also remove fixtures pkg as it would clutter godoc (there's not need
to have a .go files with fixtures)
Signed-off-by: Antonio Murdaca <runcom@redhat.com>
This does not change behavior.
Rename types.DockerImageManifest to types.ImageInspectInfo.
This naming more accurately reflects what the function does and how it is
expected to be used.
(The only outstanding non-inspection piece is the Name field, which is
kind of a subset of GetIntendedDockerReference() right now. Not sure
whether that is intentional.)
Also fold makeImageManifest into its only user.
This does not change behavior.
Splits listing of repository tags, which is not a property of an image,
from the image.Manifest gathering of information about an image.
Compute the digest ourselves, the registry is in general untrusted and
computing it ourserlves is easy enough.
The stop passing the unverifiedCanonicalDigest value around, simplifying
ImageSource.GetManifest and related code. In particular, remove
retrieveRawManifest and have internal users just call Manifest() now that
we don't need the digest.
Does not change behavior.
This will allow us to move collecting some of the data to the (skopeo
inspect) code and to have a more focused types.Image API, where
types.Image.Manifest() does not return a grab bag of manifest-unrelated
data, eventually.
For how it actually makes the coupling more explicit by having
types.Image.Manifest() return a types.DockerImageManifest instead of the
too generic types.ImageManifest. We will need to think about which
parts of DockerImageManifest are truly generic, later.
Does not change behavior.
This better expresses the purpose of this method (it is working with
more, currently much more, than the manifest), and frees up the Manifest
method name for a simple getter of the raw blob.
No change in behavior.
These functions are guaranteed-cached versions of the same method in
types.ImageSource. Both will be needed for signature policy evaluation,
and the symmetry with ImageSource is nice.
Also replaces the equivalent RawManifest method, preferring to keep
the same naming convention as types.ImageSource.
Does not change behavior. This is a straightforward move and update of
package references, except for:
- Adding a duplicate definition of manifestSchema1 to
cmd/skopeo/copy.go. This will need to be cleaned up later, for now
preferring to make no design changes in this commit.
- Renaming parseDockerImage to NewDockerImage, to both make it public
and consistent with common golang conventions.
No semantic change, only a reorganization: The utilities now return
jsonFormatError instead of InvalidSignatureError, but their only
caller maps it back.
The dir: source type does not return the value, the value is
untrusted/not validated, and it is not at all clear why we should print
it in the first place.
This expects a GPG key fingerprint as a value of the argument (though
other key identification methods, like mitr@volny.cz, happen to work).
Do we need to namespace this (gpg:…)?
Note that this is unusable at the moment because only the dir: backend
implements storing signatures, and this backend does can not determine
the canonical Docker reference to use as a signed image identity.
This copies an image from ImageSource to ImageDestination, e.g.
skopeo copy atomic:mitr/busybox:latest dir:t-down # pull
skopeo copy dir:t-up atomic:mitr/busybox:latest # push
This finally uses all of the ImageSource and ImageDestination
implementations, though these utilities are in turn not used yet.
Adds unresolved FIXME (FIXME!!) notes for the tlsVerify default value;
for now, the code follows the existing parseImage semantics.
Also note the naming inconsistency: dir:…, atomic:…, but
docker://… . I think the non-// names are cleaner, but if we are
committed to docker://…, just being consistent might be better.
Note that this assumes that both (docker login) and (oc login) has
happened, the credentials can be read from the usual config files,
and that the default OpenShift instance should be used.
This includes copy&pasted/modified/simplified code from OpenShift
and Kubernetes, primarily for config file parsing and setting up
TLS and HTTP authentication.
This is much smaller than linking to the upstream OpenShift client
libraries, which via various abstractions and registration drag in much
(dozens of megabytes) more code.
The primary loss from this simplification is automatic conversions
between various versions of the API objects, both for the REST API and
for local configuration storage.
This does not contain downloading/uploading signatures, which depends on
server-side support.
Note that this does not allow uploading under new tags; Docker Registry
requires the tag to be present within the manifest, i.e. we might need
to modify the (possibly signed) manifest.
For now, uploading manifests only identified by a digest is sufficient
for the Atomic Registry; tagging happens in OpenShift imagestreams.
The dockerClient encapsulates makeRequest and authentication setup, and
will be shared between the pull and push code.
This is only a restructuring, does not change behavior.
The dockerImage->dockerImageSource->dockerClient inclusion chain is
somewhat ugly, hopefully eventually we will move the remaining
dockerImage functionality either to dockerutils or to the top level, and
then eliminate it.
The Docker Registry manifest upload should supply a Content-Type, and
guessing from the contents is the easiest we can do right now.
Also eliminate dockerutils.manifestMIMEType, it is making it too
difficult to use the returned value to be worth the extra safety.
Call dockerImageSource.ping() in .makeRequest() if needed, instead of
expecting a caller to do it (which only happened in GetManifest).
This required splitting the URLs into the baseURL (dependent on .ping()
result) and the suffix (independent of it), which was a simplification
anyway.
Also rename WWWAuthenticate to wwwAuthenticate, it is a private cache
field.
