Merge branch 'npm/config' of github.com:open-component-model/ocm into…

… npm/config

cmds/ocm/commands/ocmcmds/common/addhdlrs/rscs/elements.go

@@ -101,9 +101,9 @@ func (h ResourceSpecHandler) Set(v ocm.ComponentVersionAccess, r addhdlrs.Elemen
 			ExtraIdentity: spec.ExtraIdentity,
 			Labels:        spec.Labels,
 		},
-		Type:      spec.Type,
-		Relation:  spec.Relation,
-		SourceRef: compdescv2.ConvertSourcerefsTo(spec.SourceRef),
+		Type:       spec.Type,
+		Relation:   spec.Relation,
+		SourceRefs: compdescv2.ConvertSourcerefsTo(spec.SourceRefs),
 	}
 	opts := h.getModOpts()
 	if ocm.IsIntermediate(v.Repository().GetSpecification()) {
@@ -124,9 +124,10 @@ type ResourceSpec struct {
 	// Can be a local or external resource
 	Relation metav1.ResourceRelation `json:"relation,omitempty"`
 
-	// SourceRef defines a list of source names.
-	// These names reference the sources defines in `component.sources`.
-	SourceRef []compdescv2.SourceRef `json:"srcRef"`
+	// SourceRefs defines a list of source names.
+	// These entries reference the sources defined in the
+	// component.sources.
+	SourceRefs []compdescv2.SourceRef `json:"srcRefs"`
 
 	addhdlrs.ResourceInput `json:",inline"`
 }
@@ -160,7 +161,7 @@ func (r *ResourceSpec) Validate(ctx clictx.Context, input *addhdlrs.ResourceInpu
 		ElementMeta: r.ElementMeta,
 		Type:        r.Type,
 		Relation:    r.Relation,
-		SourceRef:   r.SourceRef,
+		SourceRefs:  r.SourceRefs,
 	}
 	if err := compdescv2.ValidateResource(fldPath, rsc, false); err != nil {
 		allErrs = append(allErrs, err...)

docs/ocm/model.md

@@ -346,9 +346,9 @@ A resource uses the following additional formal fields:
   the resource description. This is required because there might be different
   digest and resource normalization algorithms.
 
-- **`srcRef`** (optional) *struct*
+- **`srcRefs`** (optional) *[]struct*
 
-  This field is used to describe the sources used to generate the resource.
+  This field describes a list of sources used to generate the resource.
   The selection is done by the following two fields:
 
   - **`identitySelector`** *map[string]string*

docs/reference/ocm.md

@@ -50,9 +50,12 @@ location a default configuration is composed according to known type specific
 configuration files.
 
 The following configuration sources are used:
-  - The docker configuration file at <code>~/.docker/config.jaon</code> is
+  - The docker configuration file at <code>~/.docker/config.json</code> is
     read to feed in the configured credentials for OCI registries.
 
+  - The npm configuration file at <code>~/.npmrc</code> is
+    read to feed in the configured credentials for NPM registries.
+
 
 
 With the option <code>--cred</code> it is possible to specify arbitrary credentials

docs/reference/ocm_credential-handling.md

@@ -170,6 +170,19 @@ The following credential consumer types are used/supported:
       - <code>certificateAuthority</code>: the certificate authority certificate used to verify certificates
 
 
+  - <code>Registry.npmjs.com</code>: NPM repository
+
+    It matches the <code>Registry.npmjs.com</code> consumer type and additionally acts like
+    the <code>hostpath</code> type.
+
+    Credential consumers of the consumer type Registry.npmjs.com evaluate the following credential properties:
+
+      - <code>username</code>: the basic auth user name
+      - <code>password</code>: the basic auth password
+      - <code>email</code>: NPM registry, require an email address
+      - <code>token</code>: the token attribute. May exist after login at any npm registry. Check your .npmrc file!
+
+
   - <code>S3</code>: S3 credential matcher
 
     This matcher is a hostpath matcher.
@@ -306,6 +319,21 @@ behaviours are described in the following list:
     is read.
 
 
+- Credential provider <code>NPMConfig</code>
+
+  This repository type can be used to access credentials stored in a file
+  following the NPM npmrc format (~/.npmrc). It take into account the
+  credentials helper section, also. If enabled, the described
+  credentials will be automatically assigned to appropriate consumer ids.
+
+  The following versions are supported:
+  - Version <code>v1</code>
+
+    The repository specification supports the following fields:
+      - <code>npmrcFile</code>: *string*: the file path to a NPM npmrc file
+      - <code>propagateConsumerIdentity</code>: *bool*(optional): enable consumer id propagation
+
+
 
 ### SEE ALSO
 

docs/reference/ocm_get_credentials.md

@@ -96,6 +96,19 @@ Matchers exist for the following usage contexts or consumer types:
       - <code>certificateAuthority</code>: the certificate authority certificate used to verify certificates
 
 
+  - <code>Registry.npmjs.com</code>: NPM repository
+
+    It matches the <code>Registry.npmjs.com</code> consumer type and additionally acts like
+    the <code>hostpath</code> type.
+
+    Credential consumers of the consumer type Registry.npmjs.com evaluate the following credential properties:
+
+      - <code>username</code>: the basic auth user name
+      - <code>password</code>: the basic auth password
+      - <code>email</code>: NPM registry, require an email address
+      - <code>token</code>: the token attribute. May exist after login at any npm registry. Check your .npmrc file!
+
+
   - <code>S3</code>: S3 credential matcher
 
     This matcher is a hostpath matcher.

docs/reference/ocm_logging.md

@@ -17,6 +17,7 @@ The following *tags* are used by the command line tool:
 
 The following *realms* are used by the command line tool:
   - <code>ocm</code>: general realm used for the ocm go library.
+  - <code>ocm/NPM</code>: NPM registry
   - <code>ocm/accessmethod/ociartifact</code>: access method ociArtifact
   - <code>ocm/compdesc</code>: component descriptor handling
   - <code>ocm/config</code>: configuration management

docs/reference/ocm_ocm-uploadhandlers.md

@@ -36,10 +36,6 @@ resource blob), it is possible to pass a target configuration controlling the
 exact behaviour of the handler for selected artifacts.
 
 The following handler names are possible:
-  - <code>plugin</code>: [downloaders provided by plugins]
-
-    sub namespace of the form <code>&lt;plugin name>/&lt;handler></code>
-
   - <code>ocm/ociArtifacts</code>: downloading OCI artifacts
 
     The <code>ociArtifacts</code> downloader is able to download OCI artifacts
@@ -64,6 +60,19 @@ The following handler names are possible:
     Alternatively, a single string value can be given representing an OCI repository
     reference.
 
+  - <code>plugin</code>: [downloaders provided by plugins]
+
+    sub namespace of the form <code>&lt;plugin name>/&lt;handler></code>
+
+  - <code>ocm/npmPackage</code>: uploading npm artifacts
+
+    The <code>ocm/npmPackage</code> uploader is able to upload npm artifacts
+    as artifact archive according to the npm package spec.
+    If registered the default mime type is: application/x-tgz
+
+    It accepts a plain string for the URL or a config with the following field:
+    'url': the URL of the npm repository.
+
 
 
 See [ocm ocm-uploadhandlers](ocm_ocm-uploadhandlers.md) for further details on using

docs/reference/ocm_transfer_commontransportarchive.md

@@ -110,10 +110,6 @@ are configured for the operation. It has the following format
 </center>
 
 The uploader name may be a path expression with the following possibilities:
-  - <code>plugin</code>: [downloaders provided by plugins]
-
-    sub namespace of the form <code>&lt;plugin name>/&lt;handler></code>
-
   - <code>ocm/ociArtifacts</code>: downloading OCI artifacts
 
     The <code>ociArtifacts</code> downloader is able to download OCI artifacts
@@ -138,6 +134,19 @@ The uploader name may be a path expression with the following possibilities:
     Alternatively, a single string value can be given representing an OCI repository
     reference.
 
+  - <code>plugin</code>: [downloaders provided by plugins]
+
+    sub namespace of the form <code>&lt;plugin name>/&lt;handler></code>
+
+  - <code>ocm/npmPackage</code>: uploading npm artifacts
+
+    The <code>ocm/npmPackage</code> uploader is able to upload npm artifacts
+    as artifact archive according to the npm package spec.
+    If registered the default mime type is: application/x-tgz
+
+    It accepts a plain string for the URL or a config with the following field:
+    'url': the URL of the npm repository.
+
 
 
 See [ocm ocm-uploadhandlers](ocm_ocm-uploadhandlers.md) for further details on using

docs/reference/ocm_transfer_componentversions.md

@@ -167,10 +167,6 @@ are configured for the operation. It has the following format
 </center>
 
 The uploader name may be a path expression with the following possibilities:
-  - <code>plugin</code>: [downloaders provided by plugins]
-
-    sub namespace of the form <code>&lt;plugin name>/&lt;handler></code>
-
   - <code>ocm/ociArtifacts</code>: downloading OCI artifacts
 
     The <code>ociArtifacts</code> downloader is able to download OCI artifacts
@@ -195,6 +191,19 @@ The uploader name may be a path expression with the following possibilities:
     Alternatively, a single string value can be given representing an OCI repository
     reference.
 
+  - <code>plugin</code>: [downloaders provided by plugins]
+
+    sub namespace of the form <code>&lt;plugin name>/&lt;handler></code>
+
+  - <code>ocm/npmPackage</code>: uploading npm artifacts
+
+    The <code>ocm/npmPackage</code> uploader is able to upload npm artifacts
+    as artifact archive according to the npm package spec.
+    If registered the default mime type is: application/x-tgz
+
+    It accepts a plain string for the URL or a config with the following field:
+    'url': the URL of the npm repository.
+
 
 
 See [ocm ocm-uploadhandlers](ocm_ocm-uploadhandlers.md) for further details on using

pkg/contexts/credentials/repositories/npm/default.go

@@ -0,0 +1,57 @@
+// SPDX-FileCopyrightText: 2024 SAP SE or an SAP affiliate company and Open Component Model contributors.
+//
+// SPDX-License-Identifier: Apache-2.0
+
+package npm
+
+import (
+	"fmt"
+	"os"
+
+	"github.com/mandelsoft/filepath/pkg/filepath"
+	"github.com/mandelsoft/vfs/pkg/osfs"
+	"github.com/mandelsoft/vfs/pkg/vfs"
+
+	"github.com/open-component-model/ocm/pkg/contexts/config"
+	credcfg "github.com/open-component-model/ocm/pkg/contexts/credentials/config"
+	"github.com/open-component-model/ocm/pkg/contexts/ocm/utils/defaultconfigregistry"
+	"github.com/open-component-model/ocm/pkg/errors"
+)
+
+const (
+	ConfigFileName = ".npmrc"
+)
+
+func init() {
+	defaultconfigregistry.RegisterDefaultConfigHandler(DefaultConfigHandler, desc)
+}
+
+func DefaultConfig() (string, error) {
+	d, err := os.UserHomeDir()
+	if err != nil {
+		return "", err
+	}
+	return filepath.Join(d, ConfigFileName), nil
+}
+
+func DefaultConfigHandler(cfg config.Context) error {
+	// use docker config as default config for ocm cli
+	d, err := DefaultConfig()
+	if err != nil {
+		return nil
+	}
+	if ok, err := vfs.FileExists(osfs.New(), d); ok && err == nil {
+		ccfg := credcfg.New()
+		ccfg.AddRepository(NewRepositorySpec(d, true))
+		err = cfg.ApplyConfig(ccfg, d)
+		if err != nil {
+			return errors.Wrapf(err, "cannot apply npm config %q", d)
+		}
+	}
+	return nil
+}
+
+var desc = fmt.Sprintf(`
+The npm configuration file at <code>~/%s</code> is
+read to feed in the configured credentials for NPM registries.
+`, ConfigFileName)

pkg/contexts/credentials/repositories/npm/type.go

@@ -8,6 +8,7 @@ import (
 	"fmt"
 
 	"github.com/open-component-model/ocm/pkg/contexts/credentials/cpi"
+	"github.com/open-component-model/ocm/pkg/generics"
 	"github.com/open-component-model/ocm/pkg/runtime"
 	"github.com/open-component-model/ocm/pkg/utils"
 )
@@ -31,13 +32,22 @@ type RepositorySpec struct {
 }
 
 // NewRepositorySpec creates a new memory RepositorySpec.
-func NewRepositorySpec(path string) *RepositorySpec {
+func NewRepositorySpec(path string, propagate ...bool) *RepositorySpec {
+	var p *bool
 	if path == "" {
-		path = "~/.npmrc"
+		d, err := DefaultConfig()
+		if err == nil {
+			path = d
+		}
 	}
+	if len(propagate) > 0 {
+		p = generics.Pointer(utils.OptionalDefaultedBool(true, propagate...))
+	}
+
 	return &RepositorySpec{
-		ObjectVersionedType: runtime.NewVersionedTypedObject(Type),
-		NpmrcFile:           path,
+		ObjectVersionedType:      runtime.NewVersionedTypedObject(Type),
+		NpmrcFile:                path,
+		PropgateConsumerIdentity: p,
 	}
 }
 

pkg/contexts/ocm/compdesc/componentdescriptor.go

@@ -635,7 +635,7 @@ func (r *Resource) Equivalent(e ElementMetaAccessor) equivalent.EqualState {
 		return state
 	} else {
 		// not delegated to ResourceMeta, because the significance of digests can only be determined at the Resource level.
-		state := equivalent.StateLocalHashEqual(r.Type == o.Type && r.Relation == o.Relation && reflect.DeepEqual(r.SourceRef, o.SourceRef))
+		state := equivalent.StateLocalHashEqual(r.Type == o.Type && r.Relation == o.Relation && reflect.DeepEqual(r.SourceRefs, o.SourceRefs))
 
 		if !IsNoneAccess(r.Access) || !IsNoneAccess(o.Access) {
 			state = state.Apply(r.Digest.Equivalent(o.Digest))
@@ -664,9 +664,10 @@ type ResourceMeta struct {
 	// Can be a local or external resource
 	Relation metav1.ResourceRelation `json:"relation,omitempty"`
 
-	// SourceRef defines a list of source names.
-	// These names reference the sources defines in `component.sources`.
-	SourceRef SourceRefs `json:"srcRef,omitempty"`
+	// SourceRefs defines a list of source names.
+	// These entries reference the sources defined in the
+	// component.sources.
+	SourceRefs SourceRefs `json:"srcRefs,omitempty"`
 
 	// Digest is the optional digest of the referenced resource.
 	// +optional
@@ -704,7 +705,7 @@ func (o *ResourceMeta) Copy() *ResourceMeta {
 		ElementMeta: *o.ElementMeta.Copy(),
 		Type:        o.Type,
 		Relation:    o.Relation,
-		SourceRef:   o.SourceRef.Copy(),
+		SourceRefs:  o.SourceRefs.Copy(),
 		Digest:      o.Digest.Copy(),
 	}
 	return r

pkg/contexts/ocm/compdesc/normalizations/jsonv2/norm.go

@@ -46,9 +46,9 @@ var CDExcludes = signing.MapExcludes{
 		"resources": signing.DynamicArrayExcludes{
 			ValueMapper: rules.MapResourcesWithNoneAccess,
 			Continue: signing.MapExcludes{
-				"access": nil,
-				"srcRef": nil,
-				"labels": rules.LabelExcludes,
+				"access":  nil,
+				"srcRefs": nil,
+				"labels":  rules.LabelExcludes,
 			},
 		},
 		"sources": signing.ArrayExcludes{

pkg/contexts/ocm/compdesc/testutils/compnametest.go

@@ -23,7 +23,7 @@ func TestCompName(dataBytes []byte, err error) {
 		var scheme map[string]interface{}
 		Expect(runtime.DefaultYAMLEncoding.Unmarshal(dataBytes, &scheme)).To(Succeed())
 
-		pattern := scheme["definitions"].(map[string]interface{})["componentName"].(map[string]interface{})["pattern"].(string)
+		pattern := scheme["$defs"].(map[string]interface{})["componentName"].(map[string]interface{})["pattern"].(string)
 
 		logrus.Infof("pattern=%s", pattern)
 

pkg/contexts/ocm/compdesc/versions/ocm.software/v3alpha1/componentdescriptor.go

@@ -236,8 +236,12 @@ type Resource struct {
 	// Can be a local or external resource
 	Relation metav1.ResourceRelation `json:"relation,omitempty"`
 
-	// SourceRef defines a list of source names.
-	// These names reference the sources defines in `component.sources`.
+	// SourceRefs defines a list of source names.
+	// These entries reference the sources defined in the
+	// component.sources.
+	SourceRefs []SourceRef `json:"srcRefs,omitempty"`
+	// SourceRef is for deserialization compatibility, only.
+	// The usage of this field in external formats is deprecated.
 	SourceRef []SourceRef `json:"srcRef,omitempty"`
 
 	// Access describes the type specific method to