docker/attest
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
249 Commits 1 Branch 35 Tags
v0.4.1
Commit Graph

124 Commits

Author SHA1 Message Date
James Carnegie
4778d3de6a fix: tuf oci image parsing (#142) 
* fix: tuf oci image parsing
 2024-08-29 12:27:13 -05:00
James Carnegie
a4ac09e7da refactor! don't use ctx for policy evaluator (#140) 
* refactor! don't use ctx for policy evaluator
 2024-08-29 17:43:45 +01:00
mrjoelkamp
2acc30693f fix: remove mock tuf client output 2024-08-29 10:03:07 -05:00
mrjoelkamp
5db1b5c4c1 feat: add tuf resolver test 2024-08-28 17:08:46 -05:00
Jonny Stoten
6f94d59a96 refactor!: add policy.Resolver struct to reduce parameters (#130) 
* Add `policy.Resolver` struct to reduce parameters

* Pass image name directly rather than resolver

* Move policy match stuff to its own file
 2024-08-28 11:27:00 +01:00
James Carnegie
9d39c5ae3d feat!: remove MockTUFClient (#135) 
* feat! remove MockTUFClient

*Breaking*
- use LocalPolicyDir and nil TUFClient instead

Other:
- add stateful Verifier
 2024-08-28 09:53:52 +01:00
Jonny Stoten
aed959f858 fix: use a client pointing at Docker's TUF by default (#104) 
`policy.Options` now contains the arguments to `tuf.Client`'s constructor rather than an actual Client. If these arguments are not provided, defaults pointing at Docker's TUF repo will be used. An actual TUF client can be passed in on the context (which is useful for testing). If this is not provided `attest.Verify` will create a TUF client using the options on `policy.Options`.

---------

Co-authored-by: Joel Kamp <joel.kamp@docker.com>
 2024-08-23 09:33:30 +01:00
James Carnegie
802725caf0 feat: add purl details to policy inputs (#129) 2024-08-21 12:01:11 -05:00
mrjoelkamp
52499053d2 feat: add no policy file error 2024-08-14 16:25:41 -05:00
mrjoelkamp
5f17f97229 test: change test to use yaml file instead 2024-08-14 16:13:36 -05:00
mrjoelkamp
8d8f09661f test: add mapping no rego test 2024-08-14 16:10:54 -05:00
mrjoelkamp
059ee8926c refactor: move fullURL only needed for DefaultFetcher 2024-08-14 15:27:02 -05:00
mrjoelkamp
cb47507650 chore: pr comments 2024-08-14 15:01:01 -05:00
mrjoelkamp
2bf7dec72e feat: add policy.downloadLocation 2024-08-14 12:52:36 -05:00
mrjoelkamp
d2a8348ae8 feat: generate vsa policy value from file 2024-08-14 10:57:15 -05:00
mrjoelkamp
5162cfa404 refactor: ensure tests are in correct pkg 2024-08-13 10:03:33 -05:00
mrjoelkamp
72f6517b2c refactor: move empty config image test 2024-08-13 08:26:36 -05:00
mrjoelkamp
84cadeb97e feat: output comments 2024-08-13 08:13:27 -05:00
mrjoelkamp
57a61cc266 fix: e2e auth test 2024-08-12 16:54:44 -05:00
mrjoelkamp
5a772633b0 feat: use EmptyConfigImage for mirror 2024-08-12 16:43:42 -05:00
mrjoelkamp
1febc55a19 fix: cyclical imports 2024-08-12 16:36:18 -05:00
mrjoelkamp
0db96d56aa fix: err check not needed 2024-08-12 14:20:24 -05:00
mrjoelkamp
d291912208 refactor!: move oci output from mirror to oci pkg 
BREAKING_CHANGE: output methods to save and push images are now part of the oci pkg
 2024-08-08 14:23:46 -05:00
mrjoelkamp
9cad88a687 fix: EmptyConfigImage digest 2024-08-08 13:06:56 -05:00
mrjoelkamp
45927967c8 test: debug push 2024-08-08 10:04:41 -05:00
mrjoelkamp
9aa56e564d feat: push attestation artifacts by digest 2024-08-07 15:19:48 -05:00
mrjoelkamp
0133423f0d feat: add nil pointer test 2024-08-05 16:50:40 -05:00
mrjoelkamp
501b9b442d feat: add CreateAttestationResolver tests 2024-08-05 16:31:39 -05:00
mrjoelkamp
c7d17faf05 fix: layout attestation resolver 2024-08-05 15:32:24 -05:00
mrjoelkamp
58021646e3 feat: add oci layout test 2024-08-05 11:24:28 -05:00
mrjoelkamp
3e7a85e9b8 fix: nil pointer dereference 2024-08-05 11:24:05 -05:00
mrjoelkamp
bb7a9a257e chore: remove duplicate code 2024-08-05 11:23:32 -05:00
mrjoelkamp
c690d1090c chore: use prefix const 2024-08-05 11:22:49 -05:00
mrjoelkamp
1d1c258f9c fix: referrers resolver only works for registry resolvers 2024-08-05 10:20:40 -05:00
mrjoelkamp
5d096e226f refactor: fix import cycle for mock resolver 2024-08-05 10:19:50 -05:00
mrjoelkamp
78ec0b7666 fix: use referrers repo img spec and resolver 2024-08-01 15:24:35 -05:00
Joel Kamp
053f764b8f Merge branch 'main' into fix-oci-layout-referrers 2024-08-01 13:48:53 -05:00
mrjoelkamp
ad3b8b9e49 fix: let OCI layouts use referrers attestations 2024-08-01 13:41:49 -05:00
James Carnegie
9582e69968 fix: standardize casing of initialisms (#112) 
* fix: standardize casing of initialisms
* fix: rename intoto -> inToto and Intoto to InToto
* fix: fix all linting errors
 2024-08-01 15:35:15 +01:00
Jonny Stoten
008c14e3f3 chore: reformat with gofumpt (#109) 
* Reformat with gofumpt

* Suppress issue about laxer perms than 0600

---------

Co-authored-by: Joel Kamp <joel.kamp@docker.com>
 2024-07-31 15:48:00 +01:00
James Carnegie
9571f17476 fix: add auth to referrers image retrieval (#108) 2024-07-31 14:31:29 +01:00
Jonny Stoten
91fdf7ece6 Remove dependency on github.com/pkg/errors (#106) 2024-07-30 14:07:19 +01:00
James Carnegie
a1c7bbb991 debt: remove goyaml. Fixup directives (#103) 2024-07-29 17:21:15 +01:00
Jonny Stoten
2ffdfdf0eb docs: first cut of a new README (#99) 
Lots of this is taken from image-signer-verifier's README. The stuff on
policy is all new.

Co-authored-by: James Carnegie <kipz@users.noreply.github.com>
 2024-07-29 16:43:31 +01:00
mrjoelkamp
1e3c120272 fix: test targets file no ext 2024-07-22 16:03:23 -05:00
James Carnegie
efb73f4cae Use DSSE artifactType in referrers (#95) 
* bug: Use DSSE media types for artifactType

* Don't serialize DSSE extension if not present

* Update pkg/attestation/types.go

Co-authored-by: Joel Kamp <joel.kamp@docker.com>

* Don't error on no referrers

---------

Co-authored-by: Joel Kamp <joel.kamp@docker.com>
 2024-07-22 18:17:12 +01:00
James Carnegie
5e68d94ad4 set artifactType correctly for referrers fallback (#94) 
* set artifactType correctly for referrers fallback
 2024-07-19 16:39:35 +01:00
James Carnegie
de5668aca2 chore: fix linting errors (#91) 2024-07-16 12:52:33 +01:00
James Carnegie
065b354d3c Make referrers attestations OCI compliant (#80) 
* Single attestation when creating VSA

* Create single layer images for referrers attestations

* Move mock to test package. Add artifacts test

* Add test for envelope detection

* Add tests for image/index saving

* Add mirror tests

* Remove AttestationImage field from AttestationManifest

* Update naming. strictReferers != laxReferrers

* Add specific test for SaveReferrers
 2024-07-16 10:05:17 +01:00
Jonny Stoten
a4c3bd07fe Add proper mirror support (#74) 
* Add rewrite support and fix existing tests

* Add unit tests for policy matching

* Compile regexes up front and store policies in map

* Add test for verify flow with mirror

* Rename ImageName -> ResolvedName

And only set it when necessary

* Rename Rewrite -> Replacement

but keep it as rewrite in the yaml
 2024-07-12 17:09:41 +01:00