Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Attempt to clean up pkg/cosign #2018

Merged
merged 2 commits into from
Jun 24, 2022
Merged

Attempt to clean up pkg/cosign #2018

merged 2 commits into from
Jun 24, 2022

Conversation

imjasonh
Copy link
Member

Summary

pkg/cosign is a bit of a kitchen sink at the moment, with 58 total imports, and lots of exported methods that only make sense to be used by the CLI and shouldn't be used by external packages. I started doing more and wanted to stop before making this too big. I'll send another PR to move stuff to internal packages.

  • remove pkg/cosign.SetSkipConfirmation, move it from a root option to a
    per-method option when it's actually used, remove the global bool.
  • add TODOs to move more methods to internal packages, or to the only
    places they're used.
  • unexport some stuff that can be unexported easily.

Things like pkg/cosign.FindTLogEntry seem generally useful, and probably belong in sigstore/sigstore, if they're not already.

Signed-off-by: Jason Hall jason@chainguard.dev

Release Note

Some types and methods not likely to be used outside of the cosign CLI in pkg/cosign are removed

@imjasonh
Attempt to clean up pkg/cosign
20bbf95 
- remove pkg/cosign.SetSkipConfirmation, move it from a root option to a
  per-method option when it's actually used, remove the global bool.
- add TODOs to move more methods to internal packages, or to the only
  places they're used.
- unexport some stuff that can be unexported easily.

Signed-off-by: Jason Hall <jason@chainguard.dev>
hectorj2f
hectorj2f previously approved these changes Jun 23, 2022
View reviewed changes
@codecov-commenter
Copy link

codecov-commenter commented Jun 23, 2022
edited
Loading

Codecov Report

Merging #2018 (8e2ceae) into main (4e282fd) will decrease coverage by 0.02%.
The diff coverage is 0.00%.

@@            Coverage Diff             @@
##             main    #2018      +/-   ##
==========================================
- Coverage   26.15%   26.13%   -0.03%     
==========================================
  Files         127      127              
  Lines        7425     7432       +7     
==========================================
  Hits         1942     1942              
- Misses       5228     5235       +7     
  Partials      255      255
Impacted Files Coverage Δ
cmd/cosign/cli/attest.go 0.00% <0.00%> (ø)
cmd/cosign/cli/clean.go 0.00% <0.00%> (ø)
cmd/cosign/cli/commands.go 0.00% <ø> (ø)
cmd/cosign/cli/fulcio/fulcio.go 18.10% <0.00%> (ø)
cmd/cosign/cli/importkeypair/import_key_pair.go 15.90% <ø> (+0.35%) ⬆️
cmd/cosign/cli/options/attest.go 0.00% <0.00%> (ø)
cmd/cosign/cli/options/policy.go 0.00% <0.00%> (ø)
cmd/cosign/cli/options/root.go 0.00% <ø> (ø)
cmd/cosign/cli/options/sign.go 0.00% <0.00%> (ø)
cmd/cosign/cli/options/signblob.go 0.00% <0.00%> (ø)
... and 6 more

Continue to review full report at Codecov.

Legend - Click here to learn more
Δ = absolute <relative> (impact), ø = not affected, ? = missing data
Powered by Codecov. Last update 4e282fd...8e2ceae. Read the comment docs.

@imjasonh
make docgen
8e2ceae 
Signed-off-by: Jason Hall <jason@chainguard.dev>
@dlorenc dlorenc merged commit 6eeb3cf into sigstore:main Jun 24, 2022
@github-actions github-actions bot added this to the v1.10.0 milestone Jun 24, 2022
@asraa
Copy link
Contributor

asraa commented Jun 24, 2022

Things like pkg/cosign.FindTLogEntry seem generally useful, and probably belong in sigstore/sigstore, if they're not already.

I wonder if there's a good way to put this in rekor over sigstore/sigstore. It feels more appropriate there, since it's very specific to rekor's API

@haydentherapper
Copy link
Contributor

Sorry, just saw this PR - @imjasonh , why did we remove the global skip flag? This was intentional so we wouldn't have to worry about duplication.

@imjasonh
Copy link
Member Author

Sorry, just saw this PR - @imjasonh , why did we remove the global skip flag? This was intentional so we wouldn't have to worry about duplication.

Sorry about that.

I removed it since it wasn't actually used in most CLI surfaces, and could be confusing/misleading (e.g., cosign download sbom --skip-confirmation), and because it led to having an exported method that modified global state, cosign.SetSkipConfirmation.

I'm fine putting it back if that's a problem, but I think it's kind of a smell. If it exists I think I'd want to make sure it ends up in an internal package so folks consuming cosign as a library aren't tempted to use it.

@haydentherapper
Copy link
Contributor

Agreed, don't want to let users use this flag. If not in internal, another option would be under cli? I agree that it might be misleading in some cases, though I'd like it to be used to skip confirmations for all commands going forward.

@imjasonh
Copy link
Member Author

Agreed, don't want to let users use this flag. If not in internal, another option would be under cli? I agree that it might be misleading in some cases, though I'd like it to be used to skip confirmations for all commands going forward.

That's what's potentially confusing though, many commands don't have a confirmation to skip, so it's misleading (I thought) to have the option.

I don't feel that strongly though about having a global --skip-confirmation flag or env option, so if you want it I can put it back, and just have that global flag do nothing most of the time, and pipe through o.SkipConfirmation when it's needed.

@haydentherapper
Copy link
Contributor

I don't feel super strongly. I'd like there to not be duplication for the prompt functions though for uniformity, so if they were centralized in one location, that'd be great.

imjasonh
imjasonh commented Jun 30, 2022
View reviewed changes
cmd/cosign/cli/clean.go
@@ -49,9 +50,21 @@ func Clean() *cobra.Command {
return cmd
}

// confirmPromptDestructive prompts the user for confirmation for an action. Ignores
// skipConfirmation.
func confirmPromptDestructive(msg string) (bool, error) {
Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@haydentherapper do you mean replacing this with a cosign.ConfirmPrompt(msg, false)? If so that sounds like an easy fix I can send out shortly.

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Yea, just having one destructive prompt function, one normal confirm prompt function.

@imjasonh imjasonh mentioned this pull request Jun 30, 2022
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@haydentherapper haydentherapper haydentherapper left review comments

@dlorenc dlorenc dlorenc approved these changes

@hectorj2f hectorj2f hectorj2f left review comments

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
v1.10.0
Development

Successfully merging this pull request may close these issues.
6 participants
@imjasonh @codecov-commenter @asraa @haydentherapper @dlorenc @hectorj2f