Fixes after updates from main

Author: atd9876

internal/controller/serverbootconfiguration_http_controller.go

@@ -200,18 +200,21 @@ func (r *ServerBootConfigurationHTTPReconciler) getSystemNetworkIDsFromServer(ct
 }
 
 func (r *ServerBootConfigurationHTTPReconciler) constructUKIURL(ctx context.Context, image string) (string, error) {
-	imageDetails := strings.Split(image, ":")
-	if len(imageDetails) != 2 {
-		return "", fmt.Errorf("invalid image format")
+	// Parse image reference - split on last ':' to handle registry:port/image:tag format
+	lastColon := strings.LastIndex(image, ":")
+	if lastColon == -1 {
+		return "", fmt.Errorf("invalid image format: missing tag")
 	}
+	imageName := image[:lastColon]
+	imageVersion := image[lastColon+1:]
 
-	ukiDigest, err := r.getUKIDigestFromNestedManifest(ctx, imageDetails[0], imageDetails[1])
+	ukiDigest, err := r.getUKIDigestFromNestedManifest(ctx, imageName, imageVersion)
 	if err != nil {
 		return "", fmt.Errorf("failed to fetch UKI layer digest: %w", err)
 	}
 
 	ukiDigest = strings.TrimPrefix(ukiDigest, "sha256:")
-	ukiURL := fmt.Sprintf("%s/%s/sha256-%s.efi", r.ImageServerURL, imageDetails[0], ukiDigest)
+	ukiURL := fmt.Sprintf("%s/%s/sha256-%s.efi", r.ImageServerURL, imageName, ukiDigest)
 	return ukiURL, nil
 }
 

internal/controller/serverbootconfiguration_http_controller_test.go

@@ -65,7 +65,7 @@ var _ = Describe("ServerBootConfiguration Controller", func() {
 				ServerRef: corev1.LocalObjectReference{
 					Name: server.Name,
 				},
-				Image:             "ghcr.io/ironcore-dev/os-images/test-image:100.1",
+				Image:             MockImageRef("ironcore-dev/os-images/test-image", "100.1"),
 				IgnitionSecretRef: &corev1.LocalObjectReference{Name: "foo"},
 			},
 		}

internal/controller/serverbootconfiguration_pxe_controller.go

@@ -223,19 +223,22 @@ func (r *ServerBootConfigurationPXEReconciler) getSystemIPFromBootConfig(ctx con
 }
 
 func (r *ServerBootConfigurationPXEReconciler) getImageDetailsFromConfig(ctx context.Context, config *metalv1alpha1.ServerBootConfiguration) (string, string, string, error) {
-	imageDetails := strings.Split(config.Spec.Image, ":")
-	if len(imageDetails) != 2 {
-		return "", "", "", fmt.Errorf("invalid image format")
+	// Parse image reference - split on last ':' to handle registry:port/image:tag format
+	lastColon := strings.LastIndex(config.Spec.Image, ":")
+	if lastColon == -1 {
+		return "", "", "", fmt.Errorf("invalid image format: missing tag")
 	}
+	imageName := config.Spec.Image[:lastColon]
+	imageVersion := config.Spec.Image[lastColon+1:]
 
-	kernelDigest, initrdDigest, squashFSDigest, err := r.getLayerDigestsFromNestedManifest(ctx, imageDetails[0], imageDetails[1])
+	kernelDigest, initrdDigest, squashFSDigest, err := r.getLayerDigestsFromNestedManifest(ctx, imageName, imageVersion)
 	if err != nil {
 		return "", "", "", fmt.Errorf("failed to fetch layer digests: %w", err)
 	}
 
-	kernelURL := fmt.Sprintf("%s/image?imageName=%s&version=%s&layerDigest=%s", r.IPXEServiceURL, imageDetails[0], imageDetails[1], kernelDigest)
-	initrdURL := fmt.Sprintf("%s/image?imageName=%s&version=%s&layerDigest=%s", r.IPXEServiceURL, imageDetails[0], imageDetails[1], initrdDigest)
-	squashFSURL := fmt.Sprintf("%s/image?imageName=%s&version=%s&layerDigest=%s", r.IPXEServiceURL, imageDetails[0], imageDetails[1], squashFSDigest)
+	kernelURL := fmt.Sprintf("%s/image?imageName=%s&version=%s&layerDigest=%s", r.IPXEServiceURL, imageName, imageVersion, kernelDigest)
+	initrdURL := fmt.Sprintf("%s/image?imageName=%s&version=%s&layerDigest=%s", r.IPXEServiceURL, imageName, imageVersion, initrdDigest)
+	squashFSURL := fmt.Sprintf("%s/image?imageName=%s&version=%s&layerDigest=%s", r.IPXEServiceURL, imageName, imageVersion, squashFSDigest)
 
 	return kernelURL, initrdURL, squashFSURL, nil
 }

internal/controller/serverbootconfiguration_pxe_controller_test.go

@@ -64,7 +64,7 @@ var _ = Describe("ServerBootConfiguration Controller", func() {
 				ServerRef: corev1.LocalObjectReference{
 					Name: server.Name,
 				},
-				Image:             "ghcr.io/ironcore-dev/os-images/gardenlinux:1877.0",
+				Image:             MockImageRef("ironcore-dev/os-images/gardenlinux", "1877.0"),
 				IgnitionSecretRef: &corev1.LocalObjectReference{Name: "foo"},
 			},
 		}
@@ -125,7 +125,7 @@ var _ = Describe("ServerBootConfiguration Controller", func() {
 				ServerRef: corev1.LocalObjectReference{
 					Name: server.Name,
 				},
-				Image:             "ghcr.io/gardenlinux/gardenlinux:1772.0",
+				Image:             MockImageRef("gardenlinux/gardenlinux", "1772.0"),
 				IgnitionSecretRef: &corev1.LocalObjectReference{Name: "foo"},
 			},
 		}

internal/controller/suite_test.go

@@ -36,6 +36,7 @@ import (
 
 	bootv1alpha1 "github.com/ironcore-dev/boot-operator/api/v1alpha1"
 	"github.com/ironcore-dev/boot-operator/internal/registry"
+	testregistry "github.com/ironcore-dev/boot-operator/test/registry"
 	//+kubebuilder:scaffold:imports
 )
 
@@ -46,9 +47,10 @@ const (
 )
 
 var (
-	cfg       *rest.Config
-	k8sClient client.Client
-	testEnv   *envtest.Environment
+	cfg          *rest.Config
+	k8sClient    client.Client
+	testEnv      *envtest.Environment
+	mockRegistry *testregistry.MockRegistry
 )
 
 func TestControllers(t *testing.T) {
@@ -64,8 +66,17 @@ func TestControllers(t *testing.T) {
 var _ = BeforeSuite(func() {
 	logf.SetLogger(zap.New(zap.WriteTo(GinkgoWriter), zap.UseDevMode(true)))
 
-	// Set ALLOWED_REGISTRIES for tests to use ghcr.io images
-	Expect(os.Setenv("ALLOWED_REGISTRIES", "ghcr.io")).To(Succeed())
+	By("starting mock OCI registry")
+	mockRegistry = testregistry.NewMockRegistry()
+	DeferCleanup(mockRegistry.Close)
+
+	// Push test images to mock registry (using simple paths without localhost prefix)
+	Expect(mockRegistry.PushPXEImage("ironcore-dev/os-images/gardenlinux", "1877.0", runtime.GOARCH)).To(Succeed())
+	Expect(mockRegistry.PushPXEImageOldFormat("gardenlinux/gardenlinux", "1772.0", runtime.GOARCH)).To(Succeed())
+	Expect(mockRegistry.PushHTTPImage("ironcore-dev/os-images/test-image", "100.1")).To(Succeed())
+
+	// Set ALLOWED_REGISTRIES to use mock registry
+	Expect(os.Setenv("ALLOWED_REGISTRIES", mockRegistry.RegistryAddress())).To(Succeed())
 	DeferCleanup(func() {
 		Expect(os.Unsetenv("ALLOWED_REGISTRIES")).To(Succeed())
 	})
@@ -165,3 +176,8 @@ func SetupTest() *corev1.Namespace {
 
 	return ns
 }
+
+// MockImageRef returns a fully qualified image reference for the mock registry
+func MockImageRef(name, tag string) string {
+	return fmt.Sprintf("%s/%s:%s", mockRegistry.RegistryAddress(), name, tag)
+}

test/registry/registry.go

@@ -0,0 +1,242 @@
+// SPDX-FileCopyrightText: 2024 SAP SE or an SAP affiliate company and IronCore contributors
+// SPDX-License-Identifier: Apache-2.0
+
+package registry
+
+import (
+	"encoding/json"
+	"fmt"
+	"net/http"
+	"net/http/httptest"
+	"strings"
+	"sync"
+
+	"github.com/opencontainers/go-digest"
+	ocispec "github.com/opencontainers/image-spec/specs-go/v1"
+)
+
+const (
+	MediaTypeKernel    = "application/vnd.ironcore.image.kernel"
+	MediaTypeInitrd    = "application/vnd.ironcore.image.initramfs"
+	MediaTypeSquashfs  = "application/vnd.ironcore.image.squashfs"
+	MediaTypeUKI       = "application/vnd.ironcore.image.uki"
+	MediaTypeKernelOld = "application/io.gardenlinux.kernel"
+	MediaTypeInitrdOld = "application/io.gardenlinux.initrd"
+)
+
+// MockRegistry provides an in-memory OCI registry for testing
+type MockRegistry struct {
+	mu                sync.RWMutex
+	manifests         map[string]ocispec.Manifest        // Key: "name:tag" or "name@digest"
+	manifestsByDigest map[digest.Digest]ocispec.Manifest // For digest lookups
+	indexes           map[string]ocispec.Index
+	blobs             map[digest.Digest][]byte
+	server            *httptest.Server
+}
+
+// NewMockRegistry creates a new mock OCI registry server
+func NewMockRegistry() *MockRegistry {
+	r := &MockRegistry{
+		manifests:         make(map[string]ocispec.Manifest),
+		manifestsByDigest: make(map[digest.Digest]ocispec.Manifest),
+		indexes:           make(map[string]ocispec.Index),
+		blobs:             make(map[digest.Digest][]byte),
+	}
+
+	mux := http.NewServeMux()
+
+	// OCI Distribution API endpoints
+	mux.HandleFunc("/v2/", func(w http.ResponseWriter, req *http.Request) {
+		if req.URL.Path == "/v2/" {
+			// Version check endpoint
+			w.Header().Set("Content-Type", "application/json")
+			w.WriteHeader(http.StatusOK)
+			_ = json.NewEncoder(w).Encode(map[string]string{"version": "2.0"})
+			return
+		}
+
+		// Manifest endpoint
+		if strings.Contains(req.URL.Path, "/manifests/") {
+			r.handleManifest(w, req)
+			return
+		}
+
+		http.NotFound(w, req)
+	})
+
+	r.server = httptest.NewServer(mux)
+	return r
+}
+
+// Close shuts down the mock registry server
+func (r *MockRegistry) Close() {
+	r.server.Close()
+}
+
+// URL returns the base URL of the mock registry
+func (r *MockRegistry) URL() string {
+	return r.server.URL
+}
+
+// RegistryAddress returns the registry address without http:// prefix
+func (r *MockRegistry) RegistryAddress() string {
+	return strings.TrimPrefix(r.URL(), "http://")
+}
+
+// pushPXEManifest is a helper to store PXE manifests with given media types
+func (r *MockRegistry) pushPXEManifest(name, tag string, kernelMedia, initrdMedia string) {
+	kernelDigest := digest.FromString(fmt.Sprintf("kernel-%s-%s", name, tag))
+	initrdDigest := digest.FromString(fmt.Sprintf("initrd-%s-%s", name, tag))
+	squashfsDigest := digest.FromString(fmt.Sprintf("squashfs-%s-%s", name, tag))
+	configDigest := digest.FromString(fmt.Sprintf("config-%s-%s", name, tag))
+
+	manifest := ocispec.Manifest{
+		MediaType: ocispec.MediaTypeImageManifest,
+		Config: ocispec.Descriptor{
+			MediaType: "application/vnd.oci.image.config.v1+json",
+			Digest:    configDigest,
+			Size:      2,
+		},
+		Layers: []ocispec.Descriptor{
+			{
+				MediaType: kernelMedia,
+				Digest:    kernelDigest,
+				Size:      1024,
+			},
+			{
+				MediaType: initrdMedia,
+				Digest:    initrdDigest,
+				Size:      2048,
+			},
+			{
+				MediaType: MediaTypeSquashfs,
+				Digest:    squashfsDigest,
+				Size:      4096,
+			},
+		},
+	}
+
+	ref := fmt.Sprintf("%s:%s", name, tag)
+	r.manifests[ref] = manifest
+
+	// Calculate and store manifest digest
+	manifestBytes, _ := json.Marshal(manifest)
+	manifestDigest := digest.FromBytes(manifestBytes)
+	r.manifestsByDigest[manifestDigest] = manifest
+
+	r.blobs[manifest.Config.Digest] = []byte("{}")
+	r.blobs[kernelDigest] = []byte("kernel-data")
+	r.blobs[initrdDigest] = []byte("initrd-data")
+	r.blobs[squashfsDigest] = []byte("squashfs-data")
+}
+
+// PushPXEImage adds a PXE boot image with kernel, initrd, and squashfs layers
+func (r *MockRegistry) PushPXEImage(name, tag, architecture string) error {
+	r.mu.Lock()
+	defer r.mu.Unlock()
+	r.pushPXEManifest(name, tag, MediaTypeKernel, MediaTypeInitrd)
+	return nil
+}
+
+// PushPXEImageOldFormat adds a PXE boot image using old Gardenlinux media types
+func (r *MockRegistry) PushPXEImageOldFormat(name, tag, architecture string) error {
+	r.mu.Lock()
+	defer r.mu.Unlock()
+	r.pushPXEManifest(name, tag, MediaTypeKernelOld, MediaTypeInitrdOld)
+	return nil
+}
+
+// PushHTTPImage adds an HTTP boot image with UKI layer
+func (r *MockRegistry) PushHTTPImage(name, tag string) error {
+	r.mu.Lock()
+	defer r.mu.Unlock()
+
+	ukiDigest := digest.FromString(fmt.Sprintf("uki-%s-%s", name, tag))
+	configDigest := digest.FromString(fmt.Sprintf("config-%s-%s", name, tag))
+
+	manifest := ocispec.Manifest{
+		MediaType: ocispec.MediaTypeImageManifest,
+		Config: ocispec.Descriptor{
+			MediaType: "application/vnd.oci.image.config.v1+json",
+			Digest:    configDigest,
+			Size:      2,
+		},
+		Layers: []ocispec.Descriptor{
+			{
+				MediaType: MediaTypeUKI,
+				Digest:    ukiDigest,
+				Size:      8192,
+			},
+		},
+	}
+
+	ref := fmt.Sprintf("%s:%s", name, tag)
+	r.manifests[ref] = manifest
+
+	// Calculate and store manifest digest
+	manifestBytes, _ := json.Marshal(manifest)
+	manifestDigest := digest.FromBytes(manifestBytes)
+	r.manifestsByDigest[manifestDigest] = manifest
+
+	r.blobs[manifest.Config.Digest] = []byte("{}")
+	r.blobs[ukiDigest] = []byte("uki-data")
+
+	return nil
+}
+
+func (r *MockRegistry) handleManifest(w http.ResponseWriter, req *http.Request) {
+	// Match pattern: /v2/{name}/manifests/{reference}
+	parts := strings.Split(strings.TrimPrefix(req.URL.Path, "/v2/"), "/manifests/")
+	if len(parts) != 2 {
+		http.NotFound(w, req)
+		return
+	}
+
+	name := parts[0]
+	reference := parts[1]
+
+	r.mu.RLock()
+	defer r.mu.RUnlock()
+
+	var manifest ocispec.Manifest
+	var exists bool
+	var manifestDigest string
+
+	// Check if reference is a digest (sha256:...)
+	if strings.HasPrefix(reference, "sha256:") {
+		// Look up by digest
+		dgst, err := digest.Parse(reference)
+		if err != nil {
+			http.Error(w, "invalid digest", http.StatusBadRequest)
+			return
+		}
+		manifest, exists = r.manifestsByDigest[dgst]
+		manifestDigest = reference
+	} else {
+		// Look up by tag
+		imageRef := fmt.Sprintf("%s:%s", name, reference)
+		manifest, exists = r.manifests[imageRef]
+		// Calculate digest for Content-Digest header
+		manifestBytes, _ := json.Marshal(manifest)
+		dgst := digest.FromBytes(manifestBytes)
+		manifestDigest = dgst.String()
+	}
+
+	if !exists {
+		http.Error(w, "manifest not found", http.StatusNotFound)
+		return
+	}
+
+	if req.Method == http.MethodHead {
+		w.Header().Set("Content-Type", ocispec.MediaTypeImageManifest)
+		w.Header().Set("Docker-Content-Digest", manifestDigest)
+		w.WriteHeader(http.StatusOK)
+		return
+	}
+
+	manifestData, _ := json.Marshal(manifest)
+	w.Header().Set("Content-Type", ocispec.MediaTypeImageManifest)
+	w.Header().Set("Docker-Content-Digest", manifestDigest)
+	w.WriteHeader(http.StatusOK)
+	_, _ = w.Write(manifestData)
+}