Merge pull request #40 from docker/feat-support-more-verify-options

feat: add att style and referrers repo opts
This commit is contained in:
Joel Kamp
2024-07-08 13:35:33 -05:00
committed by GitHub
2 changed files with 23 additions and 9 deletions

20
main.go
View File

@@ -40,6 +40,9 @@ var (
policyDir string
policyCacheDir string
attestationStyle string
referrersRepo string
)
const (
@@ -73,6 +76,9 @@ func init() {
flag.StringVar(&policyDir, "local-policy-dir", "", "path to local policy directory (overrides TUF policy)")
flag.StringVar(&policyCacheDir, "policy-cache-dir", defaultPolicyCacheDir, "path to store policy downloaded from TUF")
flag.StringVar(&attestationStyle, "attestation-style", "referrers", "attestation style [referrers, attached]")
flag.StringVar(&referrersRepo, "referrers-source", "", "repo from which to fetch Referrers for attestation lookup")
flag.Parse()
}
@@ -80,12 +86,14 @@ func main() {
mux := http.NewServeMux()
validateHandler, err := handler.NewValidateHandler(&handler.ValidateHandlerOptions{
TUFRoot: tufRoot,
TUFOutputPath: tufoutputPath,
TUFMetadataURL: metadataURL,
TUFTargetsURL: targetsURL,
PolicyDir: policyDir,
PolicyCacheDir: policyCacheDir,
TUFRoot: tufRoot,
TUFOutputPath: tufoutputPath,
TUFMetadataURL: metadataURL,
TUFTargetsURL: targetsURL,
PolicyDir: policyDir,
PolicyCacheDir: policyCacheDir,
AttestationStyle: attestationStyle,
ReferrersRepo: referrersRepo,
})
if err != nil {
klog.ErrorS(err, "unable to create validate handler")

View File

@@ -10,6 +10,7 @@ import (
"github.com/docker/attest-provider/internal/embed"
"github.com/docker/attest-provider/pkg/utils"
"github.com/docker/attest/pkg/attest"
"github.com/docker/attest/pkg/config"
"github.com/docker/attest/pkg/oci"
"github.com/docker/attest/pkg/policy"
"github.com/docker/attest/pkg/tuf"
@@ -33,6 +34,9 @@ type ValidateHandlerOptions struct {
PolicyDir string
PolicyCacheDir string
AttestationStyle string
ReferrersRepo string
}
type validateHandler struct {
@@ -104,9 +108,11 @@ func (h *validateHandler) ServeHTTP(w http.ResponseWriter, req *http.Request) {
}
policyOpts := &policy.PolicyOptions{
TufClient: tufClient,
LocalTargetsDir: h.opts.PolicyCacheDir,
LocalPolicyDir: h.opts.PolicyDir,
TufClient: tufClient,
LocalTargetsDir: h.opts.PolicyCacheDir,
LocalPolicyDir: h.opts.PolicyDir,
AttestationStyle: config.AttestationStyle(h.opts.AttestationStyle),
ReferrersRepo: h.opts.ReferrersRepo,
}
results := make([]externaldata.Item, 0)