diff --git a/pkg/chains/storage/oci/legacy.go b/pkg/chains/storage/oci/legacy.go index 1994a62694..e37a82cb6c 100644 --- a/pkg/chains/storage/oci/legacy.go +++ b/pkg/chains/storage/oci/legacy.go @@ -18,27 +18,23 @@ import ( "encoding/base64" "encoding/json" "fmt" - - "github.com/tektoncd/chains/pkg/chains/formats" - "github.com/tektoncd/chains/pkg/chains/objects" - "github.com/tektoncd/chains/pkg/chains/signing" - "github.com/tektoncd/chains/pkg/chains/storage/api" - - "knative.dev/pkg/logging" - - "github.com/in-toto/in-toto-golang/in_toto" - "github.com/secure-systems-lab/go-securesystemslib/dsse" - "github.com/google/go-containerregistry/pkg/authn/k8schain" "github.com/google/go-containerregistry/pkg/name" "github.com/google/go-containerregistry/pkg/v1/remote" + "github.com/in-toto/in-toto-golang/in_toto" "github.com/pkg/errors" + "github.com/secure-systems-lab/go-securesystemslib/dsse" "github.com/sigstore/cosign/v2/pkg/oci" ociremote "github.com/sigstore/cosign/v2/pkg/oci/remote" "github.com/tektoncd/chains/pkg/artifacts" + "github.com/tektoncd/chains/pkg/chains/formats" "github.com/tektoncd/chains/pkg/chains/formats/simple" + "github.com/tektoncd/chains/pkg/chains/objects" + "github.com/tektoncd/chains/pkg/chains/signing" + "github.com/tektoncd/chains/pkg/chains/storage/api" "github.com/tektoncd/chains/pkg/config" "k8s.io/client-go/kubernetes" + "knative.dev/pkg/logging" ) const StorageBackendOCI = "oci" @@ -54,7 +50,8 @@ type Backend struct { // NewStorageBackend returns a new OCI StorageBackend that stores signatures in an OCI registry func NewStorageBackend(ctx context.Context, client kubernetes.Interface, cfg config.Config) *Backend { return &Backend{ - cfg: cfg, + cfg: cfg, + client: client, getAuthenticator: func(ctx context.Context, obj objects.TektonObject, client kubernetes.Interface) (remote.Option, error) { kc, err := k8schain.New(ctx, client, @@ -279,15 +276,25 @@ func (b *Backend) RetrieveArtifact(ctx context.Context, obj objects.TektonObject } func newDigest(cfg config.Config, imageName string) (name.Digest, error) { - // Override image name from config if set. - if r := cfg.Storage.OCI.Repository; r != "" { - imageName = r - } - var opts []name.Option if cfg.Storage.OCI.Insecure { opts = append(opts, name.Insecure) } + if storageOCIRepository := cfg.Storage.OCI.Repository; storageOCIRepository != "" { + digest, err := name.NewDigest(imageName, opts...) + if err != nil { + return name.Digest{}, err + } + digestSha := digest.DigestStr() + + newRepo, err := name.NewRepository(storageOCIRepository) + if err != nil { + return name.Digest{}, err + } + + imageName = newRepo.Digest(digestSha).Name() + } + return name.NewDigest(imageName, opts...) } diff --git a/pkg/chains/storage/oci/legacy_test.go b/pkg/chains/storage/oci/legacy_test.go new file mode 100644 index 0000000000..0fdb49d919 --- /dev/null +++ b/pkg/chains/storage/oci/legacy_test.go @@ -0,0 +1,38 @@ +package oci + +import ( + "testing" + + "github.com/stretchr/testify/assert" + "github.com/tektoncd/chains/pkg/config" +) + +func TestStorageOCIRepo(t *testing.T) { + cfg := config.Config{} + cfg.Storage.OCI.Repository = "quay.io/concaf" + tests := []struct { + testImageName string + expectedImageName string + }{ + { + testImageName: "gcr.io/tekton-releases/github.com/tektoncd/pipeline/cmd/git-init@sha256:bc4f7468f87486e3835b09098c74cd7f54db2cf697cbb9b824271b95a2d0871e", + expectedImageName: "quay.io/concaf@sha256:bc4f7468f87486e3835b09098c74cd7f54db2cf697cbb9b824271b95a2d0871e", + }, + { + testImageName: "docker.io/puneet2147/kaniko-chains@sha256:bc4f7468f87486e3835b09098c74cd7f54db2cf697cbb9b824271b95a2d0871e", + expectedImageName: "quay.io/concaf@sha256:bc4f7468f87486e3835b09098c74cd7f54db2cf697cbb9b824271b95a2d0871e", + }, + { + testImageName: "registry.com/spam/spam/spam/spam/spam/spam@sha256:bc4f7468f87486e3835b09098c74cd7f54db2cf697cbb9b824271b95a2d0871e", + expectedImageName: "quay.io/concaf@sha256:bc4f7468f87486e3835b09098c74cd7f54db2cf697cbb9b824271b95a2d0871e", + }, + } + + for _, test := range tests { + digest, err := newDigest(cfg, test.testImageName) + if err != nil { + t.Error(err) + } + assert.Equal(t, digest.Name(), test.expectedImageName) + } +}