Git-Mirrors/constellation
1
0
Fork 0
mirror of https://github.com/edgelesssys/constellation.git synced 2025-05-02 06:16:08 -04:00
Code Issues Projects Releases Packages Wiki Activity

config: sign Azure versions on upload & verify on fetch (#1836)

Browse source 
* add SignContent() + integrate into configAPI

* use static client for upload versions tool; fix staticupload calleeReference bug

* use version to get proper cosign pub key.

* mock fetcher in CLI tests

* only provide config.New constructor with fetcher

Co-authored-by: Otto Bittner <cobittner@posteo.net>
Co-authored-by: Daniel Weiße <66256922+daniel-weisse@users.noreply.github.com>
This commit is contained in:
Adrian Stobbe 2023-06-01 13:55:46 +02:00 committed by GitHub
parent e0285c122e
commit b51cc52945
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
55 changed files with 752 additions and 308 deletions
Download patch file Download diff file Expand all files Collapse all files

15
internal/config/config.go
View file

@ -32,6 +32,7 @@ import (
en_translations "github.com/go-playground/validator/v10/translations/en"
"github.com/edgelesssys/constellation/v2/internal/api/fetcher"
"github.com/edgelesssys/constellation/v2/internal/api/versionsapi"
"github.com/edgelesssys/constellation/v2/internal/attestation/idkeydigest"
"github.com/edgelesssys/constellation/v2/internal/attestation/measurements"
"github.com/edgelesssys/constellation/v2/internal/cloud/cloudprovider"
@ -384,19 +385,19 @@ func fromFile(fileHandler file.Handler, name string) (*Config, error) {
// 2. For "latest" version values of the attestation variants fetch the version numbers.
// 3. Read secrets from environment variables.
// 4. Validate config. If `--force` is set the version validation will be disabled and any version combination is allowed.
func New(fileHandler file.Handler, name string, force bool) (*Config, error) {
return NewWithClient(fileHandler, name, fetcher.NewHTTPClient(), force)
}
// NewWithClient is New with a custom HTTP client.
func NewWithClient(fileHandler file.Handler, name string, client fetcher.HTTPClient, force bool) (*Config, error) {
func New(fileHandler file.Handler, name string, fetcher fetcher.ConfigAPIFetcher, force bool) (*Config, error) {
// Read config file
c, err := fromFile(fileHandler, name)
if err != nil {
return nil, err
}
if azure := c.Attestation.AzureSEVSNP; azure != nil {
if err := azure.FetchAndSetLatestVersionNumbers(client); err != nil {
version, err := versionsapi.NewVersionFromShortPath(c.Image, versionsapi.VersionKindImage)
if err != nil {
return nil, err
}
if err := azure.FetchAndSetLatestVersionNumbers(fetcher, version); err != nil {
return c, err
}
}