Skip to content

feat(policy): allow generic material kinds#2305

Merged
Piskoo merged 3 commits into
chainloop-dev:mainfrom
Piskoo:feat-policy-allow-generic-material-kinds
Aug 5, 2025
Merged

feat(policy): allow generic material kinds#2305
Piskoo merged 3 commits into
chainloop-dev:mainfrom
Piskoo:feat-policy-allow-generic-material-kinds

Conversation

@Piskoo

@Piskoo Piskoo commented Aug 5, 2025

Copy link
Copy Markdown
Contributor

Allows policy definition for STRING, EVIDENCE kinds and fixes issue with policy devel eval where these kinds could not be tested before.
It should be noted in custom policy documentation that those kinds are now valid.

Signed-off-by: Sylwester Piskozub <sylwesterpiskozub@gmail.com>
@Piskoo Piskoo marked this pull request as ready for review August 5, 2025 06:31
@Piskoo Piskoo requested review from javirln, jiparis and migmartri August 5, 2025 06:31
}

// if set, it will match any material supported by Chainloop
// except those not having a direct schema (STRING, ARTIFACT, EVIDENCE), since their format cannot be guessed by the crafter.

Copy link
Copy Markdown
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I am not sure if ARTIFACT should be also permitted since ARTIFACT is at the same level but opposite than EVIDENCE.

Copy link
Copy Markdown
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

We want to shift responsibility of handling EVIDENCE to the user because there's no way to verify schema at this point, but at the same time there's no way to validate what the ARTIFACT is, in that way they are similar.

Copy link
Copy Markdown
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@jiparis just give it a review, I am ok either way, thanks

Copy link
Copy Markdown
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This can be a long discussion. I think that we are giving Evidence and Artifact a semantic that is orthogonal to material kinds. For example, following that convention, a CycloneDX material can be and Evidence at the same time.

Since we are not yet in that stage of the discussion (but I think we will soon), I would just allow EVIDENCE at this point (and maybe STRING), clearly stating in the docs that Artifact is not supported because it's usually an arbitrary format (a binary, a tar.gz ...), whereas Evidences are only supported if they have a JSON format.

11
]
}];
// CONTAINER, HELM_CHART are excluded, but we might implement custom policies for them in the future.

Copy link
Copy Markdown
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This comment is not valid anymore. You can remove it (we support policies for both)

}

// if set, it will match any material supported by Chainloop
// except those not having a direct schema (STRING, ARTIFACT, EVIDENCE), since their format cannot be guessed by the crafter.

Copy link
Copy Markdown
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This can be a long discussion. I think that we are giving Evidence and Artifact a semantic that is orthogonal to material kinds. For example, following that convention, a CycloneDX material can be and Evidence at the same time.

Since we are not yet in that stage of the discussion (but I think we will soon), I would just allow EVIDENCE at this point (and maybe STRING), clearly stating in the docs that Artifact is not supported because it's usually an arbitrary format (a binary, a tar.gz ...), whereas Evidences are only supported if they have a JSON format.

@jiparis jiparis left a comment

Copy link
Copy Markdown
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks @Piskoo . Please take a look at the comments.

Piskoo added 2 commits August 5, 2025 13:11
Signed-off-by: Sylwester Piskozub <sylwesterpiskozub@gmail.com>
Signed-off-by: Sylwester Piskozub <sylwesterpiskozub@gmail.com>
@Piskoo Piskoo merged commit c38f3c1 into chainloop-dev:main Aug 5, 2025
13 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

3 participants