diff --git a/app/cli/pkg/action/action.go b/app/cli/pkg/action/action.go index 4f219606b..cc36577f2 100644 --- a/app/cli/pkg/action/action.go +++ b/app/cli/pkg/action/action.go @@ -24,6 +24,7 @@ import ( pb "github.com/chainloop-dev/chainloop/app/controlplane/api/controlplane/v1" "github.com/chainloop-dev/chainloop/pkg/attestation/crafter" + clientAPI "github.com/chainloop-dev/chainloop/pkg/attestation/crafter/api/attestation/v1" "github.com/chainloop-dev/chainloop/pkg/attestation/crafter/statemanager/filesystem" "github.com/chainloop-dev/chainloop/pkg/attestation/crafter/statemanager/remote" "github.com/chainloop-dev/chainloop/pkg/casclient" @@ -100,7 +101,7 @@ func newCrafter(stateOpts *newCrafterStateOpts, conn *grpc.ClientConn, opts ...c } // getCASBackend tries to get CAS upload credentials and set up a CAS client -func getCASBackend(ctx context.Context, client pb.AttestationServiceClient, workflowRunID, casCAPath, casURI string, casConnectionInsecure bool, logger zerolog.Logger, casBackend *casclient.CASBackend) (func() error, error) { +func getCASBackend(ctx context.Context, client pb.AttestationServiceClient, workflowRunID, casCAPath, casURI string, casConnectionInsecure bool, logger zerolog.Logger, casBackend *casclient.CASBackend, casBackendInfo **clientAPI.Attestation_CASBackend) (func() error, error) { credsResp, err := client.GetUploadCreds(ctx, &pb.AttestationServiceGetUploadCredsRequest{ WorkflowRunId: workflowRunID, }) @@ -122,6 +123,14 @@ func getCASBackend(ctx context.Context, client pb.AttestationServiceClient, work return nil, fmt.Errorf("no backend found in upload creds") } + if casBackendInfo != nil { + *casBackendInfo = &clientAPI.Attestation_CASBackend{ + CasBackendId: backend.Id, + CasBackendName: backend.Name, + Fallback: backend.Fallback, + } + } + casBackend.Name = backend.Provider if backend.GetLimits() != nil { casBackend.MaxSize = backend.GetLimits().MaxBytes diff --git a/app/cli/pkg/action/attestation_add.go b/app/cli/pkg/action/attestation_add.go index 22b7e76d3..0baf61ee0 100644 --- a/app/cli/pkg/action/attestation_add.go +++ b/app/cli/pkg/action/attestation_add.go @@ -99,7 +99,7 @@ func (action *AttestationAdd) Run(ctx context.Context, attestationID, materialNa if !crafter.CraftingState.GetDryRun() { client := pb.NewAttestationServiceClient(action.CPConnection) workflowRunID := crafter.CraftingState.GetAttestation().GetWorkflow().GetWorkflowRunId() - connectionCloserFn, getCASBackendErr := getCASBackend(ctx, client, workflowRunID, action.casCAPath, action.casURI, action.connectionInsecure, action.Logger, casBackend) + connectionCloserFn, getCASBackendErr := getCASBackend(ctx, client, workflowRunID, action.casCAPath, action.casURI, action.connectionInsecure, action.Logger, casBackend, nil) if getCASBackendErr != nil { return nil, fmt.Errorf("failed to get CAS backend: %w", getCASBackendErr) } diff --git a/app/cli/pkg/action/attestation_init.go b/app/cli/pkg/action/attestation_init.go index f1bf1c097..5aca4de65 100644 --- a/app/cli/pkg/action/attestation_init.go +++ b/app/cli/pkg/action/attestation_init.go @@ -231,8 +231,9 @@ func (action *AttestationInit) Run(ctx context.Context, opts *AttestationInitRun // Get CAS credentials for PR metadata upload var casBackend = &casclient.CASBackend{Name: "not-set"} + var casBackendInfo *clientAPI.Attestation_CASBackend if !action.dryRun && attestationID != "" { - connectionCloserFn, err := getCASBackend(ctx, client, attestationID, action.casCAPath, action.casURI, action.connectionInsecure, action.Logger, casBackend) + connectionCloserFn, err := getCASBackend(ctx, client, attestationID, action.casCAPath, action.casURI, action.connectionInsecure, action.Logger, casBackend, &casBackendInfo) if err != nil { // We don't want to fail the attestation initialization if CAS setup fails, it's a best-effort feature for PR/MR metadata action.Logger.Warn().Err(err).Msg("unexpected error getting CAS backend") @@ -275,7 +276,8 @@ func (action *AttestationInit) Run(ctx context.Context, opts *AttestationInitRun TimestampAuthorityURL: timestampAuthorityURL, SigningCAName: signingCAName, }, - Auth: authInfo, + Auth: authInfo, + CASBackend: casBackendInfo, } if err := action.c.Init(ctx, initOpts); err != nil { diff --git a/app/controlplane/api/controlplane/v1/response_messages.pb.go b/app/controlplane/api/controlplane/v1/response_messages.pb.go index 26c2cd420..9fa6bed61 100644 --- a/app/controlplane/api/controlplane/v1/response_messages.pb.go +++ b/app/controlplane/api/controlplane/v1/response_messages.pb.go @@ -2000,8 +2000,10 @@ type CASBackendItem struct { // Error message if validation failed ValidationError *string `protobuf:"bytes,12,opt,name=validation_error,json=validationError,proto3,oneof" json:"validation_error,omitempty"` UpdatedAt *timestamppb.Timestamp `protobuf:"bytes,13,opt,name=updated_at,json=updatedAt,proto3" json:"updated_at,omitempty"` - unknownFields protoimpl.UnknownFields - sizeCache protoimpl.SizeCache + // Wether it's the fallback backend in the organization + Fallback bool `protobuf:"varint,14,opt,name=fallback,proto3" json:"fallback,omitempty"` + unknownFields protoimpl.UnknownFields + sizeCache protoimpl.SizeCache } func (x *CASBackendItem) Reset() { @@ -2125,6 +2127,13 @@ func (x *CASBackendItem) GetUpdatedAt() *timestamppb.Timestamp { return nil } +func (x *CASBackendItem) GetFallback() bool { + if x != nil { + return x.Fallback + } + return false +} + type APITokenItem struct { state protoimpl.MessageState `protogen:"open.v1"` Id string `protobuf:"bytes,1,opt,name=id,proto3" json:"id,omitempty"` @@ -2777,7 +2786,7 @@ const file_controlplane_v1_response_messages_proto_rawDesc = "" + "\x1fPolicyViolationBlockingStrategy\x122\n" + ".POLICY_VIOLATION_BLOCKING_STRATEGY_UNSPECIFIED\x10\x00\x12,\n" + "(POLICY_VIOLATION_BLOCKING_STRATEGY_BLOCK\x10\x01\x12/\n" + - "+POLICY_VIOLATION_BLOCKING_STRATEGY_ADVISORY\x10\x02\"\xf5\x05\n" + + "+POLICY_VIOLATION_BLOCKING_STRATEGY_ADVISORY\x10\x02\"\x91\x06\n" + "\x0eCASBackendItem\x12\x0e\n" + "\x02id\x18\x01 \x01(\tR\x02id\x12\x12\n" + "\x04name\x18\v \x01(\tR\x04name\x12\x1a\n" + @@ -2794,7 +2803,8 @@ const file_controlplane_v1_response_messages_proto_rawDesc = "" + " \x01(\bR\bisInline\x12.\n" + "\x10validation_error\x18\f \x01(\tH\x00R\x0fvalidationError\x88\x01\x01\x129\n" + "\n" + - "updated_at\x18\r \x01(\v2\x1a.google.protobuf.TimestampR\tupdatedAt\x1a%\n" + + "updated_at\x18\r \x01(\v2\x1a.google.protobuf.TimestampR\tupdatedAt\x12\x1a\n" + + "\bfallback\x18\x0e \x01(\bR\bfallback\x1a%\n" + "\x06Limits\x12\x1b\n" + "\tmax_bytes\x18\x01 \x01(\x03R\bmaxBytes\"n\n" + "\x10ValidationStatus\x12!\n" + diff --git a/app/controlplane/api/controlplane/v1/response_messages.proto b/app/controlplane/api/controlplane/v1/response_messages.proto index cb12e2ce8..89da57381 100644 --- a/app/controlplane/api/controlplane/v1/response_messages.proto +++ b/app/controlplane/api/controlplane/v1/response_messages.proto @@ -312,6 +312,8 @@ message CASBackendItem { // Error message if validation failed optional string validation_error = 12; google.protobuf.Timestamp updated_at = 13; + // Wether it's the fallback backend in the organization + bool fallback = 14; message Limits { // Max number of bytes allowed to be stored in this backend diff --git a/app/controlplane/api/gen/frontend/attestation/v1/crafting_state.ts b/app/controlplane/api/gen/frontend/attestation/v1/crafting_state.ts index bd7ceee8c..7af46004d 100644 --- a/app/controlplane/api/gen/frontend/attestation/v1/crafting_state.ts +++ b/app/controlplane/api/gen/frontend/attestation/v1/crafting_state.ts @@ -43,6 +43,8 @@ export interface Attestation { auth?: Attestation_Auth; /** array of hostnames that are allowed to be used in the policies */ policiesAllowedHostnames: string[]; + /** CAS backend information used during attestation */ + casBackend?: Attestation_CASBackend; } export interface Attestation_MaterialsEntry { @@ -216,6 +218,15 @@ export function attestation_Auth_AuthTypeToJSON(object: Attestation_Auth_AuthTyp } } +export interface Attestation_CASBackend { + /** UUID of the CAS backend */ + casBackendId: string; + /** Name of the CAS backend */ + casBackendName: string; + /** Whether this is a fallback backend */ + fallback: boolean; +} + export interface Attestation_SigningOptions { /** TSA URL */ timestampAuthorityUrl: string; @@ -415,6 +426,7 @@ function createBaseAttestation(): Attestation { runnerEnvironment: undefined, auth: undefined, policiesAllowedHostnames: [], + casBackend: undefined, }; } @@ -468,6 +480,9 @@ export const Attestation = { for (const v of message.policiesAllowedHostnames) { writer.uint32(146).string(v!); } + if (message.casBackend !== undefined) { + Attestation_CASBackend.encode(message.casBackend, writer.uint32(154).fork()).ldelim(); + } return writer; }, @@ -599,6 +614,13 @@ export const Attestation = { message.policiesAllowedHostnames.push(reader.string()); continue; + case 19: + if (tag !== 154) { + break; + } + + message.casBackend = Attestation_CASBackend.decode(reader, reader.uint32()); + continue; } if ((tag & 7) === 4 || tag === 0) { break; @@ -649,6 +671,7 @@ export const Attestation = { policiesAllowedHostnames: Array.isArray(object?.policiesAllowedHostnames) ? object.policiesAllowedHostnames.map((e: any) => String(e)) : [], + casBackend: isSet(object.casBackend) ? Attestation_CASBackend.fromJSON(object.casBackend) : undefined, }; }, @@ -698,6 +721,8 @@ export const Attestation = { } else { obj.policiesAllowedHostnames = []; } + message.casBackend !== undefined && + (obj.casBackend = message.casBackend ? Attestation_CASBackend.toJSON(message.casBackend) : undefined); return obj; }, @@ -752,6 +777,9 @@ export const Attestation = { ? Attestation_Auth.fromPartial(object.auth) : undefined; message.policiesAllowedHostnames = object.policiesAllowedHostnames?.map((e) => e) || []; + message.casBackend = (object.casBackend !== undefined && object.casBackend !== null) + ? Attestation_CASBackend.fromPartial(object.casBackend) + : undefined; return message; }, }; @@ -1910,6 +1938,90 @@ export const Attestation_Auth = { }, }; +function createBaseAttestation_CASBackend(): Attestation_CASBackend { + return { casBackendId: "", casBackendName: "", fallback: false }; +} + +export const Attestation_CASBackend = { + encode(message: Attestation_CASBackend, writer: _m0.Writer = _m0.Writer.create()): _m0.Writer { + if (message.casBackendId !== "") { + writer.uint32(10).string(message.casBackendId); + } + if (message.casBackendName !== "") { + writer.uint32(18).string(message.casBackendName); + } + if (message.fallback === true) { + writer.uint32(24).bool(message.fallback); + } + return writer; + }, + + decode(input: _m0.Reader | Uint8Array, length?: number): Attestation_CASBackend { + const reader = input instanceof _m0.Reader ? input : _m0.Reader.create(input); + let end = length === undefined ? reader.len : reader.pos + length; + const message = createBaseAttestation_CASBackend(); + while (reader.pos < end) { + const tag = reader.uint32(); + switch (tag >>> 3) { + case 1: + if (tag !== 10) { + break; + } + + message.casBackendId = reader.string(); + continue; + case 2: + if (tag !== 18) { + break; + } + + message.casBackendName = reader.string(); + continue; + case 3: + if (tag !== 24) { + break; + } + + message.fallback = reader.bool(); + continue; + } + if ((tag & 7) === 4 || tag === 0) { + break; + } + reader.skipType(tag & 7); + } + return message; + }, + + fromJSON(object: any): Attestation_CASBackend { + return { + casBackendId: isSet(object.casBackendId) ? String(object.casBackendId) : "", + casBackendName: isSet(object.casBackendName) ? String(object.casBackendName) : "", + fallback: isSet(object.fallback) ? Boolean(object.fallback) : false, + }; + }, + + toJSON(message: Attestation_CASBackend): unknown { + const obj: any = {}; + message.casBackendId !== undefined && (obj.casBackendId = message.casBackendId); + message.casBackendName !== undefined && (obj.casBackendName = message.casBackendName); + message.fallback !== undefined && (obj.fallback = message.fallback); + return obj; + }, + + create, I>>(base?: I): Attestation_CASBackend { + return Attestation_CASBackend.fromPartial(base ?? {}); + }, + + fromPartial, I>>(object: I): Attestation_CASBackend { + const message = createBaseAttestation_CASBackend(); + message.casBackendId = object.casBackendId ?? ""; + message.casBackendName = object.casBackendName ?? ""; + message.fallback = object.fallback ?? false; + return message; + }, +}; + function createBaseAttestation_SigningOptions(): Attestation_SigningOptions { return { timestampAuthorityUrl: "", signingCa: "" }; } diff --git a/app/controlplane/api/gen/frontend/controlplane/v1/response_messages.ts b/app/controlplane/api/gen/frontend/controlplane/v1/response_messages.ts index 7fe2b2932..bc696dfb6 100644 --- a/app/controlplane/api/gen/frontend/controlplane/v1/response_messages.ts +++ b/app/controlplane/api/gen/frontend/controlplane/v1/response_messages.ts @@ -674,6 +674,8 @@ export interface CASBackendItem { /** Error message if validation failed */ validationError?: string | undefined; updatedAt?: Date; + /** Wether it's the fallback backend in the organization */ + fallback: boolean; } export enum CASBackendItem_ValidationStatus { @@ -3939,6 +3941,7 @@ function createBaseCASBackendItem(): CASBackendItem { isInline: false, validationError: undefined, updatedAt: undefined, + fallback: false, }; } @@ -3983,6 +3986,9 @@ export const CASBackendItem = { if (message.updatedAt !== undefined) { Timestamp.encode(toTimestamp(message.updatedAt), writer.uint32(106).fork()).ldelim(); } + if (message.fallback === true) { + writer.uint32(112).bool(message.fallback); + } return writer; }, @@ -4084,6 +4090,13 @@ export const CASBackendItem = { message.updatedAt = fromTimestamp(Timestamp.decode(reader, reader.uint32())); continue; + case 14: + if (tag !== 112) { + break; + } + + message.fallback = reader.bool(); + continue; } if ((tag & 7) === 4 || tag === 0) { break; @@ -4110,6 +4123,7 @@ export const CASBackendItem = { isInline: isSet(object.isInline) ? Boolean(object.isInline) : false, validationError: isSet(object.validationError) ? String(object.validationError) : undefined, updatedAt: isSet(object.updatedAt) ? fromJsonTimestamp(object.updatedAt) : undefined, + fallback: isSet(object.fallback) ? Boolean(object.fallback) : false, }; }, @@ -4130,6 +4144,7 @@ export const CASBackendItem = { message.isInline !== undefined && (obj.isInline = message.isInline); message.validationError !== undefined && (obj.validationError = message.validationError); message.updatedAt !== undefined && (obj.updatedAt = message.updatedAt.toISOString()); + message.fallback !== undefined && (obj.fallback = message.fallback); return obj; }, @@ -4154,6 +4169,7 @@ export const CASBackendItem = { message.isInline = object.isInline ?? false; message.validationError = object.validationError ?? undefined; message.updatedAt = object.updatedAt ?? undefined; + message.fallback = object.fallback ?? false; return message; }, }; diff --git a/app/controlplane/api/gen/jsonschema/attestation.v1.Attestation.CASBackend.jsonschema.json b/app/controlplane/api/gen/jsonschema/attestation.v1.Attestation.CASBackend.jsonschema.json new file mode 100644 index 000000000..fd91795c9 --- /dev/null +++ b/app/controlplane/api/gen/jsonschema/attestation.v1.Attestation.CASBackend.jsonschema.json @@ -0,0 +1,35 @@ +{ + "$id": "attestation.v1.Attestation.CASBackend.jsonschema.json", + "$schema": "https://json-schema.org/draft/2020-12/schema", + "additionalProperties": false, + "patternProperties": { + "^(cas_backend_id)$": { + "description": "UUID of the CAS backend", + "minLength": 1, + "type": "string" + }, + "^(cas_backend_name)$": { + "description": "Name of the CAS backend", + "minLength": 1, + "type": "string" + } + }, + "properties": { + "casBackendId": { + "description": "UUID of the CAS backend", + "minLength": 1, + "type": "string" + }, + "casBackendName": { + "description": "Name of the CAS backend", + "minLength": 1, + "type": "string" + }, + "fallback": { + "description": "Whether this is a fallback backend", + "type": "boolean" + } + }, + "title": "CAS Backend", + "type": "object" +} diff --git a/app/controlplane/api/gen/jsonschema/attestation.v1.Attestation.CASBackend.schema.json b/app/controlplane/api/gen/jsonschema/attestation.v1.Attestation.CASBackend.schema.json new file mode 100644 index 000000000..6366bb661 --- /dev/null +++ b/app/controlplane/api/gen/jsonschema/attestation.v1.Attestation.CASBackend.schema.json @@ -0,0 +1,35 @@ +{ + "$id": "attestation.v1.Attestation.CASBackend.schema.json", + "$schema": "https://json-schema.org/draft/2020-12/schema", + "additionalProperties": false, + "patternProperties": { + "^(casBackendId)$": { + "description": "UUID of the CAS backend", + "minLength": 1, + "type": "string" + }, + "^(casBackendName)$": { + "description": "Name of the CAS backend", + "minLength": 1, + "type": "string" + } + }, + "properties": { + "cas_backend_id": { + "description": "UUID of the CAS backend", + "minLength": 1, + "type": "string" + }, + "cas_backend_name": { + "description": "Name of the CAS backend", + "minLength": 1, + "type": "string" + }, + "fallback": { + "description": "Whether this is a fallback backend", + "type": "boolean" + } + }, + "title": "CAS Backend", + "type": "object" +} diff --git a/app/controlplane/api/gen/jsonschema/attestation.v1.Attestation.jsonschema.json b/app/controlplane/api/gen/jsonschema/attestation.v1.Attestation.jsonschema.json index 01205296f..52e25ff42 100644 --- a/app/controlplane/api/gen/jsonschema/attestation.v1.Attestation.jsonschema.json +++ b/app/controlplane/api/gen/jsonschema/attestation.v1.Attestation.jsonschema.json @@ -11,6 +11,10 @@ "description": "bypass policy check", "type": "boolean" }, + "^(cas_backend)$": { + "$ref": "attestation.v1.Attestation.CASBackend.jsonschema.json", + "description": "CAS backend information used during attestation" + }, "^(env_vars)$": { "additionalProperties": { "type": "string" @@ -100,6 +104,10 @@ "description": "bypass policy check", "type": "boolean" }, + "casBackend": { + "$ref": "attestation.v1.Attestation.CASBackend.jsonschema.json", + "description": "CAS backend information used during attestation" + }, "envVars": { "additionalProperties": { "type": "string" diff --git a/app/controlplane/api/gen/jsonschema/attestation.v1.Attestation.schema.json b/app/controlplane/api/gen/jsonschema/attestation.v1.Attestation.schema.json index adb1c1b92..a63621a89 100644 --- a/app/controlplane/api/gen/jsonschema/attestation.v1.Attestation.schema.json +++ b/app/controlplane/api/gen/jsonschema/attestation.v1.Attestation.schema.json @@ -11,6 +11,10 @@ "description": "bypass policy check", "type": "boolean" }, + "^(casBackend)$": { + "$ref": "attestation.v1.Attestation.CASBackend.schema.json", + "description": "CAS backend information used during attestation" + }, "^(envVars)$": { "additionalProperties": { "type": "string" @@ -100,6 +104,10 @@ "description": "bypass policy check", "type": "boolean" }, + "cas_backend": { + "$ref": "attestation.v1.Attestation.CASBackend.schema.json", + "description": "CAS backend information used during attestation" + }, "env_vars": { "additionalProperties": { "type": "string" diff --git a/app/controlplane/api/gen/jsonschema/controlplane.v1.CASBackendItem.jsonschema.json b/app/controlplane/api/gen/jsonschema/controlplane.v1.CASBackendItem.jsonschema.json index 48ed1c727..84c6561c5 100644 --- a/app/controlplane/api/gen/jsonschema/controlplane.v1.CASBackendItem.jsonschema.json +++ b/app/controlplane/api/gen/jsonschema/controlplane.v1.CASBackendItem.jsonschema.json @@ -50,6 +50,10 @@ "description": { "type": "string" }, + "fallback": { + "description": "Wether it's the fallback backend in the organization", + "type": "boolean" + }, "id": { "type": "string" }, diff --git a/app/controlplane/api/gen/jsonschema/controlplane.v1.CASBackendItem.schema.json b/app/controlplane/api/gen/jsonschema/controlplane.v1.CASBackendItem.schema.json index 159678404..9860a549d 100644 --- a/app/controlplane/api/gen/jsonschema/controlplane.v1.CASBackendItem.schema.json +++ b/app/controlplane/api/gen/jsonschema/controlplane.v1.CASBackendItem.schema.json @@ -50,6 +50,10 @@ "description": { "type": "string" }, + "fallback": { + "description": "Wether it's the fallback backend in the organization", + "type": "boolean" + }, "id": { "type": "string" }, diff --git a/app/controlplane/internal/service/casbackend.go b/app/controlplane/internal/service/casbackend.go index 40f4df2a7..e31d69a02 100644 --- a/app/controlplane/internal/service/casbackend.go +++ b/app/controlplane/internal/service/casbackend.go @@ -202,6 +202,7 @@ func bizCASBackendToPb(in *biz.CASBackend) *pb.CASBackendItem { Provider: string(in.Provider), Default: in.Default, IsInline: in.Inline, + Fallback: in.Fallback, } if in.Limits != nil { diff --git a/pkg/attestation/crafter/api/attestation/v1/crafting_state.pb.go b/pkg/attestation/crafter/api/attestation/v1/crafting_state.pb.go index 3ec895e1a..2ac819378 100644 --- a/pkg/attestation/crafter/api/attestation/v1/crafting_state.pb.go +++ b/pkg/attestation/crafter/api/attestation/v1/crafting_state.pb.go @@ -121,8 +121,10 @@ type Attestation struct { Auth *Attestation_Auth `protobuf:"bytes,17,opt,name=auth,proto3" json:"auth,omitempty"` // array of hostnames that are allowed to be used in the policies PoliciesAllowedHostnames []string `protobuf:"bytes,18,rep,name=policies_allowed_hostnames,json=policiesAllowedHostnames,proto3" json:"policies_allowed_hostnames,omitempty"` - unknownFields protoimpl.UnknownFields - sizeCache protoimpl.SizeCache + // CAS backend information used during attestation + CasBackend *Attestation_CASBackend `protobuf:"bytes,19,opt,name=cas_backend,json=casBackend,proto3" json:"cas_backend,omitempty"` + unknownFields protoimpl.UnknownFields + sizeCache protoimpl.SizeCache } func (x *Attestation) Reset() { @@ -267,6 +269,13 @@ func (x *Attestation) GetPoliciesAllowedHostnames() []string { return nil } +func (x *Attestation) GetCasBackend() *Attestation_CASBackend { + if x != nil { + return x.CasBackend + } + return nil +} + // The runner environment in which the attestation was crafted type RunnerEnvironment struct { state protoimpl.MessageState `protogen:"open.v1"` @@ -1269,6 +1278,69 @@ func (x *Attestation_Auth) GetId() string { return "" } +type Attestation_CASBackend struct { + state protoimpl.MessageState `protogen:"open.v1"` + // UUID of the CAS backend + CasBackendId string `protobuf:"bytes,1,opt,name=cas_backend_id,json=casBackendId,proto3" json:"cas_backend_id,omitempty"` + // Name of the CAS backend + CasBackendName string `protobuf:"bytes,2,opt,name=cas_backend_name,json=casBackendName,proto3" json:"cas_backend_name,omitempty"` + // Whether this is a fallback backend + Fallback bool `protobuf:"varint,3,opt,name=fallback,proto3" json:"fallback,omitempty"` + unknownFields protoimpl.UnknownFields + sizeCache protoimpl.SizeCache +} + +func (x *Attestation_CASBackend) Reset() { + *x = Attestation_CASBackend{} + mi := &file_attestation_v1_crafting_state_proto_msgTypes[13] + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + ms.StoreMessageInfo(mi) +} + +func (x *Attestation_CASBackend) String() string { + return protoimpl.X.MessageStringOf(x) +} + +func (*Attestation_CASBackend) ProtoMessage() {} + +func (x *Attestation_CASBackend) ProtoReflect() protoreflect.Message { + mi := &file_attestation_v1_crafting_state_proto_msgTypes[13] + if x != nil { + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + if ms.LoadMessageInfo() == nil { + ms.StoreMessageInfo(mi) + } + return ms + } + return mi.MessageOf(x) +} + +// Deprecated: Use Attestation_CASBackend.ProtoReflect.Descriptor instead. +func (*Attestation_CASBackend) Descriptor() ([]byte, []int) { + return file_attestation_v1_crafting_state_proto_rawDescGZIP(), []int{0, 5} +} + +func (x *Attestation_CASBackend) GetCasBackendId() string { + if x != nil { + return x.CasBackendId + } + return "" +} + +func (x *Attestation_CASBackend) GetCasBackendName() string { + if x != nil { + return x.CasBackendName + } + return "" +} + +func (x *Attestation_CASBackend) GetFallback() bool { + if x != nil { + return x.Fallback + } + return false +} + type Attestation_SigningOptions struct { state protoimpl.MessageState `protogen:"open.v1"` // TSA URL @@ -1281,7 +1353,7 @@ type Attestation_SigningOptions struct { func (x *Attestation_SigningOptions) Reset() { *x = Attestation_SigningOptions{} - mi := &file_attestation_v1_crafting_state_proto_msgTypes[13] + mi := &file_attestation_v1_crafting_state_proto_msgTypes[14] ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) ms.StoreMessageInfo(mi) } @@ -1293,7 +1365,7 @@ func (x *Attestation_SigningOptions) String() string { func (*Attestation_SigningOptions) ProtoMessage() {} func (x *Attestation_SigningOptions) ProtoReflect() protoreflect.Message { - mi := &file_attestation_v1_crafting_state_proto_msgTypes[13] + mi := &file_attestation_v1_crafting_state_proto_msgTypes[14] if x != nil { ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) if ms.LoadMessageInfo() == nil { @@ -1306,7 +1378,7 @@ func (x *Attestation_SigningOptions) ProtoReflect() protoreflect.Message { // Deprecated: Use Attestation_SigningOptions.ProtoReflect.Descriptor instead. func (*Attestation_SigningOptions) Descriptor() ([]byte, []int) { - return file_attestation_v1_crafting_state_proto_rawDescGZIP(), []int{0, 5} + return file_attestation_v1_crafting_state_proto_rawDescGZIP(), []int{0, 6} } func (x *Attestation_SigningOptions) GetTimestampAuthorityUrl() string { @@ -1338,7 +1410,7 @@ type Attestation_Material_KeyVal struct { func (x *Attestation_Material_KeyVal) Reset() { *x = Attestation_Material_KeyVal{} - mi := &file_attestation_v1_crafting_state_proto_msgTypes[15] + mi := &file_attestation_v1_crafting_state_proto_msgTypes[16] ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) ms.StoreMessageInfo(mi) } @@ -1350,7 +1422,7 @@ func (x *Attestation_Material_KeyVal) String() string { func (*Attestation_Material_KeyVal) ProtoMessage() {} func (x *Attestation_Material_KeyVal) ProtoReflect() protoreflect.Message { - mi := &file_attestation_v1_crafting_state_proto_msgTypes[15] + mi := &file_attestation_v1_crafting_state_proto_msgTypes[16] if x != nil { ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) if ms.LoadMessageInfo() == nil { @@ -1416,7 +1488,7 @@ type Attestation_Material_ContainerImage struct { func (x *Attestation_Material_ContainerImage) Reset() { *x = Attestation_Material_ContainerImage{} - mi := &file_attestation_v1_crafting_state_proto_msgTypes[16] + mi := &file_attestation_v1_crafting_state_proto_msgTypes[17] ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) ms.StoreMessageInfo(mi) } @@ -1428,7 +1500,7 @@ func (x *Attestation_Material_ContainerImage) String() string { func (*Attestation_Material_ContainerImage) ProtoMessage() {} func (x *Attestation_Material_ContainerImage) ProtoReflect() protoreflect.Message { - mi := &file_attestation_v1_crafting_state_proto_msgTypes[16] + mi := &file_attestation_v1_crafting_state_proto_msgTypes[17] if x != nil { ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) if ms.LoadMessageInfo() == nil { @@ -1530,7 +1602,7 @@ type Attestation_Material_Artifact struct { func (x *Attestation_Material_Artifact) Reset() { *x = Attestation_Material_Artifact{} - mi := &file_attestation_v1_crafting_state_proto_msgTypes[17] + mi := &file_attestation_v1_crafting_state_proto_msgTypes[18] ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) ms.StoreMessageInfo(mi) } @@ -1542,7 +1614,7 @@ func (x *Attestation_Material_Artifact) String() string { func (*Attestation_Material_Artifact) ProtoMessage() {} func (x *Attestation_Material_Artifact) ProtoReflect() protoreflect.Message { - mi := &file_attestation_v1_crafting_state_proto_msgTypes[17] + mi := &file_attestation_v1_crafting_state_proto_msgTypes[18] if x != nil { ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) if ms.LoadMessageInfo() == nil { @@ -1606,7 +1678,7 @@ type Attestation_Material_SBOMArtifact struct { func (x *Attestation_Material_SBOMArtifact) Reset() { *x = Attestation_Material_SBOMArtifact{} - mi := &file_attestation_v1_crafting_state_proto_msgTypes[18] + mi := &file_attestation_v1_crafting_state_proto_msgTypes[19] ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) ms.StoreMessageInfo(mi) } @@ -1618,7 +1690,7 @@ func (x *Attestation_Material_SBOMArtifact) String() string { func (*Attestation_Material_SBOMArtifact) ProtoMessage() {} func (x *Attestation_Material_SBOMArtifact) ProtoReflect() protoreflect.Message { - mi := &file_attestation_v1_crafting_state_proto_msgTypes[18] + mi := &file_attestation_v1_crafting_state_proto_msgTypes[19] if x != nil { ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) if ms.LoadMessageInfo() == nil { @@ -1663,7 +1735,7 @@ type Attestation_Material_SBOMArtifact_MainComponent struct { func (x *Attestation_Material_SBOMArtifact_MainComponent) Reset() { *x = Attestation_Material_SBOMArtifact_MainComponent{} - mi := &file_attestation_v1_crafting_state_proto_msgTypes[19] + mi := &file_attestation_v1_crafting_state_proto_msgTypes[20] ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) ms.StoreMessageInfo(mi) } @@ -1675,7 +1747,7 @@ func (x *Attestation_Material_SBOMArtifact_MainComponent) String() string { func (*Attestation_Material_SBOMArtifact_MainComponent) ProtoMessage() {} func (x *Attestation_Material_SBOMArtifact_MainComponent) ProtoReflect() protoreflect.Message { - mi := &file_attestation_v1_crafting_state_proto_msgTypes[19] + mi := &file_attestation_v1_crafting_state_proto_msgTypes[20] if x != nil { ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) if ms.LoadMessageInfo() == nil { @@ -1722,7 +1794,7 @@ type PolicyEvaluation_Violation struct { func (x *PolicyEvaluation_Violation) Reset() { *x = PolicyEvaluation_Violation{} - mi := &file_attestation_v1_crafting_state_proto_msgTypes[22] + mi := &file_attestation_v1_crafting_state_proto_msgTypes[23] ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) ms.StoreMessageInfo(mi) } @@ -1734,7 +1806,7 @@ func (x *PolicyEvaluation_Violation) String() string { func (*PolicyEvaluation_Violation) ProtoMessage() {} func (x *PolicyEvaluation_Violation) ProtoReflect() protoreflect.Message { - mi := &file_attestation_v1_crafting_state_proto_msgTypes[22] + mi := &file_attestation_v1_crafting_state_proto_msgTypes[23] if x != nil { ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) if ms.LoadMessageInfo() == nil { @@ -1776,7 +1848,7 @@ type PolicyEvaluation_Reference struct { func (x *PolicyEvaluation_Reference) Reset() { *x = PolicyEvaluation_Reference{} - mi := &file_attestation_v1_crafting_state_proto_msgTypes[23] + mi := &file_attestation_v1_crafting_state_proto_msgTypes[24] ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) ms.StoreMessageInfo(mi) } @@ -1788,7 +1860,7 @@ func (x *PolicyEvaluation_Reference) String() string { func (*PolicyEvaluation_Reference) ProtoMessage() {} func (x *PolicyEvaluation_Reference) ProtoReflect() protoreflect.Message { - mi := &file_attestation_v1_crafting_state_proto_msgTypes[23] + mi := &file_attestation_v1_crafting_state_proto_msgTypes[24] if x != nil { ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) if ms.LoadMessageInfo() == nil { @@ -1844,7 +1916,7 @@ type PolicyEvaluation_RawResult struct { func (x *PolicyEvaluation_RawResult) Reset() { *x = PolicyEvaluation_RawResult{} - mi := &file_attestation_v1_crafting_state_proto_msgTypes[24] + mi := &file_attestation_v1_crafting_state_proto_msgTypes[25] ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) ms.StoreMessageInfo(mi) } @@ -1856,7 +1928,7 @@ func (x *PolicyEvaluation_RawResult) String() string { func (*PolicyEvaluation_RawResult) ProtoMessage() {} func (x *PolicyEvaluation_RawResult) ProtoReflect() protoreflect.Message { - mi := &file_attestation_v1_crafting_state_proto_msgTypes[24] + mi := &file_attestation_v1_crafting_state_proto_msgTypes[25] if x != nil { ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) if ms.LoadMessageInfo() == nil { @@ -1896,7 +1968,7 @@ type Commit_Remote struct { func (x *Commit_Remote) Reset() { *x = Commit_Remote{} - mi := &file_attestation_v1_crafting_state_proto_msgTypes[25] + mi := &file_attestation_v1_crafting_state_proto_msgTypes[26] ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) ms.StoreMessageInfo(mi) } @@ -1908,7 +1980,7 @@ func (x *Commit_Remote) String() string { func (*Commit_Remote) ProtoMessage() {} func (x *Commit_Remote) ProtoReflect() protoreflect.Message { - mi := &file_attestation_v1_crafting_state_proto_msgTypes[25] + mi := &file_attestation_v1_crafting_state_proto_msgTypes[26] if x != nil { ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) if ms.LoadMessageInfo() == nil { @@ -1942,7 +2014,7 @@ var File_attestation_v1_crafting_state_proto protoreflect.FileDescriptor const file_attestation_v1_crafting_state_proto_rawDesc = "" + "\n" + - "#attestation/v1/crafting_state.proto\x12\x0eattestation.v1\x1a\x1bbuf/validate/validate.proto\x1a\x1cgoogle/protobuf/struct.proto\x1a\x1fgoogle/protobuf/timestamp.proto\x1a\x1egoogle/protobuf/wrappers.proto\x1a)workflowcontract/v1/crafting_schema.proto\"\x87\x1a\n" + + "#attestation/v1/crafting_state.proto\x12\x0eattestation.v1\x1a\x1bbuf/validate/validate.proto\x1a\x1cgoogle/protobuf/struct.proto\x1a\x1fgoogle/protobuf/timestamp.proto\x1a\x1egoogle/protobuf/wrappers.proto\x1a)workflowcontract/v1/crafting_schema.proto\"\xdd\x1b\n" + "\vAttestation\x12I\n" + "\x0einitialized_at\x18\x01 \x01(\v2\x1a.google.protobuf.TimestampB\x06\xbaH\x03\xc8\x01\x01R\rinitializedAt\x12;\n" + "\vfinished_at\x18\x02 \x01(\v2\x1a.google.protobuf.TimestampR\n" + @@ -1963,7 +2035,9 @@ const file_attestation_v1_crafting_state_proto_rawDesc = "" + "\x0fsigning_options\x18\x0f \x01(\v2*.attestation.v1.Attestation.SigningOptionsR\x0esigningOptions\x12P\n" + "\x12runner_environment\x18\x10 \x01(\v2!.attestation.v1.RunnerEnvironmentR\x11runnerEnvironment\x124\n" + "\x04auth\x18\x11 \x01(\v2 .attestation.v1.Attestation.AuthR\x04auth\x12<\n" + - "\x1apolicies_allowed_hostnames\x18\x12 \x03(\tR\x18policiesAllowedHostnames\x1ab\n" + + "\x1apolicies_allowed_hostnames\x18\x12 \x03(\tR\x18policiesAllowedHostnames\x12G\n" + + "\vcas_backend\x18\x13 \x01(\v2&.attestation.v1.Attestation.CASBackendR\n" + + "casBackend\x1ab\n" + "\x0eMaterialsEntry\x12\x10\n" + "\x03key\x18\x01 \x01(\tR\x03key\x12:\n" + "\x05value\x18\x02 \x01(\v2$.attestation.v1.Attestation.MaterialR\x05value:\x028\x01\x1a>\n" + @@ -2028,7 +2102,12 @@ const file_attestation_v1_crafting_state_proto_rawDesc = "" + "\x15AUTH_TYPE_UNSPECIFIED\x10\x00\x12\x12\n" + "\x0eAUTH_TYPE_USER\x10\x01\x12\x17\n" + "\x13AUTH_TYPE_API_TOKEN\x10\x02\x12\x17\n" + - "\x13AUTH_TYPE_FEDERATED\x10\x03\x1ag\n" + + "\x13AUTH_TYPE_FEDERATED\x10\x03\x1a\x8a\x01\n" + + "\n" + + "CASBackend\x12-\n" + + "\x0ecas_backend_id\x18\x01 \x01(\tB\a\xbaH\x04r\x02\x10\x01R\fcasBackendId\x121\n" + + "\x10cas_backend_name\x18\x02 \x01(\tB\a\xbaH\x04r\x02\x10\x01R\x0ecasBackendName\x12\x1a\n" + + "\bfallback\x18\x03 \x01(\bR\bfallback\x1ag\n" + "\x0eSigningOptions\x126\n" + "\x17timestamp_authority_url\x18\x01 \x01(\tR\x15timestampAuthorityUrl\x12\x1d\n" + "\n" + @@ -2144,7 +2223,7 @@ func file_attestation_v1_crafting_state_proto_rawDescGZIP() []byte { } var file_attestation_v1_crafting_state_proto_enumTypes = make([]protoimpl.EnumInfo, 1) -var file_attestation_v1_crafting_state_proto_msgTypes = make([]protoimpl.MessageInfo, 27) +var file_attestation_v1_crafting_state_proto_msgTypes = make([]protoimpl.MessageInfo, 28) var file_attestation_v1_crafting_state_proto_goTypes = []any{ (Attestation_Auth_AuthType)(0), // 0: attestation.v1.Attestation.Auth.AuthType (*Attestation)(nil), // 1: attestation.v1.Attestation @@ -2160,74 +2239,76 @@ var file_attestation_v1_crafting_state_proto_goTypes = []any{ (*Attestation_Material)(nil), // 11: attestation.v1.Attestation.Material nil, // 12: attestation.v1.Attestation.EnvVarsEntry (*Attestation_Auth)(nil), // 13: attestation.v1.Attestation.Auth - (*Attestation_SigningOptions)(nil), // 14: attestation.v1.Attestation.SigningOptions - nil, // 15: attestation.v1.Attestation.Material.AnnotationsEntry - (*Attestation_Material_KeyVal)(nil), // 16: attestation.v1.Attestation.Material.KeyVal - (*Attestation_Material_ContainerImage)(nil), // 17: attestation.v1.Attestation.Material.ContainerImage - (*Attestation_Material_Artifact)(nil), // 18: attestation.v1.Attestation.Material.Artifact - (*Attestation_Material_SBOMArtifact)(nil), // 19: attestation.v1.Attestation.Material.SBOMArtifact - (*Attestation_Material_SBOMArtifact_MainComponent)(nil), // 20: attestation.v1.Attestation.Material.SBOMArtifact.MainComponent - nil, // 21: attestation.v1.PolicyEvaluation.AnnotationsEntry - nil, // 22: attestation.v1.PolicyEvaluation.WithEntry - (*PolicyEvaluation_Violation)(nil), // 23: attestation.v1.PolicyEvaluation.Violation - (*PolicyEvaluation_Reference)(nil), // 24: attestation.v1.PolicyEvaluation.Reference - (*PolicyEvaluation_RawResult)(nil), // 25: attestation.v1.PolicyEvaluation.RawResult - (*Commit_Remote)(nil), // 26: attestation.v1.Commit.Remote - nil, // 27: attestation.v1.ResourceDescriptor.DigestEntry - (*timestamppb.Timestamp)(nil), // 28: google.protobuf.Timestamp - (v1.CraftingSchema_Runner_RunnerType)(0), // 29: workflowcontract.v1.CraftingSchema.Runner.RunnerType - (v1.CraftingSchema_Material_MaterialType)(0), // 30: workflowcontract.v1.CraftingSchema.Material.MaterialType - (*v1.CraftingSchema)(nil), // 31: workflowcontract.v1.CraftingSchema - (*v1.CraftingSchemaV2)(nil), // 32: workflowcontract.v1.CraftingSchemaV2 - (*structpb.Struct)(nil), // 33: google.protobuf.Struct - (*wrapperspb.BoolValue)(nil), // 34: google.protobuf.BoolValue + (*Attestation_CASBackend)(nil), // 14: attestation.v1.Attestation.CASBackend + (*Attestation_SigningOptions)(nil), // 15: attestation.v1.Attestation.SigningOptions + nil, // 16: attestation.v1.Attestation.Material.AnnotationsEntry + (*Attestation_Material_KeyVal)(nil), // 17: attestation.v1.Attestation.Material.KeyVal + (*Attestation_Material_ContainerImage)(nil), // 18: attestation.v1.Attestation.Material.ContainerImage + (*Attestation_Material_Artifact)(nil), // 19: attestation.v1.Attestation.Material.Artifact + (*Attestation_Material_SBOMArtifact)(nil), // 20: attestation.v1.Attestation.Material.SBOMArtifact + (*Attestation_Material_SBOMArtifact_MainComponent)(nil), // 21: attestation.v1.Attestation.Material.SBOMArtifact.MainComponent + nil, // 22: attestation.v1.PolicyEvaluation.AnnotationsEntry + nil, // 23: attestation.v1.PolicyEvaluation.WithEntry + (*PolicyEvaluation_Violation)(nil), // 24: attestation.v1.PolicyEvaluation.Violation + (*PolicyEvaluation_Reference)(nil), // 25: attestation.v1.PolicyEvaluation.Reference + (*PolicyEvaluation_RawResult)(nil), // 26: attestation.v1.PolicyEvaluation.RawResult + (*Commit_Remote)(nil), // 27: attestation.v1.Commit.Remote + nil, // 28: attestation.v1.ResourceDescriptor.DigestEntry + (*timestamppb.Timestamp)(nil), // 29: google.protobuf.Timestamp + (v1.CraftingSchema_Runner_RunnerType)(0), // 30: workflowcontract.v1.CraftingSchema.Runner.RunnerType + (v1.CraftingSchema_Material_MaterialType)(0), // 31: workflowcontract.v1.CraftingSchema.Material.MaterialType + (*v1.CraftingSchema)(nil), // 32: workflowcontract.v1.CraftingSchema + (*v1.CraftingSchemaV2)(nil), // 33: workflowcontract.v1.CraftingSchemaV2 + (*structpb.Struct)(nil), // 34: google.protobuf.Struct + (*wrapperspb.BoolValue)(nil), // 35: google.protobuf.BoolValue } var file_attestation_v1_crafting_state_proto_depIdxs = []int32{ - 28, // 0: attestation.v1.Attestation.initialized_at:type_name -> google.protobuf.Timestamp - 28, // 1: attestation.v1.Attestation.finished_at:type_name -> google.protobuf.Timestamp + 29, // 0: attestation.v1.Attestation.initialized_at:type_name -> google.protobuf.Timestamp + 29, // 1: attestation.v1.Attestation.finished_at:type_name -> google.protobuf.Timestamp 6, // 2: attestation.v1.Attestation.workflow:type_name -> attestation.v1.WorkflowMetadata 9, // 3: attestation.v1.Attestation.materials:type_name -> attestation.v1.Attestation.MaterialsEntry 10, // 4: attestation.v1.Attestation.annotations:type_name -> attestation.v1.Attestation.AnnotationsEntry 12, // 5: attestation.v1.Attestation.env_vars:type_name -> attestation.v1.Attestation.EnvVarsEntry - 29, // 6: attestation.v1.Attestation.runner_type:type_name -> workflowcontract.v1.CraftingSchema.Runner.RunnerType + 30, // 6: attestation.v1.Attestation.runner_type:type_name -> workflowcontract.v1.CraftingSchema.Runner.RunnerType 4, // 7: attestation.v1.Attestation.head:type_name -> attestation.v1.Commit 3, // 8: attestation.v1.Attestation.policy_evaluations:type_name -> attestation.v1.PolicyEvaluation - 14, // 9: attestation.v1.Attestation.signing_options:type_name -> attestation.v1.Attestation.SigningOptions + 15, // 9: attestation.v1.Attestation.signing_options:type_name -> attestation.v1.Attestation.SigningOptions 2, // 10: attestation.v1.Attestation.runner_environment:type_name -> attestation.v1.RunnerEnvironment 13, // 11: attestation.v1.Attestation.auth:type_name -> attestation.v1.Attestation.Auth - 29, // 12: attestation.v1.RunnerEnvironment.type:type_name -> workflowcontract.v1.CraftingSchema.Runner.RunnerType - 21, // 13: attestation.v1.PolicyEvaluation.annotations:type_name -> attestation.v1.PolicyEvaluation.AnnotationsEntry - 23, // 14: attestation.v1.PolicyEvaluation.violations:type_name -> attestation.v1.PolicyEvaluation.Violation - 22, // 15: attestation.v1.PolicyEvaluation.with:type_name -> attestation.v1.PolicyEvaluation.WithEntry - 30, // 16: attestation.v1.PolicyEvaluation.type:type_name -> workflowcontract.v1.CraftingSchema.Material.MaterialType - 24, // 17: attestation.v1.PolicyEvaluation.policy_reference:type_name -> attestation.v1.PolicyEvaluation.Reference - 24, // 18: attestation.v1.PolicyEvaluation.group_reference:type_name -> attestation.v1.PolicyEvaluation.Reference - 25, // 19: attestation.v1.PolicyEvaluation.raw_results:type_name -> attestation.v1.PolicyEvaluation.RawResult - 28, // 20: attestation.v1.Commit.date:type_name -> google.protobuf.Timestamp - 26, // 21: attestation.v1.Commit.remotes:type_name -> attestation.v1.Commit.Remote - 31, // 22: attestation.v1.CraftingState.input_schema:type_name -> workflowcontract.v1.CraftingSchema - 32, // 23: attestation.v1.CraftingState.schema_v2:type_name -> workflowcontract.v1.CraftingSchemaV2 - 1, // 24: attestation.v1.CraftingState.attestation:type_name -> attestation.v1.Attestation - 7, // 25: attestation.v1.WorkflowMetadata.version:type_name -> attestation.v1.ProjectVersion - 27, // 26: attestation.v1.ResourceDescriptor.digest:type_name -> attestation.v1.ResourceDescriptor.DigestEntry - 33, // 27: attestation.v1.ResourceDescriptor.annotations:type_name -> google.protobuf.Struct - 11, // 28: attestation.v1.Attestation.MaterialsEntry.value:type_name -> attestation.v1.Attestation.Material - 16, // 29: attestation.v1.Attestation.Material.string:type_name -> attestation.v1.Attestation.Material.KeyVal - 17, // 30: attestation.v1.Attestation.Material.container_image:type_name -> attestation.v1.Attestation.Material.ContainerImage - 18, // 31: attestation.v1.Attestation.Material.artifact:type_name -> attestation.v1.Attestation.Material.Artifact - 19, // 32: attestation.v1.Attestation.Material.sbom_artifact:type_name -> attestation.v1.Attestation.Material.SBOMArtifact - 28, // 33: attestation.v1.Attestation.Material.added_at:type_name -> google.protobuf.Timestamp - 30, // 34: attestation.v1.Attestation.Material.material_type:type_name -> workflowcontract.v1.CraftingSchema.Material.MaterialType - 15, // 35: attestation.v1.Attestation.Material.annotations:type_name -> attestation.v1.Attestation.Material.AnnotationsEntry - 0, // 36: attestation.v1.Attestation.Auth.type:type_name -> attestation.v1.Attestation.Auth.AuthType - 34, // 37: attestation.v1.Attestation.Material.ContainerImage.has_latest_tag:type_name -> google.protobuf.BoolValue - 18, // 38: attestation.v1.Attestation.Material.SBOMArtifact.artifact:type_name -> attestation.v1.Attestation.Material.Artifact - 20, // 39: attestation.v1.Attestation.Material.SBOMArtifact.main_component:type_name -> attestation.v1.Attestation.Material.SBOMArtifact.MainComponent - 40, // [40:40] is the sub-list for method output_type - 40, // [40:40] is the sub-list for method input_type - 40, // [40:40] is the sub-list for extension type_name - 40, // [40:40] is the sub-list for extension extendee - 0, // [0:40] is the sub-list for field type_name + 14, // 12: attestation.v1.Attestation.cas_backend:type_name -> attestation.v1.Attestation.CASBackend + 30, // 13: attestation.v1.RunnerEnvironment.type:type_name -> workflowcontract.v1.CraftingSchema.Runner.RunnerType + 22, // 14: attestation.v1.PolicyEvaluation.annotations:type_name -> attestation.v1.PolicyEvaluation.AnnotationsEntry + 24, // 15: attestation.v1.PolicyEvaluation.violations:type_name -> attestation.v1.PolicyEvaluation.Violation + 23, // 16: attestation.v1.PolicyEvaluation.with:type_name -> attestation.v1.PolicyEvaluation.WithEntry + 31, // 17: attestation.v1.PolicyEvaluation.type:type_name -> workflowcontract.v1.CraftingSchema.Material.MaterialType + 25, // 18: attestation.v1.PolicyEvaluation.policy_reference:type_name -> attestation.v1.PolicyEvaluation.Reference + 25, // 19: attestation.v1.PolicyEvaluation.group_reference:type_name -> attestation.v1.PolicyEvaluation.Reference + 26, // 20: attestation.v1.PolicyEvaluation.raw_results:type_name -> attestation.v1.PolicyEvaluation.RawResult + 29, // 21: attestation.v1.Commit.date:type_name -> google.protobuf.Timestamp + 27, // 22: attestation.v1.Commit.remotes:type_name -> attestation.v1.Commit.Remote + 32, // 23: attestation.v1.CraftingState.input_schema:type_name -> workflowcontract.v1.CraftingSchema + 33, // 24: attestation.v1.CraftingState.schema_v2:type_name -> workflowcontract.v1.CraftingSchemaV2 + 1, // 25: attestation.v1.CraftingState.attestation:type_name -> attestation.v1.Attestation + 7, // 26: attestation.v1.WorkflowMetadata.version:type_name -> attestation.v1.ProjectVersion + 28, // 27: attestation.v1.ResourceDescriptor.digest:type_name -> attestation.v1.ResourceDescriptor.DigestEntry + 34, // 28: attestation.v1.ResourceDescriptor.annotations:type_name -> google.protobuf.Struct + 11, // 29: attestation.v1.Attestation.MaterialsEntry.value:type_name -> attestation.v1.Attestation.Material + 17, // 30: attestation.v1.Attestation.Material.string:type_name -> attestation.v1.Attestation.Material.KeyVal + 18, // 31: attestation.v1.Attestation.Material.container_image:type_name -> attestation.v1.Attestation.Material.ContainerImage + 19, // 32: attestation.v1.Attestation.Material.artifact:type_name -> attestation.v1.Attestation.Material.Artifact + 20, // 33: attestation.v1.Attestation.Material.sbom_artifact:type_name -> attestation.v1.Attestation.Material.SBOMArtifact + 29, // 34: attestation.v1.Attestation.Material.added_at:type_name -> google.protobuf.Timestamp + 31, // 35: attestation.v1.Attestation.Material.material_type:type_name -> workflowcontract.v1.CraftingSchema.Material.MaterialType + 16, // 36: attestation.v1.Attestation.Material.annotations:type_name -> attestation.v1.Attestation.Material.AnnotationsEntry + 0, // 37: attestation.v1.Attestation.Auth.type:type_name -> attestation.v1.Attestation.Auth.AuthType + 35, // 38: attestation.v1.Attestation.Material.ContainerImage.has_latest_tag:type_name -> google.protobuf.BoolValue + 19, // 39: attestation.v1.Attestation.Material.SBOMArtifact.artifact:type_name -> attestation.v1.Attestation.Material.Artifact + 21, // 40: attestation.v1.Attestation.Material.SBOMArtifact.main_component:type_name -> attestation.v1.Attestation.Material.SBOMArtifact.MainComponent + 41, // [41:41] is the sub-list for method output_type + 41, // [41:41] is the sub-list for method input_type + 41, // [41:41] is the sub-list for extension type_name + 41, // [41:41] is the sub-list for extension extendee + 0, // [0:41] is the sub-list for field type_name } func init() { file_attestation_v1_crafting_state_proto_init() } @@ -2251,7 +2332,7 @@ func file_attestation_v1_crafting_state_proto_init() { GoPackagePath: reflect.TypeOf(x{}).PkgPath(), RawDescriptor: unsafe.Slice(unsafe.StringData(file_attestation_v1_crafting_state_proto_rawDesc), len(file_attestation_v1_crafting_state_proto_rawDesc)), NumEnums: 1, - NumMessages: 27, + NumMessages: 28, NumExtensions: 0, NumServices: 0, }, diff --git a/pkg/attestation/crafter/api/attestation/v1/crafting_state.proto b/pkg/attestation/crafter/api/attestation/v1/crafting_state.proto index 51ff9106a..f9710ffe0 100644 --- a/pkg/attestation/crafter/api/attestation/v1/crafting_state.proto +++ b/pkg/attestation/crafter/api/attestation/v1/crafting_state.proto @@ -159,6 +159,9 @@ message Attestation { // array of hostnames that are allowed to be used in the policies repeated string policies_allowed_hostnames = 18; + // CAS backend information used during attestation + CASBackend cas_backend = 19; + message Auth { AuthType type = 1 [(buf.validate.field).enum = { not_in: [0] @@ -174,6 +177,15 @@ message Attestation { } } + message CASBackend { + // UUID of the CAS backend + string cas_backend_id = 1 [(buf.validate.field).string = {min_len: 1}]; + // Name of the CAS backend + string cas_backend_name = 2 [(buf.validate.field).string = {min_len: 1}]; + // Whether this is a fallback backend + bool fallback = 3; + } + message SigningOptions { // TSA URL string timestamp_authority_url = 1; diff --git a/pkg/attestation/crafter/crafter.go b/pkg/attestation/crafter/crafter.go index ab31913f9..ca06e6cd4 100644 --- a/pkg/attestation/crafter/crafter.go +++ b/pkg/attestation/crafter/crafter.go @@ -166,6 +166,8 @@ type InitOpts struct { Auth *api.Attestation_Auth // array of hostnames that are allowed to be used in the policies PoliciesAllowedHostnames []string + // CAS backend information + CASBackend *api.Attestation_CASBackend } type SigningOpts struct { @@ -400,6 +402,7 @@ func initialCraftingState(cwd string, opts *InitOpts) (*api.CraftingState, error }, Auth: opts.Auth, PoliciesAllowedHostnames: opts.PoliciesAllowedHostnames, + CasBackend: opts.CASBackend, }, DryRun: opts.DryRun, } diff --git a/pkg/attestation/renderer/chainloop/chainloop.go b/pkg/attestation/renderer/chainloop/chainloop.go index 2c145c57c..c06ed95ad 100644 --- a/pkg/attestation/renderer/chainloop/chainloop.go +++ b/pkg/attestation/renderer/chainloop/chainloop.go @@ -104,10 +104,11 @@ type ProvenancePredicateCommon struct { // Custom annotations Annotations map[string]string `json:"annotations,omitempty"` // Additional properties related to runner - RunnerEnvironment string `json:"runnerEnvironment,omitempty"` - RunnerAuthenticated bool `json:"runnerAuthenticated,omitempty"` - RunnerWorkflowFilePath string `json:"runnerWorkflowFilePath,omitempty"` - Auth *Auth `json:"auth,omitempty"` + RunnerEnvironment string `json:"runnerEnvironment,omitempty"` + RunnerAuthenticated bool `json:"runnerAuthenticated,omitempty"` + RunnerWorkflowFilePath string `json:"runnerWorkflowFilePath,omitempty"` + Auth *Auth `json:"auth,omitempty"` + CASBackend *CASBackend `json:"casBackend,omitempty"` } type Metadata struct { @@ -136,6 +137,12 @@ type Auth struct { Type string `json:"type"` } +type CASBackend struct { + CASBackendID string `json:"casBackendId"` + CASBackendName string `json:"casBackendName"` + Fallback bool `json:"fallback"` +} + type builderInfo struct { version, digest string } @@ -156,6 +163,7 @@ func predicateCommon(builderInfo *builderInfo, att *v1.Attestation) *ProvenanceP authenticated bool workflowFilePath string auth *Auth + casBackend *CASBackend ) if att.RunnerEnvironment != nil { @@ -171,6 +179,14 @@ func predicateCommon(builderInfo *builderInfo, att *v1.Attestation) *ProvenanceP } } + if att.CasBackend != nil { + casBackend = &CASBackend{ + CASBackendID: att.CasBackend.CasBackendId, + CASBackendName: att.CasBackend.CasBackendName, + Fallback: att.CasBackend.Fallback, + } + } + return &ProvenancePredicateCommon{ BuildType: chainloopBuildType, Builder: &builder{ID: fmt.Sprintf(builderIDFmt, builderInfo.version, builderInfo.digest)}, @@ -183,6 +199,7 @@ func predicateCommon(builderInfo *builderInfo, att *v1.Attestation) *ProvenanceP RunnerAuthenticated: authenticated, RunnerWorkflowFilePath: workflowFilePath, Auth: auth, + CASBackend: casBackend, } }