feat(packager): make packager2.Pull public (#3773)

Signed-off-by: Kit Patella <[email protected]>

Author: mkcp

src/cmd/package.go

@@ -1075,6 +1075,7 @@ func newPackagePullCommand(v *viper.Viper) *cobra.Command {
 }
 
 func (o *packagePullOptions) run(cmd *cobra.Command, args []string) error {
+	srcURL := args[0]
 	outputDir := pkgConfig.PullOpts.OutputDirectory
 	if outputDir == "" {
 		wd, err := os.Getwd()
@@ -1083,7 +1084,11 @@ func (o *packagePullOptions) run(cmd *cobra.Command, args []string) error {
 		}
 		outputDir = wd
 	}
-	err := packager2.Pull(cmd.Context(), args[0], outputDir, pkgConfig.PkgOpts.Shasum, config.GetArch(), filters.Empty(), pkgConfig.PkgOpts.PublicKeyPath, pkgConfig.PkgOpts.SkipSignatureValidation)
+	err := packager.Pull(cmd.Context(), srcURL, outputDir, packager.PullOptions{
+		SHASum:                  pkgConfig.PkgOpts.Shasum,
+		SkipSignatureValidation: pkgConfig.PkgOpts.SkipSignatureValidation,
+		PublicKeyPath:           pkgConfig.PkgOpts.PublicKeyPath,
+	})
 	if err != nil {
 		return err
 	}

src/internal/packager2/pull.go

@@ -32,45 +32,69 @@ import (
 	"github.com/zarf-dev/zarf/src/pkg/zoci"
 )
 
-// TODO: Add options struct
-// Pull fetches the Zarf package from the given sources.
-func Pull(ctx context.Context, src, dir, shasum, architecture string, filter filters.ComponentFilterStrategy, publicKeyPath string, skipSignatureValidation bool) error {
-	if filter == nil {
-		filter = filters.Empty()
-	}
+// PullOptions declares optional configuration for a Pull operation.
+type PullOptions struct {
+	// SHASum uniquely identifies a package based on its contents.
+	SHASum string
+	// SkipSignatureValidation flags whether Pull should skip validating the signature.
+	SkipSignatureValidation bool
+	// Architecture is the package architecture.
+	Architecture string
+	// Filters describes a Filter strategy to include or exclude certain components from the package.
+	Filters filters.ComponentFilterStrategy
+	// PublicKeyPath validates the create-time signage of a package.
+	PublicKeyPath string
+}
+
+// Pull takes a source URL and destination directory and fetches the Zarf package from the given sources.
+func Pull(ctx context.Context, source, destination string, opts PullOptions) error {
 	l := logger.From(ctx)
 	start := time.Now()
-	u, err := url.Parse(src)
+
+	// ensure filters are set
+	f := opts.Filters
+	if f == nil {
+		f = filters.Empty()
+	}
+	// ensure architecture is set
+	arch := config.GetArch(opts.Architecture)
+
+	u, err := url.Parse(source)
 	if err != nil {
 		return err
 	}
+	if destination == "" {
+		return fmt.Errorf("no output directory specified")
+	}
 	if u.Scheme == "" {
 		return errors.New("scheme must be either oci:// or http(s)://")
 	}
 	if u.Host == "" {
 		return errors.New("host cannot be empty")
 	}
-	// ensure architecture is set
-	architecture = config.GetArch(architecture)
 
 	tmpDir, err := utils.MakeTempDir(config.CommonOptions.TempDirectory)
 	if err != nil {
 		return err
 	}
-	defer os.Remove(tmpDir)
+	defer func() {
+		if rErr := os.Remove(tmpDir); rErr != nil {
+			err = fmt.Errorf("cleanup failed: %w", rErr)
+		}
+	}()
 	tmpPath := ""
 
 	isPartial := false
 	switch u.Scheme {
 	case "oci":
-		l.Info("starting pull from oci source", "src", src)
-		isPartial, tmpPath, err = pullOCI(ctx, src, tmpDir, shasum, architecture, filter)
+		l.Info("starting pull from oci source", "source", source)
+		isPartial, tmpPath, err = pullOCI(ctx, source, tmpDir, opts.SHASum, arch, f)
 		if err != nil {
 			return err
 		}
 	case "http", "https":
-		l.Info("starting pull from http(s) source", "src", src, "digest", shasum)
-		tmpPath, err = pullHTTP(ctx, src, tmpDir, shasum)
+		l.Info("starting pull from http(s) source", "src", source, "digest", opts.SHASum)
+		tmpPath, err = pullHTTP(ctx, source, tmpDir, opts.SHASum)
 		if err != nil {
 			return err
 		}
@@ -80,10 +104,10 @@ func Pull(ctx context.Context, src, dir, shasum, architecture string, filter fil
 
 	// This loadFromTar is done so that validatePackageIntegrtiy and validatePackageSignature are called
 	layoutOpt := layout.PackageLayoutOptions{
-		PublicKeyPath:           publicKeyPath,
-		SkipSignatureValidation: skipSignatureValidation,
+		PublicKeyPath:           opts.PublicKeyPath,
+		SkipSignatureValidation: opts.SkipSignatureValidation,
 		IsPartial:               isPartial,
-		Filter:                  filter,
+		Filter:                  f,
 	}
 	_, err = layout.LoadFromTar(ctx, tmpPath, layoutOpt)
 	if err != nil {
@@ -94,7 +118,7 @@ func Pull(ctx context.Context, src, dir, shasum, architecture string, filter fil
 	if err != nil {
 		return err
 	}
-	tarPath := filepath.Join(dir, name)
+	tarPath := filepath.Join(destination, name)
 	err = os.Remove(tarPath)
 	if err != nil && !errors.Is(err, os.ErrNotExist) {
 		return err
@@ -103,18 +127,23 @@ func Pull(ctx context.Context, src, dir, shasum, architecture string, filter fil
 	if err != nil {
 		return err
 	}
-	defer dstFile.Close()
+	defer func() {
+		if dstErr := dstFile.Close(); dstErr != nil {
+			err = fmt.Errorf("unable to cleanup: %w", dstErr)
+		}
+	}()
 	srcFile, err := os.Open(tmpPath)
 	if err != nil {
 		return err
 	}
+	// TODO(mkcp): add to error chain
 	defer srcFile.Close()
 	_, err = io.Copy(dstFile, srcFile)
 	if err != nil {
 		return err
 	}
 
-	l.Debug("done packager2.Pull", "src", src, "dir", dir, "duration", time.Since(start))
+	l.Debug("done packager2.Pull", "source", source, "destination", destination, "duration", time.Since(start))
 	return nil
 }
 

src/internal/packager2/pull_test.go

@@ -14,7 +14,6 @@ import (
 	"github.com/defenseunicorns/pkg/oci"
 	ocispec "github.com/opencontainers/image-spec/specs-go/v1"
 	"github.com/stretchr/testify/require"
-	"github.com/zarf-dev/zarf/src/pkg/packager/filters"
 	"github.com/zarf-dev/zarf/src/pkg/zoci"
 	"github.com/zarf-dev/zarf/src/test/testutil"
 )
@@ -38,8 +37,10 @@ func TestPull(t *testing.T) {
 	})
 
 	dir := t.TempDir()
-	shasum := "f9b15b1bc0f760a87bad68196b339a8ce8330e3a0241191a826a8962a88061f1"
-	err := Pull(ctx, srv.URL, dir, shasum, "amd64", filters.Empty(), "", false)
+	err := Pull(ctx, srv.URL, dir, PullOptions{
+		SHASum:       "f9b15b1bc0f760a87bad68196b339a8ce8330e3a0241191a826a8962a88061f1",
+		Architecture: "amd64",
+	})
 	require.NoError(t, err)
 
 	packageData, err := os.ReadFile(packagePath)
@@ -69,8 +70,10 @@ func TestPullUncompressed(t *testing.T) {
 	})
 
 	dir := t.TempDir()
-	shasum := "a118a4d306acc5dd4eab2c161e78fa3dfd1e08ae1e1794a4393be98c79257f5c"
-	err := Pull(ctx, srv.URL, dir, shasum, "amd64", filters.Empty(), "", false)
+	err := Pull(ctx, srv.URL, dir, PullOptions{
+		SHASum:       "a118a4d306acc5dd4eab2c161e78fa3dfd1e08ae1e1794a4393be98c79257f5c",
+		Architecture: "amd64",
+	})
 	require.NoError(t, err)
 
 	packageData, err := os.ReadFile(packagePath)
@@ -100,8 +103,10 @@ func TestPullUnsupported(t *testing.T) {
 	})
 
 	dir := t.TempDir()
-	shasum := "6e9dccce07ba9d3c45b7c872fae863c5415d296fd5e2fb72a2583530aa750ccd"
-	err := Pull(ctx, srv.URL, dir, shasum, "amd64", filters.Empty(), "", false)
+	err := Pull(ctx, srv.URL, dir, PullOptions{
+		SHASum:       "6e9dccce07ba9d3c45b7c872fae863c5415d296fd5e2fb72a2583530aa750ccd",
+		Architecture: "amd64",
+	})
 	require.EqualError(t, err, "unsupported file type: .txt", "unsupported file type: .txt")
 }
 

src/pkg/packager/pull.go

@@ -6,19 +6,31 @@ package packager
 
 import (
 	"context"
-	"fmt"
+	"github.com/zarf-dev/zarf/src/internal/packager2"
+	"github.com/zarf-dev/zarf/src/pkg/packager/filters"
 )
 
-// Pull pulls a Zarf package and saves it as a compressed tarball.
-func (p *Packager) Pull(ctx context.Context) error {
-	if p.cfg.PkgOpts.OptionalComponents != "" {
-		return fmt.Errorf("pull does not support optional components")
-	}
-
-	_, err := p.source.Collect(ctx, p.cfg.PullOpts.OutputDirectory)
-	if err != nil {
-		return err
-	}
+// PullOptions declares optional configuration for a Pull operation.
+type PullOptions struct {
+	// SHASum uniquely identifies a package based on its contents.
+	SHASum string
+	// SkipSignatureValidation flags whether Pull should skip validating the signature.
+	SkipSignatureValidation bool
+	// Architecture is the package architecture.
+	Architecture string
+	// Filters describes a Filter strategy to include or exclude certain components from the package.
+	Filters filters.ComponentFilterStrategy
+	// PublicKeyPath validates the create-time signage of a package.
+	PublicKeyPath string
+}
 
-	return nil
+// Pull takes a source URL and destination directory and fetches the Zarf package from the given sources.
+func Pull(ctx context.Context, source, destination string, opts PullOptions) error {
+	return packager2.Pull(ctx, source, destination, packager2.PullOptions{
+		SHASum:                  opts.SHASum,
+		SkipSignatureValidation: opts.SkipSignatureValidation,
+		Architecture:            opts.Architecture,
+		Filters:                 opts.Filters,
+		PublicKeyPath:           opts.PublicKeyPath,
+	})
 }