From cc29b5df1b9688251b5f83ea0e59a28d0b40b823 Mon Sep 17 00:00:00 2001 From: Tore Martin Hagen Date: Tue, 10 Dec 2024 11:01:55 +0100 Subject: [PATCH] Deprecated registryProviderFlag and updated docs --- cmd/kosli/cli_utils.go | 47 +++++----------------------------------- cmd/kosli/fingerprint.go | 14 +++++++++--- cmd/kosli/flags.go | 9 ++++++++ cmd/kosli/root.go | 26 +++++++++++----------- 4 files changed, 38 insertions(+), 58 deletions(-) diff --git a/cmd/kosli/cli_utils.go b/cmd/kosli/cli_utils.go index 09c61bd5a..6e07e903d 100644 --- a/cmd/kosli/cli_utils.go +++ b/cmd/kosli/cli_utils.go @@ -410,42 +410,8 @@ func GetSha256Digest(artifactName string, o *fingerprintOptions, logger *log.Log case "oci": fingerprint, err = digest.OciSha256(artifactName, o.registryUsername, o.registryPassword) case "docker": - if o.registryProvider != "" { - var providerInfo *registryProviderEndpoints - providerInfo, err = getRegistryEndpointForProvider(o.registryProvider) - if err != nil { - return "", err - } - - nameSlice := strings.Split(artifactName, ":") - if len(nameSlice) < 2 { - nameSlice = append(nameSlice, "latest") - } - imageName := nameSlice[0] - imageTag := nameSlice[1] - - if strings.Contains(nameSlice[0], "/") { - strSlice := strings.Split(nameSlice[0], "/") - urlOrRepo := strSlice[0] - if strings.Contains(urlOrRepo, ".") { - imageName = strings.TrimPrefix(nameSlice[0], urlOrRepo+"/") - } - } - - if !strings.Contains(imageName, "/") && o.registryProvider == "dockerhub" { - imageName = fmt.Sprintf("library/%s", imageName) - } - - token, err := getDockerRegistryAPIToken(providerInfo, o.registryUsername, o.registryPassword, imageName) - if err != nil { - return "", err - } - - fingerprint, err = digest.RemoteDockerImageSha256(imageName, imageTag, providerInfo.mainApi, token, logger) - if err != nil { - return "", err - } - + if o.registryUsername != "" { + fingerprint, err = digest.OciSha256(artifactName, o.registryUsername, o.registryPassword) } else { fingerprint, err = digest.DockerImageSha256(artifactName) } @@ -540,13 +506,10 @@ func ValidateAttestationArtifactArg(args []string, artifactType, inputSha256 str // remote digest. func ValidateRegistryFlags(cmd *cobra.Command, o *fingerprintOptions) error { if o.artifactType != "docker" && o.artifactType != "oci" && (o.registryPassword != "" || o.registryUsername != "") { - return ErrorBeforePrintingUsage(cmd, "--registry-provider, --registry-username and registry-password are only applicable when --artifact-type is 'docker'") - } - if o.registryProvider != "" && (o.registryPassword == "" || o.registryUsername == "") { - return ErrorBeforePrintingUsage(cmd, "both --registry-username and registry-password are required when --registry-provider is used") + return ErrorBeforePrintingUsage(cmd, "--registry-username and registry-password are only applicable when --artifact-type is 'docker' or 'oci'") } - if o.registryProvider == "" && o.artifactType != "oci" && (o.registryPassword != "" || o.registryUsername != "") { - return ErrorBeforePrintingUsage(cmd, "--registry-username and registry-password are only used when --registry-provider is used") + if (o.registryPassword == "" && o.registryUsername != "") || (o.registryPassword != "" && o.registryUsername == "") { + return ErrorBeforePrintingUsage(cmd, "--registry-username and registry-password must both be set") } return nil } diff --git a/cmd/kosli/fingerprint.go b/cmd/kosli/fingerprint.go index 20fc52e53..6a0c4ff92 100644 --- a/cmd/kosli/fingerprint.go +++ b/cmd/kosli/fingerprint.go @@ -19,9 +19,10 @@ plus the ability to use recursive globs "**" const fingerprintLongDesc = fingerprintShortDesc + ` Requires ^--artifact-type^ flag to be set. -Artifact type can be one of: "file" for files, "dir" for directories, "docker" for docker images. +Artifact type can be one of: "file" for files, "dir" for directories, "oci" for container +images in registries or "docker" for local docker images. -Fingerprinting docker images can be done using the local docker daemon or the fingerprint can be fetched +Fingerprinting container images can be done using the local docker daemon or the fingerprint can be fetched from a remote registry. ` + fingerprintDirSynopsis @@ -36,8 +37,14 @@ kosli fingerprint --artifact-type dir mydir # fingerprint a dir while excluding paths kosli fingerprint --artifact-type dir --exclude logs --exclude *.exe mydir -# fingerprint a locally available docker image +# fingerprint a locally available docker image (requires docker daemon running) kosli fingerprint --artifact-type docker nginx:latest + +# fingerprint a public image from a remote registry +kosli fingerprint --artifact-type oci nginx:latest + +# fingerprint a private image from a remote registry +kosli fingerprint --artifact-type oci private:latest --registry-username YourUsername --registry-password YourPassword ` type fingerprintOptions struct { @@ -74,6 +81,7 @@ func newFingerprintCmd(out io.Writer) *cobra.Command { err = DeprecateFlags(cmd, map[string]string{ "e": "use -x instead", }) + if err != nil { logger.Error("failed to configure deprecated flags: %v", err) } diff --git a/cmd/kosli/flags.go b/cmd/kosli/flags.go index 08d6c8beb..95a0bf952 100644 --- a/cmd/kosli/flags.go +++ b/cmd/kosli/flags.go @@ -7,6 +7,7 @@ import ( ghUtils "github.com/kosli-dev/cli/internal/github" gitlabUtils "github.com/kosli-dev/cli/internal/gitlab" "github.com/spf13/cobra" + "log" ) // allowed commit redaction values @@ -22,6 +23,14 @@ func addFingerprintFlags(cmd *cobra.Command, o *fingerprintOptions) { cmd.Flags().StringVar(&o.registryUsername, "registry-username", "", registryUsernameFlag) cmd.Flags().StringVar(&o.registryPassword, "registry-password", "", registryPasswordFlag) cmd.Flags().StringSliceVarP(&o.excludePaths, "exclude", "x", []string{}, excludePathsFlag) + + err := DeprecateFlags(cmd, map[string]string{ + "registry-provider": "no longer used", + }) + + if err != nil { + log.Fatalf("failed to configure deprecated flags: %v", err) + } } func addAWSAuthFlags(cmd *cobra.Command, o *aws.AWSStaticCreds) { diff --git a/cmd/kosli/root.go b/cmd/kosli/root.go index e65f84edf..f666e72ce 100644 --- a/cmd/kosli/root.go +++ b/cmd/kosli/root.go @@ -40,7 +40,15 @@ const ( credentialsStoreKeySecretName = "kosli-encryption-key" // the following constants are used in the docs/help - fingerprintDesc = "The artifact SHA256 fingerprint is calculated (based on the ^--artifact-type^ flag and the artifact name/path argument) or can be provided directly (with the ^--fingerprint^ flag)." + fingerprintDesc = ` +The artifact fingerprint can be provided directly with the ^--fingerprint^ flag, or +calculated based on ^--artifact-type^ flag. + +Artifact type can be one of: "file" for files, "dir" for directories, "oci" for container +images in registries or "docker" for local docker images. + +` + attestationBindingDesc = ` The attestation can be bound to a trail using the trail name. @@ -82,20 +90,17 @@ The ^.kosli_ignore^ will be treated as part of the artifact like any other file, maxAPIRetryFlag = "[defaulted] How many times should API calls be retried when the API host is not reachable." configFileFlag = "[optional] The Kosli config file path." debugFlag = "[optional] Print debug logs to stdout. A boolean flag https://docs.kosli.com/faq/#boolean-flags (default false)" - artifactTypeFlag = "The type of the artifact to calculate its SHA256 fingerprint. One of: [docker, file, dir]. Only required if you want Kosli to calculate the fingerprint for you (i.e. when you don't specify '--fingerprint' on commands that allow it)." + artifactTypeFlag = "The type of the artifact to calculate its SHA256 fingerprint. One of: [oci, docker, file, dir]. Only required if you want Kosli to calculate the fingerprint for you (i.e. when you don't specify '--fingerprint' on commands that allow it)." flowNameFlag = "The Kosli flow name." trailNameFlag = "The Kosli trail name." trailNameFlagOptional = "[optional] The Kosli trail name." templateArtifactName = "The name of the artifact in the yml template file." flowNamesFlag = "[defaulted] The comma separated list of Kosli flows. Defaults to all flows of the org." - newFlowFlag = "The name of the flow to be created or updated." outputFlag = "[defaulted] The format of the output. Valid formats are: [table, json]." - pipefileFlag = "[deprecated] The path to the JSON pipefile." environmentNameFlag = "The environment name." approvalEnvironmentNameFlag = "[defaulted] The environment the artifact is approved for. (defaults to all environments)" pageNumberFlag = "[defaulted] The page number of a response." pageLimitFlag = "[defaulted] The number of elements per page." - newEnvNameFlag = "The name of environment to be created." newEnvTypeFlag = "The type of environment. Valid types are: [K8S, ECS, server, S3, lambda, docker, azure-apps, logical]." envAllowListFlag = "The environment name for which the artifact is allowlisted." reasonFlag = "The reason why this artifact is allowlisted." @@ -103,7 +108,6 @@ The ^.kosli_ignore^ will be treated as part of the artifact like any other file, newestCommitFlag = "[defaulted] The source commit sha for the newest change in the deployment. Can be any commit-ish." repoRootFlag = "[defaulted] The directory where the source git repository is available." approvalDescriptionFlag = "[optional] The approval description." - artifactDescriptionFlag = "[optional] The artifact description." deploymentDescriptionFlag = "[optional] The deployment description." evidenceDescriptionFlag = "[optional] The evidence description." jiraBaseUrlFlag = "The base url for the jira project, e.g. 'https://kosli.atlassian.net'" @@ -128,7 +132,6 @@ The ^.kosli_ignore^ will be treated as part of the artifact like any other file, buildUrlFlag = "The url of CI pipeline that built the artifact. (defaulted in some CIs: https://docs.kosli.com/ci-defaults )." commitUrlFlag = "The url for the git commit that created the artifact. (defaulted in some CIs: https://docs.kosli.com/ci-defaults )." evidenceCompliantFlag = "[defaulted] Whether the evidence is compliant or not. A boolean flag https://docs.kosli.com/faq/#boolean-flags" - evidenceTypeFlag = "The type of evidence being reported." bbUsernameFlag = "Bitbucket username." bbPasswordFlag = "Bitbucket App password. See https://developer.atlassian.com/cloud/bitbucket/rest/intro/#authentication for more details." bbWorkspaceFlag = "Bitbucket workspace ID." @@ -141,7 +144,6 @@ The ^.kosli_ignore^ will be treated as part of the artifact like any other file, azureTokenFlag = "Azure Personal Access token." azureProjectFlag = "Azure project.(defaulted if you are running in Azure Devops pipelines: https://docs.kosli.com/ci-defaults )." azureOrgUrlFlag = "Azure organization url. E.g. \"https://dev.azure.com/myOrg\" (defaulted if you are running in Azure Devops pipelines: https://docs.kosli.com/ci-defaults )." - azureBaseURLFlag = "[optional] Azure Devops base URL." azureClientIdFlag = "Azure client ID." azureClientSecretFlag = "Azure client secret." azureTenantIdFlag = "Azure tenant ID." @@ -154,9 +156,9 @@ The ^.kosli_ignore^ will be treated as part of the artifact like any other file, gitlabTokenFlag = "Gitlab token." gitlabOrgFlag = "Gitlab organization. (defaulted if you are running in Gitlab Pipelines: https://docs.kosli.com/ci-defaults )." gitlabBaseURLFlag = "[optional] Gitlab base URL (only needed for on-prem Gitlab installations)." - registryProviderFlag = "[conditional] The docker registry provider or url. Only required if you want to read docker image SHA256 digest from a remote docker registry." - registryUsernameFlag = "[conditional] The docker registry username. Only required if you want to read docker image SHA256 digest from a remote docker registry." - registryPasswordFlag = "[conditional] The docker registry password or access token. Only required if you want to read docker image SHA256 digest from a remote docker registry." + registryProviderFlag = "[deprecated] The docker registry provider or url. Only required if you want to read docker image SHA256 digest from a remote docker registry." + registryUsernameFlag = "[conditional] The container registry username. Only required if you want to read container image SHA256 digest from a remote container registry." + registryPasswordFlag = "[conditional] The container registry password or access token. Only required if you want to read container image SHA256 digest from a remote container registry." resultsDirFlag = "[defaulted] The path to a directory with JUnit test results. By default, the directory will be uploaded to Kosli's evidence vault." snykJsonResultsFileFlag = "The path to Snyk SARIF or JSON scan results file from 'snyk test' and 'snyk container test'. By default, the Snyk results will be uploaded to Kosli's evidence vault." snykSarifResultsFileFlag = "The path to Snyk scan SARIF results file from 'snyk test' and 'snyk container test'. By default, the Snyk results will be uploaded to Kosli's evidence vault." @@ -187,14 +189,12 @@ The ^.kosli_ignore^ will be treated as part of the artifact like any other file, excludePathsFlag = "[optional] The comma separated list of directories and files to exclude from fingerprinting. Can take glob patterns. Only applicable for --artifact-type dir." serverExcludePathsFlag = "[optional] The comma separated list of directories and files to exclude from fingerprinting. Can take glob patterns." shortFlag = "[optional] Print only the Kosli CLI version number." - longFlag = "[optional] Print detailed output." reverseFlag = "[defaulted] Reverse the order of output list." evidenceNameFlag = "The name of the evidence." evidenceFingerprintFlag = "[optional] The SHA256 fingerprint of the evidence file or dir." evidenceURLFlag = "[optional] The external URL where the evidence file or dir is stored." evidencePathsFlag = "[optional] The comma-separated list of paths containing supporting proof for the reported evidence. Paths can be for files or directories. All provided proofs will be uploaded to Kosli's evidence vault." fingerprintFlag = "[conditional] The SHA256 fingerprint of the artifact. Only required if you don't specify '--artifact-type'." - evidenceCommitFlag = "The git commit SHA1 for which the evidence belongs. (defaulted in some CIs: https://docs.kosli.com/ci-defaults )." intervalFlag = "[optional] Expression to define specified snapshots range." showUnchangedArtifactsFlag = "[defaulted] Show the unchanged artifacts present in both snapshots within the diff output." approverFlag = "[optional] The user approving an approval."