feat: Add OCI Artifact support to the Podman REST API

This patch adds a new endpoint to the REST API called "artifacts" with
the following methods:
- Add
- Extract
- Inspect
- List
- Pull
- Push
- Remove

This API will be utilised by the Podman bindings to add OCI Artifact
support to our remote clients.

Jira: https://issues.redhat.com/browse/RUN-2711

Signed-off-by: Lewis Roy <[email protected]>

Author: ninja-quokka

cmd/podman/artifact/add.go

@@ -2,6 +2,8 @@ package artifact
 
 import (
 	"fmt"
+	"os"
+	"path/filepath"
 
 	"github.com/containers/common/pkg/completion"
 	"github.com/containers/podman/v5/cmd/podman/common"
@@ -11,20 +13,18 @@ import (
 	"github.com/spf13/cobra"
 )
 
-var (
-	addCmd = &cobra.Command{
-		Use:               "add [options] ARTIFACT PATH [...PATH]",
-		Short:             "Add an OCI artifact to the local store",
-		Long:              "Add an OCI artifact to the local store from the local filesystem",
-		RunE:              add,
-		Args:              cobra.MinimumNArgs(2),
-		ValidArgsFunction: common.AutocompleteArtifactAdd,
-		Example: `podman artifact add quay.io/myimage/myartifact:latest /tmp/foobar.txt
+var addCmd = &cobra.Command{
+	Use:               "add [options] ARTIFACT PATH [...PATH]",
+	Short:             "Add an OCI artifact to the local store",
+	Long:              "Add an OCI artifact to the local store from the local filesystem",
+	RunE:              add,
+	Args:              cobra.MinimumNArgs(2),
+	ValidArgsFunction: common.AutocompleteArtifactAdd,
+	Example: `podman artifact add quay.io/myimage/myartifact:latest /tmp/foobar.txt
 podman artifact add --file-type text/yaml quay.io/myimage/myartifact:latest /tmp/foobar.yaml
 podman artifact add --append quay.io/myimage/myartifact:latest /tmp/foobar.tar.gz`,
-		Annotations: map[string]string{registry.EngineMode: registry.ABIMode},
-	}
-)
+	Annotations: map[string]string{registry.EngineMode: registry.ABIMode},
+}
 
 type artifactAddOptions struct {
 	ArtifactType string
@@ -33,9 +33,7 @@ type artifactAddOptions struct {
 	FileType     string
 }
 
-var (
-	addOpts artifactAddOptions
-)
+var addOpts artifactAddOptions
 
 func init() {
 	registry.Commands = append(registry.Commands, registry.CliCommand{
@@ -61,6 +59,8 @@ func init() {
 }
 
 func add(cmd *cobra.Command, args []string) error {
+	artifactName := args[0]
+	blobs := args[1:]
 	opts := new(entities.ArtifactAddOptions)
 
 	annots, err := utils.ParseAnnotations(addOpts.Annotations)
@@ -72,7 +72,23 @@ func add(cmd *cobra.Command, args []string) error {
 	opts.Append = addOpts.Append
 	opts.FileType = addOpts.FileType
 
-	report, err := registry.ImageEngine().ArtifactAdd(registry.Context(), args[0], args[1:], opts)
+	artifactBlobs := make([]entities.ArtifactBlob, 0, len(blobs))
+
+	for _, blobPath := range blobs {
+		b, err := os.Open(blobPath)
+		if err != nil {
+			return fmt.Errorf("error opening path %s: %w", blobPath, err)
+		}
+		defer b.Close()
+
+		artifactBlob := entities.ArtifactBlob{
+			Blob:     b,
+			Filename: filepath.Base(blobPath),
+		}
+		artifactBlobs = append(artifactBlobs, artifactBlob)
+	}
+
+	report, err := registry.ImageEngine().ArtifactAdd(registry.Context(), artifactName, artifactBlobs, opts)
 	if err != nil {
 		return err
 	}

pkg/api/handlers/compat/containers_archive.go

@@ -4,13 +4,12 @@ package compat
 
 import (
 	"encoding/json"
+	"errors"
 	"fmt"
 	"net/http"
 	"os"
 	"strings"
 
-	"errors"
-
 	"github.com/containers/podman/v5/libpod"
 	"github.com/containers/podman/v5/libpod/define"
 	"github.com/containers/podman/v5/pkg/api/handlers/utils"

pkg/api/handlers/libpod/artifacts.go

@@ -0,0 +1,265 @@
+//go:build !remote
+
+package libpod
+
+import (
+	"errors"
+	"fmt"
+	"net/http"
+
+	"github.com/containers/image/v5/types"
+	libartifact_types "github.com/containers/podman/v5/pkg/libartifact/types"
+
+	"github.com/containers/podman/v5/libpod"
+	"github.com/containers/podman/v5/pkg/api/handlers/utils"
+
+	domain_utils "github.com/containers/podman/v5/pkg/domain/utils"
+
+	api "github.com/containers/podman/v5/pkg/api/types"
+	"github.com/containers/podman/v5/pkg/auth"
+	"github.com/containers/podman/v5/pkg/domain/entities"
+	"github.com/containers/podman/v5/pkg/domain/infra/abi"
+	"github.com/gorilla/schema"
+)
+
+func InspectArtifact(w http.ResponseWriter, r *http.Request) {
+	runtime := r.Context().Value(api.RuntimeKey).(*libpod.Runtime)
+	name := utils.GetName(r)
+	imageEngine := abi.ImageEngine{Libpod: runtime}
+	report, err := imageEngine.ArtifactInspect(r.Context(), name, entities.ArtifactInspectOptions{})
+	if errors.Is(err, libartifact_types.ErrArtifactNotExist) {
+		utils.ArtifactNotFound(w, name, err)
+		return
+	}
+	if err != nil {
+		utils.InternalServerError(w, err)
+		return
+	}
+	utils.WriteResponse(w, http.StatusOK, report)
+}
+
+func ListArtifact(w http.ResponseWriter, r *http.Request) {
+	runtime := r.Context().Value(api.RuntimeKey).(*libpod.Runtime)
+	imageEngine := abi.ImageEngine{Libpod: runtime}
+	artifacts, err := imageEngine.ArtifactList(r.Context(), entities.ArtifactListOptions{})
+	if err != nil {
+		utils.InternalServerError(w, err)
+		return
+	}
+	utils.WriteResponse(w, http.StatusOK, artifacts)
+}
+
+func PullArtifact(w http.ResponseWriter, r *http.Request) {
+	runtime := r.Context().Value(api.RuntimeKey).(*libpod.Runtime)
+	decoder := r.Context().Value(api.DecoderKey).(*schema.Decoder)
+	query := struct {
+		Name       string `schema:"name"`
+		Retry      uint   `schema:"retry"`
+		RetryDelay string `schema:"retryDelay"`
+		TLSVerify  bool   `schema:"tlsVerify"`
+	}{
+		TLSVerify: true,
+	}
+
+	if err := decoder.Decode(&query, r.URL.Query()); err != nil {
+		utils.Error(w, http.StatusBadRequest, fmt.Errorf("failed to parse parameters for %s: %w", r.URL.String(), err))
+		return
+	}
+
+	if len(query.Name) == 0 {
+		utils.InternalServerError(w, errors.New("name parameter cannot be empty"))
+		return
+	}
+
+	artifactsPullOptions := entities.ArtifactPullOptions{}
+
+	if _, found := r.URL.Query()["tlsVerify"]; found {
+		artifactsPullOptions.InsecureSkipTLSVerify = types.NewOptionalBool(!query.TLSVerify)
+	}
+
+	if _, found := r.URL.Query()["retry"]; found {
+		artifactsPullOptions.MaxRetries = &query.Retry
+	}
+
+	if len(query.RetryDelay) != 0 {
+		artifactsPullOptions.RetryDelay = query.RetryDelay
+	}
+
+	authConf, authfile, err := auth.GetCredentials(r)
+	if err != nil {
+		utils.Error(w, http.StatusBadRequest, err)
+		return
+	}
+	defer auth.RemoveAuthfile(authfile)
+
+	artifactsPullOptions.AuthFilePath = authfile
+	if authConf != nil {
+		artifactsPullOptions.Username = authConf.Username
+		artifactsPullOptions.Password = authConf.Password
+		artifactsPullOptions.IdentityToken = authConf.IdentityToken
+	}
+
+	imageEngine := abi.ImageEngine{Libpod: runtime}
+	artifacts, err := imageEngine.ArtifactPull(r.Context(), query.Name, artifactsPullOptions)
+	if err != nil {
+		utils.InternalServerError(w, err)
+		return
+	}
+	utils.WriteResponse(w, http.StatusOK, artifacts)
+}
+
+func RemoveArtifact(w http.ResponseWriter, r *http.Request) {
+	runtime := r.Context().Value(api.RuntimeKey).(*libpod.Runtime)
+	imageEngine := abi.ImageEngine{Libpod: runtime}
+
+	name := utils.GetName(r)
+
+	artifacts, err := imageEngine.ArtifactRm(r.Context(), name, entities.ArtifactRemoveOptions{})
+
+	if errors.Is(err, libartifact_types.ErrArtifactNotExist) {
+		utils.ArtifactNotFound(w, name, err)
+		return
+	}
+	if err != nil {
+		utils.InternalServerError(w, err)
+		return
+	}
+	utils.WriteResponse(w, http.StatusOK, artifacts)
+}
+
+func AddArtifact(w http.ResponseWriter, r *http.Request) {
+	runtime := r.Context().Value(api.RuntimeKey).(*libpod.Runtime)
+	decoder := r.Context().Value(api.DecoderKey).(*schema.Decoder)
+	query := struct {
+		Name        string   `schema:"name"`
+		File        string   `schema:"file"`
+		Annotations []string `schema:"annotations"`
+		Type        string   `schema:"type"`
+		Append      bool     `schema:"append"`
+	}{
+		Append: false,
+	}
+
+	if err := decoder.Decode(&query, r.URL.Query()); err != nil {
+		utils.Error(w, http.StatusBadRequest, fmt.Errorf("failed to parse parameters for %s: %w", r.URL.String(), err))
+		return
+	}
+
+	if query.Name == "" || len(query.File) == 0 {
+		utils.Error(w, http.StatusBadRequest, errors.New("name and file parameters are required"))
+		return
+	}
+
+	annotations, err := domain_utils.ParseAnnotations(query.Annotations)
+	if err != nil {
+		utils.Error(w, http.StatusBadRequest, errors.New("error parsing annotations"))
+		return
+	}
+
+	// FIX: Should we verify r.body isn't empty here? It's hard as it's streaming
+
+	artifactAddOptions := &entities.ArtifactAddOptions{
+		Append:       query.Append,
+		Annotations:  annotations,
+		ArtifactType: query.Type,
+	}
+
+	artifactBlobs := []entities.ArtifactBlob{{ // FIX: Should this be a pointer?
+		Blob:     r.Body,
+		Filename: query.File,
+	}}
+
+	imageEngine := abi.ImageEngine{Libpod: runtime}
+	artifacts, err := imageEngine.ArtifactAdd(r.Context(), query.Name, artifactBlobs, artifactAddOptions)
+	if err != nil {
+		utils.InternalServerError(w, err)
+		return
+	}
+	utils.WriteResponse(w, http.StatusCreated, artifacts)
+}
+
+func PushArtifact(w http.ResponseWriter, r *http.Request) {
+	runtime := r.Context().Value(api.RuntimeKey).(*libpod.Runtime)
+	decoder := r.Context().Value(api.DecoderKey).(*schema.Decoder)
+	query := struct {
+		Retry      uint   `schema:"retry"`
+		RetryDelay string `schema:"retrydelay"`
+		TLSVerify  bool   `schema:"tlsVerify"`
+	}{
+		TLSVerify: true,
+	}
+
+	if err := decoder.Decode(&query, r.URL.Query()); err != nil {
+		utils.Error(w, http.StatusBadRequest, fmt.Errorf("failed to parse parameters for %s: %w", r.URL.String(), err))
+		return
+	}
+
+	name := utils.GetName(r)
+
+	artifactsPushOptions := entities.ArtifactPushOptions{}
+
+	if _, found := r.URL.Query()["tlsVerify"]; found {
+		artifactsPushOptions.SkipTLSVerify = types.NewOptionalBool(!query.TLSVerify)
+	}
+
+	if _, found := r.URL.Query()["retry"]; found {
+		artifactsPushOptions.Retry = &query.Retry
+	}
+
+	if len(query.RetryDelay) != 0 {
+		artifactsPushOptions.RetryDelay = query.RetryDelay
+	}
+
+	authConf, authfile, err := auth.GetCredentials(r)
+	if err != nil {
+		utils.Error(w, http.StatusBadRequest, err)
+		return
+	}
+	defer auth.RemoveAuthfile(authfile)
+
+	if authConf != nil {
+		artifactsPushOptions.Username = authConf.Username
+		artifactsPushOptions.Password = authConf.Password
+	}
+
+	imageEngine := abi.ImageEngine{Libpod: runtime}
+
+	// FIX: push currently just returns an empty struct, should we return the digest?
+	artifacts, err := imageEngine.ArtifactPush(r.Context(), name, artifactsPushOptions)
+	if err != nil {
+		utils.InternalServerError(w, err)
+		return
+	}
+	utils.WriteResponse(w, http.StatusNoContent, artifacts)
+}
+
+func ExtractArtifact(w http.ResponseWriter, r *http.Request) {
+	runtime := r.Context().Value(api.RuntimeKey).(*libpod.Runtime)
+	decoder := r.Context().Value(api.DecoderKey).(*schema.Decoder)
+
+	query := struct {
+		Digest string `schema:"digest"`
+		Title  string `schema:"title"`
+	}{}
+	if err := decoder.Decode(&query, r.URL.Query()); err != nil {
+		utils.Error(w, http.StatusBadRequest, fmt.Errorf("failed to parse parameters for %s: %w", r.URL.String(), err))
+		return
+	}
+
+	extractOpts := entities.ArtifactExtractOptions{
+		Title:  query.Title,
+		Digest: query.Digest,
+	}
+
+	name := utils.GetName(r)
+
+	imageEngine := abi.ImageEngine{Libpod: runtime}
+
+	blobs, err := imageEngine.ArtifactExtractTarStream(r.Context(), name, &extractOpts)
+	if err != nil {
+		utils.InternalServerError(w, err)
+		return
+	}
+
+	utils.WriteResponse(w, http.StatusOK, blobs)
+}

pkg/api/handlers/swagger/errors.go

@@ -23,6 +23,13 @@ type containerNotFound struct {
 	Body errorhandling.ErrorModel
 }
 
+// No such artifact
+// swagger:response
+type artifactNotFound struct {
+	// in:body
+	Body errorhandling.ErrorModel
+}
+
 // No such network
 // swagger:response
 type networkNotFound struct {