Skip to content

Commit

Permalink
return a failure instead of an error if no pinned images are found
Browse files Browse the repository at this point in the history
Signed-off-by: Jose R. Gonzalez <komish@flutes.dev>
  • Loading branch information
komish authored and bcrochet committed Sep 25, 2024
1 parent d83c04f commit 755831a
Show file tree
Hide file tree
Showing 2 changed files with 13 additions and 7 deletions.
8 changes: 7 additions & 1 deletion internal/policy/operator/certified_images.go
Original file line number Diff line number Diff line change
Expand Up @@ -76,6 +76,11 @@ func (p *certifiedImagesCheck) dataToValidate(ctx context.Context, imagePath str
func (p *certifiedImagesCheck) validate(ctx context.Context, imageDigests []string) (bool, error) {
logger := logr.FromContextOrDiscard(ctx)

if len(imageDigests) == 0 {
logger.Info("warning: pinned images are expected but none were discovered")
return false, nil
}

pyxisImages, err := p.imageFinder.FindImagesByDigest(ctx, imageDigests)
if err != nil {
return false, err
Expand All @@ -99,7 +104,8 @@ func (p *certifiedImagesCheck) validate(ctx context.Context, imageDigests []stri
p.nonCertifiedImages = append(p.nonCertifiedImages, fullImg)
}
}
return true, nil

return len(p.nonCertifiedImages) == 0, nil
}

func (p *certifiedImagesCheck) Name() string {
Expand Down
12 changes: 6 additions & 6 deletions internal/policy/operator/certified_images_test.go
Original file line number Diff line number Diff line change
Expand Up @@ -143,23 +143,23 @@ spec:
AfterEach(func() {
certifiedImagesCheck.imageFinder = &certifiedImageFinder{}
})
It("should still succeed", func() {
It("should fail", func() {
certifiedImagesCheck.imageFinder = &uncertifiedImageFinder{}
result, err := certifiedImagesCheck.Validate(context.TODO(), imageRef)
Expect(err).ToNot(HaveOccurred())
Expect(result).To(BeTrue())
Expect(result).To(BeFalse())
Expect(certifiedImagesCheck.nonCertifiedImages).To(HaveLen(1))
})
})
When("an image in the CSV is not in Pyxis", func() {
AfterEach(func() {
certifiedImagesCheck.imageFinder = &certifiedImageFinder{}
})
It("should still succeed", func() {
It("should fail", func() {
certifiedImagesCheck.imageFinder = &missingImageFinder{}
result, err := certifiedImagesCheck.Validate(context.TODO(), imageRef)
Expect(err).ToNot(HaveOccurred())
Expect(result).To(BeTrue())
Expect(result).To(BeFalse())
Expect(certifiedImagesCheck.nonCertifiedImages).To(HaveLen(1))
})
})
Expand All @@ -184,7 +184,7 @@ spec:
})
})
When("the images in the CSV aren't pinned", func() {
It("should succeed, but mark the image as non-certified", func() {
It("should fail", func() {
csvContents := `kind: ClusterServiceVersion
apiVersion: operators.coreos.com/v1alpha1
spec:
Expand All @@ -200,7 +200,7 @@ spec:
Expect(os.WriteFile(filepath.Join(imageRef.ImageFSPath, manifestsDir, clusterServiceVersionFilename), []byte(csvContents), 0o644)).To(Succeed())
result, err := certifiedImagesCheck.Validate(context.TODO(), imageRef)
Expect(err).ToNot(HaveOccurred())
Expect(result).To(BeTrue())
Expect(result).To(BeFalse())
Expect(certifiedImagesCheck.nonCertifiedImages).To(HaveLen(1))
})
})
Expand Down

0 comments on commit 755831a

Please sign in to comment.