STACKITGit/cli
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

fix tenant-awareness for trusted-root command

Browse source 
Signed-off-by: Brian DeHamer <bdehamer@github.com>
This commit is contained in:
Brian DeHamer 2024-09-18 14:05:04 -07:00
parent 71b2aeab75
commit 8123de9722
No known key found for this signature in database
1 changed files with 8 additions and 7 deletions
Download patch file Download diff file Expand all files Collapse all files

15
pkg/cmd/attestation/trustedroot/trustedroot.go
View file

@ -116,6 +116,12 @@ func getTrustedRoot(makeTUF tufClientInstantiator, opts *Options) error {
// Disable local caching, so we get up-to-date response from TUF repository
tufOpt.CacheValidity = 0
// Target will be either the default trusted root, or the trust domain-qualified one
ghTR := defaultTR
if opts.TrustDomain != "" {
ghTR = fmt.Sprintf("%s.%s", opts.TrustDomain, defaultTR)
}
if opts.TufUrl != "" && opts.TufRootPath != "" {
tufRoot, err := os.ReadFile(opts.TufRootPath)
if err != nil {
@ -126,7 +132,7 @@ func getTrustedRoot(makeTUF tufClientInstantiator, opts *Options) error {
tufOpt.RepositoryBaseURL = opts.TufUrl
tufOptions = append(tufOptions, tufConfig{
tufOptions: tufOpt,
targets: []string{defaultTR},
targets: []string{ghTR},
})
} else {
// Get from both Sigstore public good and GitHub private instance
@ -137,14 +143,9 @@ func getTrustedRoot(makeTUF tufClientInstantiator, opts *Options) error {
tufOpt = verification.GitHubTUFOptions()
tufOpt.CacheValidity = 0
targets := []string{defaultTR}
if opts.TrustDomain != "" {
targets = append(targets, fmt.Sprintf("%s.%s",
opts.TrustDomain, defaultTR))
}
tufOptions = append(tufOptions, tufConfig{
tufOptions: tufOpt,
targets: targets,
targets: []string{ghTR},
})
}