feat: add reference wrapper for envelope
This commit is contained in:
mrjoelkamp
@@ -316,8 +316,8 @@ func buildImageFromLayers(layers []*Layer, manifest *v1.Descriptor, subject *v1.
|
||||
return newImg, nil
|
||||
}
|
||||
|
||||
func ExtractEnvelopes(manifest *Manifest, predicateType string) ([]*Envelope, error) {
|
||||
var envs []*Envelope
|
||||
func ExtractEnvelopes(manifest *Manifest, predicateType string) ([]*EnvelopeReference, error) {
|
||||
var envs []*EnvelopeReference
|
||||
dsseMediaType, err := DSSEMediaType(predicateType)
|
||||
if err != nil {
|
||||
return nil, fmt.Errorf("failed to get DSSE media type for predicate '%s': %w", predicateType, err)
|
||||
@@ -333,11 +333,20 @@ func ExtractEnvelopes(manifest *Manifest, predicateType string) ([]*Envelope, er
|
||||
return nil, fmt.Errorf("failed to get layer contents: %w", err)
|
||||
}
|
||||
defer reader.Close()
|
||||
env := new(Envelope)
|
||||
env := new(EnvelopeReference)
|
||||
err = json.NewDecoder(reader).Decode(&env)
|
||||
if err != nil {
|
||||
return nil, fmt.Errorf("failed to decode envelope: %w", err)
|
||||
}
|
||||
var uri string
|
||||
if len(manifest.OriginalDescriptor.URLs) > 0 {
|
||||
uri = manifest.OriginalDescriptor.URLs[0]
|
||||
}
|
||||
env.ResourceDescriptor = &ResourceDescriptor{
|
||||
MediaType: string(mt),
|
||||
Digest: map[string]string{manifest.OriginalDescriptor.Digest.Algorithm: manifest.OriginalDescriptor.Digest.Hex},
|
||||
URI: uri,
|
||||
}
|
||||
envs = append(envs, env)
|
||||
}
|
||||
}
|
||||
|
||||
@@ -45,8 +45,8 @@ func (r *LayoutResolver) fetchManifest() (*Manifest, error) {
|
||||
return r.Manifest, nil
|
||||
}
|
||||
|
||||
func (r *LayoutResolver) Attestations(_ context.Context, predicateType string) ([]*Envelope, error) {
|
||||
var envs []*Envelope
|
||||
func (r *LayoutResolver) Attestations(_ context.Context, predicateType string) ([]*EnvelopeReference, error) {
|
||||
var envs []*EnvelopeReference
|
||||
dsseMediaType, err := DSSEMediaType(predicateType)
|
||||
if err != nil {
|
||||
return nil, fmt.Errorf("failed to get DSSE media type for predicate '%s': %w", predicateType, err)
|
||||
@@ -60,17 +60,26 @@ func (r *LayoutResolver) Attestations(_ context.Context, predicateType string) (
|
||||
if mts != dsseMediaType {
|
||||
continue
|
||||
}
|
||||
env := new(Envelope)
|
||||
env := new(EnvelopeReference)
|
||||
// parse layer blob as json
|
||||
r, err := attestationLayer.Layer.Uncompressed()
|
||||
layer, err := attestationLayer.Layer.Uncompressed()
|
||||
if err != nil {
|
||||
return nil, fmt.Errorf("failed to get layer contents: %w", err)
|
||||
}
|
||||
defer r.Close()
|
||||
err = json.NewDecoder(r).Decode(env)
|
||||
defer layer.Close()
|
||||
err = json.NewDecoder(layer).Decode(env)
|
||||
if err != nil {
|
||||
return nil, fmt.Errorf("failed to decode envelope: %w", err)
|
||||
}
|
||||
var uri string
|
||||
if len(r.Manifest.OriginalDescriptor.URLs) > 0 {
|
||||
uri = r.Manifest.OriginalDescriptor.URLs[0]
|
||||
}
|
||||
env.ResourceDescriptor = &ResourceDescriptor{
|
||||
MediaType: string(mt),
|
||||
Digest: map[string]string{r.Manifest.OriginalDescriptor.Digest.Algorithm: r.Manifest.OriginalDescriptor.Digest.Hex},
|
||||
URI: uri,
|
||||
}
|
||||
envs = append(envs, env)
|
||||
}
|
||||
return envs, nil
|
||||
|
||||
@@ -12,14 +12,14 @@ import (
|
||||
var _ oci.ImageDetailsResolver = MockResolver{}
|
||||
|
||||
type MockResolver struct {
|
||||
Envs []*Envelope
|
||||
Envs []*EnvelopeReference
|
||||
Image string
|
||||
PlatformFn func() (*v1.Platform, error)
|
||||
DescriptorFn func() (*v1.Descriptor, error)
|
||||
ImangeNameFn func() (string, error)
|
||||
}
|
||||
|
||||
func (r MockResolver) Attestations(_ context.Context, _ string) ([]*Envelope, error) {
|
||||
func (r MockResolver) Attestations(_ context.Context, _ string) ([]*EnvelopeReference, error) {
|
||||
return r.Envs, nil
|
||||
}
|
||||
|
||||
|
||||
@@ -109,12 +109,12 @@ func (r *ReferrersResolver) resolveAttestations(ctx context.Context, predicateTy
|
||||
return aManifests, nil
|
||||
}
|
||||
|
||||
func (r *ReferrersResolver) Attestations(ctx context.Context, predicateType string) ([]*Envelope, error) {
|
||||
func (r *ReferrersResolver) Attestations(ctx context.Context, predicateType string) ([]*EnvelopeReference, error) {
|
||||
manifests, err := r.resolveAttestations(ctx, predicateType)
|
||||
if err != nil {
|
||||
return nil, fmt.Errorf("failed to resolve attestations: %w", err)
|
||||
}
|
||||
var envs []*Envelope
|
||||
var envs []*EnvelopeReference
|
||||
for _, attest := range manifests {
|
||||
es, err := ExtractEnvelopes(attest, predicateType)
|
||||
if err != nil {
|
||||
|
||||
@@ -24,7 +24,7 @@ func NewRegistryResolver(src *oci.RegistryImageDetailsResolver) (*RegistryResolv
|
||||
}, nil
|
||||
}
|
||||
|
||||
func (r *RegistryResolver) Attestations(ctx context.Context, predicateType string) ([]*Envelope, error) {
|
||||
func (r *RegistryResolver) Attestations(ctx context.Context, predicateType string) ([]*EnvelopeReference, error) {
|
||||
if r.Manifest == nil {
|
||||
attest, err := FetchManifest(ctx, r.Identifier, r.ImageSpec.Platform)
|
||||
if err != nil {
|
||||
|
||||
@@ -8,5 +8,5 @@ import (
|
||||
|
||||
type Resolver interface {
|
||||
oci.ImageDetailsResolver
|
||||
Attestations(ctx context.Context, mediaType string) ([]*Envelope, error)
|
||||
Attestations(ctx context.Context, mediaType string) ([]*EnvelopeReference, error)
|
||||
}
|
||||
|
||||
@@ -67,6 +67,17 @@ type Extension struct {
|
||||
Ext *DockerDSSEExtension `json:"ext"`
|
||||
}
|
||||
|
||||
type EnvelopeReference struct {
|
||||
*Envelope
|
||||
ResourceDescriptor *ResourceDescriptor
|
||||
}
|
||||
|
||||
type ResourceDescriptor struct {
|
||||
MediaType string `json:"mediaType"`
|
||||
Digest map[string]string `json:"digest"`
|
||||
URI string `json:"uri"`
|
||||
}
|
||||
|
||||
type AnnotatedStatement struct {
|
||||
OCIDescriptor *v1.Descriptor
|
||||
InTotoStatement *intoto.Statement
|
||||
|
||||
Reference in New Issue
Block a user