github.com/redhat-appstudio/e2e-tests@v0.0.0-20240520140907-9709f6f59323/pkg/utils/tekton/cosign_results.go

github.com/redhat-appstudio/e2e-tests@v0.0.0-20240520140907-9709f6f59323/pkg/utils/tekton/cosign_results.go (about)

     1  package tekton
     2  
     3  import (
     4  	"fmt"
     5  	"strings"
     6  )
     7  
     8  type CosignResult struct {
     9  	SignatureImageRef   string
    10  	AttestationImageRef string
    11  }
    12  
    13  // FindCosignResultsForImage looks for .sig and .att image tags in the OpenShift image stream for the provided image reference.
    14  // If none can be found errors.IsNotFound(err) is true, when err is nil CosignResult contains image references for signature and attestation images, otherwise other errors could be returned.
    15  func FindCosignResultsForImage(imageRef string) (*CosignResult, error) {
    16  	var errMsg string
    17  	// Split the image ref into image repo+tag (e.g quay.io/repo/name:tag), and image digest (sha256:abcd...)
    18  	imageInfo := strings.Split(imageRef, "@")
    19  	imageRegistryName := strings.Split(imageInfo[0], "/")[0]
    20  	// imageRepoName is stripped from container registry name and a tag e.g. "quay.io/<org>/<repo>:tagprefix" => "<org>/<repo>"
    21  	imageRepoName := strings.Split(strings.TrimPrefix(imageInfo[0], fmt.Sprintf("%s/", imageRegistryName)), ":")[0]
    22  	// Cosign creates tags for attestation and signature based on the image digest. Compute
    23  	// the expected prefix for later usage: sha256:abcd... -> sha256-abcd...
    24  	// Also, this prefix is really the prefix of the image tag resource which follows the
    25  	// format: <image-repo>:<tag-name>
    26  	imageTagPrefix := strings.Replace(imageInfo[1], ":", "-", 1)
    27  
    28  	results := CosignResult{}
    29  	signatureTag, err := getImageInfoFromQuay(imageRepoName, imageTagPrefix+".sig")
    30  	if err != nil {
    31  		errMsg += fmt.Sprintf("error when getting signature tag: %+v\n", err)
    32  	} else {
    33  		results.SignatureImageRef = signatureTag.ImageRef
    34  	}
    35  
    36  	attestationTag, err := getImageInfoFromQuay(imageRepoName, imageTagPrefix+".att")
    37  	if err != nil {
    38  		errMsg += fmt.Sprintf("error when getting attestation tag: %+v\n", err)
    39  	} else {
    40  		results.AttestationImageRef = attestationTag.ImageRef
    41  	}
    42  
    43  	if len(errMsg) > 0 {
    44  		return &results, fmt.Errorf("failed to find cosign results for image %s: %s", imageRef, errMsg)
    45  	}
    46  
    47  	return &results, nil
    48  }
    49  
    50  // IsPresent checks if CosignResult is present.
    51  func (c CosignResult) IsPresent() bool {
    52  	return c.SignatureImageRef != "" && c.AttestationImageRef != ""
    53  }
    54  
    55  // Missing checks if CosignResult is missing.
    56  func (c CosignResult) Missing(prefix string) string {
    57  	var ret []string = make([]string, 0, 2)
    58  	if c.SignatureImageRef == "" {
    59  		ret = append(ret, prefix+".sig")
    60  	}
    61  
    62  	if c.AttestationImageRef == "" {
    63  		ret = append(ret, prefix+".att")
    64  	}
    65  
    66  	return strings.Join(ret, " and ")
    67  }