mirror of
https://github.com/edgelesssys/constellation.git
synced 2025-05-04 23:35:11 -04:00
config: sign Azure versions on upload & verify on fetch (#1836)
* add SignContent() + integrate into configAPI * use static client for upload versions tool; fix staticupload calleeReference bug * use version to get proper cosign pub key. * mock fetcher in CLI tests * only provide config.New constructor with fetcher Co-authored-by: Otto Bittner <cobittner@posteo.net> Co-authored-by: Daniel Weiße <66256922+daniel-weisse@users.noreply.github.com>
This commit is contained in:
Adrian Stobbe
GitHub
parent
e0285c122e
commit
b51cc52945
55 changed files with 752 additions and 308 deletions
|
|
@ -135,6 +135,7 @@ go_test(
|
|||
"//cli/internal/terraform",
|
||||
"//cli/internal/upgrade",
|
||||
"//disk-mapper/recoverproto",
|
||||
"//internal/api/configapi",
|
||||
"//internal/api/versionsapi",
|
||||
"//internal/atls",
|
||||
"//internal/attestation/measurements",
|
||||
|
|
|
|||
|
|
@ -15,6 +15,7 @@ import (
|
|||
"time"
|
||||
|
||||
"github.com/edgelesssys/constellation/v2/cli/internal/featureset"
|
||||
"github.com/edgelesssys/constellation/v2/internal/api/fetcher"
|
||||
"github.com/edgelesssys/constellation/v2/internal/api/versionsapi"
|
||||
"github.com/edgelesssys/constellation/v2/internal/attestation/measurements"
|
||||
"github.com/edgelesssys/constellation/v2/internal/config"
|
||||
|
|
@ -64,12 +65,13 @@ func runConfigFetchMeasurements(cmd *cobra.Command, _ []string) error {
|
|||
}
|
||||
cfm := &configFetchMeasurementsCmd{log: log, canFetchMeasurements: featureset.CanFetchMeasurements}
|
||||
|
||||
return cfm.configFetchMeasurements(cmd, sigstore.CosignVerifier{}, rekor, fileHandler, http.DefaultClient)
|
||||
fetcher := fetcher.NewConfigAPIFetcherWithClient(http.DefaultClient)
|
||||
return cfm.configFetchMeasurements(cmd, sigstore.CosignVerifier{}, rekor, fileHandler, fetcher, http.DefaultClient)
|
||||
}
|
||||
|
||||
func (cfm *configFetchMeasurementsCmd) configFetchMeasurements(
|
||||
cmd *cobra.Command, cosign cosignVerifier, rekor rekorVerifier,
|
||||
fileHandler file.Handler, client *http.Client,
|
||||
fileHandler file.Handler, fetcher fetcher.ConfigAPIFetcher, client *http.Client,
|
||||
) error {
|
||||
flags, err := cfm.parseFetchMeasurementsFlags(cmd)
|
||||
if err != nil {
|
||||
|
|
@ -83,7 +85,8 @@ func (cfm *configFetchMeasurementsCmd) configFetchMeasurements(
|
|||
}
|
||||
|
||||
cfm.log.Debugf("Loading configuration file from %q", flags.configPath)
|
||||
conf, err := config.NewWithClient(fileHandler, flags.configPath, client, flags.force)
|
||||
|
||||
conf, err := config.New(fileHandler, flags.configPath, fetcher, flags.force)
|
||||
var configValidationErr *config.ValidationError
|
||||
if errors.As(err, &configValidationErr) {
|
||||
cmd.PrintErrln(configValidationErr.LongMessage())
|
||||
|
|
@ -110,6 +113,7 @@ func (cfm *configFetchMeasurementsCmd) configFetchMeasurements(
|
|||
if err != nil {
|
||||
return err
|
||||
}
|
||||
|
||||
var fetchedMeasurements measurements.M
|
||||
hash, err := fetchedMeasurements.FetchAndVerify(
|
||||
ctx, client, cosign,
|
||||
|
|
|
|||
|
|
@ -8,6 +8,7 @@ package cmd
|
|||
|
||||
import (
|
||||
"bytes"
|
||||
"context"
|
||||
"errors"
|
||||
"fmt"
|
||||
"io"
|
||||
|
|
@ -15,6 +16,7 @@ import (
|
|||
"net/url"
|
||||
"testing"
|
||||
|
||||
"github.com/edgelesssys/constellation/v2/internal/api/configapi"
|
||||
"github.com/edgelesssys/constellation/v2/internal/api/versionsapi"
|
||||
"github.com/edgelesssys/constellation/v2/internal/cloud/cloudprovider"
|
||||
"github.com/edgelesssys/constellation/v2/internal/config"
|
||||
|
|
@ -279,7 +281,7 @@ func TestConfigFetchMeasurements(t *testing.T) {
|
|||
require.NoError(err)
|
||||
cfm := &configFetchMeasurementsCmd{canFetchMeasurements: true, log: logger.NewTest(t)}
|
||||
|
||||
err = cfm.configFetchMeasurements(cmd, tc.cosign, tc.rekor, fileHandler, client)
|
||||
err = cfm.configFetchMeasurements(cmd, tc.cosign, tc.rekor, fileHandler, fakeConfigFetcher{}, client)
|
||||
if tc.wantErr {
|
||||
assert.Error(err)
|
||||
return
|
||||
|
|
@ -288,3 +290,28 @@ func TestConfigFetchMeasurements(t *testing.T) {
|
|||
})
|
||||
}
|
||||
}
|
||||
|
||||
type fakeConfigFetcher struct{}
|
||||
|
||||
func (f fakeConfigFetcher) FetchAzureSEVSNPVersionList(_ context.Context, _ configapi.AzureSEVSNPVersionList) (configapi.AzureSEVSNPVersionList, error) {
|
||||
return configapi.AzureSEVSNPVersionList(
|
||||
[]string{},
|
||||
), nil
|
||||
}
|
||||
|
||||
func (f fakeConfigFetcher) FetchAzureSEVSNPVersion(_ context.Context, _ configapi.AzureSEVSNPVersionGet, _ versionsapi.Version) (configapi.AzureSEVSNPVersionGet, error) {
|
||||
return configapi.AzureSEVSNPVersionGet{
|
||||
AzureSEVSNPVersion: testCfg,
|
||||
}, nil
|
||||
}
|
||||
|
||||
func (f fakeConfigFetcher) FetchLatestAzureSEVSNPVersion(_ context.Context, _ versionsapi.Version) (configapi.AzureSEVSNPVersion, error) {
|
||||
return testCfg, nil
|
||||
}
|
||||
|
||||
var testCfg = configapi.AzureSEVSNPVersion{
|
||||
Microcode: 93,
|
||||
TEE: 0,
|
||||
SNP: 6,
|
||||
Bootloader: 2,
|
||||
}
|
||||
|
|
|
|||
|
|
@ -13,6 +13,7 @@ import (
|
|||
|
||||
"github.com/edgelesssys/constellation/v2/cli/internal/cloudcmd"
|
||||
"github.com/edgelesssys/constellation/v2/cli/internal/terraform"
|
||||
"github.com/edgelesssys/constellation/v2/internal/api/fetcher"
|
||||
"github.com/edgelesssys/constellation/v2/internal/cloud/cloudprovider"
|
||||
"github.com/edgelesssys/constellation/v2/internal/config"
|
||||
"github.com/edgelesssys/constellation/v2/internal/constants"
|
||||
|
|
@ -58,11 +59,11 @@ func runCreate(cmd *cobra.Command, _ []string) error {
|
|||
fileHandler := file.NewHandler(afero.NewOsFs())
|
||||
creator := cloudcmd.NewCreator(spinner)
|
||||
c := &createCmd{log: log}
|
||||
return c.create(cmd, creator, fileHandler, spinner)
|
||||
fetcher := fetcher.NewConfigAPIFetcher()
|
||||
return c.create(cmd, creator, fileHandler, spinner, fetcher)
|
||||
}
|
||||
|
||||
func (c *createCmd) create(cmd *cobra.Command, creator cloudCreator, fileHandler file.Handler, spinner spinnerInterf,
|
||||
) (retErr error) {
|
||||
func (c *createCmd) create(cmd *cobra.Command, creator cloudCreator, fileHandler file.Handler, spinner spinnerInterf, fetcher fetcher.ConfigAPIFetcher) (retErr error) {
|
||||
flags, err := c.parseCreateFlags(cmd)
|
||||
if err != nil {
|
||||
return err
|
||||
|
|
@ -73,7 +74,7 @@ func (c *createCmd) create(cmd *cobra.Command, creator cloudCreator, fileHandler
|
|||
}
|
||||
|
||||
c.log.Debugf("Loading configuration file from %q", flags.configPath)
|
||||
conf, err := config.New(fileHandler, flags.configPath, flags.force)
|
||||
conf, err := config.New(fileHandler, flags.configPath, fetcher, flags.force)
|
||||
c.log.Debugf("Configuration file loaded: %+v", conf)
|
||||
var configValidationErr *config.ValidationError
|
||||
if errors.As(err, &configValidationErr) {
|
||||
|
|
|
|||
|
|
@ -202,7 +202,7 @@ func TestCreate(t *testing.T) {
|
|||
|
||||
fileHandler := file.NewHandler(tc.setupFs(require, tc.provider))
|
||||
c := &createCmd{log: logger.NewTest(t)}
|
||||
err := c.create(cmd, tc.creator, fileHandler, &nopSpinner{})
|
||||
err := c.create(cmd, tc.creator, fileHandler, &nopSpinner{}, fakeConfigFetcher{})
|
||||
|
||||
if tc.wantErr {
|
||||
assert.Error(err)
|
||||
|
|
|
|||
|
|
@ -19,6 +19,7 @@ import (
|
|||
"text/tabwriter"
|
||||
"time"
|
||||
|
||||
"github.com/edgelesssys/constellation/v2/internal/api/fetcher"
|
||||
"github.com/edgelesssys/constellation/v2/internal/atls"
|
||||
"github.com/edgelesssys/constellation/v2/internal/compatibility"
|
||||
|
||||
|
|
@ -97,12 +98,13 @@ func runInitialize(cmd *cobra.Command, _ []string) error {
|
|||
defer cancel()
|
||||
cmd.SetContext(ctx)
|
||||
i := &initCmd{log: log, spinner: spinner, merger: &kubeconfigMerger{log: log}, fh: &fileHandler}
|
||||
return i.initialize(cmd, newDialer, fileHandler, license.NewClient())
|
||||
fetcher := fetcher.NewConfigAPIFetcher()
|
||||
return i.initialize(cmd, newDialer, fileHandler, license.NewClient(), fetcher)
|
||||
}
|
||||
|
||||
// initialize initializes a Constellation.
|
||||
func (i *initCmd) initialize(cmd *cobra.Command, newDialer func(validator atls.Validator) *dialer.Dialer,
|
||||
fileHandler file.Handler, quotaChecker license.QuotaChecker,
|
||||
fileHandler file.Handler, quotaChecker license.QuotaChecker, configFetcher fetcher.ConfigAPIFetcher,
|
||||
) error {
|
||||
flags, err := i.evalFlagArgs(cmd)
|
||||
if err != nil {
|
||||
|
|
@ -110,7 +112,7 @@ func (i *initCmd) initialize(cmd *cobra.Command, newDialer func(validator atls.V
|
|||
}
|
||||
i.log.Debugf("Using flags: %+v", flags)
|
||||
i.log.Debugf("Loading configuration file from %q", flags.configPath)
|
||||
conf, err := config.New(fileHandler, flags.configPath, flags.force)
|
||||
conf, err := config.New(fileHandler, flags.configPath, configFetcher, flags.force)
|
||||
var configValidationErr *config.ValidationError
|
||||
if errors.As(err, &configValidationErr) {
|
||||
cmd.PrintErrln(configValidationErr.LongMessage())
|
||||
|
|
|
|||
|
|
@ -175,7 +175,7 @@ func TestInitialize(t *testing.T) {
|
|||
defer cancel()
|
||||
cmd.SetContext(ctx)
|
||||
i := &initCmd{log: logger.NewTest(t), spinner: &nopSpinner{}}
|
||||
err := i.initialize(cmd, newDialer, fileHandler, &stubLicenseClient{})
|
||||
err := i.initialize(cmd, newDialer, fileHandler, &stubLicenseClient{}, fakeConfigFetcher{})
|
||||
|
||||
if tc.wantErr {
|
||||
assert.Error(err)
|
||||
|
|
@ -519,7 +519,7 @@ func TestAttestation(t *testing.T) {
|
|||
cmd.SetContext(ctx)
|
||||
|
||||
i := &initCmd{log: logger.NewTest(t), spinner: &nopSpinner{}}
|
||||
err := i.initialize(cmd, newDialer, fileHandler, &stubLicenseClient{})
|
||||
err := i.initialize(cmd, newDialer, fileHandler, &stubLicenseClient{}, fakeConfigFetcher{})
|
||||
assert.Error(err)
|
||||
// make sure the error is actually a TLS handshake error
|
||||
assert.Contains(err.Error(), "transport: authentication handshake failed")
|
||||
|
|
|
|||
|
|
@ -15,6 +15,7 @@ import (
|
|||
"github.com/edgelesssys/constellation/v2/cli/internal/cloudcmd"
|
||||
"github.com/edgelesssys/constellation/v2/cli/internal/libvirt"
|
||||
"github.com/edgelesssys/constellation/v2/cli/internal/terraform"
|
||||
"github.com/edgelesssys/constellation/v2/internal/api/fetcher"
|
||||
"github.com/edgelesssys/constellation/v2/internal/atls"
|
||||
"github.com/edgelesssys/constellation/v2/internal/cloud/cloudprovider"
|
||||
"github.com/edgelesssys/constellation/v2/internal/config"
|
||||
|
|
@ -44,7 +45,8 @@ func newMiniUpCmd() *cobra.Command {
|
|||
}
|
||||
|
||||
type miniUpCmd struct {
|
||||
log debugLog
|
||||
log debugLog
|
||||
configFetcher fetcher.ConfigAPIFetcher
|
||||
}
|
||||
|
||||
func runUp(cmd *cobra.Command, _ []string) error {
|
||||
|
|
@ -60,7 +62,7 @@ func runUp(cmd *cobra.Command, _ []string) error {
|
|||
defer spinner.Stop()
|
||||
creator := cloudcmd.NewCreator(spinner)
|
||||
|
||||
m := &miniUpCmd{log: log}
|
||||
m := &miniUpCmd{log: log, configFetcher: fetcher.NewConfigAPIFetcher()}
|
||||
return m.up(cmd, creator, spinner)
|
||||
}
|
||||
|
||||
|
|
@ -110,7 +112,7 @@ func (m *miniUpCmd) up(cmd *cobra.Command, creator cloudCreator, spinner spinner
|
|||
func (m *miniUpCmd) prepareConfig(cmd *cobra.Command, fileHandler file.Handler, flags upFlags) (*config.Config, error) {
|
||||
// check for existing config
|
||||
if flags.configPath != "" {
|
||||
conf, err := config.New(fileHandler, flags.configPath, flags.force)
|
||||
conf, err := config.New(fileHandler, flags.configPath, m.configFetcher, flags.force)
|
||||
var configValidationErr *config.ValidationError
|
||||
if errors.As(err, &configValidationErr) {
|
||||
cmd.PrintErrln(configValidationErr.LongMessage())
|
||||
|
|
@ -203,7 +205,7 @@ func (m *miniUpCmd) initializeMiniCluster(cmd *cobra.Command, fileHandler file.H
|
|||
m.log.Debugf("Created new logger")
|
||||
defer log.Sync()
|
||||
i := &initCmd{log: log, merger: &kubeconfigMerger{log: log}, spinner: spinner}
|
||||
if err := i.initialize(cmd, newDialer, fileHandler, license.NewClient()); err != nil {
|
||||
if err := i.initialize(cmd, newDialer, fileHandler, license.NewClient(), m.configFetcher); err != nil {
|
||||
return err
|
||||
}
|
||||
m.log.Debugf("Initialized mini cluster")
|
||||
|
|
|
|||
|
|
@ -18,6 +18,7 @@ import (
|
|||
"github.com/edgelesssys/constellation/v2/cli/internal/cloudcmd"
|
||||
"github.com/edgelesssys/constellation/v2/cli/internal/clusterid"
|
||||
"github.com/edgelesssys/constellation/v2/disk-mapper/recoverproto"
|
||||
"github.com/edgelesssys/constellation/v2/internal/api/fetcher"
|
||||
"github.com/edgelesssys/constellation/v2/internal/atls"
|
||||
"github.com/edgelesssys/constellation/v2/internal/cloud/cloudprovider"
|
||||
"github.com/edgelesssys/constellation/v2/internal/config"
|
||||
|
|
@ -48,7 +49,8 @@ func NewRecoverCmd() *cobra.Command {
|
|||
}
|
||||
|
||||
type recoverCmd struct {
|
||||
log debugLog
|
||||
log debugLog
|
||||
configFetcher fetcher.ConfigAPIFetcher
|
||||
}
|
||||
|
||||
func runRecover(cmd *cobra.Command, _ []string) error {
|
||||
|
|
@ -61,7 +63,7 @@ func runRecover(cmd *cobra.Command, _ []string) error {
|
|||
newDialer := func(validator atls.Validator) *dialer.Dialer {
|
||||
return dialer.New(nil, validator, &net.Dialer{})
|
||||
}
|
||||
r := &recoverCmd{log: log}
|
||||
r := &recoverCmd{log: log, configFetcher: fetcher.NewConfigAPIFetcher()}
|
||||
return r.recover(cmd, fileHandler, 5*time.Second, &recoverDoer{log: r.log}, newDialer)
|
||||
}
|
||||
|
||||
|
|
@ -82,7 +84,7 @@ func (r *recoverCmd) recover(
|
|||
}
|
||||
|
||||
r.log.Debugf("Loading configuration file from %q", flags.configPath)
|
||||
conf, err := config.New(fileHandler, flags.configPath, flags.force)
|
||||
conf, err := config.New(fileHandler, flags.configPath, r.configFetcher, flags.force)
|
||||
var configValidationErr *config.ValidationError
|
||||
if errors.As(err, &configValidationErr) {
|
||||
cmd.PrintErrln(configValidationErr.LongMessage())
|
||||
|
|
|
|||
|
|
@ -163,7 +163,7 @@ func TestRecover(t *testing.T) {
|
|||
))
|
||||
|
||||
newDialer := func(atls.Validator) *dialer.Dialer { return nil }
|
||||
r := &recoverCmd{log: logger.NewTest(t)}
|
||||
r := &recoverCmd{log: logger.NewTest(t), configFetcher: fakeConfigFetcher{}}
|
||||
err := r.recover(cmd, fileHandler, time.Millisecond, tc.doer, newDialer)
|
||||
if tc.wantErr {
|
||||
assert.Error(err)
|
||||
|
|
|
|||
|
|
@ -19,6 +19,7 @@ import (
|
|||
"github.com/edgelesssys/constellation/v2/cli/internal/kubernetes"
|
||||
"github.com/edgelesssys/constellation/v2/cli/internal/terraform"
|
||||
"github.com/edgelesssys/constellation/v2/cli/internal/upgrade"
|
||||
"github.com/edgelesssys/constellation/v2/internal/api/fetcher"
|
||||
"github.com/edgelesssys/constellation/v2/internal/cloud/cloudprovider"
|
||||
"github.com/edgelesssys/constellation/v2/internal/compatibility"
|
||||
"github.com/edgelesssys/constellation/v2/internal/config"
|
||||
|
|
@ -65,16 +66,18 @@ func runUpgradeApply(cmd *cobra.Command, _ []string) error {
|
|||
return err
|
||||
}
|
||||
|
||||
fetcher := imagefetcher.New()
|
||||
imagefetcher := imagefetcher.New()
|
||||
configFetcher := fetcher.NewConfigAPIFetcher()
|
||||
|
||||
applyCmd := upgradeApplyCmd{upgrader: upgrader, log: log, fetcher: fetcher}
|
||||
applyCmd := upgradeApplyCmd{upgrader: upgrader, log: log, imageFetcher: imagefetcher, configFetcher: configFetcher}
|
||||
return applyCmd.upgradeApply(cmd, fileHandler)
|
||||
}
|
||||
|
||||
type upgradeApplyCmd struct {
|
||||
upgrader cloudUpgrader
|
||||
fetcher imageFetcher
|
||||
log debugLog
|
||||
upgrader cloudUpgrader
|
||||
imageFetcher imageFetcher
|
||||
configFetcher fetcher.ConfigAPIFetcher
|
||||
log debugLog
|
||||
}
|
||||
|
||||
func (u *upgradeApplyCmd) upgradeApply(cmd *cobra.Command, fileHandler file.Handler) error {
|
||||
|
|
@ -82,7 +85,7 @@ func (u *upgradeApplyCmd) upgradeApply(cmd *cobra.Command, fileHandler file.Hand
|
|||
if err != nil {
|
||||
return fmt.Errorf("parsing flags: %w", err)
|
||||
}
|
||||
conf, err := config.New(fileHandler, flags.configPath, flags.force)
|
||||
conf, err := config.New(fileHandler, flags.configPath, u.configFetcher, flags.force)
|
||||
var configValidationErr *config.ValidationError
|
||||
if errors.As(err, &configValidationErr) {
|
||||
cmd.PrintErrln(configValidationErr.LongMessage())
|
||||
|
|
@ -102,7 +105,7 @@ func (u *upgradeApplyCmd) upgradeApply(cmd *cobra.Command, fileHandler file.Hand
|
|||
return fmt.Errorf("upgrading measurements: %w", err)
|
||||
}
|
||||
|
||||
if err := u.migrateTerraform(cmd, fileHandler, u.fetcher, conf, flags); err != nil {
|
||||
if err := u.migrateTerraform(cmd, fileHandler, u.imageFetcher, conf, flags); err != nil {
|
||||
return fmt.Errorf("performing Terraform migrations: %w", err)
|
||||
}
|
||||
|
||||
|
|
|
|||
|
|
@ -142,7 +142,7 @@ func TestUpgradeApply(t *testing.T) {
|
|||
require.NoError(handler.WriteYAML(constants.ConfigFilename, cfg))
|
||||
require.NoError(handler.WriteJSON(constants.ClusterIDsFileName, clusterid.File{}))
|
||||
|
||||
upgrader := upgradeApplyCmd{upgrader: tc.upgrader, log: logger.NewTest(t), fetcher: tc.fetcher}
|
||||
upgrader := upgradeApplyCmd{upgrader: tc.upgrader, log: logger.NewTest(t), imageFetcher: tc.fetcher, configFetcher: fakeConfigFetcher{}}
|
||||
err := upgrader.upgradeApply(cmd, handler)
|
||||
if tc.wantErr {
|
||||
assert.Error(err)
|
||||
|
|
|
|||
|
|
@ -91,7 +91,7 @@ func runUpgradeCheck(cmd *cobra.Command, _ []string) error {
|
|||
log: log,
|
||||
}
|
||||
|
||||
return up.upgradeCheck(cmd, fileHandler, flags)
|
||||
return up.upgradeCheck(cmd, fileHandler, fetcher.NewConfigAPIFetcher(), flags)
|
||||
}
|
||||
|
||||
func parseUpgradeCheckFlags(cmd *cobra.Command) (upgradeCheckFlags, error) {
|
||||
|
|
@ -131,8 +131,8 @@ type upgradeCheckCmd struct {
|
|||
}
|
||||
|
||||
// upgradePlan plans an upgrade of a Constellation cluster.
|
||||
func (u *upgradeCheckCmd) upgradeCheck(cmd *cobra.Command, fileHandler file.Handler, flags upgradeCheckFlags) error {
|
||||
conf, err := config.New(fileHandler, flags.configPath, flags.force)
|
||||
func (u *upgradeCheckCmd) upgradeCheck(cmd *cobra.Command, fileHandler file.Handler, fetcher fetcher.ConfigAPIFetcher, flags upgradeCheckFlags) error {
|
||||
conf, err := config.New(fileHandler, flags.configPath, fetcher, flags.force)
|
||||
var configValidationErr *config.ValidationError
|
||||
if errors.As(err, &configValidationErr) {
|
||||
cmd.PrintErrln(configValidationErr.LongMessage())
|
||||
|
|
|
|||
|
|
@ -271,7 +271,7 @@ func TestUpgradeCheck(t *testing.T) {
|
|||
|
||||
cmd := newUpgradeCheckCmd()
|
||||
|
||||
err := checkCmd.upgradeCheck(cmd, fileHandler, tc.flags)
|
||||
err := checkCmd.upgradeCheck(cmd, fileHandler, fakeConfigFetcher{}, tc.flags)
|
||||
if tc.wantError {
|
||||
assert.Error(err)
|
||||
return
|
||||
|
|
|
|||
|
|
@ -21,6 +21,7 @@ import (
|
|||
|
||||
"github.com/edgelesssys/constellation/v2/cli/internal/cloudcmd"
|
||||
"github.com/edgelesssys/constellation/v2/cli/internal/clusterid"
|
||||
"github.com/edgelesssys/constellation/v2/internal/api/fetcher"
|
||||
"github.com/edgelesssys/constellation/v2/internal/atls"
|
||||
"github.com/edgelesssys/constellation/v2/internal/attestation/measurements"
|
||||
"github.com/edgelesssys/constellation/v2/internal/config"
|
||||
|
|
@ -71,10 +72,11 @@ func runVerify(cmd *cobra.Command, _ []string) error {
|
|||
}
|
||||
|
||||
v := &verifyCmd{log: log}
|
||||
return v.verify(cmd, fileHandler, verifyClient, formatter)
|
||||
fetcher := fetcher.NewConfigAPIFetcher()
|
||||
return v.verify(cmd, fileHandler, verifyClient, formatter, fetcher)
|
||||
}
|
||||
|
||||
func (c *verifyCmd) verify(cmd *cobra.Command, fileHandler file.Handler, verifyClient verifyClient, formatter attestationDocFormatter) error {
|
||||
func (c *verifyCmd) verify(cmd *cobra.Command, fileHandler file.Handler, verifyClient verifyClient, formatter attestationDocFormatter, configFetcher fetcher.ConfigAPIFetcher) error {
|
||||
flags, err := c.parseVerifyFlags(cmd, fileHandler)
|
||||
if err != nil {
|
||||
return fmt.Errorf("parsing flags: %w", err)
|
||||
|
|
@ -82,7 +84,7 @@ func (c *verifyCmd) verify(cmd *cobra.Command, fileHandler file.Handler, verifyC
|
|||
c.log.Debugf("Using flags: %+v", flags)
|
||||
|
||||
c.log.Debugf("Loading configuration file from %q", flags.configPath)
|
||||
conf, err := config.New(fileHandler, flags.configPath, flags.force)
|
||||
conf, err := config.New(fileHandler, flags.configPath, configFetcher, flags.force)
|
||||
var configValidationErr *config.ValidationError
|
||||
if errors.As(err, &configValidationErr) {
|
||||
cmd.PrintErrln(configValidationErr.LongMessage())
|
||||
|
|
|
|||
|
|
@ -190,7 +190,7 @@ func TestVerify(t *testing.T) {
|
|||
}
|
||||
|
||||
v := &verifyCmd{log: logger.NewTest(t)}
|
||||
err := v.verify(cmd, fileHandler, tc.protoClient, tc.formatter)
|
||||
err := v.verify(cmd, fileHandler, tc.protoClient, tc.formatter, fakeConfigFetcher{})
|
||||
|
||||
if tc.wantErr {
|
||||
assert.Error(err)
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue