Provide digital signature info of the related chart version

This commit is contained in:
Steven Zou 2018-07-27 15:07:22 +08:00
parent c3106fc447
commit 4b1f0470ca
3 changed files with 33 additions and 0 deletions

View File

@ -25,6 +25,19 @@ type ChartVersionDetails struct {
Dependencies []*chartutil.Dependency `json:"dependencies"`
Values map[string]interface{} `json:"values"`
Files map[string]string `json:"files"`
Security *SecurityReport `json:"security"`
}
//SecurityReport keeps the info related with security
//e.g.: digital signature, vulnerability scanning etc.
type SecurityReport struct {
Signature *DigitalSignature `json:"signature"`
}
//DigitalSignature used to indicate if the chart has been signed
type DigitalSignature struct {
Signed bool `json:"signed"`
Provenance string `json:"prov_file"`
}
//ChartInfo keeps the information of the chart

View File

@ -115,6 +115,26 @@ func (mh *ManipulationHandler) GetChartVersion(w http.ResponseWriter, req *http.
}
chartDetails.Metadata = chartV
//Generate the security report
//prov file share same endpoint with the chart version
//Just add .prov suffix to the chart version to form the path of prov file
//Anyway, there will be a report about the digital signature status
chartDetails.Security = &SecurityReport{
Signature: &DigitalSignature{
Signed: false,
},
}
//Try to get the prov file to confirm if it is exitsing
provFilePath := fmt.Sprintf("%s.prov", chartV.URLs[0])
provBytes, err := mh.getChartVersionContent(namespace, provFilePath)
if err == nil && len(provBytes) > 0 {
chartDetails.Security.Signature.Signed = true
chartDetails.Security.Signature.Provenance = provFilePath
} else {
//Just log it
hlog.Errorf("Failed to get prov file for chart %s with error: %s, got %d bytes", chartV.Name, err.Error(), len(provBytes))
}
//Put it into the cache for next access
mh.chartCache.PutChart(chartDetails)
} else {

Binary file not shown.