feat(keyless): make keyless signing available in the CLI #862
Conversation
Signed-off-by: Jose I. Paris <jiparis@chainloop.dev>
Signed-off-by: Jose I. Paris <jiparis@chainloop.dev>
Signed-off-by: Jose I. Paris <jiparis@chainloop.dev>
Signed-off-by: Jose I. Paris <jiparis@chainloop.dev>
Signed-off-by: Jose I. Paris <jiparis@chainloop.dev>
Signed-off-by: Jose I. Paris <jiparis@chainloop.dev> # Conflicts: # app/controlplane/api/controlplane/v1/signing.pb.go # app/controlplane/api/controlplane/v1/signing.proto # app/controlplane/api/controlplane/v1/signing_grpc.pb.go # app/controlplane/api/gen/frontend/controlplane/v1/signing.ts # app/controlplane/cmd/main.go # app/controlplane/cmd/wire_gen.go # app/controlplane/internal/biz/signing.go # app/controlplane/internal/biz/signing_test.go # app/controlplane/internal/conf/conf.pb.go # app/controlplane/internal/conf/conf.proto # app/controlplane/internal/service/signing.go
Signed-off-by: Jose I. Paris <jiparis@chainloop.dev>
Signed-off-by: Jose I. Paris <jiparis@chainloop.dev>
Signed-off-by: Jose I. Paris <jiparis@chainloop.dev>
Signed-off-by: Jose I. Paris <jiparis@chainloop.dev>
Signed-off-by: Jose I. Paris <jiparis@chainloop.dev>
Signed-off-by: Jose I. Paris <jiparis@chainloop.dev>
There was a problem hiding this comment.
Much better although I am not completely sold on the way signer became a bag of things for all signer types.
To me, it would make more sense to have
signer.go
chainloop/
chainloop.go
cosign/
cosign.go
and each one of those two will implement the sigstore interface, and will have their own initialization and auxiliary helpers (load pass from terminal, create CSR, ...)
then signer.go can be the one that just picks one or the other if you want.
In any case, that's how I'd do it to simplify testing but I do not think we need to do it in this patch, so I am approving it.
Thanks!
|
|
||
| var _ sigstoresigner.Signer = (*ChainloopSigner)(nil) | ||
|
|
||
| func NewChainloopSigner(keyPath string, sc pb.SigningServiceClient, logger zerolog.Logger) *ChainloopSigner { |
There was a problem hiding this comment.
since it supports both, we might want to indicate how this works, meaning that they key is optional and will use keyless in that case.
| // See the License for the specific language governing permissions and | ||
| // limitations under the License. | ||
|
|
||
| package signer |
There was a problem hiding this comment.
not necessarily for this patch, but don't forget to add tests for this package.
Signed-off-by: Jose I. Paris <jiparis@chainloop.dev>
Signed-off-by: Jose I. Paris <jiparis@chainloop.dev>
Signed-off-by: Jose I. Paris <jiparis@chainloop.dev>
Signed-off-by: Jose I. Paris <jiparis@chainloop.dev>
| ) | ||
|
|
||
| // GetSigner creates a new Signer based on input parameters | ||
| func GetSigner(keyPath string, logger zerolog.Logger, client pb.SigningServiceClient) sigstoresigner.Signer { |
2 participants
This PR uses the service exposed in #861 and enables keyless signing in the CLI.
If a
--keyoption is not provided, the CLI will create a ephemeral certificate signing request, and send it to the chainloop service to be signed by the configured CA, returning back a full certificate chain for signing. This is the standard flow for PKI keyless signatures.This should be considered experimental, since currently the public key is discarded, and verification is not yet complete.
Refs #865