feat: replace docker client code with oras - take 2 (#1184)

<!-- markdownlint-disable MD041 -->
#### What this PR does / why we need it

Closes open-component-model/ocm-project#302

#### Which issue(s) this PR fixes
<!--
Usage: `Fixes #<issue number>`, or `Fixes (paste link of issue)`.
-->

---------

Signed-off-by: Gergely Brautigam <182850+Skarlso@users.noreply.github.com>
Co-authored-by: Jakob Möller <jakob.moeller@sap.com>

api/oci/extensions/repositories/ocireg/blobs.go

@@ -10,7 +10,7 @@ import (
 
 	"ocm.software/ocm/api/oci/cpi"
 	"ocm.software/ocm/api/oci/extensions/attrs/cacheattr"
-	"ocm.software/ocm/api/tech/docker/resolve"
+	"ocm.software/ocm/api/tech/oras"
 	"ocm.software/ocm/api/utils/accessio"
 	"ocm.software/ocm/api/utils/blobaccess/blobaccess"
 )
@@ -23,20 +23,20 @@ type BlobContainer interface {
 
 type blobContainer struct {
 	accessio.StaticAllocatable
-	fetcher resolve.Fetcher
-	pusher  resolve.Pusher
+	fetcher oras.Fetcher
+	pusher  oras.Pusher
 	mime    string
 }
 
 type BlobContainers struct {
 	lock    sync.Mutex
 	cache   accessio.BlobCache
-	fetcher resolve.Fetcher
-	pusher  resolve.Pusher
+	fetcher oras.Fetcher
+	pusher  oras.Pusher
 	mimes   map[string]BlobContainer
 }
 
-func NewBlobContainers(ctx cpi.Context, fetcher remotes.Fetcher, pusher resolve.Pusher) *BlobContainers {
+func NewBlobContainers(ctx cpi.Context, fetcher remotes.Fetcher, pusher oras.Pusher) *BlobContainers {
 	return &BlobContainers{
 		cache:   cacheattr.Get(ctx),
 		fetcher: fetcher,
@@ -73,15 +73,15 @@ func (c *BlobContainers) Release() error {
 	return list.Result()
 }
 
-func newBlobContainer(mime string, fetcher resolve.Fetcher, pusher resolve.Pusher) *blobContainer {
+func newBlobContainer(mime string, fetcher oras.Fetcher, pusher oras.Pusher) *blobContainer {
 	return &blobContainer{
 		mime:    mime,
 		fetcher: fetcher,
 		pusher:  pusher,
 	}
 }
 
-func NewBlobContainer(cache accessio.BlobCache, mime string, fetcher resolve.Fetcher, pusher resolve.Pusher) (BlobContainer, error) {
+func NewBlobContainer(cache accessio.BlobCache, mime string, fetcher oras.Fetcher, pusher oras.Pusher) (BlobContainer, error) {
 	c := newBlobContainer(mime, fetcher, pusher)
 
 	if cache == nil {

api/oci/extensions/repositories/ocireg/namespace.go

@@ -12,7 +12,7 @@ import (
 	"ocm.software/ocm/api/oci/cpi"
 	"ocm.software/ocm/api/oci/cpi/support"
 	"ocm.software/ocm/api/oci/extensions/actions/oci-repository-prepare"
-	"ocm.software/ocm/api/tech/docker/resolve"
+	"ocm.software/ocm/api/tech/oras"
 	"ocm.software/ocm/api/utils/accessio"
 	"ocm.software/ocm/api/utils/blobaccess/blobaccess"
 	"ocm.software/ocm/api/utils/logging"
@@ -22,10 +22,10 @@ import (
 type NamespaceContainer struct {
 	impl     support.NamespaceAccessImpl
 	repo     *RepositoryImpl
-	resolver resolve.Resolver
-	lister   resolve.Lister
-	fetcher  resolve.Fetcher
-	pusher   resolve.Pusher
+	resolver oras.Resolver
+	lister   oras.Lister
+	fetcher  oras.Fetcher
+	pusher   oras.Pusher
 	blobs    *BlobContainers
 	checked  bool
 }
@@ -69,7 +69,7 @@ func (n *NamespaceContainer) SetImplementation(impl support.NamespaceAccessImpl)
 	n.impl = impl
 }
 
-func (n *NamespaceContainer) getPusher(vers string) (resolve.Pusher, error) {
+func (n *NamespaceContainer) getPusher(vers string) (oras.Pusher, error) {
 	err := n.assureCreated()
 	if err != nil {
 		return nil, err

api/oci/extensions/repositories/ocireg/repository.go

@@ -8,18 +8,18 @@ import (
 	"path"
 	"strings"
 
-	"github.com/containerd/containerd/remotes/docker/config"
 	"github.com/containerd/errdefs"
 	"github.com/mandelsoft/goutils/errors"
 	"github.com/mandelsoft/logging"
+	"oras.land/oras-go/v2/registry/remote/auth"
+	"oras.land/oras-go/v2/registry/remote/retry"
 
 	"ocm.software/ocm/api/credentials"
 	"ocm.software/ocm/api/datacontext/attrs/rootcertsattr"
 	"ocm.software/ocm/api/oci/artdesc"
 	"ocm.software/ocm/api/oci/cpi"
-	"ocm.software/ocm/api/tech/docker"
-	"ocm.software/ocm/api/tech/docker/resolve"
 	"ocm.software/ocm/api/tech/oci/identity"
+	"ocm.software/ocm/api/tech/oras"
 	"ocm.software/ocm/api/utils"
 	ocmlog "ocm.software/ocm/api/utils/logging"
 	"ocm.software/ocm/api/utils/refmgmt"
@@ -114,7 +114,7 @@ func (r *RepositoryImpl) getCreds(comp string) (credentials.Credentials, error)
 	return identity.GetCredentials(r.GetContext(), r.info.Locator, comp)
 }
 
-func (r *RepositoryImpl) getResolver(comp string) (resolve.Resolver, error) {
+func (r *RepositoryImpl) getResolver(comp string) (oras.Resolver, error) {
 	creds, err := r.getCreds(comp)
 	if err != nil {
 		if !errors.IsErrUnknownKind(err, credentials.KIND_CONSUMER) {
@@ -126,57 +126,53 @@ func (r *RepositoryImpl) getResolver(comp string) (resolve.Resolver, error) {
 		logger.Trace("no credentials")
 	}
 
-	opts := docker.ResolverOptions{
-		Hosts: docker.ConvertHosts(config.ConfigureHosts(context.Background(), config.HostOptions{
-			UpdateClient: func(client *http.Client) error {
-				// copy from http.DefaultTransport with a roundtripper injection
-				client.Transport = ocmlog.NewRoundTripper(client.Transport, logger)
-				return nil
-			},
-			Credentials: func(host string) (string, string, error) {
+	authCreds := auth.Credential{}
+	if creds != nil {
+		pass := creds.GetProperty(credentials.ATTR_IDENTITY_TOKEN)
+		if pass == "" {
+			pass = creds.GetProperty(credentials.ATTR_PASSWORD)
+		}
+		authCreds.Username = creds.GetProperty(credentials.ATTR_USERNAME)
+		authCreds.Password = pass
+	}
+
+	client := retry.DefaultClient
+	client.Transport = ocmlog.NewRoundTripper(retry.DefaultClient.Transport, logger)
+	if r.info.Scheme == "https" {
+		// set up TLS
+		//nolint:gosec // used like the default, there are OCI servers (quay.io) not working with min version.
+		conf := &tls.Config{
+			// MinVersion: tls.VersionTLS13,
+			RootCAs: func() *x509.CertPool {
+				var rootCAs *x509.CertPool
 				if creds != nil {
-					p := creds.GetProperty(credentials.ATTR_IDENTITY_TOKEN)
-					if p == "" {
-						p = creds.GetProperty(credentials.ATTR_PASSWORD)
-					}
-					pw := ""
-					if p != "" {
-						pw = "***"
+					c := creds.GetProperty(credentials.ATTR_CERTIFICATE_AUTHORITY)
+					if c != "" {
+						rootCAs = x509.NewCertPool()
+						rootCAs.AppendCertsFromPEM([]byte(c))
 					}
-					logger.Trace("query credentials", ocmlog.ATTR_USER, creds.GetProperty(credentials.ATTR_USERNAME), "pass", pw)
-					return creds.GetProperty(credentials.ATTR_USERNAME), p, nil
 				}
-				logger.Trace("no credentials")
-				return "", "", nil
-			},
-			DefaultScheme: r.info.Scheme,
-			//nolint:gosec // used like the default, there are OCI servers (quay.io) not working with min version.
-			DefaultTLS: func() *tls.Config {
-				if r.info.Scheme == "http" {
-					return nil
-				}
-				return &tls.Config{
-					// MinVersion: tls.VersionTLS13,
-					RootCAs: func() *x509.CertPool {
-						var rootCAs *x509.CertPool
-						if creds != nil {
-							c := creds.GetProperty(credentials.ATTR_CERTIFICATE_AUTHORITY)
-							if c != "" {
-								rootCAs = x509.NewCertPool()
-								rootCAs.AppendCertsFromPEM([]byte(c))
-							}
-						}
-						if rootCAs == nil {
-							rootCAs = rootcertsattr.Get(r.GetContext()).GetRootCertPool(true)
-						}
-						return rootCAs
-					}(),
+				if rootCAs == nil {
+					rootCAs = rootcertsattr.Get(r.GetContext()).GetRootCertPool(true)
 				}
+				return rootCAs
 			}(),
-		})),
+		}
+		client.Transport = ocmlog.NewRoundTripper(retry.NewTransport(&http.Transport{
+			TLSClientConfig: conf,
+		}), logger)
+	}
+
+	authClient := &auth.Client{
+		Client:     client,
+		Cache:      auth.NewCache(),
+		Credential: auth.StaticCredential(r.info.HostPort(), authCreds),
 	}
 
-	return docker.NewResolver(opts), nil
+	return oras.New(oras.ClientOptions{
+		Client:    authClient,
+		PlainHTTP: r.info.Scheme == "http",
+	}), nil
 }
 
 func (r *RepositoryImpl) GetRef(comp, vers string) string {

api/oci/extensions/repositories/ocireg/utils.go

@@ -14,7 +14,7 @@ import (
 
 	"ocm.software/ocm/api/oci/artdesc"
 	"ocm.software/ocm/api/oci/cpi"
-	"ocm.software/ocm/api/tech/docker/resolve"
+	"ocm.software/ocm/api/tech/oras"
 	"ocm.software/ocm/api/utils/accessio"
 	"ocm.software/ocm/api/utils/blobaccess/blobaccess"
 	"ocm.software/ocm/api/utils/logging"
@@ -81,28 +81,29 @@ func readAll(reader io.ReadCloser, err error) ([]byte, error) {
 	return data, nil
 }
 
-func push(ctx context.Context, p resolve.Pusher, blob blobaccess.BlobAccess) error {
+func push(ctx context.Context, p oras.Pusher, blob blobaccess.BlobAccess) error {
 	desc := *artdesc.DefaultBlobDescriptor(blob)
 	return pushData(ctx, p, desc, blob)
 }
 
-func pushData(ctx context.Context, p resolve.Pusher, desc artdesc.Descriptor, data blobaccess.DataAccess) error {
+func pushData(ctx context.Context, p oras.Pusher, desc artdesc.Descriptor, data blobaccess.DataAccess) error {
 	key := remotes.MakeRefKey(ctx, desc)
 	if desc.Size == 0 {
 		desc.Size = -1
 	}
 
 	logging.Logger().Debug("*** push blob", "mediatype", desc.MediaType, "digest", desc.Digest, "key", key)
-	req, err := p.Push(ctx, desc, data)
-	if err != nil {
+	if err := p.Push(ctx, desc, data); err != nil {
 		if errdefs.IsAlreadyExists(err) {
 			logging.Logger().Debug("blob already exists", "mediatype", desc.MediaType, "digest", desc.Digest)
 
 			return nil
 		}
+
 		return fmt.Errorf("failed to push: %w", err)
 	}
-	return req.Commit(ctx, desc.Size, desc.Digest)
+
+	return nil
 }
 
 var dummyContext = nologger()