Increase direct usage of Tekton Object Interface (#896)

This PR further increases the usage of the Tekton object interface in our codebase.

pkg/chains/formats/slsa/attest/attest.go

@@ -22,9 +22,9 @@ import (
 
 	slsa "github.com/in-toto/in-toto-golang/in_toto/slsa_provenance/v0.2"
 	"github.com/tektoncd/chains/pkg/artifacts"
+	"github.com/tektoncd/chains/pkg/chains/objects"
 	"github.com/tektoncd/pipeline/pkg/apis/pipeline/v1beta1"
 	corev1 "k8s.io/api/core/v1"
-	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
 )
 
 const (
@@ -58,10 +58,15 @@ func Step(step *v1beta1.Step, stepState *v1beta1.StepState) StepAttestation {
 	return attestation
 }
 
-func Invocation(source *v1beta1.RefSource, params []v1beta1.Param, paramSpecs []v1beta1.ParamSpec, meta metav1.Object) slsa.ProvenanceInvocation {
+func Invocation(obj objects.TektonObject, params []v1beta1.Param, paramSpecs []v1beta1.ParamSpec) slsa.ProvenanceInvocation {
+	var source *v1beta1.RefSource
+	if p := obj.GetProvenance(); p != nil {
+		source = p.RefSource
+	}
 	i := slsa.ProvenanceInvocation{
 		ConfigSource: convertConfigSource(source),
 	}
+
 	iParams := make(map[string]v1beta1.ParamValue)
 
 	// get implicit parameters from defaults
@@ -77,11 +82,10 @@ func Invocation(source *v1beta1.RefSource, params []v1beta1.Param, paramSpecs []
 	}
 
 	i.Parameters = iParams
-
 	environment := map[string]map[string]string{}
 
 	annotations := map[string]string{}
-	for name, value := range meta.GetAnnotations() {
+	for name, value := range obj.GetAnnotations() {
 		// Ignore annotations that are not relevant to provenance information
 		if name == corev1.LastAppliedConfigAnnotation || strings.HasPrefix(name, "chains.tekton.dev/") {
 			continue
@@ -92,7 +96,7 @@ func Invocation(source *v1beta1.RefSource, params []v1beta1.Param, paramSpecs []
 		environment["annotations"] = annotations
 	}
 
-	labels := meta.GetLabels()
+	labels := obj.GetLabels()
 	if len(labels) > 0 {
 		environment["labels"] = labels
 	}

pkg/chains/formats/slsa/extract/extract.go

@@ -79,7 +79,7 @@ func subjectsFromPipelineRun(ctx context.Context, obj objects.TektonObject, slsa
 				continue
 			}
 
-			trSubjects := subjectsFromTektonObject(ctx, objects.NewTaskRunObject(tr))
+			trSubjects := subjectsFromTektonObject(ctx, tr)
 			for _, s := range trSubjects {
 				result = addSubject(result, s)
 			}

pkg/chains/formats/slsa/internal/material/material.go

@@ -28,7 +28,6 @@ import (
 	"github.com/tektoncd/chains/pkg/chains/formats/slsa/attest"
 	"github.com/tektoncd/chains/pkg/chains/formats/slsa/internal/slsaconfig"
 	"github.com/tektoncd/chains/pkg/chains/objects"
-	"github.com/tektoncd/pipeline/pkg/apis/pipeline/v1beta1"
 	"knative.dev/pkg/logging"
 )
 
@@ -42,14 +41,14 @@ func TaskMaterials(ctx context.Context, tro *objects.TaskRunObject) ([]common.Pr
 	var mats []common.ProvenanceMaterial
 
 	// add step images
-	stepMaterials, err := FromStepImages(tro.Status.Steps)
+	stepMaterials, err := FromStepImages(tro)
 	if err != nil {
 		return nil, err
 	}
 	mats = append(mats, stepMaterials...)
 
 	// add sidecar images
-	sidecarMaterials, err := FromSidecarImages(tro.Status.Sidecars)
+	sidecarMaterials, err := FromSidecarImages(tro)
 	if err != nil {
 		return nil, err
 	}
@@ -89,14 +88,14 @@ func PipelineMaterials(ctx context.Context, pro *objects.PipelineRunObject, slsa
 				continue
 			}
 
-			stepMaterials, err := FromStepImages(tr.Status.Steps)
+			stepMaterials, err := FromStepImages(tr)
 			if err != nil {
 				return mats, err
 			}
 			mats = append(mats, stepMaterials...)
 
 			// add sidecar images
-			sidecarMaterials, err := FromSidecarImages(tr.Status.Sidecars)
+			sidecarMaterials, err := FromSidecarImages(tr)
 			if err != nil {
 				return nil, err
 			}
@@ -124,10 +123,10 @@ func PipelineMaterials(ctx context.Context, pro *objects.PipelineRunObject, slsa
 }
 
 // FromStepImages gets predicate.materials from step images
-func FromStepImages(steps []v1beta1.StepState) ([]common.ProvenanceMaterial, error) {
+func FromStepImages(tro *objects.TaskRunObject) ([]common.ProvenanceMaterial, error) {
 	mats := []common.ProvenanceMaterial{}
-	for _, stepState := range steps {
-		m, err := fromImageID(stepState.ImageID)
+	for _, image := range tro.GetStepImages() {
+		m, err := fromImageID(image)
 		if err != nil {
 			return nil, err
 		}
@@ -137,10 +136,10 @@ func FromStepImages(steps []v1beta1.StepState) ([]common.ProvenanceMaterial, err
 }
 
 // FromSidecarImages gets predicate.materials from sidecar images
-func FromSidecarImages(sidecars []v1beta1.SidecarState) ([]common.ProvenanceMaterial, error) {
+func FromSidecarImages(tro *objects.TaskRunObject) ([]common.ProvenanceMaterial, error) {
 	mats := []common.ProvenanceMaterial{}
-	for _, sidecarState := range sidecars {
-		m, err := fromImageID(sidecarState.ImageID)
+	for _, image := range tro.GetSidecarImages() {
+		m, err := fromImageID(image)
 		if err != nil {
 			return nil, err
 		}
@@ -310,7 +309,7 @@ func FromPipelineParamsAndResults(ctx context.Context, pro *objects.PipelineRunO
 					logger.Infof("taskrun is not found or not completed for the task %s", t.Name)
 					continue
 				}
-				materialsFromTasks := FromTaskParamsAndResults(ctx, objects.NewTaskRunObject(tr))
+				materialsFromTasks := FromTaskParamsAndResults(ctx, tr)
 				mats = append(mats, materialsFromTasks...)
 			}
 		}

pkg/chains/formats/slsa/internal/material/material_test.go

@@ -403,146 +403,6 @@ func TestStructuredResultPipelineMaterials(t *testing.T) {
 	}
 }
 
-func TestFromStepImages(t *testing.T) {
-	tests := []struct {
-		name      string
-		steps     []v1beta1.StepState
-		want      []common.ProvenanceMaterial
-		wantError error
-	}{{
-		name: "steps with proper imageID",
-		steps: []v1beta1.StepState{{
-			Name:    "git-source-repo-jwqcl",
-			ImageID: "gcr.io/tekton-releases/github.com/tektoncd/pipeline/cmd/git-init@sha256:b963f6e7a69617db57b685893256f978436277094c21d43b153994acd8a01247",
-		}, {
-			Name:    "git-source-repo-repeat-again-jwqcl",
-			ImageID: "gcr.io/tekton-releases/github.com/tektoncd/pipeline/cmd/git-init@sha256:b963f6e7a69617db57b685893256f978436277094c21d43b153994acd8a01247",
-		}, {
-			Name:    "build",
-			ImageID: "gcr.io/cloud-marketplace-containers/google/bazel@sha256:010a1ecd1a8c3610f12039a25b823e3a17bd3e8ae455a53e340dcfdd37a49964",
-		}},
-		want: []common.ProvenanceMaterial{
-			{
-				URI: artifacts.OCIScheme + "gcr.io/tekton-releases/github.com/tektoncd/pipeline/cmd/git-init",
-				Digest: common.DigestSet{
-					"sha256": "b963f6e7a69617db57b685893256f978436277094c21d43b153994acd8a01247",
-				},
-			},
-			{
-				URI: artifacts.OCIScheme + "gcr.io/tekton-releases/github.com/tektoncd/pipeline/cmd/git-init",
-				Digest: common.DigestSet{
-					"sha256": "b963f6e7a69617db57b685893256f978436277094c21d43b153994acd8a01247",
-				},
-			},
-			{
-				URI: artifacts.OCIScheme + "gcr.io/cloud-marketplace-containers/google/bazel",
-				Digest: common.DigestSet{
-					"sha256": "010a1ecd1a8c3610f12039a25b823e3a17bd3e8ae455a53e340dcfdd37a49964",
-				},
-			},
-		},
-	}, {
-		name: "step with bad imageId - no uri",
-		steps: []v1beta1.StepState{{
-			Name:    "git-source-repo-jwqcl",
-			ImageID: "gcr.io/tekton-releases/github.com/tektoncd/pipeline/cmd/git-init-sha256:b963f6e7a69617db57b685893256f978436277094c21d43b153994acd8a01247",
-		}},
-		want:      []common.ProvenanceMaterial{{}},
-		wantError: fmt.Errorf("expected imageID gcr.io/tekton-releases/github.com/tektoncd/pipeline/cmd/git-init-sha256:b963f6e7a69617db57b685893256f978436277094c21d43b153994acd8a01247 to be separable by @"),
-	}, {
-		name: "step with bad imageId - no digest",
-		steps: []v1beta1.StepState{{
-			Name:    "git-source-repo-jwqcl",
-			ImageID: "gcr.io/tekton-releases/github.com/tektoncd/pipeline/cmd/git-init@sha256-b963f6e7a69617db57b685893256f978436277094c21d43b153994acd8a01247",
-		}},
-		want:      []common.ProvenanceMaterial{{}},
-		wantError: fmt.Errorf("expected imageID gcr.io/tekton-releases/github.com/tektoncd/pipeline/cmd/git-init@sha256-b963f6e7a69617db57b685893256f978436277094c21d43b153994acd8a01247 to be separable by @ and :"),
-	}}
-	for _, tc := range tests {
-		mat, err := FromStepImages(tc.steps)
-		if err != nil {
-			if err.Error() != tc.wantError.Error() {
-				t.Fatalf("Expected error %v but got %v", tc.wantError, err)
-			}
-		}
-		if tc.wantError == nil {
-			if diff := cmp.Diff(tc.want, mat); diff != "" {
-				t.Errorf("materials(): -want +got: %s", diff)
-			}
-		}
-	}
-}
-
-func TestFromSidecarImages(t *testing.T) {
-	tests := []struct {
-		name      string
-		sidecars  []v1beta1.SidecarState
-		want      []common.ProvenanceMaterial
-		wantError error
-	}{{
-		name: "sidecars with proper imageID",
-		sidecars: []v1beta1.SidecarState{{
-			Name:    "git-source-repo-jwqcl",
-			ImageID: "gcr.io/tekton-releases/github.com/tektoncd/pipeline/cmd/git-init@sha256:b963f6e7a69617db57b685893256f978436277094c21d43b153994acd8a01247",
-		}, {
-			Name:    "git-source-repo-repeat-again-jwqcl",
-			ImageID: "gcr.io/tekton-releases/github.com/tektoncd/pipeline/cmd/git-init@sha256:b963f6e7a69617db57b685893256f978436277094c21d43b153994acd8a01247",
-		}, {
-			Name:    "build",
-			ImageID: "gcr.io/cloud-marketplace-containers/google/bazel@sha256:010a1ecd1a8c3610f12039a25b823e3a17bd3e8ae455a53e340dcfdd37a49964",
-		}},
-		want: []common.ProvenanceMaterial{
-			{
-				URI: artifacts.OCIScheme + "gcr.io/tekton-releases/github.com/tektoncd/pipeline/cmd/git-init",
-				Digest: common.DigestSet{
-					"sha256": "b963f6e7a69617db57b685893256f978436277094c21d43b153994acd8a01247",
-				},
-			},
-			{
-				URI: artifacts.OCIScheme + "gcr.io/tekton-releases/github.com/tektoncd/pipeline/cmd/git-init",
-				Digest: common.DigestSet{
-					"sha256": "b963f6e7a69617db57b685893256f978436277094c21d43b153994acd8a01247",
-				},
-			},
-			{
-				URI: artifacts.OCIScheme + "gcr.io/cloud-marketplace-containers/google/bazel",
-				Digest: common.DigestSet{
-					"sha256": "010a1ecd1a8c3610f12039a25b823e3a17bd3e8ae455a53e340dcfdd37a49964",
-				},
-			},
-		},
-	}, {
-		name: "sidecars with bad imageId - no uri",
-		sidecars: []v1beta1.SidecarState{{
-			Name:    "git-source-repo-jwqcl",
-			ImageID: "gcr.io/tekton-releases/github.com/tektoncd/pipeline/cmd/git-init-sha256:b963f6e7a69617db57b685893256f978436277094c21d43b153994acd8a01247",
-		}},
-		want:      []common.ProvenanceMaterial{{}},
-		wantError: fmt.Errorf("expected imageID gcr.io/tekton-releases/github.com/tektoncd/pipeline/cmd/git-init-sha256:b963f6e7a69617db57b685893256f978436277094c21d43b153994acd8a01247 to be separable by @"),
-	}, {
-		name: "sidecars with bad imageId - no digest",
-		sidecars: []v1beta1.SidecarState{{
-			Name:    "git-source-repo-jwqcl",
-			ImageID: "gcr.io/tekton-releases/github.com/tektoncd/pipeline/cmd/git-init@sha256-b963f6e7a69617db57b685893256f978436277094c21d43b153994acd8a01247",
-		}},
-		want:      []common.ProvenanceMaterial{{}},
-		wantError: fmt.Errorf("expected imageID gcr.io/tekton-releases/github.com/tektoncd/pipeline/cmd/git-init@sha256-b963f6e7a69617db57b685893256f978436277094c21d43b153994acd8a01247 to be separable by @ and :"),
-	}}
-	for _, tc := range tests {
-		mat, err := FromSidecarImages(tc.sidecars)
-		if err != nil {
-			if err.Error() != tc.wantError.Error() {
-				t.Fatalf("Expected error %v but got %v", tc.wantError, err)
-			}
-		}
-		if tc.wantError == nil {
-			if diff := cmp.Diff(tc.want, mat); diff != "" {
-				t.Errorf("materials(): -want +got: %s", diff)
-			}
-		}
-	}
-}
-
 func TestFromImageID(t *testing.T) {
 	tests := []struct {
 		name      string

pkg/chains/formats/slsa/v1/pipelinerun/pipelinerun.go

@@ -79,11 +79,7 @@ func invocation(pro *objects.PipelineRunObject) slsa.ProvenanceInvocation {
 	if ps := pro.Status.PipelineSpec; ps != nil {
 		paramSpecs = ps.Params
 	}
-	var source *v1beta1.RefSource
-	if p := pro.Status.Provenance; p != nil {
-		source = p.RefSource
-	}
-	return attest.Invocation(source, pro.Spec.Params, paramSpecs, pro.GetObjectMeta())
+	return attest.Invocation(pro, pro.Spec.Params, paramSpecs)
 }
 
 func buildConfig(ctx context.Context, pro *objects.PipelineRunObject) BuildConfig {
@@ -134,6 +130,7 @@ func buildConfig(ctx context.Context, pro *objects.PipelineRunObject) BuildConfi
 		if len(after) == 0 && i >= len(pSpec.Tasks) && last != "" {
 			after = append(after, last)
 		}
+
 		params := tr.Spec.Params
 		var paramSpecs []v1beta1.ParamSpec
 		if tr.Status.TaskSpec != nil {
@@ -142,20 +139,14 @@ func buildConfig(ctx context.Context, pro *objects.PipelineRunObject) BuildConfi
 			paramSpecs = []v1beta1.ParamSpec{}
 		}
 
-		// source information in taskrun status
-		var source *v1beta1.RefSource
-		if p := tr.Status.Provenance; p != nil {
-			source = p.RefSource
-		}
-
 		task := TaskAttestation{
 			Name:       t.Name,
 			After:      after,
 			StartedOn:  tr.Status.StartTime.Time.UTC(),
 			FinishedOn: tr.Status.CompletionTime.Time.UTC(),
 			Status:     getStatus(tr.Status.Conditions),
 			Steps:      steps,
-			Invocation: attest.Invocation(source, params, paramSpecs, &tr.ObjectMeta),
+			Invocation: attest.Invocation(tr, params, paramSpecs),
 			Results:    tr.Status.TaskRunResults,
 		}
 

pkg/chains/formats/slsa/v1/taskrun/taskrun.go

@@ -62,11 +62,7 @@ func invocation(tro *objects.TaskRunObject) slsa.ProvenanceInvocation {
 	if ts := tro.Status.TaskSpec; ts != nil {
 		paramSpecs = ts.Params
 	}
-	var source *v1beta1.RefSource
-	if p := tro.Status.Provenance; p != nil {
-		source = p.RefSource
-	}
-	return attest.Invocation(source, tro.Spec.Params, paramSpecs, tro.GetObjectMeta())
+	return attest.Invocation(tro, tro.Spec.Params, paramSpecs)
 }
 
 // Metadata adds taskrun's start time, completion time and reproducibility labels

pkg/chains/formats/slsa/v2alpha2/internal/pipelinerun/pipelinerun.go

@@ -86,8 +86,9 @@ func metadata(pro *objects.PipelineRunObject) slsa.BuildMetadata {
 // for the pipelinerun.
 func internalParameters(pro *objects.PipelineRunObject) map[string]any {
 	internalParams := make(map[string]any)
-	if pro.Status.Provenance != nil && pro.Status.Provenance.FeatureFlags != nil {
-		internalParams["tekton-pipelines-feature-flags"] = *pro.Status.Provenance.FeatureFlags
+	provenance := pro.GetProvenance()
+	if provenance != nil && provenance.FeatureFlags != nil {
+		internalParams["tekton-pipelines-feature-flags"] = *provenance.FeatureFlags
 	}
 	return internalParams
 }

pkg/chains/formats/slsa/v2alpha2/internal/resolved_dependencies/resolved_dependencies.go

@@ -60,12 +60,12 @@ func TaskRun(ctx context.Context, tro *objects.TaskRunObject) ([]v1.ResourceDesc
 	mats := []common.ProvenanceMaterial{}
 
 	// add step and sidecar images
-	stepMaterials, err := material.FromStepImages(tro.Status.Steps)
+	stepMaterials, err := material.FromStepImages(tro)
 	mats = append(mats, stepMaterials...)
 	if err != nil {
 		return nil, err
 	}
-	sidecarMaterials, err := material.FromSidecarImages(tro.Status.Sidecars)
+	sidecarMaterials, err := material.FromSidecarImages(tro)
 	if err != nil {
 		return nil, err
 	}
@@ -201,14 +201,14 @@ func fromPipelineTask(logger *zap.SugaredLogger, pro *objects.PipelineRunObject)
 			mats := []common.ProvenanceMaterial{}
 
 			// add step images
-			stepMaterials, err := material.FromStepImages(tr.Status.Steps)
+			stepMaterials, err := material.FromStepImages(tr)
 			if err != nil {
 				return nil, err
 			}
 			mats = append(mats, stepMaterials...)
 
 			// add sidecar images
-			sidecarMaterials, err := material.FromSidecarImages(tr.Status.Sidecars)
+			sidecarMaterials, err := material.FromSidecarImages(tr)
 			if err != nil {
 				return nil, err
 			}

pkg/chains/formats/slsa/v2alpha2/internal/taskrun/taskrun.go

@@ -82,8 +82,9 @@ func metadata(tro *objects.TaskRunObject) slsa.BuildMetadata {
 // for the taskrun.
 func internalParameters(tro *objects.TaskRunObject) map[string]any {
 	internalParams := make(map[string]any)
-	if tro.Status.Provenance != nil && tro.Status.Provenance.FeatureFlags != nil {
-		internalParams["tekton-pipelines-feature-flags"] = *tro.Status.Provenance.FeatureFlags
+	provenance := tro.GetProvenance()
+	if provenance != nil && provenance.FeatureFlags != nil {
+		internalParams["tekton-pipelines-feature-flags"] = *provenance.FeatureFlags
 	}
 	return internalParams
 }