[v1.22.x] enable --skip-tls-verify and --use-http for FBC run bundle and upgrade (#5953)

* modified run bundle install and upgrade flow for FBC that will honor --skip-tls-verify and --use-http flags

Signed-off-by: laxmikantbpandhare <[email protected]>

* added changelog

Signed-off-by: laxmikantbpandhare <[email protected]>

* handeled error properly

Signed-off-by: laxmikantbpandhare <[email protected]>

* removed comments

Signed-off-by: laxmikantbpandhare <[email protected]>

* removed duplicated code and worked on review comments

Signed-off-by: laxmikantbpandhare <[email protected]>

* added these two flags to FBCContext

Signed-off-by: laxmikantbpandhare <[email protected]>

* added these two flags to FBCContext

Signed-off-by: laxmikantbpandhare <[email protected]>

* worked on review comments

Signed-off-by: laxmikantbpandhare <[email protected]>

* added flags for FBC registry

Signed-off-by: laxmikantbpandhare <[email protected]>

* reverted changes

Signed-off-by: laxmikantbpandhare <[email protected]>

Co-authored-by: laxmikantbpandhare <[email protected]>

Author: openshift-cherrypick-robot

changelog/fragments/skiptls-usehttp-fbc.yaml

@@ -0,0 +1,17 @@
+# entries is a list of entries to include in
+# release notes and/or the migration guide
+entries:
+  - description: >
+      Honor `--skip-tls-verify` and `--use-http` flags from run bundle(-upgrade)
+      
+    # kind is one of:
+    # - addition
+    # - change
+    # - deprecation
+    # - removal
+    # - bugfix
+    kind: "bugfix"
+
+    # Is this a breaking change?
+    breaking: false
+

internal/olm/fbcutil/util.go

@@ -26,6 +26,7 @@ import (
 	"github.com/operator-framework/operator-registry/alpha/declcfg"
 	declarativeconfig "github.com/operator-framework/operator-registry/alpha/declcfg"
 	"github.com/operator-framework/operator-registry/pkg/containertools"
+	"github.com/operator-framework/operator-registry/pkg/image/containerdregistry"
 	registryutil "github.com/operator-framework/operator-sdk/internal/registry"
 	log "github.com/sirupsen/logrus"
 )
@@ -58,17 +59,19 @@ type BundleDeclcfg struct {
 // a new File-Based Catalog on the fly. The fields from this struct are passed as
 // parameters to Operator Registry API calls to generate declarative config objects.
 type FBCContext struct {
-	Package      string
-	ChannelName  string
-	Refs         []string
-	ChannelEntry declarativeconfig.ChannelEntry
+	Package       string
+	ChannelName   string
+	Refs          []string
+	ChannelEntry  declarativeconfig.ChannelEntry
+	SkipTLSVerify bool
+	UseHTTP       bool
 }
 
 // CreateFBC generates an FBC by creating bundle, package and channel blobs.
 func (f *FBCContext) CreateFBC(ctx context.Context) (BundleDeclcfg, error) {
 	var bundleDC BundleDeclcfg
 	// Rendering the bundle image into a declarative config format.
-	declcfg, err := RenderRefs(ctx, f.Refs)
+	declcfg, err := RenderRefs(ctx, f.Refs, f.SkipTLSVerify, f.UseHTTP)
 	if err != nil {
 		return BundleDeclcfg{}, err
 	}
@@ -120,11 +123,28 @@ func ValidateAndStringify(declcfg *declarativeconfig.DeclarativeConfig) (string,
 	return buf.String(), nil
 }
 
+func NullLogger() *log.Entry {
+	logger := log.New()
+	logger.SetOutput(ioutil.Discard)
+	return log.NewEntry(logger)
+}
+
 // RenderRefs will invoke Operator Registry APIs and return a declarative config object representation
 // of the references that are passed in as a string array.
-func RenderRefs(ctx context.Context, refs []string) (*declarativeconfig.DeclarativeConfig, error) {
+func RenderRefs(ctx context.Context, refs []string, skipTLSVerify bool, useHTTP bool) (*declarativeconfig.DeclarativeConfig, error) {
+
+	reg, err := containerdregistry.NewRegistry(
+		containerdregistry.WithLog(NullLogger()),
+		containerdregistry.SkipTLSVerify(skipTLSVerify),
+		containerdregistry.WithPlainHTTP(useHTTP))
+
+	if err != nil {
+		return nil, fmt.Errorf("error creating new image registry: %v", err)
+	}
+
 	render := action.Render{
-		Refs: refs,
+		Refs:     refs,
+		Registry: reg,
 	}
 
 	log.SetOutput(ioutil.Discard)

internal/olm/operator/bundle/install.go

@@ -27,6 +27,7 @@ import (
 	"github.com/operator-framework/api/pkg/operators/v1alpha1"
 	"github.com/operator-framework/operator-registry/alpha/action"
 	declarativeconfig "github.com/operator-framework/operator-registry/alpha/declcfg"
+	"github.com/operator-framework/operator-registry/pkg/image/containerdregistry"
 	registrybundle "github.com/operator-framework/operator-registry/pkg/lib/bundle"
 	fbcutil "github.com/operator-framework/operator-sdk/internal/olm/fbcutil"
 	"github.com/operator-framework/operator-sdk/internal/olm/operator"
@@ -120,6 +121,8 @@ func (i *Install) setup(ctx context.Context) error {
 			ChannelEntry: declarativeconfig.ChannelEntry{
 				Name: csv.Name,
 			},
+			SkipTLSVerify: i.SkipTLSVerify,
+			UseHTTP:       i.UseHTTP,
 		}
 
 		if _, hasChannelMetadata := labels[registrybundle.ChannelsLabel]; hasChannelMetadata {
@@ -167,7 +170,7 @@ func generateFBCContent(ctx context.Context, f *fbcutil.FBCContext, bundleImage,
 	if indexImage != fbcutil.DefaultIndexImage { // non-default index image was specified.
 		// since an index image is specified, the bundle image will be added to the index image.
 		// generateExtraFBC will ensure that the bundle is not already present in the index image and error out if it does.
-		declcfg, err = generateExtraFBC(ctx, indexImage, bundleDeclcfg)
+		declcfg, err = generateExtraFBC(ctx, indexImage, bundleDeclcfg, f.SkipTLSVerify, f.UseHTTP)
 		if err != nil {
 			return "", fmt.Errorf("error adding bundle image %q to index image %q: %v", bundleImage, indexImage, err)
 		}
@@ -186,11 +189,22 @@ func generateFBCContent(ctx context.Context, f *fbcutil.FBCContext, bundleImage,
 
 // generateExtraFBC verifies that a bundle is not already present on the index and if not, it renders the bundle contents into a
 // declarative config type.
-func generateExtraFBC(ctx context.Context, indexImage string, bundleDeclConfig fbcutil.BundleDeclcfg) (*declarativeconfig.DeclarativeConfig, error) {
+func generateExtraFBC(ctx context.Context, indexImage string, bundleDeclConfig fbcutil.BundleDeclcfg, skipTLSVerify bool, useHTTP bool) (*declarativeconfig.DeclarativeConfig, error) {
 	log.Infof("Rendering a File-Based Catalog of the Index Image %q to verify if bundle %q is present", indexImage, bundleDeclConfig.Bundle.Name)
 	log.SetOutput(ioutil.Discard)
+
+	reg, err := containerdregistry.NewRegistry(
+		containerdregistry.WithLog(fbcutil.NullLogger()),
+		containerdregistry.SkipTLSVerify(skipTLSVerify),
+		containerdregistry.WithPlainHTTP(useHTTP))
+
+	if err != nil {
+		return nil, fmt.Errorf("error creating new image registry: %v", err)
+	}
+
 	render := action.Render{
-		Refs: []string{indexImage},
+		Refs:     []string{indexImage},
+		Registry: reg,
 	}
 
 	imageDeclConfig, err := render.Run(ctx)

internal/olm/operator/registry/index_image.go

@@ -144,15 +144,15 @@ func getChannelHead(entries []declarativeconfig.ChannelEntry) (string, error) {
 }
 
 // handleTraditionalUpgrade upgrades an operator that was installed using OLM. Subsequent upgrades will go through the runFBCUpgrade function
-func handleTraditionalUpgrade(ctx context.Context, indexImage string, bundleImage string, channelName string) (string, error) {
+func handleTraditionalUpgrade(ctx context.Context, indexImage string, bundleImage string, channelName string, skipTLSVerify bool, useHTTP bool) (string, error) {
 	// render the index image
-	originalDeclCfg, err := fbcutil.RenderRefs(ctx, []string{indexImage})
+	originalDeclCfg, err := fbcutil.RenderRefs(ctx, []string{indexImage}, skipTLSVerify, useHTTP)
 	if err != nil {
 		return "", fmt.Errorf("error rendering index %q", indexImage)
 	}
 
 	// render the bundle image
-	bundleDeclConfig, err := fbcutil.RenderRefs(ctx, []string{bundleImage})
+	bundleDeclConfig, err := fbcutil.RenderRefs(ctx, []string{bundleImage}, skipTLSVerify, useHTTP)
 	if err != nil {
 		return "", fmt.Errorf("error rendering bundle image %q", bundleImage)
 	}
@@ -201,7 +201,7 @@ func (c *IndexImageCatalogCreator) runFBCUpgrade(ctx context.Context) error {
 		refs = append(refs, c.IndexImage)
 	}
 
-	originalDeclcfg, err := fbcutil.RenderRefs(ctx, refs)
+	originalDeclcfg, err := fbcutil.RenderRefs(ctx, refs, c.SkipTLSVerify, c.UseHTTP)
 	if err != nil {
 		return err
 	}
@@ -215,7 +215,7 @@ func (c *IndexImageCatalogCreator) runFBCUpgrade(ctx context.Context) error {
 	}
 
 	// Adding the FBC "f" to the originalDeclcfg to generate a new FBC
-	declcfg, err := upgradeFBC(ctx, f, originalDeclcfg)
+	declcfg, err := upgradeFBC(ctx, f, originalDeclcfg, c.SkipTLSVerify, c.UseHTTP)
 	if err != nil {
 		return fmt.Errorf("error creating the upgraded FBC: %v", err)
 	}
@@ -235,8 +235,8 @@ func (c *IndexImageCatalogCreator) runFBCUpgrade(ctx context.Context) error {
 
 // upgradeFBC constructs a new File-Based Catalog from both the FBCContext object and the declarative config object. This function will check to see
 // if the FBCContext object "f" is already present in the original declarative config.
-func upgradeFBC(ctx context.Context, f *fbcutil.FBCContext, originalDeclCfg *declarativeconfig.DeclarativeConfig) (*declarativeconfig.DeclarativeConfig, error) {
-	declcfg, err := fbcutil.RenderRefs(ctx, f.Refs)
+func upgradeFBC(ctx context.Context, f *fbcutil.FBCContext, originalDeclCfg *declarativeconfig.DeclarativeConfig, skipTLSVerify bool, useHTTP bool) (*declarativeconfig.DeclarativeConfig, error) {
+	declcfg, err := fbcutil.RenderRefs(ctx, f.Refs, skipTLSVerify, useHTTP)
 	if err != nil {
 		return nil, err
 	}
@@ -387,7 +387,7 @@ func (c IndexImageCatalogCreator) UpdateCatalog(ctx context.Context, cs *v1alpha
 			}
 
 			// Upgrading when installed traditionally by OLM
-			upgradedFBC, err := handleTraditionalUpgrade(ctx, c.IndexImage, c.BundleImage, subscription.Spec.Channel)
+			upgradedFBC, err := handleTraditionalUpgrade(ctx, c.IndexImage, c.BundleImage, subscription.Spec.Channel, c.SkipTLSVerify, c.UseHTTP)
 			if err != nil {
 				return fmt.Errorf("unable to upgrade bundle: %v", err)
 			}