 Documentation
      ¶
      Documentation
      ¶
    
    
  
    
  
    Index ¶
- Variables
- type CommitRemote
- type Crafter
- func (c *Crafter) AddMaterialContactFreeWithAutoDetectedKind(ctx context.Context, attestationID, name, value string, ...) (*api.Attestation_Material, error)
- func (c *Crafter) AddMaterialContractFree(ctx context.Context, attestationID, kind, name, value string, ...) (*api.Attestation_Material, error)
- func (c *Crafter) AddMaterialFromContract(ctx context.Context, attestationID, key, value string, ...) (*api.Attestation_Material, error)
- func (c *Crafter) AlreadyInitialized(ctx context.Context, stateID string) (bool, error)
- func (c *Crafter) EvaluateAttestationPolicies(ctx context.Context, attestationID string, statement *intoto.Statement) error
- func (c *Crafter) Init(ctx context.Context, opts *InitOpts) error
- func (c *Crafter) IsMaterialInContract(key string) bool
- func (c *Crafter) LoadCraftingState(ctx context.Context, attestationID string) error
- func (c *Crafter) Reset(ctx context.Context, stateID string) error
- func (c *Crafter) ResolveEnvVars(ctx context.Context, attestationID string) error
- func (c *Crafter) ValidateAttestation() error
 
- type HeadCommit
- type InitOpts
- type NewOpt
- type RunnerFactory
- type RunnerM
- type SigningOpts
- type StateManager
- type SupportedRunner
- func DiscoverAndEnforceRunner(enforcedRunnerType schemaapi.CraftingSchema_Runner_RunnerType, dryRun bool, ...) (SupportedRunner, error)
- func DiscoverRunner(authToken string, logger zerolog.Logger) SupportedRunner
- func NewRunner(t schemaapi.CraftingSchema_Runner_RunnerType, authToken string, ...) SupportedRunner
 
- type VersionedCraftingState
Constants ¶
This section is empty.
Variables ¶
var ErrAttestationStateNotLoaded = errors.New("crafting state not loaded")
    var ErrRunnerContextNotFound = errors.New("the runner environment doesn't match the required runner type")
    var RunnerFactories = map[schemaapi.CraftingSchema_Runner_RunnerType]RunnerFactory{ schemaapi.CraftingSchema_Runner_GITHUB_ACTION: func(_ string, logger *zerolog.Logger) SupportedRunner { return runners.NewGithubAction(timeoutCtx, logger) }, schemaapi.CraftingSchema_Runner_GITLAB_PIPELINE: func(authToken string, logger *zerolog.Logger) SupportedRunner { return runners.NewGitlabPipeline(timeoutCtx, authToken, logger) }, schemaapi.CraftingSchema_Runner_AZURE_PIPELINE: func(_ string, _ *zerolog.Logger) SupportedRunner { return runners.NewAzurePipeline() }, schemaapi.CraftingSchema_Runner_JENKINS_JOB: func(_ string, _ *zerolog.Logger) SupportedRunner { return runners.NewJenkinsJob() }, schemaapi.CraftingSchema_Runner_CIRCLECI_BUILD: func(_ string, _ *zerolog.Logger) SupportedRunner { return runners.NewCircleCIBuild() }, schemaapi.CraftingSchema_Runner_DAGGER_PIPELINE: func(_ string, _ *zerolog.Logger) SupportedRunner { return runners.NewDaggerPipeline() }, schemaapi.CraftingSchema_Runner_TEAMCITY_PIPELINE: func(_ string, _ *zerolog.Logger) SupportedRunner { return runners.NewTeamCityPipeline() }, }
RunnerFactories maps runner types to factory functions that create them
Functions ¶
This section is empty.
Types ¶
type CommitRemote ¶
type CommitRemote struct {
	Name, URL string
}
    type Crafter ¶
type Crafter struct {
	Logger        *zerolog.Logger
	AuthRawToken  string
	CraftingState *VersionedCraftingState
	Runner        SupportedRunner
	// contains filtered or unexported fields
}
    func NewCrafter ¶
func NewCrafter(stateManager StateManager, attClient v1.AttestationServiceClient, opts ...NewOpt) (*Crafter, error)
Create a completely new crafter
func (*Crafter) AddMaterialContactFreeWithAutoDetectedKind ¶
func (c *Crafter) AddMaterialContactFreeWithAutoDetectedKind(ctx context.Context, attestationID, name, value string, casBackend *casclient.CASBackend, runtimeAnnotations map[string]string) (*api.Attestation_Material, error)
AddMaterialContactFreeWithAutoDetectedKind adds a material to the crafting state checking the incoming material matches any of the supported types in validation order. If the material is not found it will return an error.
func (*Crafter) AddMaterialContractFree ¶
func (c *Crafter) AddMaterialContractFree(ctx context.Context, attestationID, kind, name, value string, casBackend *casclient.CASBackend, runtimeAnnotations map[string]string) (*api.Attestation_Material, error)
AddMaterialContractFree adds a material to the crafting state without checking the contract schema. This is useful for adding materials that are not defined in the schema. The name of the material is automatically calculated to conform the API contract if not provided.
func (*Crafter) AddMaterialFromContract ¶
func (c *Crafter) AddMaterialFromContract(ctx context.Context, attestationID, key, value string, casBackend *casclient.CASBackend, runtimeAnnotations map[string]string) (*api.Attestation_Material, error)
AddMaterialFromContract adds a material to the crafting state checking the incoming materials is in the schema and has not been set yet
func (*Crafter) AlreadyInitialized ¶
func (*Crafter) EvaluateAttestationPolicies ¶ added in v0.147.0
func (c *Crafter) EvaluateAttestationPolicies(ctx context.Context, attestationID string, statement *intoto.Statement) error
EvaluateAttestationPolicies evaluates the attestation-level policies and stores them in the attestation state
func (*Crafter) IsMaterialInContract ¶
IsMaterialInContract checks if the material is in the contract schema
func (*Crafter) LoadCraftingState ¶
func (*Crafter) ResolveEnvVars ¶
ResolveEnvVars will iterate on the env vars in the allow list and resolve them from the system context strict indicates if it should fail if any env variable can not be found
func (*Crafter) ValidateAttestation ¶
type HeadCommit ¶
type InitOpts ¶
type InitOpts struct {
	// Control plane workflow metadata
	WfInfo *api.WorkflowMetadata
	// already marshaled schema
	SchemaV1 *schemaapi.CraftingSchema
	// do not record, upload or push attestation
	DryRun bool
	// Identifier of the attestation state
	AttestationID string
	Runner        SupportedRunner
	// fail the attestation if policy evaluation fails
	BlockOnPolicyViolation bool
	// Signing options
	SigningOptions *SigningOpts
	// Authentication token
	Auth *api.Attestation_Auth
	// array of hostnames that are allowed to be used in the policies
	PoliciesAllowedHostnames []string
}
    type NewOpt ¶
func WithAuthRawToken ¶ added in v1.4.0
func WithLogger ¶
func WithOCIAuth ¶
func WithWorkingDirPath ¶
type RunnerFactory ¶ added in v1.0.0
type RunnerFactory func(authToken string, logger *zerolog.Logger) SupportedRunner
RunnerFactory is a function that creates a runner
type RunnerM ¶
type RunnerM map[schemaapi.CraftingSchema_Runner_RunnerType]SupportedRunner
type SigningOpts ¶ added in v0.170.0
type StateManager ¶
type StateManager interface {
	// Check if the state is already initialized
	Initialized(ctx context.Context, key string) (bool, error)
	// Write the state to the manager backend
	Write(ctx context.Context, key string, state *VersionedCraftingState) error
	// Read the state from the manager backend
	Read(ctx context.Context, key string, state *VersionedCraftingState) error
	// Reset/Delete the state
	Reset(ctx context.Context, key string) error
	// String returns a string representation of the state manager
	Info(ctx context.Context, key string) string
}
    StateManager is an interface for managing the state of the crafting process
type SupportedRunner ¶
type SupportedRunner interface {
	// Whether the attestation is happening in this environment
	CheckEnv() bool
	// List the env variables registered
	ListEnvVars() []*runners.EnvVarDefinition
	// Return the list of env vars associated with this runner already resolved
	ResolveEnvVars() (map[string]string, []*error)
	// uri to the running job/workload
	RunURI() string
	// ID returns the runner type
	ID() schemaapi.CraftingSchema_Runner_RunnerType
	// WorkflowFilePath returns the workflow file path associated with this runner
	WorkflowFilePath() string
	// IsAuthenticated returns whether the runner is authenticated or not
	IsAuthenticated() bool
	// RunnerEnvironment returns the runner environment
	Environment() runners.RunnerEnvironment
}
    func DiscoverAndEnforceRunner ¶
func DiscoverAndEnforceRunner(enforcedRunnerType schemaapi.CraftingSchema_Runner_RunnerType, dryRun bool, authToken string, logger zerolog.Logger) (SupportedRunner, error)
func DiscoverRunner ¶
func DiscoverRunner(authToken string, logger zerolog.Logger) SupportedRunner
DiscoverRunner the runner environment This method does a simple check to see which runner is available in the environment by iterating over the different runners and performing duck-typing checks If more than one runner is detected, we default to generic since its an incongruent result
func NewRunner ¶
func NewRunner(t schemaapi.CraftingSchema_Runner_RunnerType, authToken string, logger *zerolog.Logger) SupportedRunner
Load a specific runner
type VersionedCraftingState ¶
type VersionedCraftingState struct {
	*api.CraftingState
	// This digest is used to verify the integrity of the state during updates
	UpdateCheckSum string
}