Merge pull request #139 from bank-vaults/fix-docker-image-ref

fix: parse docker image references in accordance with the standard grammar

go.mod

@@ -12,6 +12,7 @@ require (
 	github.com/onsi/ginkgo/v2 v2.11.0
 	github.com/onsi/gomega v1.27.10
 	github.com/prometheus-operator/prometheus-operator/pkg/apis/monitoring v0.66.0
+	github.com/sagikazarmark/docker-ref v0.1.0
 	github.com/spf13/cast v1.5.1
 	github.com/stretchr/testify v1.8.4
 	gopkg.in/yaml.v3 v3.0.1
@@ -83,6 +84,7 @@ require (
 	github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd // indirect
 	github.com/modern-go/reflect2 v1.0.2 // indirect
 	github.com/munnerz/goautoneg v0.0.0-20191010083416-a7dc8b61c822 // indirect
+	github.com/opencontainers/go-digest v1.0.0 // indirect
 	github.com/pkg/errors v0.9.1 // indirect
 	github.com/pmezard/go-difflib v1.0.0 // indirect
 	github.com/pquerna/otp v1.2.0 // indirect

go.sum

@@ -233,6 +233,8 @@ github.com/onsi/ginkgo/v2 v2.11.0 h1:WgqUCUt/lT6yXoQ8Wef0fsNn5cAuMK7+KT9UFRz2tcU
 github.com/onsi/ginkgo/v2 v2.11.0/go.mod h1:ZhrRA5XmEE3x3rhlzamx/JJvujdZoJ2uvgI7kR0iZvM=
 github.com/onsi/gomega v1.27.10 h1:naR28SdDFlqrG6kScpT8VWpu1xWY5nJRCF3XaYyBjhI=
 github.com/onsi/gomega v1.27.10/go.mod h1:RsS8tutOdbdgzbPtzzATp12yT7kM5I5aElG3evPbQ0M=
+github.com/opencontainers/go-digest v1.0.0 h1:apOUWs51W5PlhuyGyz9FCeeBIOUDA/6nW8Oi/yOhh5U=
+github.com/opencontainers/go-digest v1.0.0/go.mod h1:0JzlMkj0TRzQZfJkVvzbP0HBR3IKzErnv2BNG4W4MAM=
 github.com/pkg/errors v0.8.1/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0=
 github.com/pkg/errors v0.9.1 h1:FEBLx1zS214owpjy7qsBeixbURkuhQAwrK5UwLGTwt4=
 github.com/pkg/errors v0.9.1/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0=
@@ -260,6 +262,8 @@ github.com/russross/blackfriday/v2 v2.1.0/go.mod h1:+Rmxgy9KzJVeS9/2gXHxylqXiyQD
 github.com/ryanuber/columnize v2.1.0+incompatible/go.mod h1:sm1tb6uqfes/u+d4ooFouqFdy9/2g9QGwK3SQygK0Ts=
 github.com/ryanuber/go-glob v1.0.0 h1:iQh3xXAumdQ+4Ufa5b25cRpC5TYKlno6hsv6Cb3pkBk=
 github.com/ryanuber/go-glob v1.0.0/go.mod h1:807d1WSdnB0XRJzKNil9Om6lcp/3a0v4qIHxIXzX/Yc=
+github.com/sagikazarmark/docker-ref v0.1.0 h1:kqBsV+9tFFaM7Xgdc5pHQSmZXSid28fDLA2sk6f8w8A=
+github.com/sagikazarmark/docker-ref v0.1.0/go.mod h1:z9VrFKv1DK3pjm7QKrjkKs+vV80FmDZLxqTS5nRNC3w=
 github.com/shurcooL/sanitized_anchor_name v1.0.0/go.mod h1:1NzhyTcUVG4SuEtjjoZeVRXNmyL/1OwPU0+IJeTBvfc=
 github.com/sirupsen/logrus v1.4.2/go.mod h1:tLMulIdttU9McNUspp0xgXVQah82FyeX6MwdIuYE2rE=
 github.com/sirupsen/logrus v1.8.1/go.mod h1:yWOB1SBYBC5VeMP7gHvWumXLIWorT60ONWic61uBYv0=

pkg/apis/vault/v1alpha1/vault_types.go

@@ -15,24 +15,24 @@
 package v1alpha1
 
 import (
+	"encoding/json"
+	"errors"
 	"fmt"
-	"github.com/Masterminds/semver/v3"
-	"github.com/imdario/mergo"
-	"github.com/spf13/cast"
-	netv1 "k8s.io/api/networking/v1"
-	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
-	"k8s.io/utils/pointer"
 	"reflect"
-	ctrl "sigs.k8s.io/controller-runtime"
 	"sort"
 	"strings"
 	"time"
 
+	"github.com/Masterminds/semver/v3"
+	"github.com/imdario/mergo"
+	"github.com/sagikazarmark/docker-ref/reference"
+	"github.com/spf13/cast"
 	v1 "k8s.io/api/core/v1"
-
-	"encoding/json"
-	"errors"
+	netv1 "k8s.io/api/networking/v1"
 	extv1beta1 "k8s.io/apiextensions-apiserver/pkg/apis/apiextensions/v1beta1"
+	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
+	"k8s.io/utils/pointer"
+	ctrl "sigs.k8s.io/controller-runtime"
 )
 
 var (
@@ -57,7 +57,6 @@ var (
 
 // VaultSpec defines the desired state of Vault
 type VaultSpec struct {
-
 	// Size defines the number of Vault instances in the cluster (>= 1 means HA)
 	// default: 1
 	Size int32 `json:"size,omitempty"`
@@ -377,11 +376,17 @@ func (spec *VaultSpec) GetHAStorageType() string {
 
 // GetVersion returns the version of Vault
 func (spec *VaultSpec) GetVersion() (*semver.Version, error) {
-	version := strings.Split(spec.Image, ":")
-	if len(version) != 2 {
-		return nil, errors.New("failed to find Vault version")
+	ref, err := reference.ParseAnyReference(spec.Image)
+	if err != nil {
+		return nil, fmt.Errorf("parsing image ref for Vault version: %w", err)
+	}
+
+	taggedRef, ok := ref.(reference.Tagged)
+	if !ok {
+		return nil, errors.New("Vault image ref does not have a tag")
 	}
-	return semver.NewVersion(version[1])
+
+	return semver.NewVersion(taggedRef.Tag())
 }
 
 // GetServiceAccount returns the Kubernetes Service Account to use for Vault
@@ -670,7 +675,6 @@ func (usc *UnsealConfig) ToArgs(vault *Vault) []string {
 	}
 
 	if usc.Google != nil {
-
 		args = append(args,
 			"--mode",
 			"google-cloud-kms-gcs",
@@ -685,18 +689,14 @@ func (usc *UnsealConfig) ToArgs(vault *Vault) []string {
 			"--google-cloud-storage-bucket",
 			usc.Google.StorageBucket,
 		)
-
 	} else if usc.Azure != nil {
-
 		args = append(args,
 			"--mode",
 			"azure-key-vault",
 			"--azure-key-vault-name",
 			usc.Azure.KeyVaultName,
 		)
-
 	} else if usc.AWS != nil {
-
 		args = append(args,
 			"--mode",
 			"aws-kms-s3",
@@ -715,9 +715,7 @@ func (usc *UnsealConfig) ToArgs(vault *Vault) []string {
 			"--aws-s3-sse-algo",
 			usc.AWS.S3SSE,
 		)
-
 	} else if usc.Alibaba != nil {
-
 		args = append(args,
 			"--mode",
 			"alibaba-kms-oss",
@@ -732,7 +730,6 @@ func (usc *UnsealConfig) ToArgs(vault *Vault) []string {
 			"--alibaba-oss-prefix",
 			usc.Alibaba.OSSPrefix,
 		)
-
 	} else if usc.Vault != nil {
 
 		args = append(args,

pkg/apis/vault/v1alpha1/vault_types_test.go

@@ -0,0 +1,66 @@
+// Copyright © 2023 Bank-Vaults Maintainers
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//     http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+package v1alpha1
+
+import (
+	"testing"
+
+	"github.com/stretchr/testify/require"
+)
+
+func TestGetVersion(t *testing.T) {
+	t.Run("Good", func(t *testing.T) {
+		tests := []string{
+			"hashicorp/vault:1.14.0",
+			"hashicorp/vault:1.14",
+			"my.local.proxy/hashicorp/vault:1.14.0",
+			"my.local.proxy:5000/hashicorp/vault:1.14.0",
+		}
+
+		for _, tt := range tests {
+			tt := tt
+
+			t.Run("", func(t *testing.T) {
+				vault := &VaultSpec{
+					Image: tt,
+				}
+
+				_, err := vault.GetVersion()
+				require.NoError(t, err)
+			})
+		}
+	})
+
+	t.Run("Bad", func(t *testing.T) {
+		tests := []string{
+			"hashicorp/vault",
+			"hashicorp/vault:latest",
+			"hashicorp/vault:my-custom-build",
+		}
+
+		for _, tt := range tests {
+			tt := tt
+
+			t.Run("", func(t *testing.T) {
+				vault := &VaultSpec{
+					Image: tt,
+				}
+
+				_, err := vault.GetVersion()
+				require.Error(t, err)
+			})
+		}
+	})
+}