tektoncd · nistar · Jul 31, 2024 · Aug 1, 2024 · Aug 5, 2024 · Aug 13, 2024
diff --git a/pkg/artifacts/signable.go b/pkg/artifacts/signable.go
@@ -211,8 +211,15 @@ func ExtractOCIImagesFromResults(ctx context.Context, results []objects.Result)
 		digestSuffix: OCIImageDigestResultName,
 		isValid:      hasImageRequirements,
 	}
+
+	cfg := config.FromContext(ctx)
+	var opts []name.Option
+	if cfg.Storage.OCI.Insecure {
+		opts = append(opts, name.Insecure)
+	}
+
 	for _, s := range extractor.extract(ctx, results) {
-		dgst, err := name.NewDigest(fmt.Sprintf("%s@%s", s.URI, s.Digest))
+		dgst, err := name.NewDigest(fmt.Sprintf("%s@%s", s.URI, s.Digest), opts...)
 		if err != nil {
 			logger.Errorf("error getting digest: %v", err)
 			continue

diff --git a/pkg/chains/constants.go b/pkg/chains/constants.go
@@ -14,24 +14,36 @@ limitations under the License.
 package chains
 
 const (
-	SignedMessagesCount     = "sgcount"
-	SignsStoredCount        = "stcount"
-	PayloadUploadeCount     = "plcount"
-	MarkedAsSignedCount     = "mrcount"
-	PipelineRunSignedName   = "pipelinerun_sign_created_total"
-	PipelineRunSignedDesc   = "Total number of signed messages for pipelineruns"
-	PipelineRunUploadedName = "pipelinerun_payload_uploaded_total"
-	PipelineRunUploadedDesc = "Total number of uploaded payloads for pipelineruns"
-	PipelineRunStoredName   = "pipelinerun_payload_stored_total"
-	PipelineRunStoredDesc   = "Total number of stored payloads for pipelineruns"
-	PipelineRunMarkedName   = "pipelinerun_marked_signed_total"
-	PipelineRunMarkedDesc   = "Total number of objects marked as signed for pipelineruns"
-	TaskRunSignedName       = "taskrun_sign_created_total"
-	TaskRunSignedDesc       = "Total number of signed messages for taskruns"
-	TaskRunUploadedName     = "taskrun_payload_uploaded_total"
-	TaskRunUploadedDesc     = "Total number of uploaded payloads for taskruns"
-	TaskRunStoredName       = "taskrun_payload_stored_total"
-	TaskRunStoredDesc       = "Total number of stored payloads for taskruns"
-	TaskRunMarkedName       = "taskrun_marked_signed_total"
-	TaskRunMarkedDesc       = "Total number of objects marked as signed for taskruns"
+	SignedMessagesCount                      = "sgcount"
+	SignsStoredCount                         = "stcount"
+	PayloadUploadeCount                      = "plcount"
+	MarkedAsSignedCount                      = "mrcount"
+	SignedMessagesCountPerNamespace          = "sgcountns"
+	SignsStoredCountPerNamespace             = "stcountns"
+	PayloadUploadeCountPerNamespace          = "plcountns"
+	MarkedAsSignedCountPerNamespace          = "mrcountns"
+	PipelineRunSignedName                    = "pipelinerun_sign_created_total"
+	PipelineRunSignedDesc                    = "Total number of signed messages for pipelineruns"
+	PipelineRunUploadedName                  = "pipelinerun_payload_uploaded_total"
+	PipelineRunUploadedDesc                  = "Total number of uploaded payloads for pipelineruns"
+	PipelineRunStoredName                    = "pipelinerun_payload_stored_total"
+	PipelineRunStoredDesc                    = "Total number of stored payloads for pipelineruns"
+	PipelineRunMarkedName                    = "pipelinerun_marked_signed_total"
+	PipelineRunMarkedDesc                    = "Total number of objects marked as signed for pipelineruns"
+	PipelineRunSignedMsgPerNamespace         = "pipelinerun_signed_messages"
+	PipelineRunSignedMsgDescPerNamespace     = "Namespace aware number of signed messages for pipelineruns"
+	PipelineRunUplPayloadPerNamespace        = "pipelinerun_payload_uploaded"
+	PipelineRunUplPayloadDescPerNamespace    = "Namespace aware number of uploaded payloads for pipelineruns"
+	PipelineRunPayloadStoredPerNamespace     = "pipelinerun_payload_stored"
+	PipelineRunPayloadStoredDescPerNamespace = "Namespace aware number of stored payloads for pipelineruns"
+	PipelineRunMarkedSignedPerNamespace      = "pipelinerun_marked_signed"
+	PipelineRunMarkedDSigneDescPerNamespace  = "Namespace aware number of objects marked as signed for pipelineruns"
+	TaskRunSignedName                        = "taskrun_sign_created_total"
+	TaskRunSignedDesc                        = "Total number of signed messages for taskruns"
+	TaskRunUploadedName                      = "taskrun_payload_uploaded_total"
+	TaskRunUploadedDesc                      = "Total number of uploaded payloads for taskruns"
+	TaskRunStoredName                        = "taskrun_payload_stored_total"
+	TaskRunStoredDesc                        = "Total number of stored payloads for taskruns"
+	TaskRunMarkedName                        = "taskrun_marked_signed_total"
+	TaskRunMarkedDesc                        = "Total number of objects marked as signed for taskruns"
 )
diff --git a/pkg/chains/storage/oci/legacy.go b/pkg/chains/storage/oci/legacy.go
@@ -119,8 +119,13 @@ func (b *Backend) uploadSignature(ctx context.Context, format simple.SimpleConta
 
 	imageName := format.ImageName()
 	logger.Infof("Uploading %s signature", imageName)
+	cfg := config.FromContext(ctx)
+	var opts []name.Option
+	if cfg.Storage.OCI.Insecure {
+		opts = append(opts, name.Insecure)
+	}
 
-	ref, err := name.NewDigest(imageName)
+	ref, err := name.NewDigest(imageName, opts...)
 	if err != nil {
 		return errors.Wrap(err, "getting digest")
 	}
@@ -154,13 +159,18 @@ func (b *Backend) uploadSignature(ctx context.Context, format simple.SimpleConta
 
 func (b *Backend) uploadAttestation(ctx context.Context, attestation *intoto.Statement, signature string, storageOpts config.StorageOpts, remoteOpts ...remote.Option) error {
 	logger := logging.FromContext(ctx)
+	cfg := config.FromContext(ctx)
+	var opts []name.Option
+	if cfg.Storage.OCI.Insecure {
+		opts = append(opts, name.Insecure)
+	}
+
 	// upload an attestation for each subject
 	logger.Info("Starting to upload attestations to OCI ...")
 	for _, subj := range attestation.Subject {
 		imageName := fmt.Sprintf("%s@sha256:%s", subj.Name, subj.Digest["sha256"])
 		logger.Infof("Starting attestation upload to OCI for %s...", imageName)
-
-		ref, err := name.NewDigest(imageName)
+		ref, err := name.NewDigest(imageName, opts...)
 		if err != nil {
 			return errors.Wrapf(err, "getting digest for subj %s", imageName)
 		}

diff --git a/pkg/pipelinerunmetrics/metrics.go b/pkg/pipelinerunmetrics/metrics.go
@@ -23,8 +23,10 @@ import (
 	"github.com/tektoncd/chains/pkg/chains"
 	"go.opencensus.io/stats"
 	"go.opencensus.io/stats/view"
+	"go.opencensus.io/tag"
 	"knative.dev/pkg/logging"
 	"knative.dev/pkg/metrics"
+	"knative.dev/pkg/metrics/metricskey"
 )
 
 var (
@@ -51,6 +53,35 @@ var (
 		stats.UnitDimensionless)
 
 	mrCountView *view.View
+
+	sgCountNS = stats.Float64(chains.PipelineRunSignedMsgPerNamespace,
+		chains.PipelineRunSignedMsgDescPerNamespace,
+		stats.UnitDimensionless)
+
+	sgCountViewNS *view.View
+
+	plCountNS = stats.Float64(chains.PipelineRunUplPayloadPerNamespace,
+		chains.PipelineRunUplPayloadDescPerNamespace,
+		stats.UnitDimensionless)
+
+	plCountViewNS *view.View
+
+	stCountNS = stats.Float64(chains.PipelineRunPayloadStoredPerNamespace,
+		chains.PipelineRunPayloadStoredDescPerNamespace,
+		stats.UnitDimensionless)
+
+	stCountViewNS *view.View
+
+	mrCountNS = stats.Float64(chains.PipelineRunMarkedSignedPerNamespace,
+		chains.PipelineRunMarkedDSigneDescPerNamespace,
+		stats.UnitDimensionless)
+
+	mrCountViewNS *view.View
+
+	// NamespaceTagKey marks metrics with a namespace.
+	NamespaceTagKey = tag.MustNewKey(metricskey.LabelNamespaceName)
+
+	successTagKey = tag.MustNewKey("success")
 )
 
 // Recorder holds keys for Tekton metrics
@@ -71,6 +102,7 @@ var (
 func NewRecorder(ctx context.Context) (*Recorder, error) {
 	var errRegistering error
 	logger := logging.FromContext(ctx)
+
 	once.Do(func() {
 		r = &Recorder{
 			initialized: true,
@@ -110,11 +142,44 @@ func viewRegister() error {
 		Measure:     mrCount,
 		Aggregation: view.Count(),
 	}
+
+	sgCountViewNS = &view.View{
+		Description: sgCountNS.Description(),
+		Measure:     sgCountNS,
+		Aggregation: view.Count(),
+		TagKeys:     []tag.Key{NamespaceTagKey, successTagKey},
+	}
+
+	plCountViewNS = &view.View{
+		Description: plCountNS.Description(),
+		Measure:     plCountNS,
+		Aggregation: view.Count(),
+		TagKeys:     []tag.Key{NamespaceTagKey, successTagKey},
+	}
+
+	stCountViewNS = &view.View{
+		Description: stCountNS.Description(),
+		Measure:     stCountNS,
+		Aggregation: view.Count(),
+		TagKeys:     []tag.Key{NamespaceTagKey, successTagKey},
+	}
+
+	mrCountViewNS = &view.View{
+		Description: mrCountNS.Description(),
+		Measure:     mrCountNS,
+		Aggregation: view.Count(),
+		TagKeys:     []tag.Key{NamespaceTagKey, successTagKey},
+	}
+
 	return view.Register(
 		sgCountView,
 		plCountView,
 		stCountView,
 		mrCountView,
+		sgCountViewNS,
+		plCountViewNS,
+		stCountViewNS,
+		mrCountViewNS,
 	)
 }
 
@@ -133,6 +198,14 @@ func (r *Recorder) RecordCountMetrics(ctx context.Context, metricType string) {
 		r.countMetrics(ctx, stCount)
 	case chains.MarkedAsSignedCount:
 		r.countMetrics(ctx, mrCount)
+	case chains.SignedMessagesCountPerNamespace:
+		r.countMetrics(ctx, sgCountNS)
+	case chains.PayloadUploadeCountPerNamespace:
+		r.countMetrics(ctx, plCountNS)
+	case chains.SignsStoredCountPerNamespace:
+		r.countMetrics(ctx, stCountNS)
+	case chains.MarkedAsSignedCountPerNamespace:
+		r.countMetrics(ctx, mrCountNS)
 	default:
 		logger.Errorf("Ignoring the metrics recording as valid Metric type matching %v was not found", mt)
 	}