6f94d59a96
* Add `policy.Resolver` struct to reduce parameters * Pass image name directly rather than resolver * Move policy match stuff to its own file
39 lines
1.2 KiB
Go
39 lines
1.2 KiB
Go
package policy
|
|
|
|
import (
|
|
"fmt"
|
|
|
|
"github.com/docker/attest/pkg/attestation"
|
|
"github.com/docker/attest/pkg/config"
|
|
"github.com/docker/attest/pkg/oci"
|
|
)
|
|
|
|
func CreateImageDetailsResolver(imageSource *oci.ImageSpec) (oci.ImageDetailsResolver, error) {
|
|
switch imageSource.Type {
|
|
case oci.OCI:
|
|
return attestation.NewOCILayoutResolver(imageSource)
|
|
case oci.Docker:
|
|
return oci.NewRegistryImageDetailsResolver(imageSource)
|
|
}
|
|
return nil, fmt.Errorf("unsupported image source type: %s", imageSource.Type)
|
|
}
|
|
|
|
func CreateAttestationResolver(resolver oci.ImageDetailsResolver, mapping *config.PolicyMapping) (attestation.Resolver, error) {
|
|
if mapping.Attestations != nil {
|
|
if mapping.Attestations.Style == config.AttestationStyleAttached {
|
|
switch resolver := resolver.(type) {
|
|
case *oci.RegistryImageDetailsResolver:
|
|
return attestation.NewRegistryResolver(resolver)
|
|
case *attestation.LayoutResolver:
|
|
return resolver, nil
|
|
default:
|
|
return nil, fmt.Errorf("unsupported image details resolver type: %T", resolver)
|
|
}
|
|
}
|
|
if mapping.Attestations.Repo != "" {
|
|
return attestation.NewReferrersResolver(resolver, attestation.WithReferrersRepo(mapping.Attestations.Repo))
|
|
}
|
|
}
|
|
return attestation.NewReferrersResolver(resolver)
|
|
}
|