Add --tuf-channel flag to set tuf prefix path

2024-09-17 10:41:42 +01:00
parent 5e97ee0163
commit d1eddd594d
4 changed files with 14 additions and 0 deletions
--- a/charts/attest-provider/templates/attest-provider-deployment.yaml
+++ b/charts/attest-provider/templates/attest-provider-deployment.yaml
@@ -33,6 +33,9 @@ spec:
        {{- if .Values.tufRoot }}
        - --tuf-root={{ .Values.tufRoot }}
        {{- end }}
+        {{- if .Values.tufChannel }}
+        - --tuf-channel={{ .Values.tufChannel }}
+        {{- end }}
        {{- if .Values.handlerTimeout }}
        - --handler-timeout={{ .Values.handlerTimeout }}
        {{- end }}
--- a/charts/attest-provider/values.yaml
+++ b/charts/attest-provider/values.yaml
@@ -16,6 +16,7 @@ replicas: 1
 # tufTargetsSource: registry-1.docker.io/docker/tuf-targets-staging

 tufRoot: prod
+tufChannel: ""
 tufMetadataSource: registry-1.docker.io/docker/tuf-metadata
 tufTargetsSource: registry-1.docker.io/docker/tuf-targets

--- a/main.go
+++ b/main.go
@@ -37,6 +37,7 @@ var (
 	handlerTimeoutSeconds int

 	tufRoot       string
+	tufChannel    string
 	tufoutputPath string
 	metadataURL   string
 	targetsURL    string
@@ -51,6 +52,7 @@ var (
 const (
 	defaultMetadataURL = "registry-1.docker.io/docker/tuf-metadata:latest"
 	defaultTargetsURL  = "registry-1.docker.io/docker/tuf-targets"
+	defaultTUFChannel  = ""
 )

 var (
@@ -69,6 +71,7 @@ func init() {
 	flag.IntVar(&handlerTimeoutSeconds, "handler-timeout", 25, "timeout for handler in seconds")

 	flag.StringVar(&tufRoot, "tuf-root", "prod", "specify embedded tuf root [dev, staging, prod], default [prod]")
+	flag.StringVar(&tufChannel, "tuf-channel", defaultTUFChannel, "release channel [prod, testing], default [prod]")
 	flag.StringVar(&metadataURL, "tuf-metadata-source", defaultMetadataURL, "source (URL or repo) for TUF metadata")
 	flag.StringVar(&targetsURL, "tuf-targets-source", defaultTargetsURL, "source (URL or repo) for TUF targets")
 	flag.StringVar(&tufoutputPath, "tuf-output-path", defaultTUFOutputPath, "local dir to store TUF repo metadata")
@@ -88,8 +91,13 @@ func main() {

 	ctx := useragent.Set(context.Background(), "attest-provider/"+version+" (docker)")

+	if tufChannel == "prod" {
+		tufChannel = ""
+	}
+
 	validateHandler, err := handler.NewValidateHandler(ctx, &handler.ValidateHandlerOptions{
 		TUFRoot:          tufRoot,
+		TUFChannel:       tufChannel,
 		TUFOutputPath:    tufoutputPath,
 		TUFMetadataURL:   metadataURL,
 		TUFTargetsURL:    targetsURL,
--- a/pkg/handler/validate.go
+++ b/pkg/handler/validate.go
@@ -28,6 +28,7 @@ type ValidationResult struct {

 type ValidateHandlerOptions struct {
 	TUFRoot        string
+	TUFChannel     string
 	TUFOutputPath  string
 	TUFMetadataURL string
 	TUFTargetsURL  string
@@ -74,6 +75,7 @@ func (h *validateHandler) newVerifier(ctx context.Context) (attest.Verifier, err
 			LocalStorageDir: h.opts.TUFOutputPath,
 			MetadataSource:  h.opts.TUFMetadataURL,
 			TargetsSource:   h.opts.TUFTargetsURL,
+			PathPrefix:      h.opts.TUFChannel,
 			VersionChecker:  tuf.NewDefaultVersionChecker(),
 		},
 		LocalTargetsDir:  h.opts.PolicyCacheDir,