Remove AttestationImage field from AttestationManifest

2024-07-09 13:36:33 +01:00
parent 116c668183
commit 5faf0801ee
9 changed files with 19 additions and 30 deletions
--- a/pkg/attest/sign.go
+++ b/pkg/attest/sign.go
@@ -18,7 +18,7 @@ func SignStatements(ctx context.Context, idx v1.ImageIndex, signer dsse.SignerVe
 	}
 	// sign every attestation layer in each manifest
 	for _, manifest := range attestationManifests {
-		for _, layer := range manifest.AttestationImage.OriginalLayers {
+		for _, layer := range manifest.OriginalLayers {
 			err = manifest.AddAttestation(ctx, signer, layer.Statement, opts)
 			if err != nil {
 				return nil, fmt.Errorf("failed to sign attestation layer %w", err)
--- a/pkg/attest/sign_test.go
+++ b/pkg/attest/sign_test.go
@@ -134,10 +134,8 @@ func TestAddSignedLayerAnnotations(t *testing.T) {
 				OriginalDescriptor: &v1.Descriptor{
 					MediaType: mediaType,
 				},
-				AttestationImage: &attestation.AttestationImage{
-					OriginalLayers: []*attestation.AttestationLayer{
-						originalLayer,
-					},
+				OriginalLayers: []*attestation.AttestationLayer{
+					originalLayer,
 				},
 				SubjectDescriptor: &v1.Descriptor{},
 			}
@@ -200,7 +198,7 @@ func TestSimpleStatementSigning(t *testing.T) {
 			require.NoError(t, err)

 			// fake that the manfifest was loaded from a real image
-			manifest.AttestationImage.OriginalLayers = manifest.AttestationImage.SignedLayers
+			manifest.OriginalLayers = manifest.SignedLayers
 			envelopes, err := oci.ExtractEnvelopes(manifest, attestation.VSAPredicateType)
 			require.NoError(t, err)
 			assert.Len(t, envelopes, 2)
--- a/pkg/attest/verify.go
+++ b/pkg/attest/verify.go
@@ -175,9 +175,7 @@ func NewAttestationManifest(subject *v1.Descriptor) (*attestation.AttestationMan
 		OriginalDescriptor: &v1.Descriptor{
 			MediaType: "application/vnd.oci.image.manifest.v1+json",
 		},
-		AttestationImage: &attestation.AttestationImage{
-			OriginalLayers: []*attestation.AttestationLayer{},
-		},
+		OriginalLayers:    []*attestation.AttestationLayer{},
 		SubjectDescriptor: subject,
 	}, nil
 }
--- a/pkg/attestation/attestation.go
+++ b/pkg/attestation/attestation.go
@@ -47,8 +47,7 @@ func GetAttestationManifestsFromIndex(index v1.ImageIndex) ([]*AttestationManife
 				&AttestationManifest{
 					OriginalDescriptor: &desc,
 					SubjectDescriptor:  subject,
-					AttestationImage: &AttestationImage{
-						OriginalLayers: attestationLayers}})
+					OriginalLayers:     attestationLayers})
 		}
 	}
 	return attestationManifests, nil
@@ -96,7 +95,7 @@ func (manifest *AttestationManifest) AddAttestation(ctx context.Context, signer
 	if err != nil {
 		return fmt.Errorf("failed to create signed layer: %w", err)
 	}
-	manifest.AttestationImage.SignedLayers = append(manifest.AttestationImage.SignedLayers, layer)
+	manifest.SignedLayers = append(manifest.SignedLayers, layer)
 	return nil
 }

@@ -202,15 +201,14 @@ func WithReplacedLayers(replaceLayers bool) func(*AttestationManifestImageOption

 // build an image with signed attestations, optionally replacing existing layers with signed layers
 func (manifest *AttestationManifest) BuildAttestationImage(options ...func(*AttestationManifestImageOptions) error) (v1.Image, error) {
-	// always create a new image from all the layers
 	opts, err := newOptions(options...)
 	if err != nil {
 		return nil, fmt.Errorf("failed to create options: %w", err)
 	}
-	resultLayers := manifest.AttestationImage.SignedLayers
-	for _, existingLayer := range manifest.AttestationImage.OriginalLayers {
+	resultLayers := manifest.SignedLayers
+	for _, existingLayer := range manifest.OriginalLayers {
 		var found bool
-		for _, signedLayer := range manifest.AttestationImage.SignedLayers {
+		for _, signedLayer := range manifest.SignedLayers {
 			if existingLayer.Statement == signedLayer.Statement {
 				found = true
 				// copy over original annotations
@@ -236,7 +234,7 @@ func (manifest *AttestationManifest) BuildAttestationImage(options ...func(*Atte
 // build an image per attestation (layer) suitable for use as Referrers
 func (manifest *AttestationManifest) BuildReferringArtifacts() ([]v1.Image, error) {
 	var images []v1.Image
-	for _, layer := range manifest.AttestationImage.SignedLayers {
+	for _, layer := range manifest.SignedLayers {
 		opts := &AttestationManifestImageOptions{
 			strictReferrers: true,
 		}
--- a/pkg/attestation/types.go
+++ b/pkg/attestation/types.go
@@ -30,17 +30,12 @@ type AttestationLayer struct {
 	Annotations map[string]string
 }

-type AttestationImage struct {
-	OriginalLayers []*AttestationLayer
-	SignedLayers   []*AttestationLayer
-}
-
 type AttestationManifest struct {
 	OriginalDescriptor *v1.Descriptor
-	// kept up to date during signing
-
-	AttestationImage *AttestationImage
+	OriginalLayers     []*AttestationLayer

+	// accumulated during signing
+	SignedLayers []*AttestationLayer
 	// details of subect image
 	SubjectName       string
 	SubjectDescriptor *v1.Descriptor
--- a/pkg/oci/layout.go
+++ b/pkg/oci/layout.go
@@ -44,7 +44,7 @@ func (r *OCILayoutResolver) fetchAttestationManifest() (*attestation.Attestation

 func (r *OCILayoutResolver) Attestations(ctx context.Context, predicateType string) ([]*att.Envelope, error) {
 	var envs []*att.Envelope
-	for _, attestationLayer := range r.AttestationManifest.AttestationImage.OriginalLayers {
+	for _, attestationLayer := range r.AttestationManifest.OriginalLayers {
 		if attestationLayer.Annotations[attestation.InTotoPredicateType] != predicateType {
 			continue
 		}
@@ -134,7 +134,7 @@ func attestationManifestFromOCILayout(path string, platform *v1.Platform) (*atte
 			return nil, fmt.Errorf("failed to get attestations from image: %w", err)
 		}
 		attest := &attestation.AttestationManifest{
-			AttestationImage:   &att.AttestationImage{OriginalLayers: layers},
+			OriginalLayers:     layers,
 			OriginalDescriptor: &mf,
 			SubjectName:        name,
 			SubjectDescriptor:  subjectDescriptor,
--- a/pkg/oci/oci.go
+++ b/pkg/oci/oci.go
@@ -49,7 +49,7 @@ func WithOptions(ctx context.Context, platform *v1.Platform) []remote.Option {

 func ExtractEnvelopes(manifest *attestation.AttestationManifest, predicateType string) ([]*att.Envelope, error) {
 	var envs []*att.Envelope
-	for _, attestationLayer := range manifest.AttestationImage.OriginalLayers {
+	for _, attestationLayer := range manifest.OriginalLayers {
 		mt, err := attestationLayer.Layer.MediaType()
 		if err != nil {
 			return nil, fmt.Errorf("failed to get layer media type: %w", err)
--- a/pkg/oci/referrers.go
+++ b/pkg/oci/referrers.go
@@ -86,7 +86,7 @@ func (r *ReferrersResolver) resolveAttestations(ctx context.Context) error {
 			}
 			attest := &attestation.AttestationManifest{
 				SubjectName:        r.Identifier,
-				AttestationImage:   &attestation.AttestationImage{OriginalLayers: layers},
+				OriginalLayers:     layers,
 				OriginalDescriptor: &m,
 				SubjectDescriptor:  desc,
 			}
--- a/pkg/oci/registry.go
+++ b/pkg/oci/registry.go
@@ -132,7 +132,7 @@ func FetchAttestationManifest(ctx context.Context, image string, platform *v1.Pl
 		return nil, fmt.Errorf("failed to get attestations from image: %w", err)
 	}
 	attest := &attestation.AttestationManifest{
-		AttestationImage:   &att.AttestationImage{OriginalLayers: layers},
+		OriginalLayers:     layers,
 		OriginalDescriptor: &remoteDescriptor.Descriptor,
 		SubjectName:        image,
 		SubjectDescriptor:  subjectDescriptor,