Revert "Remove unsupported tekton-provenance storage in config (tekto…

…ncd#594) (tektoncd#590)" This reverts commit 83af002.
chuangw6 · Oct 21, 2022 · e658c15 · e658c15
1 parent 83af002
commit e658c15
Show file tree

Hide file tree

Showing 12 changed files with 329 additions and 764 deletions.
diff --git a/pkg/chains/formats/intotoite6/extract/extract.go b/pkg/chains/formats/intotoite6/extract/extract.go
@@ -17,7 +17,6 @@ limitations under the License.
 package extract
 
 import (
-	"fmt"
 	"sort"
 	"strings"
 
@@ -31,13 +30,8 @@ import (
 	"go.uber.org/zap"
 )
 
-// SubjectDigests returns software artifacts produced from the TaskRun/PipelineRun object
-// in the form of standard subject field of intoto statement.
-// The type hinting fields expected in results help identify the generated software artifacts.
-// Valid type hinting fields must:
-//   - have suffix `IMAGE_URL` & `IMAGE_DIGEST` or `ARTIFACT_URI` & `ARTIFACT_DIGEST` pair.
-//   - the `*_DIGEST` field must be in the format of "<algorithm>:<actual-sha>" where the algorithm must be "sha256" and actual sha must be valid per https://github.com/opencontainers/image-spec/blob/main/descriptor.md#sha-256.
-//   - the `*_URL` or `*_URI` fields cannot be empty.
+// SubjectDigests extracts OCI images and other structured results from the TaskRun and PipelineRun based on standard hinting set up
+// It also goes through looking for any PipelineResources of Image type
 func SubjectDigests(obj objects.TektonObject, logger *zap.SugaredLogger) []intoto.Subject {
 	var subjects []intoto.Subject
 
@@ -124,19 +118,3 @@ func SubjectDigests(obj objects.TektonObject, logger *zap.SugaredLogger) []intot
 	})
 	return subjects
 }
-
-// RetrieveAllArtifactURIs returns all the URIs of the software artifacts produced from the run object.
-// - It first extracts intoto subjects from run object results and converts the subjects
-// to a slice of string URIs in the format of "NAME" + "@" + "ALGORITHM" + ":" + "DIGEST".
-// - If no subjects could be extracted from results, then an empty slice is returned.
-func RetrieveAllArtifactURIs(obj objects.TektonObject, logger *zap.SugaredLogger) []string {
-	result := []string{}
-	subjects := SubjectDigests(obj, logger)
-
-	for _, s := range subjects {
-		for algo, digest := range s.Digest {
-			result = append(result, fmt.Sprintf("%s@%s:%s", s.Name, algo, digest))
-		}
-	}
-	return result
-}
diff --git a/pkg/chains/formats/intotoite6/extract/extract_test.go b/pkg/chains/formats/intotoite6/extract/extract_test.go
diff --git a/pkg/chains/formats/intotoite6/pipelinerun/pipelinerun.go b/pkg/chains/formats/intotoite6/pipelinerun/pipelinerun.go
@@ -14,6 +14,7 @@ limitations under the License.
 package pipelinerun
 
 import (
+	"fmt"
 	"time"
 
 	intoto "github.com/in-toto/in-toto-golang/in_toto"
@@ -57,7 +58,7 @@ func GenerateAttestation(builderID string, pro *objects.PipelineRunObject, logge
 			Builder: slsa.ProvenanceBuilder{
 				ID: builderID,
 			},
-			BuildType:   pro.GetGVK(),
+			BuildType:   fmt.Sprintf("%s/%s", pro.GetGroupVersionKind().GroupVersion().String(), pro.GetGroupVersionKind().Kind),
 			Invocation:  invocation(pro),
 			BuildConfig: buildConfig(pro, logger),
 			Metadata:    metadata(pro),

diff --git a/pkg/chains/formats/intotoite6/taskrun/taskrun.go b/pkg/chains/formats/intotoite6/taskrun/taskrun.go
@@ -14,6 +14,8 @@ limitations under the License.
 package taskrun
 
 import (
+	"fmt"
+
 	intoto "github.com/in-toto/in-toto-golang/in_toto"
 	slsa "github.com/in-toto/in-toto-golang/in_toto/slsa_provenance/v0.2"
 	"github.com/tektoncd/chains/pkg/artifacts"
@@ -28,6 +30,8 @@ import (
 func GenerateAttestation(builderID string, tro *objects.TaskRunObject, logger *zap.SugaredLogger) (interface{}, error) {
 	subjects := extract.SubjectDigests(tro, logger)
 
+	tr := tro.GetObject().(*v1beta1.TaskRun)
+
 	att := intoto.ProvenanceStatement{
 		StatementHeader: intoto.StatementHeader{
 			Type:          intoto.StatementInTotoV01,
@@ -38,7 +42,7 @@ func GenerateAttestation(builderID string, tro *objects.TaskRunObject, logger *z
 			Builder: slsa.ProvenanceBuilder{
 				ID: builderID,
 			},
-			BuildType:   tro.GetGVK(),
+			BuildType:   fmt.Sprintf("%s/%s", tr.GetGroupVersionKind().GroupVersion().String(), tr.GetGroupVersionKind().Kind),
 			Invocation:  invocation(tro),
 			BuildConfig: buildConfig(tro),
 			Metadata:    metadata(tro),

diff --git a/pkg/chains/objects/objects.go b/pkg/chains/objects/objects.go
@@ -16,7 +16,6 @@ package objects
 import (
 	"context"
 	"errors"
-	"fmt"
 
 	"github.com/tektoncd/pipeline/pkg/apis/pipeline/pod"
 	"github.com/tektoncd/pipeline/pkg/apis/pipeline/v1beta1"
@@ -52,7 +51,7 @@ type Result struct {
 // to Tekton objects.
 type TektonObject interface {
 	Object
-	GetGVK() string
+	GetKind() string
 	GetObject() interface{}
 	GetLatestAnnotations(ctx context.Context, clientSet versioned.Interface) (map[string]string, error)
 	Patch(ctx context.Context, clientSet versioned.Interface, patchBytes []byte) error
@@ -79,17 +78,17 @@ type TaskRunObject struct {
 	*v1beta1.TaskRun
 }
 
-var _ TektonObject = &TaskRunObject{}
-
 func NewTaskRunObject(tr *v1beta1.TaskRun) *TaskRunObject {
 	return &TaskRunObject{
 		tr,
 	}
 }
 
-// Get the TaskRun GroupVersionKind
-func (tro *TaskRunObject) GetGVK() string {
-	return fmt.Sprintf("%s/%s", tro.GetGroupVersionKind().GroupVersion().String(), tro.GetGroupVersionKind().Kind)
+// Get the TaskRun kind
+func (tro *TaskRunObject) GetKind() string {
+	// TODO: Want to use tro.GetObjectKind().GroupVersionKind().Kind but
+	// never seems to be populated
+	return "taskrun"
 }
 
 // Get the latest annotations on the TaskRun
@@ -136,21 +135,21 @@ func (tro *TaskRunObject) GetPullSecrets() []string {
 type PipelineRunObject struct {
 	// The base PipelineRun
 	*v1beta1.PipelineRun
-	// taskRuns that were apart of this PipelineRun
+	// TaskRuns that were apart of this PipelineRun
 	taskRuns []*v1beta1.TaskRun
 }
 
-var _ TektonObject = &PipelineRunObject{}
-
 func NewPipelineRunObject(pr *v1beta1.PipelineRun) *PipelineRunObject {
 	return &PipelineRunObject{
 		PipelineRun: pr,
 	}
 }
 
-// Get the PipelineRun GroupVersionKind
-func (pro *PipelineRunObject) GetGVK() string {
-	return fmt.Sprintf("%s/%s", pro.GetGroupVersionKind().GroupVersion().String(), pro.GetGroupVersionKind().Kind)
+// Get the PipelineRun kind
+func (pro *PipelineRunObject) GetKind() string {
+	// TODO: Want to use tro.GetObjectKind().GroupVersionKind().Kind but
+	// never seems to be populated
+	return "pipelinerun"
 }
 
 // Request the current annotations on the PipelineRun object

diff --git a/pkg/chains/signing.go b/pkg/chains/signing.go
@@ -165,7 +165,7 @@ func (o *ObjectSigner) Sign(ctx context.Context, tektonObj objects.TektonObject)
 		payloader, ok := o.Formatters[payloadFormat]
 
 		if !ok {
-			logger.Warnf("Format %s configured for %s: %v was not found", payloadFormat, tektonObj.GetGVK(), signableType.Type())
+			logger.Warnf("Format %s configured for %s: %v was not found", payloadFormat, tektonObj.GetKind(), signableType.Type())
 			continue
 		}
 
@@ -181,7 +181,7 @@ func (o *ObjectSigner) Sign(ctx context.Context, tektonObj objects.TektonObject)
 				logger.Error(err)
 				continue
 			}
-			logger.Infof("Created payload of type %s for %s %s/%s", string(payloadFormat), tektonObj.GetGVK(), tektonObj.GetNamespace(), tektonObj.GetName())
+			logger.Infof("Created payload of type %s for %s %s/%s", string(payloadFormat), tektonObj.GetKind(), tektonObj.GetNamespace(), tektonObj.GetName())
 
 			// Sign it!
 			signerType := signableType.Signer(cfg)