-
Notifications
You must be signed in to change notification settings - Fork 537
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Support for fetching Fulcio certs with self-managed key #2532
Conversation
Codecov Report
📣 This organization is not using Codecov’s GitHub App Integration. We recommend you install it so Codecov can continue to function properly for your repositories. Learn more @@ Coverage Diff @@
## main #2532 +/- ##
==========================================
+ Coverage 30.00% 30.27% +0.27%
==========================================
Files 146 146
Lines 9299 9323 +24
==========================================
+ Hits 2790 2823 +33
+ Misses 6077 6063 -14
- Partials 432 437 +5
Help us with your feedback. Take ten seconds to tell us how you rate us. Have a feature suggestion? Share it here. |
3251570
to
0b3c6ea
Compare
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Thanks for working on this!
Can you also show that this has been tested in a PR comment? I'd try calling sign and verify with various key types
703b4d7
to
8c39c6b
Compare
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This looks great! Can we just add some unit tests for NewSigner
8c39c6b
to
fd6b921
Compare
I'm rebasing this PR and adding tests |
Thanks @haydentherapper. I was planning to take this up this weekend. But I will appreciate the help as I'm not familiar with adding tests. |
@AnishShah, I added some tests for |
Thanks @haydentherapper. Tests LGTM. I had also added e2e test. Let me know if you have any feedback on that. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
It looks good, thanks!
Oh huh, I didn't know I could approve a PR that I contributed to. That seems...risky. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Thank you so much for this change! A few nits (docs, naming, refactoring). LMK if you think they make sense.
a7aa5b7
to
89eac5a
Compare
@znewman01 @haydentherapper Ready for another review. PTAL. |
@AnishShah, I don't see the changes that @znewman01 suggested. |
Hmm not sure. You don't see last two commits - "Refactor sign.SignerFromKeyOpts"? |
Sorry, i do see that now! Will take a look |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Nice work on this! Thanks for making the changes.
Cc @znewman01 for approval and merge
@AnishShah youll just need to merge or rebase from HEAD too |
Added a new flag --issue-certificate to sign commands that allows users to fetch Fulcio certificate with self-managed key Signed-off-by: Anish Shah <anishshah@google.com>
Signed-off-by: Hayden Blauzvern <hblauzvern@google.com>
@haydentherapper Done |
Just one issue, |
Signed-off-by: Hayden Blauzvern <hblauzvern@google.com>
Signed-off-by: Hayden Blauzvern <hblauzvern@google.com>
Signed-off-by: Anish Shah <anishshah@google.com>
Signed-off-by: Anish Shah <anishshah@google.com>
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This change is great, thank you so much! Code looks better than when you started 😄
* Support for fetching Fulcio certs with self-managed key Added a new flag --issue-certificate to sign commands that allows users to fetch Fulcio certificate with self-managed key Signed-off-by: Anish Shah <anishshah@google.com> * add tests for newsigner Signed-off-by: Hayden Blauzvern <hblauzvern@google.com> * Fix lint and nit Signed-off-by: Hayden Blauzvern <hblauzvern@google.com> * remove commented out code Signed-off-by: Hayden Blauzvern <hblauzvern@google.com> * Refactor sign.SignerFromKeyOpts Signed-off-by: Anish Shah <anishshah@google.com> * Fix lint issues Signed-off-by: Anish Shah <anishshah@google.com> --------- Signed-off-by: Anish Shah <anishshah@google.com> Signed-off-by: Hayden Blauzvern <hblauzvern@google.com> Co-authored-by: Hayden Blauzvern <hblauzvern@google.com>
Summary
Added a new flag --issue-certificate to sign commands that allows users to fetch Fulcio certificate with self-managed key
Fixes #2398
Release Note
Documentation
Yes