Skip to content

Commit

Permalink
removing drafting logic for generic principal, to be done in another pr
Browse files Browse the repository at this point in the history 
Signed-off-by: Javan lacerda <javanlacerda@google.com>
  • Loading branch information
@javanlacerda
javanlacerda committed Jun 6, 2024
1 parent 6281d87 commit c88f941
Show file tree
Hide file tree
Showing 2 changed files with 5 additions and 107 deletions.
1 change: 1 addition & 0 deletions pkg/identity/generic/issuer_test.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -18,6 +18,7 @@ import (
"testing"
)

// TO BE IMPLEMENTED. Just keeped as a guide
func TestIssuer(t *testing.T) {

}
111 changes: 4 additions & 107 deletions pkg/identity/generic/principal.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -15,26 +15,16 @@
package generic

import (
"bytes"
"context"
"crypto/x509"
"fmt"
"net/url"
"os"
"strings"
"text/template"

"github.com/coreos/go-oidc/v3/oidc"
"github.com/sigstore/fulcio/pkg/certificate"
"github.com/sigstore/fulcio/pkg/config"
"github.com/sigstore/fulcio/pkg/identity"
"gopkg.in/yaml.v3"
)

type RootYaml struct {
Providers map[string]Provider
}

type Provider struct {
Subject string
Extensions certificate.Extensions
Expand All @@ -43,107 +33,14 @@ type Provider struct {
OIDCIssuers []config.OIDCIssuer `yaml:"oidc-issuers,omitempty"`
}

func readYaml() RootYaml {
var obj RootYaml

yamlFile, err := os.ReadFile("../../config/config.yaml")
if err != nil {
fmt.Printf("yamlFile.Get err #%v ", err)
}
err = yaml.Unmarshal(yamlFile, &obj)
if err != nil {
fmt.Printf("Unmarshal: %v", err)
}

return obj
}

// TO BE IMPLEMENTED. Just keeped as a guide
func WorkflowPrincipalFromIDToken(ctx context.Context, token *oidc.IDToken) (identity.Principal, error) {
iss, ok := config.FromContext(ctx).GetIssuer(token.Issuer)
if !ok {
return nil, fmt.Errorf("configuration can not be loaded for issuer %v", token.Issuer)
}

var claims map[string]string
if err := token.Claims(&claims); err != nil {
return nil, err
}

configYaml := readYaml()

provider := configYaml.Providers[string(iss.Type)]
e := provider.Extensions
defaults := provider.Defaults
finalExtensions := certificate.Extensions{
Issuer: ApplyTemplate(e.Issuer, claims, defaults),
GithubWorkflowTrigger: ApplyTemplate(e.GithubWorkflowTrigger, claims, defaults),
GithubWorkflowSHA: ApplyTemplate(e.GithubWorkflowSHA, claims, defaults),
GithubWorkflowName: ApplyTemplate(e.GithubWorkflowName, claims, defaults),
GithubWorkflowRepository: ApplyTemplate(e.GithubWorkflowRepository, claims, defaults),
GithubWorkflowRef: ApplyTemplate(e.GithubWorkflowRef, claims, defaults),
BuildSignerURI: ApplyTemplate(e.BuildSignerURI, claims, defaults),
BuildConfigDigest: ApplyTemplate(e.BuildConfigDigest, claims, defaults),
RunnerEnvironment: ApplyTemplate(e.RunnerEnvironment, claims, defaults),
SourceRepositoryURI: ApplyTemplate(e.SourceRepositoryURI, claims, defaults),
SourceRepositoryDigest: ApplyTemplate(e.SourceRepositoryDigest, claims, defaults),
SourceRepositoryRef: ApplyTemplate(e.SourceRepositoryRef, claims, defaults),
SourceRepositoryIdentifier: ApplyTemplate(e.SourceRepositoryIdentifier, claims, defaults),
SourceRepositoryOwnerURI: ApplyTemplate(e.SourceRepositoryOwnerURI, claims, defaults),
SourceRepositoryOwnerIdentifier: ApplyTemplate(e.SourceRepositoryOwnerIdentifier, claims, defaults),
BuildConfigURI: ApplyTemplate(e.BuildConfigURI, claims, defaults),
BuildSignerDigest: ApplyTemplate(e.BuildSignerDigest, claims, defaults),
BuildTrigger: ApplyTemplate(e.BuildTrigger, claims, defaults),
RunInvocationURI: ApplyTemplate(e.RunInvocationURI, claims, defaults),
SourceRepositoryVisibilityAtSigning: ApplyTemplate(e.SourceRepositoryVisibilityAtSigning, claims, defaults),
}
finalUris := make([]string, len(provider.Uris)-1)
for _, val := range provider.Uris {
finalUris = append(finalUris, ApplyTemplate(val, claims, defaults))
}

return &Provider{
Subject: token.Subject,
Extensions: finalExtensions,
Uris: finalUris,
OIDCIssuers: provider.OIDCIssuers,
}, nil
}

func ApplyTemplate(path string, data map[string]string, defaultData map[string]string) string {

// Here we merge the data from was claimed by the id token with the
// default data provided by the yaml file.
// The order here matter because we want to override the default data
// with the claimed data.
mergedData := make(map[string]string)
for k, v := range defaultData {
mergedData[k] = v
}
for k, v := range data {
mergedData[k] = v
}

// It checks it is a path or a raw field by
// checking exists template syntax into the string
if strings.Contains(path, "{{") {
var doc bytes.Buffer
t := template.New("")
p, err := t.Parse(path)
if err != nil {
panic(err)
}
err = p.Execute(&doc, mergedData)
if err != nil {
panic(err)
}
return doc.String()
} else {
return mergedData[path]
}
return nil, nil
}

// TO BE IMPLEMENTED. Just keeped as a guide
func (p Provider) Name(_ context.Context) string {
return p.Subject
return ""
}

func (p Provider) Embed(_ context.Context, cert *x509.Certificate) error {
Expand Down

0 comments on commit c88f941

Please sign in to comment.