Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

feat: validate plugin name on CR create #1265

Merged
merged 21 commits into from
Jan 30, 2024
Merged
Show file tree
Hide file tree
Changes from 20 commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
3 changes: 2 additions & 1 deletion .vscode/launch.json
Original file line number Diff line number Diff line change
Expand Up @@ -46,7 +46,8 @@
"program": "${workspaceFolder}/cmd/ratify",
"env": {
"RATIFY_LOG_LEVEL": "debug",
"RATIFY_EXPERIMENTAL_DYNAMIC_PLUGINS": "1"
"RATIFY_EXPERIMENTAL_DYNAMIC_PLUGINS": "1",
"RATIFY_NAMESPACE": "gatekeeper-system",
},
"args": [
"serve",
Expand Down
1 change: 1 addition & 0 deletions Makefile
Original file line number Diff line number Diff line change
Expand Up @@ -82,6 +82,7 @@ build-plugins:
go build -cover -coverpkg=github.com/deislabs/ratify/plugins/verifier/cosign/... -o ./bin/plugins/ ./plugins/verifier/cosign
go build -cover -coverpkg=github.com/deislabs/ratify/plugins/verifier/licensechecker/... -o ./bin/plugins/ ./plugins/verifier/licensechecker
go build -cover -coverpkg=github.com/deislabs/ratify/plugins/verifier/sample/... -o ./bin/plugins/ ./plugins/verifier/sample
go build -cover -coverpkg=github.com/deislabs/ratify/plugins/referrerstore/sample/... -o ./bin/plugins/referrerstore/ ./plugins/referrerstore/sample
go build -cover -coverpkg=github.com/deislabs/ratify/plugins/verifier/sbom/... -o ./bin/plugins/ ./plugins/verifier/sbom
go build -cover -coverpkg=github.com/deislabs/ratify/plugins/verifier/schemavalidator/... -o ./bin/plugins/ ./plugins/verifier/schemavalidator
go build -cover -coverpkg=github.com/deislabs/ratify/plugins/verifier/vulnerabilityreport/... -o ./bin/plugins/ ./plugins/verifier/vulnerabilityreport
Expand Down
14 changes: 13 additions & 1 deletion api/v1beta1/store_types.go
Original file line number Diff line number Diff line change
Expand Up @@ -41,12 +41,24 @@ type StoreSpec struct {

// StoreStatus defines the observed state of Store
type StoreStatus struct {
// Important: Run "make" to regenerate code after modifying this file
// Important: Run "make install-crds" to regenerate code after modifying this file

// Is successful in finding the plugin
IsSuccess bool `json:"issuccess"`
// Error message if operation was unsuccessful
// +optional
Error string `json:"error,omitempty"`
// Truncated error message if the message is too long
// +optional
BriefError string `json:"brieferror,omitempty"`
}

// +kubebuilder:object:root=true
// +kubebuilder:resource:scope="Cluster"
// +kubebuilder:subresource:status
// +kubebuilder:storageversion
// +kubebuilder:printcolumn:name="IsSuccess",type=boolean,JSONPath=`.status.issuccess`
// +kubebuilder:printcolumn:name="Error",type=string,JSONPath=`.status.brieferror`
// Store is the Schema for the stores API
type Store struct {
metav1.TypeMeta `json:",inline"`
Expand Down
14 changes: 13 additions & 1 deletion api/v1beta1/verifier_types.go
Original file line number Diff line number Diff line change
Expand Up @@ -48,12 +48,24 @@ type VerifierSpec struct {
// VerifierStatus defines the observed state of Verifier
type VerifierStatus struct {
// INSERT ADDITIONAL STATUS FIELD - define observed state of cluster
// Important: Run "make" to regenerate code after modifying this file
// Important: Run "make install-crds" to regenerate code after modifying this file

// Is successful in finding the plugin
IsSuccess bool `json:"issuccess"`
// Error message if operation was unsuccessful
// +optional
Error string `json:"error,omitempty"`
// Truncated error message if the message is too long
// +optional
BriefError string `json:"brieferror,omitempty"`
}

// +kubebuilder:object:root=true
// +kubebuilder:resource:scope="Cluster"
// +kubebuilder:subresource:status
// +kubebuilder:storageversion
// +kubebuilder:printcolumn:name="IsSuccess",type=boolean,JSONPath=`.status.issuccess`
// +kubebuilder:printcolumn:name="Error",type=string,JSONPath=`.status.brieferror`
// Verifier is the Schema for the verifiers API
type Verifier struct {
metav1.TypeMeta `json:",inline"`
Expand Down
27 changes: 24 additions & 3 deletions charts/ratify/crds/store-customresourcedefinition.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -66,7 +66,14 @@ spec:
type: object
served: true
storage: false
- name: v1beta1
- additionalPrinterColumns:
- jsonPath: .status.issuccess
name: IsSuccess
type: boolean
- jsonPath: .status.brieferror
name: Error
type: string
name: v1beta1
schema:
openAPIV3Schema:
description: Store is the Schema for the stores API
Expand Down Expand Up @@ -94,7 +101,7 @@ spec:
type: string
version:
description: Version of the store plugin. Optional
type: string
type: string
parameters:
description: Parameters of the store
type: object
Expand All @@ -110,13 +117,27 @@ spec:
source, optional
type: object
x-kubernetes-preserve-unknown-fields: true
type: object
type: object
required:
- name
type: object
status:
description: StoreStatus defines the observed state of Store
properties:
brieferror:
description: Truncated error message if the message is too long
type: string
error:
description: Error message if operation was unsuccessful
type: string
issuccess:
description: Is successful in finding the plugin
type: boolean
required:
- issuccess
type: object
type: object
served: true
storage: true
subresources:
status: {}
25 changes: 23 additions & 2 deletions charts/ratify/crds/verifier-customresourcedefinition.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -69,7 +69,14 @@ spec:
type: object
served: true
storage: false
- name: v1beta1
- additionalPrinterColumns:
- jsonPath: .status.issuccess
name: IsSuccess
type: boolean
- jsonPath: .status.brieferror
name: Error
type: string
name: v1beta1
schema:
openAPIV3Schema:
description: Verifier is the Schema for the verifiers API
Expand Down Expand Up @@ -100,7 +107,7 @@ spec:
type: string
version:
description: Version of the verifier plugin. Optional
type: string
type: string
parameters:
description: Parameters for this verifier
type: object
Expand All @@ -123,7 +130,21 @@ spec:
type: object
status:
description: VerifierStatus defines the observed state of Verifier
properties:
brieferror:
description: Truncated error message if the message is too long
type: string
error:
description: Error message if operation was unsuccessful
type: string
issuccess:
description: Is successful in finding the plugin
type: boolean
required:
- issuccess
type: object
type: object
served: true
storage: true
subresources:
status: {}
25 changes: 23 additions & 2 deletions config/crd/bases/config.ratify.deislabs.io_stores.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -67,7 +67,14 @@ spec:
type: object
served: true
storage: false
- name: v1beta1
- additionalPrinterColumns:
- jsonPath: .status.issuccess
name: IsSuccess
type: boolean
- jsonPath: .status.brieferror
name: Error
type: string
name: v1beta1
schema:
openAPIV3Schema:
description: Store is the Schema for the stores API
Expand Down Expand Up @@ -95,7 +102,7 @@ spec:
type: string
version:
description: Version of the store plugin. Optional
type: string
type: string
parameters:
description: Parameters of the store
type: object
Expand All @@ -117,7 +124,21 @@ spec:
type: object
status:
description: StoreStatus defines the observed state of Store
properties:
brieferror:
description: Truncated error message if the message is too long
type: string
error:
description: Error message if operation was unsuccessful
type: string
issuccess:
description: Is successful in finding the plugin
type: boolean
required:
- issuccess
type: object
type: object
served: true
storage: true
subresources:
status: {}
25 changes: 23 additions & 2 deletions config/crd/bases/config.ratify.deislabs.io_verifiers.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -70,7 +70,14 @@ spec:
type: object
served: true
storage: false
- name: v1beta1
- additionalPrinterColumns:
- jsonPath: .status.issuccess
name: IsSuccess
type: boolean
- jsonPath: .status.brieferror
name: Error
type: string
name: v1beta1
schema:
openAPIV3Schema:
description: Verifier is the Schema for the verifiers API
Expand Down Expand Up @@ -101,7 +108,7 @@ spec:
type: string
version:
description: Version of the verifier plugin. Optional
type: string
type: string
parameters:
description: Parameters for this verifier
type: object
Expand All @@ -124,7 +131,21 @@ spec:
type: object
status:
description: VerifierStatus defines the observed state of Verifier
properties:
brieferror:
description: Truncated error message if the message is too long
type: string
error:
description: Error message if operation was unsuccessful
type: string
issuccess:
description: Is successful in finding the plugin
type: boolean
required:
- issuccess
type: object
type: object
served: true
storage: true
subresources:
status: {}
8 changes: 8 additions & 0 deletions config/samples/config_v1beta1_store_dynamic.yaml
Original file line number Diff line number Diff line change
@@ -0,0 +1,8 @@
apiVersion: config.ratify.deislabs.io/v1beta1
kind: Store
metadata:
name: store-dynamic
spec:
name: dynamic
source:
artifact: wabbitnetworks.azurecr.io/test/sample-store-plugin:v1
4 changes: 3 additions & 1 deletion pkg/controllers/policy_controller.go
Original file line number Diff line number Diff line change
Expand Up @@ -88,6 +88,7 @@
return ctrl.Result{}, err
}

writePolicyStatus(ctx, r, &policy, policyLogger, true, "")

Check warning on line 91 in pkg/controllers/policy_controller.go

View check run for this annotation

Codecov / codecov/patch

pkg/controllers/policy_controller.go#L91

Added line #L91 was not covered by tests
return ctrl.Result{}, nil
}

Expand Down Expand Up @@ -159,13 +160,14 @@
updatePolicyErrorStatus(policy, errString)
}
if statusErr := r.Status().Update(ctx, policy); statusErr != nil {
logger.Error(statusErr, ", unbale to update policy error status")
logger.Error(statusErr, ", unable to update policy error status")
}
}

func updatePolicySuccessStatus(policy *configv1beta1.Policy) {
policy.Status.IsSuccess = true
policy.Status.Error = ""
policy.Status.BriefError = ""
}

func updatePolicyErrorStatus(policy *configv1beta1.Policy, errString string) {
Expand Down
21 changes: 21 additions & 0 deletions pkg/controllers/store_controller.go
Original file line number Diff line number Diff line change
Expand Up @@ -74,9 +74,12 @@

if err := storeAddOrReplace(store.Spec, resource); err != nil {
storeLogger.Error(err, "unable to create store from store crd")
writeStoreStatus(ctx, r, &store, storeLogger, false, err.Error())

Check warning on line 77 in pkg/controllers/store_controller.go

View check run for this annotation

Codecov / codecov/patch

pkg/controllers/store_controller.go#L77

Added line #L77 was not covered by tests
return ctrl.Result{}, err
}

writeStoreStatus(ctx, r, &store, storeLogger, true, "")

Check warning on line 82 in pkg/controllers/store_controller.go

View check run for this annotation

Codecov / codecov/patch

pkg/controllers/store_controller.go#L81-L82

Added lines #L81 - L82 were not covered by tests
// returning empty result and no error to indicate we’ve successfully reconciled this object
return ctrl.Result{}, nil
}
Expand Down Expand Up @@ -140,3 +143,21 @@

return storeConfig, nil
}

func writeStoreStatus(ctx context.Context, r client.StatusClient, store *configv1beta1.Store, logger *logrus.Entry, isSuccess bool, errorString string) {
if isSuccess {
store.Status.IsSuccess = true
store.Status.Error = ""
store.Status.BriefError = ""
} else {
store.Status.IsSuccess = false
store.Status.Error = errorString
if len(errorString) > maxBriefErrLength {
store.Status.BriefError = fmt.Sprintf("%s...", errorString[:maxBriefErrLength])
}
}

if statusErr := r.Status().Update(ctx, store); statusErr != nil {
logger.Error(statusErr, ",unable to update store error status")
}
}
Loading
Loading