add slsaprovenance02 type

Signed-off-by: Canaan Silberberg <[email protected]>
sigstore · Sep 6, 2023 · 1ac71d7 · 1ac71d7
1 parent 700ae02
commit 1ac71d7
Show file tree

Hide file tree

Showing 6 changed files with 12 additions and 8 deletions.
diff --git a/cmd/cosign/cli/options/predicate.go b/cmd/cosign/cli/options/predicate.go
@@ -31,6 +31,7 @@ import (
 const (
 	PredicateCustom    = "custom"
 	PredicateSLSA      = "slsaprovenance"
+	PredicateSLSA02    = "slsaprovenance02"
 	PredicateSLSA1     = "slsaprovenance1"
 	PredicateSPDX      = "spdx"
 	PredicateSPDXJSON  = "spdxjson"
@@ -43,6 +44,7 @@ const (
 var PredicateTypeMap = map[string]string{
 	PredicateCustom:    attestation.CosignCustomProvenanceV01,
 	PredicateSLSA:      slsa02.PredicateSLSAProvenance,
+	PredicateSLSA02:    slsa02.PredicateSLSAProvenance,
 	PredicateSLSA1:     slsa1.PredicateSLSAProvenance,
 	PredicateSPDX:      in_toto.PredicateSPDX,
 	PredicateSPDXJSON:  in_toto.PredicateSPDX,
@@ -61,7 +63,7 @@ var _ Interface = (*PredicateOptions)(nil)
 // AddFlags implements Interface
 func (o *PredicateOptions) AddFlags(cmd *cobra.Command) {
 	cmd.Flags().StringVar(&o.Type, "type", "custom",
-		"specify a predicate type (slsaprovenance|slsaprovenance1|link|spdx|spdxjson|cyclonedx|vuln|custom) or an URI")
+		"specify a predicate type (slsaprovenance|slsaprovenance02|slsaprovenance1|link|spdx|spdxjson|cyclonedx|vuln|custom) or an URI")
 }
 
 // ParsePredicateType parses the predicate `type` flag passed into a predicate URI, or validates `type` is a valid URI.

diff --git a/doc/cosign_attest-blob.md b/doc/cosign_attest-blob.md
diff --git a/doc/cosign_attest.md b/doc/cosign_attest.md
diff --git a/doc/cosign_verify-attestation.md b/doc/cosign_verify-attestation.md
diff --git a/doc/cosign_verify-blob-attestation.md b/doc/cosign_verify-blob-attestation.md
diff --git a/pkg/cosign/attestation/attestation.go b/pkg/cosign/attestation/attestation.go
@@ -100,7 +100,7 @@ type GenerateOpts struct {
 }
 
 // GenerateStatement returns an in-toto statement based on the provided
-// predicate type (custom|slsaprovenance|slsaprovenance1|spdx|spdxjson|cyclonedx|link).
+// predicate type (custom|slsaprovenance|slsaprovenance02|slsaprovenance1|spdx|spdxjson|cyclonedx|link).
 func GenerateStatement(opts GenerateOpts) (interface{}, error) {
 	predicate, err := io.ReadAll(opts.Predicate)
 	if err != nil {
@@ -109,7 +109,9 @@ func GenerateStatement(opts GenerateOpts) (interface{}, error) {
 
 	switch opts.Type {
 	case "slsaprovenance":
-		return generateSLSAProvenanceStatement(predicate, opts.Digest, opts.Repo)
+		return generateSLSAProvenanceStatementSLSA02(predicate, opts.Digest, opts.Repo)
+	case "slsaprovenance02":
+		return generateSLSAProvenanceStatementSLSA02(predicate, opts.Digest, opts.Repo)
 	case "slsaprovenance1":
 		return generateSLSAProvenanceStatementSLSA1(predicate, opts.Digest, opts.Repo)
 	case "spdx":
@@ -201,7 +203,7 @@ func generateCustomPredicate(rawPayload []byte, customType, timestamp string) (i
 	return result, nil
 }
 
-func generateSLSAProvenanceStatement(rawPayload []byte, digest string, repo string) (interface{}, error) {
+func generateSLSAProvenanceStatementSLSA02(rawPayload []byte, digest string, repo string) (interface{}, error) {
 	var predicate slsa02.ProvenancePredicate
 	err := checkRequiredJSONFields(rawPayload, reflect.TypeOf(predicate))
 	if err != nil {