Skip to content
New issue

Have a question about this project? # for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “#”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? # to your account

Fix keyful handling in tester. #115

Merged
merged 1 commit into from
Jul 30, 2022
Merged

Conversation

vaikas
Copy link
Collaborator

@vaikas vaikas commented Jul 29, 2022

Signed-off-by: Ville Aikas vaikas@chainguard.dev

Summary

@jdolitsky found in #108 that the tester was not handling the Keyful validation correctly. This was caused by us not 'round-tripping' the webhook cip, which in the Policy-Controller path is marshalled by the reconciler and unmarshalled before handing to the validator path. One thing the unmarshaller does is convert the inlined data blocks into crypto keys which is what the policy-controller validator uses.

So, this PR adds that round tripping before using the webhook cip.

Release Note

  • Fix bug in tester which was not handling keyful signatures / attestations correctly.

Documentation

Unverified

This user has not yet uploaded their public signing key.
Signed-off-by: Ville Aikas <vaikas@chainguard.dev>
@codecov-commenter
Copy link

Codecov Report

Merging #115 (3864408) into main (21e02d9) will not change coverage.
The diff coverage is n/a.

@@           Coverage Diff           @@
##             main     #115   +/-   ##
=======================================
  Coverage   63.36%   63.36%           
=======================================
  Files          26       26           
  Lines        2301     2301           
=======================================
  Hits         1458     1458           
  Misses        770      770           
  Partials       73       73           

Help us with your feedback. Take ten seconds to tell us how you rate us.

Copy link
Member

@mattmoor mattmoor left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

We may want to add a public method we can call on the Go version to do this without the roundtrip, but I think the comment makes this silliness clear enough for now.

@hectorj2f hectorj2f merged commit 266b961 into sigstore:main Jul 30, 2022
@vaikas vaikas deleted the josh-tests branch August 24, 2022 22:17
# for free to join this conversation on GitHub. Already have an account? # to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

None yet

4 participants