Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

fix validation for proposed vs committed log entries for intoto v0.0.1 #1309

Merged
merged 3 commits into from
Feb 6, 2023
Merged

fix validation for proposed vs committed log entries for intoto v0.0.1 #1309

merged 3 commits into from
Feb 6, 2023

Conversation

bobcallaway
Copy link
Member

PTAL; I prefer this fix over #1294 because it more explicitly expresses the validation logic that was originally intended in the JSON schema.

I'd also like to handle any fixes for other intoto versions in separate PRs where possible.

Signed-off-by: Bob Callaway bcallaway@google.com

@bobcallaway
fix validation for proposed vs committed log entries
b89a404 
Signed-off-by: Bob Callaway <bcallaway@google.com>
haydentherapper
haydentherapper previously approved these changes Jan 28, 2023
View reviewed changes
Copy link
Contributor

@haydentherapper haydentherapper left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Good with me! Just need to handle 0.0.2 in another PR

@bobcallaway
be more accepting of existing clients
65799fd 
Signed-off-by: Bob Callaway <bcallaway@google.com>
@bobcallaway bobcallaway requested a review from a team as a code owner January 28, 2023 17:02
@bobcallaway
update code comment
4144c6d 
Signed-off-by: Bob Callaway <bcallaway@google.com>
@codecov-commenter
Copy link

codecov-commenter commented Jan 28, 2023
edited
Loading

Codecov Report

Merging #1309 (4144c6d) into main (87170af) will decrease coverage by 0.06%.
The diff coverage is 13.04%.

📣 This organization is not using Codecov’s GitHub App Integration. We recommend you install it so Codecov can continue to function properly for your repositories. Learn more

@@            Coverage Diff             @@
##             main    #1309      +/-   ##
==========================================
- Coverage   63.13%   63.08%   -0.06%     
==========================================
  Files          82       82              
  Lines        7854     7883      +29     
==========================================
+ Hits         4959     4973      +14     
- Misses       2262     2272      +10     
- Partials      633      638       +5
Flag Coverage Δ
e2etests 46.61% <0.00%> (-0.06%) ⬇️
unittests 42.79% <13.04%> (+0.02%) ⬆️

Flags with carried forward coverage won't be shown. Click here to find out more.

Impacted Files Coverage Δ
pkg/types/intoto/v0.0.1/entry.go 65.44% <13.04%> (-5.35%) ⬇️
pkg/types/rekord/v0.0.1/entry.go 66.97% <0.00%> (-0.63%) ⬇️
pkg/types/helm/v0.0.1/entry.go 49.18% <0.00%> (ø)
pkg/client/rekor_client.go 91.17% <0.00%> (+1.17%) ⬆️
pkg/types/alpine/v0.0.1/entry.go 72.90% <0.00%> (+1.19%) ⬆️
pkg/pki/ssh/ssh.go 59.37% <0.00%> (+8.52%) ⬆️

Help us with your feedback. Take ten seconds to tell us how you rate us. Have a feature suggestion? Share it here.

@bobcallaway
Copy link
Member Author

bobcallaway commented Feb 6, 2023
edited
Loading

verified that upload and get worked for intoto v0.0.1 for cosign v1.12.0, v1.12.1, v1.13.0, v1.13.1, and 2.0.0-rc1 flows.

#!/bin/sh

for cs in `ls cosign-*`; do 
	# genuuid
	uuid=$(uuidgen)
	# tag ttl.sh/uuid
	docker tag hello-world ttl.sh/$uuid
	# push ttl.sh
	docker push ttl.sh/$uuid
	COSIGN_EXPERIMENTAL=1 ./$cs attest -y --predicate intoto_dsse.json --type custom --rekor-url http://localhost:3000 ttl.sh/$uuid
done

@bobcallaway bobcallaway merged commit db3428c into sigstore:main Feb 6, 2023
@github-actions github-actions bot added this to the v1.1.0 milestone Feb 6, 2023
bobcallaway added a commit to bobcallaway/rekor that referenced this pull request Feb 6, 2023
@bobcallaway
fix validation for proposed vs committed log entries for intoto v0.0.1 (
8612c1d 
sigstore#1309)

* fix validation for proposed vs committed log entries

Signed-off-by: Bob Callaway <bcallaway@google.com>

* be more accepting of existing clients

Signed-off-by: Bob Callaway <bcallaway@google.com>

* update code comment

Signed-off-by: Bob Callaway <bcallaway@google.com>

---------

Signed-off-by: Bob Callaway <bcallaway@google.com>
(cherry picked from commit db3428c)
bobcallaway added a commit that referenced this pull request Feb 17, 2023
@bobcallaway
backport fix from pr 1309 to release-branch (#1330)
4d52e29 
* fix validation for proposed vs committed log entries for intoto v0.0.1 (#1309)

* fix validation for proposed vs committed log entries

Signed-off-by: Bob Callaway <bcallaway@google.com>

* be more accepting of existing clients

Signed-off-by: Bob Callaway <bcallaway@google.com>

* update code comment

Signed-off-by: Bob Callaway <bcallaway@google.com>

---------

Signed-off-by: Bob Callaway <bcallaway@google.com>
(cherry picked from commit db3428c)

* update unit tests for release-1.0 branch

Signed-off-by: Bob Callaway <bcallaway@google.com>

* fix gofmt lint warnings

Signed-off-by: Bob Callaway <bcallaway@google.com>

---------

Signed-off-by: Bob Callaway <bcallaway@google.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@haydentherapper haydentherapper haydentherapper approved these changes

@asraa asraa asraa approved these changes

Assignees
No one assigned
Labels
backport_candidate
Projects
None yet
Milestone
v1.1.0
Development

Successfully merging this pull request may close these issues.
4 participants
@bobcallaway @codecov-commenter @asraa @haydentherapper