Documentation ¶
Index ¶
- Constants
- func ExtractStatement(envelope *dsse.Envelope) (*intoto.Statement, error)
- type Maintainer
- type Metadata
- type NormalizablePredicate
- type NormalizedMaterial
- type PolicyEvaluation
- type PolicyViolation
- type ProvenancePredicateCommon
- type ProvenancePredicateV02
- type RendererCommon
- type RendererV02
Constants ¶
const AttPolicyEvaluation = "CHAINLOOP.ATTESTATION"
const PredicateTypeV02 = "chainloop.dev/attestation/v0.2"
Replace custom material type with https://github.com/in-toto/attestation/blob/main/spec/v1.0/resource_descriptor.md
const (
// Subject names
SubjectGitHead = "git.head"
)
Variables ¶
This section is empty.
Functions ¶
Types ¶
type Maintainer ¶
type Metadata ¶
type Metadata struct { Name string `json:"name"` Project string `json:"project"` ProjectVersion string `json:"projectVersion"` ProjectVersionPrerelease bool `json:"projectVersionPrerelease"` Team string `json:"team"` InitializedAt *time.Time `json:"initializedAt"` FinishedAt *time.Time `json:"finishedAt"` WorkflowRunID string `json:"workflowRunID"` WorkflowID string `json:"workflowID"` Organization string `json:"organization"` ContractName string `json:"contractName"` ContractVersion string `json:"contractVersion"` }
type NormalizablePredicate ¶
type NormalizablePredicate interface { GetAnnotations() map[string]string GetEnvVars() map[string]string GetMaterials() []*NormalizedMaterial GetRunLink() string GetMetadata() *Metadata GetPolicyEvaluations() map[string][]*PolicyEvaluation HasPolicyViolations() bool }
NormalizablePredicate represents a common interface of how to extract materials and env vars
func ExtractPredicate ¶
func ExtractPredicate(envelope *dsse.Envelope) (NormalizablePredicate, error)
Extract the Chainloop attestation predicate from an encoded DSSE envelope NOTE: We return a NormalizablePredicate interface to allow for future versions of the predicate to be extracted without updating the consumer. Yes, having the producer define and return an interface is an anti-pattern. but it greatly simplifies the code since there are multiple consumers at different layers of the app and we expect predicates to evolve quickly
type NormalizedMaterial ¶
type NormalizedMaterial struct { // Name of the Material Name string // Type of the Material Type string // filename of the artifact that was either uploaded or injected inline in "value" Filename string // Inline content for an artifact or string material Value string // Hash of the Material Hash *crv1.Hash // Tag of the container image Tag string // Whether the Material was uploaded and available for download from CAS UploadedToCAS bool // Whether the Material was embedded inline in the attestation EmbeddedInline bool // Custom annotations Annotations map[string]string }
type PolicyEvaluation ¶ added in v0.96.6
type PolicyEvaluation struct { Name string `json:"name"` MaterialName string `json:"material_name,omitempty"` Body string `json:"body,omitempty"` Sources []string `json:"sources,omitempty"` PolicyReference *intoto.ResourceDescriptor `json:"policy_reference,omitempty"` Description string `json:"description,omitempty"` Annotations map[string]string `json:"annotations,omitempty"` Violations []*PolicyViolation `json:"violations,omitempty"` With map[string]string `json:"with,omitempty"` Type string `json:"type"` Skipped bool `json:"skipped"` SkipReasons []string `json:"skip_reasons,omitempty"` GroupReference *intoto.ResourceDescriptor `json:"group_reference,omitempty"` Requirements []string `json:"requirements,omitempty"` }
type PolicyViolation ¶ added in v0.96.6
type ProvenancePredicateCommon ¶
type ProvenancePredicateCommon struct { Metadata *Metadata `json:"metadata"` Builder *builder `json:"builder"` BuildType string `json:"buildType"` Env map[string]string `json:"env,omitempty"` RunnerType string `json:"runnerType"` RunnerURL string `json:"runnerURL,omitempty"` // Custom annotations Annotations map[string]string `json:"annotations,omitempty"` }
func (*ProvenancePredicateCommon) GetAnnotations ¶
func (p *ProvenancePredicateCommon) GetAnnotations() map[string]string
func (*ProvenancePredicateCommon) GetEnvVars ¶
func (p *ProvenancePredicateCommon) GetEnvVars() map[string]string
Implement NormalizablePredicate interface
func (*ProvenancePredicateCommon) GetMetadata ¶
func (p *ProvenancePredicateCommon) GetMetadata() *Metadata
func (*ProvenancePredicateCommon) GetRunLink ¶
func (p *ProvenancePredicateCommon) GetRunLink() string
type ProvenancePredicateV02 ¶
type ProvenancePredicateV02 struct { *ProvenancePredicateCommon Materials []*intoto.ResourceDescriptor `json:"materials,omitempty"` // Map materials and policies PolicyEvaluations map[string][]*PolicyEvaluation `json:"policy_evaluations,omitempty"` // Whether the attestation has policy violations PolicyHasViolations bool `json:"policy_has_violations"` // Whether we want to block the attestation on policy violations PolicyBlockOnViolation bool `json:"policy_block_on_violation"` // Whether the attestation was blocked due to policy violations PolicyAttBlocked bool `json:"policy_attestation_blocked,omitempty"` }
func (*ProvenancePredicateV02) GetMaterials ¶
func (p *ProvenancePredicateV02) GetMaterials() []*NormalizedMaterial
Implement NormalizablePredicate interface
func (*ProvenancePredicateV02) GetPolicyEvaluations ¶
func (p *ProvenancePredicateV02) GetPolicyEvaluations() map[string][]*PolicyEvaluation
func (*ProvenancePredicateV02) HasPolicyViolations ¶ added in v0.150.0
func (p *ProvenancePredicateV02) HasPolicyViolations() bool
type RendererCommon ¶
type RendererCommon struct {
// contains filtered or unexported fields
}
type RendererV02 ¶
type RendererV02 struct { *RendererCommon // contains filtered or unexported fields }
func NewChainloopRendererV02 ¶
func NewChainloopRendererV02(att *v1.Attestation, schema *schemaapi.CraftingSchema, builderVersion, builderDigest string, attClient pb.AttestationServiceClient, logger *zerolog.Logger) *RendererV02