Skip to content

Commit

Permalink
verifier: Get local authenticator struct to return a usable authentic…
Browse files Browse the repository at this point in the history
…ator (#3318)

Signed-off-by: Juan Antonio Osorio <ozz@stacklok.com>
  • Loading branch information
JAORMX committed May 13, 2024
1 parent a231e84 commit 1ac44f6
Showing 1 changed file with 8 additions and 1 deletion.
9 changes: 8 additions & 1 deletion internal/verifier/sigstore/container/container.go
Original file line number Diff line number Diff line change
Expand Up @@ -63,6 +63,13 @@ type containerAuth struct {
ghClient provifv1.GitHub
}

func (c *containerAuth) getAuthenticator(owner string) authn.Authenticator {
if c.ghClient != nil {
return c.ghClient.GetCredential().GetAsContainerAuthenticator(owner)
}
return authn.Anonymous
}

func newContainerAuth(authOpts ...AuthMethod) *containerAuth {
var auth containerAuth
for _, opt := range authOpts {
Expand Down Expand Up @@ -166,7 +173,7 @@ func getSigstoreBundles(
) ([]sigstoreBundle, error) {
imageRef := BuildImageRef(registry, owner, artifact, version)
// Try to build a bundle from the OCI image reference
bundles, err := bundleFromOCIImage(ctx, imageRef, auth.ghClient.GetCredential().GetAsContainerAuthenticator(owner))
bundles, err := bundleFromOCIImage(ctx, imageRef, auth.getAuthenticator(owner))
if errors.Is(err, ErrProvenanceNotFoundOrIncomplete) && auth.ghClient != nil {
// If we failed to find the signature in the OCI image, try to build a bundle from the GitHub attestation endpoint
return bundleFromGHAttestationEndpoint(ctx, auth.ghClient, owner, version)
Expand Down

0 comments on commit 1ac44f6

Please sign in to comment.