Increase direct usage of Tekton Object Interface

This PR further increases the usage of the Tekton object interface in our codebase. It also removes the dependence of the Tekton object interface on the `v1beta1` type by further generalizing the definition of the `ParamValue`.
tektoncd · Aug 25, 2023 · 88aaba5 · 88aaba5
1 parent de28e92
commit 88aaba5
Show file tree

Hide file tree

Showing 14 changed files with 365 additions and 250 deletions.
diff --git a/pkg/artifacts/signable_test.go b/pkg/artifacts/signable_test.go
@@ -552,7 +552,7 @@ func TestValidateResults(t *testing.T) {
  categoryMarker: ArtifactsOutputsResultName,
  obj: objects.Result{
  Name: "valid_result-ARTIFACT_OUTPUTS",
- Value: v1beta1.ParamValue{
+ Value: objects.ParamValue{
  ObjectVal: map[string]string{
  "uri": "gcr.io/foo/bar",
  "digest": digest3,
@@ -567,7 +567,7 @@ func TestValidateResults(t *testing.T) {
  categoryMarker: ArtifactsOutputsResultName,
  obj: objects.Result{
  Name: "missing_digest-ARTIFACT_OUTPUTS",
- Value: v1beta1.ParamValue{
+ Value: objects.ParamValue{
  ObjectVal: map[string]string{
  "uri": "gcr.io/foo/bar",
  },
@@ -581,7 +581,7 @@ func TestValidateResults(t *testing.T) {
  categoryMarker: ArtifactsOutputsResultName,
  obj: objects.Result{
  Name: "missing_digest-ARTIFACT_OUTPUTS",
- Value: v1beta1.ParamValue{
+ Value: objects.ParamValue{
  ObjectVal: map[string]string{
  "digest": digest3,
  },
@@ -595,7 +595,7 @@ func TestValidateResults(t *testing.T) {
  categoryMarker: ArtifactsOutputsResultName,
  obj: objects.Result{
  Name: "missing_digest-ARTIFACT_OUTPUTS",
- Value: v1beta1.ParamValue{
+ Value: objects.ParamValue{
  ObjectVal: map[string]string{
  "uri": "gcr.io/foo/bar",
  "digest": "",
@@ -610,7 +610,7 @@ func TestValidateResults(t *testing.T) {
  categoryMarker: ArtifactsOutputsResultName,
  obj: objects.Result{
  Name: "missing_digest-ARTIFACTs_OUTPUTS",
- Value: v1beta1.ParamValue{
+ Value: objects.ParamValue{
  ObjectVal: map[string]string{
  "uri": "gcr.io/foo/bar",
  "digest": digest3,

diff --git a/pkg/chains/formats/slsa/attest/attest.go b/pkg/chains/formats/slsa/attest/attest.go
@@ -22,6 +22,7 @@ import (
 
  slsa "github.com/in-toto/in-toto-golang/in_toto/slsa_provenance/v0.2"
  "github.com/tektoncd/chains/pkg/artifacts"
+ "github.com/tektoncd/chains/pkg/chains/objects"
  "github.com/tektoncd/pipeline/pkg/apis/pipeline/v1beta1"
  corev1 "k8s.io/api/core/v1"
  metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
@@ -58,25 +59,11 @@ func Step(step *v1beta1.Step, stepState *v1beta1.StepState) StepAttestation {
  return attestation
 }
 
-func Invocation(source *v1beta1.RefSource, params []v1beta1.Param, paramSpecs []v1beta1.ParamSpec, meta metav1.Object) slsa.ProvenanceInvocation {
+func Invocation(obj objects.TektonObject, meta metav1.Object) slsa.ProvenanceInvocation {
  i := slsa.ProvenanceInvocation{
- ConfigSource: convertConfigSource(source),
+ ConfigSource: convertConfigSource(obj.GetRefSource()),
  }
- iParams := make(map[string]v1beta1.ParamValue)
-
- // get implicit parameters from defaults
- for _, p := range paramSpecs {
- if p.Default != nil {
- iParams[p.Name] = *p.Default
- }
- }
-
- // get explicit parameters
- for _, p := range params {
- iParams[p.Name] = p.Value
- }
-
- i.Parameters = iParams
+ i.Parameters = obj.GetParams()
 
  environment := map[string]map[string]string{}
 
@@ -104,7 +91,7 @@ func Invocation(source *v1beta1.RefSource, params []v1beta1.Param, paramSpecs []
  return i
 }
 
-func convertConfigSource(source *v1beta1.RefSource) slsa.ConfigSource {
+func convertConfigSource(source *objects.RefSource) slsa.ConfigSource {
  if source == nil {
  return slsa.ConfigSource{}
  }

diff --git a/pkg/chains/formats/slsa/extract/extract.go b/pkg/chains/formats/slsa/extract/extract.go
@@ -84,7 +84,7 @@ func subjectsFromPipelineRun(ctx context.Context, obj objects.TektonObject, slsa
  continue
  }
 
- trSubjects := subjectsFromTektonObject(ctx, objects.NewTaskRunObject(tr))
+ trSubjects := subjectsFromTektonObject(ctx, tr)
  for _, s := range trSubjects {
  result = addSubject(result, s)
  }

diff --git a/pkg/chains/formats/slsa/internal/material/material.go b/pkg/chains/formats/slsa/internal/material/material.go
@@ -28,7 +28,6 @@ import (
  "github.com/tektoncd/chains/pkg/chains/formats/slsa/attest"
  "github.com/tektoncd/chains/pkg/chains/formats/slsa/internal/slsaconfig"
  "github.com/tektoncd/chains/pkg/chains/objects"
- "github.com/tektoncd/pipeline/pkg/apis/pipeline/v1beta1"
  "knative.dev/pkg/logging"
 )
 
@@ -42,14 +41,14 @@ func TaskMaterials(ctx context.Context, tro *objects.TaskRunObject) ([]common.Pr
  var mats []common.ProvenanceMaterial
 
  // add step images
- stepMaterials, err := FromStepImages(tro.Status.Steps)
+ stepMaterials, err := FromStepImages(tro)
  if err != nil {
  return nil, err
  }
  mats = append(mats, stepMaterials...)
 
  // add sidecar images
- sidecarMaterials, err := FromSidecarImages(tro.Status.Sidecars)
+ sidecarMaterials, err := FromSidecarImages(tro)
  if err != nil {
  return nil, err
  }
@@ -89,14 +88,14 @@ func PipelineMaterials(ctx context.Context, pro *objects.PipelineRunObject, slsa
  continue
  }
 
- stepMaterials, err := FromStepImages(tr.Status.Steps)
+ stepMaterials, err := FromStepImages(tr)
  if err != nil {
  return mats, err
  }
  mats = append(mats, stepMaterials...)
 
  // add sidecar images
- sidecarMaterials, err := FromSidecarImages(tr.Status.Sidecars)
+ sidecarMaterials, err := FromSidecarImages(tr)
  if err != nil {
  return nil, err
  }
@@ -124,10 +123,10 @@ func PipelineMaterials(ctx context.Context, pro *objects.PipelineRunObject, slsa
 }
 
 // FromStepImages gets predicate.materials from step images
-func FromStepImages(steps []v1beta1.StepState) ([]common.ProvenanceMaterial, error) {
+func FromStepImages(tro *objects.TaskRunObject) ([]common.ProvenanceMaterial, error) {
  mats := []common.ProvenanceMaterial{}
- for _, stepState := range steps {
- m, err := fromImageID(stepState.ImageID)
+ for _, image := range tro.GetStepImages() {
+ m, err := fromImageID(image)
  if err != nil {
  return nil, err
  }
@@ -137,10 +136,10 @@ func FromStepImages(steps []v1beta1.StepState) ([]common.ProvenanceMaterial, err
 }
 
 // FromSidecarImages gets predicate.materials from sidecar images
-func FromSidecarImages(sidecars []v1beta1.SidecarState) ([]common.ProvenanceMaterial, error) {
+func FromSidecarImages(tro *objects.TaskRunObject) ([]common.ProvenanceMaterial, error) {
  mats := []common.ProvenanceMaterial{}
- for _, sidecarState := range sidecars {
- m, err := fromImageID(sidecarState.ImageID)
+ for _, image := range tro.GetSidecarImages() {
+ m, err := fromImageID(image)
  if err != nil {
  return nil, err
  }
@@ -310,7 +309,7 @@ func FromPipelineParamsAndResults(ctx context.Context, pro *objects.PipelineRunO
  logger.Infof("taskrun is not found or not completed for the task %s", t.Name)
  continue
  }
- materialsFromTasks := FromTaskParamsAndResults(ctx, objects.NewTaskRunObject(tr))
+ materialsFromTasks := FromTaskParamsAndResults(ctx, tr)
  mats = append(mats, materialsFromTasks...)
  }
  }

diff --git a/pkg/chains/formats/slsa/internal/material/material_test.go b/pkg/chains/formats/slsa/internal/material/material_test.go
@@ -403,146 +403,6 @@ func TestStructuredResultPipelineMaterials(t *testing.T) {
  }
 }
 
-func TestFromStepImages(t *testing.T) {
- tests := []struct {
- name string
- steps []v1beta1.StepState
- want []common.ProvenanceMaterial
- wantError error
- }{{
- name: "steps with proper imageID",
- steps: []v1beta1.StepState{{
- Name: "git-source-repo-jwqcl",
- ImageID: "gcr.io/tekton-releases/github.com/tektoncd/pipeline/cmd/git-init@sha256:b963f6e7a69617db57b685893256f978436277094c21d43b153994acd8a01247",
- }, {
- Name: "git-source-repo-repeat-again-jwqcl",
- ImageID: "gcr.io/tekton-releases/github.com/tektoncd/pipeline/cmd/git-init@sha256:b963f6e7a69617db57b685893256f978436277094c21d43b153994acd8a01247",
- }, {
- Name: "build",
- ImageID: "gcr.io/cloud-marketplace-containers/google/bazel@sha256:010a1ecd1a8c3610f12039a25b823e3a17bd3e8ae455a53e340dcfdd37a49964",
- }},
- want: []common.ProvenanceMaterial{
- {
- URI: artifacts.OCIScheme + "gcr.io/tekton-releases/github.com/tektoncd/pipeline/cmd/git-init",
- Digest: common.DigestSet{
- "sha256": "b963f6e7a69617db57b685893256f978436277094c21d43b153994acd8a01247",
- },
- },
- {
- URI: artifacts.OCIScheme + "gcr.io/tekton-releases/github.com/tektoncd/pipeline/cmd/git-init",
- Digest: common.DigestSet{
- "sha256": "b963f6e7a69617db57b685893256f978436277094c21d43b153994acd8a01247",
- },
- },
- {
- URI: artifacts.OCIScheme + "gcr.io/cloud-marketplace-containers/google/bazel",
- Digest: common.DigestSet{
- "sha256": "010a1ecd1a8c3610f12039a25b823e3a17bd3e8ae455a53e340dcfdd37a49964",
- },
- },
- },
- }, {
- name: "step with bad imageId - no uri",
- steps: []v1beta1.StepState{{
- Name: "git-source-repo-jwqcl",
- ImageID: "gcr.io/tekton-releases/github.com/tektoncd/pipeline/cmd/git-init-sha256:b963f6e7a69617db57b685893256f978436277094c21d43b153994acd8a01247",
- }},
- want: []common.ProvenanceMaterial{{}},
- wantError: fmt.Errorf("expected imageID gcr.io/tekton-releases/github.com/tektoncd/pipeline/cmd/git-init-sha256:b963f6e7a69617db57b685893256f978436277094c21d43b153994acd8a01247 to be separable by @"),
- }, {
- name: "step with bad imageId - no digest",
- steps: []v1beta1.StepState{{
- Name: "git-source-repo-jwqcl",
- ImageID: "gcr.io/tekton-releases/github.com/tektoncd/pipeline/cmd/git-init@sha256-b963f6e7a69617db57b685893256f978436277094c21d43b153994acd8a01247",
- }},
- want: []common.ProvenanceMaterial{{}},
- wantError: fmt.Errorf("expected imageID gcr.io/tekton-releases/github.com/tektoncd/pipeline/cmd/git-init@sha256-b963f6e7a69617db57b685893256f978436277094c21d43b153994acd8a01247 to be separable by @ and :"),
- }}
- for _, tc := range tests {
- mat, err := FromStepImages(tc.steps)
- if err != nil {
- if err.Error() != tc.wantError.Error() {
- t.Fatalf("Expected error %v but got %v", tc.wantError, err)
- }
- }
- if tc.wantError == nil {
- if diff := cmp.Diff(tc.want, mat); diff != "" {
- t.Errorf("materials(): -want +got: %s", diff)
- }
- }
- }
-}
-
-func TestFromSidecarImages(t *testing.T) {
- tests := []struct {
- name string
- sidecars []v1beta1.SidecarState
- want []common.ProvenanceMaterial
- wantError error
- }{{
- name: "sidecars with proper imageID",
- sidecars: []v1beta1.SidecarState{{
- Name: "git-source-repo-jwqcl",
- ImageID: "gcr.io/tekton-releases/github.com/tektoncd/pipeline/cmd/git-init@sha256:b963f6e7a69617db57b685893256f978436277094c21d43b153994acd8a01247",
- }, {
- Name: "git-source-repo-repeat-again-jwqcl",
- ImageID: "gcr.io/tekton-releases/github.com/tektoncd/pipeline/cmd/git-init@sha256:b963f6e7a69617db57b685893256f978436277094c21d43b153994acd8a01247",
- }, {
- Name: "build",
- ImageID: "gcr.io/cloud-marketplace-containers/google/bazel@sha256:010a1ecd1a8c3610f12039a25b823e3a17bd3e8ae455a53e340dcfdd37a49964",
- }},
- want: []common.ProvenanceMaterial{
- {
- URI: artifacts.OCIScheme + "gcr.io/tekton-releases/github.com/tektoncd/pipeline/cmd/git-init",
- Digest: common.DigestSet{
- "sha256": "b963f6e7a69617db57b685893256f978436277094c21d43b153994acd8a01247",
- },
- },
- {
- URI: artifacts.OCIScheme + "gcr.io/tekton-releases/github.com/tektoncd/pipeline/cmd/git-init",
- Digest: common.DigestSet{
- "sha256": "b963f6e7a69617db57b685893256f978436277094c21d43b153994acd8a01247",
- },
- },
- {
- URI: artifacts.OCIScheme + "gcr.io/cloud-marketplace-containers/google/bazel",
- Digest: common.DigestSet{
- "sha256": "010a1ecd1a8c3610f12039a25b823e3a17bd3e8ae455a53e340dcfdd37a49964",
- },
- },
- },
- }, {
- name: "sidecars with bad imageId - no uri",
- sidecars: []v1beta1.SidecarState{{
- Name: "git-source-repo-jwqcl",
- ImageID: "gcr.io/tekton-releases/github.com/tektoncd/pipeline/cmd/git-init-sha256:b963f6e7a69617db57b685893256f978436277094c21d43b153994acd8a01247",
- }},
- want: []common.ProvenanceMaterial{{}},
- wantError: fmt.Errorf("expected imageID gcr.io/tekton-releases/github.com/tektoncd/pipeline/cmd/git-init-sha256:b963f6e7a69617db57b685893256f978436277094c21d43b153994acd8a01247 to be separable by @"),
- }, {
- name: "sidecars with bad imageId - no digest",
- sidecars: []v1beta1.SidecarState{{
- Name: "git-source-repo-jwqcl",
- ImageID: "gcr.io/tekton-releases/github.com/tektoncd/pipeline/cmd/git-init@sha256-b963f6e7a69617db57b685893256f978436277094c21d43b153994acd8a01247",
- }},
- want: []common.ProvenanceMaterial{{}},
- wantError: fmt.Errorf("expected imageID gcr.io/tekton-releases/github.com/tektoncd/pipeline/cmd/git-init@sha256-b963f6e7a69617db57b685893256f978436277094c21d43b153994acd8a01247 to be separable by @ and :"),
- }}
- for _, tc := range tests {
- mat, err := FromSidecarImages(tc.sidecars)
- if err != nil {
- if err.Error() != tc.wantError.Error() {
- t.Fatalf("Expected error %v but got %v", tc.wantError, err)
- }
- }
- if tc.wantError == nil {
- if diff := cmp.Diff(tc.want, mat); diff != "" {
- t.Errorf("materials(): -want +got: %s", diff)
- }
- }
- }
-}
-
 func TestFromImageID(t *testing.T) {
  tests := []struct {
  name string