/libimage/runtime.go b/vendor/github.com/containers/common/libimage/runtime.go index 1948fe0ad..5493a2997 100644 --- a/vendor/github.com/containers/common/libimage/runtime.go +++ b/vendor/github.com/containers/common/libimage/runtime.go @@ -1,5 +1,4 @@ //go:build !remote -// +build !remote package libimage @@ -162,7 +161,7 @@ func (r *Runtime) storageToImage(storageImage *storage.Image, ref types.ImageRef } } -// Exists returns true if the specicifed image exists in the local containers +// Exists returns true if the specified image exists in the local containers // storage. Note that it may return false if an image corrupted. func (r *Runtime) Exists(name string) (bool, error) { image, _, err := r.LookupImage(name, nil) @@ -172,7 +171,7 @@ func (r *Runtime) Exists(name string) (bool, error) { if image == nil { return false, nil } - if err := image.isCorrupted(name); err != nil { + if err := image.isCorrupted(context.Background(), name); err != nil { logrus.Error(err) return false, nil } @@ -235,8 +234,12 @@ func (r *Runtime) LookupImage(name string, options *LookupImageOptions) (*Image, if storageRef.Transport().Name() != storageTransport.Transport.Name() { return nil, "", fmt.Errorf("unsupported transport %q for looking up local images", storageRef.Transport().Name()) } - img, err := storageTransport.Transport.GetStoreImage(r.store, storageRef) + _, img, err := storageTransport.ResolveReference(storageRef) if err != nil { + if errors.Is(err, storageTransport.ErrNoSuchImage) { + // backward compatibility + return nil, "", storage.ErrImageUnknown + } return nil, "", err } logrus.Debugf("Found image %q in local containers storage (%s)", name, storageRef.StringWithinTransport()) @@ -347,9 +350,9 @@ func (r *Runtime) lookupImageInLocalStorage(name, candidate string, namedCandida if err != nil { return nil, err } - img, err = storageTransport.Transport.GetStoreImage(r.store, ref) + _, img, err = storageTransport.ResolveReference(ref) if err != nil { - if errors.Is(err, storage.ErrImageUnknown) { + if errors.Is(err, storageTransport.ErrNoSuchImage) { return nil, nil } return nil, err @@ -605,7 +608,7 @@ func (r *Runtime) ListImages(ctx context.Context, names []string, options *ListI // as the layer tree will computed once for all instead of once for // each individual image (see containers/podman/issues/17828). - tree, err := r.layerTree(images) + tree, err := r.layerTree(ctx, images) if err != nil { return nil, err } diff --git a/vendor/github.com/containers/common/libimage/save.go b/vendor/github.com/containers/common/libimage/save.go index 47a3a566b..36dbbf95e 100644 --- a/vendor/github.com/containers/common/libimage/save.go +++ b/vendor/github.com/containers/common/libimage/save.go @@ -1,5 +1,4 @@ //go:build !remote -// +build !remote package libimage diff --git a/vendor/github.com/containers/common/libimage/search.go b/vendor/github.com/containers/common/libimage/search.go index 9ef0e8320..b26ad80d2 100644 --- a/vendor/github.com/containers/common/libimage/search.go +++ b/vendor/github.com/containers/common/libimage/search.go @@ -1,5 +1,4 @@ //go:build !remote -// +build !remote package libimage |