chore: refactor and purify the OCI library within Zarf. (#2235)

## Description Move OCI lib out, so it can be more easily used with other projects and contributed to by multiple teams. Fixes: #2252 #2288 ## Type of change - [ ] Bug fix (non-breaking change which fixes an issue) - [ ] New feature (non-breaking change which adds functionality) - [X] Other (security config, docs update, etc) ## Checklist before merging - [ ] Test, docs, adr added or updated as needed - [ ] [Contributor Guide Steps](https://github.com/defenseunicorns/zarf/blob/main/CONTRIBUTING.md#developer-workflow) followed --------- Co-authored-by: razzle <harry@razzle.cloud> Co-authored-by: Lucas Rodriguez <lucas.rodriguez9616@gmail.com> Co-authored-by: Lucas Rodriguez <lucas.rodriguez@defenseunicorns.com> Co-authored-by: Wayne Starr <Racer159@users.noreply.github.com>
defenseunicorns · Mar 4, 2024 · bc7987c · bc7987c
1 parent c46123c
commit bc7987c
Show file tree

Hide file tree

Showing 57 changed files with 927 additions and 813 deletions.
diff --git a/src/cmd/initialize.go b/src/cmd/initialize.go
@@ -22,6 +22,7 @@ import (
 	"github.com/defenseunicorns/zarf/src/pkg/packager/sources"
 	"github.com/defenseunicorns/zarf/src/pkg/utils"
 	"github.com/defenseunicorns/zarf/src/pkg/utils/helpers"
+	"github.com/defenseunicorns/zarf/src/pkg/zoci"
 
 	"github.com/spf13/cobra"
 )
@@ -91,7 +92,7 @@ func findInitPackage(initPackageName string) (string, error) {
 
 	// Create the cache directory if it doesn't exist
 	if utils.InvalidPath(config.GetAbsCachePath()) {
-		if err := utils.CreateDirectory(config.GetAbsCachePath(), 0755); err != nil {
+		if err := utils.CreateDirectory(config.GetAbsCachePath(), helpers.ReadExecuteAllWriteUser); err != nil {
 			message.Fatalf(err, lang.CmdInitErrUnableCreateCache, config.GetAbsCachePath())
 		}
 	}
@@ -119,7 +120,7 @@ func downloadInitPackage(cacheDirectory string) (string, error) {
 	}
 
 	var confirmDownload bool
-	url := oci.GetInitPackageURL(config.CLIVersion)
+	url := zoci.GetInitPackageURL(config.CLIVersion)
 
 	// Give the user the choice to download the init-package and note that this does require an internet connection
 	message.Question(fmt.Sprintf(lang.CmdInitPullAsk, url))
@@ -138,11 +139,11 @@ func downloadInitPackage(cacheDirectory string) (string, error) {
 
 	// If the user wants to download the init-package, download it
 	if confirmDownload {
-		remote, err := oci.NewOrasRemote(url, oci.PlatformForArch(config.GetArch()))
+		remote, err := zoci.NewRemote(url, oci.PlatformForArch(config.GetArch()))
 		if err != nil {
 			return "", err
 		}
-		source := sources.OCISource{OrasRemote: remote}
+		source := &sources.OCISource{Remote: remote}
 		return source.Collect(cacheDirectory)
 	}
 	// Otherwise, exit and tell the user to manually download the init-package

diff --git a/src/cmd/tools/helm/repo_add.go b/src/cmd/tools/helm/repo_add.go
@@ -30,6 +30,7 @@ import (
 	"strings"
 	"time"
 
+	"github.com/defenseunicorns/zarf/src/pkg/utils/helpers"
 	"github.com/gofrs/flock"
 	"github.com/pkg/errors"
 	"github.com/spf13/cobra"
@@ -216,7 +217,7 @@ func (o *repoAddOptions) run(out io.Writer) error {
 
 	f.Update(&c)
 
-	if err := f.WriteFile(o.repoFile, 0600); err != nil {
+	if err := f.WriteFile(o.repoFile, helpers.ReadWriteUser); err != nil {
 		return err
 	}
 	fmt.Fprintf(out, "%q has been added to your repositories\n", o.name)

diff --git a/src/cmd/tools/helm/repo_index.go b/src/cmd/tools/helm/repo_index.go
@@ -26,6 +26,7 @@ import (
 	"os"
 	"path/filepath"
 
+	"github.com/defenseunicorns/zarf/src/pkg/utils/helpers"
 	"github.com/pkg/errors"
 	"github.com/spf13/cobra"
 
@@ -100,7 +101,7 @@ func index(dir, url, mergeTo string) error {
 		var i2 *repo.IndexFile
 		if _, err := os.Stat(mergeTo); os.IsNotExist(err) {
 			i2 = repo.NewIndexFile()
-			i2.WriteFile(mergeTo, 0644)
+			i2.WriteFile(mergeTo, helpers.ReadAllWriteUser)
 		} else {
 			i2, err = repo.LoadIndexFile(mergeTo)
 			if err != nil {
@@ -110,5 +111,5 @@ func index(dir, url, mergeTo string) error {
 		i.Merge(i2)
 	}
 	i.SortEntries()
-	return i.WriteFile(out, 0644)
+	return i.WriteFile(out, helpers.ReadAllWriteUser)
 }
diff --git a/src/cmd/tools/helm/repo_remove.go b/src/cmd/tools/helm/repo_remove.go
@@ -27,6 +27,7 @@ import (
 	"os"
 	"path/filepath"
 
+	"github.com/defenseunicorns/zarf/src/pkg/utils/helpers"
 	"github.com/pkg/errors"
 	"github.com/spf13/cobra"
 
@@ -72,7 +73,7 @@ func (o *repoRemoveOptions) run(out io.Writer) error {
 		if !r.Remove(name) {
 			return errors.Errorf("no repo named %q found", name)
 		}
-		if err := r.WriteFile(o.repoFile, 0600); err != nil {
+		if err := r.WriteFile(o.repoFile, helpers.ReadWriteUser); err != nil {
 			return err
 		}
 

diff --git a/src/cmd/tools/zarf.go b/src/cmd/tools/zarf.go
@@ -21,6 +21,8 @@ import (
 	"github.com/defenseunicorns/zarf/src/pkg/oci"
 	"github.com/defenseunicorns/zarf/src/pkg/packager/sources"
 	"github.com/defenseunicorns/zarf/src/pkg/pki"
+	"github.com/defenseunicorns/zarf/src/pkg/utils/helpers"
+	"github.com/defenseunicorns/zarf/src/pkg/zoci"
 	"github.com/defenseunicorns/zarf/src/types"
 	"github.com/sigstore/cosign/v2/pkg/cosign"
 	"github.com/spf13/cobra"
@@ -181,14 +183,14 @@ var downloadInitCmd = &cobra.Command{
 	Use:   "download-init",
 	Short: lang.CmdToolsDownloadInitShort,
 	Run: func(_ *cobra.Command, _ []string) {
-		url := oci.GetInitPackageURL(config.CLIVersion)
+		url := zoci.GetInitPackageURL(config.CLIVersion)
 
-		remote, err := oci.NewOrasRemote(url, oci.PlatformForArch(config.GetArch()))
+		remote, err := zoci.NewRemote(url, oci.PlatformForArch(config.GetArch()))
 		if err != nil {
 			message.Fatalf(err, lang.CmdToolsDownloadInitErr, err.Error())
 		}
 
-		source := &sources.OCISource{OrasRemote: remote}
+		source := &sources.OCISource{Remote: remote}
 
 		_, err = source.Collect(outputDirectory)
 		if err != nil {
@@ -204,13 +206,13 @@ var generatePKICmd = &cobra.Command{
 	Args:    cobra.ExactArgs(1),
 	Run: func(_ *cobra.Command, args []string) {
 		pki := pki.GeneratePKI(args[0], subAltNames...)
-		if err := os.WriteFile("tls.ca", pki.CA, 0644); err != nil {
+		if err := os.WriteFile("tls.ca", pki.CA, helpers.ReadAllWriteUser); err != nil {
 			message.Fatalf(err, lang.ErrWritingFile, "tls.ca", err.Error())
 		}
-		if err := os.WriteFile("tls.crt", pki.Cert, 0644); err != nil {
+		if err := os.WriteFile("tls.crt", pki.Cert, helpers.ReadAllWriteUser); err != nil {
 			message.Fatalf(err, lang.ErrWritingFile, "tls.crt", err.Error())
 		}
-		if err := os.WriteFile("tls.key", pki.Key, 0600); err != nil {
+		if err := os.WriteFile("tls.key", pki.Key, helpers.ReadWriteUser); err != nil {
 			message.Fatalf(err, lang.ErrWritingFile, "tls.key", err.Error())
 		}
 		message.Successf(lang.CmdToolsGenPkiSuccess, args[0])
@@ -278,10 +280,10 @@ var generateKeyCmd = &cobra.Command{
 		}
 
 		// Write the key file contents to disk
-		if err := os.WriteFile(prvKeyFileName, keyBytes.PrivateBytes, 0600); err != nil {
+		if err := os.WriteFile(prvKeyFileName, keyBytes.PrivateBytes, helpers.ReadWriteUser); err != nil {
 			message.Fatalf(err, lang.ErrWritingFile, prvKeyFileName, err.Error())
 		}
-		if err := os.WriteFile(pubKeyFileName, keyBytes.PublicBytes, 0644); err != nil {
+		if err := os.WriteFile(pubKeyFileName, keyBytes.PublicBytes, helpers.ReadAllWriteUser); err != nil {
 			message.Fatalf(err, lang.ErrWritingFile, pubKeyFileName, err.Error())
 		}
 

diff --git a/src/extensions/bigbang/bigbang.go b/src/extensions/bigbang/bigbang.go
@@ -465,7 +465,7 @@ func addBigBangManifests(YOLO bool, manifestDir string, cfg *extensions.BigBang)
 			return err
 		}
 
-		if err := utils.WriteFile(path, out); err != nil {
+		if err := os.WriteFile(path, out, helpers.ReadWriteUser); err != nil {
 			return err
 		}
 

diff --git a/src/extensions/bigbang/flux.go b/src/extensions/bigbang/flux.go
@@ -62,7 +62,7 @@ func getFlux(baseDir string, cfg *extensions.BigBang) (manifest types.ZarfManife
 		fluxKustomization.Patches = append(fluxKustomization.Patches, krustytypes.Patch{Path: absFluxPatchPath})
 	}
 
-	if err := utils.WriteYaml(kustomizePath, fluxKustomization, 0600); err != nil {
+	if err := utils.WriteYaml(kustomizePath, fluxKustomization, helpers.ReadWriteUser); err != nil {
 		return manifest, images, fmt.Errorf("unable to write kustomization: %w", err)
 	}
 

diff --git a/src/internal/packager/helm/post-render.go b/src/internal/packager/helm/post-render.go
@@ -15,6 +15,7 @@ import (
 	"github.com/defenseunicorns/zarf/src/internal/packager/template"
 	"github.com/defenseunicorns/zarf/src/pkg/message"
 	"github.com/defenseunicorns/zarf/src/pkg/utils"
+	"github.com/defenseunicorns/zarf/src/pkg/utils/helpers"
 	"github.com/defenseunicorns/zarf/src/types"
 	"helm.sh/helm/v3/pkg/action"
 	"helm.sh/helm/v3/pkg/releaseutil"
@@ -61,8 +62,7 @@ func (r *renderer) Run(renderedManifests *bytes.Buffer) (*bytes.Buffer, error) {
 	}
 	path := filepath.Join(tempDir, "chart.yaml")
 
-	// Write the context to a file for processing
-	if err := utils.WriteFile(path, renderedManifests.Bytes()); err != nil {
+	if err := os.WriteFile(path, renderedManifests.Bytes(), helpers.ReadWriteUser); err != nil {
 		return nil, fmt.Errorf("unable to write the post-render file for the helm chart")
 	}
 

diff --git a/src/internal/packager/helm/repo.go b/src/internal/packager/helm/repo.go
@@ -204,7 +204,7 @@ func (h *Helm) DownloadPublishedChart(cosignKeyPath string) error {
 
 	// Download the file into a temp directory since we don't control what name helm creates here
 	temp := filepath.Join(h.chartPath, "temp")
-	if err = utils.CreateDirectory(temp, 0700); err != nil {
+	if err = utils.CreateDirectory(temp, helpers.ReadWriteExecuteUser); err != nil {
 		return fmt.Errorf("unable to create helm chart temp directory: %w", err)
 	}
 	defer os.RemoveAll(temp)

diff --git a/src/internal/packager/images/pull.go b/src/internal/packager/images/pull.go
@@ -12,13 +12,13 @@ import (
 	"os"
 	"path/filepath"
 	"strings"
-	"sync"
 
 	"github.com/defenseunicorns/zarf/src/config"
 	"github.com/defenseunicorns/zarf/src/pkg/layout"
 	"github.com/defenseunicorns/zarf/src/pkg/message"
 	"github.com/defenseunicorns/zarf/src/pkg/transform"
 	"github.com/defenseunicorns/zarf/src/pkg/utils"
+	"github.com/defenseunicorns/zarf/src/pkg/utils/helpers"
 	"github.com/google/go-containerregistry/pkg/crane"
 	"github.com/google/go-containerregistry/pkg/logs"
 	"github.com/google/go-containerregistry/pkg/name"
@@ -67,7 +67,7 @@ func (i *ImageConfig) PullAll() ([]ImgInfo, error) {
 	logs.Warn.SetOutput(&message.DebugWriter{})
 	logs.Progress.SetOutput(&message.DebugWriter{})
 
-	metadataImageConcurrency := utils.NewConcurrencyTools[ImgInfo, error](len(i.ImageList))
+	metadataImageConcurrency := helpers.NewConcurrencyTools[ImgInfo, error](len(i.ImageList))
 
 	defer metadataImageConcurrency.Cancel()
 
@@ -123,7 +123,7 @@ func (i *ImageConfig) PullAll() ([]ImgInfo, error) {
 	}
 
 	// Create the ImagePath directory
-	if err := utils.CreateDirectory(i.ImagesPath, 0755); err != nil {
+	if err := utils.CreateDirectory(i.ImagesPath, helpers.ReadExecuteAllWriteUser); err != nil {
 		return nil, fmt.Errorf("failed to create image path %s: %w", i.ImagesPath, err)
 	}
 
@@ -178,16 +178,13 @@ func (i *ImageConfig) PullAll() ([]ImgInfo, error) {
 	spinner.Success()
 
 	// Create a thread to update a progress bar as we save the image files to disk
-	doneSaving := make(chan int)
-	errorSaving := make(chan int)
-	var progressBarWaitGroup sync.WaitGroup
-	progressBarWaitGroup.Add(1)
+	doneSaving := make(chan error)
 	updateText := fmt.Sprintf("Pulling %d images", imageCount)
-	go utils.RenderProgressBarForLocalDirWrite(i.ImagesPath, totalBytes, &progressBarWaitGroup, doneSaving, errorSaving, updateText, updateText)
+	go utils.RenderProgressBarForLocalDirWrite(i.ImagesPath, totalBytes, doneSaving, updateText, updateText)
 
 	// Spawn a goroutine for each layer to write it to disk using crane
 
-	layerWritingConcurrency := utils.NewConcurrencyTools[bool, error](len(processedLayers))
+	layerWritingConcurrency := helpers.NewConcurrencyTools[bool, error](len(processedLayers))
 
 	defer layerWritingConcurrency.Cancel()
 
@@ -318,8 +315,8 @@ func (i *ImageConfig) PullAll() ([]ImgInfo, error) {
 
 	onLayerWritingError := func(err error) error {
 		// Send a signal to the progress bar that we're done and wait for the thread to finish
-		errorSaving <- 1
-		progressBarWaitGroup.Wait()
+		doneSaving <- err
+		<-doneSaving
 		message.WarnErr(err, "Failed to write image layers, trying again up to 3 times...")
 		if strings.HasPrefix(err.Error(), "expected blob size") {
 			message.Warnf("Potential image cache corruption: %s - try clearing cache with \"zarf tools clear-cache\"", err.Error())
@@ -331,7 +328,7 @@ func (i *ImageConfig) PullAll() ([]ImgInfo, error) {
 		return nil, err
 	}
 
-	imageSavingConcurrency := utils.NewConcurrencyTools[digestInfo, error](len(refInfoToImage))
+	imageSavingConcurrency := helpers.NewConcurrencyTools[digestInfo, error](len(refInfoToImage))
 
 	defer imageSavingConcurrency.Cancel()
 
@@ -382,8 +379,8 @@ func (i *ImageConfig) PullAll() ([]ImgInfo, error) {
 
 	onImageSavingError := func(err error) error {
 		// Send a signal to the progress bar that we're done and wait for the thread to finish
-		errorSaving <- 1
-		progressBarWaitGroup.Wait()
+		doneSaving <- err
+		<-doneSaving
 		message.WarnErr(err, "Failed to write image config or manifest, trying again up to 3 times...")
 		return err
 	}
@@ -418,8 +415,8 @@ func (i *ImageConfig) PullAll() ([]ImgInfo, error) {
 	}
 
 	// Send a signal to the progress bar that we're done and wait for the thread to finish
-	doneSaving <- 1
-	progressBarWaitGroup.Wait()
+	doneSaving <- nil
+	<-doneSaving
 
 	return imgInfoList, nil
 }

diff --git a/src/internal/packager/images/push.go b/src/internal/packager/images/push.go
@@ -15,6 +15,7 @@ import (
 	"github.com/defenseunicorns/zarf/src/pkg/message"
 	"github.com/defenseunicorns/zarf/src/pkg/transform"
 	"github.com/defenseunicorns/zarf/src/pkg/utils"
+	"github.com/defenseunicorns/zarf/src/pkg/utils/helpers"
 	"github.com/google/go-containerregistry/pkg/crane"
 	"github.com/google/go-containerregistry/pkg/logs"
 	v1 "github.com/google/go-containerregistry/pkg/v1"
@@ -55,7 +56,7 @@ func (i *ImageConfig) PushToZarfRegistry() error {
 	httpTransport.ResponseHeaderTimeout = 10 * time.Second
 	progressBar := message.NewProgressBar(totalSize, fmt.Sprintf("Pushing %d images to the zarf registry", len(i.ImageList)))
 	defer progressBar.Stop()
-	craneTransport := utils.NewTransport(httpTransport, progressBar)
+	craneTransport := helpers.NewTransport(httpTransport, progressBar)
 
 	pushOptions := config.GetCraneOptions(i.Insecure, i.Architectures...)
 	pushOptions = append(pushOptions, config.GetCraneAuthOption(i.RegInfo.PushUsername, i.RegInfo.PushPassword))

diff --git a/src/internal/packager/kustomize/build.go b/src/internal/packager/kustomize/build.go
@@ -6,8 +6,9 @@ package kustomize
 
 import (
 	"fmt"
+	"os"
 
-	"github.com/defenseunicorns/zarf/src/pkg/utils"
+	"github.com/defenseunicorns/zarf/src/pkg/utils/helpers"
 	"sigs.k8s.io/kustomize/api/krusty"
 	krustytypes "sigs.k8s.io/kustomize/api/types"
 	"sigs.k8s.io/kustomize/kyaml/filesys"
@@ -39,5 +40,5 @@ func Build(path string, destination string, kustomizeAllowAnyDirectory bool) err
 		return fmt.Errorf("problem converting kustomization to yaml: %w", err)
 	}
 
-	return utils.WriteFile(destination, yaml)
+	return os.WriteFile(destination, yaml, helpers.ReadWriteUser)
 }
diff --git a/src/internal/packager/sbom/catalog.go b/src/internal/packager/sbom/catalog.go
@@ -28,6 +28,7 @@ import (
 	"github.com/defenseunicorns/zarf/src/pkg/message"
 	"github.com/defenseunicorns/zarf/src/pkg/transform"
 	"github.com/defenseunicorns/zarf/src/pkg/utils"
+	"github.com/defenseunicorns/zarf/src/pkg/utils/helpers"
 	v1 "github.com/google/go-containerregistry/pkg/v1"
 )
 
@@ -59,7 +60,7 @@ func Catalog(componentSBOMs map[string]*layout.ComponentSBOM, imageList []transf
 	defer builder.spinner.Stop()
 
 	// Ensure the sbom directory exists
-	_ = utils.CreateDirectory(builder.outputDir, 0700)
+	_ = utils.CreateDirectory(builder.outputDir, helpers.ReadWriteExecuteUser)
 
 	// Generate a list of images and files for the sbom viewer
 	json, err := builder.generateJSONList(componentSBOMs, imageList)
@@ -151,7 +152,7 @@ func (b *Builder) createImageSBOM(img v1.Image, src string) ([]byte, error) {
 	imageCachePath := filepath.Join(b.cachePath, layout.ImagesDir)
 
 	// Ensure the image cache directory exists.
-	if err := utils.CreateDirectory(imageCachePath, 0700); err != nil {
+	if err := utils.CreateDirectory(imageCachePath, helpers.ReadWriteExecuteUser); err != nil {
 		return nil, err
 	}
 

diff --git a/src/internal/packager/sbom/tools.go b/src/internal/packager/sbom/tools.go
@@ -13,6 +13,7 @@ import (
 	"github.com/defenseunicorns/zarf/src/pkg/message"
 	"github.com/defenseunicorns/zarf/src/pkg/utils"
 	"github.com/defenseunicorns/zarf/src/pkg/utils/exec"
+	"github.com/defenseunicorns/zarf/src/pkg/utils/helpers"
 	"github.com/defenseunicorns/zarf/src/types"
 )
 
@@ -49,7 +50,7 @@ func OutputSBOMFiles(sourceDir, outputDir, packageName string) (string, error) {
 		return "", err
 	}
 
-	if err := utils.CreateDirectory(packagePath, 0700); err != nil {
+	if err := utils.CreateDirectory(packagePath, helpers.ReadWriteExecuteUser); err != nil {
 		return "", err
 	}
 

diff --git a/src/pkg/cluster/data.go b/src/pkg/cluster/data.go
@@ -18,6 +18,7 @@ import (
 	"github.com/defenseunicorns/zarf/src/pkg/message"
 	"github.com/defenseunicorns/zarf/src/pkg/utils"
 	"github.com/defenseunicorns/zarf/src/pkg/utils/exec"
+	"github.com/defenseunicorns/zarf/src/pkg/utils/helpers"
 	"github.com/defenseunicorns/zarf/src/types"
 	corev1 "k8s.io/api/core/v1"
 )
@@ -28,7 +29,7 @@ func (c *Cluster) HandleDataInjection(wg *sync.WaitGroup, data types.ZarfDataInj
 	defer wg.Done()
 
 	injectionCompletionMarker := filepath.Join(componentPath.DataInjections, config.GetDataInjectionMarker())
-	if err := utils.WriteFile(injectionCompletionMarker, []byte("🦄")); err != nil {
+	if err := os.WriteFile(injectionCompletionMarker, []byte("🦄"), helpers.ReadWriteUser); err != nil {
 		message.WarnErrf(err, "Unable to create the data injection completion marker")
 		return
 	}