docker/attest
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
194 Commits 1 Branch 35 Tags
v0.2.1
Commit Graph

98 Commits

Author SHA1 Message Date
mrjoelkamp
0133423f0d feat: add nil pointer test 2024-08-05 16:50:40 -05:00
mrjoelkamp
501b9b442d feat: add CreateAttestationResolver tests 2024-08-05 16:31:39 -05:00
mrjoelkamp
c7d17faf05 fix: layout attestation resolver 2024-08-05 15:32:24 -05:00
mrjoelkamp
58021646e3 feat: add oci layout test 2024-08-05 11:24:28 -05:00
mrjoelkamp
3e7a85e9b8 fix: nil pointer dereference 2024-08-05 11:24:05 -05:00
mrjoelkamp
bb7a9a257e chore: remove duplicate code 2024-08-05 11:23:32 -05:00
mrjoelkamp
c690d1090c chore: use prefix const 2024-08-05 11:22:49 -05:00
mrjoelkamp
1d1c258f9c fix: referrers resolver only works for registry resolvers 2024-08-05 10:20:40 -05:00
mrjoelkamp
5d096e226f refactor: fix import cycle for mock resolver 2024-08-05 10:19:50 -05:00
mrjoelkamp
78ec0b7666 fix: use referrers repo img spec and resolver 2024-08-01 15:24:35 -05:00
Joel Kamp
053f764b8f Merge branch 'main' into fix-oci-layout-referrers 2024-08-01 13:48:53 -05:00
mrjoelkamp
ad3b8b9e49 fix: let OCI layouts use referrers attestations 2024-08-01 13:41:49 -05:00
James Carnegie
9582e69968 fix: standardize casing of initialisms (#112) 
* fix: standardize casing of initialisms
* fix: rename intoto -> inToto and Intoto to InToto
* fix: fix all linting errors
 2024-08-01 15:35:15 +01:00
Jonny Stoten
008c14e3f3 chore: reformat with gofumpt (#109) 
* Reformat with gofumpt

* Suppress issue about laxer perms than 0600

---------

Co-authored-by: Joel Kamp <joel.kamp@docker.com>
 2024-07-31 15:48:00 +01:00
James Carnegie
9571f17476 fix: add auth to referrers image retrieval (#108) 2024-07-31 14:31:29 +01:00
Jonny Stoten
91fdf7ece6 Remove dependency on github.com/pkg/errors (#106) 2024-07-30 14:07:19 +01:00
James Carnegie
a1c7bbb991 debt: remove goyaml. Fixup directives (#103) 2024-07-29 17:21:15 +01:00
Jonny Stoten
2ffdfdf0eb docs: first cut of a new README (#99) 
Lots of this is taken from image-signer-verifier's README. The stuff on
policy is all new.

Co-authored-by: James Carnegie <kipz@users.noreply.github.com>
 2024-07-29 16:43:31 +01:00
mrjoelkamp
1e3c120272 fix: test targets file no ext 2024-07-22 16:03:23 -05:00
James Carnegie
efb73f4cae Use DSSE artifactType in referrers (#95) 
* bug: Use DSSE media types for artifactType

* Don't serialize DSSE extension if not present

* Update pkg/attestation/types.go

Co-authored-by: Joel Kamp <joel.kamp@docker.com>

* Don't error on no referrers

---------

Co-authored-by: Joel Kamp <joel.kamp@docker.com>
 2024-07-22 18:17:12 +01:00
James Carnegie
5e68d94ad4 set artifactType correctly for referrers fallback (#94) 
* set artifactType correctly for referrers fallback
 2024-07-19 16:39:35 +01:00
James Carnegie
de5668aca2 chore: fix linting errors (#91) 2024-07-16 12:52:33 +01:00
James Carnegie
065b354d3c Make referrers attestations OCI compliant (#80) 
* Single attestation when creating VSA

* Create single layer images for referrers attestations

* Move mock to test package. Add artifacts test

* Add test for envelope detection

* Add tests for image/index saving

* Add mirror tests

* Remove AttestationImage field from AttestationManifest

* Update naming. strictReferers != laxReferrers

* Add specific test for SaveReferrers
 2024-07-16 10:05:17 +01:00
Jonny Stoten
a4c3bd07fe Add proper mirror support (#74) 
* Add rewrite support and fix existing tests

* Add unit tests for policy matching

* Compile regexes up front and store policies in map

* Add test for verify flow with mirror

* Rename ImageName -> ResolvedName

And only set it when necessary

* Rename Rewrite -> Replacement

but keep it as rewrite in the yaml
 2024-07-12 17:09:41 +01:00
mrjoelkamp
da310234a4 feat: export embedded root names 2024-07-11 09:55:00 -05:00
mrjoelkamp
d65be7be7c fix: use prod as default for mirroring 2024-07-11 09:41:04 -05:00
mrjoelkamp
0330ea4755 feat: add EmbeddedRoot type 2024-07-10 17:30:35 -05:00
mrjoelkamp
1754a98e4e fix: dont use keyword var 2024-07-10 16:35:48 -05:00
Joel Kamp
a05fc10d53 Update pkg/tuf/tuf_test.go 
Co-authored-by: David Dooling <141646279+whalelines@users.noreply.github.com>
 2024-07-10 16:19:58 -05:00
mrjoelkamp
e830271d01 feat: add test 2024-07-10 14:39:52 -05:00
mrjoelkamp
1cb3e4a281 feat: add production tuf root 2024-07-10 14:29:59 -05:00
James Carnegie
6b199f027a Enable GCP integration test (#82) 2024-07-09 15:02:49 +01:00
James Carnegie
0038e3d23d Unify functions for use in sign & verify --vsa (#71) 
* Use receivers for manifest functions
* Move SaveImage/SaveIndex from image-signing-verifier
* Ignore test fixtures in coverage
* Add AddImagesToIndex function
 2024-07-05 09:29:14 +01:00
James Carnegie
0dd63bf5a3 Add GCP KMS support (#73) 
* Add GCP KMS support
 2024-07-04 15:32:10 +01:00
James Carnegie
bda1910107 Add e2e auth test (#68) 
* Add e2e auth test
 2024-07-01 14:14:23 +01:00
mrjoelkamp
e37f788865 refactor: drop ACR support for now 2024-06-25 13:44:29 -05:00
Joel Kamp
8cae188735 Merge branch 'main' into feat-cloud-provider-authn 2024-06-21 16:39:45 -05:00
James Carnegie
357768d421 Various fixes (#63) 
* Fix digest resolution and attestation style

* Add a bunch more tests

* Rename fields for consistency

* Remove copy-pasta

* Value -> pointer
 2024-06-21 22:12:42 +01:00
James Carnegie
6bd57e02b6 Add support for separate attestation storage repo (#62) 
* Add support for separate attestation storage repo
* Move mapping file types and parsing to config package
* Change signature of Verify to take image/platform
* Separate Attestation Resolvers to their own files (registry, layout and referrers)
* Add support configuring referrers resolution style in mapping.yaml
* Add registry test
 2024-06-21 11:29:16 +01:00
mrjoelkamp
08e823e05b refactor: make common authn function 2024-06-18 12:00:47 -05:00
mrjoelkamp
f611f81fff feat: add support for ecr, gcp, acr authn 2024-06-18 09:59:04 -05:00
mrjoelkamp
8e3c6a2ec5 feat: use os.ModePerm 2024-06-18 09:39:12 -05:00
mrjoelkamp
a3921c206a fix: ineffectual assign 2024-06-18 09:38:50 -05:00
James Carnegie
130e1f640b Support referrers using digest, not just tag (#55) 
* Support referrers using digest, not just tag

* ParseRef and switch on type

* Call DigestStr instead of String
 2024-06-17 17:30:12 +01:00
Jonny Stoten
0d0d86854c Return policy input with verification result (#56) 2024-06-17 17:28:22 +01:00
Jonny Stoten
1d9e14b99f Avoid pointers to map (#57) 2024-06-17 17:24:29 +01:00
mrjoelkamp
c02e628600 fix: mkdir perms 2024-06-14 15:23:25 -05:00
mrjoelkamp
83dfd746b9 fix: update output dir permissions 2024-06-14 11:11:48 -05:00
mrjoelkamp
845fe93c11 refactor: remove any; split into functions 2024-06-14 10:04:18 -05:00
mrjoelkamp
c154613c52 refactor: use interface value 2024-06-14 10:03:39 -05:00