/
impl.go
120 lines (102 loc) · 4.1 KB
/
impl.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
/*
Copyright 2022 The Kubernetes Authors.
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/
package imagepromoter
import (
"errors"
"fmt"
"github.com/sirupsen/logrus"
reg "sigs.k8s.io/promo-tools/v3/internal/legacy/dockerregistry"
"sigs.k8s.io/promo-tools/v3/internal/legacy/dockerregistry/registry"
"sigs.k8s.io/promo-tools/v3/internal/legacy/dockerregistry/schema"
"sigs.k8s.io/promo-tools/v3/internal/legacy/gcloud"
"sigs.k8s.io/promo-tools/v3/internal/legacy/stream"
"sigs.k8s.io/promo-tools/v3/internal/version"
options "sigs.k8s.io/promo-tools/v3/promoter/image/options"
"sigs.k8s.io/promo-tools/v3/types/image"
"sigs.k8s.io/release-sdk/sign"
)
const vulnerabilityDiscalimer = `DISCLAIMER: Vulnerabilities are found as issues with package
binaries within image layers, not necessarily with the image layers themselves.
So a 'fixable' vulnerability may not necessarily be immediately actionable. For
example, even though a fixed version of the binary is available, it doesn't
necessarily mean that a new version of the image layer is available.`
// streamProducerFunc is a function that gets the required fields to
// construct a promotion stream producer
type StreamProducerFunc func(
srcRegistry image.Registry, srcImageName image.Name,
destRC registry.Context, imageName image.Name,
digest image.Digest, tag image.Tag, tp reg.TagOp,
) stream.Producer
type DefaultPromoterImplementation struct {
signer *sign.Signer
}
// NewDefaultPromoterImplementation creates a new DefaultPromoterImplementation instance.
func NewDefaultPromoterImplementation() *DefaultPromoterImplementation {
return &DefaultPromoterImplementation{
signer: sign.New(sign.Default()),
}
}
// ValidateOptions checks an options set
func (di *DefaultPromoterImplementation) ValidateOptions(opts *options.Options) error {
if opts.Snapshot == "" && opts.ManifestBasedSnapshotOf == "" {
if opts.Manifest == "" && opts.ThinManifestDir == "" {
return errors.New("either a manifest ot a thin manifest dir have to be set")
}
}
return nil
}
// ActivateServiceAccounts gets key files and activates service accounts
func (di *DefaultPromoterImplementation) ActivateServiceAccounts(opts *options.Options) error {
if !opts.UseServiceAcct {
logrus.Warn("Not setting a service account")
}
if err := gcloud.ActivateServiceAccounts(opts.KeyFiles); err != nil {
return fmt.Errorf("activating service accounts: %w", err)
}
// TODO: Output to log the accout used
return nil
}
// PrecheckAndExit run simple prechecks to exit before promotions
// or security scans
func (di *DefaultPromoterImplementation) PrecheckAndExit(
opts *options.Options, mfests []schema.Manifest,
) error {
// Make the sync context tu run the prechecks:
sc, err := di.MakeSyncContext(opts, mfests)
if err != nil {
return fmt.Errorf("generatinng sync context for prechecks: %w", err)
}
// Run the prechecks, these will be run and the calling
// mode of operation should exit.
if err := sc.RunChecks([]reg.PreCheck{}); err != nil {
return fmt.Errorf("running prechecks before promotion: %w", err)
}
return nil
}
func (di *DefaultPromoterImplementation) PrintVersion() {
logrus.Info(version.Get())
}
// printSection handles the start/finish labels in the
// former legacy cli/run code
func (di *DefaultPromoterImplementation) PrintSection(message string, confirm bool) {
dryRunLabel := ""
if !confirm {
dryRunLabel = "(DRY RUN) "
}
logrus.Infof("********** %s %s**********", message, dryRunLabel)
}
// printSecDisclaimer prints a disclaimer about false positives
// that may be found in container image lauyers.
func (di *DefaultPromoterImplementation) PrintSecDisclaimer() {
logrus.Info(vulnerabilityDiscalimer)
}