Skip to content

feat(referrers): API endpoint #424

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 7 commits into from
Nov 9, 2023
Merged

feat(referrers): API endpoint #424

merged 7 commits into from
Nov 9, 2023

Conversation

migmartri
Copy link
Member

@migmartri migmartri commented Nov 9, 2023
edited
Loading

Continuation of #415

  • gRPC and REST API endpoint for referrer discovery by content digest
  • basic (preview) CLI implementation

Business logic

The API will look for the referrers that are part of an organization to which the logged_in user has access.

Consumption examples

CLI

The CLI currently returns JSON

$ chainloop discover -d sha256:29da604ade4ddc9e35f675c7b7fc6355d0b381ca23fab5d1a0614a8ea10ea425
{
  "digest": "sha256:29da604ade4ddc9e35f675c7b7fc6355d0b381ca23fab5d1a0614a8ea10ea425",
  "kind": "ATTESTATION",
  "downloadable": true,
  "createdAt": "2023-11-09T10:46:50.497831Z",
  "references": [
    {
      "digest": "sha1:cb798c19caec6932684aa97e279318dc64265c98",
      "kind": "GIT_HEAD_COMMIT",
      "downloadable": false,
      "createdAt": "2023-11-09T10:45:14.354807Z",
      "references": []
    },
    {
      "digest": "sha256:a23fb6ede2e10cbce94cdecbf6091848ffeb76cfe62d53dd90af6fd908fa23b8",
      "kind": "CONTAINER_IMAGE",
      "downloadable": false,
      "createdAt": "2023-11-09T10:45:14.356221Z",
      "references": []
    },
    {
      "digest": "sha256:ebe2e6ffab93f4b2e2743d3557bd094427ea059adc78cfe2cd330a72f61731e8",
      "kind": "SBOM_CYCLONEDX_JSON",
      "downloadable": false,
      "createdAt": "2023-11-09T10:45:14.353328Z",
      "references": []
    }
  ]
}

gRPC endpoint (controlplane.v1.ReferrerService.Discover)

grpcurl -H "authorization: Bearer $TOKEN_S" -d '{"digest": "sha256:29da604ade4ddc9e35f675c7b7fc6355d0b381ca23fab5d1a0614a8ea10ea425"}' localhost:9000 controlplane.v1.ReferrerService.Discover
{
  "result": {
    "digest": "sha256:29da604ade4ddc9e35f675c7b7fc6355d0b381ca23fab5d1a0614a8ea10ea425",
    "kind": "ATTESTATION",
    "downloadable": true,
    "references": [
      {
        "digest": "sha1:cb798c19caec6932684aa97e279318dc64265c98",
        "kind": "GIT_HEAD_COMMIT",
        "createdAt": "2023-11-09T10:45:14.354807Z"
      },
      {
        "digest": "sha256:a23fb6ede2e10cbce94cdecbf6091848ffeb76cfe62d53dd90af6fd908fa23b8",
        "kind": "CONTAINER_IMAGE",
        "createdAt": "2023-11-09T10:45:14.356221Z"
      },
      {
        "digest": "sha256:ebe2e6ffab93f4b2e2743d3557bd094427ea059adc78cfe2cd330a72f61731e8",
        "kind": "SBOM_CYCLONEDX_JSON",
        "createdAt": "2023-11-09T10:45:14.353328Z"
      }
    ],
    "createdAt": "2023-11-09T10:46:50.497831Z"
  }
}

HTTP endpoint (/discover/[digest])

$ curl -s -H "Authorization: Bearer $TOKEN_S" http://localhost:8000/discover/sha256:29da604ade4ddc9e35f675c7b7fc6355d0b381ca23fab5d1a0614a8ea10ea425 

{
  "result": {
    "digest": "sha256:29da604ade4ddc9e35f675c7b7fc6355d0b381ca23fab5d1a0614a8ea10ea425",
    "kind": "ATTESTATION",
    "downloadable": true,
    "references": [
      {
        "digest": "sha1:cb798c19caec6932684aa97e279318dc64265c98",
        "kind": "GIT_HEAD_COMMIT",
        "downloadable": false,
        "references": [],
        "createdAt": "2023-11-09T10:45:14.354807Z"
      },
      {
        "digest": "sha256:a23fb6ede2e10cbce94cdecbf6091848ffeb76cfe62d53dd90af6fd908fa23b8",
        "kind": "CONTAINER_IMAGE",
        "downloadable": false,
        "references": [],
        "createdAt": "2023-11-09T10:45:14.356221Z"
      },
      {
        "digest": "sha256:ebe2e6ffab93f4b2e2743d3557bd094427ea059adc78cfe2cd330a72f61731e8",
        "kind": "SBOM_CYCLONEDX_JSON",
        "downloadable": false,
        "references": [],
        "createdAt": "2023-11-09T10:45:14.353328Z"
      }
    ],
    "createdAt": "2023-11-09T10:46:50.497831Z"
  }
}

Ask for a given piece of evidence

You can for example find all the attestations associated with a given commit ID

chainloop discover -d sha1:cb798c19caec6932684aa97e279318dc64265c98                          
{
  "digest": "sha1:cb798c19caec6932684aa97e279318dc64265c98",
  "kind": "GIT_HEAD_COMMIT",
  "downloadable": false,
  "createdAt": "2023-11-09T10:45:14.354807Z",
  "references": [
    {
      "digest": "sha256:165a6baf2eaaa8a7aab40d2a691bdcf4fa5502c9c1a7a2d0853b9bdead89cdf3",
      "kind": "ATTESTATION",
      "downloadable": true,
      "createdAt": "2023-11-09T10:46:02.815334Z",
      "references": []
    },
    {
      "digest": "sha256:29da604ade4ddc9e35f675c7b7fc6355d0b381ca23fab5d1a0614a8ea10ea425",
      "kind": "ATTESTATION",
      "downloadable": true,
      "createdAt": "2023-11-09T10:46:50.497831Z",
      "references": []
    },
    {
      "digest": "sha256:3970baaaa13318fd96836bc06d49be243804de3fdeeeed2712ab5dcbbe6d041a",
      "kind": "ATTESTATION",
      "downloadable": true,
      "createdAt": "2023-11-09T10:45:14.355553Z",
      "references": []
    },
    {
      "digest": "sha256:aa5758666b2a00f1dd8c2a7afd2455370e416c5b1044c35827c9d0ce8131f866",
      "kind": "ATTESTATION",
      "downloadable": true,
      "createdAt": "2023-11-09T10:45:42.929311Z",
      "references": []
    }
  ]

@migmartri
add discover API
1dd0fc5 
Signed-off-by: Miguel Martinez Trivino <miguel@chainloop.dev>
@migmartri
rebase
cb798c1 
Signed-off-by: Miguel Martinez Trivino <miguel@chainloop.dev>
@migmartri
fix tests
e1033f2 
Signed-off-by: Miguel Martinez Trivino <miguel@chainloop.dev>
@migmartri
fix tests
3e0807c 
Signed-off-by: Miguel Martinez Trivino <miguel@chainloop.dev>
@migmartri
feat(cli): add discovery command
e16f508 
Signed-off-by: Miguel Martinez Trivino <miguel@chainloop.dev>
@migmartri
feat(cli): add discovery command
b29d207 
Signed-off-by: Miguel Martinez Trivino <miguel@chainloop.dev>
@migmartri migmartri marked this pull request as ready for review November 9, 2023 11:42
@migmartri migmartri mentioned this pull request Nov 9, 2023
Closed
@migmartri
Copy link
Member Author

cc/ @jotadrilo

danlishka
danlishka approved these changes Nov 9, 2023
View reviewed changes
Copy link
Member

@danlishka danlishka left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM. This is a great start. What I still need is to get attestation by providing she. I will need to use chainloop download and parse the file. We get attestations today via workflow run id.

@migmartri
feat(cli): add discovery command
cd1e6b8 
Signed-off-by: Miguel Martinez Trivino <miguel@chainloop.dev>
@migmartri
Copy link
Member Author

LGTM. This is a great start. What I still need is to get attestation by providing she. I will need to use chainloop download and parse the file. We get attestations today via workflow run id.

Added here #425

@migmartri migmartri merged commit c4a6e12 into chainloop-dev:main Nov 9, 2023
@migmartri migmartri deleted the discover-api-2 branch November 9, 2023 12:19
@p-linnane p-linnane mentioned this pull request Nov 9, 2023
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@danlishka danlishka danlishka approved these changes

@buccarel buccarel Awaiting requested review from buccarel

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@migmartri @danlishka