Documentation ¶
Index ¶
Constants ¶
const PredicateTypeV02 = "chainloop.dev/attestation/v0.2"
Replace custom material type with https://github.com/in-toto/attestation/blob/main/spec/v1.0/resource_descriptor.md
const (
// Subject names
SubjectGitHead = "git.head"
)
Variables ¶
var ( AnnotationMaterialType = prefixed("material.type") AnnotationMaterialName = prefixed("material.name") AnnotationMaterialCAS = prefixed("material.cas") )
Functions ¶
Types ¶
type Maintainer ¶
type Metadata ¶
type Metadata struct { Name string `json:"name"` Project string `json:"project"` Team string `json:"team"` InitializedAt *time.Time `json:"initializedAt"` FinishedAt *time.Time `json:"finishedAt"` WorkflowRunID string `json:"workflowRunID"` WorkflowID string `json:"workflowID"` Organization string `json:"organization"` }
type NormalizablePredicate ¶
type NormalizablePredicate interface { GetAnnotations() map[string]string GetEnvVars() map[string]string GetMaterials() []*NormalizedMaterial GetRunLink() string GetMetadata() *Metadata GetPolicyEvaluations() map[string][]*v1.PolicyEvaluation }
NormalizablePredicate represents a common interface of how to extract materials and env vars
func ExtractPredicate ¶
func ExtractPredicate(envelope *dsse.Envelope) (NormalizablePredicate, error)
Extract the Chainloop attestation predicate from an encoded DSSE envelope NOTE: We return a NormalizablePredicate interface to allow for future versions of the predicate to be extracted without updating the consumer. Yes, having the producer define and return an interface is an anti-pattern. but it greatly simplifies the code since there are multiple consumers at different layers of the app and we expect predicates to evolve quickly
type NormalizedMaterial ¶
type NormalizedMaterial struct { // Name of the Material Name string // Type of the Material Type string // filename of the artifact that was either uploaded or injected inline in "value" Filename string // Inline content for an artifact or string material Value string // Hash of the Material Hash *crv1.Hash // Tag of the container image Tag string // Whether the Material was uploaded and available for download from CAS UploadedToCAS bool // Whether the Material was embedded inline in the attestation EmbeddedInline bool // Custom annotations Annotations map[string]string }
type ProvenancePredicateCommon ¶
type ProvenancePredicateCommon struct { Metadata *Metadata `json:"metadata"` Builder *builder `json:"builder"` BuildType string `json:"buildType"` Env map[string]string `json:"env,omitempty"` RunnerType string `json:"runnerType"` RunnerURL string `json:"runnerURL,omitempty"` // Custom annotations Annotations map[string]string `json:"annotations,omitempty"` }
func (*ProvenancePredicateCommon) GetAnnotations ¶
func (p *ProvenancePredicateCommon) GetAnnotations() map[string]string
func (*ProvenancePredicateCommon) GetEnvVars ¶
func (p *ProvenancePredicateCommon) GetEnvVars() map[string]string
Implement NormalizablePredicate interface
func (*ProvenancePredicateCommon) GetMetadata ¶
func (p *ProvenancePredicateCommon) GetMetadata() *Metadata
func (*ProvenancePredicateCommon) GetRunLink ¶
func (p *ProvenancePredicateCommon) GetRunLink() string
type ProvenancePredicateV02 ¶
type ProvenancePredicateV02 struct { *ProvenancePredicateCommon Materials []*intoto.ResourceDescriptor `json:"materials,omitempty"` // Map materials and policies PolicyEvaluations map[string][]*v1.PolicyEvaluation `json:"policy_evaluations,omitempty"` }
func (*ProvenancePredicateV02) GetMaterials ¶
func (p *ProvenancePredicateV02) GetMaterials() []*NormalizedMaterial
Implement NormalizablePredicate interface
func (*ProvenancePredicateV02) GetPolicyEvaluations ¶
func (p *ProvenancePredicateV02) GetPolicyEvaluations() map[string][]*v1.PolicyEvaluation
type RendererCommon ¶
type RendererCommon struct {
// contains filtered or unexported fields
}
type RendererV02 ¶
type RendererV02 struct {
*RendererCommon
}
func NewChainloopRendererV02 ¶
func NewChainloopRendererV02(att *v1.Attestation, builderVersion, builderDigest string) *RendererV02