Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

feat: Support cosign --k8s-keychain flag #551

Merged
merged 1 commit into from Feb 21, 2022
Merged

feat: Support cosign --k8s-keychain flag #551

merged 1 commit into from Feb 21, 2022

Conversation

marckn0x
Copy link
Contributor

@marckn0x marckn0x commented Feb 17, 2022
edited

Fixes #390

Description

Add configuration option k8s_keychain for cosign validator that will pass the flag --k8s-keychain to cosign when set to true. This allows cosign to pick up registry credentials from the environment (see sigstore/cosign#972 for details)

Checklist

  • PR is rebased to/aimed at branch develop
  • PR follows Contributing Guide
  • Added tests (if necessary)
  • Extended README/Documentation (if necessary)

@marckn0x marckn0x mentioned this pull request Feb 18, 2022
Closed
@marckn0x
Copy link
Contributor Author

I can add a test if necessary but it's a small change and any test would probably be contrived. Let me know if you think I should.

This is ready for review.

@marckn0x
Copy link
Contributor Author

@phbelitz Doesn't look like I have permission to request a review. Would you mind taking a look at some point?

@codecov-commenter
Copy link

codecov-commenter commented Feb 18, 2022
edited

Codecov Report

Merging #551 (ec8991e) into develop (09ddf75) will increase coverage by 0.01%.
The diff coverage is 100.00%.

Impacted file tree graph

@@             Coverage Diff             @@
##           develop     #551      +/-   ##
===========================================
+ Coverage    94.23%   94.24%   +0.01%     
===========================================
  Files           22       22              
  Lines         1127     1129       +2     
===========================================
+ Hits          1062     1064       +2     
  Misses          65       65
Impacted Files Coverage Δ
connaisseur/validators/cosign/cosign_validator.py 97.80% <100.00%> (+0.04%) ⬆️

Continue to review full report at Codecov.

Legend - Click here to learn more
Δ = absolute <relative> (impact), ø = not affected, ? = missing data
Powered by Codecov. Last update 09ddf75...ec8991e. Read the comment docs.

xopham
xopham reviewed Feb 20, 2022
View reviewed changes
Copy link
Collaborator

@xopham xopham left a comment
edited

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@marckn0x this is an awesome feature 🎉 Must have slipped my attention, but great that you picked it up 🚀

I have some comments. Did you make a functional test of the feature in your environment?
I'd prefer if a small test was added to the pytests, maybe around here, though I admit this may be of limited use.

Please, adjust the commit message to something like feat: Support cosign --k8s-keychain flag in order to follow semantic and conventional commit messages as described in the contributing guide (just noticed the link in the PR template is broken 🙈).

connaisseur/res/config_schema.json Outdated Show resolved Hide resolved
docs/validators/sigstore_cosign.md Outdated Show resolved Hide resolved
docs/validators/sigstore_cosign.md Outdated Show resolved Hide resolved
@xopham xopham mentioned this pull request Feb 20, 2022
Open
5 tasks
@xopham xopham linked an issue Feb 20, 2022 that may be closed by this pull request
connaisseur+cosign on eks: add support for aws credentials #390
Closed
@xopham xopham mentioned this pull request Feb 20, 2022
Merged
6 tasks
@marckn0x marckn0x force-pushed the cosign-k8s-keyring branch 2 times, most recently from f08e16e to f62ff7c Compare February 20, 2022 19:58
@marckn0x
Copy link
Contributor Author

I added a test in the location suggested; thanks!

@marckn0x marckn0x changed the title Support cosign --k8s-keychain flag feat: Support cosign --k8s-keychain flag Feb 20, 2022
xopham
xopham requested changes Feb 21, 2022
View reviewed changes
Copy link
Collaborator

@xopham xopham left a comment
edited

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Requested a few last changes and after that we're good to go 🚀

connaisseur/res/config_schema.json Outdated Show resolved Hide resolved
@marckn0x marckn0x force-pushed the cosign-k8s-keyring branch 2 times, most recently from 9fdef68 to ee14051 Compare February 21, 2022 17:38
xopham
xopham reviewed Feb 21, 2022
View reviewed changes
Copy link
Collaborator

@xopham xopham left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I made a proposal for the tests. If that works for you, feel free to squash and I'd be happy to approve 🙂

xopham
xopham approved these changes Feb 21, 2022
View reviewed changes
Copy link
Collaborator

@xopham xopham left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@marckn0x thanks for the great contribution 🚀

@xopham xopham merged commit c905c79 into sse-secure-systems:develop Feb 21, 2022
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@xopham xopham xopham approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

connaisseur+cosign on eks: add support for aws credentials
3 participants
@marckn0x @codecov-commenter @xopham