Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Support for fetching Fulcio certs with self-managed key #2532

Merged
merged 6 commits into from
Feb 8, 2023
Merged

Support for fetching Fulcio certs with self-managed key #2532

merged 6 commits into from
Feb 8, 2023

Conversation

AnishShah
Copy link
Contributor

@AnishShah AnishShah commented Dec 10, 2022
edited
Loading

Summary

Added a new flag --issue-certificate to sign commands that allows users to fetch Fulcio certificate with self-managed key

Fixes #2398

Release Note

Added a new flag `--issue-certificate` in sign commands that allows users to fetch Fulcio certificate with a self-managed key.

Documentation

Yes

@codecov-commenter
Copy link

codecov-commenter commented Dec 10, 2022
edited
Loading

Codecov Report

Merging #2532 (340a823) into main (4797501) will increase coverage by 0.27%.
The diff coverage is 15.38%.

📣 This organization is not using Codecov’s GitHub App Integration. We recommend you install it so Codecov can continue to function properly for your repositories. Learn more

@@            Coverage Diff             @@
##             main    #2532      +/-   ##
==========================================
+ Coverage   30.00%   30.27%   +0.27%     
==========================================
  Files         146      146              
  Lines        9299     9323      +24     
==========================================
+ Hits         2790     2823      +33     
+ Misses       6077     6063      -14     
- Partials      432      437       +5
Impacted Files Coverage Δ
cmd/cosign/cli/options/sign.go 0.00% <0.00%> (ø)
cmd/cosign/cli/options/signblob.go 0.00% <0.00%> (ø)
cmd/cosign/cli/sign.go 0.00% <0.00%> (ø)
cmd/cosign/cli/sign/sign.go 14.88% <0.00%> (-0.91%) ⬇️
cmd/cosign/cli/signblob.go 0.00% <0.00%> (ø)
cmd/cosign/cli/fulcio/fulcio.go 45.00% <77.77%> (+28.46%) ⬆️

Help us with your feedback. Take ten seconds to tell us how you rate us. Have a feature suggestion? Share it here.

@AnishShah AnishShah force-pushed the issue-2398 branch 6 times, most recently from 3251570 to 0b3c6ea Compare December 11, 2022 02:58
haydentherapper
haydentherapper requested changes Dec 12, 2022
View reviewed changes
Copy link
Contributor

@haydentherapper haydentherapper left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks for working on this!

Can you also show that this has been tested in a PR comment? I'd try calling sign and verify with various key types

cmd/cosign/cli/options/key.go Show resolved Hide resolved
cmd/cosign/cli/sign/sign.go Outdated Show resolved Hide resolved
cmd/cosign/cli/options/signblob.go Outdated Show resolved Hide resolved
cmd/cosign/cli/fulcio/fulcio.go Outdated Show resolved Hide resolved
cmd/cosign/cli/fulcio/fulcio.go Outdated Show resolved Hide resolved
cmd/cosign/cli/fulcio/fulcio.go Show resolved Hide resolved
cmd/cosign/cli/fulcio/fulcio.go Outdated Show resolved Hide resolved
cmd/cosign/cli/fulcio/fulcio.go Outdated Show resolved Hide resolved
cmd/cosign/cli/fulcio/fulcio.go Outdated Show resolved Hide resolved
@AnishShah AnishShah force-pushed the issue-2398 branch 4 times, most recently from 703b4d7 to 8c39c6b Compare December 13, 2022 07:42
haydentherapper
haydentherapper reviewed Dec 13, 2022
View reviewed changes
Copy link
Contributor

@haydentherapper haydentherapper left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This looks great! Can we just add some unit tests for NewSigner

cmd/cosign/cli/sign/sign.go Show resolved Hide resolved
@haydentherapper
Copy link
Contributor

I'm rebasing this PR and adding tests

@AnishShah
Copy link
Contributor Author

Thanks @haydentherapper. I was planning to take this up this weekend. But I will appreciate the help as I'm not familiar with adding tests.

@haydentherapper
Copy link
Contributor

@AnishShah, I added some tests for NewSigner, feel free to make any other updates! Thanks!

@AnishShah
Copy link
Contributor Author

Thanks @haydentherapper. Tests LGTM. I had also added e2e test. Let me know if you have any feedback on that.

haydentherapper
haydentherapper previously approved these changes Jan 12, 2023
View reviewed changes
Copy link
Contributor

@haydentherapper haydentherapper left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

It looks good, thanks!

@haydentherapper
Copy link
Contributor

Oh huh, I didn't know I could approve a PR that I contributed to. That seems...risky.

znewman01
znewman01 suggested changes Jan 14, 2023
View reviewed changes
Copy link
Contributor

@znewman01 znewman01 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thank you so much for this change! A few nits (docs, naming, refactoring). LMK if you think they make sense.

cmd/cosign/cli/options/sign.go Outdated Show resolved Hide resolved
cmd/cosign/cli/fulcio/fulcio.go Outdated Show resolved Hide resolved
cmd/cosign/cli/sign/sign.go Show resolved Hide resolved
cmd/cosign/cli/options/signblob.go Outdated Show resolved Hide resolved
cmd/cosign/cli/options/key.go Outdated Show resolved Hide resolved
@AnishShah AnishShah force-pushed the issue-2398 branch 3 times, most recently from a7aa5b7 to 89eac5a Compare January 22, 2023 23:17
@AnishShah
Copy link
Contributor Author

@znewman01 @haydentherapper Ready for another review. PTAL.

@haydentherapper
Copy link
Contributor

@AnishShah, I don't see the changes that @znewman01 suggested.

@AnishShah
Copy link
Contributor Author

Hmm not sure. You don't see last two commits - "Refactor sign.SignerFromKeyOpts"?

@haydentherapper
Copy link
Contributor

Sorry, i do see that now! Will take a look

haydentherapper
haydentherapper previously approved these changes Feb 2, 2023
View reviewed changes
Copy link
Contributor

@haydentherapper haydentherapper left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Nice work on this! Thanks for making the changes.

Cc @znewman01 for approval and merge

@haydentherapper
Copy link
Contributor

@AnishShah youll just need to merge or rebase from HEAD too

AnishShah and others added 2 commits February 2, 2023 18:49
@AnishShah
Support for fetching Fulcio certs with self-managed key
ec694ed 
Added a new flag --issue-certificate to sign commands that allows users
to fetch Fulcio certificate with self-managed key

Signed-off-by: Anish Shah <anishshah@google.com>
@haydentherapper @AnishShah
add tests for newsigner
8f78817 
Signed-off-by: Hayden Blauzvern <hblauzvern@google.com>
@AnishShah
Copy link
Contributor Author

@haydentherapper Done

@haydentherapper
Copy link
Contributor

Just one issue, cmd/cosign/cli/sign/sign.go:536:6: undefined: ui.Info

haydentherapper and others added 4 commits February 2, 2023 18:58
@haydentherapper @AnishShah
Fix lint and nit
c64789d 
Signed-off-by: Hayden Blauzvern <hblauzvern@google.com>
@haydentherapper @AnishShah
remove commented out code
3e0e9c2 
Signed-off-by: Hayden Blauzvern <hblauzvern@google.com>
@AnishShah
Refactor sign.SignerFromKeyOpts
bbe307a 
Signed-off-by: Anish Shah <anishshah@google.com>
@AnishShah
Fix lint issues
340a823 
Signed-off-by: Anish Shah <anishshah@google.com>
znewman01
znewman01 approved these changes Feb 8, 2023
View reviewed changes
Copy link
Contributor

@znewman01 znewman01 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This change is great, thank you so much! Code looks better than when you started 😄

@znewman01 znewman01 merged commit abb50cf into sigstore:main Feb 8, 2023
@github-actions github-actions bot added this to the v1.14.0 milestone Feb 8, 2023
@AnishShah AnishShah deleted the issue-2398 branch February 9, 2023 00:00
dmitris pushed a commit to dmitris/cosign that referenced this pull request Mar 24, 2023
@AnishShah @haydentherapper @dmitris
Support for fetching Fulcio certs with self-managed key (sigstore#2532)
5602453 
* Support for fetching Fulcio certs with self-managed key

Added a new flag --issue-certificate to sign commands that allows users
to fetch Fulcio certificate with self-managed key

Signed-off-by: Anish Shah <anishshah@google.com>

* add tests for newsigner

Signed-off-by: Hayden Blauzvern <hblauzvern@google.com>

* Fix lint and nit

Signed-off-by: Hayden Blauzvern <hblauzvern@google.com>

* remove commented out code

Signed-off-by: Hayden Blauzvern <hblauzvern@google.com>

* Refactor sign.SignerFromKeyOpts

Signed-off-by: Anish Shah <anishshah@google.com>

* Fix lint issues

Signed-off-by: Anish Shah <anishshah@google.com>

---------

Signed-off-by: Anish Shah <anishshah@google.com>
Signed-off-by: Hayden Blauzvern <hblauzvern@google.com>
Co-authored-by: Hayden Blauzvern <hblauzvern@google.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@znewman01 znewman01 znewman01 approved these changes

@haydentherapper haydentherapper haydentherapper approved these changes

@asraa asraa Awaiting requested review from asraa

@priyawadhwa priyawadhwa Awaiting requested review from priyawadhwa

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
v1.14.0
Development

Successfully merging this pull request may close these issues.

Support fetching a Fulcio certificate with a managed key
4 participants
@AnishShah @codecov-commenter @haydentherapper @znewman01