chainloop

package
v0.96.13 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Sep 30, 2024 License: Apache-2.0 Imports: 17 Imported by: 0

Documentation

Index

Constants

View Source
const AttPolicyEvaluation = "CHAINLOOP.ATTESTATION"
View Source
const PredicateTypeV02 = "chainloop.dev/attestation/v0.2"

Replace custom material type with https://github.com/in-toto/attestation/blob/main/spec/v1.0/resource_descriptor.md

View Source
const (

	// Subject names
	SubjectGitHead = "git.head"
)

Variables

View Source
var (
	AnnotationMaterialType = prefixed("material.type")
	AnnotationMaterialName = prefixed("material.name")

	AnnotationMaterialCAS = prefixed("material.cas")
)

Functions

func ExtractStatement

func ExtractStatement(envelope *dsse.Envelope) (*intoto.Statement, error)

Types

type Maintainer

type Maintainer struct {
	Name  string `json:"name"`
	Email string `json:"email"`
}

type Metadata

type Metadata struct {
	Name          string     `json:"name"`
	Project       string     `json:"project"`
	Team          string     `json:"team"`
	InitializedAt *time.Time `json:"initializedAt"`
	FinishedAt    *time.Time `json:"finishedAt"`
	WorkflowRunID string     `json:"workflowRunID"`
	WorkflowID    string     `json:"workflowID"`
	Organization  string     `json:"organization"`
}

type NormalizablePredicate

type NormalizablePredicate interface {
	GetAnnotations() map[string]string
	GetEnvVars() map[string]string
	GetMaterials() []*NormalizedMaterial
	GetRunLink() string
	GetMetadata() *Metadata
	GetPolicyEvaluations() map[string][]*PolicyEvaluation
}

NormalizablePredicate represents a common interface of how to extract materials and env vars

func ExtractPredicate

func ExtractPredicate(envelope *dsse.Envelope) (NormalizablePredicate, error)

Extract the Chainloop attestation predicate from an encoded DSSE envelope NOTE: We return a NormalizablePredicate interface to allow for future versions of the predicate to be extracted without updating the consumer. Yes, having the producer define and return an interface is an anti-pattern. but it greatly simplifies the code since there are multiple consumers at different layers of the app and we expect predicates to evolve quickly

type NormalizedMaterial

type NormalizedMaterial struct {
	// Name of the Material
	Name string
	// Type of the Material
	Type string
	// filename of the artifact that was either uploaded or injected inline in "value"
	Filename string
	// Inline content for an artifact or string material
	Value string
	// Hash of the Material
	Hash *crv1.Hash
	// Tag of the container image
	Tag string
	// Whether the Material was uploaded and available for download from CAS
	UploadedToCAS bool
	// Whether the Material was embedded inline in the attestation
	EmbeddedInline bool
	// Custom annotations
	Annotations map[string]string
}

type PolicyEvaluation added in v0.96.6

type PolicyEvaluation struct {
	Name            string                     `json:"name"`
	MaterialName    string                     `json:"material_name,omitempty"`
	Body            string                     `json:"body,omitempty"`
	Sources         []string                   `json:"sources,omitempty"`
	PolicyReference *intoto.ResourceDescriptor `json:"policy_reference,omitempty"`
	Description     string                     `json:"description,omitempty"`
	Annotations     map[string]string          `json:"annotations,omitempty"`
	Violations      []*PolicyViolation         `json:"violations,omitempty"`
	With            map[string]string          `json:"with,omitempty"`
	Type            string                     `json:"type"`
}

type PolicyViolation added in v0.96.6

type PolicyViolation struct {
	Subject string `json:"subject"`
	Message string `json:"message"`
}

type ProvenancePredicateCommon

type ProvenancePredicateCommon struct {
	Metadata   *Metadata         `json:"metadata"`
	Builder    *builder          `json:"builder"`
	BuildType  string            `json:"buildType"`
	Env        map[string]string `json:"env,omitempty"`
	RunnerType string            `json:"runnerType"`
	RunnerURL  string            `json:"runnerURL,omitempty"`
	// Custom annotations
	Annotations map[string]string `json:"annotations,omitempty"`
}

func (*ProvenancePredicateCommon) GetAnnotations

func (p *ProvenancePredicateCommon) GetAnnotations() map[string]string

func (*ProvenancePredicateCommon) GetEnvVars

func (p *ProvenancePredicateCommon) GetEnvVars() map[string]string

Implement NormalizablePredicate interface

func (*ProvenancePredicateCommon) GetMetadata

func (p *ProvenancePredicateCommon) GetMetadata() *Metadata
func (p *ProvenancePredicateCommon) GetRunLink() string

type ProvenancePredicateV02

type ProvenancePredicateV02 struct {
	*ProvenancePredicateCommon
	Materials []*intoto.ResourceDescriptor `json:"materials,omitempty"`
	// Map materials and policies
	PolicyEvaluations map[string][]*PolicyEvaluation `json:"policy_evaluations,omitempty"`
}

func (*ProvenancePredicateV02) GetMaterials

func (p *ProvenancePredicateV02) GetMaterials() []*NormalizedMaterial

Implement NormalizablePredicate interface

func (*ProvenancePredicateV02) GetPolicyEvaluations

func (p *ProvenancePredicateV02) GetPolicyEvaluations() map[string][]*PolicyEvaluation

type RendererCommon

type RendererCommon struct {
	// contains filtered or unexported fields
}

type RendererV02

type RendererV02 struct {
	*RendererCommon
	// contains filtered or unexported fields
}

func NewChainloopRendererV02

func NewChainloopRendererV02(att *v1.Attestation, schema *schemaapi.CraftingSchema, builderVersion, builderDigest string, attClient pb.AttestationServiceClient, logger *zerolog.Logger) *RendererV02

func (*RendererV02) Statement

func (r *RendererV02) Statement(ctx context.Context) (*intoto.Statement, error)

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL