From eaed0bdb75b3f07a81bda15dd092b5e4d605ab42 Mon Sep 17 00:00:00 2001 From: Allen Conlon Date: Sun, 26 Jan 2025 19:12:10 -0500 Subject: [PATCH] feat(hooks): update logic to allow not including crc32 with flux-ocirepo Signed-off-by: Allen Conlon --- src/internal/agent/hooks/common.go | 9 +++ src/internal/agent/hooks/flux-ocirepo.go | 12 ++- src/internal/agent/hooks/flux-ocirepo_test.go | 76 +++++++++++++++++++ 3 files changed, 96 insertions(+), 1 deletion(-) diff --git a/src/internal/agent/hooks/common.go b/src/internal/agent/hooks/common.go index 52ea3bb509..5452d2398c 100644 --- a/src/internal/agent/hooks/common.go +++ b/src/internal/agent/hooks/common.go @@ -6,6 +6,8 @@ package hooks import "github.com/zarf-dev/zarf/src/internal/agent/operations" +const annotationDisableCRC32 = "zarf.dev/remove-checksum" + func getLabelPatch(currLabels map[string]string) operations.PatchOperation { if currLabels == nil { currLabels = make(map[string]string) @@ -13,3 +15,10 @@ func getLabelPatch(currLabels map[string]string) operations.PatchOperation { currLabels["zarf-agent"] = "patched" return operations.ReplacePatchOperation("/metadata/labels", currLabels) } + +func hasRemoveChecksumAnnotation(annotations map[string]string) bool { + if val, ok := annotations[annotationDisableCRC32]; ok { + return val == "enable" + } + return false +} diff --git a/src/internal/agent/hooks/flux-ocirepo.go b/src/internal/agent/hooks/flux-ocirepo.go index 3024705ddc..94d9f8c9f8 100644 --- a/src/internal/agent/hooks/flux-ocirepo.go +++ b/src/internal/agent/hooks/flux-ocirepo.go @@ -97,7 +97,17 @@ func mutateOCIRepo(ctx context.Context, r *v1.AdmissionRequest, cluster *cluster patchedURL = fmt.Sprintf("%s:%s", patchedURL, src.Spec.Reference.Tag) } - patchedSrc, err := transform.ImageTransformHost(registryAddress, patchedURL) + var ( + patchedSrc string + err error + ) + + if hasRemoveChecksumAnnotation(src.Annotations) { + patchedSrc, err = transform.ImageTransformHostWithoutChecksum(registryAddress, patchedURL) + } else { + patchedSrc, err = transform.ImageTransformHost(registryAddress, patchedURL) + } + if err != nil { return nil, fmt.Errorf("unable to transform the OCIRepo URL: %w", err) } diff --git a/src/internal/agent/hooks/flux-ocirepo_test.go b/src/internal/agent/hooks/flux-ocirepo_test.go index a7d5447e51..2564442664 100644 --- a/src/internal/agent/hooks/flux-ocirepo_test.go +++ b/src/internal/agent/hooks/flux-ocirepo_test.go @@ -254,6 +254,82 @@ func TestFluxOCIMutationWebhook(t *testing.T) { }, code: http.StatusOK, }, + { + name: "url should not include crc32 checksum", + admissionReq: createFluxOCIRepoAdmissionRequest(t, v1.Update, &flux.OCIRepository{ + ObjectMeta: metav1.ObjectMeta{ + Name: "mutate-this", + Annotations: map[string]string{ + "zarf.dev/remove-checksum": "enable", + }, + }, + Spec: flux.OCIRepositorySpec{ + URL: "oci://ghcr.io/stefanprodan/manifests/podinfo", + Reference: &flux.OCIRepositoryRef{ + Tag: "6.4.0", + }, + }, + }), + patch: []operations.PatchOperation{ + operations.ReplacePatchOperation( + "/spec/url", + "oci://127.0.0.1:31999/stefanprodan/manifests/podinfo", + ), + operations.AddPatchOperation( + "/spec/secretRef", + fluxmeta.LocalObjectReference{Name: config.ZarfImagePullSecretName}, + ), + operations.ReplacePatchOperation( + "/spec/ref/tag", + "6.4.0", + ), + operations.ReplacePatchOperation( + "/metadata/labels", + map[string]string{ + "zarf-agent": "patched", + }, + ), + }, + code: http.StatusOK, + }, + { + name: "url should include crc32 checksum when annotation is not 'enable'", + admissionReq: createFluxOCIRepoAdmissionRequest(t, v1.Update, &flux.OCIRepository{ + ObjectMeta: metav1.ObjectMeta{ + Name: "mutate-this", + Annotations: map[string]string{ + "zarf.dev/remove-checksum": "test", + }, + }, + Spec: flux.OCIRepositorySpec{ + URL: "oci://ghcr.io/stefanprodan/manifests/podinfo", + Reference: &flux.OCIRepositoryRef{ + Tag: "6.4.0", + }, + }, + }), + patch: []operations.PatchOperation{ + operations.ReplacePatchOperation( + "/spec/url", + "oci://127.0.0.1:31999/stefanprodan/manifests/podinfo", + ), + operations.AddPatchOperation( + "/spec/secretRef", + fluxmeta.LocalObjectReference{Name: config.ZarfImagePullSecretName}, + ), + operations.ReplacePatchOperation( + "/spec/ref/tag", + "6.4.0-zarf-2823281104", + ), + operations.ReplacePatchOperation( + "/metadata/labels", + map[string]string{ + "zarf-agent": "patched", + }, + ), + }, + code: http.StatusOK, + }, } ctx := context.Background()