Merge pull request #163 from EmmEff/oci-artifact-name-mapping

Resolve short named artifact issue

Author: EmmEff

client/oci.go

@@ -1,4 +1,4 @@
-// Copyright (c) 2018-2022, Sylabs Inc. All rights reserved.
+// Copyright (c) 2018-2023, Sylabs Inc. All rights reserved.
 // This software is licensed under a 3-clause BSD license. Please consult the
 // LICENSE.md file distributed with the sources of this project regarding your
 // rights to use or distribute this software.
@@ -30,8 +30,12 @@ const mediaTypeSIFLayer = "application/vnd.sylabs.sif.layer.v1.sif"
 // ociRegistryAuth uses Cloud Library endpoint to determine if artifact can be pulled
 // directly from OCI registry.
 //
-// Returns url and credentials (if applicable) for that url.
-func (c *Client) ociRegistryAuth(ctx context.Context, name string, accessTypes []accessType) (*url.URL, *bearerTokenCredentials, error) {
+// Returns url, credentials (if applicable) for that url, and mapped name.
+//
+// The mapped name can be the same value as 'name' or mapped to a fully-qualified name
+// (ie. from "alpine" to "library/default/alpine") if supported by cloud library server.
+// It will never be an empty string ("")
+func (c *Client) ociRegistryAuth(ctx context.Context, name string, accessTypes []accessType) (*url.URL, *bearerTokenCredentials, string, error) {
 	// Build raw query string to get token for specified namespace and access
 	v := url.Values{}
 	v.Set("namespace", name)
@@ -45,7 +49,7 @@ func (c *Client) ociRegistryAuth(ctx context.Context, name string, accessTypes [
 
 	req, err := c.newRequest(ctx, http.MethodGet, "v1/oci-redirect", v.Encode(), nil)
 	if err != nil {
-		return nil, nil, err
+		return nil, nil, "", err
 	}
 
 	if c.UserAgent != "" {
@@ -54,30 +58,35 @@ func (c *Client) ociRegistryAuth(ctx context.Context, name string, accessTypes [
 
 	res, err := c.HTTPClient.Do(req)
 	if err != nil {
-		return nil, nil, fmt.Errorf("error determining direct OCI registry access: %w", err)
+		return nil, nil, "", fmt.Errorf("error determining direct OCI registry access: %w", err)
 	}
 	defer res.Body.Close()
 
 	if res.StatusCode != http.StatusOK {
-		return nil, nil, fmt.Errorf("error determining direct OCI registry access: %w", err)
+		return nil, nil, "", fmt.Errorf("error determining direct OCI registry access: %w", err)
 	}
 
 	type ociDownloadRedirectResponse struct {
 		Token       string `json:"token"`
 		RegistryURI string `json:"url"`
+		Name        string `json:"name"`
 	}
 
 	var ociArtifactSpec ociDownloadRedirectResponse
 
 	if err := json.NewDecoder(res.Body).Decode(&ociArtifactSpec); err != nil {
-		return nil, nil, fmt.Errorf("error decoding direct OCI registry access response: %w", err)
+		return nil, nil, "", fmt.Errorf("error decoding direct OCI registry access response: %w", err)
+	}
+
+	if ociArtifactSpec.Name != "" && ociArtifactSpec.Name != name {
+		name = ociArtifactSpec.Name
 	}
 
 	endpoint, err := url.Parse(ociArtifactSpec.RegistryURI)
 	if err != nil {
-		return nil, nil, fmt.Errorf("malformed OCI registry URI %v: %v", ociArtifactSpec.RegistryURI, err)
+		return nil, nil, "", fmt.Errorf("malformed OCI registry URI %v: %v", ociArtifactSpec.RegistryURI, err)
 	}
-	return endpoint, &bearerTokenCredentials{authToken: ociArtifactSpec.Token}, nil
+	return endpoint, &bearerTokenCredentials{authToken: ociArtifactSpec.Token}, name, nil
 }
 
 const (
@@ -621,21 +630,27 @@ func (r *ociRegistry) getImageConfig(ctx context.Context, creds credentials, nam
 
 var errOCIDownloadNotSupported = errors.New("not supported")
 
-func (c *Client) newOCIRegistry(ctx context.Context, name string, accessTypes []accessType) (*ociRegistry, *bearerTokenCredentials, error) {
+func (c *Client) newOCIRegistry(ctx context.Context, name string, accessTypes []accessType) (*ociRegistry, *bearerTokenCredentials, string, error) {
 	// Attempt to obtain (direct) OCI registry auth token
-	registryURI, creds, err := c.ociRegistryAuth(ctx, name, accessTypes)
+	originalName := name
+
+	registryURI, creds, name, err := c.ociRegistryAuth(ctx, name, accessTypes)
 	if err != nil {
-		return nil, nil, errOCIDownloadNotSupported
+		return nil, nil, "", errOCIDownloadNotSupported
 	}
 
 	// Download directly from OCI registry
 	c.Logger.Logf("Using OCI registry endpoint %v", registryURI)
 
-	return &ociRegistry{baseURL: registryURI, httpClient: c.HTTPClient, logger: c.Logger}, creds, nil
+	if name != "" && originalName != name {
+		c.Logger.Logf("OCI artifact name \"%v\" mapped to \"%v\"", originalName, name)
+	}
+
+	return &ociRegistry{baseURL: registryURI, httpClient: c.HTTPClient, logger: c.Logger}, creds, name, nil
 }
 
 func (c *Client) ociDownloadImage(ctx context.Context, arch, name, tag string, w io.WriterAt, spec *Downloader, pb ProgressBar) error {
-	reg, creds, err := c.newOCIRegistry(ctx, name, []accessType{accessTypePull})
+	reg, creds, name, err := c.newOCIRegistry(ctx, name, []accessType{accessTypePull})
 	if err != nil {
 		return err
 	}
@@ -663,7 +678,7 @@ func (e *unexpectedImageDigest) Error() string {
 }
 
 func (c *Client) ociUploadImage(ctx context.Context, r io.Reader, size int64, name, arch string, tags []string, description, hash string, callback UploadCallback) error {
-	reg, creds, err := c.newOCIRegistry(ctx, name, []accessType{accessTypePull, accessTypePush})
+	reg, creds, name, err := c.newOCIRegistry(ctx, name, []accessType{accessTypePull, accessTypePush})
 	if err != nil {
 		return err
 	}

client/oci_test.go

@@ -1,3 +1,8 @@
+// Copyright (c) 2022-2023, Sylabs Inc. All rights reserved.
+// This software is licensed under a 3-clause BSD license. Please consult the
+// LICENSE.md file distributed with the sources of this project regarding your
+// rights to use or distribute this software.
+
 package client
 
 import (
@@ -14,9 +19,13 @@ func TestOciRegistryAuth(t *testing.T) {
 	tests := []struct {
 		name                       string
 		directOciDownloadSupported bool
+		ref                        string
+		mappedRef                  string
 	}{
-		{"Basic", true},
-		{"NotSupported", false},
+		{"Basic", true, "entity/collection/container", "entity/collection/container"},
+		{"TwoElements", true, "entity/container", "entity/container"},
+		{"ShortName", true, "alpine", "library/default/alpine"},
+		{"NotSupported", false, "", ""},
 	}
 
 	for _, tt := range tests {
@@ -34,9 +43,11 @@ func TestOciRegistryAuth(t *testing.T) {
 				response := struct {
 					Token       string `json:"token"`
 					RegistryURI string `json:"url"`
+					Name        string `json:"name"`
 				}{
 					Token:       "xxx",
 					RegistryURI: ociRegistryURI,
+					Name:        tt.mappedRef,
 				}
 
 				if v := r.URL.Query().Get("namespace"); v == "" {
@@ -53,30 +64,38 @@ func TestOciRegistryAuth(t *testing.T) {
 			}))
 			defer testShimSrv.Close()
 
-			c, err := NewClient(&Config{
+			clientCfg := &Config{
 				BaseURL:   testShimSrv.URL,
 				Logger:    &stdLogger{},
 				UserAgent: "scs-library-client-unit-tests/1.0",
-			})
+			}
+
+			c, err := NewClient(clientCfg)
 			if err != nil {
 				t.Fatalf("error initializing client: %v", err)
 			}
 
-			u, creds, err := c.ociRegistryAuth(context.Background(), "testproject/testrepo", []accessType{accessTypePull})
+			u, creds, name, err := c.ociRegistryAuth(context.Background(), tt.ref, []accessType{accessTypePull})
 			if tt.directOciDownloadSupported && err != nil {
 				t.Fatalf("error getting OCI registry credentials: %v", err)
 			} else if !tt.directOciDownloadSupported && err == nil {
 				t.Fatal("unexpected success")
 			}
 
-			if tt.directOciDownloadSupported {
-				if got, want := u.String(), ociRegistryURI; got != want {
-					t.Fatalf("unexpected OCI registry URI: got %v, want %v", got, want)
-				}
+			if !tt.directOciDownloadSupported {
+				return
+			}
 
-				if creds == nil {
-					t.Fatal("expecting bearer token credential")
-				}
+			if got, want := name, tt.mappedRef; got != want {
+				t.Fatalf("unexpected OCI artifact name: got %v, want %v", got, want)
+			}
+
+			if got, want := u.String(), ociRegistryURI; got != want {
+				t.Fatalf("unexpected OCI registry URI: got %v, want %v", got, want)
+			}
+
+			if creds == nil {
+				t.Fatal("expecting bearer token credential")
 			}
 		})
 	}