Increase direct usage of Tekton Object Interface

This PR further increases the usage of the Tekton object interface in our codebase.
tektoncd · Sep 7, 2023 · 3228844 · 3228844
1 parent de28e92
commit 3228844
Show file tree

Hide file tree

Showing 9 changed files with 170 additions and 182 deletions.
diff --git a/pkg/chains/formats/slsa/attest/attest.go b/pkg/chains/formats/slsa/attest/attest.go
@@ -22,9 +22,9 @@ import (
 
  slsa "github.com/in-toto/in-toto-golang/in_toto/slsa_provenance/v0.2"
  "github.com/tektoncd/chains/pkg/artifacts"
+ "github.com/tektoncd/chains/pkg/chains/objects"
  "github.com/tektoncd/pipeline/pkg/apis/pipeline/v1beta1"
  corev1 "k8s.io/api/core/v1"
- metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
 )
 
 const (
@@ -58,10 +58,11 @@ func Step(step *v1beta1.Step, stepState *v1beta1.StepState) StepAttestation {
  return attestation
 }
 
-func Invocation(source *v1beta1.RefSource, params []v1beta1.Param, paramSpecs []v1beta1.ParamSpec, meta metav1.Object) slsa.ProvenanceInvocation {
+func Invocation(obj objects.TektonObject, params []v1beta1.Param, paramSpecs []v1beta1.ParamSpec) slsa.ProvenanceInvocation {
  i := slsa.ProvenanceInvocation{
- ConfigSource: convertConfigSource(source),
+ ConfigSource: convertConfigSource(obj.GetRefSource()),
  }
+
  iParams := make(map[string]v1beta1.ParamValue)
 
  // get implicit parameters from defaults
@@ -77,11 +78,10 @@ func Invocation(source *v1beta1.RefSource, params []v1beta1.Param, paramSpecs []
  }
 
  i.Parameters = iParams
-
  environment := map[string]map[string]string{}
 
  annotations := map[string]string{}
- for name, value := range meta.GetAnnotations() {
+ for name, value := range obj.GetAnnotations() {
  // Ignore annotations that are not relevant to provenance information
  if name == corev1.LastAppliedConfigAnnotation || strings.HasPrefix(name, "chains.tekton.dev/") {
  continue
@@ -92,7 +92,7 @@ func Invocation(source *v1beta1.RefSource, params []v1beta1.Param, paramSpecs []
  environment["annotations"] = annotations
  }
 
- labels := meta.GetLabels()
+ labels := obj.GetLabels()
  if len(labels) > 0 {
  environment["labels"] = labels
  }

diff --git a/pkg/chains/formats/slsa/extract/extract.go b/pkg/chains/formats/slsa/extract/extract.go
@@ -84,7 +84,7 @@ func subjectsFromPipelineRun(ctx context.Context, obj objects.TektonObject, slsa
  continue
  }
 
- trSubjects := subjectsFromTektonObject(ctx, objects.NewTaskRunObject(tr))
+ trSubjects := subjectsFromTektonObject(ctx, tr)
  for _, s := range trSubjects {
  result = addSubject(result, s)
  }

diff --git a/pkg/chains/formats/slsa/internal/material/material.go b/pkg/chains/formats/slsa/internal/material/material.go
@@ -28,7 +28,6 @@ import (
  "github.com/tektoncd/chains/pkg/chains/formats/slsa/attest"
  "github.com/tektoncd/chains/pkg/chains/formats/slsa/internal/slsaconfig"
  "github.com/tektoncd/chains/pkg/chains/objects"
- "github.com/tektoncd/pipeline/pkg/apis/pipeline/v1beta1"
  "knative.dev/pkg/logging"
 )
 
@@ -42,14 +41,14 @@ func TaskMaterials(ctx context.Context, tro *objects.TaskRunObject) ([]common.Pr
  var mats []common.ProvenanceMaterial
 
  // add step images
- stepMaterials, err := FromStepImages(tro.Status.Steps)
+ stepMaterials, err := FromStepImages(tro)
  if err != nil {
  return nil, err
  }
  mats = append(mats, stepMaterials...)
 
  // add sidecar images
- sidecarMaterials, err := FromSidecarImages(tro.Status.Sidecars)
+ sidecarMaterials, err := FromSidecarImages(tro)
  if err != nil {
  return nil, err
  }
@@ -89,14 +88,14 @@ func PipelineMaterials(ctx context.Context, pro *objects.PipelineRunObject, slsa
  continue
  }
 
- stepMaterials, err := FromStepImages(tr.Status.Steps)
+ stepMaterials, err := FromStepImages(tr)
  if err != nil {
  return mats, err
  }
  mats = append(mats, stepMaterials...)
 
  // add sidecar images
- sidecarMaterials, err := FromSidecarImages(tr.Status.Sidecars)
+ sidecarMaterials, err := FromSidecarImages(tr)
  if err != nil {
  return nil, err
  }
@@ -124,10 +123,10 @@ func PipelineMaterials(ctx context.Context, pro *objects.PipelineRunObject, slsa
 }
 
 // FromStepImages gets predicate.materials from step images
-func FromStepImages(steps []v1beta1.StepState) ([]common.ProvenanceMaterial, error) {
+func FromStepImages(tro *objects.TaskRunObject) ([]common.ProvenanceMaterial, error) {
  mats := []common.ProvenanceMaterial{}
- for _, stepState := range steps {
- m, err := fromImageID(stepState.ImageID)
+ for _, image := range tro.GetStepImages() {
+ m, err := fromImageID(image)
  if err != nil {
  return nil, err
  }
@@ -137,10 +136,10 @@ func FromStepImages(steps []v1beta1.StepState) ([]common.ProvenanceMaterial, err
 }
 
 // FromSidecarImages gets predicate.materials from sidecar images
-func FromSidecarImages(sidecars []v1beta1.SidecarState) ([]common.ProvenanceMaterial, error) {
+func FromSidecarImages(tro *objects.TaskRunObject) ([]common.ProvenanceMaterial, error) {
  mats := []common.ProvenanceMaterial{}
- for _, sidecarState := range sidecars {
- m, err := fromImageID(sidecarState.ImageID)
+ for _, image := range tro.GetSidecarImages() {
+ m, err := fromImageID(image)
  if err != nil {
  return nil, err
  }
@@ -310,7 +309,7 @@ func FromPipelineParamsAndResults(ctx context.Context, pro *objects.PipelineRunO
  logger.Infof("taskrun is not found or not completed for the task %s", t.Name)
  continue
  }
- materialsFromTasks := FromTaskParamsAndResults(ctx, objects.NewTaskRunObject(tr))
+ materialsFromTasks := FromTaskParamsAndResults(ctx, tr)
  mats = append(mats, materialsFromTasks...)
  }
  }

diff --git a/pkg/chains/formats/slsa/internal/material/material_test.go b/pkg/chains/formats/slsa/internal/material/material_test.go
@@ -403,146 +403,6 @@ func TestStructuredResultPipelineMaterials(t *testing.T) {
  }
 }
 
-func TestFromStepImages(t *testing.T) {
- tests := []struct {
- name string
- steps []v1beta1.StepState
- want []common.ProvenanceMaterial
- wantError error
- }{{
- name: "steps with proper imageID",
- steps: []v1beta1.StepState{{
- Name: "git-source-repo-jwqcl",
- ImageID: "gcr.io/tekton-releases/github.com/tektoncd/pipeline/cmd/git-init@sha256:b963f6e7a69617db57b685893256f978436277094c21d43b153994acd8a01247",
- }, {
- Name: "git-source-repo-repeat-again-jwqcl",
- ImageID: "gcr.io/tekton-releases/github.com/tektoncd/pipeline/cmd/git-init@sha256:b963f6e7a69617db57b685893256f978436277094c21d43b153994acd8a01247",
- }, {
- Name: "build",
- ImageID: "gcr.io/cloud-marketplace-containers/google/bazel@sha256:010a1ecd1a8c3610f12039a25b823e3a17bd3e8ae455a53e340dcfdd37a49964",
- }},
- want: []common.ProvenanceMaterial{
- {
- URI: artifacts.OCIScheme + "gcr.io/tekton-releases/github.com/tektoncd/pipeline/cmd/git-init",
- Digest: common.DigestSet{
- "sha256": "b963f6e7a69617db57b685893256f978436277094c21d43b153994acd8a01247",
- },
- },
- {
- URI: artifacts.OCIScheme + "gcr.io/tekton-releases/github.com/tektoncd/pipeline/cmd/git-init",
- Digest: common.DigestSet{
- "sha256": "b963f6e7a69617db57b685893256f978436277094c21d43b153994acd8a01247",
- },
- },
- {
- URI: artifacts.OCIScheme + "gcr.io/cloud-marketplace-containers/google/bazel",
- Digest: common.DigestSet{
- "sha256": "010a1ecd1a8c3610f12039a25b823e3a17bd3e8ae455a53e340dcfdd37a49964",
- },
- },
- },
- }, {
- name: "step with bad imageId - no uri",
- steps: []v1beta1.StepState{{
- Name: "git-source-repo-jwqcl",
- ImageID: "gcr.io/tekton-releases/github.com/tektoncd/pipeline/cmd/git-init-sha256:b963f6e7a69617db57b685893256f978436277094c21d43b153994acd8a01247",
- }},
- want: []common.ProvenanceMaterial{{}},
- wantError: fmt.Errorf("expected imageID gcr.io/tekton-releases/github.com/tektoncd/pipeline/cmd/git-init-sha256:b963f6e7a69617db57b685893256f978436277094c21d43b153994acd8a01247 to be separable by @"),
- }, {
- name: "step with bad imageId - no digest",
- steps: []v1beta1.StepState{{
- Name: "git-source-repo-jwqcl",
- ImageID: "gcr.io/tekton-releases/github.com/tektoncd/pipeline/cmd/git-init@sha256-b963f6e7a69617db57b685893256f978436277094c21d43b153994acd8a01247",
- }},
- want: []common.ProvenanceMaterial{{}},
- wantError: fmt.Errorf("expected imageID gcr.io/tekton-releases/github.com/tektoncd/pipeline/cmd/git-init@sha256-b963f6e7a69617db57b685893256f978436277094c21d43b153994acd8a01247 to be separable by @ and :"),
- }}
- for _, tc := range tests {
- mat, err := FromStepImages(tc.steps)
- if err != nil {
- if err.Error() != tc.wantError.Error() {
- t.Fatalf("Expected error %v but got %v", tc.wantError, err)
- }
- }
- if tc.wantError == nil {
- if diff := cmp.Diff(tc.want, mat); diff != "" {
- t.Errorf("materials(): -want +got: %s", diff)
- }
- }
- }
-}
-
-func TestFromSidecarImages(t *testing.T) {
- tests := []struct {
- name string
- sidecars []v1beta1.SidecarState
- want []common.ProvenanceMaterial
- wantError error
- }{{
- name: "sidecars with proper imageID",
- sidecars: []v1beta1.SidecarState{{
- Name: "git-source-repo-jwqcl",
- ImageID: "gcr.io/tekton-releases/github.com/tektoncd/pipeline/cmd/git-init@sha256:b963f6e7a69617db57b685893256f978436277094c21d43b153994acd8a01247",
- }, {
- Name: "git-source-repo-repeat-again-jwqcl",
- ImageID: "gcr.io/tekton-releases/github.com/tektoncd/pipeline/cmd/git-init@sha256:b963f6e7a69617db57b685893256f978436277094c21d43b153994acd8a01247",
- }, {
- Name: "build",
- ImageID: "gcr.io/cloud-marketplace-containers/google/bazel@sha256:010a1ecd1a8c3610f12039a25b823e3a17bd3e8ae455a53e340dcfdd37a49964",
- }},
- want: []common.ProvenanceMaterial{
- {
- URI: artifacts.OCIScheme + "gcr.io/tekton-releases/github.com/tektoncd/pipeline/cmd/git-init",
- Digest: common.DigestSet{
- "sha256": "b963f6e7a69617db57b685893256f978436277094c21d43b153994acd8a01247",
- },
- },
- {
- URI: artifacts.OCIScheme + "gcr.io/tekton-releases/github.com/tektoncd/pipeline/cmd/git-init",
- Digest: common.DigestSet{
- "sha256": "b963f6e7a69617db57b685893256f978436277094c21d43b153994acd8a01247",
- },
- },
- {
- URI: artifacts.OCIScheme + "gcr.io/cloud-marketplace-containers/google/bazel",
- Digest: common.DigestSet{
- "sha256": "010a1ecd1a8c3610f12039a25b823e3a17bd3e8ae455a53e340dcfdd37a49964",
- },
- },
- },
- }, {
- name: "sidecars with bad imageId - no uri",
- sidecars: []v1beta1.SidecarState{{
- Name: "git-source-repo-jwqcl",
- ImageID: "gcr.io/tekton-releases/github.com/tektoncd/pipeline/cmd/git-init-sha256:b963f6e7a69617db57b685893256f978436277094c21d43b153994acd8a01247",
- }},
- want: []common.ProvenanceMaterial{{}},
- wantError: fmt.Errorf("expected imageID gcr.io/tekton-releases/github.com/tektoncd/pipeline/cmd/git-init-sha256:b963f6e7a69617db57b685893256f978436277094c21d43b153994acd8a01247 to be separable by @"),
- }, {
- name: "sidecars with bad imageId - no digest",
- sidecars: []v1beta1.SidecarState{{
- Name: "git-source-repo-jwqcl",
- ImageID: "gcr.io/tekton-releases/github.com/tektoncd/pipeline/cmd/git-init@sha256-b963f6e7a69617db57b685893256f978436277094c21d43b153994acd8a01247",
- }},
- want: []common.ProvenanceMaterial{{}},
- wantError: fmt.Errorf("expected imageID gcr.io/tekton-releases/github.com/tektoncd/pipeline/cmd/git-init@sha256-b963f6e7a69617db57b685893256f978436277094c21d43b153994acd8a01247 to be separable by @ and :"),
- }}
- for _, tc := range tests {
- mat, err := FromSidecarImages(tc.sidecars)
- if err != nil {
- if err.Error() != tc.wantError.Error() {
- t.Fatalf("Expected error %v but got %v", tc.wantError, err)
- }
- }
- if tc.wantError == nil {
- if diff := cmp.Diff(tc.want, mat); diff != "" {
- t.Errorf("materials(): -want +got: %s", diff)
- }
- }
- }
-}
-
 func TestFromImageID(t *testing.T) {
  tests := []struct {
  name string

diff --git a/pkg/chains/formats/slsa/v1/pipelinerun/pipelinerun.go b/pkg/chains/formats/slsa/v1/pipelinerun/pipelinerun.go
@@ -79,11 +79,7 @@ func invocation(pro *objects.PipelineRunObject) slsa.ProvenanceInvocation {
  if ps := pro.Status.PipelineSpec; ps != nil {
  paramSpecs = ps.Params
  }
- var source *v1beta1.RefSource
- if p := pro.Status.Provenance; p != nil {
- source = p.RefSource
- }
- return attest.Invocation(source, pro.Spec.Params, paramSpecs, pro.GetObjectMeta())
+ return attest.Invocation(pro, pro.Spec.Params, paramSpecs)
 }
 
 func buildConfig(ctx context.Context, pro *objects.PipelineRunObject) BuildConfig {
@@ -134,6 +130,7 @@ func buildConfig(ctx context.Context, pro *objects.PipelineRunObject) BuildConfi
  if len(after) == 0 && i >= len(pSpec.Tasks) && last != "" {
  after = append(after, last)
  }
+
  params := tr.Spec.Params
  var paramSpecs []v1beta1.ParamSpec
  if tr.Status.TaskSpec != nil {
@@ -142,20 +139,14 @@ func buildConfig(ctx context.Context, pro *objects.PipelineRunObject) BuildConfi
  paramSpecs = []v1beta1.ParamSpec{}
  }
 
- // source information in taskrun status
- var source *v1beta1.RefSource
- if p := tr.Status.Provenance; p != nil {
- source = p.RefSource
- }
-
  task := TaskAttestation{
  Name: t.Name,
  After: after,
  StartedOn: tr.Status.StartTime.Time.UTC(),
  FinishedOn: tr.Status.CompletionTime.Time.UTC(),
  Status: getStatus(tr.Status.Conditions),
  Steps: steps,
- Invocation: attest.Invocation(source, params, paramSpecs, &tr.ObjectMeta),
+ Invocation: attest.Invocation(tr, params, paramSpecs),
  Results: tr.Status.TaskRunResults,
  }
 

diff --git a/pkg/chains/formats/slsa/v1/taskrun/taskrun.go b/pkg/chains/formats/slsa/v1/taskrun/taskrun.go
@@ -62,11 +62,7 @@ func invocation(tro *objects.TaskRunObject) slsa.ProvenanceInvocation {
  if ts := tro.Status.TaskSpec; ts != nil {
  paramSpecs = ts.Params
  }
- var source *v1beta1.RefSource
- if p := tro.Status.Provenance; p != nil {
- source = p.RefSource
- }
- return attest.Invocation(source, tro.Spec.Params, paramSpecs, tro.GetObjectMeta())
+ return attest.Invocation(tro, tro.Spec.Params, paramSpecs)
 }
 
 // Metadata adds taskrun's start time, completion time and reproducibility labels

diff --git a/pkg/chains/formats/slsa/v2alpha2/internal/resolved_dependencies/resolved_dependencies.go b/pkg/chains/formats/slsa/v2alpha2/internal/resolved_dependencies/resolved_dependencies.go
@@ -60,12 +60,12 @@ func TaskRun(ctx context.Context, tro *objects.TaskRunObject) ([]v1.ResourceDesc
  mats := []common.ProvenanceMaterial{}
 
  // add step and sidecar images
- stepMaterials, err := material.FromStepImages(tro.Status.Steps)
+ stepMaterials, err := material.FromStepImages(tro)
  mats = append(mats, stepMaterials...)
  if err != nil {
  return nil, err
  }
- sidecarMaterials, err := material.FromSidecarImages(tro.Status.Sidecars)
+ sidecarMaterials, err := material.FromSidecarImages(tro)
  if err != nil {
  return nil, err
  }
@@ -201,14 +201,14 @@ func fromPipelineTask(logger *zap.SugaredLogger, pro *objects.PipelineRunObject)
  mats := []common.ProvenanceMaterial{}
 
  // add step images
- stepMaterials, err := material.FromStepImages(tr.Status.Steps)
+ stepMaterials, err := material.FromStepImages(tr)
  if err != nil {
  return nil, err
  }
  mats = append(mats, stepMaterials...)
 
  // add sidecar images
- sidecarMaterials, err := material.FromSidecarImages(tr.Status.Sidecars)
+ sidecarMaterials, err := material.FromSidecarImages(tr)
  if err != nil {
  return nil, err
  }