Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add flags for issuer/subject OCI signature verification #4727

Merged
merged 1 commit into from
Apr 17, 2024
Merged

Add flags for issuer/subject OCI signature verification #4727

merged 1 commit into from
Apr 17, 2024
+110 −14

Conversation

makkes
Copy link
Member

@makkes makkes commented Apr 16, 2024

This change introduces two new flags to create source oci for providing the values to the OCIRepository.spec.verify.matchOIDCIdentity.(issuer,subject) fields.

@makkes makkes added enhancement New feature or request area/source Source API related issues and pull requests area/oci OCI related issues and pull requests labels Apr 16, 2024
souleb
souleb reviewed Apr 16, 2024
View reviewed changes
cmd/flux/create_source_oci.go
--tag=6.6.2 \
--interval=10m \
--verify-provider=cosign \
--verify-subject="^https://github.com/stefanprodan/podinfo/.github/workflows/release.yml@refs/tags/6.6.2$" \
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

perhaps verify-identity to match the cosign flag --certificate-identity

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

We are matching our own API fields which are issuer and subject.

Add flags for issuer/subject OCI signature verification
1bb9254 
This change introduces two new flags to `create source oci` for
providing the values to the
`OCIRepository.spec.verify.matchOIDCIdentity.(issuer,subject)` fields.

Signed-off-by: Max Jonas Werner <mail@makk.es>
@stefanprodan stefanprodan mentioned this pull request Apr 17, 2024
Closed
59 tasks
stefanprodan
stefanprodan approved these changes Apr 17, 2024
View reviewed changes
Copy link
Member

@stefanprodan stefanprodan left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

Thanks @makkes 🏅

@makkes makkes merged commit ec62b84 into main Apr 17, 2024
8 checks passed
@makkes makkes deleted the verify-issuer-subject branch April 17, 2024 09:28
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@souleb souleb souleb left review comments

@stefanprodan stefanprodan stefanprodan approved these changes

Assignees
No one assigned
Labels
area/oci OCI related issues and pull requests area/source Source API related issues and pull requests enhancement New feature or request
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@makkes @stefanprodan @souleb