From 9db69f880977889eb50e4bb04db28fce45b67dce Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?C=C3=A9dric=20Bosdonnat?= <cbosdonnat@suse.com>
Date: Fri, 12 Jul 2024 16:03:26 +0200
Subject: [PATCH] Pass the SCC credentials in pullImage() to factorize code

pullImage() needs the SCC credentials, but we don't want the
InspectHost() function to be called multiple times in one command. We
thus need to pass it down.
---
 mgradm/cmd/install/podman/utils.go |  6 +-----
 mgradm/cmd/migrate/podman/utils.go |  8 +-------
 mgradm/shared/podman/podman.go     | 14 ++-----------
 mgrpxy/cmd/install/podman/utils.go | 15 +++++++++-----
 mgrpxy/shared/podman/podman.go     | 33 +++++++++++++++---------------
 shared/podman/images.go            | 22 ++++++++++++++++----
 shared/podman/utils.go             |  7 +------
 7 files changed, 50 insertions(+), 55 deletions(-)

diff --git a/mgradm/cmd/install/podman/utils.go b/mgradm/cmd/install/podman/utils.go
index eb266d972..c35e4c78f 100644
--- a/mgradm/cmd/install/podman/utils.go
+++ b/mgradm/cmd/install/podman/utils.go
@@ -87,12 +87,8 @@ func installForPodman(
 	if err != nil {
 		return utils.Errorf(err, L("failed to compute image URL"))
 	}
-	pullArgs := []string{}
-	if inspectedHostValues.SccUsername != "" && inspectedHostValues.SccPassword != "" {
-		pullArgs = append(pullArgs, "--creds", inspectedHostValues.SccUsername+":"+inspectedHostValues.SccPassword)
-	}
 
-	preparedImage, err := shared_podman.PrepareImage(image, flags.Image.PullPolicy, pullArgs...)
+	preparedImage, err := shared_podman.PrepareImage(inspectedHostValues, image, flags.Image.PullPolicy)
 	if err != nil {
 		return err
 	}
diff --git a/mgradm/cmd/migrate/podman/utils.go b/mgradm/cmd/migrate/podman/utils.go
index 650c3b706..7095f411b 100644
--- a/mgradm/cmd/migrate/podman/utils.go
+++ b/mgradm/cmd/migrate/podman/utils.go
@@ -32,18 +32,12 @@ func migrateToPodman(globalFlags *types.GlobalFlags, flags *podmanMigrateFlags,
 		return utils.Errorf(err, L("cannot compute image"))
 	}
 
-	// FIXME all this code should be centralized. Now it being called in several different places.
 	inspectedHostValues, err := utils.InspectHost(false)
 	if err != nil {
 		return utils.Errorf(err, L("cannot inspect host values"))
 	}
 
-	pullArgs := []string{}
-	if inspectedHostValues.SccUsername != "" && inspectedHostValues.SccPassword != "" {
-		pullArgs = append(pullArgs, "--creds", inspectedHostValues.SccUsername+":"+inspectedHostValues.SccPassword)
-	}
-
-	preparedImage, err := podman_utils.PrepareImage(serverImage, flags.Image.PullPolicy, pullArgs...)
+	preparedImage, err := podman_utils.PrepareImage(inspectedHostValues, serverImage, flags.Image.PullPolicy)
 	if err != nil {
 		return err
 	}
diff --git a/mgradm/shared/podman/podman.go b/mgradm/shared/podman/podman.go
index 5c29f022d..cac81de1b 100644
--- a/mgradm/shared/podman/podman.go
+++ b/mgradm/shared/podman/podman.go
@@ -247,12 +247,7 @@ func RunPgsqlVersionUpgrade(image types.ImageFlags, upgradeImage types.ImageFlag
 			return utils.Errorf(err, L("cannot inspect host values"))
 		}
 
-		pullArgs := []string{}
-		if inspectedHostValues.SccUsername != "" && inspectedHostValues.SccPassword != "" {
-			pullArgs = append(pullArgs, "--creds", inspectedHostValues.SccUsername+":"+inspectedHostValues.SccPassword)
-		}
-
-		preparedImage, err := podman.PrepareImage(upgradeImageUrl, image.PullPolicy, pullArgs...)
+		preparedImage, err := podman.PrepareImage(inspectedHostValues, upgradeImageUrl, image.PullPolicy)
 		if err != nil {
 			return err
 		}
@@ -340,12 +335,7 @@ func Upgrade(image types.ImageFlags, upgradeImage types.ImageFlags, cocoImage ty
 		return utils.Errorf(err, L("cannot inspect host values"))
 	}
 
-	pullArgs := []string{}
-	if inspectedHostValues.SccUsername != "" && inspectedHostValues.SccPassword != "" {
-		pullArgs = append(pullArgs, "--creds", inspectedHostValues.SccUsername+":"+inspectedHostValues.SccPassword)
-	}
-
-	preparedImage, err := podman.PrepareImage(serverImage, image.PullPolicy, pullArgs...)
+	preparedImage, err := podman.PrepareImage(inspectedHostValues, serverImage, image.PullPolicy)
 	if err != nil {
 		return err
 	}
diff --git a/mgrpxy/cmd/install/podman/utils.go b/mgrpxy/cmd/install/podman/utils.go
index 667dbe363..21b197960 100644
--- a/mgrpxy/cmd/install/podman/utils.go
+++ b/mgrpxy/cmd/install/podman/utils.go
@@ -37,23 +37,28 @@ func installForPodman(globalFlags *types.GlobalFlags, flags *podman.PodmanProxyF
 		return shared_utils.Errorf(err, L("failed to extract proxy config from %s file"), configPath)
 	}
 
-	httpdImage, err := podman.GetContainerImage(&flags.ProxyImageFlags, "httpd")
+	inspectedHostValues, err := shared_utils.InspectHost(true)
+	if err != nil {
+		return shared_utils.Errorf(err, L("cannot inspect host values"))
+	}
+
+	httpdImage, err := podman.GetContainerImage(inspectedHostValues, &flags.ProxyImageFlags, "httpd")
 	if err != nil {
 		return err
 	}
-	saltBrokerImage, err := podman.GetContainerImage(&flags.ProxyImageFlags, "salt-broker")
+	saltBrokerImage, err := podman.GetContainerImage(inspectedHostValues, &flags.ProxyImageFlags, "salt-broker")
 	if err != nil {
 		return err
 	}
-	squidImage, err := podman.GetContainerImage(&flags.ProxyImageFlags, "squid")
+	squidImage, err := podman.GetContainerImage(inspectedHostValues, &flags.ProxyImageFlags, "squid")
 	if err != nil {
 		return err
 	}
-	sshImage, err := podman.GetContainerImage(&flags.ProxyImageFlags, "ssh")
+	sshImage, err := podman.GetContainerImage(inspectedHostValues, &flags.ProxyImageFlags, "ssh")
 	if err != nil {
 		return err
 	}
-	tftpdImage, err := podman.GetContainerImage(&flags.ProxyImageFlags, "tftpd")
+	tftpdImage, err := podman.GetContainerImage(inspectedHostValues, &flags.ProxyImageFlags, "tftpd")
 	if err != nil {
 		return err
 	}
diff --git a/mgrpxy/shared/podman/podman.go b/mgrpxy/shared/podman/podman.go
index f7dc969eb..b000605d5 100644
--- a/mgrpxy/shared/podman/podman.go
+++ b/mgrpxy/shared/podman/podman.go
@@ -151,19 +151,14 @@ func getHttpProxyConfig() string {
 }
 
 // GetContainerImage returns a proxy image URL.
-func GetContainerImage(flags *utils.ProxyImageFlags, name string) (string, error) {
+func GetContainerImage(
+	inspectedHostValues *shared_utils.HostInspectData,
+	flags *utils.ProxyImageFlags,
+	name string,
+) (string, error) {
 	image := flags.GetContainerImage(name)
-	inspectedHostValues, err := shared_utils.InspectHost(true)
-	if err != nil {
-		return "", shared_utils.Errorf(err, L("cannot inspect host values"))
-	}
-
-	pullArgs := []string{}
-	if inspectedHostValues.SccUsername != "" && inspectedHostValues.SccPassword != "" {
-		pullArgs = append(pullArgs, "--creds", inspectedHostValues.SccUsername+":"+inspectedHostValues.SccPassword)
-	}
 
-	preparedImage, err := podman.PrepareImage(image, flags.PullPolicy, pullArgs...)
+	preparedImage, err := podman.PrepareImage(inspectedHostValues, image, flags.PullPolicy)
 	if err != nil {
 		return "", err
 	}
@@ -220,23 +215,29 @@ func Upgrade(globalFlags *types.GlobalFlags, flags *PodmanProxyFlags, cmd *cobra
 	if err := podman.StopService(podman.ProxyService); err != nil {
 		return err
 	}
-	httpdImage, err := GetContainerImage(&flags.ProxyImageFlags, "httpd")
+
+	inspectedHostValues, err := shared_utils.InspectHost(true)
+	if err != nil {
+		return shared_utils.Errorf(err, L("cannot inspect host values"))
+	}
+
+	httpdImage, err := GetContainerImage(inspectedHostValues, &flags.ProxyImageFlags, "httpd")
 	if err != nil {
 		log.Warn().Msgf(L("cannot find httpd image: it will no be upgraded"))
 	}
-	saltBrokerImage, err := GetContainerImage(&flags.ProxyImageFlags, "salt-broker")
+	saltBrokerImage, err := GetContainerImage(inspectedHostValues, &flags.ProxyImageFlags, "salt-broker")
 	if err != nil {
 		log.Warn().Msgf(L("cannot find salt-broker image: it will no be upgraded"))
 	}
-	squidImage, err := GetContainerImage(&flags.ProxyImageFlags, "squid")
+	squidImage, err := GetContainerImage(inspectedHostValues, &flags.ProxyImageFlags, "squid")
 	if err != nil {
 		log.Warn().Msgf(L("cannot find squid image: it will no be upgraded"))
 	}
-	sshImage, err := GetContainerImage(&flags.ProxyImageFlags, "ssh")
+	sshImage, err := GetContainerImage(inspectedHostValues, &flags.ProxyImageFlags, "ssh")
 	if err != nil {
 		log.Warn().Msgf(L("cannot find ssh image: it will no be upgraded"))
 	}
-	tftpdImage, err := GetContainerImage(&flags.ProxyImageFlags, "tftpd")
+	tftpdImage, err := GetContainerImage(inspectedHostValues, &flags.ProxyImageFlags, "tftpd")
 	if err != nil {
 		log.Warn().Msgf(L("cannot find tftpd image: it will no be upgraded"))
 	}
diff --git a/shared/podman/images.go b/shared/podman/images.go
index 8508f5d15..22339062d 100644
--- a/shared/podman/images.go
+++ b/shared/podman/images.go
@@ -27,7 +27,12 @@ const rpmImageDir = "/usr/share/suse-docker-images/native/"
 // Ensure the container image is pulled or pull it if the pull policy allows it.
 //
 // Returns the image name to use. Note that it may be changed if the image has been loaded from a local RPM package.
-func PrepareImage(image string, pullPolicy string, args ...string) (string, error) {
+func PrepareImage(
+	inspectedHostValues *utils.HostInspectData,
+	image string,
+	pullPolicy string,
+	args ...string,
+) (string, error) {
 	if strings.ToLower(pullPolicy) != "always" {
 		log.Info().Msgf(L("Ensure image %s is available"), image)
 
@@ -62,7 +67,7 @@ func PrepareImage(image string, pullPolicy string, args ...string) (string, erro
 
 	if strings.ToLower(pullPolicy) != "never" {
 		log.Debug().Msgf("Pulling image %s because it is missing and pull policy is not 'never'", image)
-		return image, pullImage(image, args...)
+		return image, pullImage(inspectedHostValues, image, args...)
 	}
 
 	return image, fmt.Errorf(L("image %s is missing and cannot be fetched"), image)
@@ -203,21 +208,30 @@ func GetPulledImageName(image string) (string, error) {
 	return string(bytes.TrimSpace(out)), nil
 }
 
-func pullImage(image string, args ...string) error {
+func pullImage(inspectedHostValues *utils.HostInspectData, image string, args ...string) error {
 	if utils.ContainsUpperCase(image) {
 		return fmt.Errorf(L("%s should contains just lower case character, otherwise podman pull would fails"), image)
 	}
+
+	// Do we need to authenticate?
+
 	log.Info().Msgf(L("Running podman pull %s"), image)
 	podmanImageArgs := []string{"pull", image}
 	podmanArgs := append(podmanImageArgs, args...)
 
+	stdin := ""
+	if inspectedHostValues.SccUsername != "" && inspectedHostValues.SccPassword != "" {
+		podmanArgs = append(podmanArgs, "--creds", inspectedHostValues.SccUsername)
+		stdin = inspectedHostValues.SccPassword
+	}
+
 	loglevel := zerolog.DebugLevel
 	if len(args) > 0 {
 		loglevel = zerolog.Disabled
 		log.Debug().Msg("Additional arguments for pull command will not be shown.")
 	}
 
-	return utils.RunCmdStdMapping(loglevel, "", "podman", podmanArgs...)
+	return utils.RunCmdStdMapping(loglevel, stdin, "podman", podmanArgs...)
 }
 
 // ShowAvailableTag  returns the list of available tag for a given image.
diff --git a/shared/podman/utils.go b/shared/podman/utils.go
index 31b2c7c9c..4646c3491 100644
--- a/shared/podman/utils.go
+++ b/shared/podman/utils.go
@@ -185,12 +185,7 @@ func Inspect(serverImage string, pullPolicy string, proxyHost bool) (*utils.Serv
 		return nil, utils.Errorf(err, L("cannot inspect host values"))
 	}
 
-	pullArgs := []string{}
-	if inspectedHostValues.SccUsername != "" && inspectedHostValues.SccPassword != "" {
-		pullArgs = append(pullArgs, "--creds", inspectedHostValues.SccUsername+":"+inspectedHostValues.SccPassword)
-	}
-
-	preparedImage, err := PrepareImage(serverImage, pullPolicy, pullArgs...)
+	preparedImage, err := PrepareImage(inspectedHostValues, serverImage, pullPolicy)
 	if err != nil {
 		return nil, err
 	}