Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Use source.config instead of configuration #1889

Merged
merged 1 commit into from
Aug 29, 2024
Merged

Use source.config instead of configuration #1889

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
40 changes: 20 additions & 20 deletions cmd/validate/__snapshots__/image_test.snap
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -13,20 +13,20 @@
"effective-time": "1970-01-01T00:00:00Z",
"key": "-----BEGIN PUBLIC KEY-----\nMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAECBtqKHcvxYkGx7ZXqps3nrYS+ZSA\nmh3m1MZfTGlnr2oN0z+sBWEC23s4RkVSXkEydI6SLYatUtJK8OmiBRS+Xw==\n-----END PUBLIC KEY-----\n",
"policy": {
"configuration": {
"exclude": [
"not_useful",
"test:conftest-clair"
],
"include": [
"always_checked",
"@salsa_one_collection"
]
},
"description": "My custom enterprise contract policy configuration",
"publicKey": "-----BEGIN PUBLIC KEY-----\nMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAECBtqKHcvxYkGx7ZXqps3nrYS+ZSA\nmh3m1MZfTGlnr2oN0z+sBWEC23s4RkVSXkEydI6SLYatUtJK8OmiBRS+Xw==\n-----END PUBLIC KEY-----\n",
"sources": [
{
"config": {
"exclude": [
"not_useful",
"test:conftest-clair"
],
"include": [
"always_checked",
"@salsa_one_collection"
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Out of scope, but I wondered - is this an intentional or unintentional comedy misspelling?

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

It looks like @zregvart added it in #1076 probably for the lolz.

]
},
"policy": [
"quay.io/hacbs-contract/ec-release-policy:latest"
]
Expand All @@ -51,20 +51,20 @@
"effective-time": "1970-01-01T00:00:00Z",
"key": "-----BEGIN PUBLIC KEY-----\nMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAECBtqKHcvxYkGx7ZXqps3nrYS+ZSA\nmh3m1MZfTGlnr2oN0z+sBWEC23s4RkVSXkEydI6SLYatUtJK8OmiBRS+Xw==\n-----END PUBLIC KEY-----\n",
"policy": {
"configuration": {
"exclude": [
"not_useful",
"test:conftest-clair"
],
"include": [
"always_checked",
"@salsa_one_collection"
]
},
"description": "My custom enterprise contract policy configuration",
"publicKey": "-----BEGIN PUBLIC KEY-----\nMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAECBtqKHcvxYkGx7ZXqps3nrYS+ZSA\nmh3m1MZfTGlnr2oN0z+sBWEC23s4RkVSXkEydI6SLYatUtJK8OmiBRS+Xw==\n-----END PUBLIC KEY-----\n",
"sources": [
{
"config": {
"exclude": [
"not_useful",
"test:conftest-clair"
],
"include": [
"always_checked",
"@salsa_one_collection"
]
},
"policy": [
"quay.io/hacbs-contract/ec-release-policy:latest"
]
Expand Down
2 changes: 1 addition & 1 deletion cmd/validate/image.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -429,7 +429,7 @@ func validateImageCmd(validate imageValidationFunc) *cobra.Command {
* Kubernetes reference ([<namespace>/]<name>)
* file (policy.yaml)
* git reference (github.com/user/repo//default?ref=main), or
* inline JSON ('{sources: {...}, configuration: {...}}')")`))
* inline JSON ('{sources: {...}, identity: {...}}')")`))

cmd.Flags().StringVarP(&data.imageRef, "image", "i", data.imageRef, "OCI image reference")

Expand Down
61 changes: 29 additions & 32 deletions cmd/validate/image_test.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -557,13 +557,13 @@ description: My custom enterprise contract policy configuration
sources:
- policy:
- quay.io/hacbs-contract/ec-release-policy:latest
configuration:
exclude:
- not_useful
- test:conftest-clair
include:
- always_checked
- "@salsa_one_collection"
config:
exclude:
- not_useful
- test:conftest-clair
include:
- always_checked
- "@salsa_one_collection"
`,
},
{
Expand All @@ -578,13 +578,13 @@ spec:
sources:
- policy:
- quay.io/hacbs-contract/ec-release-policy:latest
configuration:
exclude:
- not_useful
- test:conftest-clair
include:
- always_checked
- "@salsa_one_collection"
config:
exclude:
- not_useful
- test:conftest-clair
include:
- always_checked
- "@salsa_one_collection"
`,
},
}
Expand Down Expand Up @@ -669,12 +669,10 @@ func Test_ValidateImageCommandJSONPolicyFile(t *testing.T) {
- "registry/policy:latest"
data:
- "registry/policy-data:latest"
configuration:
collections:
- minimal
include:
- "*"
exclude: []
config:
include:
- '@minimal'
exclude: []
`
err := afero.WriteFile(fs, "/policy.json", []byte(testPolicyJSON), 0644)
if err != nil {
Expand Down Expand Up @@ -754,12 +752,10 @@ func Test_ValidateImageCommandExtraData(t *testing.T) {
custom_rule_data:
prefix_data:
- registry1
configuration:
collections:
- minimal
include:
- "*"
exclude: []
config:
include:
- '@minimal'
Copy link
Member

@simonbaird simonbaird Aug 28, 2024
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Not sure what the behavior is when both legacy "collections" and "include" are set, but should this be as follows?

Suggested change
- '@minimal'
- "*"

to match line 761 before this PR?

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Maybe it's inconsequential.

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

That's a good question. Arguably, even the old example was a bit odd. I think this probably better captures the intent.

exclude: []
`
err := afero.WriteFile(fs, "/policy.json", []byte(testPolicyJSON), 0644)
if err != nil {
Expand Down Expand Up @@ -820,6 +816,9 @@ spec:
"custom_rule_data":{"prefix_data":["registry1"]},
"key": "---\nkind: ReleasePlanAdmission\nspec:\n application: [some-app]\n data:\n mapping:\n components:\n - name: some-name\n repository: quay.io/some-namespace/msd\n",
"key2": "value2"
},
"config": {
"include": ["@minimal"]
}
}`, string(sourceSampleMarshaled))
}
Expand Down Expand Up @@ -947,12 +946,10 @@ func Test_ValidateImageErrorLog(t *testing.T) {
- "registry/policy:latest"
data:
- "registry/policy-data:latest"
configuration:
collections:
- minimal
include:
- "*"
exclude: []
config:
include:
- '@minimal'
exclude: []
`
err := afero.WriteFile(fs, "/policy.yaml", []byte(testPolicyJSON), 0644)
if err != nil {
Expand Down
2 changes: 1 addition & 1 deletion cmd/validate/input.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -198,7 +198,7 @@ func validateInputCmd(validate InputValidationFunc) *cobra.Command {
Policy configuration as:
* file (policy.yaml)
* git reference (github.com/user/repo//default?ref=main), or
* inline JSON ('{sources: {...}, configuration: {...}}')")`))
* inline JSON ('{sources: {...}}')")`))

validOutputFormats := applicationsnapshot.OutputFormats
cmd.Flags().StringSliceVarP(&data.output, "output", "o", data.output, hd.Doc(`
Expand Down
2 changes: 1 addition & 1 deletion cmd/validate/policy.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -78,7 +78,7 @@ func ValidatePolicyCmd(validate policyValidationFunc) *cobra.Command {
Policy configuration as:
* file (policy.yaml)
* git reference (github.com/user/repo//default?ref=main), or
* inline JSON ('{sources: {...}, configuration: {...}}')")`))
* inline JSON ('{sources: {...}}')")`))

if err := cmd.MarkFlagRequired("policy"); err != nil {
panic(err)
Expand Down
18 changes: 9 additions & 9 deletions docs/modules/ROOT/pages/configuration.adoc
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -352,15 +352,15 @@ YAML::
+
[source,yaml]
----
configuration:
exclude:
- test:get-clair-scan
- test:clamav-scan
sources:
- policy:
- oci::quay.io/enterprise-contract/ec-release-policy:latest
data:
- git::https://github.com/enterprise-contract/ec-policies//example/data
config:
exclude:
- test:get-clair-scan
- test:clamav-scan
----
JSON::
+
Expand Down Expand Up @@ -563,7 +563,7 @@ The `policy` and `data` fields in the configuration represent the URI of the pol

=== Local File

A local file path scheme, such as the following, may be utilized.
A local file path scheme, such as the following, may be utilized.

* `file://<path>`

Expand Down Expand Up @@ -594,7 +594,7 @@ You may also use the `git::` prefix to specify a Git repository URL. The followi

NOTE: In all git URL forms, the `.git` extension is optional.

NOTE: In all git URL forms, the `?ref=<reference>` is optional and defaults to the repository's default branch.
NOTE: In all git URL forms, the `?ref=<reference>` is optional and defaults to the repository's default branch.

NOTE: In all git URL forms, the `//<path>` is optional and defaults to the root of the repository.

Expand Down Expand Up @@ -632,9 +632,9 @@ An OCI registry URL may be utilized. The following registry hosts have automatic
You may also use the `oci::` prefix to specify an OCI registry URL:

* `oci://<registry>/<repository>:<tag>`
* `oci://<registry>/<repository>@<digest>`
* `oci://<registry>/<repository>@<digest>`
* `oci::<registry>/<repository>:<tag>`
* `oci::<registry>/<repository>:<tag>@<digest>`
* `oci::<registry>/<repository>:<tag>@<digest>`

NOTE: the <tag> is optional and defaults to `latest`.
NOTE: the <digest> is optional and defaults to the latest digest.
NOTE: the <digest> is optional and defaults to the latest digest.
2 changes: 1 addition & 1 deletion docs/modules/ROOT/pages/ec_validate_image.adoc
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -144,7 +144,7 @@ mark (?) sign, for example: --output text=output.txt?show-successes=false
* Kubernetes reference ([<namespace>/]<name>)
* file (policy.yaml)
* git reference (github.com/user/repo//default?ref=main), or
* inline JSON ('{sources: {...}, configuration: {...}}')")
* inline JSON ('{sources: {...}, identity: {...}}')")
-k, --public-key:: path to the public key. Overrides publicKey from EnterpriseContractPolicy
-r, --rekor-url:: Rekor URL. Overrides rekorURL from EnterpriseContractPolicy
--snapshot:: Provide the AppStudio Snapshot as a source of the images to validate, as inline
Expand Down
2 changes: 1 addition & 1 deletion docs/modules/ROOT/pages/ec_validate_input.adoc
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -54,7 +54,7 @@ mark (?) sign, for example: --output text=output.txt?show-successes=false
-p, --policy:: Policy configuration as:
* file (policy.yaml)
* git reference (github.com/user/repo//default?ref=main), or
* inline JSON ('{sources: {...}, configuration: {...}}')")
* inline JSON ('{sources: {...}}')")
-s, --strict:: Return non-zero status on non-successful validation (Default: true)

== Options inherited from parent commands
Expand Down
2 changes: 1 addition & 1 deletion docs/modules/ROOT/pages/ec_validate_policy.adoc
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -22,7 +22,7 @@ ec validate policy --policy-configuration github.com/org/repo/policy.yaml
-p, --policy:: Policy configuration as:
* file (policy.yaml)
* git reference (github.com/user/repo//default?ref=main), or
* inline JSON ('{sources: {...}, configuration: {...}}')")
* inline JSON ('{sources: {...}}')")

== Options inherited from parent commands

Expand Down
Loading
Loading