Git-Mirrors/constellation
1
0
Fork 0
mirror of https://github.com/edgelesssys/constellation.git synced 2025-06-20 12:14:23 -04:00
Code Issues Projects Releases Packages Wiki Activity

config: sign Azure versions on upload & verify on fetch (#1836)

Browse source 
* add SignContent() + integrate into configAPI

* use static client for upload versions tool; fix staticupload calleeReference bug

* use version to get proper cosign pub key.

* mock fetcher in CLI tests

* only provide config.New constructor with fetcher

Co-authored-by: Otto Bittner <cobittner@posteo.net>
Co-authored-by: Daniel Weiße <66256922+daniel-weisse@users.noreply.github.com>
This commit is contained in:
Adrian Stobbe 2023-06-01 13:55:46 +02:00 committed by GitHub
parent e0285c122e
commit b51cc52945
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
55 changed files with 752 additions and 308 deletions
Download patch file Download diff file Expand all files Collapse all files

10
cli/internal/cmd/configfetchmeasurements.go
View file

@ -15,6 +15,7 @@ import (
"time"
"github.com/edgelesssys/constellation/v2/cli/internal/featureset"
"github.com/edgelesssys/constellation/v2/internal/api/fetcher"
"github.com/edgelesssys/constellation/v2/internal/api/versionsapi"
"github.com/edgelesssys/constellation/v2/internal/attestation/measurements"
"github.com/edgelesssys/constellation/v2/internal/config"
@ -64,12 +65,13 @@ func runConfigFetchMeasurements(cmd *cobra.Command, _ []string) error {
}
cfm := &configFetchMeasurementsCmd{log: log, canFetchMeasurements: featureset.CanFetchMeasurements}
return cfm.configFetchMeasurements(cmd, sigstore.CosignVerifier{}, rekor, fileHandler, http.DefaultClient)
fetcher := fetcher.NewConfigAPIFetcherWithClient(http.DefaultClient)
return cfm.configFetchMeasurements(cmd, sigstore.CosignVerifier{}, rekor, fileHandler, fetcher, http.DefaultClient)
}
func (cfm *configFetchMeasurementsCmd) configFetchMeasurements(
cmd *cobra.Command, cosign cosignVerifier, rekor rekorVerifier,
fileHandler file.Handler, client *http.Client,
fileHandler file.Handler, fetcher fetcher.ConfigAPIFetcher, client *http.Client,
) error {
flags, err := cfm.parseFetchMeasurementsFlags(cmd)
if err != nil {
@ -83,7 +85,8 @@ func (cfm *configFetchMeasurementsCmd) configFetchMeasurements(
}
cfm.log.Debugf("Loading configuration file from %q", flags.configPath)
conf, err := config.NewWithClient(fileHandler, flags.configPath, client, flags.force)
conf, err := config.New(fileHandler, flags.configPath, fetcher, flags.force)
var configValidationErr *config.ValidationError
if errors.As(err, &configValidationErr) {
cmd.PrintErrln(configValidationErr.LongMessage())
@ -110,6 +113,7 @@ func (cfm *configFetchMeasurementsCmd) configFetchMeasurements(
if err != nil {
return err
}
var fetchedMeasurements measurements.M
hash, err := fetchedMeasurements.FetchAndVerify(
ctx, client, cosign,