Пример #1
0
func runDiscover(args []string) (exit int) {
	if len(args) < 1 {
		stderr("discover: at least one name required")
	}

	for _, name := range args {
		app, err := discovery.NewAppFromString(name)
		if app.Labels["os"] == "" {
			app.Labels["os"] = runtime.GOOS
		}
		if app.Labels["arch"] == "" {
			app.Labels["arch"] = runtime.GOARCH
		}
		if err != nil {
			stderr("%s: %s", name, err)
			return 1
		}
		eps, attempts, err := discovery.DiscoverEndpoints(*app, transportFlags.Insecure)
		if err != nil {
			stderr("error fetching %s: %s", name, err)
			return 1
		}
		for _, a := range attempts {
			fmt.Printf("discover walk: prefix: %s error: %v\n", a.Prefix, a.Error)
		}
		for _, aciEndpoint := range eps.ACIEndpoints {
			fmt.Printf("ACI: %s, ASC: %s\n", aciEndpoint.ACI, aciEndpoint.ASC)
		}
		if len(eps.Keys) > 0 {
			fmt.Println("Keys: " + strings.Join(eps.Keys, ","))
		}
	}

	return
}
Пример #2
0
func runImageCatManifest(cmd *cobra.Command, args []string) (exit int) {
	if len(args) != 1 {
		cmd.Usage()
		return 1
	}

	s, err := store.NewStore(globalFlags.Dir)
	if err != nil {
		stderr("image cat-manifest: cannot open store: %v", err)
		return 1
	}

	var key string
	if _, err := types.NewHash(args[0]); err == nil {
		key, err = s.ResolveKey(args[0])
		if err != nil {
			stderr("image cat-manifest: cannot resolve key: %v", err)
			return 1
		}
	} else {
		app, err := discovery.NewAppFromString(args[0])
		if err != nil {
			stderr("image cat-manifest: cannot parse the image name: %v", err)
			return 1
		}
		labels, err := types.LabelsFromMap(app.Labels)
		if err != nil {
			stderr("image cat-manifest: invalid labels in the name: %v", err)
			return 1
		}
		key, err = s.GetACI(app.Name, labels)
		if err != nil {
			stderr("image cat-manifest: cannot find image: %v", err)
			return 1
		}
	}

	manifest, err := s.GetImageManifest(key)
	if err != nil {
		stderr("image cat-manifest: cannot get image manifest: %v", err)
		return 1
	}

	var b []byte
	if flagPrettyPrint {
		b, err = json.MarshalIndent(manifest, "", "\t")
	} else {
		b, err = json.Marshal(manifest)
	}
	if err != nil {
		stderr("image cat-manifest: cannot read the image manifest: %v", err)
		return 1
	}

	stdout(string(b))
	return 0
}
Пример #3
0
func getStoreKeyFromApp(s *store.Store, img string) (string, error) {
	app, err := discovery.NewAppFromString(img)
	if err != nil {
		return "", fmt.Errorf("cannot parse the image name: %v", err)
	}
	labels, err := types.LabelsFromMap(app.Labels)
	if err != nil {
		return "", fmt.Errorf("invalid labels in the name: %v", err)
	}
	key, err := s.GetACI(app.Name, labels)
	if err != nil {
		return "", fmt.Errorf("cannot find image: %v", err)
	}
	return key, nil
}
Пример #4
0
func runDiscover(args []string) (exit int) {
	if len(args) < 1 {
		stderr("discover: at least one name required")
	}

	for _, name := range args {
		app, err := discovery.NewAppFromString(name)
		if app.Labels["os"] == "" {
			app.Labels["os"] = runtime.GOOS
		}
		if app.Labels["arch"] == "" {
			app.Labels["arch"] = runtime.GOARCH
		}
		if err != nil {
			stderr("%s: %s", name, err)
			return 1
		}
		insecure := discovery.InsecureNone
		if transportFlags.Insecure {
			insecure = discovery.InsecureTls | discovery.InsecureHttp
		}
		eps, attempts, err := discovery.DiscoverEndpoints(*app, nil, insecure)
		if err != nil {
			stderr("error fetching %s: %s", name, err)
			return 1
		}
		for _, a := range attempts {
			fmt.Printf("discover walk: prefix: %s error: %v\n", a.Prefix, a.Error)
		}
		if outputJson {
			jsonBytes, err := json.MarshalIndent(&eps, "", "    ")
			if err != nil {
				stderr("error generating JSON: %s", err)
				return 1
			}
			fmt.Println(string(jsonBytes))
		} else {
			for _, aciEndpoint := range eps.ACIEndpoints {
				fmt.Printf("ACI: %s, ASC: %s\n", aciEndpoint.ACI, aciEndpoint.ASC)
			}
			if len(eps.Keys) > 0 {
				fmt.Println("Keys: " + strings.Join(eps.Keys, ","))
			}
		}
	}

	return
}
Пример #5
0
// newDiscoveryApp creates a discovery app if the given img is an app name and
// has a URL-like structure, for example example.com/reduce-worker.
// Or it returns nil.
func newDiscoveryApp(img string) *discovery.App {
	app, err := discovery.NewAppFromString(img)
	if err != nil {
		return nil
	}
	u, err := url.Parse(app.Name.String())
	if err != nil || u.Scheme != "" {
		return nil
	}
	if _, ok := app.Labels["arch"]; !ok {
		app.Labels["arch"] = defaultArch
	}
	if _, ok := app.Labels["os"]; !ok {
		app.Labels["os"] = defaultOS
	}
	return app
}
Пример #6
0
// metaDiscoverPubKeyLocations discovers the public key through ACDiscovery by applying prefix as an ACApp
func metaDiscoverPubKeyLocations(prefix string) ([]string, error) {
	app, err := discovery.NewAppFromString(prefix)
	if err != nil {
		return nil, err
	}

	ep, attempts, err := discovery.DiscoverPublicKeys(*app, flagAllowHTTP)
	if err != nil {
		return nil, err
	}

	if globalFlags.Debug {
		for _, a := range attempts {
			fmt.Fprintf(os.Stderr, "meta tag 'ac-discovery-pubkeys' not found on %s: %v\n", a.Prefix, a.Error)
		}
	}

	return ep.Keys, nil
}
Пример #7
0
// metaDiscoverPubKeyLocations discovers the public key through ACDiscovery by applying prefix as an ACApp
func metaDiscoverPubKeyLocations(prefix string, allowHTTP bool, debug bool) ([]string, error) {
	app, err := discovery.NewAppFromString(prefix)
	if err != nil {
		return nil, err
	}

	ep, attempts, err := discovery.DiscoverPublicKeys(*app, allowHTTP)
	if err != nil {
		return nil, err
	}

	if debug {
		for _, a := range attempts {
			stderr("meta tag 'ac-discovery-pubkeys' not found on %s: %v", a.Prefix, a.Error)
		}
	}

	return ep.Keys, nil
}
Пример #8
0
// metaDiscoverPubKeyLocations discovers the public key through ACDiscovery by applying prefix as an ACApp
func (m *Manager) metaDiscoverPubKeyLocations(prefix string) ([]string, error) {
	app, err := discovery.NewAppFromString(prefix)
	if err != nil {
		return nil, err
	}

	hostHeaders := config.ResolveAuthPerHost(m.AuthPerHost)
	ep, attempts, err := discovery.DiscoverPublicKeys(*app, hostHeaders, m.InsecureAllowHttp)
	if err != nil {
		return nil, err
	}

	if m.Debug {
		for _, a := range attempts {
			stderr("meta tag 'ac-discovery-pubkeys' not found on %s: %v", a.Prefix, a.Error)
		}
	}

	return ep.Keys, nil
}
Пример #9
0
func newAppBundle(name string) (*appBundle, error) {
	app, err := discovery.NewAppFromString(name)
	if err != nil {
		return nil, fmt.Errorf("invalid image name %q: %v", name, err)
	}
	if _, ok := app.Labels["arch"]; !ok {
		app.Labels["arch"] = runtime.GOARCH
	}
	if _, ok := app.Labels["os"]; !ok {
		app.Labels["os"] = runtime.GOOS
	}
	if err := types.IsValidOSArch(app.Labels, stage0.ValidOSArch); err != nil {
		return nil, fmt.Errorf("invalid image name %q: %v", name, err)
	}
	bundle := &appBundle{
		App: app,
		Str: name,
	}
	return bundle, nil
}
Пример #10
0
func getStoreKeyFromApp(s *store.Store, img string) (string, error) {
	app, err := discovery.NewAppFromString(img)
	if err != nil {
		return "", fmt.Errorf("cannot parse the image name %q: %v", img, err)
	}
	labels, err := types.LabelsFromMap(app.Labels)
	if err != nil {
		return "", fmt.Errorf("invalid labels in the image %q: %v", img, err)
	}
	key, err := s.GetACI(app.Name, labels)
	if err != nil {
		switch err.(type) {
		case store.ACINotFoundError:
			return "", err
		default:
			return "", fmt.Errorf("cannot find image %q: %v", img, err)
		}
	}
	return key, nil
}
Пример #11
0
// metaDiscoverPubKeyLocations discovers the public key through ACDiscovery by applying prefix as an ACApp
func (m *Manager) metaDiscoverPubKeyLocations(prefix string) ([]string, error) {
	app, err := discovery.NewAppFromString(prefix)
	if err != nil {
		return nil, err
	}

	// TODO(krnowak): we should probably apply credential headers
	// from config here
	ep, attempts, err := discovery.DiscoverPublicKeys(*app, m.InsecureAllowHttp)
	if err != nil {
		return nil, err
	}

	if m.Debug {
		for _, a := range attempts {
			stderr("meta tag 'ac-discovery-pubkeys' not found on %s: %v", a.Prefix, a.Error)
		}
	}

	return ep.Keys, nil
}
Пример #12
0
func getKeyFromAppOrHash(s *store.Store, input string) (string, error) {
	var key string
	if _, err := types.NewHash(input); err == nil {
		key, err = s.ResolveKey(input)
		if err != nil {
			return "", fmt.Errorf("cannot resolve key: %v", err)
		}
	} else {
		app, err := discovery.NewAppFromString(input)
		if err != nil {
			return "", fmt.Errorf("cannot parse the image name: %v", err)
		}
		labels, err := types.LabelsFromMap(app.Labels)
		if err != nil {
			return "", fmt.Errorf("invalid labels in the name: %v", err)
		}
		key, err = s.GetACI(app.Name, labels)
		if err != nil {
			return "", fmt.Errorf("cannot find image: %v", err)
		}
	}

	return key, nil
}
Пример #13
0
// fetchSingleImage will take an image as either a URL or a name string and
// import it into the store if found.  If discover is true meta-discovery is
// enabled.  If asc is not "", it must exist as a local file and will be used
// as the signature file for verification, unless verification is disabled.
func (f *fetcher) fetchSingleImage(img string, asc string, discover bool) (string, error) {
	var (
		ascFile *os.File
		err     error
	)
	if asc != "" && f.ks != nil {
		ascFile, err = os.Open(asc)
		if err != nil {
			return "", fmt.Errorf("unable to open signature file: %v", err)
		}
		defer ascFile.Close()
	}

	u, err := url.Parse(img)
	if err != nil {
		return "", fmt.Errorf("not a valid image reference (%s)", img)
	}

	// if img refers to a local file, ensure the scheme is file:// and make the url path absolute
	_, err = os.Stat(u.Path)
	if err == nil {
		u.Path, err = filepath.Abs(u.Path)
		if err != nil {
			return "", fmt.Errorf("unable to get abs path: %v", err)
		}
		u.Scheme = "file"
	} else if !os.IsNotExist(err) {
		return "", fmt.Errorf("unable to access %q: %v", img, err)
	}

	if discover && u.Scheme == "" {
		if f.local {
			app, err := discovery.NewAppFromString(img)
			if err != nil {
				return "", err
			}
			labels, err := types.LabelsFromMap(app.Labels)
			if err != nil {
				return "", err
			}
			return f.s.GetACI(app.Name, labels)
		}
		if app := newDiscoveryApp(img); app != nil {
			stdout("rkt: searching for app image %s", img)
			ep, attempts, err := discovery.DiscoverEndpoints(*app, true)

			if globalFlags.Debug {
				for _, a := range attempts {
					stderr("meta tag 'ac-discovery' not found on %s: %v", a.Prefix, a.Error)
				}
			}

			if err != nil {
				return "", err
			}

			if len(ep.ACIEndpoints) == 0 {
				return "", fmt.Errorf("no endpoints discovered")
			}

			latest := false
			// No specified version label, mark it as latest
			if _, ok := app.Labels["version"]; !ok {
				latest = true
			}
			return f.fetchImageFromEndpoints(ep, ascFile, latest)
		}
	}

	switch u.Scheme {
	case "http", "https", "docker", "file":
	default:
		return "", fmt.Errorf("rkt only supports http, https, docker or file URLs (%s)", img)
	}
	return f.fetchImageFromURL(u.String(), u.Scheme, ascFile, false)
}