fixup! feat: key interface

sse-secure-systems · Apr 8, 2022 · 953e66e · 953e66e
1 parent d8a9b68
commit 953e66e
Show file tree

Hide file tree

Showing 2 changed files with 12 additions and 6 deletions.
diff --git a/connaisseur/keys.py b/connaisseur/keys.py
@@ -11,6 +11,9 @@
 
 
 class KeyInterface:
+    """
+    Interface form which all keys inherit.
+    """
     def __new__(cls, data: object):
         instance = super(KeyInterface, cls).__new__(cls)
         instance.__init__(data)
@@ -40,7 +43,6 @@ def __new__(cls, data: str):
 
     @staticmethod
     def __get_key_type_cls(data: str):
-        # key gets automatically identified
         if re.match(KEYLESS_REGEX, data):
             return KeyLessKey, data
         elif re.match(KMS_REGEX, data):

diff --git a/connaisseur/validators/cosign/cosign_validator.py b/connaisseur/validators/cosign/cosign_validator.py
@@ -217,6 +217,11 @@ def __get_cosign_validated_digests(self, image: str, trust_root: dict):
         return digests.pop()
 
     def __validate_using_key(self, image: str, key: Key):
+        """
+        Call the `CosignValidator.__invoke_cosign` method, using a specific key.
+        Depending on the type of key, the `CosignValidator.__invoke_cosign` method will
+        be called with different arguments.
+        """
         if isinstance(key, ECDSAKey):
             return self.__invoke_cosign(
                 image, ["--key", "/dev/stdin", key.value.to_pem()]
@@ -230,9 +235,9 @@ def __validate_using_key(self, image: str, key: Key):
 
     def __invoke_cosign(self, image: str, key_args: list):
         """
-        Callback function that is passed on to any `key.verify()` that is using a cosign
-        validator. Invokes the actual cosign command with different arguments, depending
-        on specific key at hand.
+        Invoke the Cosign binary in a subprocess for a specific `image` given a `key` and
+        return the returncode, stdout and stderr. Will raise an exception if Cosign times
+        out.
         """
         option_kword, inline_key, key = key_args
         cmd = [
@@ -266,8 +271,7 @@ def __invoke_cosign(self, image: str, key_args: list):
 
     def __get_envs(self):
         """
-        Sets up environment variables used by cosign for potential authentication or TLS
-        verification against private registries.
+        Set up environment variables used by cosign.
         """
         env = os.environ.copy()
         # Extend the OS env vars only for passing to the subprocess below