Merge pull request #11 from ereslibre/oci-artifacts

Implement fetching from an artifact-enabled OCI registry

Author: ereslibre

Cargo.lock

@@ -14,9 +14,11 @@ clap = "2.33.3"
 hyper-tls = "0.5.0"
 hyper = { version = "0.14", features = ["full"] }
 native-tls = "^0.2.1"
+oci-distribution = "0.4"
 serde_json = "1.0"
 serde = { version = "1.0", features = ["derive"] }
 tokio = { version = "^1", features = ["full"] }
+tokio-compat-02 = "0.2.0"
 url = "2.2.0"
 wapc = "0.10.1"
-wasmtime-provider = "0.0.2"
+wasmtime-provider = "0.0.2"

Cargo.toml

@@ -51,7 +51,7 @@ async fn main() {
                 .env("CHIMERA_WASM_URI")
                 .required(true)
                 .help(
-                    "Wasm URI (file:///some/local/program.wasm, 
+                    "Wasm URI (file:///some/local/program.wasm,
                     https://some-host.com/some/remote/program.wasm,
                     registry://localhost:5000/project/artifact:some-version)",
                 ),

src/main.rs

@@ -2,10 +2,11 @@ use anyhow::{anyhow, Result};
 use async_std::fs::File;
 use async_std::prelude::*;
 use async_trait::async_trait;
-use hyper::{client::HttpConnector, Client, StatusCode, Uri};
+use hyper::{client::HttpConnector, Client, StatusCode};
 use hyper_tls::HttpsConnector;
 use native_tls::TlsConnector;
 use std::boxed::Box;
+use url::Url;
 
 use crate::wasm_fetcher::fetcher::Fetcher;
 
@@ -14,20 +15,20 @@ pub(crate) struct Https {
   // full path to the WASM module
   destination: String,
   // url of the remote WASM module
-  wasm_url: Uri,
+  wasm_url: Url,
   // do not verify the remote TLS certificate
   insecure: bool,
 }
 
 impl Https {
   // Allocates a LocalWASM instance starting from the user
   // provided URL
-  pub(crate) fn new(url: Uri, remote_insecure: bool) -> Result<Https> {
+  pub(crate) fn new(url: Url, remote_insecure: bool) -> Result<Https> {
     let dest = match url.path().rsplit('/').next() {
       Some(d) => d,
       None => {
         return Err(anyhow!(
-          "Cannot find infer name of the remote file by looking at {}",
+          "Cannot infer name of the remote file by looking at {}",
           url.path()
         ))
       }
@@ -56,7 +57,7 @@ impl Fetcher for Https {
     let client = Client::builder().build::<_, hyper::Body>(https);
 
     // not well: the hyper-tls connector handles both http and https scheme
-    let res = client.get(self.wasm_url.clone()).await?;
+    let res = client.get(self.wasm_url.clone().into_string().parse()?).await?;
     if res.status() != StatusCode::OK {
       return Err(anyhow!(
         "Error while downloading remote WASM module from {}, got HTTP status {}",

src/wasm_fetcher/https.rs

@@ -1,6 +1,5 @@
 use anyhow::Result;
 use async_trait::async_trait;
-use hyper::Uri;
 
 use crate::wasm_fetcher::fetcher::Fetcher;
 

src/wasm_fetcher/local.rs

@@ -1,14 +1,16 @@
 use anyhow::{anyhow, Result};
-use hyper::Uri;
+use url::Url;
 use std::boxed::Box;
 
 pub mod fetcher;
 mod https;
 mod local;
+mod registry;
 
 use crate::wasm_fetcher::fetcher::Fetcher;
 use crate::wasm_fetcher::https::Https;
 use crate::wasm_fetcher::local::Local;
+use crate::wasm_fetcher::registry::Registry;
 
 // Helper function, takes the URL of the WASM module and allocates
 // the right struct to interact with it
@@ -19,7 +21,7 @@ pub(crate) fn parse_wasm_url(
 ) -> Result<Box<dyn Fetcher>> {
   // we have to use url::Url instead of hyper::Uri because the latter one can't
   // parse urls like file://
-  let parsed_url = match url::Url::parse(url) {
+  let parsed_url: Url = match url::Url::parse(url) {
     Ok(u) => u,
     Err(e) => {
       return Err(anyhow!("Invalid WASI url: {}", e));
@@ -28,8 +30,8 @@ pub(crate) fn parse_wasm_url(
 
   match parsed_url.scheme() {
     "file" => Ok(Box::new(Local::new(parsed_url.path())?)),
-    "http" => Ok(Box::new(Https::new(url.parse::<Uri>()?, remote_insecure)?)),
-    "https" => Ok(Box::new(Https::new(url.parse::<Uri>()?, remote_insecure)?)),
+    "http" | "https" => Ok(Box::new(Https::new(url.parse::<Url>()?, remote_insecure)?)),
+    "registry" => Ok(Box::new(Registry::new(parsed_url, remote_non_tls)?)),
     _ => Err(anyhow!("unknown scheme: {}", parsed_url.scheme())),
   }
 }

src/wasm_fetcher/mod.rs

@@ -0,0 +1,66 @@
+use anyhow::{anyhow, Result};
+use async_std::fs::File;
+use async_std::prelude::*;
+use async_trait::async_trait;
+use oci_distribution::Reference;
+use oci_distribution::client::{Client, ClientConfig, ClientProtocol};
+use oci_distribution::secrets::RegistryAuth;
+use std::str::FromStr;
+use tokio_compat_02::FutureExt;
+use url::Url;
+
+use crate::wasm_fetcher::fetcher::Fetcher;
+
+// Struct used to reference a WASM module that is hosted on an OCI registry
+pub(crate) struct Registry {
+  // full path to the WASM module
+  destination: String,
+  // url of the remote WASM module
+  wasm_url: String,
+  // whether TLS should be skipped
+  skip_tls: bool,
+}
+
+impl Registry {
+    pub(crate) fn new(url: Url, skip_tls: bool) -> Result<Registry> {
+        match url.path().rsplit('/').next() {
+            Some(image_ref) => {
+                let wasm_url = url.to_string();
+                Ok(Registry{
+                    destination: image_ref.into(),
+                    wasm_url: wasm_url
+                        .strip_prefix("registry://")
+                        .map_or(Default::default(), |url| url.into()),
+                    skip_tls: skip_tls,
+                })
+            },
+            None => Err(anyhow!(
+                "Cannot infer name of the remote file by looking at {}",
+                url.path()
+            )),
+        }
+    }
+}
+
+#[async_trait]
+impl Fetcher for Registry {
+    async fn fetch(&self) -> Result<String> {
+        let mut client = Client::new(ClientConfig{
+            protocol: if self.skip_tls { ClientProtocol::Http } else { ClientProtocol::Https },
+        });
+        let reference = Reference::from_str(self.wasm_url.as_str())?;
+        let image_content = client
+            .pull_image(&reference, &RegistryAuth::Anonymous)
+            // We need to call to `compat()` provided by the `tokio-compat-02` crate
+            // so that the Future returned by the `oci-distribution` crate can be
+            // executed by a newer Tokio runtime.
+            .compat()
+            .await?
+            .content;
+
+        let mut file = File::create(self.destination.clone()).await?;
+        file.write_all(&image_content[..]).await?;
+
+        Ok(self.destination.clone())
+    }
+}