diff --git a/api/services/control/control.pb.go b/api/services/control/control.pb.go index 98208cf7a7d9..d4cd84a44627 100644 --- a/api/services/control/control.pb.go +++ b/api/services/control/control.pb.go @@ -347,6 +347,7 @@ type SolveRequest struct { Cache CacheOptions `protobuf:"bytes,8,opt,name=Cache,proto3" json:"Cache"` Entitlements []github_com_moby_buildkit_util_entitlements.Entitlement `protobuf:"bytes,9,rep,name=Entitlements,proto3,customtype=github.com/moby/buildkit/util/entitlements.Entitlement" json:"Entitlements,omitempty"` FrontendInputs map[string]*pb.Definition `protobuf:"bytes,10,rep,name=FrontendInputs,proto3" json:"FrontendInputs,omitempty" protobuf_key:"bytes,1,opt,name=key,proto3" protobuf_val:"bytes,2,opt,name=value,proto3"` + SourcePolicy *SourcePolicy `protobuf:"bytes,11,opt,name=SourcePolicy,proto3" json:"SourcePolicy,omitempty"` XXX_NoUnkeyedLiteral struct{} `json:"-"` XXX_unrecognized []byte `json:"-"` XXX_sizecache int32 `json:"-"` @@ -448,6 +449,13 @@ func (m *SolveRequest) GetFrontendInputs() map[string]*pb.Definition { return nil } +func (m *SolveRequest) GetSourcePolicy() *SourcePolicy { + if m != nil { + return m.SourcePolicy + } + return nil +} + type CacheOptions struct { // ExportRefDeprecated is deprecated in favor or the new Exports since BuildKit v0.4.0. // When ExportRefDeprecated is set, the solver appends @@ -1326,6 +1334,117 @@ func (m *InfoResponse) GetBuildkitVersion() *types.BuildkitVersion { return nil } +type SourcePolicy struct { + // 1 is reserved for versioning + Sources []*SourcePolicySource `protobuf:"bytes,2,rep,name=Sources,proto3" json:"Sources,omitempty"` + XXX_NoUnkeyedLiteral struct{} `json:"-"` + XXX_unrecognized []byte `json:"-"` + XXX_sizecache int32 `json:"-"` +} + +func (m *SourcePolicy) Reset() { *m = SourcePolicy{} } +func (m *SourcePolicy) String() string { return proto.CompactTextString(m) } +func (*SourcePolicy) ProtoMessage() {} +func (*SourcePolicy) Descriptor() ([]byte, []int) { + return fileDescriptor_0c5120591600887d, []int{19} +} +func (m *SourcePolicy) XXX_Unmarshal(b []byte) error { + return m.Unmarshal(b) +} +func (m *SourcePolicy) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) { + if deterministic { + return xxx_messageInfo_SourcePolicy.Marshal(b, m, deterministic) + } else { + b = b[:cap(b)] + n, err := m.MarshalToSizedBuffer(b) + if err != nil { + return nil, err + } + return b[:n], nil + } +} +func (m *SourcePolicy) XXX_Merge(src proto.Message) { + xxx_messageInfo_SourcePolicy.Merge(m, src) +} +func (m *SourcePolicy) XXX_Size() int { + return m.Size() +} +func (m *SourcePolicy) XXX_DiscardUnknown() { + xxx_messageInfo_SourcePolicy.DiscardUnknown(m) +} + +var xxx_messageInfo_SourcePolicy proto.InternalMessageInfo + +func (m *SourcePolicy) GetSources() []*SourcePolicySource { + if m != nil { + return m.Sources + } + return nil +} + +type SourcePolicySource struct { + Type string `protobuf:"bytes,1,opt,name=Type,proto3" json:"Type,omitempty"` + Ref string `protobuf:"bytes,2,opt,name=Ref,proto3" json:"Ref,omitempty"` + Pin string `protobuf:"bytes,3,opt,name=Pin,proto3" json:"Pin,omitempty"` + XXX_NoUnkeyedLiteral struct{} `json:"-"` + XXX_unrecognized []byte `json:"-"` + XXX_sizecache int32 `json:"-"` +} + +func (m *SourcePolicySource) Reset() { *m = SourcePolicySource{} } +func (m *SourcePolicySource) String() string { return proto.CompactTextString(m) } +func (*SourcePolicySource) ProtoMessage() {} +func (*SourcePolicySource) Descriptor() ([]byte, []int) { + return fileDescriptor_0c5120591600887d, []int{20} +} +func (m *SourcePolicySource) XXX_Unmarshal(b []byte) error { + return m.Unmarshal(b) +} +func (m *SourcePolicySource) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) { + if deterministic { + return xxx_messageInfo_SourcePolicySource.Marshal(b, m, deterministic) + } else { + b = b[:cap(b)] + n, err := m.MarshalToSizedBuffer(b) + if err != nil { + return nil, err + } + return b[:n], nil + } +} +func (m *SourcePolicySource) XXX_Merge(src proto.Message) { + xxx_messageInfo_SourcePolicySource.Merge(m, src) +} +func (m *SourcePolicySource) XXX_Size() int { + return m.Size() +} +func (m *SourcePolicySource) XXX_DiscardUnknown() { + xxx_messageInfo_SourcePolicySource.DiscardUnknown(m) +} + +var xxx_messageInfo_SourcePolicySource proto.InternalMessageInfo + +func (m *SourcePolicySource) GetType() string { + if m != nil { + return m.Type + } + return "" +} + +func (m *SourcePolicySource) GetRef() string { + if m != nil { + return m.Ref + } + return "" +} + +func (m *SourcePolicySource) GetPin() string { + if m != nil { + return m.Pin + } + return "" +} + func init() { proto.RegisterType((*PruneRequest)(nil), "moby.buildkit.v1.PruneRequest") proto.RegisterType((*DiskUsageRequest)(nil), "moby.buildkit.v1.DiskUsageRequest") @@ -1352,112 +1471,118 @@ func init() { proto.RegisterType((*ListWorkersResponse)(nil), "moby.buildkit.v1.ListWorkersResponse") proto.RegisterType((*InfoRequest)(nil), "moby.buildkit.v1.InfoRequest") proto.RegisterType((*InfoResponse)(nil), "moby.buildkit.v1.InfoResponse") + proto.RegisterType((*SourcePolicy)(nil), "moby.buildkit.v1.SourcePolicy") + proto.RegisterType((*SourcePolicySource)(nil), "moby.buildkit.v1.SourcePolicySource") } func init() { proto.RegisterFile("control.proto", fileDescriptor_0c5120591600887d) } var fileDescriptor_0c5120591600887d = []byte{ - // 1597 bytes of a gzipped FileDescriptorProto - 0x1f, 0x8b, 0x08, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0xff, 0xac, 0x58, 0xcb, 0x6e, 0x1c, 0x45, - 0x17, 0x4e, 0xcf, 0x7d, 0xce, 0x8c, 0xfd, 0x3b, 0x95, 0xfc, 0x51, 0xab, 0x7f, 0xfd, 0xb6, 0xd3, - 0x09, 0xc2, 0x8a, 0x92, 0x1e, 0xc7, 0x10, 0x08, 0xe6, 0xa2, 0x64, 0x3c, 0x86, 0x38, 0x8a, 0x45, - 0x52, 0xce, 0x45, 0xca, 0x02, 0xa9, 0x67, 0xa6, 0x3c, 0x6e, 0xb9, 0xa7, 0xab, 0xa9, 0xaa, 0x76, - 0x62, 0x1e, 0x80, 0x35, 0x3b, 0x1e, 0x80, 0x05, 0x2b, 0x76, 0x48, 0x3c, 0x01, 0x52, 0x96, 0xac, - 0xb3, 0x30, 0x28, 0x0f, 0x80, 0x58, 0xb2, 0x44, 0x75, 0xe9, 0x71, 0xcf, 0xcd, 0xb7, 0xb0, 0x9a, - 0x3a, 0x55, 0xe7, 0x7c, 0x7d, 0x2e, 0x5f, 0x55, 0x9d, 0x1a, 0x98, 0xe9, 0xd0, 0x48, 0x30, 0x1a, - 0x7a, 0x31, 0xa3, 0x82, 0xa2, 0xb9, 0x3e, 0x6d, 0xef, 0x7b, 0xed, 0x24, 0x08, 0xbb, 0xbb, 0x81, - 0xf0, 0xf6, 0x6e, 0x3a, 0x37, 0x7a, 0x81, 0xd8, 0x49, 0xda, 0x5e, 0x87, 0xf6, 0x1b, 0x3d, 0xda, - 0xa3, 0x0d, 0xa5, 0xd8, 0x4e, 0xb6, 0x95, 0xa4, 0x04, 0x35, 0xd2, 0x00, 0xce, 0x42, 0x8f, 0xd2, - 0x5e, 0x48, 0x0e, 0xb5, 0x44, 0xd0, 0x27, 0x5c, 0xf8, 0xfd, 0xd8, 0x28, 0x5c, 0xcf, 0xe0, 0xc9, - 0x8f, 0x35, 0xd2, 0x8f, 0x35, 0x38, 0x0d, 0xf7, 0x08, 0x6b, 0xc4, 0xed, 0x06, 0x8d, 0xb9, 0xd1, - 0x6e, 0x4c, 0xd5, 0xf6, 0xe3, 0xa0, 0x21, 0xf6, 0x63, 0xc2, 0x1b, 0x2f, 0x28, 0xdb, 0x25, 0x4c, - 0x1b, 0xb8, 0xdf, 0x5a, 0x50, 0x7f, 0xc8, 0x92, 0x88, 0x60, 0xf2, 0x75, 0x42, 0xb8, 0x40, 0x97, - 0xa0, 0xb4, 0x1d, 0x84, 0x82, 0x30, 0xdb, 0x5a, 0xcc, 0x2f, 0x55, 0xb1, 0x91, 0xd0, 0x1c, 0xe4, - 0xfd, 0x30, 0xb4, 0x73, 0x8b, 0xd6, 0x52, 0x05, 0xcb, 0x21, 0x5a, 0x82, 0xfa, 0x2e, 0x21, 0x71, - 0x2b, 0x61, 0xbe, 0x08, 0x68, 0x64, 0xe7, 0x17, 0xad, 0xa5, 0x7c, 0xb3, 0xf0, 0xea, 0x60, 0xc1, - 0xc2, 0x43, 0x2b, 0xc8, 0x85, 0xaa, 0x94, 0x9b, 0xfb, 0x82, 0x70, 0xbb, 0x90, 0x51, 0x3b, 0x9c, - 0x76, 0xaf, 0xc1, 0x5c, 0x2b, 0xe0, 0xbb, 0x4f, 0xb8, 0xdf, 0x3b, 0xce, 0x17, 0xf7, 0x3e, 0x9c, - 0xcf, 0xe8, 0xf2, 0x98, 0x46, 0x9c, 0xa0, 0x5b, 0x50, 0x62, 0xa4, 0x43, 0x59, 0x57, 0x29, 0xd7, - 0x56, 0xfe, 0xef, 0x8d, 0xd6, 0xc6, 0x33, 0x06, 0x52, 0x09, 0x1b, 0x65, 0xf7, 0xfb, 0x3c, 0xd4, - 0x32, 0xf3, 0x68, 0x16, 0x72, 0x1b, 0x2d, 0xdb, 0x5a, 0xb4, 0x96, 0xaa, 0x38, 0xb7, 0xd1, 0x42, - 0x36, 0x94, 0x37, 0x13, 0xe1, 0xb7, 0x43, 0x62, 0x62, 0x4f, 0x45, 0x74, 0x11, 0x8a, 0x1b, 0xd1, - 0x13, 0x4e, 0x54, 0xe0, 0x15, 0xac, 0x05, 0x84, 0xa0, 0xb0, 0x15, 0x7c, 0x43, 0x74, 0x98, 0x58, - 0x8d, 0x91, 0x03, 0xa5, 0x87, 0x3e, 0x23, 0x91, 0xb0, 0x8b, 0x12, 0xb7, 0x99, 0xb3, 0x2d, 0x6c, - 0x66, 0x50, 0x13, 0xaa, 0x6b, 0x8c, 0xf8, 0x82, 0x74, 0xef, 0x0a, 0xbb, 0xb4, 0x68, 0x2d, 0xd5, - 0x56, 0x1c, 0x4f, 0x93, 0xc2, 0x4b, 0x49, 0xe1, 0x3d, 0x4e, 0x49, 0xd1, 0xac, 0xbc, 0x3a, 0x58, - 0x38, 0xf7, 0xdd, 0xef, 0x32, 0x77, 0x03, 0x33, 0x74, 0x07, 0xe0, 0x81, 0xcf, 0xc5, 0x13, 0xae, - 0x40, 0xca, 0xc7, 0x82, 0x14, 0x14, 0x40, 0xc6, 0x06, 0xcd, 0x03, 0xa8, 0x24, 0xac, 0xd1, 0x24, - 0x12, 0x76, 0x45, 0xf9, 0x9e, 0x99, 0x41, 0x8b, 0x50, 0x6b, 0x11, 0xde, 0x61, 0x41, 0xac, 0x4a, - 0x5d, 0x55, 0xe9, 0xc9, 0x4e, 0x49, 0x04, 0x9d, 0xc1, 0xc7, 0xfb, 0x31, 0xb1, 0x41, 0x29, 0x64, - 0x66, 0x64, 0x2d, 0xb7, 0x76, 0x7c, 0x46, 0xba, 0x76, 0x4d, 0xa5, 0xcb, 0x48, 0x32, 0xbf, 0x3a, - 0x13, 0xdc, 0xae, 0xab, 0x22, 0xa7, 0xa2, 0xfb, 0x43, 0x09, 0xea, 0x5b, 0x92, 0xe3, 0x29, 0x1d, - 0xe6, 0x20, 0x8f, 0xc9, 0xb6, 0xa9, 0x8d, 0x1c, 0x22, 0x0f, 0xa0, 0x45, 0xb6, 0x83, 0x28, 0x50, - 0x5e, 0xe5, 0x54, 0xe0, 0xb3, 0x5e, 0xdc, 0xf6, 0x0e, 0x67, 0x71, 0x46, 0x03, 0x39, 0x50, 0x59, - 0x7f, 0x19, 0x53, 0x26, 0x29, 0x95, 0x57, 0x30, 0x03, 0x19, 0x3d, 0x83, 0x99, 0x74, 0x7c, 0x57, - 0x08, 0x26, 0x89, 0x2a, 0x69, 0x74, 0x73, 0x9c, 0x46, 0x59, 0xa7, 0xbc, 0x21, 0x9b, 0xf5, 0x48, - 0xb0, 0x7d, 0x3c, 0x8c, 0x23, 0x23, 0xdc, 0x22, 0x9c, 0x4b, 0x0f, 0x55, 0xf9, 0x71, 0x2a, 0x4a, - 0x77, 0x3e, 0x67, 0x34, 0x12, 0x24, 0xea, 0xaa, 0xd2, 0x57, 0xf1, 0x40, 0x96, 0xee, 0xa4, 0x63, - 0xed, 0x4e, 0xf9, 0x44, 0xee, 0x0c, 0xd9, 0x18, 0x77, 0x86, 0xe6, 0xd0, 0x2a, 0x14, 0xd7, 0xfc, - 0xce, 0x0e, 0x51, 0x55, 0xae, 0xad, 0xcc, 0x8f, 0x03, 0xaa, 0xe5, 0x2f, 0x55, 0x59, 0xb9, 0xda, - 0xa8, 0xe7, 0xb0, 0x36, 0x41, 0x5f, 0x41, 0x7d, 0x3d, 0x12, 0x81, 0x08, 0x49, 0x5f, 0x55, 0xac, - 0x2a, 0x2b, 0xd6, 0x5c, 0x7d, 0x7d, 0xb0, 0xf0, 0xc1, 0xd4, 0x83, 0x27, 0x11, 0x41, 0xd8, 0x20, - 0x19, 0x2b, 0x2f, 0x03, 0x81, 0x87, 0xf0, 0xd0, 0x73, 0x98, 0x4d, 0x9d, 0xdd, 0x88, 0xe2, 0x44, - 0x70, 0x1b, 0x54, 0xd4, 0x2b, 0x27, 0x8c, 0x5a, 0x1b, 0xe9, 0xb0, 0x47, 0x90, 0x9c, 0x3b, 0x80, - 0xc6, 0x6b, 0x25, 0x39, 0xb5, 0x4b, 0xf6, 0x53, 0x4e, 0xed, 0x92, 0x7d, 0xb9, 0xad, 0xf7, 0xfc, - 0x30, 0xd1, 0xdb, 0xbd, 0x8a, 0xb5, 0xb0, 0x9a, 0xbb, 0x6d, 0x49, 0x84, 0xf1, 0xf4, 0x9e, 0x0a, - 0xe1, 0x11, 0x5c, 0x98, 0xe0, 0xea, 0x04, 0x88, 0xab, 0x59, 0x88, 0x71, 0x4e, 0x1f, 0x42, 0xba, - 0x3f, 0xe5, 0xa1, 0x9e, 0x2d, 0x18, 0x5a, 0x86, 0x0b, 0x3a, 0x4e, 0x4c, 0xb6, 0x5b, 0x24, 0x66, - 0xa4, 0x23, 0x4f, 0x09, 0x03, 0x3e, 0x69, 0x09, 0xad, 0xc0, 0xc5, 0x8d, 0xbe, 0x99, 0xe6, 0x19, - 0x93, 0x9c, 0xda, 0x8f, 0x13, 0xd7, 0x10, 0x85, 0xff, 0x6a, 0x28, 0x95, 0x89, 0x8c, 0x51, 0x5e, - 0x15, 0xec, 0xa3, 0xa3, 0x59, 0xe5, 0x4d, 0xb4, 0xd5, 0x75, 0x9b, 0x8c, 0x8b, 0x3e, 0x85, 0xb2, - 0x5e, 0x48, 0x37, 0xe6, 0x95, 0xa3, 0x3f, 0xa1, 0xc1, 0x52, 0x1b, 0x69, 0xae, 0xe3, 0xe0, 0x76, - 0xf1, 0x14, 0xe6, 0xc6, 0xc6, 0xb9, 0x07, 0xce, 0x74, 0x97, 0x4f, 0x43, 0x01, 0xf7, 0x47, 0x0b, - 0xce, 0x8f, 0x7d, 0x48, 0xde, 0x1a, 0xea, 0xdc, 0xd4, 0x10, 0x6a, 0x8c, 0x5a, 0x50, 0xd4, 0x3b, - 0x3f, 0xa7, 0x1c, 0xf6, 0x4e, 0xe0, 0xb0, 0x97, 0xd9, 0xf6, 0xda, 0xd8, 0xb9, 0x0d, 0x70, 0x36, - 0xb2, 0xba, 0xbf, 0x58, 0x30, 0x63, 0x76, 0x99, 0xb9, 0x62, 0x7d, 0x98, 0x4b, 0xb7, 0x50, 0x3a, - 0x67, 0x2e, 0xdb, 0x5b, 0x53, 0x37, 0xa8, 0x56, 0xf3, 0x46, 0xed, 0xb4, 0x8f, 0x63, 0x70, 0xce, - 0x5a, 0xca, 0xab, 0x11, 0xd5, 0x53, 0x79, 0x7e, 0x19, 0x66, 0xb6, 0x84, 0x2f, 0x12, 0x3e, 0xf5, - 0xe6, 0x70, 0xff, 0xb2, 0x60, 0x36, 0xd5, 0x31, 0xd1, 0xbd, 0x0f, 0x95, 0x3d, 0xc2, 0x04, 0x79, - 0x49, 0xb8, 0x89, 0xca, 0x1e, 0x8f, 0xea, 0xa9, 0xd2, 0xc0, 0x03, 0x4d, 0xb4, 0x0a, 0x15, 0xae, - 0x70, 0x48, 0x5a, 0xa8, 0xf9, 0x69, 0x56, 0xe6, 0x7b, 0x03, 0x7d, 0xd4, 0x80, 0x42, 0x48, 0x7b, - 0xdc, 0xec, 0x99, 0xff, 0x4d, 0xb3, 0x7b, 0x40, 0x7b, 0x58, 0x29, 0xa2, 0x8f, 0xa1, 0xf2, 0xc2, - 0x67, 0x51, 0x10, 0xf5, 0xd2, 0x5d, 0xb0, 0x30, 0xcd, 0xe8, 0x99, 0xd6, 0xc3, 0x03, 0x03, 0xd9, - 0xe9, 0x94, 0xf4, 0x1a, 0xba, 0x0f, 0xa5, 0x6e, 0xd0, 0x23, 0x5c, 0xe8, 0x94, 0x34, 0x57, 0xe4, - 0x21, 0xff, 0xfa, 0x60, 0xe1, 0x5a, 0xe6, 0x14, 0xa7, 0x31, 0x89, 0x64, 0xb3, 0xeb, 0x07, 0x11, - 0x61, 0xbc, 0xd1, 0xa3, 0x37, 0xb4, 0x89, 0xd7, 0x52, 0x3f, 0xd8, 0x20, 0x48, 0xac, 0x40, 0x9f, - 0xd5, 0xea, 0xbc, 0x38, 0x1b, 0x96, 0x46, 0x90, 0xdb, 0x20, 0xf2, 0xfb, 0xc4, 0xdc, 0xcd, 0x6a, - 0x2c, 0x1b, 0x87, 0x8e, 0xe4, 0x79, 0x57, 0xb5, 0x54, 0x15, 0x6c, 0x24, 0xb4, 0x0a, 0x65, 0x2e, - 0x7c, 0x26, 0xcf, 0x9c, 0xe2, 0x09, 0x3b, 0x9e, 0xd4, 0x00, 0x7d, 0x06, 0xd5, 0x0e, 0xed, 0xc7, - 0x21, 0x91, 0xd6, 0xa5, 0x13, 0x5a, 0x1f, 0x9a, 0x48, 0xea, 0x11, 0xc6, 0x28, 0x53, 0xbd, 0x56, - 0x15, 0x6b, 0x01, 0x7d, 0x08, 0x33, 0x31, 0xa3, 0x3d, 0x46, 0x38, 0xff, 0x82, 0xd1, 0x24, 0x36, - 0x37, 0xec, 0x79, 0x79, 0x78, 0x3f, 0xcc, 0x2e, 0xe0, 0x61, 0x3d, 0xf7, 0xcf, 0x1c, 0xd4, 0xb3, - 0x14, 0x19, 0x6b, 0x42, 0xef, 0x43, 0x49, 0x13, 0x4e, 0x73, 0xfd, 0x6c, 0x39, 0xd6, 0x08, 0x13, - 0x73, 0x6c, 0x43, 0xb9, 0x93, 0x30, 0xd5, 0xa1, 0xea, 0xbe, 0x35, 0x15, 0x65, 0xa4, 0x82, 0x0a, - 0x3f, 0x54, 0x39, 0xce, 0x63, 0x2d, 0xc8, 0xa6, 0x75, 0xf0, 0x4e, 0x39, 0x5d, 0xd3, 0x3a, 0x30, - 0xcb, 0xd6, 0xaf, 0xfc, 0x56, 0xf5, 0xab, 0x9c, 0xba, 0x7e, 0xee, 0xaf, 0x16, 0x54, 0x07, 0x7b, - 0x2b, 0x93, 0x5d, 0xeb, 0xad, 0xb3, 0x3b, 0x94, 0x99, 0xdc, 0xd9, 0x32, 0x73, 0x09, 0x4a, 0x5c, - 0x30, 0xe2, 0xf7, 0xf5, 0x93, 0x0a, 0x1b, 0x49, 0x9e, 0x62, 0x7d, 0xde, 0x53, 0x15, 0xaa, 0x63, - 0x39, 0x74, 0xff, 0xb6, 0x60, 0x66, 0x68, 0xbb, 0xff, 0xab, 0xb1, 0x5c, 0x84, 0x62, 0x48, 0xf6, - 0x88, 0x7e, 0xf4, 0xe5, 0xb1, 0x16, 0xe4, 0x2c, 0xdf, 0xa1, 0x4c, 0x28, 0xe7, 0xea, 0x58, 0x0b, - 0xd2, 0xe7, 0x2e, 0x11, 0x7e, 0x10, 0xaa, 0x73, 0xa9, 0x8e, 0x8d, 0x24, 0x7d, 0x4e, 0x58, 0x68, - 0x1a, 0x5f, 0x39, 0x44, 0x2e, 0x14, 0x82, 0x68, 0x9b, 0x1a, 0xda, 0xa8, 0xce, 0x66, 0x8b, 0x26, - 0xac, 0x43, 0x36, 0xa2, 0x6d, 0x8a, 0xd5, 0x1a, 0xba, 0x0c, 0x25, 0xe6, 0x47, 0x3d, 0x92, 0x76, - 0xbd, 0x55, 0xa9, 0x85, 0xe5, 0x0c, 0x36, 0x0b, 0xae, 0x0b, 0x75, 0xf5, 0x70, 0xdc, 0x24, 0x5c, - 0x3e, 0x53, 0x24, 0xad, 0xbb, 0xbe, 0xf0, 0x55, 0xd8, 0x75, 0xac, 0xc6, 0xee, 0x75, 0x40, 0x0f, - 0x02, 0x2e, 0x9e, 0xa9, 0x07, 0x2f, 0x3f, 0xee, 0x55, 0xb9, 0x05, 0x17, 0x86, 0xb4, 0xcd, 0xb5, - 0xf0, 0xc9, 0xc8, 0xbb, 0xf2, 0xea, 0xf8, 0x89, 0xab, 0xde, 0xd5, 0x9e, 0x36, 0x1c, 0x79, 0x5e, - 0xce, 0x40, 0x4d, 0xc5, 0xa5, 0xbf, 0xed, 0xfa, 0x50, 0xd7, 0xa2, 0x01, 0x7f, 0x04, 0xff, 0x49, - 0x81, 0x9e, 0x12, 0xa6, 0xde, 0x08, 0x96, 0xca, 0xcb, 0xbb, 0xd3, 0xbe, 0xd2, 0x1c, 0x56, 0xc7, - 0xa3, 0xf6, 0x2b, 0x3f, 0x17, 0xa0, 0xbc, 0xa6, 0xff, 0xa4, 0x40, 0x8f, 0xa1, 0x3a, 0x78, 0x28, - 0x23, 0x77, 0x1c, 0x72, 0xf4, 0xc5, 0xed, 0x5c, 0x39, 0x52, 0xc7, 0x38, 0x7d, 0x0f, 0x8a, 0xea, - 0x2f, 0x03, 0x34, 0xe1, 0xa6, 0xcb, 0xfe, 0x97, 0xe0, 0x1c, 0xfd, 0x04, 0x5f, 0xb6, 0x24, 0x92, - 0x6a, 0x13, 0x26, 0x21, 0x65, 0x1b, 0x7c, 0x67, 0xe1, 0x98, 0xfe, 0x02, 0x6d, 0x42, 0xc9, 0x9c, - 0x9d, 0x93, 0x54, 0xb3, 0xcd, 0x80, 0xb3, 0x38, 0x5d, 0x41, 0x83, 0x2d, 0x5b, 0x68, 0x73, 0xf0, - 0x66, 0x9b, 0xe4, 0x5a, 0x96, 0x78, 0xce, 0x31, 0xeb, 0x4b, 0xd6, 0xb2, 0x85, 0x9e, 0x43, 0x2d, - 0x43, 0x2d, 0x34, 0x81, 0x42, 0xe3, 0x3c, 0x75, 0xde, 0x39, 0x46, 0xcb, 0x44, 0xbe, 0x0e, 0x05, - 0x49, 0x29, 0x34, 0x21, 0xd9, 0x19, 0xe6, 0x4d, 0x72, 0x33, 0xcb, 0xc4, 0x66, 0xfd, 0xd5, 0x9b, - 0x79, 0xeb, 0xb7, 0x37, 0xf3, 0xd6, 0x1f, 0x6f, 0xe6, 0xad, 0x76, 0x49, 0x9d, 0x55, 0xef, 0xfd, - 0x13, 0x00, 0x00, 0xff, 0xff, 0x96, 0x5c, 0xf7, 0x1b, 0xef, 0x12, 0x00, 0x00, + // 1661 bytes of a gzipped FileDescriptorProto + 0x1f, 0x8b, 0x08, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0xff, 0xac, 0x58, 0x49, 0x6f, 0x1b, 0xc9, + 0x15, 0x76, 0x73, 0xe7, 0x23, 0xa5, 0xc8, 0x65, 0xc7, 0x68, 0x74, 0x10, 0x49, 0x6e, 0x3b, 0x88, + 0x60, 0xd8, 0x4d, 0x59, 0x89, 0x13, 0x47, 0x49, 0x0c, 0x9b, 0xa2, 0x12, 0xcb, 0x90, 0x12, 0xb9, + 0xe4, 0x05, 0xf0, 0x21, 0x40, 0x93, 0x2c, 0x51, 0x0d, 0x35, 0xbb, 0x3a, 0x55, 0xd5, 0xb2, 0x99, + 0x1f, 0x90, 0x73, 0x6e, 0xf9, 0x09, 0x73, 0x9a, 0xdb, 0x00, 0xf3, 0x0b, 0x06, 0xf0, 0x71, 0xce, + 0x3e, 0x68, 0x06, 0xbe, 0xcc, 0x6d, 0x30, 0xc7, 0x39, 0x0e, 0x6a, 0x69, 0xaa, 0xb9, 0x69, 0xf3, + 0x9c, 0x58, 0xaf, 0xea, 0xbd, 0xaf, 0xdf, 0x5e, 0xaf, 0x08, 0x73, 0x1d, 0x1a, 0x09, 0x46, 0x43, + 0x2f, 0x66, 0x54, 0x50, 0xb4, 0xd0, 0xa7, 0xed, 0x81, 0xd7, 0x4e, 0x82, 0xb0, 0x7b, 0x18, 0x08, + 0xef, 0xe8, 0xbe, 0x73, 0xaf, 0x17, 0x88, 0x83, 0xa4, 0xed, 0x75, 0x68, 0xbf, 0xd1, 0xa3, 0x3d, + 0xda, 0x50, 0x8c, 0xed, 0x64, 0x5f, 0x51, 0x8a, 0x50, 0x2b, 0x0d, 0xe0, 0x2c, 0xf5, 0x28, 0xed, + 0x85, 0xe4, 0x84, 0x4b, 0x04, 0x7d, 0xc2, 0x85, 0xdf, 0x8f, 0x0d, 0xc3, 0xdd, 0x0c, 0x9e, 0xfc, + 0x58, 0x23, 0xfd, 0x58, 0x83, 0xd3, 0xf0, 0x88, 0xb0, 0x46, 0xdc, 0x6e, 0xd0, 0x98, 0x1b, 0xee, + 0xc6, 0x4c, 0x6e, 0x3f, 0x0e, 0x1a, 0x62, 0x10, 0x13, 0xde, 0x78, 0x4b, 0xd9, 0x21, 0x61, 0x5a, + 0xc0, 0xfd, 0xaf, 0x05, 0xf5, 0x5d, 0x96, 0x44, 0x04, 0x93, 0x7f, 0x27, 0x84, 0x0b, 0x74, 0x03, + 0x4a, 0xfb, 0x41, 0x28, 0x08, 0xb3, 0xad, 0xe5, 0xfc, 0x4a, 0x15, 0x1b, 0x0a, 0x2d, 0x40, 0xde, + 0x0f, 0x43, 0x3b, 0xb7, 0x6c, 0xad, 0x54, 0xb0, 0x5c, 0xa2, 0x15, 0xa8, 0x1f, 0x12, 0x12, 0xb7, + 0x12, 0xe6, 0x8b, 0x80, 0x46, 0x76, 0x7e, 0xd9, 0x5a, 0xc9, 0x37, 0x0b, 0xef, 0x8f, 0x97, 0x2c, + 0x3c, 0x72, 0x82, 0x5c, 0xa8, 0x4a, 0xba, 0x39, 0x10, 0x84, 0xdb, 0x85, 0x0c, 0xdb, 0xc9, 0xb6, + 0x7b, 0x07, 0x16, 0x5a, 0x01, 0x3f, 0x7c, 0xc9, 0xfd, 0xde, 0x59, 0xba, 0xb8, 0xcf, 0xe0, 0x6a, + 0x86, 0x97, 0xc7, 0x34, 0xe2, 0x04, 0x3d, 0x80, 0x12, 0x23, 0x1d, 0xca, 0xba, 0x8a, 0xb9, 0xb6, + 0xf6, 0x6b, 0x6f, 0x3c, 0x36, 0x9e, 0x11, 0x90, 0x4c, 0xd8, 0x30, 0xbb, 0xff, 0xcf, 0x43, 0x2d, + 0xb3, 0x8f, 0xe6, 0x21, 0xb7, 0xd5, 0xb2, 0xad, 0x65, 0x6b, 0xa5, 0x8a, 0x73, 0x5b, 0x2d, 0x64, + 0x43, 0x79, 0x27, 0x11, 0x7e, 0x3b, 0x24, 0xc6, 0xf6, 0x94, 0x44, 0xd7, 0xa1, 0xb8, 0x15, 0xbd, + 0xe4, 0x44, 0x19, 0x5e, 0xc1, 0x9a, 0x40, 0x08, 0x0a, 0x7b, 0xc1, 0x7f, 0x88, 0x36, 0x13, 0xab, + 0x35, 0x72, 0xa0, 0xb4, 0xeb, 0x33, 0x12, 0x09, 0xbb, 0x28, 0x71, 0x9b, 0x39, 0xdb, 0xc2, 0x66, + 0x07, 0x35, 0xa1, 0xba, 0xc1, 0x88, 0x2f, 0x48, 0xf7, 0x89, 0xb0, 0x4b, 0xcb, 0xd6, 0x4a, 0x6d, + 0xcd, 0xf1, 0x74, 0x52, 0x78, 0x69, 0x52, 0x78, 0x2f, 0xd2, 0xa4, 0x68, 0x56, 0xde, 0x1f, 0x2f, + 0x5d, 0xf9, 0xdf, 0x37, 0xd2, 0x77, 0x43, 0x31, 0xf4, 0x18, 0x60, 0xdb, 0xe7, 0xe2, 0x25, 0x57, + 0x20, 0xe5, 0x33, 0x41, 0x0a, 0x0a, 0x20, 0x23, 0x83, 0x16, 0x01, 0x94, 0x13, 0x36, 0x68, 0x12, + 0x09, 0xbb, 0xa2, 0x74, 0xcf, 0xec, 0xa0, 0x65, 0xa8, 0xb5, 0x08, 0xef, 0xb0, 0x20, 0x56, 0xa1, + 0xae, 0x2a, 0xf7, 0x64, 0xb7, 0x24, 0x82, 0xf6, 0xe0, 0x8b, 0x41, 0x4c, 0x6c, 0x50, 0x0c, 0x99, + 0x1d, 0x19, 0xcb, 0xbd, 0x03, 0x9f, 0x91, 0xae, 0x5d, 0x53, 0xee, 0x32, 0x94, 0xf4, 0xaf, 0xf6, + 0x04, 0xb7, 0xeb, 0x2a, 0xc8, 0x29, 0xe9, 0x7e, 0x57, 0x82, 0xfa, 0x9e, 0xcc, 0xf1, 0x34, 0x1d, + 0x16, 0x20, 0x8f, 0xc9, 0xbe, 0x89, 0x8d, 0x5c, 0x22, 0x0f, 0xa0, 0x45, 0xf6, 0x83, 0x28, 0x50, + 0x5a, 0xe5, 0x94, 0xe1, 0xf3, 0x5e, 0xdc, 0xf6, 0x4e, 0x76, 0x71, 0x86, 0x03, 0x39, 0x50, 0xd9, + 0x7c, 0x17, 0x53, 0x26, 0x53, 0x2a, 0xaf, 0x60, 0x86, 0x34, 0x7a, 0x0d, 0x73, 0xe9, 0xfa, 0x89, + 0x10, 0x4c, 0x26, 0xaa, 0x4c, 0xa3, 0xfb, 0x93, 0x69, 0x94, 0x55, 0xca, 0x1b, 0x91, 0xd9, 0x8c, + 0x04, 0x1b, 0xe0, 0x51, 0x1c, 0x69, 0xe1, 0x1e, 0xe1, 0x5c, 0x6a, 0xa8, 0xc2, 0x8f, 0x53, 0x52, + 0xaa, 0xf3, 0x37, 0x46, 0x23, 0x41, 0xa2, 0xae, 0x0a, 0x7d, 0x15, 0x0f, 0x69, 0xa9, 0x4e, 0xba, + 0xd6, 0xea, 0x94, 0xcf, 0xa5, 0xce, 0x88, 0x8c, 0x51, 0x67, 0x64, 0x0f, 0xad, 0x43, 0x71, 0xc3, + 0xef, 0x1c, 0x10, 0x15, 0xe5, 0xda, 0xda, 0xe2, 0x24, 0xa0, 0x3a, 0xfe, 0xa7, 0x0a, 0x2b, 0x57, + 0x85, 0x7a, 0x05, 0x6b, 0x11, 0xf4, 0x2f, 0xa8, 0x6f, 0x46, 0x22, 0x10, 0x21, 0xe9, 0xab, 0x88, + 0x55, 0x65, 0xc4, 0x9a, 0xeb, 0x1f, 0x8e, 0x97, 0xfe, 0x30, 0xb3, 0xf1, 0x24, 0x22, 0x08, 0x1b, + 0x24, 0x23, 0xe5, 0x65, 0x20, 0xf0, 0x08, 0x1e, 0x7a, 0x03, 0xf3, 0xa9, 0xb2, 0x5b, 0x51, 0x9c, + 0x08, 0x6e, 0x83, 0xb2, 0x7a, 0xed, 0x9c, 0x56, 0x6b, 0x21, 0x6d, 0xf6, 0x18, 0x12, 0x6a, 0xca, + 0x6c, 0x4a, 0x58, 0x87, 0xec, 0xd2, 0x30, 0xe8, 0x0c, 0x54, 0x1a, 0x4e, 0x35, 0x3f, 0xcb, 0x85, + 0x47, 0x64, 0x9c, 0xc7, 0x80, 0x26, 0xe3, 0x2d, 0xf3, 0xf2, 0x90, 0x0c, 0xd2, 0xbc, 0x3c, 0x24, + 0x03, 0xd9, 0x1a, 0x8e, 0xfc, 0x30, 0xd1, 0x2d, 0xa3, 0x8a, 0x35, 0xb1, 0x9e, 0x7b, 0x68, 0x49, + 0x84, 0xc9, 0x10, 0x5d, 0x08, 0xe1, 0x39, 0x5c, 0x9b, 0x62, 0xee, 0x14, 0x88, 0xdb, 0x59, 0x88, + 0xc9, 0xba, 0x38, 0x81, 0x74, 0x3f, 0xcf, 0x43, 0x3d, 0x1b, 0x74, 0xb4, 0x0a, 0xd7, 0xb4, 0x9d, + 0x98, 0xec, 0xb7, 0x48, 0xcc, 0x48, 0x47, 0x76, 0x1a, 0x03, 0x3e, 0xed, 0x08, 0xad, 0xc1, 0xf5, + 0xad, 0xbe, 0xd9, 0xe6, 0x19, 0x91, 0x9c, 0xaa, 0xe9, 0xa9, 0x67, 0x88, 0xc2, 0x2f, 0x35, 0x94, + 0xf2, 0x44, 0x46, 0x28, 0xaf, 0x82, 0xfe, 0xa7, 0xd3, 0x33, 0xd3, 0x9b, 0x2a, 0xab, 0x63, 0x3f, + 0x1d, 0x17, 0xfd, 0x15, 0xca, 0xfa, 0x20, 0x2d, 0xee, 0x5b, 0xa7, 0x7f, 0x42, 0x83, 0xa5, 0x32, + 0x52, 0x5c, 0xdb, 0xc1, 0xed, 0xe2, 0x05, 0xc4, 0x8d, 0x8c, 0xf3, 0x14, 0x9c, 0xd9, 0x2a, 0x5f, + 0x24, 0x05, 0xdc, 0xcf, 0x2c, 0xb8, 0x3a, 0xf1, 0x21, 0x79, 0xf3, 0xa8, 0xde, 0xab, 0x21, 0xd4, + 0x1a, 0xb5, 0xa0, 0xa8, 0xbb, 0x47, 0x4e, 0x29, 0xec, 0x9d, 0x43, 0x61, 0x2f, 0xd3, 0x3a, 0xb4, + 0xb0, 0xf3, 0x10, 0xe0, 0x72, 0xc9, 0xea, 0x7e, 0x69, 0xc1, 0x9c, 0xa9, 0x54, 0x73, 0x4d, 0xfb, + 0xb0, 0x90, 0x96, 0x50, 0xba, 0x67, 0x2e, 0xec, 0x07, 0x33, 0x8b, 0x5c, 0xb3, 0x79, 0xe3, 0x72, + 0x5a, 0xc7, 0x09, 0x38, 0x67, 0x23, 0xcd, 0xab, 0x31, 0xd6, 0x0b, 0x69, 0x7e, 0x13, 0xe6, 0xf6, + 0x84, 0x2f, 0x12, 0x3e, 0xf3, 0xf6, 0x71, 0x7f, 0xb0, 0x60, 0x3e, 0xe5, 0x31, 0xd6, 0xfd, 0x1e, + 0x2a, 0x47, 0x84, 0x09, 0xf2, 0x8e, 0x70, 0x63, 0x95, 0x3d, 0x69, 0xd5, 0x2b, 0xc5, 0x81, 0x87, + 0x9c, 0x68, 0x1d, 0x2a, 0x5c, 0xe1, 0x90, 0x34, 0x50, 0x8b, 0xb3, 0xa4, 0xcc, 0xf7, 0x86, 0xfc, + 0xa8, 0x01, 0x85, 0x90, 0xf6, 0xb8, 0xa9, 0x99, 0x5f, 0xcd, 0x92, 0xdb, 0xa6, 0x3d, 0xac, 0x18, + 0xd1, 0x9f, 0xa1, 0xf2, 0xd6, 0x67, 0x51, 0x10, 0xf5, 0xd2, 0x2a, 0x58, 0x9a, 0x25, 0xf4, 0x5a, + 0xf3, 0xe1, 0xa1, 0x80, 0x9c, 0x96, 0x4a, 0xfa, 0x0c, 0x3d, 0x83, 0x52, 0x37, 0xe8, 0x11, 0x2e, + 0xb4, 0x4b, 0x9a, 0x6b, 0xf2, 0xa2, 0xf8, 0x70, 0xbc, 0x74, 0x27, 0x73, 0x13, 0xd0, 0x98, 0x44, + 0x72, 0x60, 0xf6, 0x83, 0x88, 0x30, 0xde, 0xe8, 0xd1, 0x7b, 0x5a, 0xc4, 0x6b, 0xa9, 0x1f, 0x6c, + 0x10, 0x24, 0x56, 0xa0, 0xfb, 0xbd, 0xea, 0x17, 0x97, 0xc3, 0xd2, 0x08, 0xb2, 0x0c, 0x22, 0xbf, + 0x4f, 0xcc, 0xfd, 0xae, 0xd6, 0x72, 0xf8, 0xe8, 0xc8, 0x3c, 0xef, 0xaa, 0xb1, 0xac, 0x82, 0x0d, + 0x85, 0xd6, 0xa1, 0xcc, 0x85, 0xcf, 0x64, 0xcf, 0x29, 0x9e, 0x73, 0x6a, 0x4a, 0x05, 0xd0, 0x23, + 0xa8, 0x76, 0x68, 0x3f, 0x0e, 0x89, 0x94, 0x2e, 0x9d, 0x53, 0xfa, 0x44, 0x44, 0xa6, 0x1e, 0x61, + 0x8c, 0x32, 0x35, 0xaf, 0x55, 0xb1, 0x26, 0xd0, 0x1f, 0x61, 0x2e, 0x66, 0xb4, 0xc7, 0x08, 0xe7, + 0x7f, 0x67, 0x34, 0x89, 0xcd, 0x2d, 0x7d, 0x55, 0x36, 0xef, 0xdd, 0xec, 0x01, 0x1e, 0xe5, 0x73, + 0xbf, 0xcf, 0x41, 0x3d, 0x9b, 0x22, 0x13, 0x83, 0xec, 0x33, 0x28, 0xe9, 0x84, 0xd3, 0xb9, 0x7e, + 0x39, 0x1f, 0x6b, 0x84, 0xa9, 0x3e, 0xb6, 0xa1, 0xdc, 0x49, 0x98, 0x9a, 0x72, 0xf5, 0xec, 0x9b, + 0x92, 0xd2, 0x52, 0x41, 0x85, 0x1f, 0x2a, 0x1f, 0xe7, 0xb1, 0x26, 0xe4, 0xe0, 0x3b, 0x7c, 0xeb, + 0x5c, 0x6c, 0xf0, 0x1d, 0x8a, 0x65, 0xe3, 0x57, 0xfe, 0xa4, 0xf8, 0x55, 0x2e, 0x1c, 0x3f, 0xf7, + 0x2b, 0x0b, 0xaa, 0xc3, 0xda, 0xca, 0x78, 0xd7, 0xfa, 0x64, 0xef, 0x8e, 0x78, 0x26, 0x77, 0x39, + 0xcf, 0xdc, 0x80, 0x12, 0x17, 0x8c, 0xf8, 0x7d, 0xfd, 0x2c, 0xc3, 0x86, 0x92, 0x5d, 0xac, 0xcf, + 0x7b, 0x2a, 0x42, 0x75, 0x2c, 0x97, 0xee, 0x8f, 0x16, 0xcc, 0x8d, 0x94, 0xfb, 0xcf, 0x6a, 0xcb, + 0x75, 0x28, 0x86, 0xe4, 0x88, 0xe8, 0x87, 0x63, 0x1e, 0x6b, 0x42, 0xee, 0xf2, 0x03, 0xca, 0x84, + 0x52, 0xae, 0x8e, 0x35, 0x21, 0x75, 0xee, 0x12, 0xe1, 0x07, 0xa1, 0xea, 0x4b, 0x75, 0x6c, 0x28, + 0xa9, 0x73, 0xc2, 0x42, 0x33, 0x3c, 0xcb, 0x25, 0x72, 0xa1, 0x10, 0x44, 0xfb, 0xd4, 0xa4, 0x8d, + 0x9a, 0x6c, 0xf4, 0x9c, 0xb6, 0x15, 0xed, 0x53, 0xac, 0xce, 0xd0, 0x4d, 0x28, 0x31, 0x3f, 0xea, + 0x91, 0x74, 0x72, 0xae, 0x4a, 0x2e, 0x2c, 0x77, 0xb0, 0x39, 0x70, 0x5d, 0xa8, 0xab, 0xc7, 0xe7, + 0x0e, 0xe1, 0xf2, 0xa9, 0x23, 0xd3, 0xba, 0xeb, 0x0b, 0x5f, 0x99, 0x5d, 0xc7, 0x6a, 0xed, 0xde, + 0x05, 0xb4, 0x1d, 0x70, 0xf1, 0x5a, 0x3d, 0x9a, 0xf9, 0x59, 0x2f, 0xd3, 0x3d, 0xb8, 0x36, 0xc2, + 0x6d, 0xae, 0x85, 0xbf, 0x8c, 0xbd, 0x4d, 0x6f, 0x4f, 0x76, 0x5c, 0xf5, 0x36, 0xf7, 0xb4, 0xe0, + 0xd8, 0x13, 0x75, 0x0e, 0x6a, 0xca, 0x2e, 0xfd, 0x6d, 0xd7, 0x87, 0xba, 0x26, 0x0d, 0xf8, 0x73, + 0xf8, 0x45, 0x0a, 0xf4, 0x8a, 0x30, 0xf5, 0xce, 0xb0, 0x94, 0x5f, 0x7e, 0x3b, 0xeb, 0x2b, 0xcd, + 0x51, 0x76, 0x3c, 0x2e, 0xef, 0xfe, 0x63, 0x74, 0x56, 0x46, 0x8f, 0xa0, 0xac, 0xe9, 0xf4, 0x7e, + 0xba, 0x7d, 0xfa, 0xd8, 0xac, 0xd7, 0x38, 0x15, 0x72, 0xb7, 0x01, 0x4d, 0x1e, 0x4f, 0x1d, 0x58, + 0xcc, 0x2d, 0x9b, 0x3b, 0x79, 0xe3, 0x2d, 0x40, 0x7e, 0x37, 0x88, 0x4c, 0xab, 0x91, 0xcb, 0xb5, + 0x2f, 0x0a, 0x50, 0xde, 0xd0, 0x7f, 0xc3, 0xa0, 0x17, 0x50, 0x1d, 0xfe, 0x15, 0x80, 0xdc, 0x49, + 0xad, 0xc6, 0xff, 0x53, 0x70, 0x6e, 0x9d, 0xca, 0x63, 0x5c, 0xfa, 0x14, 0x8a, 0xea, 0x4f, 0x11, + 0x34, 0xe5, 0x1e, 0xce, 0xfe, 0x5b, 0xe2, 0x9c, 0xfe, 0x27, 0xc3, 0xaa, 0x25, 0x91, 0xd4, 0x10, + 0x83, 0x16, 0x4f, 0x7f, 0xc2, 0x38, 0x4b, 0x67, 0x4c, 0x3f, 0x68, 0x07, 0x4a, 0xa6, 0xb3, 0x4f, + 0x63, 0xcd, 0x8e, 0x2a, 0xce, 0xf2, 0x6c, 0x06, 0x0d, 0xb6, 0x6a, 0xa1, 0x9d, 0xe1, 0xab, 0x74, + 0x9a, 0x6a, 0xd9, 0xb2, 0x70, 0xce, 0x38, 0x5f, 0xb1, 0x56, 0x2d, 0xf4, 0x06, 0x6a, 0x99, 0xc4, + 0x47, 0x53, 0xf2, 0x63, 0xb2, 0x8a, 0x9c, 0xdf, 0x9c, 0xc1, 0x65, 0x2c, 0xdf, 0x84, 0x82, 0x4c, + 0x78, 0x34, 0xc5, 0xd9, 0x99, 0xba, 0x98, 0xa6, 0x66, 0xb6, 0x4e, 0x9a, 0xf5, 0xf7, 0x1f, 0x17, + 0xad, 0xaf, 0x3f, 0x2e, 0x5a, 0xdf, 0x7e, 0x5c, 0xb4, 0xda, 0x25, 0xd5, 0x49, 0x7f, 0xf7, 0x53, + 0x00, 0x00, 0x00, 0xff, 0xff, 0x93, 0xba, 0xe0, 0xe6, 0xd1, 0x13, 0x00, 0x00, } // Reference imports to suppress errors if they are not otherwise used. @@ -2122,6 +2247,18 @@ func (m *SolveRequest) MarshalToSizedBuffer(dAtA []byte) (int, error) { i -= len(m.XXX_unrecognized) copy(dAtA[i:], m.XXX_unrecognized) } + if m.SourcePolicy != nil { + { + size, err := m.SourcePolicy.MarshalToSizedBuffer(dAtA[:i]) + if err != nil { + return 0, err + } + i -= size + i = encodeVarintControl(dAtA, i, uint64(size)) + } + i-- + dAtA[i] = 0x5a + } if len(m.FrontendInputs) > 0 { for k := range m.FrontendInputs { v := m.FrontendInputs[k] @@ -2598,22 +2735,22 @@ func (m *Vertex) MarshalToSizedBuffer(dAtA []byte) (int, error) { dAtA[i] = 0x3a } if m.Completed != nil { - n7, err7 := github_com_gogo_protobuf_types.StdTimeMarshalTo(*m.Completed, dAtA[i-github_com_gogo_protobuf_types.SizeOfStdTime(*m.Completed):]) - if err7 != nil { - return 0, err7 + n8, err8 := github_com_gogo_protobuf_types.StdTimeMarshalTo(*m.Completed, dAtA[i-github_com_gogo_protobuf_types.SizeOfStdTime(*m.Completed):]) + if err8 != nil { + return 0, err8 } - i -= n7 - i = encodeVarintControl(dAtA, i, uint64(n7)) + i -= n8 + i = encodeVarintControl(dAtA, i, uint64(n8)) i-- dAtA[i] = 0x32 } if m.Started != nil { - n8, err8 := github_com_gogo_protobuf_types.StdTimeMarshalTo(*m.Started, dAtA[i-github_com_gogo_protobuf_types.SizeOfStdTime(*m.Started):]) - if err8 != nil { - return 0, err8 + n9, err9 := github_com_gogo_protobuf_types.StdTimeMarshalTo(*m.Started, dAtA[i-github_com_gogo_protobuf_types.SizeOfStdTime(*m.Started):]) + if err9 != nil { + return 0, err9 } - i -= n8 - i = encodeVarintControl(dAtA, i, uint64(n8)) + i -= n9 + i = encodeVarintControl(dAtA, i, uint64(n9)) i-- dAtA[i] = 0x2a } @@ -2678,31 +2815,31 @@ func (m *VertexStatus) MarshalToSizedBuffer(dAtA []byte) (int, error) { copy(dAtA[i:], m.XXX_unrecognized) } if m.Completed != nil { - n9, err9 := github_com_gogo_protobuf_types.StdTimeMarshalTo(*m.Completed, dAtA[i-github_com_gogo_protobuf_types.SizeOfStdTime(*m.Completed):]) - if err9 != nil { - return 0, err9 + n10, err10 := github_com_gogo_protobuf_types.StdTimeMarshalTo(*m.Completed, dAtA[i-github_com_gogo_protobuf_types.SizeOfStdTime(*m.Completed):]) + if err10 != nil { + return 0, err10 } - i -= n9 - i = encodeVarintControl(dAtA, i, uint64(n9)) + i -= n10 + i = encodeVarintControl(dAtA, i, uint64(n10)) i-- dAtA[i] = 0x42 } if m.Started != nil { - n10, err10 := github_com_gogo_protobuf_types.StdTimeMarshalTo(*m.Started, dAtA[i-github_com_gogo_protobuf_types.SizeOfStdTime(*m.Started):]) - if err10 != nil { - return 0, err10 + n11, err11 := github_com_gogo_protobuf_types.StdTimeMarshalTo(*m.Started, dAtA[i-github_com_gogo_protobuf_types.SizeOfStdTime(*m.Started):]) + if err11 != nil { + return 0, err11 } - i -= n10 - i = encodeVarintControl(dAtA, i, uint64(n10)) + i -= n11 + i = encodeVarintControl(dAtA, i, uint64(n11)) i-- dAtA[i] = 0x3a } - n11, err11 := github_com_gogo_protobuf_types.StdTimeMarshalTo(m.Timestamp, dAtA[i-github_com_gogo_protobuf_types.SizeOfStdTime(m.Timestamp):]) - if err11 != nil { - return 0, err11 + n12, err12 := github_com_gogo_protobuf_types.StdTimeMarshalTo(m.Timestamp, dAtA[i-github_com_gogo_protobuf_types.SizeOfStdTime(m.Timestamp):]) + if err12 != nil { + return 0, err12 } - i -= n11 - i = encodeVarintControl(dAtA, i, uint64(n11)) + i -= n12 + i = encodeVarintControl(dAtA, i, uint64(n12)) i-- dAtA[i] = 0x32 if m.Total != 0 { @@ -2775,12 +2912,12 @@ func (m *VertexLog) MarshalToSizedBuffer(dAtA []byte) (int, error) { i-- dAtA[i] = 0x18 } - n12, err12 := github_com_gogo_protobuf_types.StdTimeMarshalTo(m.Timestamp, dAtA[i-github_com_gogo_protobuf_types.SizeOfStdTime(m.Timestamp):]) - if err12 != nil { - return 0, err12 + n13, err13 := github_com_gogo_protobuf_types.StdTimeMarshalTo(m.Timestamp, dAtA[i-github_com_gogo_protobuf_types.SizeOfStdTime(m.Timestamp):]) + if err13 != nil { + return 0, err13 } - i -= n12 - i = encodeVarintControl(dAtA, i, uint64(n12)) + i -= n13 + i = encodeVarintControl(dAtA, i, uint64(n13)) i-- dAtA[i] = 0x12 if len(m.Vertex) > 0 { @@ -3058,6 +3195,95 @@ func (m *InfoResponse) MarshalToSizedBuffer(dAtA []byte) (int, error) { return len(dAtA) - i, nil } +func (m *SourcePolicy) Marshal() (dAtA []byte, err error) { + size := m.Size() + dAtA = make([]byte, size) + n, err := m.MarshalToSizedBuffer(dAtA[:size]) + if err != nil { + return nil, err + } + return dAtA[:n], nil +} + +func (m *SourcePolicy) MarshalTo(dAtA []byte) (int, error) { + size := m.Size() + return m.MarshalToSizedBuffer(dAtA[:size]) +} + +func (m *SourcePolicy) MarshalToSizedBuffer(dAtA []byte) (int, error) { + i := len(dAtA) + _ = i + var l int + _ = l + if m.XXX_unrecognized != nil { + i -= len(m.XXX_unrecognized) + copy(dAtA[i:], m.XXX_unrecognized) + } + if len(m.Sources) > 0 { + for iNdEx := len(m.Sources) - 1; iNdEx >= 0; iNdEx-- { + { + size, err := m.Sources[iNdEx].MarshalToSizedBuffer(dAtA[:i]) + if err != nil { + return 0, err + } + i -= size + i = encodeVarintControl(dAtA, i, uint64(size)) + } + i-- + dAtA[i] = 0x12 + } + } + return len(dAtA) - i, nil +} + +func (m *SourcePolicySource) Marshal() (dAtA []byte, err error) { + size := m.Size() + dAtA = make([]byte, size) + n, err := m.MarshalToSizedBuffer(dAtA[:size]) + if err != nil { + return nil, err + } + return dAtA[:n], nil +} + +func (m *SourcePolicySource) MarshalTo(dAtA []byte) (int, error) { + size := m.Size() + return m.MarshalToSizedBuffer(dAtA[:size]) +} + +func (m *SourcePolicySource) MarshalToSizedBuffer(dAtA []byte) (int, error) { + i := len(dAtA) + _ = i + var l int + _ = l + if m.XXX_unrecognized != nil { + i -= len(m.XXX_unrecognized) + copy(dAtA[i:], m.XXX_unrecognized) + } + if len(m.Pin) > 0 { + i -= len(m.Pin) + copy(dAtA[i:], m.Pin) + i = encodeVarintControl(dAtA, i, uint64(len(m.Pin))) + i-- + dAtA[i] = 0x1a + } + if len(m.Ref) > 0 { + i -= len(m.Ref) + copy(dAtA[i:], m.Ref) + i = encodeVarintControl(dAtA, i, uint64(len(m.Ref))) + i-- + dAtA[i] = 0x12 + } + if len(m.Type) > 0 { + i -= len(m.Type) + copy(dAtA[i:], m.Type) + i = encodeVarintControl(dAtA, i, uint64(len(m.Type))) + i-- + dAtA[i] = 0xa + } + return len(dAtA) - i, nil +} + func encodeVarintControl(dAtA []byte, offset int, v uint64) int { offset -= sovControl(v) base := offset @@ -3250,6 +3476,10 @@ func (m *SolveRequest) Size() (n int) { n += mapEntrySize + 1 + sovControl(uint64(mapEntrySize)) } } + if m.SourcePolicy != nil { + l = m.SourcePolicy.Size() + n += 1 + l + sovControl(uint64(l)) + } if m.XXX_unrecognized != nil { n += len(m.XXX_unrecognized) } @@ -3627,6 +3857,48 @@ func (m *InfoResponse) Size() (n int) { return n } +func (m *SourcePolicy) Size() (n int) { + if m == nil { + return 0 + } + var l int + _ = l + if len(m.Sources) > 0 { + for _, e := range m.Sources { + l = e.Size() + n += 1 + l + sovControl(uint64(l)) + } + } + if m.XXX_unrecognized != nil { + n += len(m.XXX_unrecognized) + } + return n +} + +func (m *SourcePolicySource) Size() (n int) { + if m == nil { + return 0 + } + var l int + _ = l + l = len(m.Type) + if l > 0 { + n += 1 + l + sovControl(uint64(l)) + } + l = len(m.Ref) + if l > 0 { + n += 1 + l + sovControl(uint64(l)) + } + l = len(m.Pin) + if l > 0 { + n += 1 + l + sovControl(uint64(l)) + } + if m.XXX_unrecognized != nil { + n += len(m.XXX_unrecognized) + } + return n +} + func sovControl(x uint64) (n int) { return (math_bits.Len64(x|1) + 6) / 7 } @@ -4961,6 +5233,42 @@ func (m *SolveRequest) Unmarshal(dAtA []byte) error { } m.FrontendInputs[mapkey] = mapvalue iNdEx = postIndex + case 11: + if wireType != 2 { + return fmt.Errorf("proto: wrong wireType = %d for field SourcePolicy", wireType) + } + var msglen int + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return ErrIntOverflowControl + } + if iNdEx >= l { + return io.ErrUnexpectedEOF + } + b := dAtA[iNdEx] + iNdEx++ + msglen |= int(b&0x7F) << shift + if b < 0x80 { + break + } + } + if msglen < 0 { + return ErrInvalidLengthControl + } + postIndex := iNdEx + msglen + if postIndex < 0 { + return ErrInvalidLengthControl + } + if postIndex > l { + return io.ErrUnexpectedEOF + } + if m.SourcePolicy == nil { + m.SourcePolicy = &SourcePolicy{} + } + if err := m.SourcePolicy.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { + return err + } + iNdEx = postIndex default: iNdEx = preIndex skippy, err := skipControl(dAtA[iNdEx:]) @@ -7378,6 +7686,238 @@ func (m *InfoResponse) Unmarshal(dAtA []byte) error { } return nil } +func (m *SourcePolicy) Unmarshal(dAtA []byte) error { + l := len(dAtA) + iNdEx := 0 + for iNdEx < l { + preIndex := iNdEx + var wire uint64 + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return ErrIntOverflowControl + } + if iNdEx >= l { + return io.ErrUnexpectedEOF + } + b := dAtA[iNdEx] + iNdEx++ + wire |= uint64(b&0x7F) << shift + if b < 0x80 { + break + } + } + fieldNum := int32(wire >> 3) + wireType := int(wire & 0x7) + if wireType == 4 { + return fmt.Errorf("proto: SourcePolicy: wiretype end group for non-group") + } + if fieldNum <= 0 { + return fmt.Errorf("proto: SourcePolicy: illegal tag %d (wire type %d)", fieldNum, wire) + } + switch fieldNum { + case 2: + if wireType != 2 { + return fmt.Errorf("proto: wrong wireType = %d for field Sources", wireType) + } + var msglen int + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return ErrIntOverflowControl + } + if iNdEx >= l { + return io.ErrUnexpectedEOF + } + b := dAtA[iNdEx] + iNdEx++ + msglen |= int(b&0x7F) << shift + if b < 0x80 { + break + } + } + if msglen < 0 { + return ErrInvalidLengthControl + } + postIndex := iNdEx + msglen + if postIndex < 0 { + return ErrInvalidLengthControl + } + if postIndex > l { + return io.ErrUnexpectedEOF + } + m.Sources = append(m.Sources, &SourcePolicySource{}) + if err := m.Sources[len(m.Sources)-1].Unmarshal(dAtA[iNdEx:postIndex]); err != nil { + return err + } + iNdEx = postIndex + default: + iNdEx = preIndex + skippy, err := skipControl(dAtA[iNdEx:]) + if err != nil { + return err + } + if (skippy < 0) || (iNdEx+skippy) < 0 { + return ErrInvalidLengthControl + } + if (iNdEx + skippy) > l { + return io.ErrUnexpectedEOF + } + m.XXX_unrecognized = append(m.XXX_unrecognized, dAtA[iNdEx:iNdEx+skippy]...) + iNdEx += skippy + } + } + + if iNdEx > l { + return io.ErrUnexpectedEOF + } + return nil +} +func (m *SourcePolicySource) Unmarshal(dAtA []byte) error { + l := len(dAtA) + iNdEx := 0 + for iNdEx < l { + preIndex := iNdEx + var wire uint64 + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return ErrIntOverflowControl + } + if iNdEx >= l { + return io.ErrUnexpectedEOF + } + b := dAtA[iNdEx] + iNdEx++ + wire |= uint64(b&0x7F) << shift + if b < 0x80 { + break + } + } + fieldNum := int32(wire >> 3) + wireType := int(wire & 0x7) + if wireType == 4 { + return fmt.Errorf("proto: SourcePolicySource: wiretype end group for non-group") + } + if fieldNum <= 0 { + return fmt.Errorf("proto: SourcePolicySource: illegal tag %d (wire type %d)", fieldNum, wire) + } + switch fieldNum { + case 1: + if wireType != 2 { + return fmt.Errorf("proto: wrong wireType = %d for field Type", wireType) + } + var stringLen uint64 + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return ErrIntOverflowControl + } + if iNdEx >= l { + return io.ErrUnexpectedEOF + } + b := dAtA[iNdEx] + iNdEx++ + stringLen |= uint64(b&0x7F) << shift + if b < 0x80 { + break + } + } + intStringLen := int(stringLen) + if intStringLen < 0 { + return ErrInvalidLengthControl + } + postIndex := iNdEx + intStringLen + if postIndex < 0 { + return ErrInvalidLengthControl + } + if postIndex > l { + return io.ErrUnexpectedEOF + } + m.Type = string(dAtA[iNdEx:postIndex]) + iNdEx = postIndex + case 2: + if wireType != 2 { + return fmt.Errorf("proto: wrong wireType = %d for field Ref", wireType) + } + var stringLen uint64 + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return ErrIntOverflowControl + } + if iNdEx >= l { + return io.ErrUnexpectedEOF + } + b := dAtA[iNdEx] + iNdEx++ + stringLen |= uint64(b&0x7F) << shift + if b < 0x80 { + break + } + } + intStringLen := int(stringLen) + if intStringLen < 0 { + return ErrInvalidLengthControl + } + postIndex := iNdEx + intStringLen + if postIndex < 0 { + return ErrInvalidLengthControl + } + if postIndex > l { + return io.ErrUnexpectedEOF + } + m.Ref = string(dAtA[iNdEx:postIndex]) + iNdEx = postIndex + case 3: + if wireType != 2 { + return fmt.Errorf("proto: wrong wireType = %d for field Pin", wireType) + } + var stringLen uint64 + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return ErrIntOverflowControl + } + if iNdEx >= l { + return io.ErrUnexpectedEOF + } + b := dAtA[iNdEx] + iNdEx++ + stringLen |= uint64(b&0x7F) << shift + if b < 0x80 { + break + } + } + intStringLen := int(stringLen) + if intStringLen < 0 { + return ErrInvalidLengthControl + } + postIndex := iNdEx + intStringLen + if postIndex < 0 { + return ErrInvalidLengthControl + } + if postIndex > l { + return io.ErrUnexpectedEOF + } + m.Pin = string(dAtA[iNdEx:postIndex]) + iNdEx = postIndex + default: + iNdEx = preIndex + skippy, err := skipControl(dAtA[iNdEx:]) + if err != nil { + return err + } + if (skippy < 0) || (iNdEx+skippy) < 0 { + return ErrInvalidLengthControl + } + if (iNdEx + skippy) > l { + return io.ErrUnexpectedEOF + } + m.XXX_unrecognized = append(m.XXX_unrecognized, dAtA[iNdEx:iNdEx+skippy]...) + iNdEx += skippy + } + } + + if iNdEx > l { + return io.ErrUnexpectedEOF + } + return nil +} func skipControl(dAtA []byte) (n int, err error) { l := len(dAtA) iNdEx := 0 diff --git a/api/services/control/control.proto b/api/services/control/control.proto index 6f5c976bce51..7580be4e2b1e 100644 --- a/api/services/control/control.proto +++ b/api/services/control/control.proto @@ -62,6 +62,7 @@ message SolveRequest { CacheOptions Cache = 8 [(gogoproto.nullable) = false]; repeated string Entitlements = 9 [(gogoproto.customtype) = "github.com/moby/buildkit/util/entitlements.Entitlement" ]; map FrontendInputs = 10; + SourcePolicy SourcePolicy = 11; } message CacheOptions { @@ -163,3 +164,15 @@ message InfoRequest {} message InfoResponse { moby.buildkit.v1.types.BuildkitVersion buildkitVersion = 1; } + +message SourcePolicy { + // 1 is reserved for versioning + repeated SourcePolicySource Sources = 2; +} + +message SourcePolicySource { + string Type = 1; + string Ref = 2; + string Pin = 3; + // TODO: string (?) Replace = 4; +} diff --git a/client/client_test.go b/client/client_test.go index d501f37c99de..e6c56a748edc 100644 --- a/client/client_test.go +++ b/client/client_test.go @@ -43,6 +43,7 @@ import ( "github.com/moby/buildkit/session/sshforward/sshprovider" "github.com/moby/buildkit/solver/errdefs" "github.com/moby/buildkit/solver/pb" + "github.com/moby/buildkit/sourcepolicy" binfotypes "github.com/moby/buildkit/util/buildinfo/types" "github.com/moby/buildkit/util/contentutil" "github.com/moby/buildkit/util/entitlements" @@ -167,6 +168,7 @@ func TestIntegration(t *testing.T) { testCallInfo, testPullWithLayerLimit, testExportAnnotations, + testSourcePolicy, ) tests = append(tests, diffOpTestCases()...) integration.Run(t, tests, mirrors) @@ -6325,3 +6327,83 @@ func fixedWriteCloser(wc io.WriteCloser) func(map[string]string) (io.WriteCloser return wc, nil } } + +func testSourcePolicy(t *testing.T, sb integration.Sandbox) { + requiresLinux(t) + c, err := New(sb.Context(), sb.Address()) + require.NoError(t, err) + defer c.Close() + + frontend := func(ctx context.Context, c gateway.Client) (*gateway.Result, error) { + st := llb.Image("busybox:1.34.1-uclibc").File( + llb.Copy(llb.HTTP("https://raw.githubusercontent.com/moby/buildkit/v0.10.1/README.md"), + "README.md", "README.md")) + def, err := st.Marshal(sb.Context()) + if err != nil { + return nil, err + } + return c.Solve(ctx, gateway.SolveRequest{ + Definition: def.ToPB(), + }) + } + + type testCase struct { + srcPol *sourcepolicy.SourcePolicy + expectedErr string + } + testCases := []testCase{ + { + // Valid + srcPol: &sourcepolicy.SourcePolicy{ + Sources: []sourcepolicy.Source{ + { + Type: "docker-image", + Ref: "docker.io/library/busybox:1.34.1-uclibc", + Pin: "sha256:3614ca5eacf0a3a1bcc361c939202a974b4902b9334ff36eb29ffe9011aaad83", + }, + { + Type: "http", + Ref: "https://raw.githubusercontent.com/moby/buildkit/v0.10.1/README.md", + Pin: "sha256:6e4b94fc270e708e1068be28bd3551dc6917a4fc5a61293d51bb36e6b75c4b53", + }, + }, + }, + expectedErr: "", + }, + { + // Invalid docker-image source + srcPol: &sourcepolicy.SourcePolicy{ + Sources: []sourcepolicy.Source{ + { + Type: "docker-image", + Ref: "docker.io/library/busybox:1.34.1-uclibc", + Pin: "sha256:aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", // invalid + }, + }, + }, + expectedErr: "docker.io/library/busybox:1.34.1-uclibc@sha256:aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa: not found", + }, + { + // Invalid http source + srcPol: &sourcepolicy.SourcePolicy{ + Sources: []sourcepolicy.Source{ + { + Type: "http", + Ref: "https://raw.githubusercontent.com/moby/buildkit/v0.10.1/README.md", + Pin: "sha256:bbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbb", // invalid + }, + }, + }, + expectedErr: "digest mismatch sha256:6e4b94fc270e708e1068be28bd3551dc6917a4fc5a61293d51bb36e6b75c4b53: sha256:bbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbb", + }, + } + for _, tc := range testCases { + _, err = c.Build(sb.Context(), SolveOpt{SourcePolicy: tc.srcPol}, "", frontend, nil) + if tc.expectedErr == "" { + require.NoError(t, err) + } else { + require.Error(t, err) + require.Contains(t, err.Error(), tc.expectedErr) + } + } +} diff --git a/client/llb/llbtest/platform_test.go b/client/llb/llbtest/platform_test.go index 40c676927b88..f66da1b989ec 100644 --- a/client/llb/llbtest/platform_test.go +++ b/client/llb/llbtest/platform_test.go @@ -27,7 +27,7 @@ func TestCustomPlatform(t *testing.T) { def, err := s.Marshal(context.TODO()) require.NoError(t, err) - e, err := llbsolver.Load(def.ToPB()) + e, err := llbsolver.Load(context.TODO(), def.ToPB(), nil) require.NoError(t, err) require.Equal(t, depth(e), 5) @@ -56,7 +56,7 @@ func TestDefaultPlatform(t *testing.T) { def, err := s.Marshal(context.TODO()) require.NoError(t, err) - e, err := llbsolver.Load(def.ToPB()) + e, err := llbsolver.Load(context.TODO(), def.ToPB(), nil) require.NoError(t, err) require.Equal(t, depth(e), 2) @@ -80,7 +80,7 @@ func TestPlatformOnMarshal(t *testing.T) { def, err := s.Marshal(context.TODO(), llb.Windows) require.NoError(t, err) - e, err := llbsolver.Load(def.ToPB()) + e, err := llbsolver.Load(context.TODO(), def.ToPB(), nil) require.NoError(t, err) expected := ocispecs.Platform{OS: "windows", Architecture: "amd64"} @@ -100,7 +100,7 @@ func TestPlatformMixed(t *testing.T) { def, err := s1.Marshal(context.TODO(), llb.LinuxAmd64) require.NoError(t, err) - e, err := llbsolver.Load(def.ToPB()) + e, err := llbsolver.Load(context.TODO(), def.ToPB(), nil) require.NoError(t, err) require.Equal(t, depth(e), 4) @@ -129,7 +129,7 @@ func TestFallbackPath(t *testing.T) { // the cap. def, err := llb.Scratch().Run(llb.Shlex("cmd")).Marshal(context.TODO(), llb.LinuxAmd64) require.NoError(t, err) - e, err := llbsolver.Load(def.ToPB()) + e, err := llbsolver.Load(context.TODO(), def.ToPB(), nil) require.NoError(t, err) require.False(t, def.Metadata[e.Vertex.Digest()].Caps[pb.CapExecMetaSetsDefaultPath]) _, ok := getenv(e, "PATH") @@ -141,7 +141,7 @@ func TestFallbackPath(t *testing.T) { require.Error(t, cs.Supports(pb.CapExecMetaSetsDefaultPath)) def, err = llb.Scratch().Run(llb.Shlex("cmd")).Marshal(context.TODO(), llb.LinuxAmd64, llb.WithCaps(cs)) require.NoError(t, err) - e, err = llbsolver.Load(def.ToPB()) + e, err = llbsolver.Load(context.TODO(), def.ToPB(), nil) require.NoError(t, err) require.False(t, def.Metadata[e.Vertex.Digest()].Caps[pb.CapExecMetaSetsDefaultPath]) v, ok := getenv(e, "PATH") @@ -155,7 +155,7 @@ func TestFallbackPath(t *testing.T) { require.NoError(t, cs.Supports(pb.CapExecMetaSetsDefaultPath)) def, err = llb.Scratch().Run(llb.Shlex("cmd")).Marshal(context.TODO(), llb.LinuxAmd64, llb.WithCaps(cs)) require.NoError(t, err) - e, err = llbsolver.Load(def.ToPB()) + e, err = llbsolver.Load(context.TODO(), def.ToPB(), nil) require.NoError(t, err) require.True(t, def.Metadata[e.Vertex.Digest()].Caps[pb.CapExecMetaSetsDefaultPath]) _, ok = getenv(e, "PATH") @@ -171,7 +171,7 @@ func TestFallbackPath(t *testing.T) { } { def, err = llb.Scratch().AddEnv("PATH", "foo").Run(llb.Shlex("cmd")).Marshal(context.TODO(), append(cos, llb.LinuxAmd64)...) require.NoError(t, err) - e, err = llbsolver.Load(def.ToPB()) + e, err = llbsolver.Load(context.TODO(), def.ToPB(), nil) require.NoError(t, err) // pb.CapExecMetaSetsDefaultPath setting is irrelevant (and variable). v, ok = getenv(e, "PATH") diff --git a/client/solve.go b/client/solve.go index 5d9f187e5b8f..1d42d057098b 100644 --- a/client/solve.go +++ b/client/solve.go @@ -20,6 +20,7 @@ import ( "github.com/moby/buildkit/session/filesync" "github.com/moby/buildkit/session/grpchijack" "github.com/moby/buildkit/solver/pb" + "github.com/moby/buildkit/sourcepolicy" "github.com/moby/buildkit/util/bklog" "github.com/moby/buildkit/util/entitlements" ocispecs "github.com/opencontainers/image-spec/specs-go/v1" @@ -44,6 +45,7 @@ type SolveOpt struct { AllowedEntitlements []entitlements.Entitlement SharedSession *session.Session // TODO: refactor to better session syncing SessionPreInitialized bool // TODO: refactor to better session syncing + SourcePolicy *sourcepolicy.SourcePolicy } type ExportEntry struct { @@ -198,6 +200,18 @@ func (c *Client) solve(ctx context.Context, def *llb.Definition, runGateway runG opt.FrontendAttrs[k] = v } + var srcPol *controlapi.SourcePolicy + if opt.SourcePolicy != nil { + srcPol = &controlapi.SourcePolicy{} + for _, f := range opt.SourcePolicy.Sources { + srcPol.Sources = append(srcPol.Sources, &controlapi.SourcePolicySource{ + Type: string(f.Type), + Ref: f.Ref, + Pin: f.Pin, + }) + } + } + solveCtx, cancelSolve := context.WithCancel(ctx) var res *SolveResponse eg.Go(func() error { @@ -239,6 +253,7 @@ func (c *Client) solve(ctx context.Context, def *llb.Definition, runGateway runG FrontendInputs: frontendInputs, Cache: cacheOpt.options, Entitlements: opt.AllowedEntitlements, + SourcePolicy: srcPol, }) if err != nil { return errors.Wrap(err, "failed to solve") diff --git a/cmd/buildctl/build.go b/cmd/buildctl/build.go index f5fd205a9901..b21ff1a730c8 100644 --- a/cmd/buildctl/build.go +++ b/cmd/buildctl/build.go @@ -20,6 +20,7 @@ import ( "github.com/moby/buildkit/session/auth/authprovider" "github.com/moby/buildkit/session/sshforward/sshprovider" "github.com/moby/buildkit/solver/pb" + "github.com/moby/buildkit/sourcepolicy" "github.com/moby/buildkit/util/progress/progresswriter" digest "github.com/opencontainers/go-digest" "github.com/pkg/errors" @@ -91,6 +92,10 @@ var buildCommand = cli.Command{ Name: "metadata-file", Usage: "Output build metadata (e.g., image digest) to a file as JSON", }, + cli.StringFlag{ + Name: "source-policy-file", + Usage: "Read source policy file from a JSON file", + }, }, } @@ -185,6 +190,19 @@ func buildAction(clicontext *cli.Context) error { return err } + var srcPol *sourcepolicy.SourcePolicy + if srcPolFile := clicontext.String("source-policy-file"); srcPolFile != "" { + b, err := os.ReadFile(srcPolFile) + if err != nil { + return err + } + var srcPolStruct sourcepolicy.SourcePolicy + if err := json.Unmarshal(b, &srcPolStruct); err != nil { + return errors.Wrapf(err, "failed to unmarshal source-policy-file %q", srcPolFile) + } + srcPol = &srcPolStruct + } + eg, ctx := errgroup.WithContext(bccommon.CommandContext(clicontext)) solveOpt := client.SolveOpt{ @@ -197,6 +215,7 @@ func buildAction(clicontext *cli.Context) error { CacheImports: cacheImports, Session: attachable, AllowedEntitlements: allowed, + SourcePolicy: srcPol, } solveOpt.FrontendAttrs, err = build.ParseOpt(clicontext.StringSlice("opt")) diff --git a/control/control.go b/control/control.go index f0dba193949b..7396c4450137 100644 --- a/control/control.go +++ b/control/control.go @@ -18,6 +18,7 @@ import ( "github.com/moby/buildkit/solver" "github.com/moby/buildkit/solver/llbsolver" "github.com/moby/buildkit/solver/pb" + "github.com/moby/buildkit/sourcepolicy" "github.com/moby/buildkit/util/bklog" "github.com/moby/buildkit/util/imageutil" "github.com/moby/buildkit/util/throttle" @@ -306,6 +307,18 @@ func (c *Controller) Solve(ctx context.Context, req *controlapi.SolveRequest) (* Attrs: im.Attrs, }) } + var srcPol *sourcepolicy.SourcePolicy + if req.SourcePolicy != nil { + srcPol = &sourcepolicy.SourcePolicy{} + for _, f := range req.SourcePolicy.Sources { + s := sourcepolicy.Source{ + Type: sourcepolicy.SourceType(f.Type), + Ref: f.Ref, + Pin: f.Pin, + } + srcPol.Sources = append(srcPol.Sources, s) + } + } resp, err := c.solver.Solve(ctx, req.Ref, req.Session, frontend.SolveRequest{ Frontend: req.Frontend, @@ -317,7 +330,7 @@ func (c *Controller) Solve(ctx context.Context, req *controlapi.SolveRequest) (* Exporter: expi, CacheExporter: cacheExporter, CacheExportMode: cacheExportMode, - }, req.Entitlements) + }, req.Entitlements, srcPol) if err != nil { return nil, err } diff --git a/docs/build-repro.md b/docs/build-repro.md index 4c11bd5755a1..7bace7d8fe37 100644 --- a/docs/build-repro.md +++ b/docs/build-repro.md @@ -127,3 +127,38 @@ jq '.' metadata.json "containerimage.digest": "sha256:..." } ``` + +### Reproducing the pinned dependencies + + +Reproducing the pinned dependencies is supported in the master branch of BuildKit. + +e.g., +```bash +buildctl build --frontend dockerfile.v0 --local dockerfile=. --local context=. --source-policy-file Dockerfile.pol +``` + +An example `Dockerfile.pol`: +```json +{ + "sources": [ + { + "type": "docker-image", + "ref": "docker.io/library/alpine:latest", + "pin": "sha256:4edbd2beb5f78b1014028f4fbb99f3237d9561100b6881aabbf5acce2c4f9454" + }, + { + "type": "http", + "ref": "https://raw.githubusercontent.com/moby/buildkit/v0.10.1/README.md", + "pin": "sha256:6e4b94fc270e708e1068be28bd3551dc6917a4fc5a61293d51bb36e6b75c4b53" + } + ] +} +``` + +* `sources`: a subset of the `."containerimage.buildinfo".sources` property of the `metadata.json` + +Reproduction is currently supported for the following source types: +* `docker-image` +* `http` + diff --git a/solver/llbsolver/bridge.go b/solver/llbsolver/bridge.go index 0bf8ac905354..ac4163960c14 100644 --- a/solver/llbsolver/bridge.go +++ b/solver/llbsolver/bridge.go @@ -19,7 +19,9 @@ import ( "github.com/moby/buildkit/solver" "github.com/moby/buildkit/solver/errdefs" llberrdefs "github.com/moby/buildkit/solver/llbsolver/errdefs" + "github.com/moby/buildkit/solver/llbsolver/llbmutator" "github.com/moby/buildkit/solver/pb" + "github.com/moby/buildkit/sourcepolicy/sourcepolicyllbmutator" "github.com/moby/buildkit/util/bklog" "github.com/moby/buildkit/util/buildinfo" "github.com/moby/buildkit/util/flightcontrol" @@ -72,6 +74,17 @@ func (b *llbBridge) loadResult(ctx context.Context, def *pb.Definition, cacheImp if err != nil { return nil, nil, err } + srcPol, err := loadSourcePolicy(b.builder) + if err != nil { + return nil, nil, err + } + var llbMutator llbmutator.LLBMutator + if srcPol != nil { + llbMutator, err = sourcepolicyllbmutator.New(srcPol) + if err != nil { + return nil, nil, err + } + } var cms []solver.CacheManager for _, im := range cacheImports { cmID, err := cmKey(im) @@ -111,7 +124,7 @@ func (b *llbBridge) loadResult(ctx context.Context, def *pb.Definition, cacheImp } dpc := &detectPrunedCacheID{} - edge, err := Load(def, dpc.Load, ValidateEntitlements(ent), WithCacheSources(cms), NormalizeRuntimePlatforms(), WithValidateCaps()) + edge, err := Load(ctx, def, llbMutator, dpc.Load, ValidateEntitlements(ent), WithCacheSources(cms), NormalizeRuntimePlatforms(), WithValidateCaps()) if err != nil { return nil, nil, errors.Wrap(err, "failed to load LLB") } diff --git a/solver/llbsolver/llbmutator/llbmutator.go b/solver/llbsolver/llbmutator/llbmutator.go new file mode 100644 index 000000000000..cda62b666a0d --- /dev/null +++ b/solver/llbsolver/llbmutator/llbmutator.go @@ -0,0 +1,12 @@ +// Package llbmutator defines the LLBMutator interface +package llbmutator + +import ( + "context" + + "github.com/moby/buildkit/solver/pb" +) + +type LLBMutator interface { + Mutate(ctx context.Context, op *pb.Op) (bool, error) +} diff --git a/solver/llbsolver/solver.go b/solver/llbsolver/solver.go index 61220b475f2b..20df50775c6b 100644 --- a/solver/llbsolver/solver.go +++ b/solver/llbsolver/solver.go @@ -19,6 +19,7 @@ import ( "github.com/moby/buildkit/identity" "github.com/moby/buildkit/session" "github.com/moby/buildkit/solver" + "github.com/moby/buildkit/sourcepolicy" "github.com/moby/buildkit/util/buildinfo" "github.com/moby/buildkit/util/compression" "github.com/moby/buildkit/util/entitlements" @@ -29,7 +30,10 @@ import ( "golang.org/x/sync/errgroup" ) -const keyEntitlements = "llb.entitlements" +const ( + keyEntitlements = "llb.entitlements" + keySourcePolicy = "llb.sourcepolicy" +) type ExporterRequest struct { Exporter exporter.ExporterInstance @@ -104,7 +108,7 @@ func (s *Solver) Bridge(b solver.Builder) frontend.FrontendLLBBridge { } } -func (s *Solver) Solve(ctx context.Context, id string, sessionID string, req frontend.SolveRequest, exp ExporterRequest, ent []entitlements.Entitlement) (*client.SolveResponse, error) { +func (s *Solver) Solve(ctx context.Context, id string, sessionID string, req frontend.SolveRequest, exp ExporterRequest, ent []entitlements.Entitlement, srcPol *sourcepolicy.SourcePolicy) (*client.SolveResponse, error) { j, err := s.solver.NewJob(id) if err != nil { return nil, err @@ -118,6 +122,10 @@ func (s *Solver) Solve(ctx context.Context, id string, sessionID string, req fro } j.SetValue(keyEntitlements, set) + if srcPol != nil { + j.SetValue(keySourcePolicy, *srcPol) + } + j.SessionID = sessionID var res *frontend.Result @@ -491,3 +499,28 @@ func loadEntitlements(b solver.Builder) (entitlements.Set, error) { } return ent, nil } + +func loadSourcePolicy(b solver.Builder) (*sourcepolicy.SourcePolicy, error) { + set := make(map[sourcepolicy.Source]struct{}, 0) + err := b.EachValue(context.TODO(), keySourcePolicy, func(v interface{}) error { + x, ok := v.(sourcepolicy.SourcePolicy) + if !ok { + return errors.Errorf("invalid source policy %T", v) + } + for _, f := range x.Sources { + set[f] = struct{}{} + } + return nil + }) + if err != nil { + return nil, err + } + var srcPol *sourcepolicy.SourcePolicy + if len(set) > 0 { + srcPol = &sourcepolicy.SourcePolicy{} + for k := range set { + srcPol.Sources = append(srcPol.Sources, k) + } + } + return srcPol, nil +} diff --git a/solver/llbsolver/vertex.go b/solver/llbsolver/vertex.go index 4f36c2eddbb3..e27158c7adb4 100644 --- a/solver/llbsolver/vertex.go +++ b/solver/llbsolver/vertex.go @@ -1,11 +1,13 @@ package llbsolver import ( + "context" "fmt" "strings" "github.com/containerd/containerd/platforms" "github.com/moby/buildkit/solver" + "github.com/moby/buildkit/solver/llbsolver/llbmutator" "github.com/moby/buildkit/solver/pb" "github.com/moby/buildkit/source" "github.com/moby/buildkit/util/entitlements" @@ -143,8 +145,8 @@ func (dpc *detectPrunedCacheID) Load(op *pb.Op, md *pb.OpMetadata, opt *solver.V return nil } -func Load(def *pb.Definition, opts ...LoadOpt) (solver.Edge, error) { - return loadLLB(def, func(dgst digest.Digest, pbOp *pb.Op, load func(digest.Digest) (solver.Vertex, error)) (solver.Vertex, error) { +func Load(ctx context.Context, def *pb.Definition, mutator llbmutator.LLBMutator, opts ...LoadOpt) (solver.Edge, error) { + return loadLLB(ctx, def, mutator, func(dgst digest.Digest, pbOp *pb.Op, load func(digest.Digest) (solver.Vertex, error)) (solver.Vertex, error) { opMetadata := def.Metadata[dgst] vtx, err := newVertex(dgst, pbOp, &opMetadata, load, opts...) if err != nil { @@ -187,12 +189,13 @@ func newVertex(dgst digest.Digest, op *pb.Op, opMeta *pb.OpMetadata, load func(d // loadLLB loads LLB. // fn is executed sequentially. -func loadLLB(def *pb.Definition, fn func(digest.Digest, *pb.Op, func(digest.Digest) (solver.Vertex, error)) (solver.Vertex, error)) (solver.Edge, error) { +func loadLLB(ctx context.Context, def *pb.Definition, mutator llbmutator.LLBMutator, fn func(digest.Digest, *pb.Op, func(digest.Digest) (solver.Vertex, error)) (solver.Vertex, error)) (solver.Edge, error) { if len(def.Def) == 0 { return solver.Edge{}, errors.New("invalid empty definition") } allOps := make(map[digest.Digest]*pb.Op) + mutatedDigests := make(map[digest.Digest]digest.Digest) // key: old, val: new var dgst digest.Digest @@ -202,9 +205,33 @@ func loadLLB(def *pb.Definition, fn func(digest.Digest, *pb.Op, func(digest.Dige return solver.Edge{}, errors.Wrap(err, "failed to parse llb proto op") } dgst = digest.FromBytes(dt) + if mutator != nil { + mutated, err := mutator.Mutate(ctx, &op) + if err != nil { + return solver.Edge{}, errors.Wrap(err, "failed to call the LLB Mutator") + } + if mutated { + dtMutated, err := op.Marshal() + if err != nil { + return solver.Edge{}, err + } + dgstMutated := digest.FromBytes(dtMutated) + mutatedDigests[dgst] = dgstMutated + dgst = dgstMutated + } + } allOps[dgst] = &op } + // Rewrite the input digests if some op was mutated + for _, op := range allOps { + for _, inp := range op.Inputs { + if mutatedDgst, ok := mutatedDigests[inp.Digest]; ok { + inp.Digest = mutatedDgst + } + } + } + if len(allOps) < 2 { return solver.Edge{}, errors.Errorf("invalid LLB with %d vertexes", len(allOps)) } diff --git a/solver/pb/caps.go b/solver/pb/caps.go index 1553bfabfb46..41637a5eb72c 100644 --- a/solver/pb/caps.go +++ b/solver/pb/caps.go @@ -80,6 +80,8 @@ const ( CapDiffOp apicaps.CapID = "diffop" CapAnnotations apicaps.CapID = "exporter.image.annotations" + + CapSourcePolicy apicaps.CapID = "source.policy" ) func init() { @@ -440,4 +442,10 @@ func init() { Enabled: true, Status: apicaps.CapStatusExperimental, }) + + Caps.Init(apicaps.Cap{ + ID: CapSourcePolicy, + Enabled: true, + Status: apicaps.CapStatusExperimental, + }) } diff --git a/sourcepolicy/sourcepolicy.go b/sourcepolicy/sourcepolicy.go new file mode 100644 index 000000000000..b7652db116e0 --- /dev/null +++ b/sourcepolicy/sourcepolicy.go @@ -0,0 +1,24 @@ +// Package sourcepolicy provides the source policy types +package sourcepolicy + +import binfotypes "github.com/moby/buildkit/util/buildinfo/types" + +// SourceType defines the source type. +type SourceType = binfotypes.SourceType + +// Source is similar to github.com/moby/buildkit/util/buildinfo/types.Source . +type Source struct { + // Type defines the SourceType source type (docker-image, git, http). + Type SourceType `json:"type,omitempty"` + // Ref is the reference of the source. + Ref string `json:"ref,omitempty"` + // Pin is the source digest. + Pin string `json:"pin,omitempty"` +} + +// SourcePolicy provides pinning information to ensure determinism of sources. +type SourcePolicy struct { + // Sources do not need to cover all the sources. + // Sources may contain unreferenced sources too. + Sources []Source `json:"sources,omitempty"` +} diff --git a/sourcepolicy/sourcepolicyllbmutator/sourcepolicyllbmutator.go b/sourcepolicy/sourcepolicyllbmutator/sourcepolicyllbmutator.go new file mode 100644 index 000000000000..20f80e9b3cef --- /dev/null +++ b/sourcepolicy/sourcepolicyllbmutator/sourcepolicyllbmutator.go @@ -0,0 +1,136 @@ +// Package sourcepolicyllbmutator provides the LLB mutator for applying the source policy. +package sourcepolicyllbmutator + +import ( + "context" + "fmt" + "strings" + + "github.com/containerd/containerd/reference" + "github.com/moby/buildkit/solver/llbsolver/llbmutator" + "github.com/moby/buildkit/solver/pb" + srctypes "github.com/moby/buildkit/source/types" + "github.com/moby/buildkit/sourcepolicy" + "github.com/moby/buildkit/util/bklog" + binfotypes "github.com/moby/buildkit/util/buildinfo/types" + "github.com/moby/buildkit/util/urlutil" + digest "github.com/opencontainers/go-digest" +) + +// New creates a new LLB mutator. May return nil when no mutation is needed. +func New(pol *sourcepolicy.SourcePolicy) (llbmutator.LLBMutator, error) { + if pol == nil { + return nil, nil + } + if len(pol.Sources) == 0 { + return nil, nil + } + for i, f := range pol.Sources { + switch f.Type { + case binfotypes.SourceTypeDockerImage, binfotypes.SourceTypeHTTP, binfotypes.SourceTypeGit: + // NOP + default: + return nil, fmt.Errorf("source policy: source %d: unknown type %q", i, f.Type) + } + } + return &llbMutator{pol: pol}, nil +} + +type llbMutator struct { + pol *sourcepolicy.SourcePolicy +} + +func (lm *llbMutator) Mutate(ctx context.Context, op *pb.Op) (bool, error) { + srcOp := op.GetSource() + if srcOp == nil { + return false, nil + } + ident := srcOp.GetIdentifier() + parts := strings.SplitN(ident, "://", 2) + if len(parts) != 2 { + return false, fmt.Errorf("failed to parse %q", ident) + } + switch parts[0] { + case srctypes.DockerImageScheme: + return lm.mutateDockerImage(ctx, srcOp, parts[0], parts[1]) + case srctypes.HTTPScheme, srctypes.HTTPSScheme: + return lm.mutateHTTP(ctx, srcOp, parts[0], parts[1]) + case srctypes.GitScheme: + // TODO + return false, nil + case srctypes.LocalScheme, srctypes.OCIScheme: + // NOP + return false, nil + default: + return false, fmt.Errorf("source policy applier: unknown source identifier type %q", ident) + } +} + +func (lm *llbMutator) mutateDockerImage(ctx context.Context, srcOp *pb.SourceOp, p0, p1 string) (bool, error) { + var mutated bool + ref, err := reference.Parse(p1) + if err != nil { + return mutated, err + } + // Discard the existing digest that might have been resolved by the Dockerfile frontend's MetaResolver. + tag, _ := reference.SplitObject(ref.Object) + tag = strings.TrimSuffix(tag, "@") + if tag == "" { + tag = "latest" + } + refQuery := ref.Locator + ":" + tag + var hit *sourcepolicy.Source + for _, f := range lm.pol.Sources { + f := f + if f.Type != binfotypes.SourceTypeDockerImage { + continue + } + if f.Ref != refQuery { + continue + } + if hit != nil { + return mutated, fmt.Errorf("found multiple pin entries for %q", refQuery) + } + hit = &f + } + if hit != nil && hit.Pin != "" { + newObj := tag + "@" + hit.Pin + bklog.G(ctx).Debugf("source policy applier: pinning docker-image source %q: %q", refQuery, newObj) + ref.Object = newObj + srcOp.Identifier = p0 + "://" + ref.String() + mutated = true + } + return mutated, nil +} + +func (lm *llbMutator) mutateHTTP(ctx context.Context, srcOp *pb.SourceOp, p0, p1 string) (bool, error) { + var mutated bool + urlQuery := urlutil.RedactCredentials(p0 + "://" + p1) + var hit *sourcepolicy.Source + for _, f := range lm.pol.Sources { + f := f + if f.Type != binfotypes.SourceTypeHTTP { + continue + } + if f.Ref != urlQuery { + continue + } + if hit != nil { + return mutated, fmt.Errorf("found multiple pin entries for %q", urlQuery) + } + hit = &f + } + if hit != nil && hit.Pin != "" { + dgst, err := digest.Parse(hit.Pin) + if err != nil { + return mutated, err + } + bklog.G(ctx).Debugf("source policy applier: pinning http source %q: %q", urlQuery, dgst.String()) + if srcOp.Attrs == nil { + srcOp.Attrs = make(map[string]string) + } + srcOp.Attrs[pb.AttrHTTPChecksum] = dgst.String() + mutated = true + } + return mutated, nil +} diff --git a/sourcepolicy/sourcepolicyllbmutator/sourcepolicyllbmutator_test.go b/sourcepolicy/sourcepolicyllbmutator/sourcepolicyllbmutator_test.go new file mode 100644 index 000000000000..d64bd46fc1c1 --- /dev/null +++ b/sourcepolicy/sourcepolicyllbmutator/sourcepolicyllbmutator_test.go @@ -0,0 +1,136 @@ +package sourcepolicyllbmutator + +import ( + "context" + "testing" + + "github.com/moby/buildkit/solver/pb" + "github.com/moby/buildkit/sourcepolicy" + "github.com/stretchr/testify/require" +) + +func TestLLBMutator(t *testing.T) { + type testCaseOp struct { + op *pb.Op + expected bool + expectedOp *pb.Op + expectedErr string + } + + type testCasePol struct { + pol *sourcepolicy.SourcePolicy + testCases []testCaseOp + } + testCases := []testCasePol{ + { + pol: &sourcepolicy.SourcePolicy{ + Sources: []sourcepolicy.Source{ + { + Type: "docker-image", + Ref: "docker.io/library/busybox:1.34.1-uclibc", + Pin: "sha256:3614ca5eacf0a3a1bcc361c939202a974b4902b9334ff36eb29ffe9011aaad83", + }, + { + Type: "docker-image", + Ref: "docker.io/library/busybox:latest", + Pin: "sha256:3614ca5eacf0a3a1bcc361c939202a974b4902b9334ff36eb29ffe9011aaad83", + }, + { + Type: "http", + Ref: "https://raw.githubusercontent.com/moby/buildkit/v0.10.1/README.md", + Pin: "sha256:6e4b94fc270e708e1068be28bd3551dc6917a4fc5a61293d51bb36e6b75c4b53", + }, + }, + }, + testCases: []testCaseOp{ + { + op: &pb.Op{ + Op: &pb.Op_Source{ + Source: &pb.SourceOp{ + Identifier: "docker-image://docker.io/library/busybox:1.34.1-uclibc", + }, + }, + }, + expected: true, + expectedOp: &pb.Op{ + Op: &pb.Op_Source{ + Source: &pb.SourceOp{ + Identifier: "docker-image://docker.io/library/busybox:1.34.1-uclibc@sha256:3614ca5eacf0a3a1bcc361c939202a974b4902b9334ff36eb29ffe9011aaad83", + }, + }, + }, + }, + { + op: &pb.Op{ + Op: &pb.Op_Source{ + Source: &pb.SourceOp{ + Identifier: "docker-image://docker.io/library/busybox", + }, + }, + }, + expected: true, + expectedOp: &pb.Op{ + Op: &pb.Op_Source{ + Source: &pb.SourceOp{ + Identifier: "docker-image://docker.io/library/busybox:latest@sha256:3614ca5eacf0a3a1bcc361c939202a974b4902b9334ff36eb29ffe9011aaad83", + }, + }, + }, + }, + { + // Discard the existing digest that might have been resolved by the Dockerfile frontend's MetaResolver. + op: &pb.Op{ + Op: &pb.Op_Source{ + Source: &pb.SourceOp{ + Identifier: "docker-image://docker.io/library/busybox:latest@sha256:aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", + }, + }, + }, + expected: true, + expectedOp: &pb.Op{ + Op: &pb.Op_Source{ + Source: &pb.SourceOp{ + Identifier: "docker-image://docker.io/library/busybox:latest@sha256:3614ca5eacf0a3a1bcc361c939202a974b4902b9334ff36eb29ffe9011aaad83", + }, + }, + }, + }, + { + op: &pb.Op{ + Op: &pb.Op_Source{ + Source: &pb.SourceOp{ + Identifier: "https://raw.githubusercontent.com/moby/buildkit/v0.10.1/README.md", + }, + }, + }, + expected: true, + expectedOp: &pb.Op{ + Op: &pb.Op_Source{ + Source: &pb.SourceOp{ + Identifier: "https://raw.githubusercontent.com/moby/buildkit/v0.10.1/README.md", + Attrs: map[string]string{ + pb.AttrHTTPChecksum: "sha256:6e4b94fc270e708e1068be28bd3551dc6917a4fc5a61293d51bb36e6b75c4b53", + }, + }, + }, + }, + }, + }, + }, + } + for _, tcPol := range testCases { + ctx := context.TODO() + lm, err := New(tcPol.pol) + require.NoError(t, err) + for _, tcOp := range tcPol.testCases { + op := *tcOp.op + mutated, err := lm.Mutate(ctx, &op) + if tcOp.expectedErr != "" { + require.Error(t, err, tcOp.expectedErr) + } else { + require.Equal(t, tcOp.expected, mutated) + require.Equal(t, tcOp.expectedOp, &op) + } + } + } +}