Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add artifact signature information to the generated index #105

Merged
merged 4 commits into from
Sep 19, 2023
Merged

Add artifact signature information to the generated index #105

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
4 commits
Select commit Hold shift + click to select a range
d4bbc1a
feat(registry.go): add artifact signature to the registry model
maxgio92 Jul 20, 2023
9fdd887
feat(index.go): add signature info to the index entry from registry
maxgio92 Jul 20, 2023
da18106
test(index_test.go): update e2e cases with artifact signature info
maxgio92 Jul 20, 2023
0cf6aaf
deps: bump falcoctl to v0.6.1
maxgio92 Sep 18, 2023
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
29 changes: 23 additions & 6 deletions build/registry/go.mod
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,46 +1,61 @@
module registry

go 1.19
go 1.21

toolchain go1.21.0

require (
github.com/aws/aws-sdk-go v1.44.183
github.com/aws/aws-sdk-go v1.44.288
github.com/blang/semver v3.5.1+incompatible
github.com/falcosecurity/falcoctl v0.5.1
github.com/falcosecurity/falcoctl v0.6.1
github.com/spf13/cobra v1.7.0
github.com/stretchr/testify v1.8.4
gopkg.in/yaml.v2 v2.4.0
k8s.io/klog/v2 v2.80.1
k8s.io/klog/v2 v2.100.1
oras.land/oras-go/v2 v2.2.1
)

require (
atomicgo.dev/cursor v0.2.0 // indirect
atomicgo.dev/keyboard v0.2.9 // indirect
atomicgo.dev/schedule v0.1.0 // indirect
cloud.google.com/go/compute v1.23.0 // indirect
cloud.google.com/go/compute/metadata v0.2.3 // indirect
github.com/containerd/console v1.0.3 // indirect
github.com/davecgh/go-spew v1.1.1 // indirect
github.com/docker/cli v24.0.5+incompatible // indirect
github.com/docker/docker v24.0.5+incompatible // indirect
github.com/docker/docker-credential-helpers v0.8.0 // indirect
github.com/fsnotify/fsnotify v1.6.0 // indirect
github.com/go-logr/logr v1.2.4 // indirect
github.com/golang/protobuf v1.5.3 // indirect
github.com/gookit/color v1.5.4 // indirect
github.com/hashicorp/hcl v1.0.0 // indirect
github.com/inconshreveable/mousetrap v1.1.0 // indirect
github.com/jmespath/go-jmespath v0.4.0 // indirect
github.com/kr/text v0.2.0 // indirect
github.com/lithammer/fuzzysearch v1.1.8 // indirect
github.com/magiconair/properties v1.8.7 // indirect
github.com/mattn/go-isatty v0.0.19 // indirect
github.com/mattn/go-runewidth v0.0.15 // indirect
github.com/mitchellh/mapstructure v1.5.0 // indirect
github.com/niemeyer/pretty v0.0.0-20200227124842-a10e7caefd8e // indirect
github.com/opencontainers/go-digest v1.0.0 // indirect
github.com/opencontainers/image-spec v1.1.0-rc4 // indirect
github.com/oras-project/oras-credentials-go v0.3.0 // indirect
github.com/pelletier/go-toml/v2 v2.0.9 // indirect
github.com/pkg/errors v0.9.1 // indirect
github.com/pmezard/go-difflib v1.0.0 // indirect
github.com/pterm/pterm v0.12.66 // indirect
github.com/pterm/pterm v0.12.67 // indirect
github.com/rivo/uniseg v0.4.4 // indirect
github.com/sirupsen/logrus v1.9.3 // indirect
github.com/spf13/afero v1.9.5 // indirect
github.com/spf13/cast v1.5.1 // indirect
github.com/spf13/jwalterweatherman v1.1.0 // indirect
github.com/spf13/pflag v1.0.5 // indirect
github.com/spf13/viper v1.16.0 // indirect
github.com/subosito/gotenv v1.6.0 // indirect
github.com/xo/terminfo v0.0.0-20220910002029-abceb7e1c41e // indirect
golang.org/x/exp v0.0.0-20230817173708-d852ddb80c63 // indirect
golang.org/x/net v0.14.0 // indirect
golang.org/x/oauth2 v0.11.0 // indirect
golang.org/x/sync v0.3.0 // indirect
Expand All @@ -50,5 +65,7 @@ require (
google.golang.org/appengine v1.6.7 // indirect
google.golang.org/protobuf v1.31.0 // indirect
gopkg.in/check.v1 v1.0.0-20200227125254-8fa46927fb4f // indirect
gopkg.in/ini.v1 v1.67.0 // indirect
gopkg.in/yaml.v3 v3.0.1 // indirect
gotest.tools/v3 v3.5.0 // indirect
)
532 changes: 516 additions & 16 deletions build/registry/go.sum
View file
Open in desktop

Large diffs are not rendered by default.

3 changes: 2 additions & 1 deletion build/registry/index.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -20,7 +20,7 @@ import (
"path/filepath"
"strings"

"github.com/falcosecurity/falcoctl/pkg/index"
"github.com/falcosecurity/falcoctl/pkg/index/index"
"github.com/falcosecurity/falcoctl/pkg/oci"
)

Expand All @@ -40,6 +40,7 @@ func pluginRulesToIndexEntry(rf Rulesfile, registry, repo string) *index.Entry {
License: rf.License,
Maintainers: rf.Maintainers,
Sources: []string{rf.URL},
Signature: rf.Signature,
}
}

Expand Down
39 changes: 35 additions & 4 deletions build/registry/index_test.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -20,7 +20,7 @@ import (
"reflect"
"testing"

"github.com/falcosecurity/falcoctl/pkg/index"
"github.com/falcosecurity/falcoctl/pkg/index/index"
"github.com/stretchr/testify/assert"
)

Expand All @@ -32,11 +32,25 @@ func Test_upsertIndex(t *testing.T) {
indexPath string
expectedIndexPath string
}{
{"missing", "testdata/registry.yaml", map[string]string{"falco": "ghcr.io/falcosecurity/rules/falco"}, "testdata/index1.yaml", "testdata/index_expected1.yaml"},
{"already_present", "testdata/registry.yaml", map[string]string{"falco": "ghcr.io/falcosecurity/rules/falco"}, "testdata/index2.yaml", "testdata/index2.yaml"},
{
"missing",
"testdata/registry.yaml",
map[string]string{"falco": "ghcr.io/falcosecurity/rules/falco"},
"testdata/index1.yaml",
"testdata/index_expected1.yaml",
},
{
"already_present",
"testdata/registry.yaml",
map[string]string{"falco": "ghcr.io/falcosecurity/rules/falco"},
"testdata/index2.yaml",
"testdata/index2.yaml",
},
}
for _, tt := range tests {
t.Run(tt.name, func(t *testing.T) {
t.Parallel()

i := index.New(GHOrg)
assert.NoError(t, i.Read(tt.indexPath))
expectedIndex := index.New(GHOrg)
Expand All @@ -48,8 +62,25 @@ func Test_upsertIndex(t *testing.T) {
upsertIndex(r, tt.ociArtifacts, i)

if !reflect.DeepEqual(i, expectedIndex) {
t.Errorf("index() = %v, want %v", i, expectedIndex)
t.Errorf("index() = %#v, want %v", i, expectedIndex)
}
})
}
}

func TestPluginRulesToIndexEntrySignature(t *testing.T) {
t.Parallel()

signature := &index.Signature{
Cosign: &index.CosignSignature{},
}

expected := signature

p := Rulesfile{Signature: signature}

entry := pluginRulesToIndexEntry(p, "", "")
if !reflect.DeepEqual(entry.Signature, expected) {
t.Fatalf("Index entry signature: expected %#v, got %v", expected, entry.Signature)
}
}
14 changes: 8 additions & 6 deletions build/registry/registry.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -21,6 +21,7 @@ import (
"os"
"regexp"

"github.com/falcosecurity/falcoctl/pkg/index/index"
"gopkg.in/yaml.v2"
)

Expand All @@ -37,12 +38,13 @@ type Rulesfile struct {
Email string `yaml:"email"`
Name string `yaml:"name"`
} `yaml:"maintainers"`
Keywords []string `yaml:"keywords"`
Path string `yaml:"path"`
URL string `yaml:"url"`
License string `yaml:"license"`
Reserved bool `yaml:"reserved"`
Archived bool `yaml:"archived"`
Keywords []string `yaml:"keywords"`
Path string `yaml:"path"`
URL string `yaml:"url"`
License string `yaml:"license"`
Reserved bool `yaml:"reserved"`
Archived bool `yaml:"archived"`
Signature *index.Signature `yaml:"signature,omitempty"`
}

type Registry struct {
Expand Down
4 changes: 4 additions & 0 deletions build/registry/testdata/index2.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -47,3 +47,7 @@
name: The Falco Authors
sources:
- https://github.com/falcosecurity/rules/blob/main/rules/falco_rules.yaml
signature:
cosign:
certificate-oidc-issuer: https://token.actions.githubusercontent.com
certificate-identity-regexp: https://github.com/falcosecurity/rules/
4 changes: 4 additions & 0 deletions build/registry/testdata/index_expected1.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -47,3 +47,7 @@
name: The Falco Authors
sources:
- https://github.com/falcosecurity/rules/blob/main/rules/falco_rules.yaml
signature:
cosign:
certificate-oidc-issuer: https://token.actions.githubusercontent.com
certificate-identity-regexp: https://github.com/falcosecurity/rules/
8 changes: 8 additions & 0 deletions build/registry/testdata/registry.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -11,6 +11,10 @@ rulesfiles:
keywords:
- falco
url: https://github.com/falcosecurity/rules/blob/main/rules/falco_rules.yaml
signature:
cosign:
certificate-oidc-issuer: https://token.actions.githubusercontent.com
certificate-identity-regexp: https://github.com/falcosecurity/rules/
- name: applications
description: Application rules
authors: The Falco Authors
Expand All @@ -21,3 +25,7 @@ rulesfiles:
path: rules/application_rules.yaml
url: https://github.com/falcosecurity/rules/blob/main/rules/application_rules.yaml
license: apache-2.0
signature:
cosign:
certificate-oidc-issuer: https://token.actions.githubusercontent.com
certificate-identity-regexp: https://github.com/falcosecurity/rules/