feat: add auth support for downloading OCI artifacts (#3915)

pkg/oci/artifact_test.go

@@ -14,6 +14,7 @@ import (
 	"github.com/stretchr/testify/assert"
 	"github.com/stretchr/testify/require"
 
+	ftypes "github.com/aquasecurity/trivy/pkg/fanal/types"
 	"github.com/aquasecurity/trivy/pkg/oci"
 	"github.com/aquasecurity/trivy/pkg/utils/fsutils"
 )
@@ -26,10 +27,13 @@ func (f fakeLayer) MediaType() (types.MediaType, error) {
 	return "application/vnd.cncf.openpolicyagent.layer.v1.tar+gzip", nil
 }
 
-func TestNewArtifact(t *testing.T) {
+func TestArtifact_Download(t *testing.T) {
 	layer, err := tarball.LayerFromFile("testdata/test.tar.gz")
 	require.NoError(t, err)
 
+	txtLayer, err := tarball.LayerFromFile("testdata/test.txt")
+	require.NoError(t, err)
+
 	flayer := fakeLayer{layer}
 
 	type layersReturns struct {
@@ -38,16 +42,20 @@ func TestNewArtifact(t *testing.T) {
 	}
 	tests := []struct {
 		name          string
+		input         string
 		mediaType     string
 		layersReturns layersReturns
+		want          string
 		wantErr       string
 	}{
 		{
 			name:      "happy path",
+			input:     "testdata/test.tar.gz",
 			mediaType: "application/vnd.cncf.openpolicyagent.layer.v1.tar+gzip",
 			layersReturns: layersReturns{
 				layers: []v1.Layer{flayer},
 			},
+			want: "Hello, world",
 		},
 		{
 			name:      "sad: two layers",
@@ -68,6 +76,14 @@ func TestNewArtifact(t *testing.T) {
 			},
 			wantErr: "OCI layer error",
 		},
+		{
+			name:  "invalid gzip",
+			input: "testdata/test.txt",
+			layersReturns: layersReturns{
+				layers: []v1.Layer{txtLayer},
+			},
+			wantErr: "unexpected EOF",
+		},
 		{
 			name:      "sad: media type doesn't match",
 			mediaType: "unknown",
@@ -102,73 +118,14 @@ func TestNewArtifact(t *testing.T) {
 				},
 			}, nil)
 
-			_, err = oci.NewArtifact("repo", tt.mediaType, "", true, false, oci.WithImage(img))
+			artifact, err := oci.NewArtifact("repo", true, ftypes.RemoteOptions{}, oci.WithImage(img))
+			require.NoError(t, err)
+
+			err = artifact.Download(context.Background(), tempDir, oci.DownloadOption{
+				MediaType: tt.mediaType,
+			})
 			if tt.wantErr != "" {
-				require.Error(t, err)
-				assert.Contains(t, err.Error(), tt.wantErr)
-				return
-			}
-			require.NoError(t, err)
-		})
-	}
-}
-
-func TestArtifact_Download(t *testing.T) {
-	tests := []struct {
-		name    string
-		input   string
-		want    string
-		wantErr string
-	}{
-		{
-			name:  "happy path",
-			input: "testdata/test.tar.gz",
-			want:  "Hello, world",
-		},
-		{
-			name:    "invalid gzip",
-			input:   "testdata/test.txt",
-			wantErr: "unexpected EOF",
-		},
-	}
-
-	for _, tt := range tests {
-		t.Run(tt.name, func(t *testing.T) {
-			tempDir := t.TempDir()
-			fsutils.SetCacheDir(tempDir)
-
-			// Mock layer
-			layer, err := tarball.LayerFromFile(tt.input)
-			require.NoError(t, err)
-			flayer := fakeLayer{layer}
-
-			// Mock image
-			img := new(fakei.FakeImage)
-			img.LayersReturns([]v1.Layer{flayer}, nil)
-			img.ManifestReturns(&v1.Manifest{
-				Layers: []v1.Descriptor{
-					{
-						MediaType: "application/vnd.cncf.openpolicyagent.layer.v1.tar+gzip",
-						Size:      100,
-						Digest: v1.Hash{
-							Algorithm: "sha256",
-							Hex:       "cba33656188782852f58993f45b68bfb8577f64cdcf02a604e3fc2afbeb5f2d8",
-						},
-						Annotations: map[string]string{
-							"org.opencontainers.image.title": "bundle.tar.gz",
-						},
-					},
-				},
-			}, nil)
-
-			mediaType := "application/vnd.cncf.openpolicyagent.layer.v1.tar+gzip"
-			artifact, err := oci.NewArtifact("repo", mediaType, "", true, false, oci.WithImage(img))
-			require.NoError(t, err)
-
-			err = artifact.Download(context.Background(), tempDir)
-			if tt.wantErr != "" {
-				require.Error(t, err)
-				assert.Contains(t, err.Error(), tt.wantErr)
+				assert.ErrorContains(t, err, tt.wantErr)
 				return
 			}
 			require.NoError(t, err)