xpkg

package
v2.3.0-rc.1 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: May 14, 2026 License: Apache-2.0 Imports: 47 Imported by: 0

Documentation

Overview

Package xpkg contains functionality pertaining to Crossplane packages.

Index

Constants

View Source 
const (
	// MetaFile is the name of a Crossplane package metadata file.
	MetaFile string = "crossplane.yaml"

	// StreamFile is the name of the file in a Crossplane package image that
	// contains its YAML stream.
	StreamFile string = "package.yaml"

	// StreamFileMode determines the permissions on the stream file.
	StreamFileMode os.FileMode = 0o644

	// XpkgExtension is the extension for compiled Crossplane packages.
	XpkgExtension string = ".xpkg"

	// XpkgMatchPattern is the match pattern for identifying compiled Crossplane packages.
	XpkgMatchPattern string = "*" + XpkgExtension

	// XpkgExamplesFile is the name of the file in a Crossplane package image
	// that contains the examples YAML stream.
	XpkgExamplesFile string = ".up/examples.yaml"

	// AnnotationKey is the key value for xpkg annotations.
	AnnotationKey string = "io.crossplane.xpkg"

	// PackageAnnotation is the annotation value used for the package.yaml
	// layer.
	PackageAnnotation string = "base"

	// ExamplesAnnotation is the annotation value used for the examples.yaml
	// layer.
	// TODO(lsviben) Consider changing this to "examples". This has been preserved
	// to not break existing packages.
	ExamplesAnnotation string = "upbound"
)

Variables

This section is empty.

Functions

func AnnotateLayers 

func AnnotateLayers(i v1.Image) (v1.Image, error)

AnnotateLayers propagates labels from the supplied image's config file to annotations on its layers.

func BuildMetaScheme 

func BuildMetaScheme() (*runtime.Scheme, error)

BuildMetaScheme builds the default scheme used for identifying metadata in a Crossplane package.

func BuildObjectScheme 

func BuildObjectScheme() (*runtime.Scheme, error)

BuildObjectScheme builds the default scheme used for identifying objects in a Crossplane package.

func BuildPackageRef 

func BuildPackageRef(source, version string) string

BuildPackageRef combines a source and version into a full package reference. Uses "@" for digests (version contains ":") and ":" for tags.

func BuildPath 

func BuildPath(path, name, ext string) string

BuildPath builds a path with the provided extension.

func ExtractPackageYAML 

func ExtractPackageYAML(img v1.Image) (io.ReadCloser, error)

ExtractPackageYAML extracts the package.yaml file from an OCI image. It looks for the annotated package layer (io.crossplane.xpkg: base) and falls back to the flattened filesystem from all layers if no annotation is found, per the xpkg specification.

func FilterAndSortVersions 

func FilterAndSortVersions(tags []string) []string

FilterAndSortVersions filters tags to valid semver versions and sorts them in ascending order (oldest first).

func FindXpkgInDir 

func FindXpkgInDir(fs afero.Fs, root string) (string, error)

FindXpkgInDir finds compiled Crossplane packages in a directory.

func FriendlyID 

func FriendlyID(name, hash string) string

FriendlyID builds a valid DNS label string made up of the name of a package and its image digest.

func GzipReadCloser 

func GzipReadCloser(rc io.ReadCloser) (io.ReadCloser, error)

GzipReadCloser constructs a new gzipReadCloser from the passed file.

func IsActivationPolicy 

func IsActivationPolicy(o runtime.Object) error

IsActivationPolicy checks that an object is an ManagedResourceActivationPolicy.

func IsCRD 

func IsCRD(o runtime.Object) error

IsCRD checks that an object is a CustomResourceDefinition.

func IsComposition 

func IsComposition(o runtime.Object) error

IsComposition checks that an object is a Composition.

func IsConfiguration 

func IsConfiguration(o runtime.Object) error

IsConfiguration checks that an object is a Configuration meta type.

func IsCronOperation 

func IsCronOperation(o runtime.Object) error

IsCronOperation checks that an object is a CronOperation.

func IsFunction 

func IsFunction(o runtime.Object) error

IsFunction checks that an object is a Function meta type.

func IsMRD 

func IsMRD(o runtime.Object) error

IsMRD checks that an object is a ManagedResourceDefinition.

func IsMutatingWebhookConfiguration 

func IsMutatingWebhookConfiguration(o runtime.Object) error

IsMutatingWebhookConfiguration checks that an object is a MutatingWebhookConfiguration.

func IsOperation 

func IsOperation(o runtime.Object) error

IsOperation checks that an object is an Operation.

func IsProvider 

func IsProvider(o runtime.Object) error

IsProvider checks that an object is a Provider meta type.

func IsValidatingWebhookConfiguration 

func IsValidatingWebhookConfiguration(o runtime.Object) error

IsValidatingWebhookConfiguration checks that an object is a ValidatingWebhookConfiguration.

func IsWatchOperation 

func IsWatchOperation(o runtime.Object) error

IsWatchOperation checks that an object is a WatchOperation.

func IsXRD 

func IsXRD(o runtime.Object) error

IsXRD checks that an object is a CompositeResourceDefinition.

func JoinedReadCloser 

func JoinedReadCloser(r io.Reader, c io.Closer) io.ReadCloser

JoinedReadCloser constructs a new joinedReadCloser from the passed reader and closer.

func Label 

func Label(annotation string) string

Label constructs a specially formated label using the annotationKey.

func Layer 

func Layer(r io.Reader, fileName, annotation string, fileSize int64, mode os.FileMode, cfg *v1.Config) (v1.Layer, error)

Layer creates a v1.Layer that represents the layer contents for the xpkg and adds a corresponding label to the image Config for the layer.

func NewConfigurationLinter 

func NewConfigurationLinter() parser.Linter

NewConfigurationLinter is a convenience function for creating a package linter for configurations.

func NewFunctionLinter 

func NewFunctionLinter() parser.Linter

NewFunctionLinter is a convenience function for creating a package linter for functions.

func NewProviderLinter 

func NewProviderLinter() parser.Linter

NewProviderLinter is a convenience function for creating a package linter for providers.

func OneMeta 

func OneMeta(pkg parser.Lintable) error

OneMeta checks that there is only one meta object in the package.

func PackageCrossplaneCompatible 

func PackageCrossplaneCompatible(v version.Operations) parser.ObjectLinterFn

PackageCrossplaneCompatible checks that the current Crossplane version is compatible with the package constraints.

func PackageValidSemver 

func PackageValidSemver(o runtime.Object) error

PackageValidSemver checks that the package uses valid semver ranges.

func ParseNameFromMeta 

func ParseNameFromMeta(fs afero.Fs, path string) (string, error)

ParseNameFromMeta extracts the package name from its meta file.

func ParsePackageSourceFromReference 

func ParsePackageSourceFromReference(ref name.Reference) string

ParsePackageSourceFromReference parses a package source from an OCI image reference. A source is defined as an OCI image reference with the identifier (tag or digest) stripped and no other changes to the original reference source. This is necessary because go-containerregistry will convert docker.io to index.docker.io for backwards compatibility before pulling an image. We do not want to do that in cases where we are not pulling an image because it breaks comparison with dependencies defined in a Configuration manifest.

func ReplaceExt 

func ReplaceExt(path, ext string) string

ReplaceExt replaces the file extension of the given path.

func SkipContains 

func SkipContains(pattern string) parser.FilterFn

SkipContains supplies a FilterFn that skips paths that contain the give pattern.

func TeeReadCloser 

func TeeReadCloser(r io.ReadCloser, w io.WriteCloser) io.ReadCloser

TeeReadCloser constructs a teeReadCloser from the passed reader and writer.

func ToDNSLabel 

func ToDNSLabel(s string) string

ToDNSLabel converts the string to a valid DNS label.

func TryConvert 

func TryConvert(obj runtime.Object, candidates ...conversion.Hub) (runtime.Object, bool)

TryConvert converts the supplied object to the first supplied candidate that does not return an error. Returns the converted object and true when conversion succeeds, or the original object and false if it does not.

func TryConvertToPkg 

func TryConvertToPkg(obj runtime.Object, candidates ...conversion.Hub) (pkgmetav1.Pkg, bool)

TryConvertToPkg converts the supplied object to a pkgmeta.Pkg, if possible.

Types

type BuildOpt 

type BuildOpt func(*buildOpts)

A BuildOpt modifies how a package is built.

func WithBase 

func WithBase(img v1.Image) BuildOpt

WithBase sets the base image of the package.

type Builder 

type Builder struct {
	// contains filtered or unexported fields
}

Builder defines an xpkg Builder.

func New 

func New(packageSource, exampleSource parser.Backend, packageParser parser.Parser, examplesParser *examples.Parser) *Builder

New returns a new Builder.

func (*Builder) Build 

func (b *Builder) Build(ctx context.Context, opts ...BuildOpt) (v1.Image, runtime.Object, error)

Build compiles a Crossplane package from an on-disk package.

type CachedClient 

type CachedClient struct {
	// contains filtered or unexported fields
}

CachedClient implements Client with caching support.

func NewCachedClient 

func NewCachedClient(f Fetcher, p parser.Parser, c PackageCache, s ConfigStore, v signature.Validator) *CachedClient

NewCachedClient creates a new package client.

func (*CachedClient) Get 

func (c *CachedClient) Get(ctx context.Context, ref string, opts ...GetOption) (*Package, error)

Get fetches and parses a complete package.

func (*CachedClient) ListVersions 

func (c *CachedClient) ListVersions(ctx context.Context, source string, opts ...GetOption) ([]string, error)

ListVersions returns available versions for a package source.

type Client 

type Client interface {
	// Get fetches and parses a complete package from the given reference.
	// The ref parameter is a package reference (e.g.,
	// "registry.io/org/package:v1.0.0" or "registry.io/org/package@sha256:...").
	//
	// Caching and ImageConfig path rewriting are handled transparently.
	Get(ctx context.Context, ref string, opts ...GetOption) (*Package, error)

	// ListVersions returns available versions for a package source.
	// The source parameter is the package path without tag/digest
	// (e.g., "registry.io/org/package").
	//
	// Honors ImageConfig path rewriting when listing versions.
	ListVersions(ctx context.Context, source string, opts ...GetOption) ([]string, error)
}

Client is a client for fetching and parsing Crossplane packages.

type ConfigStore 

type ConfigStore interface {
	// PullSecretFor returns the name of the selected image config and
	// name of the pull secret for a given image.
	PullSecretFor(ctx context.Context, image string) (imageConfig, pullSecret string, err error)
	// ImageVerificationConfigFor returns the ImageConfig for a given image.
	ImageVerificationConfigFor(ctx context.Context, image string) (imageConfig string, iv *v1beta1.ImageVerification, err error)
	// RewritePath returns the name of the selected image config and the
	// rewritten path of the given image based on that config.
	RewritePath(ctx context.Context, image string) (imageConfig, newPath string, err error)
	// RuntimeConfigFor returns the name of the selected image config and the
	// runtime config for a given image.
	RuntimeConfigFor(ctx context.Context, image string) (imageConfig string, runtimeConfig *v1beta1.ImageRuntime, err error)
}

ConfigStore is a store for image configuration.

func NewImageConfigStore 

func NewImageConfigStore(client client.Client, namespace string, opts ...ImageConfigStoreOption) ConfigStore

NewImageConfigStore creates a new image configuration store.

type Fetcher 

type Fetcher interface {
	Fetch(ctx context.Context, ref name.Reference, secrets ...string) (v1.Image, error)
	Head(ctx context.Context, ref name.Reference, secrets ...string) (*v1.Descriptor, error)
	Tags(ctx context.Context, ref name.Reference, secrets ...string) ([]string, error)
}

Fetcher fetches package images.

type FetcherOpt 

type FetcherOpt func(k *K8sFetcher) error

FetcherOpt can be used to add optional parameters to NewK8sFetcher.

func WithCustomCA 

func WithCustomCA(rootCAs *x509.CertPool) FetcherOpt

WithCustomCA is a FetcherOpt that can be used to add a custom CA bundle to a K8sFetcher.

func WithNamespace 

func WithNamespace(ns string) FetcherOpt

WithNamespace is a FetcherOpt that sets the Namespace for fetching package pull secrets.

func WithServiceAccount 

func WithServiceAccount(sa string) FetcherOpt

WithServiceAccount is a FetcherOpt that sets the ServiceAccount name for fetching package pull secrets.

func WithUserAgent 

func WithUserAgent(userAgent string) FetcherOpt

WithUserAgent is a FetcherOpt that can be used to set the user agent on all HTTP requests.

type FsPackageCache 

type FsPackageCache struct {
	// contains filtered or unexported fields
}

FsPackageCache stores and retrieves package content in a filesystem-backed cache in a thread-safe manner.

func NewFsPackageCache 

func NewFsPackageCache(dir string, fs afero.Fs) *FsPackageCache

NewFsPackageCache creates a new FsPackageCache.

func (*FsPackageCache) Delete 

func (c *FsPackageCache) Delete(id string) error

Delete removes package contents from the cache.

func (*FsPackageCache) Get 

func (c *FsPackageCache) Get(id string) (io.ReadCloser, error)

Get retrieves package contents from the cache.

func (*FsPackageCache) Has 

func (c *FsPackageCache) Has(id string) bool

Has indicates whether an item with the given id is in the cache.

func (*FsPackageCache) Store 

func (c *FsPackageCache) Store(id string, content io.ReadCloser) error

Store saves the package contents to the cache.

type GetConfig 

type GetConfig struct {
	// contains filtered or unexported fields
}

GetConfig configures the client's Get method.

type GetOption 

type GetOption func(*GetConfig)

GetOption configures per-request package fetching behavior.

func WithPullPolicy 

func WithPullPolicy(policy corev1.PullPolicy) GetOption

WithPullPolicy specifies when to fetch from the registry vs use cache. Default is IfNotPresent.

func WithPullSecrets 

func WithPullSecrets(secrets ...string) GetOption

WithPullSecrets specifies secrets for authenticating to private registries. These are combined with any pull secrets from ImageConfig.

type ImageConfig 

type ImageConfig struct {
	Name   string
	Reason ImageConfigReason
}

ImageConfig represents an ImageConfig that was applied during package fetch.

type ImageConfigReason 

type ImageConfigReason string

ImageConfigReason describes why an ImageConfig was applied. 

const (
	// ImageConfigReasonRewrite indicates the ImageConfig rewrote the image
	// path.
	ImageConfigReasonRewrite ImageConfigReason = "RewriteImage"

	// ImageConfigReasonSetPullSecret indicates the ImageConfig provided a
	// pull secret.
	ImageConfigReasonSetPullSecret ImageConfigReason = "SetImagePullSecret"

	// ImageConfigReasonVerify indicates the ImageConfig provided signature
	// verification config.
	ImageConfigReasonVerify ImageConfigReason = "VerifyImage"
)

func SupportedImageConfigs 

func SupportedImageConfigs() []ImageConfigReason

SupportedImageConfigs returns the ImageConfigReasons that Client may return. Callers tracking applied ImageConfigs should clear all of these before setting the ones returned by Client.Get, to handle the case where a previously-applied ImageConfig no longer matches.

type ImageConfigStore 

type ImageConfigStore struct {
	// contains filtered or unexported fields
}

ImageConfigStore is a store for image configuration.

func (*ImageConfigStore) ImageVerificationConfigFor 

func (s *ImageConfigStore) ImageVerificationConfigFor(ctx context.Context, image string) (imageConfig string, iv *v1beta1.ImageVerification, err error)

ImageVerificationConfigFor returns the ImageConfig for a given image.

func (*ImageConfigStore) PullSecretFor 

func (s *ImageConfigStore) PullSecretFor(ctx context.Context, image string) (imageConfig, pullSecret string, err error)

PullSecretFor returns the pull secret name for a given image as well as the name of the ImageConfig resource that contains the pull secret.

func (*ImageConfigStore) RewritePath 

func (s *ImageConfigStore) RewritePath(ctx context.Context, image string) (imageConfig, newPath string, err error)

RewritePath returns the name of the selected image config and the rewritten path of the given image based on that config.

func (*ImageConfigStore) RuntimeConfigFor 

func (s *ImageConfigStore) RuntimeConfigFor(ctx context.Context, image string) (imageConfig string, runtimeConfig *v1beta1.ImageRuntime, err error)

RuntimeConfigFor returns the name of the selected image config and the runtime config for a given image.

type ImageConfigStoreOption 

type ImageConfigStoreOption func(*ImageConfigStore)

ImageConfigStoreOption is an option for image configuration store.

type K8sFetcher 

type K8sFetcher struct {
	// contains filtered or unexported fields
}

K8sFetcher uses kubernetes credentials to fetch package images.

func NewK8sFetcher 

func NewK8sFetcher(client kubernetes.Interface, opts ...FetcherOpt) (*K8sFetcher, error)

NewK8sFetcher creates a new K8sFetcher.

func (*K8sFetcher) Fetch 

func (i *K8sFetcher) Fetch(ctx context.Context, ref name.Reference, secrets ...string) (v1.Image, error)

Fetch fetches a package image.

func (*K8sFetcher) Head 

func (i *K8sFetcher) Head(ctx context.Context, ref name.Reference, secrets ...string) (*v1.Descriptor, error)

Head fetches a package descriptor.

func (*K8sFetcher) Tags 

func (i *K8sFetcher) Tags(ctx context.Context, ref name.Reference, secrets ...string) ([]string, error)

Tags fetches a package's tags.

type NopCache 

type NopCache struct{}

NopCache is a cache implementation that does not store anything and always returns an error on get.

func NewNopCache 

func NewNopCache() *NopCache

NewNopCache creates a new NopCache.

func (*NopCache) Delete 

func (c *NopCache) Delete(string) error

Delete removes content from the NopCache.

func (*NopCache) Get 

func (c *NopCache) Get(string) (io.ReadCloser, error)

Get retrieves content from the NopCache.

func (*NopCache) Has 

func (c *NopCache) Has(string) bool

Has indicates whether content is in the NopCache.

func (*NopCache) Store 

func (c *NopCache) Store(string, io.ReadCloser) error

Store saves content to the NopCache.

type NopFetcher 

type NopFetcher struct{}

NopFetcher always returns an empty image and never returns error.

func NewNopFetcher 

func NewNopFetcher() *NopFetcher

NewNopFetcher creates a new NopFetcher.

func (*NopFetcher) Fetch 

func (n *NopFetcher) Fetch(_ context.Context, _ name.Reference, _ ...string) (v1.Image, error)

Fetch fetches an empty image and does not return error.

func (*NopFetcher) Head 

func (n *NopFetcher) Head(_ context.Context, _ name.Reference, _ ...string) (*v1.Descriptor, error)

Head returns a nil descriptor and does not return error.

func (*NopFetcher) Tags 

func (n *NopFetcher) Tags(_ context.Context, _ name.Reference, _ ...string) ([]string, error)

Tags returns a nil slice and does not return error.

type Package 

type Package struct {
	*parser.Package

	// Digest is the immutable content identifier (sha256 from OCI image).
	Digest string

	// Version is the package version, either a semver tag (v1.0.0) or digest
	// (sha256:abc123). This is extracted from the original reference used to
	// fetch the package.
	Version string

	// Source is the package source without tag/digest, normalized.
	// This is the ORIGINAL source before any ImageConfig rewriting.
	Source string

	// ResolvedVersion is the package version after ImageConfig rewriting.
	// May differ from Version if an ImageConfig rewrote the tag/digest.
	ResolvedVersion string

	// ResolvedSource is the source after ImageConfig path rewriting.
	// May be the same as Source if no rewriting occurred.
	ResolvedSource string

	// AppliedImageConfigs tracks which ImageConfigs were applied during fetch.
	AppliedImageConfigs []ImageConfig
}

Package represents a successfully fetched package with all its content.

func (*Package) DigestHex 

func (p *Package) DigestHex() string

DigestHex returns the hex string of the digest without the algorithm prefix. Returns empty string if the digest cannot be parsed.

func (*Package) GetDependencies 

func (p *Package) GetDependencies() []pkgmetav1.Dependency

GetDependencies returns the package dependencies from metadata. Returns nil if metadata cannot be extracted.

func (*Package) GetMeta 

func (p *Package) GetMeta() pkgmetav1.Pkg

GetMeta returns the package metadata object. Returns nil if the package doesn't contain exactly one metadata object.

func (*Package) Ref 

func (p *Package) Ref() string

Ref returns the full original package reference (Source + Version).

func (*Package) ResolvedRef 

func (p *Package) ResolvedRef() string

ResolvedRef returns the full resolved package reference after ImageConfig rewriting (ResolvedSource + ResolvedVersion).

type PackageCache 

type PackageCache interface {
	Has(id string) bool
	Get(id string) (io.ReadCloser, error)
	Store(id string, content io.ReadCloser) error
	Delete(id string) error
}

A PackageCache caches package content.

type Validator 

type Validator parser.Linter

Validator validates packages before installation is attempted.

func NewConfigurationValidator 

func NewConfigurationValidator() Validator

NewConfigurationValidator is a convenience function for creating a package validator for configurations.

func NewFunctionValidator 

func NewFunctionValidator() Validator

NewFunctionValidator is a convenience function for creating a package validator for functions.

func NewProviderValidator 

func NewProviderValidator() Validator

NewProviderValidator is a convenience function for creating a package validator for providers.

Source Files

View all Source files

Directories

Path Synopsis
Package fake contains mock Crossplane package implementations.
 Package fake contains mock Crossplane package implementations.
Package parser implements a parser for Crossplane packages.
 Package parser implements a parser for Crossplane packages.
examples
Package examples contains utilities for parsing examples.
 Package examples contains utilities for parsing examples.
yaml
Package yaml contains utilities for reading yaml packages.
 Package yaml contains utilities for reading yaml packages.
Package signature implements image signature verification for Crossplane packages.
 Package signature implements image signature verification for Crossplane packages.

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.