publicWagsHome
/
buildx
1
0
Fork 1
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Merge pull request #1546 from jedevc/v0.10-inspect-lazy-attestations

Browse Source 
[v0.10] Lazily load attestation data in imagetools inspect
pull/1635/head
Justin Chadwell 2 years ago committed by GitHub
parent e640dc6041 78d8b926db
commit 6d935625a6
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
2 changed files with 146 additions and 93 deletions
Show Stats Download Patch File Download Diff File

69
util/imagetools/loader.go
Unescape Escape View File

@ -49,6 +49,9 @@ type asset struct {
config *ocispec.Image config *ocispec.Image
sbom *sbomStub sbom *sbomStub
provenance *provenanceStub provenance *provenanceStub
deferredSbom func() (*sbomStub, error)
deferredProvenance func() (*provenanceStub, error)
} }
type result struct { type result struct {
@ -261,36 +264,40 @@ type sbomStub struct {
func (l *loader) scanSBOM(ctx context.Context, fetcher remotes.Fetcher, r *result, refs []digest.Digest, as *asset) error { func (l *loader) scanSBOM(ctx context.Context, fetcher remotes.Fetcher, r *result, refs []digest.Digest, as *asset) error {
ctx = remotes.WithMediaTypeKeyPrefix(ctx, "application/vnd.in-toto+json", "intoto") ctx = remotes.WithMediaTypeKeyPrefix(ctx, "application/vnd.in-toto+json", "intoto")
as.deferredSbom = func() (*sbomStub, error) {
var sbom *sbomStub
for _, dgst := range refs { for _, dgst := range refs {
mfst, ok := r.manifests[dgst] mfst, ok := r.manifests[dgst]
if !ok { if !ok {
return errors.Errorf("referenced image %s not found", dgst) return nil, errors.Errorf("referenced image %s not found", dgst)
} }
for _, layer := range mfst.manifest.Layers { for _, layer := range mfst.manifest.Layers {
if layer.MediaType == "application/vnd.in-toto+json" && layer.Annotations["in-toto.io/predicate-type"] == "https://spdx.dev/Document" { if layer.MediaType == "application/vnd.in-toto+json" && layer.Annotations["in-toto.io/predicate-type"] == "https://spdx.dev/Document" {
_, err := remotes.FetchHandler(l.cache, fetcher)(ctx, layer) _, err := remotes.FetchHandler(l.cache, fetcher)(ctx, layer)
if err != nil { if err != nil {
return err return nil, err
} }
dt, err := content.ReadBlob(ctx, l.cache, layer) dt, err := content.ReadBlob(ctx, l.cache, layer)
if err != nil { if err != nil {
return err return nil, err
} }
var spdx struct { var spdx struct {
Predicate interface{} `json:"predicate"` Predicate interface{} `json:"predicate"`
} }
if err := json.Unmarshal(dt, &spdx); err != nil { if err := json.Unmarshal(dt, &spdx); err != nil {
return err return nil, err
} }
if as.sbom == nil { if sbom == nil {
as.sbom = &sbomStub{} sbom = &sbomStub{}
as.sbom.SPDX = spdx.Predicate sbom.SPDX = spdx.Predicate
} else { } else {
as.sbom.AdditionalSPDXs = append(as.sbom.AdditionalSPDXs, spdx.Predicate) sbom.AdditionalSPDXs = append(sbom.AdditionalSPDXs, spdx.Predicate)
}
} }
} }
} }
return sbom, nil
} }
return nil return nil
} }
@ -301,34 +308,38 @@ type provenanceStub struct {
func (l *loader) scanProvenance(ctx context.Context, fetcher remotes.Fetcher, r *result, refs []digest.Digest, as *asset) error { func (l *loader) scanProvenance(ctx context.Context, fetcher remotes.Fetcher, r *result, refs []digest.Digest, as *asset) error {
ctx = remotes.WithMediaTypeKeyPrefix(ctx, "application/vnd.in-toto+json", "intoto") ctx = remotes.WithMediaTypeKeyPrefix(ctx, "application/vnd.in-toto+json", "intoto")
as.deferredProvenance = func() (*provenanceStub, error) {
var provenance *provenanceStub
for _, dgst := range refs { for _, dgst := range refs {
mfst, ok := r.manifests[dgst] mfst, ok := r.manifests[dgst]
if !ok { if !ok {
return errors.Errorf("referenced image %s not found", dgst) return nil, errors.Errorf("referenced image %s not found", dgst)
} }
for _, layer := range mfst.manifest.Layers { for _, layer := range mfst.manifest.Layers {
if layer.MediaType == "application/vnd.in-toto+json" && strings.HasPrefix(layer.Annotations["in-toto.io/predicate-type"], "https://slsa.dev/provenance/") { if layer.MediaType == "application/vnd.in-toto+json" && strings.HasPrefix(layer.Annotations["in-toto.io/predicate-type"], "https://slsa.dev/provenance/") {
_, err := remotes.FetchHandler(l.cache, fetcher)(ctx, layer) _, err := remotes.FetchHandler(l.cache, fetcher)(ctx, layer)
if err != nil { if err != nil {
return err return nil, err
} }
dt, err := content.ReadBlob(ctx, l.cache, layer) dt, err := content.ReadBlob(ctx, l.cache, layer)
if err != nil { if err != nil {
return err return nil, err
} }
var slsa struct { var slsa struct {
Predicate interface{} `json:"predicate"` Predicate interface{} `json:"predicate"`
} }
if err := json.Unmarshal(dt, &slsa); err != nil { if err := json.Unmarshal(dt, &slsa); err != nil {
return err return nil, err
} }
as.provenance = &provenanceStub{ provenance = &provenanceStub{
SLSA: slsa.Predicate, SLSA: slsa.Predicate,
} }
break break
} }
} }
} }
return provenance, nil
}
return nil return nil
} }
@ -346,30 +357,50 @@ func (r *result) Configs() map[string]*ocispec.Image {
return res return res
} }
func (r *result) Provenance() map[string]provenanceStub { func (r *result) Provenance() (map[string]provenanceStub, error) {
if len(r.assets) == 0 { if len(r.assets) == 0 {
return nil return nil, nil
} }
res := make(map[string]provenanceStub) res := make(map[string]provenanceStub)
for p, a := range r.assets { for p, a := range r.assets {
if a.deferredProvenance == nil {
continue
}
if a.provenance == nil { if a.provenance == nil {
provenance, err := a.deferredProvenance()
if err != nil {
return nil, err
}
if provenance == nil {
continue continue
} }
a.provenance = provenance
}
res[p] = *a.provenance res[p] = *a.provenance
} }
return res return res, nil
} }
func (r *result) SBOM() map[string]sbomStub { func (r *result) SBOM() (map[string]sbomStub, error) {
if len(r.assets) == 0 { if len(r.assets) == 0 {
return nil return nil, nil
} }
res := make(map[string]sbomStub) res := make(map[string]sbomStub)
for p, a := range r.assets { for p, a := range r.assets {
if a.deferredSbom == nil {
continue
}
if a.sbom == nil { if a.sbom == nil {
sbom, err := a.deferredSbom()
if err != nil {
return nil, err
}
if sbom == nil {
continue continue
} }
a.sbom = sbom
}
res[p] = *a.sbom res[p] = *a.sbom
} }
return res return res, nil
} }

78
util/imagetools/printers.go
Unescape Escape View File

@ -99,8 +99,6 @@ func (p *Printer) Print(raw bool, out io.Writer) error {
} }
imageconfigs := res.Configs() imageconfigs := res.Configs()
provenances := res.Provenance()
sboms := res.SBOM()
format := tpl.Root.String() format := tpl.Root.String()
var mfst interface{} var mfst interface{}
@ -142,44 +140,22 @@ func (p *Printer) Print(raw bool, out io.Writer) error {
} }
default: default:
if len(res.platforms) > 1 { if len(res.platforms) > 1 {
return tpl.Execute(out, struct { return tpl.Execute(out, tplInputs{
Name string `json:"name,omitempty"`
Manifest interface{} `json:"manifest,omitempty"`
Image map[string]*ocispecs.Image `json:"image,omitempty"`
Provenance map[string]provenanceStub `json:"Provenance,omitempty"`
SBOM map[string]sbomStub `json:"SBOM,omitempty"`
}{
Name: p.name, Name: p.name,
Manifest: mfst, Manifest: mfst,
Image: imageconfigs, Image: imageconfigs,
Provenance: provenances, result: res,
SBOM: sboms,
}) })
} }
var ic *ocispecs.Image var ic *ocispecs.Image
for _, v := range imageconfigs { for _, v := range imageconfigs {
ic = v ic = v
} }
var provenance provenanceStub return tpl.Execute(out, tplInput{
for _, v := range provenances {
provenance = v
}
var sbom sbomStub
for _, v := range sboms {
sbom = v
}
return tpl.Execute(out, struct {
Name string `json:"name,omitempty"`
Manifest interface{} `json:"manifest,omitempty"`
Image *ocispecs.Image `json:"image,omitempty"`
Provenance provenanceStub `json:"Provenance,omitempty"`
SBOM sbomStub `json:"SBOM,omitempty"`
}{
Name: p.name, Name: p.name,
Manifest: mfst, Manifest: mfst,
Image: ic, Image: ic,
Provenance: provenance, result: res,
SBOM: sbom,
}) })
} }
@ -227,3 +203,49 @@ func (p *Printer) printManifestList(out io.Writer) error {
} }
return w.Flush() return w.Flush()
} }
type tplInput struct {
Name string `json:"name,omitempty"`
Manifest interface{} `json:"manifest,omitempty"`
Image *ocispecs.Image `json:"image,omitempty"`
result *result
}
func (inp tplInput) SBOM() (sbomStub, error) {
sbom, err := inp.result.SBOM()
if err != nil {
return sbomStub{}, nil
}
for _, v := range sbom {
return v, nil
}
return sbomStub{}, nil
}
func (inp tplInput) Provenance() (provenanceStub, error) {
provenance, err := inp.result.Provenance()
if err != nil {
return provenanceStub{}, nil
}
for _, v := range provenance {
return v, nil
}
return provenanceStub{}, nil
}
type tplInputs struct {
Name string `json:"name,omitempty"`
Manifest interface{} `json:"manifest,omitempty"`
Image map[string]*ocispecs.Image `json:"image,omitempty"`
result *result
}
func (inp tplInputs) SBOM() (map[string]sbomStub, error) {
return inp.result.SBOM()
}
func (inp tplInputs) Provenance() (map[string]provenanceStub, error) {
return inp.result.Provenance()
}

Write Preview
Loading…
Cancel
Save