Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

feat: add version to CRD spec #1215

Merged
merged 8 commits into from
Dec 19, 2023
Merged
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
6 changes: 4 additions & 2 deletions api/v1beta1/store_types.go
Original file line number Diff line number Diff line change
Expand Up @@ -23,10 +23,12 @@ import (

// StoreSpec defines the desired state of Store
type StoreSpec struct {
// Important: Run "make" to regenerate code after modifying this file
// Important: Run "make install-crds" to regenerate code after modifying this file

// Name of the store
Name string `json:"name,omitempty"`
Name string `json:"name"`
// Version of the store plugin. Optional
Version string `json:"version,omitempty"`
// Plugin path, optional
Address string `json:"address,omitempty"`
// OCI Artifact source to download the plugin from, optional
Expand Down
9 changes: 6 additions & 3 deletions api/v1beta1/verifier_types.go
Original file line number Diff line number Diff line change
Expand Up @@ -23,13 +23,16 @@ import (

// VerifierSpec defines the desired state of Verifier
type VerifierSpec struct {
// Important: Run "make" to regenerate code after modifying this file
// Important: Run "make install-crds" to regenerate code after modifying this file

// Name of the verifier
Name string `json:"name,omitempty"`
Name string `json:"name"`

// Version of the verifier plugin. Optional
Version string `json:"version,omitempty"`

// The type of artifact this verifier handles
ArtifactTypes string `json:"artifactTypes,omitempty"`
ArtifactTypes string `json:"artifactTypes"`
susanshi marked this conversation as resolved.
Show resolved Hide resolved

// # Optional. URL/file path
Address string `json:"address,omitempty"`
Expand Down
9 changes: 7 additions & 2 deletions charts/ratify/crds/store-customresourcedefinition.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -15,7 +15,7 @@ spec:
scope: Cluster
versions:
- deprecated: true
deprecationWarning: v1alpha1 of the eraser API has been deprecated. Please migrate
deprecationWarning: v1alpha1 of the Store API has been deprecated. Please migrate
to v1beta1.
name: v1alpha1
schema:
Expand Down Expand Up @@ -92,6 +92,9 @@ spec:
name:
description: Name of the store
type: string
version:
description: Version of the store plugin. Optional
type: string
parameters:
description: Parameters of the store
type: object
Expand All @@ -107,7 +110,9 @@ spec:
source, optional
type: object
x-kubernetes-preserve-unknown-fields: true
type: object
type: object
required:
- name
type: object
status:
description: StoreStatus defines the observed state of Store
Expand Down
8 changes: 7 additions & 1 deletion charts/ratify/crds/verifier-customresourcedefinition.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -15,7 +15,7 @@ spec:
scope: Cluster
versions:
- deprecated: true
deprecationWarning: v1alpha1 of the eraser API has been deprecated. Please migrate
deprecationWarning: v1alpha1 of the Verifier API has been deprecated. Please migrate
to v1beta1.
name: v1alpha1
schema:
Expand Down Expand Up @@ -98,6 +98,9 @@ spec:
name:
description: Name of the verifier
type: string
version:
description: Version of the verifier plugin. Optional
type: string
parameters:
description: Parameters for this verifier
type: object
Expand All @@ -114,6 +117,9 @@ spec:
type: object
x-kubernetes-preserve-unknown-fields: true
type: object
required:
- artifactTypes
- name
type: object
status:
description: VerifierStatus defines the observed state of Verifier
Expand Down
1 change: 1 addition & 0 deletions charts/ratify/templates/store.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -7,6 +7,7 @@ metadata:
helm.sh/hook-weight: "5"
spec:
name: oras
version: 1.0.0
parameters:
{{- if .Values.oras.useHttp }}
useHttp: true
Expand Down
4 changes: 4 additions & 0 deletions charts/ratify/templates/verifier.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -9,6 +9,7 @@ metadata:
helm.sh/hook-weight: "5"
spec:
name: notation
version: 1.0.0
artifactTypes: application/vnd.cncf.notary.signature
parameters:
verificationCertStores:
Expand Down Expand Up @@ -49,6 +50,7 @@ metadata:
helm.sh/hook-weight: "5"
spec:
name: cosign
version: 1.0.0
artifactTypes: application/vnd.dev.cosign.artifact.sig.v1+json
parameters:
key: /usr/local/ratify-certs/cosign/cosign.pub
Expand All @@ -64,6 +66,7 @@ metadata:
helm.sh/hook-weight: "5"
spec:
name: vulnerabilityreport
version: 1.0.0
artifactTypes: application/sarif+json
parameters:
{{- if .Values.vulnerabilityreport.notaryProjectSignatureRequired }}
Expand Down Expand Up @@ -103,6 +106,7 @@ metadata:
name: verifier-sbom
spec:
name: sbom
version: 2.0.0-alpha.1
artifactTypes: application/spdx+json
parameters:
{{- if gt (len .Values.sbom.disallowedPackages) 0 }}
Expand Down
5 changes: 5 additions & 0 deletions config/config.go
Original file line number Diff line number Diff line change
Expand Up @@ -140,6 +140,11 @@
return defaultPluginsPath
}

// returns default plugin version of 1.0.0
func GetDefaultPluginVersion() string {
return "1.0.0"

Check warning on line 145 in config/config.go

View check run for this annotation

Codecov / codecov/patch

config/config.go#L144-L145

Added lines #L144 - L145 were not covered by tests
susanshi marked this conversation as resolved.
Show resolved Hide resolved
}

// GetLoggerConfig returns logger configuration from config file at specified path.
func GetLoggerConfig(configFilePath string) (logger.Config, error) {
config, err := Load(configFilePath)
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -111,7 +111,7 @@ spec:
format: date-time
type: string
properties:
description: provider specific parameters of the each individual certificate
description: provider specific properties of the each individual certificate
type: object
x-kubernetes-preserve-unknown-fields: true
required:
Expand Down
5 changes: 5 additions & 0 deletions config/crd/bases/config.ratify.deislabs.io_stores.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -93,6 +93,9 @@ spec:
name:
description: Name of the store
type: string
version:
description: Version of the store plugin. Optional
type: string
parameters:
description: Parameters of the store
type: object
Expand All @@ -109,6 +112,8 @@ spec:
type: object
x-kubernetes-preserve-unknown-fields: true
type: object
required:
- name
type: object
status:
description: StoreStatus defines the observed state of Store
Expand Down
6 changes: 6 additions & 0 deletions config/crd/bases/config.ratify.deislabs.io_verifiers.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -99,6 +99,9 @@ spec:
name:
description: Name of the verifier
type: string
version:
description: Version of the verifier plugin. Optional
type: string
parameters:
description: Parameters for this verifier
type: object
Expand All @@ -115,6 +118,9 @@ spec:
type: object
x-kubernetes-preserve-unknown-fields: true
type: object
required:
- artifactTypes
- name
type: object
status:
description: VerifierStatus defines the observed state of Verifier
Expand Down
1 change: 1 addition & 0 deletions config/samples/config_v1beta1_verifier_sbom_deny.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -4,6 +4,7 @@ metadata:
name: verifier-sbom
spec:
name: sbom
version: 2.0.0-alpha.1
artifactTypes: application/spdx+json
parameters:
disallowedLicenses:
Expand Down
12 changes: 8 additions & 4 deletions pkg/controllers/store_controller.go
Original file line number Diff line number Diff line change
Expand Up @@ -94,14 +94,18 @@ func storeAddOrReplace(spec configv1beta1.StoreSpec, fullname string) error {
if err != nil {
return fmt.Errorf("unable to convert store spec to store config, err: %w", err)
}
// factory only support a single version of configuration today
// when we support multi version store CRD, we will also pass in the corresponding config version so factory can create different version of the object
storeConfigVersion := "1.0.0"

// if the default version is not suitable, the plugin configuration should specify the desired version
if len(spec.Version) == 0 {
spec.Version = config.GetDefaultPluginVersion()
logrus.Infof("Version was empty, setting to default version: %v", spec.Version)
}

if spec.Address == "" {
spec.Address = config.GetDefaultPluginPath()
logrus.Infof("Address was empty, setting to default path %v", spec.Address)
}
storeReference, err := sf.CreateStoreFromConfig(storeConfig, storeConfigVersion, []string{spec.Address})
storeReference, err := sf.CreateStoreFromConfig(storeConfig, spec.Version, []string{spec.Address})

if err != nil || storeReference == nil {
logrus.Error(err, "store factory failed to create store from store config")
Expand Down
21 changes: 12 additions & 9 deletions pkg/controllers/verifier_controller.go
Original file line number Diff line number Diff line change
Expand Up @@ -102,15 +102,18 @@ func verifierAddOrReplace(spec configv1beta1.VerifierSpec, objectName string, na
logrus.Error(err, "unable to convert crd specification to verifier config")
return fmt.Errorf("unable to convert crd specification to verifier config, err: %w", err)
}
// verifier factory only support a single version of configuration today
// when we support multi version verifier CRD, we will also pass in the corresponding config version so factory can create different version of the object
verifierConfigVersion := "1.0.0" // TODO: move default values to defaulting webhook in the future #413

if len(spec.Version) == 0 {
spec.Version = config.GetDefaultPluginVersion()
logrus.Infof("Version was empty, setting to default version: %v", spec.Version)
}

if spec.Address == "" {
spec.Address = config.GetDefaultPluginPath()
logrus.Infof("Address was empty, setting to default path: %v", spec.Address)
}

referenceVerifier, err := vf.CreateVerifierFromConfig(verifierConfig, verifierConfigVersion, []string{spec.Address}, namespace)
referenceVerifier, err := vf.CreateVerifierFromConfig(verifierConfig, spec.Version, []string{spec.Address}, namespace)

if err != nil || referenceVerifier == nil {
logrus.Error(err, "unable to create verifier from verifier config")
Expand Down Expand Up @@ -155,11 +158,11 @@ func (r *VerifierReconciler) SetupWithManager(mgr ctrl.Manager) error {
}

// Historically certStore defined in trust policy only contains name which means the CertStore cannot be uniquely identified
// If verifierNamesapce is not empty, this method returns the default cert store namespace else returns the ratify deployed namespace
func getCertStoreNamespace(verifierNamesapce string) (string, error) {
// first, check if we can use the verifier namespace
if verifierNamesapce != "" {
return verifierNamesapce, nil
// If verifierNamespace is not empty, this method returns the default cert store namespace else returns the ratify deployed namespace
func getCertStoreNamespace(verifierNamespace string) (string, error) {
// first, check if we can use the verifier namespace as the cert store namespace
if verifierNamespace != "" {
return verifierNamespace, nil
}

// next, return the ratify deployed namespace
Expand Down
Loading