func runDiscover(args []string) (exit int) {
if len(args) < 1 {
stderr("discover: at least one name required")
}
for _, name := range args {
app, err := discovery.NewAppFromString(name)
if app.Labels["os"] == "" {
app.Labels["os"] = runtime.GOOS
}
if app.Labels["arch"] == "" {
app.Labels["arch"] = runtime.GOARCH
}
if err != nil {
stderr("%s: %s", name, err)
return 1
}
eps, attempts, err := discovery.DiscoverEndpoints(*app, transportFlags.Insecure)
if err != nil {
stderr("error fetching %s: %s", name, err)
return 1
}
for _, a := range attempts {
fmt.Printf("discover walk: prefix: %s error: %v\n", a.Prefix, a.Error)
}
for _, aciEndpoint := range eps.ACIEndpoints {
fmt.Printf("ACI: %s, ASC: %s\n", aciEndpoint.ACI, aciEndpoint.ASC)
}
if len(eps.Keys) > 0 {
fmt.Println("Keys: " + strings.Join(eps.Keys, ","))
}
}
return
}
func runImageCatManifest(cmd *cobra.Command, args []string) (exit int) {
if len(args) != 1 {
cmd.Usage()
return 1
}
s, err := store.NewStore(globalFlags.Dir)
if err != nil {
stderr("image cat-manifest: cannot open store: %v", err)
return 1
}
var key string
if _, err := types.NewHash(args[0]); err == nil {
key, err = s.ResolveKey(args[0])
if err != nil {
stderr("image cat-manifest: cannot resolve key: %v", err)
return 1
}
} else {
app, err := discovery.NewAppFromString(args[0])
if err != nil {
stderr("image cat-manifest: cannot parse the image name: %v", err)
return 1
}
labels, err := types.LabelsFromMap(app.Labels)
if err != nil {
stderr("image cat-manifest: invalid labels in the name: %v", err)
return 1
}
key, err = s.GetACI(app.Name, labels)
if err != nil {
stderr("image cat-manifest: cannot find image: %v", err)
return 1
}
}
manifest, err := s.GetImageManifest(key)
if err != nil {
stderr("image cat-manifest: cannot get image manifest: %v", err)
return 1
}
var b []byte
if flagPrettyPrint {
b, err = json.MarshalIndent(manifest, "", "\t")
} else {
b, err = json.Marshal(manifest)
}
if err != nil {
stderr("image cat-manifest: cannot read the image manifest: %v", err)
return 1
}
stdout(string(b))
return 0
}
func getStoreKeyFromApp(s *store.Store, img string) (string, error) {
app, err := discovery.NewAppFromString(img)
if err != nil {
return "", fmt.Errorf("cannot parse the image name: %v", err)
}
labels, err := types.LabelsFromMap(app.Labels)
if err != nil {
return "", fmt.Errorf("invalid labels in the name: %v", err)
}
key, err := s.GetACI(app.Name, labels)
if err != nil {
return "", fmt.Errorf("cannot find image: %v", err)
}
return key, nil
}
func runDiscover(args []string) (exit int) {
if len(args) < 1 {
stderr("discover: at least one name required")
}
for _, name := range args {
app, err := discovery.NewAppFromString(name)
if app.Labels["os"] == "" {
app.Labels["os"] = runtime.GOOS
}
if app.Labels["arch"] == "" {
app.Labels["arch"] = runtime.GOARCH
}
if err != nil {
stderr("%s: %s", name, err)
return 1
}
insecure := discovery.InsecureNone
if transportFlags.Insecure {
insecure = discovery.InsecureTls | discovery.InsecureHttp
}
eps, attempts, err := discovery.DiscoverEndpoints(*app, nil, insecure)
if err != nil {
stderr("error fetching %s: %s", name, err)
return 1
}
for _, a := range attempts {
fmt.Printf("discover walk: prefix: %s error: %v\n", a.Prefix, a.Error)
}
if outputJson {
jsonBytes, err := json.MarshalIndent(&eps, "", " ")
if err != nil {
stderr("error generating JSON: %s", err)
return 1
}
fmt.Println(string(jsonBytes))
} else {
for _, aciEndpoint := range eps.ACIEndpoints {
fmt.Printf("ACI: %s, ASC: %s\n", aciEndpoint.ACI, aciEndpoint.ASC)
}
if len(eps.Keys) > 0 {
fmt.Println("Keys: " + strings.Join(eps.Keys, ","))
}
}
}
return
}
// newDiscoveryApp creates a discovery app if the given img is an app name and
// has a URL-like structure, for example example.com/reduce-worker.
// Or it returns nil.
func newDiscoveryApp(img string) *discovery.App {
app, err := discovery.NewAppFromString(img)
if err != nil {
return nil
}
u, err := url.Parse(app.Name.String())
if err != nil || u.Scheme != "" {
return nil
}
if _, ok := app.Labels["arch"]; !ok {
app.Labels["arch"] = defaultArch
}
if _, ok := app.Labels["os"]; !ok {
app.Labels["os"] = defaultOS
}
return app
}
// metaDiscoverPubKeyLocations discovers the public key through ACDiscovery by applying prefix as an ACApp
func metaDiscoverPubKeyLocations(prefix string) ([]string, error) {
app, err := discovery.NewAppFromString(prefix)
if err != nil {
return nil, err
}
ep, attempts, err := discovery.DiscoverPublicKeys(*app, flagAllowHTTP)
if err != nil {
return nil, err
}
if globalFlags.Debug {
for _, a := range attempts {
fmt.Fprintf(os.Stderr, "meta tag 'ac-discovery-pubkeys' not found on %s: %v\n", a.Prefix, a.Error)
}
}
return ep.Keys, nil
}
// metaDiscoverPubKeyLocations discovers the public key through ACDiscovery by applying prefix as an ACApp
func metaDiscoverPubKeyLocations(prefix string, allowHTTP bool, debug bool) ([]string, error) {
app, err := discovery.NewAppFromString(prefix)
if err != nil {
return nil, err
}
ep, attempts, err := discovery.DiscoverPublicKeys(*app, allowHTTP)
if err != nil {
return nil, err
}
if debug {
for _, a := range attempts {
stderr("meta tag 'ac-discovery-pubkeys' not found on %s: %v", a.Prefix, a.Error)
}
}
return ep.Keys, nil
}
// metaDiscoverPubKeyLocations discovers the public key through ACDiscovery by applying prefix as an ACApp
func (m *Manager) metaDiscoverPubKeyLocations(prefix string) ([]string, error) {
app, err := discovery.NewAppFromString(prefix)
if err != nil {
return nil, err
}
hostHeaders := config.ResolveAuthPerHost(m.AuthPerHost)
ep, attempts, err := discovery.DiscoverPublicKeys(*app, hostHeaders, m.InsecureAllowHttp)
if err != nil {
return nil, err
}
if m.Debug {
for _, a := range attempts {
stderr("meta tag 'ac-discovery-pubkeys' not found on %s: %v", a.Prefix, a.Error)
}
}
return ep.Keys, nil
}
func newAppBundle(name string) (*appBundle, error) {
app, err := discovery.NewAppFromString(name)
if err != nil {
return nil, fmt.Errorf("invalid image name %q: %v", name, err)
}
if _, ok := app.Labels["arch"]; !ok {
app.Labels["arch"] = runtime.GOARCH
}
if _, ok := app.Labels["os"]; !ok {
app.Labels["os"] = runtime.GOOS
}
if err := types.IsValidOSArch(app.Labels, stage0.ValidOSArch); err != nil {
return nil, fmt.Errorf("invalid image name %q: %v", name, err)
}
bundle := &appBundle{
App: app,
Str: name,
}
return bundle, nil
}
func getStoreKeyFromApp(s *store.Store, img string) (string, error) {
app, err := discovery.NewAppFromString(img)
if err != nil {
return "", fmt.Errorf("cannot parse the image name %q: %v", img, err)
}
labels, err := types.LabelsFromMap(app.Labels)
if err != nil {
return "", fmt.Errorf("invalid labels in the image %q: %v", img, err)
}
key, err := s.GetACI(app.Name, labels)
if err != nil {
switch err.(type) {
case store.ACINotFoundError:
return "", err
default:
return "", fmt.Errorf("cannot find image %q: %v", img, err)
}
}
return key, nil
}
// metaDiscoverPubKeyLocations discovers the public key through ACDiscovery by applying prefix as an ACApp
func (m *Manager) metaDiscoverPubKeyLocations(prefix string) ([]string, error) {
app, err := discovery.NewAppFromString(prefix)
if err != nil {
return nil, err
}
// TODO(krnowak): we should probably apply credential headers
// from config here
ep, attempts, err := discovery.DiscoverPublicKeys(*app, m.InsecureAllowHttp)
if err != nil {
return nil, err
}
if m.Debug {
for _, a := range attempts {
stderr("meta tag 'ac-discovery-pubkeys' not found on %s: %v", a.Prefix, a.Error)
}
}
return ep.Keys, nil
}
func getKeyFromAppOrHash(s *store.Store, input string) (string, error) {
var key string
if _, err := types.NewHash(input); err == nil {
key, err = s.ResolveKey(input)
if err != nil {
return "", fmt.Errorf("cannot resolve key: %v", err)
}
} else {
app, err := discovery.NewAppFromString(input)
if err != nil {
return "", fmt.Errorf("cannot parse the image name: %v", err)
}
labels, err := types.LabelsFromMap(app.Labels)
if err != nil {
return "", fmt.Errorf("invalid labels in the name: %v", err)
}
key, err = s.GetACI(app.Name, labels)
if err != nil {
return "", fmt.Errorf("cannot find image: %v", err)
}
}
return key, nil
}
// fetchSingleImage will take an image as either a URL or a name string and
// import it into the store if found. If discover is true meta-discovery is
// enabled. If asc is not "", it must exist as a local file and will be used
// as the signature file for verification, unless verification is disabled.
func (f *fetcher) fetchSingleImage(img string, asc string, discover bool) (string, error) {
var (
ascFile *os.File
err error
)
if asc != "" && f.ks != nil {
ascFile, err = os.Open(asc)
if err != nil {
return "", fmt.Errorf("unable to open signature file: %v", err)
}
defer ascFile.Close()
}
u, err := url.Parse(img)
if err != nil {
return "", fmt.Errorf("not a valid image reference (%s)", img)
}
// if img refers to a local file, ensure the scheme is file:// and make the url path absolute
_, err = os.Stat(u.Path)
if err == nil {
u.Path, err = filepath.Abs(u.Path)
if err != nil {
return "", fmt.Errorf("unable to get abs path: %v", err)
}
u.Scheme = "file"
} else if !os.IsNotExist(err) {
return "", fmt.Errorf("unable to access %q: %v", img, err)
}
if discover && u.Scheme == "" {
if f.local {
app, err := discovery.NewAppFromString(img)
if err != nil {
return "", err
}
labels, err := types.LabelsFromMap(app.Labels)
if err != nil {
return "", err
}
return f.s.GetACI(app.Name, labels)
}
if app := newDiscoveryApp(img); app != nil {
stdout("rkt: searching for app image %s", img)
ep, attempts, err := discovery.DiscoverEndpoints(*app, true)
if globalFlags.Debug {
for _, a := range attempts {
stderr("meta tag 'ac-discovery' not found on %s: %v", a.Prefix, a.Error)
}
}
if err != nil {
return "", err
}
if len(ep.ACIEndpoints) == 0 {
return "", fmt.Errorf("no endpoints discovered")
}
latest := false
// No specified version label, mark it as latest
if _, ok := app.Labels["version"]; !ok {
latest = true
}
return f.fetchImageFromEndpoints(ep, ascFile, latest)
}
}
switch u.Scheme {
case "http", "https", "docker", "file":
default:
return "", fmt.Errorf("rkt only supports http, https, docker or file URLs (%s)", img)
}
return f.fetchImageFromURL(u.String(), u.Scheme, ascFile, false)
}