Add bundle image validation feature to bundle library and bundle cli

1. Enable bundle image validation: manifests and annotations.yaml
2. Add internal opm cli to use validation feature

Signed-off-by: Vu Dinh <vdinh@redhat.com>

Author: dinhxuanvu

cmd/opm/alpha/bundle/cmd.go

@@ -13,6 +13,7 @@ func NewCmd() *cobra.Command {
 
 	runCmd.AddCommand(newBundleGenerateCmd())
 	runCmd.AddCommand(newBundleBuildCmd())
+	runCmd.AddCommand(newBundleValidateCmd())
 	runCmd.AddCommand(extractCmd)
 	return runCmd
 }

cmd/opm/alpha/bundle/validate.go

@@ -0,0 +1,40 @@
+package bundle
+
+import (
+	"github.com/operator-framework/operator-registry/pkg/lib/bundle"
+	log "github.com/sirupsen/logrus"
+	"github.com/spf13/cobra"
+)
+
+func newBundleValidateCmd() *cobra.Command {
+	bundleValidateCmd := &cobra.Command{
+		Use:   "validate",
+		Short: "Validate bundle image",
+		Long: `The "opm alpha bundle validate" command will validate bundle image
+    from a remote source to determine if its format and content information are
+    accurate.
+
+        $ opm alpha bundle validate --tag quay.io/test/test-operator:latest \
+		--image-builder docker`,
+		RunE: validateFunc,
+	}
+
+	bundleValidateCmd.Flags().StringVarP(&tagBuildArgs, "tag", "t", "",
+		"The path of a registry to pull from, image name and its tag that present the bundle image (e.g. quay.io/test/test-operator:latest)")
+	if err := bundleValidateCmd.MarkFlagRequired("tag"); err != nil {
+		log.Fatalf("Failed to mark `tag` flag for `validate` subcommand as required")
+	}
+
+	bundleValidateCmd.Flags().StringVarP(&imageBuilderArgs, "image-builder", "b", "docker", "Tool to build container images. One of: [docker, podman]")
+
+	return bundleValidateCmd
+}
+
+func validateFunc(cmd *cobra.Command, args []string) error {
+	err := bundle.ValidateFunc(tagBuildArgs, imageBuilderArgs)
+	if err != nil {
+		return err
+	}
+
+	return nil
+}

pkg/lib/bundle/untar.go

@@ -0,0 +1,100 @@
+// Copyright 2017 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+// Package untar untars a tarball to disk.
+package bundle
+
+import (
+	"archive/tar"
+	"fmt"
+	"io"
+	"log"
+	"os"
+	"path"
+	"path/filepath"
+	"strings"
+)
+
+// Untar reads the tar file from r and writes it into dir.
+func Untar(r io.Reader, dir string) error {
+	return untar(r, dir)
+}
+
+func untar(r io.Reader, dir string) (err error) {
+	madeDir := map[string]bool{}
+
+	tr := tar.NewReader(r)
+	for {
+		f, err := tr.Next()
+		if err == io.EOF {
+			break
+		}
+		if err != nil {
+			log.Printf("tar reading error: %v", err)
+			return fmt.Errorf("tar error: %v", err)
+		}
+		if !validRelPath(f.Name) {
+			return fmt.Errorf("tar contained invalid name error %q", f.Name)
+		}
+		rel := filepath.FromSlash(f.Name)
+		abs := filepath.Join(dir, rel)
+
+		fi := f.FileInfo()
+		mode := fi.Mode()
+		switch {
+		case mode.IsRegular():
+			// Make the directory. This is redundant because it should
+			// already be made by a directory entry in the tar
+			// beforehand. Thus, don't check for errors; the next
+			// write will fail with the same error.
+			dir := filepath.Dir(abs)
+			if !madeDir[dir] {
+				if err := os.MkdirAll(filepath.Dir(abs), 0755); err != nil {
+					return err
+				}
+				madeDir[dir] = true
+			}
+			wf, err := os.OpenFile(abs, os.O_RDWR|os.O_CREATE|os.O_TRUNC, mode.Perm())
+			if err != nil {
+				return err
+			}
+			n, err := io.Copy(wf, tr)
+			if closeErr := wf.Close(); closeErr != nil && err == nil {
+				err = closeErr
+			}
+			if err != nil {
+				return fmt.Errorf("error writing to %s: %v", abs, err)
+			}
+			if n != f.Size {
+				return fmt.Errorf("only wrote %d bytes to %s; expected %d", n, abs, f.Size)
+			}
+		case mode.IsDir():
+			if err := os.MkdirAll(abs, 0755); err != nil {
+				return err
+			}
+			madeDir[abs] = true
+		default:
+			return fmt.Errorf("tar file entry %s contained unsupported file type %v", f.Name, mode)
+		}
+	}
+	return nil
+}
+
+func validRelativeDir(dir string) bool {
+	if strings.Contains(dir, `\`) || path.IsAbs(dir) {
+		return false
+	}
+	dir = path.Clean(dir)
+	if strings.HasPrefix(dir, "../") || strings.HasSuffix(dir, "/..") || dir == ".." {
+		return false
+	}
+	return true
+}
+
+func validRelPath(p string) bool {
+	if p == "" || strings.Contains(p, `\`) || strings.HasPrefix(p, "/") || strings.Contains(p, "../") {
+		return false
+	}
+	return true
+}