Skip to content

Commit

Permalink
update gcs storage
Browse files Browse the repository at this point in the history
  • Loading branch information
aaron-prindle committed Jan 10, 2024
1 parent aee1656 commit 6d04a41
Show file tree
Hide file tree
Showing 3 changed files with 60 additions and 31 deletions.
63 changes: 46 additions & 17 deletions pkg/chains/storage/gcs/gcs.go
Original file line number Diff line number Diff line change
Expand Up @@ -26,6 +26,7 @@ import (
"github.com/tektoncd/chains/pkg/chains/signing"
"github.com/tektoncd/chains/pkg/chains/storage/api"
"github.com/tektoncd/chains/pkg/config"
v1 "github.com/tektoncd/pipeline/pkg/apis/pipeline/v1"
"github.com/tektoncd/pipeline/pkg/apis/pipeline/v1beta1"
)

Expand Down Expand Up @@ -68,13 +69,13 @@ func NewStorageBackend(ctx context.Context, cfg config.Config) (*Backend, error)
func (b *Backend) StorePayload(ctx context.Context, obj objects.TektonObject, rawPayload []byte, signature string, opts config.StorageOpts) error {
logger := logging.FromContext(ctx)

if tr, isTaskRun := obj.GetObject().(*v1beta1.TaskRun); isTaskRun {
if tr, isTaskRun := obj.GetObject().(*v1.TaskRun); isTaskRun {
store := &TaskRunStorer{
writer: b.writer,
key: opts.ShortKey,
}
// TODO(https://github.com/tektoncd/chains/issues/665) currently using deprecated v1beta1 APIs until we add full v1 support
if _, err := store.Store(ctx, &api.StoreRequest[*v1beta1.TaskRun, *in_toto.Statement]{
if _, err := store.Store(ctx, &api.StoreRequest[*v1.TaskRun, *in_toto.Statement]{
Object: obj,
Artifact: tr,
// We don't actually use payload - we store the raw bundle values directly.
Expand All @@ -89,13 +90,13 @@ func (b *Backend) StorePayload(ctx context.Context, obj objects.TektonObject, ra
logger.Errorf("error writing to GCS: %w", err)
return err
}
} else if pr, isPipelineRun := obj.GetObject().(*v1beta1.PipelineRun); isPipelineRun {
} else if pr, isPipelineRun := obj.GetObject().(*v1.PipelineRun); isPipelineRun {
store := &PipelineRunStorer{
writer: b.writer,
key: opts.ShortKey,
}
// TODO(https://github.com/tektoncd/chains/issues/665) currently using deprecated v1beta1 APIs until we add full v1 support
if _, err := store.Store(ctx, &api.StoreRequest[*v1beta1.PipelineRun, *in_toto.Statement]{
if _, err := store.Store(ctx, &api.StoreRequest[*v1.PipelineRun, *in_toto.Statement]{
Object: obj,
Artifact: pr,
// We don't actually use payload - we store the raw bundle values directly.
Expand All @@ -111,7 +112,7 @@ func (b *Backend) StorePayload(ctx context.Context, obj objects.TektonObject, ra
return err
}
} else {
return fmt.Errorf("type %T not supported - supported types: [*v1beta1.TaskRun, *v1beta1.PipelineRun]", obj.GetObject())
return fmt.Errorf("type %T not supported - supported types: [*v1.TaskRun, *v1.PipelineRun]", obj.GetObject())
}
return nil
}
Expand Down Expand Up @@ -151,10 +152,14 @@ func (b *Backend) RetrieveSignatures(ctx context.Context, obj objects.TektonObje
var object string

switch t := obj.GetObject().(type) {
case *v1.TaskRun:
object = taskRunSigNameV1(t, opts)
case *v1.PipelineRun:
object = pipelineRunSignameV1(t, opts)
case *v1beta1.TaskRun:
object = taskRunSigName(t, opts)
object = taskRunSigNameV1Beta1(t, opts)
case *v1beta1.PipelineRun:
object = pipelineRunSigname(t, opts)
object = pipelineRunSignameV1Beta1(t, opts)
default:
return nil, fmt.Errorf("unsupported TektonObject type: %T", t)
}
Expand All @@ -174,10 +179,14 @@ func (b *Backend) RetrievePayloads(ctx context.Context, obj objects.TektonObject
var object string

switch t := obj.GetObject().(type) {
case *v1.TaskRun:
object = taskRunPayloadNameV1(t, opts)
case *v1.PipelineRun:
object = pipelineRunPayloadNameV1(t, opts)
case *v1beta1.TaskRun:
object = taskRunPayloadName(t, opts)
object = taskRunPayloadNameV1Beta1(t, opts)
case *v1beta1.PipelineRun:
object = pipelineRunPayloadName(t, opts)
object = pipelineRunPayloadNameV1Beta1(t, opts)
default:
return nil, fmt.Errorf("unsupported TektonObject type: %T", t)
}
Expand Down Expand Up @@ -207,29 +216,49 @@ func (b *Backend) retrieveObject(ctx context.Context, object string) (string, er
}

//nolint:staticcheck
func taskRunSigName(tr *v1beta1.TaskRun, opts config.StorageOpts) string {
func taskRunSigNameV1(tr *v1.TaskRun, opts config.StorageOpts) string {
return fmt.Sprintf(SignatureNameFormatTaskRun, tr.Namespace, tr.Name, opts.ShortKey)
}

//nolint:staticcheck
func taskRunPayloadName(tr *v1beta1.TaskRun, opts config.StorageOpts) string {
func taskRunPayloadNameV1(tr *v1.TaskRun, opts config.StorageOpts) string {
return fmt.Sprintf(PayloadNameFormatTaskRun, tr.Namespace, tr.Name, opts.ShortKey)
}

//nolint:staticcheck
func pipelineRunSigname(pr *v1beta1.PipelineRun, opts config.StorageOpts) string {
func pipelineRunSignameV1(pr *v1.PipelineRun, opts config.StorageOpts) string {
return fmt.Sprintf(SignatureNameFormatPipelineRun, pr.Namespace, pr.Name, opts.ShortKey)
}

//nolint:staticcheck
func pipelineRunPayloadName(pr *v1beta1.PipelineRun, opts config.StorageOpts) string {
func pipelineRunPayloadNameV1(pr *v1.PipelineRun, opts config.StorageOpts) string {
return fmt.Sprintf(PayloadNameFormatPipelineRun, pr.Namespace, pr.Name, opts.ShortKey)
}

//nolint:staticcheck
func taskRunSigNameV1Beta1(tr *v1beta1.TaskRun, opts config.StorageOpts) string {
return fmt.Sprintf(SignatureNameFormatTaskRun, tr.Namespace, tr.Name, opts.ShortKey)
}

//nolint:staticcheck
func taskRunPayloadNameV1Beta1(tr *v1beta1.TaskRun, opts config.StorageOpts) string {
return fmt.Sprintf(PayloadNameFormatTaskRun, tr.Namespace, tr.Name, opts.ShortKey)
}

//nolint:staticcheck
func pipelineRunSignameV1Beta1(pr *v1beta1.PipelineRun, opts config.StorageOpts) string {
return fmt.Sprintf(SignatureNameFormatPipelineRun, pr.Namespace, pr.Name, opts.ShortKey)
}

//nolint:staticcheck
func pipelineRunPayloadNameV1Beta1(pr *v1beta1.PipelineRun, opts config.StorageOpts) string {
return fmt.Sprintf(PayloadNameFormatPipelineRun, pr.Namespace, pr.Name, opts.ShortKey)
}

//nolint:staticcheck
var (
_ api.Storer[*v1beta1.TaskRun, *in_toto.Statement] = &TaskRunStorer{}
_ api.Storer[*v1beta1.PipelineRun, *in_toto.Statement] = &PipelineRunStorer{}
_ api.Storer[*v1.TaskRun, *in_toto.Statement] = &TaskRunStorer{}
_ api.Storer[*v1.PipelineRun, *in_toto.Statement] = &PipelineRunStorer{}
)

// TaskRunStorer stores TaskRuns in GCS.
Expand All @@ -244,7 +273,7 @@ type TaskRunStorer struct {
// Store stores the TaskRun chains information in GCS
//
//nolint:staticcheck
func (s *TaskRunStorer) Store(ctx context.Context, req *api.StoreRequest[*v1beta1.TaskRun, *in_toto.Statement]) (*api.StoreResponse, error) {
func (s *TaskRunStorer) Store(ctx context.Context, req *api.StoreRequest[*v1.TaskRun, *in_toto.Statement]) (*api.StoreResponse, error) {
tr := req.Artifact
key := s.key
if key == "" {
Expand All @@ -268,7 +297,7 @@ type PipelineRunStorer struct {
// Store stores the PipelineRun chains information in GCS
//
//nolint:staticcheck
func (s *PipelineRunStorer) Store(ctx context.Context, req *api.StoreRequest[*v1beta1.PipelineRun, *in_toto.Statement]) (*api.StoreResponse, error) {
func (s *PipelineRunStorer) Store(ctx context.Context, req *api.StoreRequest[*v1.PipelineRun, *in_toto.Statement]) (*api.StoreResponse, error) {
pr := req.Artifact
key := s.key
if key == "" {
Expand Down
26 changes: 13 additions & 13 deletions pkg/chains/storage/gcs/gcs_test.go
Original file line number Diff line number Diff line change
Expand Up @@ -23,7 +23,7 @@ import (
"github.com/tektoncd/chains/pkg/chains/objects"

"github.com/tektoncd/chains/pkg/config"
"github.com/tektoncd/pipeline/pkg/apis/pipeline/v1beta1"
v1 "github.com/tektoncd/pipeline/pkg/apis/pipeline/v1"
metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
"k8s.io/apimachinery/pkg/types"
rtesting "knative.dev/pkg/reconciler/testing"
Expand All @@ -32,8 +32,8 @@ import (
//nolint:staticcheck
func TestBackend_StorePayload(t *testing.T) {
type args struct {
tr *v1beta1.TaskRun
pr *v1beta1.PipelineRun
tr *v1.TaskRun
pr *v1.PipelineRun
signed []byte
signature string
opts config.StorageOpts
Expand All @@ -46,14 +46,14 @@ func TestBackend_StorePayload(t *testing.T) {
{
name: "no error, intoto",
args: args{
tr: &v1beta1.TaskRun{
tr: &v1.TaskRun{
ObjectMeta: metav1.ObjectMeta{
Namespace: "foo",
Name: "bar",
UID: types.UID("uid"),
},
},
pr: &v1beta1.PipelineRun{
pr: &v1.PipelineRun{
ObjectMeta: metav1.ObjectMeta{
Namespace: "foo",
Name: "bar",
Expand All @@ -68,14 +68,14 @@ func TestBackend_StorePayload(t *testing.T) {
{
name: "no error, tekton",
args: args{
tr: &v1beta1.TaskRun{
tr: &v1.TaskRun{
ObjectMeta: metav1.ObjectMeta{
Namespace: "foo",
Name: "bar",
UID: types.UID("uid"),
},
},
pr: &v1beta1.PipelineRun{
pr: &v1.PipelineRun{
ObjectMeta: metav1.ObjectMeta{
Namespace: "foo",
Name: "bar",
Expand All @@ -98,13 +98,13 @@ func TestBackend_StorePayload(t *testing.T) {
reader: mockGcsRead,
cfg: config.Config{Storage: config.StorageConfigs{GCS: config.GCSStorageConfig{Bucket: "foo"}}},
}
trObj := objects.NewTaskRunObjectV1Beta1(tt.args.tr)
trObj := objects.NewTaskRunObjectV1(tt.args.tr)
if err := b.StorePayload(ctx, trObj, tt.args.signed, tt.args.signature, tt.args.opts); (err != nil) != tt.wantErr {
t.Errorf("Backend.StorePayload() error = %v, wantErr %v", err, tt.wantErr)
}

objectSig := taskRunSigName(tt.args.tr, tt.args.opts)
objectPayload := taskRunPayloadName(tt.args.tr, tt.args.opts)
objectSig := taskRunSigNameV1(tt.args.tr, tt.args.opts)
objectPayload := taskRunPayloadNameV1(tt.args.tr, tt.args.opts)
got, err := b.RetrieveSignatures(ctx, trObj, tt.args.opts)
if err != nil {
t.Fatal(err)
Expand All @@ -121,13 +121,13 @@ func TestBackend_StorePayload(t *testing.T) {
t.Errorf("wrong signature, expected %s, got %s", tt.args.signed, gotPayload[objectPayload])
}

prObj := objects.NewPipelineRunObjectV1Beta1(tt.args.pr)
prObj := objects.NewPipelineRunObjectV1(tt.args.pr)
if err := b.StorePayload(ctx, prObj, tt.args.signed, tt.args.signature, tt.args.opts); (err != nil) != tt.wantErr {
t.Errorf("Backend.StorePayload() error = %v, wantErr %v", err, tt.wantErr)
}

objectSig = pipelineRunSigname(tt.args.pr, tt.args.opts)
objectPayload = pipelineRunPayloadName(tt.args.pr, tt.args.opts)
objectSig = pipelineRunSignameV1(tt.args.pr, tt.args.opts)
objectPayload = pipelineRunPayloadNameV1(tt.args.pr, tt.args.opts)
got, err = b.RetrieveSignatures(ctx, prObj, tt.args.opts)
if err != nil {
t.Fatal(err)
Expand Down
2 changes: 1 addition & 1 deletion pkg/config/config.go
Original file line number Diff line number Diff line change
Expand Up @@ -272,7 +272,7 @@ func NewConfigFromMap(data map[string]string) (*Config, error) {

// PipelineRuns
asString(pipelinerunFormatKey, &cfg.Artifacts.PipelineRuns.Format, "in-toto", "slsa/v1", "slsa/v2alpha2"),
asStringSet(pipelinerunStorageKey, &cfg.Artifacts.PipelineRuns.StorageBackend, sets.New[string]("tekton", "oci", "docdb", "grafeas")),
asStringSet(pipelinerunStorageKey, &cfg.Artifacts.PipelineRuns.StorageBackend, sets.New[string]("tekton", "oci", "gcs", "docdb", "grafeas")),
asString(pipelinerunSignerKey, &cfg.Artifacts.PipelineRuns.Signer, "x509", "kms"),
asBool(pipelinerunEnableDeepInspectionKey, &cfg.Artifacts.PipelineRuns.DeepInspectionEnabled),

Expand Down

0 comments on commit 6d04a41

Please sign in to comment.