SRVKP-4387: Making enable-deep-inspection field as boolValue to suppo…

…rt bool (true) as well string ('true')
tektoncd · Jul 5, 2024 · 93fa7e7 · 93fa7e7
1 parent 7dda6ea
commit 93fa7e7
Show file tree

Hide file tree

Showing 4 changed files with 55 additions and 16 deletions.
diff --git a/pkg/apis/operator/v1alpha1/tektonchain_types.go b/pkg/apis/operator/v1alpha1/tektonchain_types.go
@@ -80,10 +80,10 @@ type ChainProperties struct {
 	ArtifactsTaskRunSigner  string  `json:"artifacts.taskrun.signer,omitempty"`
 
 	// pipelinerun artifacts config
-	ArtifactsPipelineRunFormat               string  `json:"artifacts.pipelinerun.format,omitempty"`
-	ArtifactsPipelineRunStorage              *string `json:"artifacts.pipelinerun.storage,omitempty"`
-	ArtifactsPipelineRunSigner               string  `json:"artifacts.pipelinerun.signer,omitempty"`
-	ArtifactsPipelineRunEnableDeepInspection *bool   `json:"artifacts.pipelinerun.enable-deep-inspection,omitempty"`
+	ArtifactsPipelineRunFormat               string    `json:"artifacts.pipelinerun.format,omitempty"`
+	ArtifactsPipelineRunStorage              *string   `json:"artifacts.pipelinerun.storage,omitempty"`
+	ArtifactsPipelineRunSigner               string    `json:"artifacts.pipelinerun.signer,omitempty"`
+	ArtifactsPipelineRunEnableDeepInspection BoolValue `json:"artifacts.pipelinerun.enable-deep-inspection,omitempty"`
 
 	// oci artifacts config
 	ArtifactsOCIFormat  string  `json:"artifacts.oci.format,omitempty"`

diff --git a/pkg/apis/operator/v1alpha1/tektonchain_validation.go b/pkg/apis/operator/v1alpha1/tektonchain_validation.go
@@ -26,13 +26,14 @@ import (
 )
 
 var (
-	allowedArtifactsTaskRunFormat     = sets.NewString("", "in-toto", "slsa/v1", "slsa/v2alpha2", "slsa/v2alpha3")
-	allowedArtifactsPipelineRunFormat = sets.NewString("", "in-toto", "slsa/v1", "slsa/v2alpha2", "slsa/v2alpha3")
-	allowedX509SignerFulcioProvider   = sets.NewString("", "google", "spiffe", "github", "filesystem")
-	allowedTransparencyConfigEnabled  = sets.NewString("", "true", "false", "manual")
-	allowedArtifactsStorage           = sets.NewString("", "tekton", "oci", "gcs", "docdb", "grafeas", "kafka")
-	allowedControllerEnvs             = sets.NewString("MONGO_SERVER_URL")
-	allowedBuildDefinitionType        = sets.NewString("", "https://tekton.dev/chains/v2/slsa", "https://tekton.dev/chains/v2/slsa-tekton")
+	allowedArtifactsTaskRunFormat                   = sets.NewString("", "in-toto", "slsa/v1", "slsa/v2alpha2", "slsa/v2alpha3")
+	allowedArtifactsPipelineRunFormat               = sets.NewString("", "in-toto", "slsa/v1", "slsa/v2alpha2", "slsa/v2alpha3")
+	allowedX509SignerFulcioProvider                 = sets.NewString("", "google", "spiffe", "github", "filesystem")
+	allowedTransparencyConfigEnabled                = sets.NewString("", "true", "false", "manual")
+	allowedArtifactsPipelineRunEnableDeepInspection = sets.NewString("", "true", "false")
+	allowedArtifactsStorage                         = sets.NewString("", "tekton", "oci", "gcs", "docdb", "grafeas", "kafka")
+	allowedControllerEnvs                           = sets.NewString("MONGO_SERVER_URL")
+	allowedBuildDefinitionType                      = sets.NewString("", "https://tekton.dev/chains/v2/slsa", "https://tekton.dev/chains/v2/slsa-tekton")
 )
 
 func (tc *TektonChain) Validate(ctx context.Context) (errs *apis.FieldError) {
@@ -135,6 +136,10 @@ func (tcs *TektonChainSpec) ValidateChainConfig(path string) (errs *apis.FieldEr
 		errs = errs.Also(apis.ErrInvalidValue(tcs.TransparencyConfigEnabled, path+".transparency.enabled"))
 	}
 
+	if !allowedArtifactsPipelineRunEnableDeepInspection.Has(string(tcs.ArtifactsPipelineRunEnableDeepInspection)) {
+		errs = errs.Also(apis.ErrInvalidValue(tcs.ArtifactsPipelineRunEnableDeepInspection, path+".artifacts.pipelinerun.enable-deep-inspection"))
+	}
+
 	if !allowedBuildDefinitionType.Has(tcs.BuildDefinitionBuildType) {
 		errs = errs.Also(apis.ErrInvalidValue(tcs.BuildDefinitionBuildType, path+".builddefinition.buildtype"))
 	}

diff --git a/pkg/apis/operator/v1alpha1/tektonchain_validation_test.go b/pkg/apis/operator/v1alpha1/tektonchain_validation_test.go
@@ -214,6 +214,45 @@ func Test_ValidateTektonChain_ConfigPipelineRunStorageValid(t *testing.T) {
 	}
 }
 
+func Test_ValidateTektonChain_ConfigInvalidArtifactsPipelineRunEnableDeepInspection(t *testing.T) {
+	tc := &TektonChain{
+		ObjectMeta: metav1.ObjectMeta{
+			Name:      "chain",
+			Namespace: "namespace",
+		},
+		Spec: TektonChainSpec{
+			CommonSpec: CommonSpec{
+				TargetNamespace: "namespace",
+			},
+		},
+	}
+
+	tc.Spec.Chain.ChainProperties.ArtifactsPipelineRunEnableDeepInspection = "foo"
+	err := tc.Validate(context.TODO())
+	assert.Equal(t, "invalid value: foo: spec.artifacts.pipelinerun.enable-deep-inspection", err.Error())
+}
+
+func Test_ValidateTektonChain_ConfigArtifactsPipelineRunEnableDeepInspection(t *testing.T) {
+	tc := &TektonChain{
+		ObjectMeta: metav1.ObjectMeta{
+			Name:      "chain",
+			Namespace: "namespace",
+		},
+		Spec: TektonChainSpec{
+			CommonSpec: CommonSpec{
+				TargetNamespace: "namespace",
+			},
+		},
+	}
+
+	tc.Spec.Chain.ChainProperties.ArtifactsPipelineRunEnableDeepInspection = "true"
+	err := tc.Validate(context.TODO())
+
+	if err != nil {
+		t.Errorf("ValidateTektonChain.Validate() expected no error for the given config, but got one, ValidateTektonChain: %v", err)
+	}
+}
+
 func Test_ValidateTektonChain_ConfigInvalidX509SignerFulcioProvider(t *testing.T) {
 	tc := &TektonChain{
 		ObjectMeta: metav1.ObjectMeta{

diff --git a/pkg/apis/operator/v1alpha1/zz_generated.deepcopy.go b/pkg/apis/operator/v1alpha1/zz_generated.deepcopy.go