From 2c6aaec9024f418233cf0277da26c4054f199774 Mon Sep 17 00:00:00 2001 From: Luiz Carvalho Date: Thu, 19 Sep 2024 12:54:39 -0400 Subject: [PATCH] Exclude non-OCI refs from list of OLM image refs Ref: EC-874 Signed-off-by: Luiz Carvalho --- policy/lib/image.rego | 2 ++ policy/lib/image_test.rego | 3 +++ policy/release/olm.rego | 1 + policy/release/olm_test.rego | 1 + 4 files changed, 7 insertions(+) diff --git a/policy/lib/image.rego b/policy/lib/image.rego index 3e1ee0da..e2a5ad09 100644 --- a/policy/lib/image.rego +++ b/policy/lib/image.rego @@ -23,6 +23,8 @@ parse(ref) := d if { ), ) + not contains(repo, "://") + d := { "digest": digest, "repo": repo, diff --git a/policy/lib/image_test.rego b/policy/lib/image_test.rego index f98886b8..476ea717 100644 --- a/policy/lib/image_test.rego +++ b/policy/lib/image_test.rego @@ -9,6 +9,7 @@ import data.lib.image test_parse if { repository := "registry.com/re/po" repository_with_port := "registry.com:8443/re/po" + bad_repository := "http://not-a-registry.com" tag := "latest" digest := "sha256:01ba4719c80b6fe911b091a7c05124b64eeece964e09c058ef8f9805daca546b" @@ -41,6 +42,8 @@ test_parse if { image.parse(concat("", [repository_with_port, ":", tag])), {"repo": repository_with_port, "tag": tag, "digest": ""}, ) + + not image.parse(concat("", [bad_repository, ":", tag, "@", digest])) } test_equal if { diff --git a/policy/release/olm.rego b/policy/release/olm.rego index f56adb8e..8cb062e8 100644 --- a/policy/release/olm.rego +++ b/policy/release/olm.rego @@ -348,6 +348,7 @@ all_image_ref(manifest) := [e | ], ] some i in imgs + e := {"ref": i.ref, "path": i.path} ] diff --git a/policy/release/olm_test.rego b/policy/release/olm_test.rego index 02b7f464..8d9b12c2 100644 --- a/policy/release/olm_test.rego +++ b/policy/release/olm_test.rego @@ -48,6 +48,7 @@ manifest := { "features.operators.openshift.io/token-auth-azure": "false", "features.operators.openshift.io/token-auth-gcp": "false", "operators.openshift.io/valid-subscription": `["spam"]`, + "alm-examples": `"endpoint": "http://example:4317" spam`, }}, "spec": { "version": "0.1.3",