Documentation
¶
Index ¶
- Constants
- Variables
- func ExtractStatement(envelope *dsse.Envelope) (*intoto.Statement, error)
- type Maintainer
- type Metadata
- type NormalizablePredicate
- type NormalizedMaterial
- type PolicyEvaluation
- type PolicyViolation
- type ProvenancePredicateCommon
- type ProvenancePredicateV02
- type RendererCommon
- type RendererV02
Constants ¶
View Source
const AttPolicyEvaluation = "CHAINLOOP.ATTESTATION"
View Source
const PredicateTypeV02 = "chainloop.dev/attestation/v0.2"
Replace custom material type with https://github.com/in-toto/attestation/blob/main/spec/v1.0/resource_descriptor.md
View Source
const (
// Subject names
SubjectGitHead = "git.head"
)
Variables ¶
View Source
var ( AnnotationMaterialType = prefixed("material.type") AnnotationMaterialName = prefixed("material.name") AnnotationMaterialCAS = prefixed("material.cas") )
Functions ¶
Types ¶
type Maintainer ¶
type Metadata ¶
type Metadata struct {
Name string `json:"name"`
Project string `json:"project"`
Team string `json:"team"`
InitializedAt *time.Time `json:"initializedAt"`
FinishedAt *time.Time `json:"finishedAt"`
WorkflowRunID string `json:"workflowRunID"`
WorkflowID string `json:"workflowID"`
Organization string `json:"organization"`
}
type NormalizablePredicate ¶
type NormalizablePredicate interface {
GetAnnotations() map[string]string
GetEnvVars() map[string]string
GetMaterials() []*NormalizedMaterial
GetRunLink() string
GetMetadata() *Metadata
GetPolicyEvaluations() map[string][]*PolicyEvaluation
}
NormalizablePredicate represents a common interface of how to extract materials and env vars
func ExtractPredicate ¶
func ExtractPredicate(envelope *dsse.Envelope) (NormalizablePredicate, error)
Extract the Chainloop attestation predicate from an encoded DSSE envelope NOTE: We return a NormalizablePredicate interface to allow for future versions of the predicate to be extracted without updating the consumer. Yes, having the producer define and return an interface is an anti-pattern. but it greatly simplifies the code since there are multiple consumers at different layers of the app and we expect predicates to evolve quickly
type NormalizedMaterial ¶
type NormalizedMaterial struct {
// Name of the Material
Name string
// Type of the Material
Type string
// filename of the artifact that was either uploaded or injected inline in "value"
Filename string
// Inline content for an artifact or string material
Value string
// Hash of the Material
Hash *crv1.Hash
// Tag of the container image
Tag string
// Whether the Material was uploaded and available for download from CAS
UploadedToCAS bool
// Whether the Material was embedded inline in the attestation
EmbeddedInline bool
// Custom annotations
Annotations map[string]string
}
type PolicyEvaluation ¶ added in v0.96.6
type PolicyEvaluation struct {
Name string `json:"name"`
MaterialName string `json:"material_name,omitempty"`
Body string `json:"body,omitempty"`
Sources []string `json:"sources,omitempty"`
PolicyReference *intoto.ResourceDescriptor `json:"policy_reference,omitempty"`
Description string `json:"description,omitempty"`
Annotations map[string]string `json:"annotations,omitempty"`
Violations []*PolicyViolation `json:"violations,omitempty"`
With map[string]string `json:"with,omitempty"`
Type string `json:"type"`
Skipped bool `json:"skipped"`
SkipReasons []string `json:"skip_reasons,omitempty"`
}
type PolicyViolation ¶ added in v0.96.6
type ProvenancePredicateCommon ¶
type ProvenancePredicateCommon struct {
Metadata *Metadata `json:"metadata"`
Builder *builder `json:"builder"`
BuildType string `json:"buildType"`
Env map[string]string `json:"env,omitempty"`
RunnerType string `json:"runnerType"`
RunnerURL string `json:"runnerURL,omitempty"`
// Custom annotations
Annotations map[string]string `json:"annotations,omitempty"`
}
func (*ProvenancePredicateCommon) GetAnnotations ¶
func (p *ProvenancePredicateCommon) GetAnnotations() map[string]string
func (*ProvenancePredicateCommon) GetEnvVars ¶
func (p *ProvenancePredicateCommon) GetEnvVars() map[string]string
Implement NormalizablePredicate interface
func (*ProvenancePredicateCommon) GetMetadata ¶
func (p *ProvenancePredicateCommon) GetMetadata() *Metadata
func (*ProvenancePredicateCommon) GetRunLink ¶
func (p *ProvenancePredicateCommon) GetRunLink() string
type ProvenancePredicateV02 ¶
type ProvenancePredicateV02 struct {
*ProvenancePredicateCommon
Materials []*intoto.ResourceDescriptor `json:"materials,omitempty"`
// Map materials and policies
PolicyEvaluations map[string][]*PolicyEvaluation `json:"policy_evaluations,omitempty"`
}
func (*ProvenancePredicateV02) GetMaterials ¶
func (p *ProvenancePredicateV02) GetMaterials() []*NormalizedMaterial
Implement NormalizablePredicate interface
func (*ProvenancePredicateV02) GetPolicyEvaluations ¶
func (p *ProvenancePredicateV02) GetPolicyEvaluations() map[string][]*PolicyEvaluation
type RendererCommon ¶
type RendererCommon struct {
// contains filtered or unexported fields
}
type RendererV02 ¶
type RendererV02 struct {
*RendererCommon
// contains filtered or unexported fields
}
func NewChainloopRendererV02 ¶
func NewChainloopRendererV02(att *v1.Attestation, schema *schemaapi.CraftingSchema, builderVersion, builderDigest string, attClient pb.AttestationServiceClient, logger *zerolog.Logger) *RendererV02
Source Files
Click to show internal directories.
Click to hide internal directories.