add support for intersection and union search

sigstore · Aug 12, 2022 · 944d14f · 944d14f
1 parent 5019f3e
commit 944d14f
Show file tree

Hide file tree

Showing 7 changed files with 118 additions and 6 deletions.
diff --git a/Makefile.swagger b/Makefile.swagger
@@ -1,2 +1,2 @@
 # This file is generated after swagger runs as part of the build; do not edit!
-SWAGGER_GEN=pkg/generated/client/entries/create_log_entry_parameters.go pkg/generated/client/entries/create_log_entry_responses.go pkg/generated/client/entries/entries_client.go pkg/generated/client/entries/get_log_entry_by_index_parameters.go pkg/generated/client/entries/get_log_entry_by_index_responses.go pkg/generated/client/entries/get_log_entry_by_uuid_parameters.go pkg/generated/client/entries/get_log_entry_by_uuid_responses.go pkg/generated/client/entries/search_log_query_parameters.go pkg/generated/client/entries/search_log_query_responses.go pkg/generated/client/index/index_client.go pkg/generated/client/index/search_index_parameters.go pkg/generated/client/index/search_index_responses.go pkg/generated/client/pubkey/get_public_key_parameters.go pkg/generated/client/pubkey/get_public_key_responses.go pkg/generated/client/pubkey/pubkey_client.go pkg/generated/client/rekor_client.go pkg/generated/client/server/get_rekor_version_parameters.go pkg/generated/client/server/get_rekor_version_responses.go pkg/generated/client/server/server_client.go pkg/generated/client/tlog/get_log_info_parameters.go pkg/generated/client/tlog/get_log_info_responses.go pkg/generated/client/tlog/get_log_proof_parameters.go pkg/generated/client/tlog/get_log_proof_responses.go pkg/generated/client/tlog/tlog_client.go pkg/generated/models/alpine.go pkg/generated/models/alpine_schema.go pkg/generated/models/alpine_v001_schema.go pkg/generated/models/consistency_proof.go pkg/generated/models/cose.go pkg/generated/models/cose_schema.go pkg/generated/models/cose_v001_schema.go pkg/generated/models/error.go pkg/generated/models/hashedrekord.go pkg/generated/models/hashedrekord_schema.go pkg/generated/models/hashedrekord_v001_schema.go pkg/generated/models/helm.go pkg/generated/models/helm_schema.go pkg/generated/models/helm_v001_schema.go pkg/generated/models/inactive_shard_log_info.go pkg/generated/models/inclusion_proof.go pkg/generated/models/intoto.go pkg/generated/models/intoto_schema.go pkg/generated/models/intoto_v001_schema.go pkg/generated/models/jar.go pkg/generated/models/jar_schema.go pkg/generated/models/jar_v001_schema.go pkg/generated/models/log_entry.go pkg/generated/models/log_info.go pkg/generated/models/proposed_entry.go pkg/generated/models/rekord.go pkg/generated/models/rekord_schema.go pkg/generated/models/rekord_v001_schema.go pkg/generated/models/rekor_version.go pkg/generated/models/rfc3161.go pkg/generated/models/rfc3161_schema.go pkg/generated/models/rfc3161_v001_schema.go pkg/generated/models/rpm.go pkg/generated/models/rpm_schema.go pkg/generated/models/rpm_v001_schema.go pkg/generated/models/search_index.go pkg/generated/models/search_log_query.go pkg/generated/models/tuf.go pkg/generated/models/tuf_schema.go pkg/generated/models/tuf_v001_schema.go pkg/generated/restapi/doc.go pkg/generated/restapi/embedded_spec.go pkg/generated/restapi/operations/entries/create_log_entry.go pkg/generated/restapi/operations/entries/create_log_entry_parameters.go pkg/generated/restapi/operations/entries/create_log_entry_responses.go pkg/generated/restapi/operations/entries/create_log_entry_urlbuilder.go pkg/generated/restapi/operations/entries/get_log_entry_by_index.go pkg/generated/restapi/operations/entries/get_log_entry_by_index_parameters.go pkg/generated/restapi/operations/entries/get_log_entry_by_index_responses.go pkg/generated/restapi/operations/entries/get_log_entry_by_index_urlbuilder.go pkg/generated/restapi/operations/entries/get_log_entry_by_uuid.go pkg/generated/restapi/operations/entries/get_log_entry_by_uuid_parameters.go pkg/generated/restapi/operations/entries/get_log_entry_by_uuid_responses.go pkg/generated/restapi/operations/entries/get_log_entry_by_uuid_urlbuilder.go pkg/generated/restapi/operations/entries/search_log_query.go pkg/generated/restapi/operations/entries/search_log_query_parameters.go pkg/generated/restapi/operations/entries/search_log_query_responses.go pkg/generated/restapi/operations/entries/search_log_query_urlbuilder.go pkg/generated/restapi/operations/index/search_index.go pkg/generated/restapi/operations/index/search_index_parameters.go pkg/generated/restapi/operations/index/search_index_responses.go pkg/generated/restapi/operations/index/search_index_urlbuilder.go pkg/generated/restapi/operations/pubkey/get_public_key.go pkg/generated/restapi/operations/pubkey/get_public_key_parameters.go pkg/generated/restapi/operations/pubkey/get_public_key_responses.go pkg/generated/restapi/operations/pubkey/get_public_key_urlbuilder.go pkg/generated/restapi/operations/rekor_server_api.go pkg/generated/restapi/operations/server/get_rekor_version.go pkg/generated/restapi/operations/server/get_rekor_version_parameters.go pkg/generated/restapi/operations/server/get_rekor_version_responses.go pkg/generated/restapi/operations/server/get_rekor_version_urlbuilder.go pkg/generated/restapi/operations/tlog/get_log_info.go pkg/generated/restapi/operations/tlog/get_log_info_parameters.go pkg/generated/restapi/operations/tlog/get_log_info_responses.go pkg/generated/restapi/operations/tlog/get_log_info_urlbuilder.go pkg/generated/restapi/operations/tlog/get_log_proof.go pkg/generated/restapi/operations/tlog/get_log_proof_parameters.go pkg/generated/restapi/operations/tlog/get_log_proof_responses.go pkg/generated/restapi/operations/tlog/get_log_proof_urlbuilder.go pkg/generated/restapi/server.go
+SWAGGER_GEN=pkg/generated/client/entries/create_log_entry_parameters.go pkg/generated/client/entries/create_log_entry_responses.go pkg/generated/client/entries/entries_client.go pkg/generated/client/entries/get_log_entry_by_index_parameters.go pkg/generated/client/entries/get_log_entry_by_index_responses.go pkg/generated/client/entries/get_log_entry_by_uuid_parameters.go pkg/generated/client/entries/get_log_entry_by_uuid_responses.go pkg/generated/client/entries/search_log_query_parameters.go pkg/generated/client/entries/search_log_query_responses.go pkg/generated/client/index/index_client.go pkg/generated/client/index/search_index_parameters.go pkg/generated/client/index/search_index_responses.go pkg/generated/client/pubkey/get_public_key_parameters.go pkg/generated/client/pubkey/get_public_key_responses.go pkg/generated/client/pubkey/pubkey_client.go pkg/generated/client/rekor_client.go pkg/generated/client/server/get_rekor_version_parameters.go pkg/generated/client/server/get_rekor_version_responses.go pkg/generated/client/server/server_client.go pkg/generated/client/tlog/get_log_info_parameters.go pkg/generated/client/tlog/get_log_info_responses.go pkg/generated/client/tlog/get_log_proof_parameters.go pkg/generated/client/tlog/get_log_proof_responses.go pkg/generated/client/tlog/tlog_client.go pkg/generated/models//alpine.go pkg/generated/models//alpine_schema.go pkg/generated/models//alpine_v001_schema.go pkg/generated/models//consistency_proof.go pkg/generated/models//cose.go pkg/generated/models//cose_schema.go pkg/generated/models//cose_v001_schema.go pkg/generated/models//error.go pkg/generated/models//hashedrekord.go pkg/generated/models//hashedrekord_schema.go pkg/generated/models//hashedrekord_v001_schema.go pkg/generated/models//helm.go pkg/generated/models//helm_schema.go pkg/generated/models//helm_v001_schema.go pkg/generated/models//inactive_shard_log_info.go pkg/generated/models//inclusion_proof.go pkg/generated/models//intoto.go pkg/generated/models//intoto_schema.go pkg/generated/models//intoto_v001_schema.go pkg/generated/models//jar.go pkg/generated/models//jar_schema.go pkg/generated/models//jar_v001_schema.go pkg/generated/models//log_entry.go pkg/generated/models//log_info.go pkg/generated/models//proposed_entry.go pkg/generated/models//rekord.go pkg/generated/models//rekord_schema.go pkg/generated/models//rekord_v001_schema.go pkg/generated/models//rekor_version.go pkg/generated/models//rfc3161.go pkg/generated/models//rfc3161_schema.go pkg/generated/models//rfc3161_v001_schema.go pkg/generated/models//rpm.go pkg/generated/models//rpm_schema.go pkg/generated/models//rpm_v001_schema.go pkg/generated/models//search_index.go pkg/generated/models//search_log_query.go pkg/generated/models//tuf.go pkg/generated/models//tuf_schema.go pkg/generated/models//tuf_v001_schema.go pkg/generated/restapi//doc.go pkg/generated/restapi//embedded_spec.go pkg/generated/restapi//operations/entries/create_log_entry.go pkg/generated/restapi//operations/entries/create_log_entry_parameters.go pkg/generated/restapi//operations/entries/create_log_entry_responses.go pkg/generated/restapi//operations/entries/create_log_entry_urlbuilder.go pkg/generated/restapi//operations/entries/get_log_entry_by_index.go pkg/generated/restapi//operations/entries/get_log_entry_by_index_parameters.go pkg/generated/restapi//operations/entries/get_log_entry_by_index_responses.go pkg/generated/restapi//operations/entries/get_log_entry_by_index_urlbuilder.go pkg/generated/restapi//operations/entries/get_log_entry_by_uuid.go pkg/generated/restapi//operations/entries/get_log_entry_by_uuid_parameters.go pkg/generated/restapi//operations/entries/get_log_entry_by_uuid_responses.go pkg/generated/restapi//operations/entries/get_log_entry_by_uuid_urlbuilder.go pkg/generated/restapi//operations/entries/search_log_query.go pkg/generated/restapi//operations/entries/search_log_query_parameters.go pkg/generated/restapi//operations/entries/search_log_query_responses.go pkg/generated/restapi//operations/entries/search_log_query_urlbuilder.go pkg/generated/restapi//operations/index/search_index.go pkg/generated/restapi//operations/index/search_index_parameters.go pkg/generated/restapi//operations/index/search_index_responses.go pkg/generated/restapi//operations/index/search_index_urlbuilder.go pkg/generated/restapi//operations/pubkey/get_public_key.go pkg/generated/restapi//operations/pubkey/get_public_key_parameters.go pkg/generated/restapi//operations/pubkey/get_public_key_responses.go pkg/generated/restapi//operations/pubkey/get_public_key_urlbuilder.go pkg/generated/restapi//operations/rekor_server_api.go pkg/generated/restapi//operations/server/get_rekor_version.go pkg/generated/restapi//operations/server/get_rekor_version_parameters.go pkg/generated/restapi//operations/server/get_rekor_version_responses.go pkg/generated/restapi//operations/server/get_rekor_version_urlbuilder.go pkg/generated/restapi//operations/tlog/get_log_info.go pkg/generated/restapi//operations/tlog/get_log_info_parameters.go pkg/generated/restapi//operations/tlog/get_log_info_responses.go pkg/generated/restapi//operations/tlog/get_log_info_urlbuilder.go pkg/generated/restapi//operations/tlog/get_log_proof.go pkg/generated/restapi//operations/tlog/get_log_proof_parameters.go pkg/generated/restapi//operations/tlog/get_log_proof_responses.go pkg/generated/restapi//operations/tlog/get_log_proof_urlbuilder.go pkg/generated/restapi//server.go
diff --git a/cmd/rekor-cli/app/pflags.go b/cmd/rekor-cli/app/pflags.go
@@ -38,6 +38,7 @@ const (
 	uuidFlag      FlagType = "uuid"
 	shaFlag       FlagType = "sha"
 	emailFlag     FlagType = "email"
+	operatorFlag  FlagType = "operator"
 	logIndexFlag  FlagType = "logIndex"
 	pkiFormatFlag FlagType = "pkiFormat"
 	typeFlag      FlagType = "type"
@@ -67,6 +68,10 @@ func initializePFlagMap() {
 			// this validates a valid sha256 checksum which is optionally prefixed with 'sha256:'
 			return valueFactory(shaFlag, validateSHAValue, "")
 		},
+		operatorFlag: func() pflag.Value {
+			// this validates a valid operator name
+			return valueFactory(shaFlag, validateString(""), "")
+		},
 		emailFlag: func() pflag.Value {
 			// this validates an email address
 			return valueFactory(emailFlag, validateString("required,email"), "")

diff --git a/cmd/rekor-cli/app/search.go b/cmd/rekor-cli/app/search.go
@@ -58,6 +58,8 @@ func addSearchPFlags(cmd *cobra.Command) error {
 	cmd.Flags().Var(NewFlagValue(shaFlag, ""), "sha", "the SHA256 or SHA1 sum of the artifact")
 
 	cmd.Flags().Var(NewFlagValue(emailFlag, ""), "email", "email associated with the public key's subject")
+
+	cmd.Flags().Var(NewFlagValue(operatorFlag, ""), "operator", "operator to use for the search")
 	return nil
 }
 
@@ -142,6 +144,8 @@ var searchCmd = &cobra.Command{
 			params.Query.Hash = "sha256:" + hashVal
 		}
 
+		params.Query.Operator = viper.GetString("operator")
+
 		publicKeyStr := viper.GetString("public-key")
 		if publicKeyStr != "" {
 			params.Query.PublicKey = &models.SearchIndexPublicKey{}

diff --git a/openapi.yaml b/openapi.yaml
@@ -510,6 +510,9 @@ definitions:
       hash:
         type: string
         pattern: '^(sha256:)?[0-9a-fA-F]{64}$|^(sha1:)?[0-9a-fA-F]{40}$'
+      operator:
+        type: string
+        enum: ['and','or']
 
   SearchLogQuery:
     type: object

diff --git a/pkg/api/index.go b/pkg/api/index.go
@@ -34,16 +34,23 @@ import (
 
 func SearchIndexHandler(params index.SearchIndexParams) middleware.Responder {
 	httpReqCtx := params.HTTPRequest.Context()
+	var result Container
+
+	// default behaviour mimics "or"
+	if params.Query.Operator == "and" {
+		result = make(Uniq)
+	} else {
+		result = &Arr{}
+	}
 
-	var result []string
 	if params.Query.Hash != "" {
 		// This must be a valid sha256 hash
 		sha := util.PrefixSHA(params.Query.Hash)
 		var resultUUIDs []string
 		if err := redisClient.Do(httpReqCtx, radix.Cmd(&resultUUIDs, "LRANGE", strings.ToLower(sha), "0", "-1")); err != nil {
 			return handleRekorAPIError(params, http.StatusInternalServerError, err, redisUnexpectedResult)
 		}
-		result = append(result, resultUUIDs...)
+		result.Add(resultUUIDs)
 	}
 	if params.Query.PublicKey != nil {
 		af, err := pki.NewArtifactFactory(pki.Format(swag.StringValue(params.Query.PublicKey.Format)))
@@ -70,17 +77,17 @@ func SearchIndexHandler(params index.SearchIndexParams) middleware.Responder {
 		if err := redisClient.Do(httpReqCtx, radix.Cmd(&resultUUIDs, "LRANGE", strings.ToLower(hex.EncodeToString(keyHash[:])), "0", "-1")); err != nil {
 			return handleRekorAPIError(params, http.StatusInternalServerError, err, redisUnexpectedResult)
 		}
-		result = append(result, resultUUIDs...)
+		result.Add(resultUUIDs)
 	}
 	if params.Query.Email != "" {
 		var resultUUIDs []string
 		if err := redisClient.Do(httpReqCtx, radix.Cmd(&resultUUIDs, "LRANGE", strings.ToLower(params.Query.Email.String()), "0", "-1")); err != nil {
 			return handleRekorAPIError(params, http.StatusInternalServerError, err, redisUnexpectedResult)
 		}
-		result = append(result, resultUUIDs...)
+		result.Add(resultUUIDs)
 	}
 
-	return index.NewSearchIndexOK().WithPayload(result)
+	return index.NewSearchIndexOK().WithPayload(result.Result())
 }
 
 func SearchIndexNotImplementedHandler(params index.SearchIndexParams) middleware.Responder {
@@ -100,3 +107,32 @@ func addToIndex(ctx context.Context, key, value string) error {
 func storeAttestation(ctx context.Context, uuid string, attestation []byte) error {
 	return storageClient.StoreAttestation(ctx, uuid, attestation)
 }
+
+type Container interface {
+	Add([]string)
+	Result() []string
+}
+
+type Uniq map[string]struct{}
+
+func (u Uniq) Add(elements []string) {
+	for _, v := range elements {
+		u[v] = struct{}{}
+	}
+}
+func (u Uniq) Result() []string {
+	var result []string
+	for k := range u {
+		result = append(result, k)
+	}
+	return result
+}
+
+type Arr []string
+
+func (a *Arr) Add(elements []string) {
+	*a = append(*a, elements...)
+}
+func (a Arr) Result() []string {
+	return a
+}
diff --git a/pkg/generated/models/search_index.go b/pkg/generated/models/search_index.go
diff --git a/pkg/generated/restapi/embedded_spec.go b/pkg/generated/restapi/embedded_spec.go