Move external paramenters and resolved dependencies logic out of v2al…

…pha3 (#1109) This is a refactor in preparation for v2alpha4 which uses in its majority the same logic as v2alpha3. Logici and tests moved to chains/formats/slsa/internal to be able to use it from different versions. Current behavior shouldn't change with these changes.
tektoncd · May 2, 2024 · 5986f44 · 5986f44
1 parent 2b5054e
commit 5986f44
Show file tree

Hide file tree

Showing 14 changed files with 998 additions and 817 deletions.
diff --git a/pkg/chains/formats/slsa/internal/external_parameters/external_parameters.go b/pkg/chains/formats/slsa/internal/external_parameters/external_parameters.go
@@ -19,6 +19,7 @@ package externalparameters
 import (
 	"fmt"
 
+	"github.com/tektoncd/chains/pkg/chains/objects"
 	v1 "github.com/tektoncd/pipeline/pkg/apis/pipeline/v1"
 )
 
@@ -35,3 +36,25 @@ func BuildConfigSource(provenance *v1.Provenance) map[string]string {
 	}
 	return buildConfigSource
 }
+
+// PipelineRun adds the pipeline run spec and provenance if available
+func PipelineRun(pro *objects.PipelineRunObjectV1) map[string]any {
+	externalParams := make(map[string]any)
+
+	if provenance := pro.GetRemoteProvenance(); provenance != nil {
+		externalParams["buildConfigSource"] = BuildConfigSource(provenance)
+	}
+	externalParams["runSpec"] = pro.Spec
+	return externalParams
+}
+
+// TaskRun adds the task run spec and provenance if available
+func TaskRun(tro *objects.TaskRunObjectV1) map[string]any {
+	externalParams := make(map[string]any)
+
+	if provenance := tro.GetRemoteProvenance(); provenance != nil {
+		externalParams["buildConfigSource"] = BuildConfigSource(provenance)
+	}
+	externalParams["runSpec"] = tro.Spec
+	return externalParams
+}
diff --git a/pkg/chains/formats/slsa/internal/external_parameters/external_parameters_test.go b/pkg/chains/formats/slsa/internal/external_parameters/external_parameters_test.go
@@ -20,9 +20,31 @@ import (
 	"strings"
 	"testing"
 
+	"github.com/google/go-cmp/cmp"
+	"github.com/tektoncd/chains/pkg/chains/objects"
+	"github.com/tektoncd/chains/pkg/internal/objectloader"
 	v1 "github.com/tektoncd/pipeline/pkg/apis/pipeline/v1"
 )
 
+func createPro(path string) *objects.PipelineRunObjectV1 {
+	pr, err := objectloader.PipelineRunFromFile(path)
+	if err != nil {
+		panic(err)
+	}
+	tr1, err := objectloader.TaskRunFromFile("../../testdata/slsa-v2alpha3/taskrun1.json")
+	if err != nil {
+		panic(err)
+	}
+	tr2, err := objectloader.TaskRunFromFile("../../testdata/slsa-v2alpha3/taskrun2.json")
+	if err != nil {
+		panic(err)
+	}
+	p := objects.NewPipelineRunObjectV1(pr)
+	p.AppendTaskRun(tr1)
+	p.AppendTaskRun(tr2)
+	return p
+}
+
 func TestBuildConfigSource(t *testing.T) {
 	digest := map[string]string{"alg1": "hex1", "alg2": "hex2"}
 	provenance := &v1.Provenance{
@@ -61,3 +83,136 @@ func TestBuildConfigSource(t *testing.T) {
 		t.Errorf("buildConfigSource() does not contain correct path: want: %s got: %s", want["path"], got["path"])
 	}
 }
+
+func TestPipelineRun(t *testing.T) {
+	tests := []struct {
+		name                       string
+		inputPipelineRunFile       string
+		expectedExternalParameters map[string]any
+	}{
+		{
+			name:                 "simple pipelinerun",
+			inputPipelineRunFile: "../../testdata/slsa-v2alpha3/pipelinerun1.json",
+			expectedExternalParameters: map[string]any{
+				"runSpec": v1.PipelineRunSpec{
+					PipelineRef: &v1.PipelineRef{Name: "test-pipeline"},
+					Params: v1.Params{
+						{
+							Name:  "IMAGE",
+							Value: v1.ParamValue{Type: "string", StringVal: "test.io/test/image"},
+						},
+					},
+					TaskRunTemplate: v1.PipelineTaskRunTemplate{
+						ServiceAccountName: "pipeline",
+					},
+				},
+			},
+		},
+		{
+			name:                 "pipelinerun with remote resolver",
+			inputPipelineRunFile: "../../testdata/slsa-v2alpha3/pipelinerun-remote-resolver.json",
+			expectedExternalParameters: map[string]any{
+				"runSpec": v1.PipelineRunSpec{
+					PipelineRef: &v1.PipelineRef{
+						ResolverRef: v1.ResolverRef{
+							Resolver: "git",
+							Params: v1.Params{
+								{Name: "url", Value: v1.ParamValue{Type: "string", StringVal: "https://github.com/tektoncd/catalog"}},
+								{Name: "revision", Value: v1.ParamValue{Type: "string", StringVal: "main"}},
+								{Name: "pathInRepo", Value: v1.ParamValue{Type: "string", StringVal: "pipeline/build-push-gke-deploy/0.1/build-push-gke-deploy.yaml"}},
+							},
+						},
+					},
+					Params: v1.Params{
+						{Name: "pathToContext", Value: v1.ParamValue{Type: "string", StringVal: "gke-deploy/example/app"}},
+						{Name: "pathToKubernetesConfigs", Value: v1.ParamValue{Type: "string", StringVal: "gke-deploy/example/app/config"}},
+					},
+					TaskRunTemplate: v1.PipelineTaskRunTemplate{
+						ServiceAccountName: "default",
+					},
+				},
+				"buildConfigSource": map[string]string{
+					"path":       "pipeline/build-push-gke-deploy/0.1/build-push-gke-deploy.yaml",
+					"ref":        "sha1:4df486f198c3c2616ab129186fb30a74f580b5a1",
+					"repository": "git+https://github.com/tektoncd/catalog",
+				},
+			},
+		},
+	}
+
+	for _, test := range tests {
+		t.Run(test.name, func(t *testing.T) {
+			pro := createPro(test.inputPipelineRunFile)
+			got := PipelineRun(pro)
+			if diff := cmp.Diff(test.expectedExternalParameters, got); diff != "" {
+				t.Errorf("PipelineRun(): -want +got: %s", diff)
+			}
+		})
+	}
+}
+
+func TestTaskRun(t *testing.T) {
+	tests := []struct {
+		name                       string
+		inputTaskRunFile           string
+		expectedExternalParameters map[string]any
+	}{
+		{
+			name:             "simple taskrun",
+			inputTaskRunFile: "../../testdata/slsa-v2alpha3/taskrun1.json",
+			expectedExternalParameters: map[string]any{
+				"runSpec": v1.TaskRunSpec{
+					Params: v1.Params{
+						{Name: "IMAGE", Value: v1.ParamValue{Type: "string", StringVal: "test.io/test/image"}},
+						{Name: "CHAINS-GIT_COMMIT", Value: v1.ParamValue{Type: "string", StringVal: "taskrun"}},
+						{Name: "CHAINS-GIT_URL", Value: v1.ParamValue{Type: "string", StringVal: "https://git.test.com"}},
+					},
+					ServiceAccountName: "default",
+					TaskRef:            &v1.TaskRef{Name: "build", Kind: "Task"},
+				},
+			},
+		},
+		{
+			name:             "taskrun with remote resolver",
+			inputTaskRunFile: "../../testdata/slsa-v2alpha3/taskrun-remote-resolver.json",
+			expectedExternalParameters: map[string]any{
+				"runSpec": v1.TaskRunSpec{
+					Params: v1.Params{
+						{Name: "ARGS", Value: v1.ParamValue{Type: "array", ArrayVal: []string{"help"}}},
+					},
+					ServiceAccountName: "default",
+					TaskRef: &v1.TaskRef{
+						Kind: "Task",
+						ResolverRef: v1.ResolverRef{
+							Resolver: "git",
+							Params: []v1.Param{
+								{Name: "url", Value: v1.ParamValue{Type: "string", StringVal: "https://github.com/tektoncd/catalog.git"}},
+								{Name: "revision", Value: v1.ParamValue{Type: "string", StringVal: "main"}},
+								{Name: "pathInRepo", Value: v1.ParamValue{Type: "string", StringVal: "task/gcloud/0.3/gcloud.yaml"}},
+							},
+						},
+					},
+				},
+				"buildConfigSource": map[string]string{
+					"ref":        "sha1:4df486f198c3c2616ab129186fb30a74f580b5a1",
+					"repository": "git+https://github.com/tektoncd/catalog.git",
+					"path":       "task/gcloud/0.3/gcloud.yaml",
+				},
+			},
+		},
+	}
+
+	for _, test := range tests {
+		t.Run(test.name, func(t *testing.T) {
+			tr, err := objectloader.TaskRunFromFile(test.inputTaskRunFile)
+			if err != nil {
+				t.Fatal(err)
+			}
+
+			got := TaskRun(objects.NewTaskRunObjectV1(tr))
+			if diff := cmp.Diff(test.expectedExternalParameters, got); diff != "" {
+				t.Errorf("TaskRun(): -want +got: %s", diff)
+			}
+		})
+	}
+}