feat: upgrade to ORAS Go v2 (open-policy-agent#788)

This removes the ORAS Go v1 dependency and upgrades to ORAS Go v2. The
support for authentication via docker dependency was removed in ORAS Go
v2 so parts of that needed to be replaced with cpuguy83/dockercfg[1].

Tests were expanded to include a TLS secured and basic auth protected
registry.



[1] github.com/cpuguy83/dockercfg

Signed-off-by: Zoran Regvart <[email protected]>

downloader/oci_getter.go

@@ -3,16 +3,17 @@ package downloader
 import (
 	"context"
 	"fmt"
-	"net/http"
 	"net/url"
 	"os"
+	"strings"
 
-	"oras.land/oras-go/pkg/auth"
-	dockerauth "oras.land/oras-go/pkg/auth/docker"
+	reg "github.com/open-policy-agent/conftest/internal/registry"
 
 	getter "github.com/hashicorp/go-getter"
-	"oras.land/oras-go/pkg/content"
-	"oras.land/oras-go/pkg/oras"
+	"oras.land/oras-go/v2"
+	"oras.land/oras-go/v2/content/file"
+	"oras.land/oras-go/v2/registry"
+	"oras.land/oras-go/v2/registry/remote"
 )
 
 // OCIGetter is responsible for handling OCI repositories
@@ -29,30 +30,35 @@ func (g *OCIGetter) ClientMode(u *url.URL) (getter.ClientMode, error) {
 func (g *OCIGetter) Get(path string, u *url.URL) error {
 	ctx := g.Context()
 
-	if err := os.MkdirAll(path, os.ModePerm); err != nil {
-		return fmt.Errorf("make policy directory: %w", err)
+	repository := strings.TrimPrefix(u.String(), "oci://")
+	ref, err := registry.ParseReference(repository)
+	if err != nil {
+		return fmt.Errorf("reference: %w", err)
 	}
 
-	cli, err := dockerauth.NewClient()
-	if err != nil {
-		return fmt.Errorf("new auth client: %w", err)
+	if ref.Reference == "" {
+		ref.Reference = "latest"
+		repository = ref.String()
 	}
 
-	opts := []auth.ResolverOption{auth.WithResolverClient(http.DefaultClient)}
-	resolver, err := cli.ResolverWithOpts(opts...)
+	src, err := remote.NewRepository(repository)
 	if err != nil {
-		return fmt.Errorf("docker resolver: %w", err)
+		return fmt.Errorf("repository: %w", err)
 	}
 
-	registry := content.Registry{Resolver: resolver}
+	reg.SetupClient(src)
 
-	fileStore := content.NewFile(path)
-	defer fileStore.Close()
+	if err := os.MkdirAll(path, os.ModePerm); err != nil {
+		return fmt.Errorf("make policy directory: %w", err)
+	}
 
-	repository := getRepositoryFromURL(u.Path)
-	pullURL := u.Host + repository
+	fileStore, err := file.New(path)
+	if err != nil {
+		return fmt.Errorf("file store: %w", err)
+	}
+	defer fileStore.Close()
 
-	_, err = oras.Copy(ctx, registry, pullURL, fileStore, "")
+	_, err = oras.Copy(ctx, src, repository, fileStore, "", oras.DefaultCopyOptions)
 	if err != nil {
 		return fmt.Errorf("pulling policy: %w", err)
 	}

go.mod

@@ -8,6 +8,7 @@ require (
 	github.com/CycloneDX/cyclonedx-go v0.4.0
 	github.com/KeisukeYamashita/go-vcl v0.4.0
 	github.com/basgys/goxml2json v1.1.0
+	github.com/cpuguy83/dockercfg v0.3.1
 	github.com/ghodss/yaml v1.0.0
 	github.com/go-akka/configuration v0.0.0-20200606091224-a002c0330665
 	github.com/go-ini/ini v1.67.0
@@ -30,7 +31,7 @@ require (
 	github.com/tmccombs/hcl2json v0.3.1
 	muzzammil.xyz/jsonc v1.0.0
 	olympos.io/encoding/edn v0.0.0-20201019073823-d3554ca0b0a3
-	oras.land/oras-go v1.2.2
+	oras.land/oras-go/v2 v2.0.0
 )
 
 require (
@@ -39,26 +40,17 @@ require (
 	cloud.google.com/go/compute/metadata v0.2.1 // indirect
 	cloud.google.com/go/iam v0.7.0 // indirect
 	cloud.google.com/go/storage v1.27.0 // indirect
-	github.com/Azure/go-ansiterm v0.0.0-20210617225240-d185dfc1b5a1 // indirect
 	github.com/OneOfOne/xxhash v1.2.8 // indirect
 	github.com/agext/levenshtein v1.2.3 // indirect
 	github.com/agnivade/levenshtein v1.1.1 // indirect
 	github.com/apparentlymart/go-textseg/v13 v13.0.0 // indirect
 	github.com/aws/aws-sdk-go v1.44.26 // indirect
-	github.com/beorn7/perks v1.0.1 // indirect
 	github.com/bgentry/go-netrc v0.0.0-20140422174119-9fd32a8b3d3d // indirect
-	github.com/cespare/xxhash/v2 v2.1.2 // indirect
 	github.com/cockroachdb/apd/v2 v2.0.1 // indirect
-	github.com/containerd/containerd v1.6.16 // indirect
 	github.com/containerd/typeurl v1.0.2 // indirect
-	github.com/docker/cli v20.10.21+incompatible // indirect
-	github.com/docker/distribution v2.8.1+incompatible // indirect
 	github.com/docker/docker v20.10.21+incompatible // indirect
-	github.com/docker/docker-credential-helpers v0.7.0 // indirect
 	github.com/docker/go-connections v0.4.0 // indirect
-	github.com/docker/go-metrics v0.0.1 // indirect
 	github.com/docker/go-units v0.5.0 // indirect
-	github.com/felixge/httpsnoop v1.0.3 // indirect
 	github.com/fsnotify/fsnotify v1.6.0 // indirect
 	github.com/gobwas/glob v0.2.3 // indirect
 	github.com/gogo/protobuf v1.3.2 // indirect
@@ -69,7 +61,6 @@ require (
 	github.com/google/uuid v1.3.0 // indirect
 	github.com/googleapis/enterprise-certificate-proxy v0.2.0 // indirect
 	github.com/googleapis/gax-go/v2 v2.6.0 // indirect
-	github.com/gorilla/mux v1.8.0 // indirect
 	github.com/hashicorp/go-cleanhttp v0.5.2 // indirect
 	github.com/hashicorp/go-safetemp v1.0.0 // indirect
 	github.com/hashicorp/go-version v1.5.0 // indirect
@@ -78,24 +69,15 @@ require (
 	github.com/jmespath/go-jmespath v0.4.0 // indirect
 	github.com/klauspost/compress v1.15.11 // indirect
 	github.com/mattn/go-runewidth v0.0.14 // indirect
-	github.com/matttproud/golang_protobuf_extensions v1.0.4 // indirect
 	github.com/mitchellh/go-homedir v1.1.0 // indirect
 	github.com/mitchellh/go-testing-interface v1.14.1 // indirect
 	github.com/mitchellh/go-wordwrap v1.0.1 // indirect
 	github.com/mitchellh/mapstructure v1.4.3 // indirect
-	github.com/moby/locker v1.0.1 // indirect
-	github.com/moby/term v0.0.0-20221205130635-1aeaba878587 // indirect
-	github.com/morikuni/aec v1.0.0 // indirect
 	github.com/mpvl/unique v0.0.0-20150818121801-cbe035fff7de // indirect
 	github.com/opencontainers/go-digest v1.0.0 // indirect
 	github.com/pelletier/go-toml v1.9.5 // indirect
-	github.com/prometheus/client_golang v1.14.0 // indirect
-	github.com/prometheus/client_model v0.3.0 // indirect
-	github.com/prometheus/common v0.37.0 // indirect
-	github.com/prometheus/procfs v0.8.0 // indirect
 	github.com/rcrowley/go-metrics v0.0.0-20201227073835-cf1acfcdf475 // indirect
 	github.com/rivo/uniseg v0.4.2 // indirect
-	github.com/sirupsen/logrus v1.9.0 // indirect
 	github.com/spf13/afero v1.6.0 // indirect
 	github.com/spf13/cast v1.4.1 // indirect
 	github.com/spf13/jwalterweatherman v1.1.0 // indirect