From 6b6e8c3503572446848224f353b7471ff3df2176 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Batuhan=20Apayd=C4=B1n?= Date: Fri, 27 Aug 2021 00:25:10 +0300 Subject: [PATCH] improve documentation about predicate type and change predicate type from provenance to slsaprovenance MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Batuhan Apaydın --- cmd/cosign/cli/attest.go | 16 ++++++++-------- pkg/cosign/attestation/attestation.go | 2 +- 2 files changed, 9 insertions(+), 9 deletions(-) diff --git a/cmd/cosign/cli/attest.go b/cmd/cosign/cli/attest.go index ce169d45454..7fb640bbc84 100644 --- a/cmd/cosign/cli/attest.go +++ b/cmd/cosign/cli/attest.go @@ -50,7 +50,7 @@ func Attest() *ffcli.Command { predicatePath = flagset.String("predicate", "", "path to the predicate file.") force = flagset.Bool("f", false, "skip warnings and confirmations") idToken = flagset.String("identity-token", "", "[EXPERIMENTAL] identity token to use for certificate from fulcio") - predicateType = flagset.String("type", "custom", "specify predicate type (default: custom) (provenance|link|spdx)") + predicateType = flagset.String("type", "custom", "specify predicate type (default: custom) (slsaprovenance|link|spdx)") ) return &ffcli.Command{ Name: "attest", @@ -60,25 +60,25 @@ func Attest() *ffcli.Command { EXAMPLES # attach an attestation to a container image Google sign-in (experimental) - COSIGN_EXPERIMENTAL=1 cosign attest -predicate + COSIGN_EXPERIMENTAL=1 cosign attest -predicate -type # attach an attestation to a container image with a local key pair file - cosign attest -predicate -key cosign.key + cosign attest -predicate -type -key cosign.key # attach an attestation to a container image with a key pair stored in Azure Key Vault - cosign attest -predicate -key azurekms://[VAULT_NAME][VAULT_URI]/[KEY] + cosign attest -predicate -type -key azurekms://[VAULT_NAME][VAULT_URI]/[KEY] # attach an attestation to a container image with a key pair stored in AWS KMS - cosign attest -predicate -key awskms://[ENDPOINT]/[ID/ALIAS/ARN] + cosign attest -predicate -type -key awskms://[ENDPOINT]/[ID/ALIAS/ARN] # attach an attestation to a container image with a key pair stored in Google Cloud KMS - cosign attest -predicate -key gcpkms://projects/[PROJECT]/locations/global/keyRings/[KEYRING]/cryptoKeys/[KEY]/versions/[VERSION] + cosign attest -predicate -type -key gcpkms://projects/[PROJECT]/locations/global/keyRings/[KEYRING]/cryptoKeys/[KEY]/versions/[VERSION] # attach an attestation to a container image with a key pair stored in Hashicorp Vault - cosign attest -predicate -key hashivault://[KEY] + cosign attest -predicate -type -key hashivault://[KEY] # attach an attestation to a container image which does not fully support OCI media types - COSIGN_DOCKER_MEDIA_TYPES=1 cosign attest -predicate -key cosign.key legacy-registry.example.com/my/image + COSIGN_DOCKER_MEDIA_TYPES=1 cosign attest -predicate -type -key cosign.key legacy-registry.example.com/my/image `, FlagSet: flagset, Exec: func(ctx context.Context, args []string) error { diff --git a/pkg/cosign/attestation/attestation.go b/pkg/cosign/attestation/attestation.go index a0ec067987b..bb86dc791a7 100644 --- a/pkg/cosign/attestation/attestation.go +++ b/pkg/cosign/attestation/attestation.go @@ -70,7 +70,7 @@ func GenerateStatement(opts GenerateOpts) (interface{}, error) { now := opts.Time() stamp := now.UTC().Format(time.RFC3339) return generateCustomStatement(rawPayload, opts.Digest, opts.Repo, stamp) - case "provenance": + case "slsaprovenance": return generateSLSAProvenanceStatement(rawPayload, opts.Digest, opts.Repo) case "spdx": return generateSPDXStatement(rawPayload, opts.Digest, opts.Repo)