mirror of
https://github.com/kubernetes-sigs/kustomize.git
synced 2026-06-29 01:30:51 +00:00
9f89960cf2
* fix: match image digests with any algorithm, not only sha256 IsImageMatched hard-coded '@sha256:' in its regex, while Split accepts any digest algorithm. An image pinned with a non-sha256 digest (e.g. nginx@sha512:...) was not matched, so the ImageTagTransformer silently left it unchanged and the user's images: override was ignored. Generalize the digest algorithm in the regex to match what Split accepts. Signed-off-by: Seonghyun Hong <s3onghyun.hong@gmail.com> * Address review: match OCI digest grammar and test spec example algorithms Broaden the digest-algorithm match to the OCI grammar (algorithm components separated by +._-), so multihash+base58 and other registered/unregistered algorithms match, not just [a-zA-Z][a-zA-Z0-9]*. Add test cases using the descriptor example algorithms: a full-length sha512 digest and multihash+base58. Signed-off-by: Seonghyun Hong <s3onghyun.hong@gmail.com> --------- Signed-off-by: Seonghyun Hong <s3onghyun.hong@gmail.com>
74 lines
2.2 KiB
Go
74 lines
2.2 KiB
Go
// Copyright 2020 The Kubernetes Authors.
|
|
// SPDX-License-Identifier: Apache-2.0
|
|
|
|
package image
|
|
|
|
import (
|
|
"regexp"
|
|
"strings"
|
|
)
|
|
|
|
// IsImageMatched returns true if the value of t is identical to the
|
|
// image name in the full image name and tag as given by s.
|
|
func IsImageMatched(s, t string) bool {
|
|
// Tag values are limited to [a-zA-Z0-9_.{}-].
|
|
// Some tools like Bazel rules_k8s allow tag patterns with {} characters.
|
|
// More info: https://github.com/bazelbuild/rules_k8s/pull/423
|
|
//
|
|
// The digest algorithm is matched following the OCI grammar
|
|
// (algorithm-component separated by one of [+._-], e.g. sha256, sha512,
|
|
// multihash+base58) rather than hard-coded to sha256, so that references
|
|
// using any OCI-valid digest algorithm match consistently with Split,
|
|
// which accepts any algorithm.
|
|
// See https://github.com/opencontainers/image-spec/blob/main/descriptor.md#digests
|
|
pattern, _ := regexp.Compile("^" + t + "(:[a-zA-Z0-9_.{}-]*)?(@[a-zA-Z0-9]+([.+_-][a-zA-Z0-9]+)*:[a-zA-Z0-9_.{}-]*)?$")
|
|
return pattern.MatchString(s)
|
|
}
|
|
|
|
// Split separates and returns the name and tag parts
|
|
// from the image string using either colon `:` or at `@` separators.
|
|
// image reference pattern: [[host[:port]/]component/]component[:tag][@digest]
|
|
func Split(imageName string) (name string, tag string, digest string) {
|
|
// check if image name contains a domain
|
|
// if domain is present, ignore domain and check for `:`
|
|
searchName := imageName
|
|
slashIndex := strings.Index(imageName, "/")
|
|
if slashIndex > 0 {
|
|
searchName = imageName[slashIndex:]
|
|
} else {
|
|
slashIndex = 0
|
|
}
|
|
|
|
id := strings.Index(searchName, "@")
|
|
ic := strings.Index(searchName, ":")
|
|
|
|
// no tag or digest
|
|
if ic < 0 && id < 0 {
|
|
return imageName, "", ""
|
|
}
|
|
|
|
// digest only
|
|
if id >= 0 && (id < ic || ic < 0) {
|
|
id += slashIndex
|
|
name = imageName[:id]
|
|
digest = strings.TrimPrefix(imageName[id:], "@")
|
|
return name, "", digest
|
|
}
|
|
|
|
// tag and digest
|
|
if id >= 0 && ic >= 0 {
|
|
id += slashIndex
|
|
ic += slashIndex
|
|
name = imageName[:ic]
|
|
tag = strings.TrimPrefix(imageName[ic:id], ":")
|
|
digest = strings.TrimPrefix(imageName[id:], "@")
|
|
return name, tag, digest
|
|
}
|
|
|
|
// tag only
|
|
ic += slashIndex
|
|
name = imageName[:ic]
|
|
tag = strings.TrimPrefix(imageName[ic:], ":")
|
|
return name, tag, ""
|
|
}
|