From 9aed8c4aff9c2a8de44c8bf63238cbaa5d4e60bf Mon Sep 17 00:00:00 2001 From: Rob Best Date: Tue, 17 May 2022 15:37:30 +0100 Subject: [PATCH] tree: only report artifacts that are present (#1872) * tree: only report artifacts that are present We were adding entries for artifacts, regardless of whether that artifact was present or had any layers. I think the expectation of the user would be for this command to show only the artifacts that actually exist. Signed-off-by: Rob Best * tree: tweak reference checking We're already fetching the references and using them in the map, so might as well check those when we come to print them out. Use the SBOM suffix from ociremote rather than redefining it. Signed-off-by: Rob Best --- cmd/cosign/cli/tree.go | 38 ++++++++++++++------------------------ 1 file changed, 14 insertions(+), 24 deletions(-) diff --git a/cmd/cosign/cli/tree.go b/cmd/cosign/cli/tree.go index abbdc59afb5..b19acbdf09f 100644 --- a/cmd/cosign/cli/tree.go +++ b/cmd/cosign/cli/tree.go @@ -19,7 +19,6 @@ import ( "context" "fmt" "os" - "strings" v1 "github.com/google/go-containerregistry/pkg/v1" @@ -47,12 +46,6 @@ func Tree() *cobra.Command { return cmd } -const ( - SignatureTagSuffix = ".sig" - SBOMTagSuffix = ".sbom" - AttestationTagSuffix = ".att" -) - func TreeCmd(ctx context.Context, regOpts options.RegistryOptions, imageRef string) error { scsaMap := map[name.Tag][]v1.Layer{} ref, err := name.ParseReference(imageRef) @@ -79,51 +72,48 @@ func TreeCmd(ctx context.Context, regOpts options.RegistryOptions, imageRef stri } atts, err := simg.Attestations() - var attLayers []v1.Layer if err == nil { layers, err := atts.Layers() if err != nil { return err } - attLayers = append(attLayers, layers...) + if len(layers) > 0 { + scsaMap[attRef] = layers + } } - scsaMap[attRef] = attLayers - sigRef, err := ociremote.SignatureTag(ref, ociremote.WithRemoteOptions(registryClientOpts...)) if err != nil { return err } sigs, err := simg.Signatures() - var sigLayers []v1.Layer if err == nil { layers, err := sigs.Layers() if err != nil { return err } - sigLayers = append(sigLayers, layers...) + if len(layers) > 0 { + scsaMap[sigRef] = layers + } } - scsaMap[sigRef] = sigLayers - sbomRef, err := ociremote.SBOMTag(ref, ociremote.WithRemoteOptions(registryClientOpts...)) if err != nil { return err } - sbombs, err := simg.Attachment("sbom") - var sbomLayers []v1.Layer + sbombs, err := simg.Attachment(ociremote.SBOMTagSuffix) if err == nil { layers, err := sbombs.Layers() if err != nil { return err } - sbomLayers = append(sbomLayers, layers...) + if len(layers) > 0 { + scsaMap[sbomRef] = layers + } } - scsaMap[sbomRef] = sbomLayers - if len(scsaMap) == 0 { fmt.Fprintf(os.Stdout, "No Supply Chain Security Related Artifacts artifacts found for image %s\n, start creating one with simply running"+ "$ COSIGN_EXPERIMENTAL=1 cosign sign ", ref.String()) @@ -131,12 +121,12 @@ func TreeCmd(ctx context.Context, regOpts options.RegistryOptions, imageRef stri } for t, k := range scsaMap { - switch { - case strings.HasSuffix(t.TagStr(), SignatureTagSuffix): + switch t { + case sigRef: fmt.Fprintf(os.Stdout, "└── 🔐 Signatures for an image tag: %s\n", t.String()) - case strings.HasSuffix(t.TagStr(), SBOMTagSuffix): + case sbomRef: fmt.Fprintf(os.Stdout, "└── 📦 SBOMs for an image tag: %s\n", t.String()) - case strings.HasSuffix(t.TagStr(), AttestationTagSuffix): + case attRef: fmt.Fprintf(os.Stdout, "└── 💾 Attestations for an image tag: %s\n", t.String()) }