From 7c4972398c6bde32b1db67d397e214cc6bd498ad Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Jos=C3=A9=20Guilherme=20Vanz?= Date: Fri, 2 Feb 2024 16:28:00 -0300 Subject: [PATCH] feat: update policy-evaluator to get new OCI manifest capability. MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Upates the policy-evaluator version in use to allow the usage of the new capability able to fetch OCI image manifests. Signed-off-by: José Guilherme Vanz --- Cargo.lock | 129 ++++++++++++++++++++++++++++++++---------------- Cargo.toml | 2 +- src/policies.rs | 2 +- src/pull.rs | 4 +- src/push.rs | 5 +- 5 files changed, 96 insertions(+), 46 deletions(-) diff --git a/Cargo.lock b/Cargo.lock index 39d085d1..50855571 100644 --- a/Cargo.lock +++ b/Cargo.lock @@ -102,9 +102,9 @@ dependencies = [ [[package]] name = "anstyle" -version = "1.0.5" +version = "1.0.6" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "2faccea4cc4ab4a667ce676a30e8ec13922a692c99bb8f5b11f1502c72e04220" +checksum = "8901269c6307e8d93993578286ac0edf7f195079ffff5ebdeea6a59ffb7e36bc" [[package]] name = "anstyle-parse" @@ -246,7 +246,7 @@ dependencies = [ "futures-io", "futures-lite 2.2.0", "parking", - "polling 3.3.2", + "polling 3.4.0", "rustix 0.38.31", "slab", "tracing", @@ -498,7 +498,7 @@ checksum = "7f30e7476521f6f8af1a1c4c0b8cc94f0bee37d91763d0ca2665f299b6cd8aec" [[package]] name = "burrego" version = "0.3.4" -source = "git+https://github.com/kubewarden/policy-evaluator?tag=v0.14.2#275e402a2f02655babcb68e4a99ad06bd9891c9c" +source = "git+https://github.com/kubewarden/policy-evaluator?tag=v0.15.0#ac2377018cb3cdb1f6f16ab6c7aa51a3b772f92e" dependencies = [ "base64 0.21.7", "chrono", @@ -1551,9 +1551,9 @@ dependencies = [ [[package]] name = "fiat-crypto" -version = "0.2.5" +version = "0.2.6" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "27573eac26f4dd11e2b1916c3fe1baa56407c83c71a773a8ba17ec0bca03b6b7" +checksum = "1676f435fc1dadde4d03e43f5d62b259e1ce5f40bd4ffb21db2b42ebe59c1382" [[package]] name = "filetime" @@ -1945,9 +1945,9 @@ checksum = "95505c38b4572b2d910cecb0281560f54b440a19336cbbcb27bf6ce6adc6f5a8" [[package]] name = "hermit-abi" -version = "0.3.4" +version = "0.3.5" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "5d3d0e0f38255e7fa3cf31335b3a56f05febd18025f4db5ef7a0cfb4f8da651f" +checksum = "d0c62115964e08cb8039170eb33c1d0e2388a256930279edca206fff675f82c3" [[package]] name = "hex" @@ -2074,7 +2074,7 @@ dependencies = [ "http", "hyper", "log", - "rustls", + "rustls 0.21.10", "rustls-native-certs", "tokio", "tokio-rustls", @@ -2417,7 +2417,7 @@ dependencies = [ "kube-core", "pem 3.0.3", "pin-project", - "rustls", + "rustls 0.21.10", "rustls-pemfile", "secrecy", "serde", @@ -2919,6 +2919,31 @@ dependencies = [ "unicase", ] +[[package]] +name = "oci-distribution" +version = "0.10.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "2a635cabf7a6eb4e5f13e9e82bd9503b7c2461bf277132e38638a935ebd684b4" +dependencies = [ + "bytes", + "chrono", + "futures-util", + "http", + "http-auth", + "jwt", + "lazy_static", + "olpc-cjson", + "regex", + "reqwest", + "serde", + "serde_json", + "sha2", + "thiserror", + "tokio", + "tracing", + "unicase", +] + [[package]] name = "oid" version = "0.2.1" @@ -3169,9 +3194,9 @@ checksum = "e3148f5046208a5d56bcfc03053e3ca6334e51da8dfb19b6cdc8b306fae3283e" [[package]] name = "pest" -version = "2.7.6" +version = "2.7.7" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "1f200d8d83c44a45b21764d1916299752ca035d15ecd46faca3e9a2a2bf6ad06" +checksum = "219c0dcc30b6a27553f9cc242972b67f75b60eb0db71f0b5462f38b058c41546" dependencies = [ "memchr", "thiserror", @@ -3180,9 +3205,9 @@ dependencies = [ [[package]] name = "pest_derive" -version = "2.7.6" +version = "2.7.7" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "bcd6ab1236bbdb3a49027e920e693192ebfe8913f6d60e294de57463a493cfde" +checksum = "22e1288dbd7786462961e69bfd4df7848c1e37e8b74303dbdab82c3a9cdd2809" dependencies = [ "pest", "pest_generator", @@ -3190,9 +3215,9 @@ dependencies = [ [[package]] name = "pest_generator" -version = "2.7.6" +version = "2.7.7" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "2a31940305ffc96863a735bef7c7994a00b325a7138fdbc5bda0f1a0476d3275" +checksum = "1381c29a877c6d34b8c176e734f35d7f7f5b3adaefe940cb4d1bb7af94678e2e" dependencies = [ "pest", "pest_meta", @@ -3203,9 +3228,9 @@ dependencies = [ [[package]] name = "pest_meta" -version = "2.7.6" +version = "2.7.7" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "a7ff62f5259e53b78d1af898941cdcdccfae7385cf7d793a6e55de5d05bb4b7d" +checksum = "d0934d6907f148c22a3acbda520c7eed243ad7487a30f51f6ce52b58b7077a8a" dependencies = [ "once_cell", "pest", @@ -3428,7 +3453,7 @@ dependencies = [ [[package]] name = "policy-evaluator" version = "0.14.2" -source = "git+https://github.com/kubewarden/policy-evaluator?tag=v0.14.2#275e402a2f02655babcb68e4a99ad06bd9891c9c" +source = "git+https://github.com/kubewarden/policy-evaluator?tag=v0.15.0#ac2377018cb3cdb1f6f16ab6c7aa51a3b772f92e" dependencies = [ "anyhow", "base64 0.21.7", @@ -3461,7 +3486,7 @@ dependencies = [ "wapc", "wasi-cap-std-sync", "wasi-common", - "wasmparser 0.120.0", + "wasmparser 0.121.0", "wasmtime", "wasmtime-provider", "wasmtime-wasi", @@ -3469,10 +3494,9 @@ dependencies = [ [[package]] name = "policy-fetcher" -version = "0.8.1" -source = "git+https://github.com/kubewarden/policy-fetcher?tag=v0.8.1#fb5752de196e58df2da6134cb59212d7f6ebc291" +version = "0.8.2" +source = "git+https://github.com/kubewarden/policy-fetcher?tag=v0.8.2#3954be5dffeb3d6281e75aa5ac6d454aa3dbe832" dependencies = [ - "anyhow", "async-std", "async-stream", "async-trait", @@ -3481,17 +3505,18 @@ dependencies = [ "directories", "docker_credential", "lazy_static", - "oci-distribution", + "oci-distribution 0.10.0", "path-slash", "rayon", "regex", "reqwest", - "rustls", + "rustls 0.22.2", "serde", "serde_json", "serde_yaml", "sha2", "sigstore", + "thiserror", "tokio", "tracing", "url", @@ -3516,9 +3541,9 @@ dependencies = [ [[package]] name = "polling" -version = "3.3.2" +version = "3.4.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "545c980a3880efd47b2e262f6a4bb6daad6555cf3367aa9c4e52895f69537a41" +checksum = "30054e72317ab98eddd8561db0f6524df3367636884b7b21b703e4b280a84a14" dependencies = [ "cfg-if", "concurrent-queue", @@ -3865,7 +3890,7 @@ dependencies = [ "once_cell", "percent-encoding", "pin-project-lite", - "rustls", + "rustls 0.21.10", "rustls-native-certs", "rustls-pemfile", "serde", @@ -4032,10 +4057,24 @@ checksum = "f9d5a6813c0759e4609cd494e8e725babae6a2ca7b62a5536a13daaec6fcb7ba" dependencies = [ "log", "ring 0.17.7", - "rustls-webpki", + "rustls-webpki 0.101.7", "sct", ] +[[package]] +name = "rustls" +version = "0.22.2" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "e87c9956bd9807afa1f77e0f7594af32566e830e088a5576d27c5b6f30f49d41" +dependencies = [ + "log", + "ring 0.17.7", + "rustls-pki-types", + "rustls-webpki 0.102.2", + "subtle", + "zeroize", +] + [[package]] name = "rustls-native-certs" version = "0.6.3" @@ -4057,6 +4096,12 @@ dependencies = [ "base64 0.21.7", ] +[[package]] +name = "rustls-pki-types" +version = "1.2.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "0a716eb65e3158e90e17cd93d855216e27bde02745ab842f2cab4a39dba1bacf" + [[package]] name = "rustls-webpki" version = "0.101.7" @@ -4067,6 +4112,17 @@ dependencies = [ "untrusted 0.9.0", ] +[[package]] +name = "rustls-webpki" +version = "0.102.2" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "faaa0a62740bedb9b2ef5afa303da42764c012f743917351dc9a237ea1663610" +dependencies = [ + "ring 0.17.7", + "rustls-pki-types", + "untrusted 0.9.0", +] + [[package]] name = "rustversion" version = "1.0.14" @@ -4430,7 +4486,7 @@ dependencies = [ "elliptic-curve", "getrandom", "lazy_static", - "oci-distribution", + "oci-distribution 0.9.4", "olpc-cjson", "openidconnect", "p256", @@ -4896,7 +4952,7 @@ version = "0.24.1" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "c28327cf380ac148141087fbfb9de9d7bd4e84ab5d2c28fbc911d753de8a7081" dependencies = [ - "rustls", + "rustls 0.21.10", "tokio", ] @@ -5520,17 +5576,6 @@ dependencies = [ "semver", ] -[[package]] -name = "wasmparser" -version = "0.120.0" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "e9148127f39cbffe43efee8d5442b16ecdba21567785268daa1ec9e134389705" -dependencies = [ - "bitflags 2.4.2", - "indexmap 2.2.2", - "semver", -] - [[package]] name = "wasmparser" version = "0.121.0" diff --git a/Cargo.toml b/Cargo.toml index c996079d..92f9dff0 100644 --- a/Cargo.toml +++ b/Cargo.toml @@ -22,7 +22,7 @@ lazy_static = "1.4.0" pulldown-cmark-mdcat = { version = "2.1.1", default-features = false, features = [ "regex-fancy", ] } -policy-evaluator = { git = "https://github.com/kubewarden/policy-evaluator", tag = "v0.14.2" } +policy-evaluator = { git = "https://github.com/kubewarden/policy-evaluator", tag = "v0.15.0" } prettytable-rs = "^0.10" pulldown-cmark = { version = "0.9.3", default-features = false } regex = "1" diff --git a/src/policies.rs b/src/policies.rs index 3e6c2114..1de3fd3a 100644 --- a/src/policies.rs +++ b/src/policies.rs @@ -58,5 +58,5 @@ pub(crate) fn list() -> Result<()> { } fn policy_list() -> Result> { - Store::default().list() + Store::default().list().map_err(anyhow::Error::new) } diff --git a/src/pull.rs b/src/pull.rs index cf755431..1a1ba314 100644 --- a/src/pull.rs +++ b/src/pull.rs @@ -8,5 +8,7 @@ pub(crate) async fn pull( sources: Option<&Sources>, destination: PullDestination, ) -> Result { - fetch_policy(uri, destination, sources).await + fetch_policy(uri, destination, sources) + .await + .map_err(anyhow::Error::new) } diff --git a/src/push.rs b/src/push.rs index e8ad449b..871298da 100644 --- a/src/push.rs +++ b/src/push.rs @@ -28,7 +28,10 @@ pub(crate) async fn push( }; let policy = fs::read(&wasm_path).map_err(|e| anyhow!("Cannot open policy file: {:?}", e))?; - Registry::new().push(&policy, uri, sources).await + Registry::new() + .push(&policy, uri, sources) + .await + .map_err(anyhow::Error::new) } fn can_be_force_pushed_without_metadata(