Merge branch 'main' into remove/reflections

zarf-dev · Jun 21, 2024 · 3ef9786 · 3ef9786
2 parents 4328eb8 + 9f4fa9c
commit 3ef9786
Show file tree

Hide file tree

Showing 3 changed files with 21 additions and 16 deletions.
diff --git a/site/src/content/docs/contribute/nerd-notes.mdx b/site/src/content/docs/contribute/nerd-notes.mdx
@@ -10,7 +10,7 @@ Zarf is written entirely in [go](https://go.dev/), except for a single 868Kb bin
 
 - All workloads are installed in the cluster via the [Helm SDK](https://helm.sh/docs/topics/advanced/#go-sdk)
 - The OCI Registries used are both from [Docker](https://github.com/distribution/distribution)
-- Currently, the Registry and Git servers _are not HA_, see [#375](https://github.com/defenseunicorns/zarf/issues/376) and [#376](https://github.com/defenseunicorns/zarf/issues/376) for discussion on this
+- Currently, the Registry and Git servers _are not HA_, see [#375](https://github.com/defenseunicorns/zarf/issues/375) and [#376](https://github.com/defenseunicorns/zarf/issues/376) for discussion on this
 - To avoid TLS issues, Zarf binds to `127.0.0.1:31999` on each node as a [NodePort](https://kubernetes.io/docs/concepts/services-networking/service/#type-nodeport) to allow all nodes to access the pod(s) in the cluster
 - Zarf utilizes a [mutating admission webhook](https://kubernetes.io/docs/reference/access-authn-authz/admission-controllers/#mutatingadmissionwebhook) called the [`zarf-agent`](https://github.com/defenseunicorns/zarf/tree/main/src/internal/agent) to modify the image property within the `PodSpec`. The purpose is to redirect it to Zarf's configured registry instead of the the original registry (such as DockerHub, GCR, or Quay). Additionally, the webhook attaches the appropriate [ImagePullSecret](https://kubernetes.io/docs/concepts/containers/images/#specifying-imagepullsecrets-on-a-pod) for the seed registry to the pod. This configuration allows the pod to successfully retrieve the image from the seed registry, even when operating in an air-gapped environment.
 - Zarf uses a custom injector system to bootstrap a new cluster. See the PR [#329](https://github.com/defenseunicorns/zarf/pull/329) and [ADR](https://github.com/defenseunicorns/zarf/blob/main/adr/0003-image-injection-into-remote-clusters-without-native-support.md) for more details on how we came to this solution.  The general steps are listed below:

diff --git a/src/pkg/packager/sources/new_test.go b/src/pkg/packager/sources/new_test.go
@@ -135,18 +135,26 @@ func TestPackageSource(t *testing.T) {
 	t.Cleanup(func() { ts.Close() })
 
 	tests := []struct {
-		name   string
-		src    string
-		shasum string
+		name        string
+		src         string
+		shasum      string
+		expectedErr string
 	}{
 		{
-			name: "local",
-			src:  tarPath,
+			name:        "local",
+			src:         tarPath,
+			expectedErr: "",
 		},
 		{
-			name:   "http",
-			src:    fmt.Sprintf("%s/zarf-package-wordpress-amd64-16.0.4.tar.zst", ts.URL),
-			shasum: "835b06fc509e639497fb45f45d432e5c4cbd5d84212db5357b16bc69724b0e26",
+			name:        "http",
+			src:         fmt.Sprintf("%s/zarf-package-wordpress-amd64-16.0.4.tar.zst", ts.URL),
+			shasum:      "835b06fc509e639497fb45f45d432e5c4cbd5d84212db5357b16bc69724b0e26",
+			expectedErr: "",
+		},
+		{
+			name:        "http-insecure",
+			src:         fmt.Sprintf("%s/zarf-package-wordpress-amd64-16.0.4.tar.zst", ts.URL),
+			expectedErr: "remote package provided without a shasum, use --insecure to ignore, or provide one w/ --shasum",
 		},
 	}
 	for _, tt := range tests {
@@ -163,6 +171,10 @@ func TestPackageSource(t *testing.T) {
 			packageDir := t.TempDir()
 			pkgLayout := layout.New(packageDir)
 			pkg, warnings, err := ps.LoadPackage(context.Background(), pkgLayout, filters.Empty(), false)
+			if tt.expectedErr != "" {
+				require.EqualError(t, err, tt.expectedErr)
+				return
+			}
 			require.NoError(t, err)
 			require.Empty(t, warnings)
 			require.Equal(t, expectedPkg, pkg)

diff --git a/src/test/e2e/00_use_cli_test.go b/src/test/e2e/00_use_cli_test.go
@@ -104,13 +104,6 @@ func TestUseCLI(t *testing.T) {
 		require.Contains(t, stdErr, expectedOutString, "The log level should be changed to 'debug'")
 	})
 
-	t.Run("bad zarf package deploy w/o --insecure or --shasum", func(t *testing.T) {
-		t.Parallel()
-		// Test that `zarf package deploy` gives an error if deploying a remote package without the --insecure or --shasum flags
-		stdOut, stdErr, err := e2e.Zarf("package", "deploy", "https://zarf-examples.s3.amazonaws.com/zarf-package-appliance-demo-doom-20210125.tar.zst", "--confirm")
-		require.Error(t, err, stdOut, stdErr)
-	})
-
 	t.Run("zarf package to test bad remote images", func(t *testing.T) {
 		_, stdErr, err := e2e.Zarf("package", "create", "src/test/packages/00-remote-pull-fail", "--confirm")
 		// expecting zarf to have an error and output to stderr