From abd4855b3e081a5742e8032e48ad25254b8e1bcd Mon Sep 17 00:00:00 2001 From: Joel McCoy Date: Thu, 20 Jun 2024 11:24:51 -0500 Subject: [PATCH 1/2] docs: fixed wrong link in zarf site nerd notes page (#2639) ## Description Link in nerd notes points to the wrong issue. 375 currently points to 376. Fixed it so it points to the right issue that has the discussion mentioned in the bullet. ... ## Checklist before merging - [x] Test, docs, adr added or updated as needed - [x] [Contributor Guide Steps](https://github.com/defenseunicorns/zarf/blob/main/.github/CONTRIBUTING.md#developer-workflow) followed --- site/src/content/docs/contribute/nerd-notes.mdx | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/site/src/content/docs/contribute/nerd-notes.mdx b/site/src/content/docs/contribute/nerd-notes.mdx index d7fd44d15c..6264dd5266 100644 --- a/site/src/content/docs/contribute/nerd-notes.mdx +++ b/site/src/content/docs/contribute/nerd-notes.mdx @@ -10,7 +10,7 @@ Zarf is written entirely in [go](https://go.dev/), except for a single 868Kb bin - All workloads are installed in the cluster via the [Helm SDK](https://helm.sh/docs/topics/advanced/#go-sdk) - The OCI Registries used are both from [Docker](https://github.com/distribution/distribution) -- Currently, the Registry and Git servers _are not HA_, see [#375](https://github.com/defenseunicorns/zarf/issues/376) and [#376](https://github.com/defenseunicorns/zarf/issues/376) for discussion on this +- Currently, the Registry and Git servers _are not HA_, see [#375](https://github.com/defenseunicorns/zarf/issues/375) and [#376](https://github.com/defenseunicorns/zarf/issues/376) for discussion on this - To avoid TLS issues, Zarf binds to `127.0.0.1:31999` on each node as a [NodePort](https://kubernetes.io/docs/concepts/services-networking/service/#type-nodeport) to allow all nodes to access the pod(s) in the cluster - Zarf utilizes a [mutating admission webhook](https://kubernetes.io/docs/reference/access-authn-authz/admission-controllers/#mutatingadmissionwebhook) called the [`zarf-agent`](https://github.com/defenseunicorns/zarf/tree/main/src/internal/agent) to modify the image property within the `PodSpec`. The purpose is to redirect it to Zarf's configured registry instead of the the original registry (such as DockerHub, GCR, or Quay). Additionally, the webhook attaches the appropriate [ImagePullSecret](https://kubernetes.io/docs/concepts/containers/images/#specifying-imagepullsecrets-on-a-pod) for the seed registry to the pod. This configuration allows the pod to successfully retrieve the image from the seed registry, even when operating in an air-gapped environment. - Zarf uses a custom injector system to bootstrap a new cluster. See the PR [#329](https://github.com/defenseunicorns/zarf/pull/329) and [ADR](https://github.com/defenseunicorns/zarf/blob/main/adr/0003-image-injection-into-remote-clusters-without-native-support.md) for more details on how we came to this solution. The general steps are listed below: From 9f4fa9cd630c8537e443bb3e9632c7960ff1ab87 Mon Sep 17 00:00:00 2001 From: Austin Abro <37223396+AustinAbro321@users.noreply.github.com> Date: Fri, 21 Jun 2024 07:35:50 -0400 Subject: [PATCH 2/2] chore: s3 cleanup (#2632) ## Description removes one dependency on s3 and cleanups up an example ## Checklist before merging - [ ] Test, docs, adr added or updated as needed - [ ] [Contributor Guide Steps](https://github.com/defenseunicorns/zarf/blob/main/.github/CONTRIBUTING.md#developer-workflow) followed --- src/pkg/packager/sources/new_test.go | 28 ++++++++++++++++++++-------- src/test/e2e/00_use_cli_test.go | 7 ------- 2 files changed, 20 insertions(+), 15 deletions(-) diff --git a/src/pkg/packager/sources/new_test.go b/src/pkg/packager/sources/new_test.go index d8d9c8ecd3..9c7629ba42 100644 --- a/src/pkg/packager/sources/new_test.go +++ b/src/pkg/packager/sources/new_test.go @@ -135,18 +135,26 @@ func TestPackageSource(t *testing.T) { t.Cleanup(func() { ts.Close() }) tests := []struct { - name string - src string - shasum string + name string + src string + shasum string + expectedErr string }{ { - name: "local", - src: tarPath, + name: "local", + src: tarPath, + expectedErr: "", }, { - name: "http", - src: fmt.Sprintf("%s/zarf-package-wordpress-amd64-16.0.4.tar.zst", ts.URL), - shasum: "835b06fc509e639497fb45f45d432e5c4cbd5d84212db5357b16bc69724b0e26", + name: "http", + src: fmt.Sprintf("%s/zarf-package-wordpress-amd64-16.0.4.tar.zst", ts.URL), + shasum: "835b06fc509e639497fb45f45d432e5c4cbd5d84212db5357b16bc69724b0e26", + expectedErr: "", + }, + { + name: "http-insecure", + src: fmt.Sprintf("%s/zarf-package-wordpress-amd64-16.0.4.tar.zst", ts.URL), + expectedErr: "remote package provided without a shasum, use --insecure to ignore, or provide one w/ --shasum", }, } for _, tt := range tests { @@ -163,6 +171,10 @@ func TestPackageSource(t *testing.T) { packageDir := t.TempDir() pkgLayout := layout.New(packageDir) pkg, warnings, err := ps.LoadPackage(context.Background(), pkgLayout, filters.Empty(), false) + if tt.expectedErr != "" { + require.EqualError(t, err, tt.expectedErr) + return + } require.NoError(t, err) require.Empty(t, warnings) require.Equal(t, expectedPkg, pkg) diff --git a/src/test/e2e/00_use_cli_test.go b/src/test/e2e/00_use_cli_test.go index c59fdf9d55..be3afb6b4f 100644 --- a/src/test/e2e/00_use_cli_test.go +++ b/src/test/e2e/00_use_cli_test.go @@ -104,13 +104,6 @@ func TestUseCLI(t *testing.T) { require.Contains(t, stdErr, expectedOutString, "The log level should be changed to 'debug'") }) - t.Run("bad zarf package deploy w/o --insecure or --shasum", func(t *testing.T) { - t.Parallel() - // Test that `zarf package deploy` gives an error if deploying a remote package without the --insecure or --shasum flags - stdOut, stdErr, err := e2e.Zarf("package", "deploy", "https://zarf-examples.s3.amazonaws.com/zarf-package-appliance-demo-doom-20210125.tar.zst", "--confirm") - require.Error(t, err, stdOut, stdErr) - }) - t.Run("zarf package to test bad remote images", func(t *testing.T) { _, stdErr, err := e2e.Zarf("package", "create", "src/test/packages/00-remote-pull-fail", "--confirm") // expecting zarf to have an error and output to stderr