Skip to content

Commit

Permalink
Added Helm type (#354)
Browse files Browse the repository at this point in the history
* Added Helm type

Signed-off-by: Andrew Block <[email protected]>

* Cleaned up helm type

Signed-off-by: Andrew Block <[email protected]>

* Correct Helm schema required fields

Signed-off-by: Andrew Block <[email protected]>

* Regenerated Helm schema

Signed-off-by: Andrew Block <[email protected]>
  • Loading branch information
sabre1041 authored Jul 9, 2021
1 parent 9fa4e20 commit 5862799
Show file tree
Hide file tree
Showing 23 changed files with 2,525 additions and 2 deletions.
79 changes: 79 additions & 0 deletions cmd/rekor-cli/app/pflags.go
Original file line number Diff line number Diff line change
Expand Up @@ -37,6 +37,7 @@ import (
"github.com/go-playground/validator"
"github.com/sigstore/rekor/pkg/generated/models"
alpine_v001 "github.com/sigstore/rekor/pkg/types/alpine/v0.0.1"
helm_v001 "github.com/sigstore/rekor/pkg/types/helm/v0.0.1"
intoto_v001 "github.com/sigstore/rekor/pkg/types/intoto/v0.0.1"
jar_v001 "github.com/sigstore/rekor/pkg/types/jar/v0.0.1"
rekord_v001 "github.com/sigstore/rekor/pkg/types/rekord/v0.0.1"
Expand Down Expand Up @@ -149,6 +150,83 @@ func validateArtifactPFlags(uuidValid, indexValid bool) error {
return nil
}

func CreateHelmFromPFlags() (models.ProposedEntry, error) {
//TODO: how to select version of item to create
returnVal := models.Helm{}
re := new(helm_v001.V001Entry)

helm := viper.GetString("entry")
if helm != "" {
var helmBytes []byte
provURL, err := url.Parse(helm)
if err == nil && provURL.IsAbs() {
/* #nosec G107 */
helmResp, err := http.Get(helm)
if err != nil {
return nil, fmt.Errorf("error fetching 'helm': %w", err)
}
defer helmResp.Body.Close()
helmBytes, err = ioutil.ReadAll(helmResp.Body)
if err != nil {
return nil, fmt.Errorf("error fetching 'provenance file': %w", err)
}
} else {
helmBytes, err = ioutil.ReadFile(filepath.Clean(helm))
if err != nil {
return nil, fmt.Errorf("error processing 'helm' file: %w", err)
}
}
if err := json.Unmarshal(helmBytes, &returnVal); err != nil {
return nil, fmt.Errorf("error parsing helm file: %w", err)
}
} else {
// we will need provenance file and public-key
re.HelmObj = models.HelmV001Schema{}
re.HelmObj.Chart = &models.HelmV001SchemaChart{}
re.HelmObj.Chart.Provenance = &models.HelmV001SchemaChartProvenance{}

artifact := viper.GetString("artifact")
dataURL, err := url.Parse(artifact)
if err == nil && dataURL.IsAbs() {
re.HelmObj.Chart.Provenance.URL = strfmt.URI(artifact)
} else {
artifactBytes, err := ioutil.ReadFile(filepath.Clean(artifact))
if err != nil {
return nil, fmt.Errorf("error reading artifact file: %w", err)
}
re.HelmObj.Chart.Provenance.Content = strfmt.Base64(artifactBytes)
}

re.HelmObj.PublicKey = &models.HelmV001SchemaPublicKey{}
publicKey := viper.GetString("public-key")
keyURL, err := url.Parse(publicKey)
if err == nil && keyURL.IsAbs() {
re.HelmObj.PublicKey.URL = strfmt.URI(publicKey)
} else {
keyBytes, err := ioutil.ReadFile(filepath.Clean(publicKey))
if err != nil {
return nil, fmt.Errorf("error reading public key file: %w", err)
}
re.HelmObj.PublicKey.Content = strfmt.Base64(keyBytes)
}

if err := re.Validate(); err != nil {
return nil, err
}

if re.HasExternalEntities() {
if err := re.FetchExternalEntities(context.Background()); err != nil {
return nil, fmt.Errorf("error retrieving external entities: %v", err)
}
}

returnVal.APIVersion = swag.String(re.APIVersion())
returnVal.Spec = re.HelmObj
}

return &returnVal, nil
}

func CreateJarFromPFlags() (models.ProposedEntry, error) {
//TODO: how to select version of item to create
returnVal := models.Jar{}
Expand Down Expand Up @@ -559,6 +637,7 @@ func (t *typeFlag) Set(s string) error {
"intoto": {},
"rfc3161": {},
"alpine": {},
"helm": {},
}
if _, ok := set[s]; ok {
t.value = s
Expand Down
12 changes: 12 additions & 0 deletions cmd/rekor-cli/app/pflags_test.go
Original file line number Diff line number Diff line change
Expand Up @@ -70,6 +70,8 @@ func TestArtifactPFlags(t *testing.T) {
file, err = ioutil.ReadFile("../../../tests/test_alpine.pub")
case "/alpineEntry":
file, err = ioutil.ReadFile("../../../tests/alpine.json")
case "/helmEntry":
file, err = ioutil.ReadFile("../../../tests/helm.json")
case "/not_found":
err = errors.New("file not found")
}
Expand Down Expand Up @@ -123,6 +125,14 @@ func TestArtifactPFlags(t *testing.T) {
expectParseSuccess: true,
expectValidateSuccess: true,
},
{
caseDesc: "valid helm URL",
entry: testServer.URL + "/helmEntry",
typeStr: "helm",
expectParseSuccess: true,
expectValidateSuccess: true,
},

{
caseDesc: "valid rpm file, wrong type",
typeStr: "rekord",
Expand Down Expand Up @@ -401,6 +411,8 @@ func TestArtifactPFlags(t *testing.T) {
createFn = CreateRFC3161FromPFlags
case "alpine":
createFn = CreateAlpineFromPFlags
case "helm":
createFn = CreateHelmFromPFlags
default:
t.Fatalf("type %v not implemented", tc.typeStr)
}
Expand Down
5 changes: 5 additions & 0 deletions cmd/rekor-cli/app/upload.go
Original file line number Diff line number Diff line change
Expand Up @@ -106,6 +106,11 @@ var uploadCmd = &cobra.Command{
if err != nil {
return nil, err
}
case "helm":
entry, err = CreateHelmFromPFlags()
if err != nil {
return nil, err
}
default:
return nil, errors.New("unknown type specified")
}
Expand Down
3 changes: 3 additions & 0 deletions cmd/rekor-server/app/serve.go
Original file line number Diff line number Diff line change
Expand Up @@ -30,6 +30,8 @@ import (
"github.com/sigstore/rekor/pkg/log"
"github.com/sigstore/rekor/pkg/types/alpine"
alpine_v001 "github.com/sigstore/rekor/pkg/types/alpine/v0.0.1"
"github.com/sigstore/rekor/pkg/types/helm"
helm_v001 "github.com/sigstore/rekor/pkg/types/helm/v0.0.1"
"github.com/sigstore/rekor/pkg/types/intoto"
intoto_v001 "github.com/sigstore/rekor/pkg/types/intoto/v0.0.1"
"github.com/sigstore/rekor/pkg/types/jar"
Expand Down Expand Up @@ -82,6 +84,7 @@ var serveCmd = &cobra.Command{
intoto.KIND: intoto_v001.APIVERSION,
rfc3161.KIND: rfc3161_v001.APIVERSION,
alpine.KIND: alpine_v001.APIVERSION,
helm.KIND: helm_v001.APIVERSION,
}

for k, v := range pluggableTypeMap {
Expand Down
16 changes: 16 additions & 0 deletions openapi.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -346,6 +346,22 @@ definitions:
- spec
additionalProperties: false

helm:
type: object
description: Helm chart
allOf:
- $ref: '#/definitions/ProposedEntry'
- properties:
apiVersion:
type: string
pattern: ^(0|[1-9]\d*)\.(0|[1-9]\d*)\.(0|[1-9]\d*)(?:-((?:0|[1-9]\d*|\d*[a-zA-Z-][0-9a-zA-Z-]*)(?:\.(?:0|[1-9]\d*|\d*[a-zA-Z-][0-9a-zA-Z-]*))*))?(?:\+([0-9a-zA-Z-]+(?:\.[0-9a-zA-Z-]+)*))?$
spec:
type: object
$ref: 'pkg/types/helm/helm_schema.json'
required:
- apiVersion
- spec

intoto:
type: object
description: Intoto object
Expand Down
210 changes: 210 additions & 0 deletions pkg/generated/models/helm.go

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

Loading

0 comments on commit 5862799

Please sign in to comment.