-
Notifications
You must be signed in to change notification settings - Fork 503
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Adds Support for Fulcio Client Credentials Flow, and Argument to Set Flow Explicitly #3578
Conversation
Codecov ReportAttention: Patch coverage is
Additional details and impacted files@@ Coverage Diff @@
## main #3578 +/- ##
==========================================
- Coverage 40.10% 39.94% -0.17%
==========================================
Files 155 155
Lines 10044 10087 +43
==========================================
+ Hits 4028 4029 +1
- Misses 5530 5584 +54
+ Partials 486 474 -12 ☔ View full report in Codecov by Sentry. |
also, please rebase now that #3579 has merged. |
Signed-off-by: Noah Kreiger <noahkreiger@gmail.com>
Signed-off-by: Noah Kreiger <noahkreiger@gmail.com>
Signed-off-by: Noah Kreiger <noahkreiger@gmail.com>
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
nice
…Flow Explicitly (sigstore#3578) * add fulcio oauth flow client credentials Signed-off-by: Noah Kreiger <noahkreiger@gmail.com> * fix docgen Signed-off-by: Noah Kreiger <noahkreiger@gmail.com> * add options Signed-off-by: Noah Kreiger <noahkreiger@gmail.com> --------- Signed-off-by: Noah Kreiger <noahkreiger@gmail.com>
Summary
Implements this:
sigstore/sigstore#1619
It looks like the flag was also missing from the CLI ko.KeyOpts to set the fulcio flow explicitly. Should be 100% backwards compatible because the default was always an empty string.
Release Note
--fulcio-auth-flow
to explicitly set the fulcio authentication flow--fulcio-auth-flow=client_credentials
as an authentication flow. Requires the Client ID and Client Secret.Documentation
cosign sign --fulcio_url=<url> --fulcio-auth-flow=client_credentials --client-secret=<secret file> --client-id=sigstore