search

in-toto / archivista

Archivista is a graph and storage service for in-toto attestations. Archivista enables the discovery and retrieval of attestations for software artifacts.
Apache License 2.0
56 stars 24 forks source link

[Feat]: `archvistactl` feature to import attestations and store to Archivista #319

Open kairoaraujo opened 1 month ago

kairoaraujo commented 1 month ago

Describe the solution you'd like:

This feature enables Archivista users to import attestations (bulk) and store them in the Archivista Service

User value:

Users that already have attestations will be able to import them and store them in Archivista easily

Expected behavior:

Users can give a local folder or a s3 bucket URL and import all Attestations in Archivista.

Proposed solution:

Implement archivistactl import sub-command with options:

--from-s3 [s3-bucket-url] --from-dir [dir]

Testing changes required:

Does it need to identify duplicated entries?

kriscoleman commented 1 month ago

We want to be able to use this to help a customer resolve a compromised database: if the database was compromised they should be able to bulk import all of the attestations back into the archivista database (or essentially, re-index).

We can also leverage this to do a more scalable attestation migration than make load-attestations

we should not use the HTTP upload endpoint to achieve this