Sebastiaan van Stijn
6868d273ec
replace github.com/golang/snappy with klauspost/compress/snappy
...
The github.com/golang/snappy repository was archived and is no longer
maintained. klauspost/compress provides a drop-in replacement, which
is actively maintained, and the klauspost/compress module is already
an existing (indirect) dependency.
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2026-03-26 22:58:08 +01:00
Eugene
9e54a6242b
Update pkg/cmd/attestation/api/client.go
...
Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>
2025-09-23 11:05:41 -04:00
ejahnGithub
3ba03e3200
add initiator_type for attestations
2025-09-23 10:59:07 -04:00
Meredith Lancaster
baeaf66011
restructure api client methods
...
Signed-off-by: Meredith Lancaster <malancas@github.com>
2025-03-24 19:13:27 -06:00
Meredith Lancaster
0d0654738b
simplify client methods
...
Signed-off-by: Meredith Lancaster <malancas@github.com>
2025-03-24 18:58:35 -06:00
Meredith Lancaster
a9cc7b481e
create single fetch by digest client method
...
Signed-off-by: Meredith Lancaster <malancas@github.com>
2025-03-24 18:28:27 -06:00
Meredith Lancaster
95a61974bf
pass params object to api client methods
...
Signed-off-by: Meredith Lancaster <malancas@github.com>
2025-03-24 18:01:57 -06:00
Meredith Lancaster
a78c06970a
pass predicate type to get attestation api methods
...
Signed-off-by: Meredith Lancaster <malancas@github.com>
2025-03-24 17:28:00 -06:00
Meredith Lancaster
795263524d
change permanent backoff error condition
...
Signed-off-by: Meredith Lancaster <malancas@github.com>
2025-01-30 11:11:41 -07:00
Meredith Lancaster
e9f7761423
dont retry when parsing fails
...
Signed-off-by: Meredith Lancaster <malancas@github.com>
2025-01-30 09:56:06 -07:00
Meredith Lancaster
dcb182b453
Merge branch 'trunk' into attestation-bundle-fetch-improvements
2025-01-30 09:53:27 -07:00
Meredith Lancaster
70ae9f39ef
update tests to account for logic flip
...
Signed-off-by: Meredith Lancaster <malancas@github.com>
2025-01-30 09:26:41 -07:00
Meredith Lancaster
ddb8855198
flip bundle fetching logic
...
Signed-off-by: Meredith Lancaster <malancas@github.com>
2025-01-30 09:12:48 -07:00
Meredith Lancaster
1d807c2291
add missing return statement
...
Signed-off-by: Meredith Lancaster <malancas@github.com>
2025-01-13 12:50:58 -07:00
Meredith Lancaster
611eb86e68
method update
...
Signed-off-by: Meredith Lancaster <malancas@github.com>
2025-01-13 12:47:25 -07:00
Meredith Lancaster
b7f6af03b5
update no attestations found err
...
Signed-off-by: Meredith Lancaster <malancas@github.com>
2025-01-13 12:42:10 -07:00
Meredith Lancaster
5462582401
drop unneeded methods
...
Signed-off-by: Meredith Lancaster <malancas@github.com>
2025-01-13 11:05:17 -07:00
Meredith Lancaster
40e7353b52
deduplicate get attestation code
...
Signed-off-by: Meredith Lancaster <malancas@github.com>
2025-01-13 11:02:33 -07:00
Meredith Lancaster
c7d04c980b
update testing
...
Signed-off-by: Meredith Lancaster <malancas@github.com>
2025-01-13 08:34:15 -07:00
Meredith Lancaster
8ad877b188
add check for invalid attestation
...
Signed-off-by: Meredith Lancaster <malancas@github.com>
2025-01-08 08:38:43 -07:00
Meredith Lancaster
33d0002d21
update tests to use new function name
...
Signed-off-by: Meredith Lancaster <malancas@github.com>
2025-01-07 15:22:02 -07:00
Meredith Lancaster
8d89dd97fd
Update pkg/cmd/attestation/api/client.go
...
Co-authored-by: Phill MV <phillmv@github.com>
2025-01-07 15:14:53 -07:00
Meredith Lancaster
51a74aed1d
Update pkg/cmd/attestation/api/client.go
...
Co-authored-by: Phill MV <phillmv@github.com>
2025-01-07 15:14:23 -07:00
Meredith Lancaster
42cb2547cd
remove old comment
...
Signed-off-by: Meredith Lancaster <malancas@github.com>
2025-01-07 14:13:50 -07:00
Meredith Lancaster
f46cccbab4
comment
...
Signed-off-by: Meredith Lancaster <malancas@github.com>
2025-01-07 12:03:49 -07:00
Meredith Lancaster
258c69cd26
undo more name chanages
...
Signed-off-by: Meredith Lancaster <malancas@github.com>
2025-01-07 11:56:05 -07:00
Meredith Lancaster
0a602fae07
undo other name change
...
Signed-off-by: Meredith Lancaster <malancas@github.com>
2025-01-07 11:54:02 -07:00
Meredith Lancaster
e03a36ea3c
add tests for bundle url fetch and fallback
...
Signed-off-by: Meredith Lancaster <malancas@github.com>
2025-01-06 12:12:26 -07:00
Meredith Lancaster
070b67e5a4
fetch bundles in parallel
...
Signed-off-by: Meredith Lancaster <malancas@github.com>
2025-01-06 10:44:55 -07:00
Meredith Lancaster
311f2b2e23
return fetch attestations err directly
...
Signed-off-by: Meredith Lancaster <malancas@github.com>
2025-01-06 10:39:40 -07:00
Meredith Lancaster
9051da39fc
provide additional logging and fallback
...
Signed-off-by: Meredith Lancaster <malancas@github.com>
2025-01-06 10:19:47 -07:00
Meredith Lancaster
ab4912ff48
fix failing tests
...
Signed-off-by: Meredith Lancaster <malancas@github.com>
2024-12-16 12:40:13 -07:00
Meredith Lancaster
fb020f2a79
update error messages
...
Signed-off-by: Meredith Lancaster <malancas@github.com>
2024-12-16 12:13:22 -07:00
Meredith Lancaster
8f5d7100f5
var naming
...
Signed-off-by: Meredith Lancaster <malancas@github.com>
2024-12-16 12:02:52 -07:00
Meredith Lancaster
6b95175363
add httpClient field to LiveClient struct
...
Signed-off-by: Meredith Lancaster <malancas@github.com>
2024-12-16 11:57:45 -07:00
Meredith Lancaster
e51b4efaa9
remove unused method
...
Signed-off-by: Meredith Lancaster <malancas@github.com>
2024-12-16 11:50:46 -07:00
Meredith Lancaster
5a6a7968a3
fetch bundles with sas url
...
Signed-off-by: Meredith Lancaster <malancas@github.com>
2024-12-16 11:25:43 -07:00
Meredith Lancaster
bfd140c0e5
initial pass at fetching bundles with sas urls
...
Signed-off-by: Meredith Lancaster <malancas@github.com>
2024-11-06 07:57:18 -07:00
Phill MV
e7446676b6
Minor tweaks, added backoff to getTrustDomain
2024-10-21 12:44:51 -04:00
Phill MV
efc1c97cf1
Added constant backoff retry to getAttestations.
2024-10-21 12:10:18 -04:00
Fredrik Skogman
1b59ec8ad0
This commit introduces tenancy aware attestation policy building.
...
This is done by inspecting the current hostname to determine if
tenancy is enabled.
The attestation commands also accepts a --hostname parameter, that
is used to pick the current host, similar to how the GH_HOST variable
can be used.
Signed-off-by: Fredrik Skogman <kommendorkapten@github.com>
2024-09-11 10:49:17 +02:00
Meredith Lancaster
90b7bf97c5
gh-attestation cmd integration ( #8698 )
...
* add attestation cmd
Signed-off-by: Meredith Lancaster <malancas@github.com>
* add codeowners
Signed-off-by: Meredith Lancaster <malancas@github.com>
* update args passed to the attestation cmd
Signed-off-by: Meredith Lancaster <malancas@github.com>
* rename file
Signed-off-by: Meredith Lancaster <malancas@github.com>
* use gh-attestation branch for passing iostreams from the root
Signed-off-by: Meredith Lancaster <malancas@github.com>
* add package security team entry to codeowners
Signed-off-by: Meredith Lancaster <malancas@github.com>
* start moving over verify cmd and general verification code
Signed-off-by: Meredith Lancaster <malancas@github.com>
* clean up common and verify specific policy code
Signed-off-by: Meredith Lancaster <malancas@github.com>
* move artifact package over
Signed-off-by: Meredith Lancaster <malancas@github.com>
* start pulling in the github api client wrapper
Signed-off-by: Meredith Lancaster <malancas@github.com>
* fix imports
Signed-off-by: Meredith Lancaster <malancas@github.com>
* add logger and test packages
Signed-off-by: Meredith Lancaster <malancas@github.com>
* add additional packages to support verify command
Signed-off-by: Meredith Lancaster <malancas@github.com>
* fix mock api client
Signed-off-by: Meredith Lancaster <malancas@github.com>
* clean up mock api client
Signed-off-by: Meredith Lancaster <malancas@github.com>
* include missing fields
Signed-off-by: Meredith Lancaster <malancas@github.com>
* use correct owner
Signed-off-by: Meredith Lancaster <malancas@github.com>
* add more mock api client options
Signed-off-by: Meredith Lancaster <malancas@github.com>
* add download cmd
Signed-off-by: Meredith Lancaster <malancas@github.com>
* add inspect cmd
Signed-off-by: Meredith Lancaster <malancas@github.com>
* pass factory object to inspect cmd, add inspect sub cmd to attestation cmd
Signed-off-by: Meredith Lancaster <malancas@github.com>
* add verify-tuf-root cmd
Signed-off-by: Meredith Lancaster <malancas@github.com>
* pass iostream struct from command
Signed-off-by: Meredith Lancaster <malancas@github.com>
* rename logger pkg to logger
Signed-off-by: Meredith Lancaster <malancas@github.com>
* fix path in codeowners
Signed-off-by: Meredith Lancaster <malancas@github.com>
* formatter
Signed-off-by: Meredith Lancaster <malancas@github.com>
* go mod tidy
Signed-off-by: Meredith Lancaster <malancas@github.com>
* fix printf linter issue
Signed-off-by: Meredith Lancaster <malancas@github.com>
* fix printf linter issue
Signed-off-by: Meredith Lancaster <malancas@github.com>
* check user's GH host for compatibility
Signed-off-by: Meredith Lancaster <malancas@github.com>
* pass oci client to commands directly
Signed-off-by: Meredith Lancaster <malancas@github.com>
* rename command
Signed-off-by: Meredith Lancaster <malancas@github.com>
* mark tuf-root-verify cmd hidden
Signed-off-by: Meredith Lancaster <malancas@github.com>
* move client initialization back to subcommands
Signed-off-by: Meredith Lancaster <malancas@github.com>
* add more verbose options and logging
Signed-off-by: Meredith Lancaster <malancas@github.com>
* add missing logger
Signed-off-by: Meredith Lancaster <malancas@github.com>
* add testing around OCI and API client
Signed-off-by: Meredith Lancaster <malancas@github.com>
* add integration test
Signed-off-by: Meredith Lancaster <malancas@github.com>
* fix file path
Signed-off-by: Meredith Lancaster <malancas@github.com>
* fix command
Signed-off-by: Meredith Lancaster <malancas@github.com>
* build executable before integration test
Signed-off-by: Meredith Lancaster <malancas@github.com>
* split integration tests
Signed-off-by: Meredith Lancaster <malancas@github.com>
* remove integration test steps
Signed-off-by: Meredith Lancaster <malancas@github.com>
* fix flag value
Signed-off-by: Meredith Lancaster <malancas@github.com>
* run integration tests on ubuntu for now
Signed-off-by: Meredith Lancaster <malancas@github.com>
* pull over doc updates
Signed-off-by: Meredith Lancaster <malancas@github.com>
* delete unused test data
Signed-off-by: Meredith Lancaster <malancas@github.com>
* remove Go patch version
Signed-off-by: Meredith Lancaster <malancas@github.com>
* switch assert to require
Signed-off-by: Meredith Lancaster <malancas@github.com>
* rename file
Signed-off-by: Meredith Lancaster <malancas@github.com>
* move integration tests to prexisting test workflow
Signed-off-by: Meredith Lancaster <malancas@github.com>
* use platform matrix for integration tests
Signed-off-by: Meredith Lancaster <malancas@github.com>
* simplify build step
Signed-off-by: Meredith Lancaster <malancas@github.com>
* use StringEnumFlag handling
Signed-off-by: Meredith Lancaster <malancas@github.com>
* typo
Signed-off-by: Meredith Lancaster <malancas@github.com>
* use the iostreams.Test helper func
Signed-off-by: Meredith Lancaster <malancas@github.com>
* create interface for oci client
Signed-off-by: Meredith Lancaster <malancas@github.com>
* add tests for oci client
Signed-off-by: Meredith Lancaster <malancas@github.com>
* rename files
Signed-off-by: Meredith Lancaster <malancas@github.com>
* format file
Signed-off-by: Meredith Lancaster <malancas@github.com>
* fix shellcheck issues
Signed-off-by: Meredith Lancaster <malancas@github.com>
* use testing TempDir method
Signed-off-by: Meredith Lancaster <malancas@github.com>
* cleanup unused tempdir handling
Signed-off-by: Meredith Lancaster <malancas@github.com>
* use table driven tests
Signed-off-by: Meredith Lancaster <malancas@github.com>
* check correct cmd
Signed-off-by: Meredith Lancaster <malancas@github.com>
* support repo option in download sub cmd
Signed-off-by: Meredith Lancaster <malancas@github.com>
* switch over to using RunE
Signed-off-by: Meredith Lancaster <malancas@github.com>
* unexport top level subcommand funcs
Signed-off-by: Meredith Lancaster <malancas@github.com>
* add comment around keychain option
Signed-off-by: Meredith Lancaster <malancas@github.com>
* update comments
Signed-off-by: Meredith Lancaster <malancas@github.com>
* fix inconsistent naming
Signed-off-by: Meredith Lancaster <malancas@github.com>
* add tests for CLI commands
Signed-off-by: Meredith Lancaster <malancas@github.com>
* check for noattestationsfound err
Signed-off-by: Meredith Lancaster <malancas@github.com>
* try out metadata abstraction instead
Signed-off-by: Meredith Lancaster <malancas@github.com>
* switch to using MetadataStore abstraction
Signed-off-by: Meredith Lancaster <malancas@github.com>
* include test case with failing metadata store
Signed-off-by: Meredith Lancaster <malancas@github.com>
* look for err specific to file write
Signed-off-by: Meredith Lancaster <malancas@github.com>
* unexport fields
Signed-off-by: Meredith Lancaster <malancas@github.com>
* return err when an unsupported hash alg is provided
Signed-off-by: Meredith Lancaster <malancas@github.com>
* PrintTableToStdOut returns err when rendering fails
Signed-off-by: Meredith Lancaster <malancas@github.com>
* start adding sigstore verifier unit tests
Signed-off-by: Meredith Lancaster <malancas@github.com>
* add more sigstore verifier specific tests
Signed-off-by: Meredith Lancaster <malancas@github.com>
* use cli table printer
Signed-off-by: Meredith Lancaster <malancas@github.com>
* return JSON results in slice instead of table
Signed-off-by: Meredith Lancaster <malancas@github.com>
* move mock client to test file
Signed-off-by: Meredith Lancaster <malancas@github.com>
* remove unneeded table printer method
Signed-off-by: Meredith Lancaster <malancas@github.com>
* add initial tests for tufrootverify cmd
Signed-off-by: Meredith Lancaster <malancas@github.com>
* formatting
Signed-off-by: Meredith Lancaster <malancas@github.com>
* cleanup method
Signed-off-by: Meredith Lancaster <malancas@github.com>
* close file in error handling branch
Signed-off-by: Meredith Lancaster <malancas@github.com>
* normalize artifact path
Signed-off-by: Meredith Lancaster <malancas@github.com>
* remove unneeded embedded file system
Signed-off-by: Meredith Lancaster <malancas@github.com>
* include image name reference err
Signed-off-by: Meredith Lancaster <malancas@github.com>
* use GH_DEBUG value for io handling
Signed-off-by: Meredith Lancaster <malancas@github.com>
* remove quiet and verbose flags
Signed-off-by: Meredith Lancaster <malancas@github.com>
* add more tufrootveriify tests
Signed-off-by: Meredith Lancaster <malancas@github.com>
* GitHubTUFOptions no longer needs to return error
Signed-off-by: Meredith Lancaster <malancas@github.com>
* remove unneeded slice
Signed-off-by: Meredith Lancaster <malancas@github.com>
* normalize all relative paths
Signed-off-by: Meredith Lancaster <malancas@github.com>
* clean up nil client checks
Signed-off-by: Meredith Lancaster <malancas@github.com>
* set api server based on host
Signed-off-by: Meredith Lancaster <malancas@github.com>
* add comment about http client
Signed-off-by: Meredith Lancaster <malancas@github.com>
* use format flag to handle json output in verify cmd
Signed-off-by: Meredith Lancaster <malancas@github.com>
* use format flag to handle json output
Signed-off-by: Meredith Lancaster <malancas@github.com>
* use normalized path for cli test arg
Signed-off-by: Meredith Lancaster <malancas@github.com>
* add tests for json output
Signed-off-by: Meredith Lancaster <malancas@github.com>
* cleanup error wrapping
Signed-off-by: Meredith Lancaster <malancas@github.com>
* use test fixtures correctly by normalizing path
Signed-off-by: Meredith Lancaster <malancas@github.com>
* dont clean
Signed-off-by: Meredith Lancaster <malancas@github.com>
* escape backwards slash for windows files with replace
Signed-off-by: Meredith Lancaster <malancas@github.com>
* use strings.Split func
Signed-off-by: Meredith Lancaster <malancas@github.com>
* use strings.Replace for all command tests
Signed-off-by: Meredith Lancaster <malancas@github.com>
* use CLI cache dir to store tuf metadata
Signed-off-by: Meredith Lancaster <malancas@github.com>
* Tweaked docstrings for gh attestation download
* Tweaked docstrings for gh attestation verify
* Fix for bug in gh attestation where the wrong hostname was being passed to the API client.
* lets hide tuf-root-verify eh?
* Forgot verify's short str.
* add remote verification test
Signed-off-by: Meredith Lancaster <malancas@github.com>
* Revert "add remote verification test"
This reverts commit c0ceb99ca8
2024-04-01 11:13:47 -06:00
