Weldr API: make Image Type denylist distribution-specific

Change the Image Type denylist in Weldr API from being applied to all
distributions to being distribution-specific. A special name `*`
can be used in the configuration to match any distribution
or any image type.

Modify NEWS entry and unit tests to reflect this change.

Signed-off-by: Tomas Hozza <thozza@redhat.com>

internal/weldr/api.go

@@ -58,8 +58,8 @@ type API struct {
 	distroRegistry *distroregistry.Registry // Available distros
 	distros        []string                 // Supported distro names
 
-	// List of ImageType names, which should not be exposed by the API
-	imageTypeDenylist []string
+	//  List of ImageType names, which should not be exposed by the API
+	distrosImageTypeDenylist map[string][]string
 }
 
 type ComposeState int
@@ -121,28 +121,28 @@ var ValidBlueprintName = regexp.MustCompile(`^[a-zA-Z0-9._-]+$`)
 func NewTestAPI(rpm rpmmd.RPMMD, arch distro.Arch, dr *distroregistry.Registry,
 	rr *reporegistry.RepoRegistry, logger *log.Logger,
 	store *store.Store, workers *worker.Server, compatOutputDir string,
-	imageTypeDenylist []string) *API {
+	distrosImageTypeDenylist map[string][]string) *API {
 
 	// Use the first entry as the host distribution
 	hostDistro := dr.GetDistro(dr.List()[0])
 	api := &API{
-		store:             store,
-		workers:           workers,
-		rpmmd:             rpm,
-		arch:              arch,
-		repoRegistry:      rr,
-		logger:            logger,
-		compatOutputDir:   compatOutputDir,
-		hostDistroName:    hostDistro.Name(),
-		distroRegistry:    dr,
-		distros:           validDistros(rr, dr, arch.Name(), logger),
-		imageTypeDenylist: imageTypeDenylist,
+		store:                    store,
+		workers:                  workers,
+		rpmmd:                    rpm,
+		arch:                     arch,
+		repoRegistry:             rr,
+		logger:                   logger,
+		compatOutputDir:          compatOutputDir,
+		hostDistroName:           hostDistro.Name(),
+		distroRegistry:           dr,
+		distros:                  validDistros(rr, dr, arch.Name(), logger),
+		distrosImageTypeDenylist: distrosImageTypeDenylist,
 	}
 	return setupRouter(api)
 }
 
 func New(repoPaths []string, stateDir string, rpm rpmmd.RPMMD, dr *distroregistry.Registry,
-	logger *log.Logger, workers *worker.Server, imageTypeDenylist []string) (*API, error) {
+	logger *log.Logger, workers *worker.Server, distrosImageTypeDenylist map[string][]string) (*API, error) {
 	if logger == nil {
 		logger = log.New(os.Stdout, "", 0)
 	}
@@ -174,17 +174,17 @@ func New(repoPaths []string, stateDir string, rpm rpmmd.RPMMD, dr *distroregistr
 	compatOutputDir := path.Join(stateDir, "outputs")
 
 	api := &API{
-		store:             store,
-		workers:           workers,
-		rpmmd:             rpm,
-		arch:              hostArch,
-		repoRegistry:      rr,
-		logger:            logger,
-		compatOutputDir:   compatOutputDir,
-		hostDistroName:    hostDistro.Name(),
-		distroRegistry:    dr,
-		distros:           validDistros(rr, dr, hostArch.Name(), logger),
-		imageTypeDenylist: imageTypeDenylist,
+		store:                    store,
+		workers:                  workers,
+		rpmmd:                    rpm,
+		arch:                     hostArch,
+		repoRegistry:             rr,
+		logger:                   logger,
+		compatOutputDir:          compatOutputDir,
+		hostDistroName:           hostDistro.Name(),
+		distroRegistry:           dr,
+		distros:                  validDistros(rr, dr, hostArch.Name(), logger),
+		distrosImageTypeDenylist: distrosImageTypeDenylist,
 	}
 	return setupRouter(api), nil
 }
@@ -385,13 +385,21 @@ func (api *API) openImageFile(composeId uuid.UUID, compose store.Compose) (io.Re
 	return reader, size, nil
 }
 
-// checkImageTypeDenylist checks the given ImageType name against the ImageType Denylist
-// provided to the API from configuration. If the given ImageType is not allowed the method
-// returns an `error`. Otherwise `nil` is returned.
-func (api *API) checkImageTypeDenylist(imageType string) error {
-	for _, deniedImgType := range api.imageTypeDenylist {
-		if imageType == deniedImgType {
-			return fmt.Errorf("image type denied by configuration: %q", imageType)
+// checkImageTypeDenylist checks the given ImageType and Distro names against
+//the distro-specific ImageType Denylist provided to the API from configuration.
+// If the given ImageType is not allowed the method returns an `error`.
+// Otherwise `nil` is returned.
+func (api *API) checkImageTypeDenylist(distroName, imageType string) error {
+	anyImageType := "*"
+	anyDistro := "*"
+
+	for deniedDistro, deniedImgTypes := range api.distrosImageTypeDenylist {
+		if distroName == deniedDistro || deniedDistro == anyDistro {
+			for _, deniedImgType := range deniedImgTypes {
+				if imageType == deniedImgType || deniedImgType == anyImageType {
+					return fmt.Errorf("image type denied by configuration: %q", imageType)
+				}
+			}
 		}
 	}
 	return nil
@@ -401,7 +409,7 @@ func (api *API) checkImageTypeDenylist(imageType string) error {
 // This is necessary because different distros support different image types, and the image
 // type may have a different package set than other distros.
 func (api *API) getImageType(distroName, imageType string) (distro.ImageType, error) {
-	if err := api.checkImageTypeDenylist(imageType); err != nil {
+	if err := api.checkImageTypeDenylist(distroName, imageType); err != nil {
 		return nil, err
 	}
 
@@ -2514,7 +2522,7 @@ func (api *API) composeTypesHandler(writer http.ResponseWriter, request *http.Re
 	}
 
 	for _, format := range arch.ListImageTypes() {
-		if err := api.checkImageTypeDenylist(format); err != nil {
+		if err := api.checkImageTypeDenylist(distroName, format); err != nil {
 			continue
 		}
 		reply.Types = append(reply.Types, composeType{format, true})