feat: global registry support (#2448)

Author: danielorihuela

agent-control/agent-type-registry/newrelic/com.newrelic.infrastructure-0.1.0.yaml

@@ -29,14 +29,6 @@ variables:
       required: false
       default: 18003
     oci:
-      registry:
-        description: "Package registry url"
-        type: string
-        required: false
-        default: docker.io
-        variants:
-          ac_config_field: "oci_registry_urls"
-          values: [ "docker.io" ]
       repository:
         description: "Package repository name"
         type: string
@@ -81,14 +73,6 @@ variables:
       required: false
       default: 18003
     oci:
-      registry:
-        description: "Package registry url"
-        type: string
-        required: false
-        default: docker.io
-        variants:
-          ac_config_field: "oci_registry_urls"
-          values: [ "docker.io" ]
       repository:
         description: "Package repository name"
         type: string
@@ -182,7 +166,6 @@ deployment:
       infra-agent:
         download:
           oci:
-            registry: ${nr-var:oci.registry}
             repository: ${nr-var:oci.repository}
             version: ${nr-var:version}
             public_key_url: https://publickeys.newrelic.com/g/agent-control-oci/global/nrinfraagent/jwks.json
@@ -252,7 +235,6 @@ deployment:
       infra-agent:
         download:
           oci:
-            registry: ${nr-var:oci.registry}
             repository: ${nr-var:oci.repository}
             version: ${nr-var:version}
             public_key_url: https://publickeys.newrelic.com/g/agent-control-oci/global/nrinfraagent/jwks.json

agent-control/agent-type-registry/newrelic/com.newrelic.opentelemetry.collector-0.1.0.yaml

@@ -33,14 +33,6 @@ variables:
         required: false
         default: 13133
     oci:
-      registry:
-        description: "Package registry url"
-        type: string
-        required: false
-        default: docker.io
-        variants:
-          ac_config_field: "oci_nrdot_registry_urls"
-          values: [ "docker.io" ]
       repository:
         description: "Package repository name"
         type: string
@@ -79,14 +71,6 @@ variables:
         required: false
         default: 13133
     oci:
-      registry:
-        description: "Package registry url"
-        type: string
-        required: false
-        default: docker.io
-        variants:
-          ac_config_field: "oci_nrdot_registry_repositories"
-          values: [ "docker.io" ]
       repository:
         description: "Package repository name"
         type: string
@@ -153,7 +137,6 @@ deployment:
       nrdot:
         download:
           oci:
-            registry: ${nr-var:oci.registry}
             repository: ${nr-var:oci.repository}
             version: ${nr-var:version}
             public_key_url: https://publickeys.newrelic.com/g/agent-control-oci/global/nrdot/jwks.json
@@ -186,7 +169,6 @@ deployment:
       nrdot:
         download:
           oci:
-            registry: ${nr-var:oci.registry}
             repository: ${nr-var:oci.repository}
             version: ${nr-var:version}
             public_key_url: https://publickeys.newrelic.com/g/agent-control-oci/global/nrdot/jwks.json

agent-control/src/agent_control/config.rs

@@ -76,6 +76,10 @@ pub struct AgentControlConfig {
     /// Contains configuration for on-host self-update mechanism
     #[serde(default)]
     pub self_update: SelfUpdateConfig,
+
+    /// Oci configuration (used for AC and agents packages)
+    #[serde(default)]
+    pub oci: OciConfig,
 }
 
 #[derive(Debug, Default, Deserialize, PartialEq, Clone)]
@@ -94,6 +98,48 @@ pub struct PackagesConfig {
     pub signature_verification_enabled: SignatureVerificationEnabled,
 }
 
+#[derive(Debug, Deserialize, Serialize, Clone, PartialEq)]
+pub struct OciConfig {
+    #[serde(default = "OciConfig::default_registry")]
+    pub registry: String,
+    #[serde(default)]
+    pub auth: OciAuth,
+}
+
+impl Default for OciConfig {
+    fn default() -> Self {
+        OciConfig {
+            registry: Self::default_registry(),
+            auth: OciAuth::default(),
+        }
+    }
+}
+
+impl OciConfig {
+    fn default_registry() -> String {
+        "docker.io".to_string()
+    }
+}
+
+#[derive(Debug, Deserialize, Serialize, Default, Clone, PartialEq)]
+pub struct OciAuth {
+    #[serde(default)]
+    pub basic: BasicAuth,
+    #[serde(default)]
+    pub bearer: BearerAuth,
+}
+
+#[derive(Debug, Deserialize, Serialize, Default, Clone, PartialEq)]
+pub struct BasicAuth {
+    pub username: String,
+    pub password: String,
+}
+
+#[derive(Debug, Deserialize, Serialize, Default, Clone, PartialEq)]
+pub struct BearerAuth {
+    pub token: String,
+}
+
 const DEFAULT_SIGNATURE_VERIFICATION_ENABLED: bool = true;
 #[derive(Debug, Deserialize, Clone, Copy, PartialEq, WrapperWithDefault)]
 #[wrapper_default_value(DEFAULT_SIGNATURE_VERIFICATION_ENABLED)]
@@ -1041,6 +1087,31 @@ k8s:
         assert_matches!(result, Err(AgentControlConfigError(_)));
     }
 
+    #[test]
+    fn test_deserialize_oci_config() {
+        let config_input = r#"agents: {}"#;
+        let config = serde_yaml::from_str::<AgentControlConfig>(config_input).unwrap();
+        assert_eq!("docker.io".to_string(), config.oci.registry);
+
+        let config_input = r#"
+agents: {}
+oci:
+  auth:
+    bearer:
+      token: "token"
+"#;
+        let config = serde_yaml::from_str::<AgentControlConfig>(config_input).unwrap();
+        assert_eq!("docker.io".to_string(), config.oci.registry);
+
+        let config_input = r#"
+agents: {}
+oci:
+  registry: "custom-registry.io"
+"#;
+        let config = serde_yaml::from_str::<AgentControlConfig>(config_input).unwrap();
+        assert_eq!("custom-registry.io".to_string(), config.oci.registry);
+    }
+
     ////////////////////////////////////////////////////////////////////////////////////
     // Test helpers
     ////////////////////////////////////////////////////////////////////////////////////

agent-control/src/agent_control/run/on_host.rs

@@ -175,6 +175,7 @@ impl AgentControlRunner {
         let agents_package_manager = OCIPackageManager::new(
             OCIArtifactDownloader::new(
                 oci_client.clone(),
+                self.bootstrap_config.oci.registry.clone(),
                 agent_control_config
                     .agent_packages
                     .signature_verification_enabled
@@ -225,6 +226,7 @@ impl AgentControlRunner {
         let agent_control_package_manager = OCIPackageManager::new(
             OCIArtifactDownloader::new(
                 oci_client.clone(),
+                self.bootstrap_config.oci.registry.clone(),
                 agent_control_config
                     .self_update
                     .signature_verification_enabled

agent-control/src/agent_type/runtime_config/on_host.rs

@@ -160,7 +160,6 @@ mod tests {
         let pkg = Package {
             download: Download {
                 oci: Oci {
-                    registry: TemplateableValue::from_template("${nr-var:registry}".to_string()),
                     repository: TemplateableValue::from_template(
                         "${nr-var:repository}".to_string(),
                     ),
@@ -191,7 +190,6 @@ packages:
   my-pkg:
     download:
       oci:
-        registry: my.registry
         repository: my/repo
         version: latest
 "#;
@@ -221,7 +219,7 @@ packages:
                 .join("agent-id")
                 .join("stored_packages")
                 .join("my-pkg")
-                .join("oci_my_registry__my__repo_latest")
+                .join("oci_base_io__my__repo_latest")
                 .to_string_lossy()
                 .to_string(),
         );

agent-control/src/agent_type/runtime_config/on_host/package.rs

@@ -26,8 +26,6 @@ pub struct Download {
 
 #[derive(Debug, Deserialize, Default, Clone, PartialEq)]
 pub struct Oci {
-    /// OCI registry url.
-    pub registry: TemplateableValue<String>,
     /// Repository name.
     pub repository: TemplateableValue<String>,
     /// Package version including tag, digest or tag + digest.
@@ -58,7 +56,7 @@ impl Templateable for Download {
 impl Templateable for Oci {
     type Output = rendered::Oci;
     fn template_with(self, variables: &Variables) -> Result<Self::Output, AgentTypeError> {
-        let registry = self.registry.template_with(variables)?;
+        let registry = "base.io";
         let repository = self.repository.template_with(variables)?;
         let mut version = self.version.template_with(variables)?;
 
@@ -132,10 +130,6 @@ mod tests {
         };
 
         let mut variables = Variables::new();
-        variables.insert(
-            "nr-var:registry".to_string(),
-            Variable::new_final_string_variable("registry.com".to_string()),
-        );
         variables.insert(
             "nr-var:repository".to_string(),
             Variable::new_final_string_variable("repo".to_string()),
@@ -152,7 +146,6 @@ mod tests {
         }
 
         let oci = Oci {
-            registry: TemplateableValue::from_template("${nr-var:registry}".to_string()),
             repository: TemplateableValue::from_template("${nr-var:repository}".to_string()),
             version: TemplateableValue::from_template("${nr-var:version}".to_string()),
             public_key_url: public_key_url
@@ -163,7 +156,7 @@ mod tests {
         let rendered_oci = oci.template_with(&variables);
         let rendered_oci = rendered_oci.unwrap();
 
-        assert_eq!(rendered_oci.reference.registry(), "registry.com");
+        assert_eq!(rendered_oci.reference.registry(), "base.io");
         assert_eq!(rendered_oci.reference.repository(), "repo");
         assert_eq!(rendered_oci.reference.tag(), expected_tag);
         assert_eq!(rendered_oci.reference.digest(), expected_digest);

agent-control/src/oci.rs

@@ -359,6 +359,14 @@ pub mod tests {
             self
         }
 
+        pub fn registry(&self) -> String {
+            self.server
+                .as_ref()
+                .expect("Call build() first")
+                .address()
+                .to_string()
+        }
+
         pub fn reference(&self) -> Reference {
             self.reference_on_server(self.server.as_ref().expect("Call build() first"))
         }