kustomize edit set image should correctly parse both tag and digest

[karlkfi]

kustomize edit set image org/repo:tag@sha256:digest is not parsed correctly.

Currently it results in:

apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
images:
- digest: sha256:digest
  name: org/repo:tag

If you leave out the digest, the tag gets parsed correctly, but with the digest, the tag is assumed to be part of the image name, which is incorrect.

I would expect them to parse correctly when both supplied.

It's desirable to specify them both to facilitate security requirements as well as human readability, even if the tag is usually ignored by container runtimes when the digest is specified.

[natasha41575]

I'm able to reproduce the issue. IIUC, the correct output should be

apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
images:
- digest: sha256:digest
  name: org/repo
  newTag: tag

There is some parsing code from #4406 that we can probably reuse to resolve this issue.

/triage accepted
/help
/label good first issue

[k8s-ci-robot]

@natasha41575:
This request has been marked as needing help from a contributor.

Guidelines

Please ensure that the issue body includes answers to the following questions:

• Why are we solving this issue?
• To address this issue, are there any code changes? If there are code changes, what needs to be done in the code and what places can the assignee treat as reference points?
• Does this issue have zero to low barrier of entry?
• How can the assignee reach out to you for help?

For more details on the requirements of such an issue, please see here and ensure that they are met.

If this request no longer meets these requirements, the label can be removed
by commenting with the /remove-help command.

In response to this:

I'm able to reproduce the issue. IIUC, the correct output should be

apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
images:
- digest: sha256:digest
 name: org/repo
 newTag: tag

There is some parsing code from #4406 that we can probably reuse to resolve this issue.

/triage accepted
/help
/label good first issue

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.

[mgsh]

/assign

[CIPHERTron]

Heyy @mgsh are you still working on this issue?
I was looking for a good first issue to contribute to customize 😅

[mgsh]

Hi @CIPHERTron, I have submitted a PR for it #4714
But not sure how to get it reviewed and merged. No response on the PR.

[k8s-triage-robot]

The Kubernetes project currently lacks enough contributors to adequately respond to all issues and PRs.

This bot triages issues and PRs according to the following rules:

• After 90d of inactivity, lifecycle/stale is applied
• After 30d of inactivity since lifecycle/stale was applied, lifecycle/rotten is applied
• After 30d of inactivity since lifecycle/rotten was applied, the issue is closed

You can:

• Mark this issue or PR as fresh with /remove-lifecycle stale
• Mark this issue or PR as rotten with /lifecycle rotten
• Close this issue or PR with /close
• Offer to help out with Issue Triage

Please send feedback to sig-contributor-experience at kubernetes/community.

/lifecycle stale

[gkumarchilakala]

@natasha41575 Is there a plan to fix this issue?

[ashutosh887]

Is this already fixed @natasha41575
If not, I would like to work on this

[vaibhav2107]

/remove-lifecycle stale

[blackjid]

with #5234 merged, I thing this could be closed. I don't know in what version and when it will be released though.