func (r *REST) Delete(ctx kapi.Context, name string) (runtime.Object, error) {
imageName, _, err := imageapi.SplitImageSignatureName(name)
if err != nil {
return nil, kapierrors.NewBadRequest("ImageSignatures must be accessed with <imageName>@<signatureName>")
}
image, err := r.imageClient.Get(imageName)
if err != nil {
return nil, err
}
index := imageapi.IndexOfImageSignatureByName(image.Signatures, name)
if index < 0 {
return nil, kapierrors.NewNotFound(imageapi.Resource("imageSignatures"), name)
}
size := len(image.Signatures)
copy(image.Signatures[index:size-1], image.Signatures[index+1:size])
image.Signatures = image.Signatures[0 : size-1]
if _, err := r.imageClient.Update(image); err != nil {
return nil, err
}
return &unversioned.Status{Status: unversioned.StatusSuccess}, nil
}
func validateImageSignature(signature *api.ImageSignature, fldPath *field.Path) field.ErrorList {
allErrs := validation.ValidateObjectMeta(&signature.ObjectMeta, false, oapi.MinimalNameRequirements, fldPath.Child("metadata"))
if len(signature.Labels) > 0 {
allErrs = append(allErrs, field.Forbidden(fldPath.Child("metadata").Child("labels"), "signature labels cannot be set"))
}
if len(signature.Annotations) > 0 {
allErrs = append(allErrs, field.Forbidden(fldPath.Child("metadata").Child("annotations"), "signature annotations cannot be set"))
}
if _, _, err := api.SplitImageSignatureName(signature.Name); err != nil {
allErrs = append(allErrs, field.Invalid(fldPath.Child("metadata").Child("name"), signature.Name, "name must be of format <imageName>@<signatureName>"))
}
if len(signature.Type) == 0 {
allErrs = append(allErrs, field.Required(fldPath.Child("type"), ""))
}
if len(signature.Content) == 0 {
allErrs = append(allErrs, field.Required(fldPath.Child("content"), ""))
}
var trustedCondition, forImageCondition *api.SignatureCondition
for i := range signature.Conditions {
cond := &signature.Conditions[i]
if cond.Type == api.SignatureTrusted && (trustedCondition == nil || !cond.LastProbeTime.Before(trustedCondition.LastProbeTime)) {
trustedCondition = cond
} else if cond.Type == api.SignatureForImage && forImageCondition == nil || !cond.LastProbeTime.Before(forImageCondition.LastProbeTime) {
forImageCondition = cond
}
}
if trustedCondition != nil && forImageCondition == nil {
msg := fmt.Sprintf("missing %q condition type", api.SignatureForImage)
allErrs = append(allErrs, field.Invalid(fldPath.Child("conditions"), signature.Conditions, msg))
} else if forImageCondition != nil && trustedCondition == nil {
msg := fmt.Sprintf("missing %q condition type", api.SignatureTrusted)
allErrs = append(allErrs, field.Invalid(fldPath.Child("conditions"), signature.Conditions, msg))
}
if trustedCondition == nil || trustedCondition.Status == kapi.ConditionUnknown {
if len(signature.ImageIdentity) != 0 {
allErrs = append(allErrs, field.Invalid(fldPath.Child("imageIdentity"), signature.ImageIdentity, "must be unset for unknown signature state"))
}
if len(signature.SignedClaims) != 0 {
allErrs = append(allErrs, field.Invalid(fldPath.Child("signedClaims"), signature.SignedClaims, "must be unset for unknown signature state"))
}
if signature.IssuedBy != nil {
allErrs = append(allErrs, field.Invalid(fldPath.Child("issuedBy"), signature.IssuedBy, "must be unset for unknown signature state"))
}
if signature.IssuedTo != nil {
allErrs = append(allErrs, field.Invalid(fldPath.Child("issuedTo"), signature.IssuedTo, "must be unset for unknown signature state"))
}
}
return allErrs
}
func (r *REST) Create(ctx kapi.Context, obj runtime.Object) (runtime.Object, error) {
signature := obj.(*imageapi.ImageSignature)
if err := rest.BeforeCreate(Strategy, ctx, obj); err != nil {
return nil, err
}
imageName, _, err := imageapi.SplitImageSignatureName(signature.Name)
if err != nil {
return nil, kapierrors.NewBadRequest(err.Error())
}
image, err := r.imageClient.Get(imageName)
if err != nil {
return nil, err
}
// ensure that given signature already doesn't exist - either by its name or type:content
if byName, byContent := imageapi.IndexOfImageSignatureByName(image.Signatures, signature.Name), imageapi.IndexOfImageSignature(image.Signatures, signature.Type, signature.Content); byName >= 0 || byContent >= 0 {
return nil, kapierrors.NewAlreadyExists(imageapi.Resource("imageSignatures"), signature.Name)
}
image.Signatures = append(image.Signatures, *signature)
image, err = r.imageClient.Update(image)
if err != nil {
return nil, err
}
byName := imageapi.IndexOfImageSignatureByName(image.Signatures, signature.Name)
if byName < 0 {
return nil, kapierrors.NewInternalError(errors.New("failed to store given signature"))
}
return &image.Signatures[byName], nil
}