kyverno/pkg/imageverification/imageverifierfunctions/utils.go

package imageverifierfunctions

import (
	"github.com/kyverno/kyverno/api/policies.kyverno.io/v1alpha1"
	"github.com/kyverno/kyverno/pkg/imageverification/imagedataloader"
)

func attestorMap(ivpol *v1alpha1.ImageVerificationPolicy) map[string]v1alpha1.Attestor {
	if ivpol == nil {
		return nil
	}

	return arrToMap(ivpol.Spec.Attestors)
}

func attestationMap(ivpol *v1alpha1.ImageVerificationPolicy) map[string]v1alpha1.Attestation {
	if ivpol == nil {
		return nil
	}

	return arrToMap(ivpol.Spec.Attestations)
}

type ARR_TYPE interface {
	GetKey() string
}

func arrToMap[T ARR_TYPE](arr []T) map[string]T {
	m := make(map[string]T)
	for _, v := range arr {
		m[v.GetKey()] = v
	}

	return m
}

func GetRemoteOptsFromPolicy(creds *v1alpha1.Credentials) []imagedataloader.Option {
	if creds == nil {
		return []imagedataloader.Option{}
	}

	providers := make([]string, 0, len(creds.Providers))
	if len(creds.Providers) != 0 {
		for _, v := range creds.Providers {
			providers = append(providers, string(v))
		}
	}

	return imagedataloader.BuildRemoteOpts(creds.Secrets, providers, creds.AllowInsecureRegistry)
}
feat: add cel library for image verification (#12233) * feat: concurrently add images to context Signed-off-by: Vishal Choudhary <vishal.choudhary@nirmata.com> * feat: add cel library for image verification Signed-off-by: Vishal Choudhary <vishal.choudhary@nirmata.com> * fix: add tests Signed-off-by: Vishal Choudhary <vishal.choudhary@nirmata.com> * fix: ci Signed-off-by: Vishal Choudhary <vishal.choudhary@nirmata.com> * fix: linter Signed-off-by: Vishal Choudhary <vishal.choudhary@nirmata.com> * fix: type conv Signed-off-by: Vishal Choudhary <vishal.choudhary@nirmata.com> * fix: linter Signed-off-by: Vishal Choudhary <vishal.choudhary@nirmata.com> --------- Signed-off-by: Vishal Choudhary <vishal.choudhary@nirmata.com> Co-authored-by: shuting <shuting@nirmata.com> 2025-02-26 06:26:17 +05:30			`package imageverifierfunctions`

			`import (`
			`"github.com/kyverno/kyverno/api/policies.kyverno.io/v1alpha1"`
			`"github.com/kyverno/kyverno/pkg/imageverification/imagedataloader"`
			`)`

			`func attestorMap(ivpol *v1alpha1.ImageVerificationPolicy) map[string]v1alpha1.Attestor {`
			`if ivpol == nil {`
			`return nil`
			`}`

			`return arrToMap(ivpol.Spec.Attestors)`
			`}`

			`func attestationMap(ivpol *v1alpha1.ImageVerificationPolicy) map[string]v1alpha1.Attestation {`
			`if ivpol == nil {`
			`return nil`
			`}`

			`return arrToMap(ivpol.Spec.Attestations)`
			`}`

			`type ARR_TYPE interface {`
			`GetKey() string`
			`}`

			`func arrToMap[T ARR_TYPE](arr []T) map[string]T {`
			`m := make(map[string]T)`
			`for _, v := range arr {`
			`m[v.GetKey()] = v`
			`}`

			`return m`
			`}`

feat: add evaluator for image verification policies (#12251) * feat: add variables Signed-off-by: Vishal Choudhary <vishal.choudhary@nirmata.com> * feat: implement evaluator Signed-off-by: Vishal Choudhary <vishal.choudhary@nirmata.com> * fix: build Signed-off-by: Vishal Choudhary <vishal.choudhary@nirmata.com> * fix: linter Signed-off-by: Vishal Choudhary <vishal.choudhary@nirmata.com> * fix: unit tests Signed-off-by: Vishal Choudhary <vishal.choudhary@nirmata.com> --------- Signed-off-by: Vishal Choudhary <vishal.choudhary@nirmata.com> 2025-02-27 12:49:11 +05:30			`func GetRemoteOptsFromPolicy(creds *v1alpha1.Credentials) []imagedataloader.Option {`
feat: add cel library for image verification (#12233) * feat: concurrently add images to context Signed-off-by: Vishal Choudhary <vishal.choudhary@nirmata.com> * feat: add cel library for image verification Signed-off-by: Vishal Choudhary <vishal.choudhary@nirmata.com> * fix: add tests Signed-off-by: Vishal Choudhary <vishal.choudhary@nirmata.com> * fix: ci Signed-off-by: Vishal Choudhary <vishal.choudhary@nirmata.com> * fix: linter Signed-off-by: Vishal Choudhary <vishal.choudhary@nirmata.com> * fix: type conv Signed-off-by: Vishal Choudhary <vishal.choudhary@nirmata.com> * fix: linter Signed-off-by: Vishal Choudhary <vishal.choudhary@nirmata.com> --------- Signed-off-by: Vishal Choudhary <vishal.choudhary@nirmata.com> Co-authored-by: shuting <shuting@nirmata.com> 2025-02-26 06:26:17 +05:30			`if creds == nil {`
feat: add evaluator for image verification policies (#12251) * feat: add variables Signed-off-by: Vishal Choudhary <vishal.choudhary@nirmata.com> * feat: implement evaluator Signed-off-by: Vishal Choudhary <vishal.choudhary@nirmata.com> * fix: build Signed-off-by: Vishal Choudhary <vishal.choudhary@nirmata.com> * fix: linter Signed-off-by: Vishal Choudhary <vishal.choudhary@nirmata.com> * fix: unit tests Signed-off-by: Vishal Choudhary <vishal.choudhary@nirmata.com> --------- Signed-off-by: Vishal Choudhary <vishal.choudhary@nirmata.com> 2025-02-27 12:49:11 +05:30			`return []imagedataloader.Option{}`
feat: add cel library for image verification (#12233) * feat: concurrently add images to context Signed-off-by: Vishal Choudhary <vishal.choudhary@nirmata.com> * feat: add cel library for image verification Signed-off-by: Vishal Choudhary <vishal.choudhary@nirmata.com> * fix: add tests Signed-off-by: Vishal Choudhary <vishal.choudhary@nirmata.com> * fix: ci Signed-off-by: Vishal Choudhary <vishal.choudhary@nirmata.com> * fix: linter Signed-off-by: Vishal Choudhary <vishal.choudhary@nirmata.com> * fix: type conv Signed-off-by: Vishal Choudhary <vishal.choudhary@nirmata.com> * fix: linter Signed-off-by: Vishal Choudhary <vishal.choudhary@nirmata.com> --------- Signed-off-by: Vishal Choudhary <vishal.choudhary@nirmata.com> Co-authored-by: shuting <shuting@nirmata.com> 2025-02-26 06:26:17 +05:30			`}`

feat(test): image verification on any payload (#12266) 2025-02-28 14:39:25 +05:30			`providers := make([]string, 0, len(creds.Providers))`
feat: add cel library for image verification (#12233) * feat: concurrently add images to context Signed-off-by: Vishal Choudhary <vishal.choudhary@nirmata.com> * feat: add cel library for image verification Signed-off-by: Vishal Choudhary <vishal.choudhary@nirmata.com> * fix: add tests Signed-off-by: Vishal Choudhary <vishal.choudhary@nirmata.com> * fix: ci Signed-off-by: Vishal Choudhary <vishal.choudhary@nirmata.com> * fix: linter Signed-off-by: Vishal Choudhary <vishal.choudhary@nirmata.com> * fix: type conv Signed-off-by: Vishal Choudhary <vishal.choudhary@nirmata.com> * fix: linter Signed-off-by: Vishal Choudhary <vishal.choudhary@nirmata.com> --------- Signed-off-by: Vishal Choudhary <vishal.choudhary@nirmata.com> Co-authored-by: shuting <shuting@nirmata.com> 2025-02-26 06:26:17 +05:30			`if len(creds.Providers) != 0 {`
			`for _, v := range creds.Providers {`
			`providers = append(providers, string(v))`
			`}`
			`}`

feat(test): image verification on any payload (#12266) 2025-02-28 14:39:25 +05:30			`return imagedataloader.BuildRemoteOpts(creds.Secrets, providers, creds.AllowInsecureRegistry)`
feat: add cel library for image verification (#12233) * feat: concurrently add images to context Signed-off-by: Vishal Choudhary <vishal.choudhary@nirmata.com> * feat: add cel library for image verification Signed-off-by: Vishal Choudhary <vishal.choudhary@nirmata.com> * fix: add tests Signed-off-by: Vishal Choudhary <vishal.choudhary@nirmata.com> * fix: ci Signed-off-by: Vishal Choudhary <vishal.choudhary@nirmata.com> * fix: linter Signed-off-by: Vishal Choudhary <vishal.choudhary@nirmata.com> * fix: type conv Signed-off-by: Vishal Choudhary <vishal.choudhary@nirmata.com> * fix: linter Signed-off-by: Vishal Choudhary <vishal.choudhary@nirmata.com> --------- Signed-off-by: Vishal Choudhary <vishal.choudhary@nirmata.com> Co-authored-by: shuting <shuting@nirmata.com> 2025-02-26 06:26:17 +05:30			`}`