92 lines
2.7 KiB
Go
92 lines
2.7 KiB
Go
package attestation
|
|
|
|
import (
|
|
"fmt"
|
|
"net/http"
|
|
"strings"
|
|
|
|
"github.com/cli/cli/v2/internal/gh"
|
|
"github.com/cli/cli/v2/internal/ghinstance"
|
|
"github.com/cli/cli/v2/internal/ghrepo"
|
|
"github.com/cli/cli/v2/pkg/cmd/attestation/api"
|
|
"github.com/cli/cli/v2/pkg/cmd/attestation/artifact/oci"
|
|
"github.com/cli/cli/v2/pkg/cmd/attestation/io"
|
|
"github.com/cli/cli/v2/pkg/cmd/attestation/verification"
|
|
"github.com/cli/cli/v2/pkg/cmdutil"
|
|
"github.com/cli/cli/v2/pkg/iostreams"
|
|
)
|
|
|
|
type VerifyOptions struct {
|
|
HttpClient func() (*http.Client, error)
|
|
IO *iostreams.IOStreams
|
|
BaseRepo func() (ghrepo.Interface, error)
|
|
Exporter cmdutil.Exporter
|
|
TagName string
|
|
}
|
|
|
|
// AttestOptions captures the options for the verify command
|
|
type AttestOptions struct {
|
|
Config func() (gh.Config, error)
|
|
HttpClient *http.Client
|
|
IO *iostreams.IOStreams
|
|
BaseRepo ghrepo.Interface
|
|
Exporter cmdutil.Exporter
|
|
TagName string
|
|
TrustedRoot string
|
|
DigestAlgorithm string
|
|
Limit int
|
|
OIDCIssuer string
|
|
Owner string
|
|
PredicateType string
|
|
Repo string
|
|
SAN string
|
|
SANRegex string
|
|
SignerDigest string
|
|
SignerRepo string
|
|
SignerWorkflow string
|
|
SourceDigest string
|
|
SourceRef string
|
|
APIClient api.Client
|
|
Logger *io.Handler
|
|
OCIClient oci.Client
|
|
SigstoreVerifier verification.SigstoreVerifier
|
|
exporter cmdutil.Exporter
|
|
Hostname string
|
|
EC verification.EnforcementCriteria
|
|
// Tenant is only set when tenancy is used
|
|
Tenant string
|
|
}
|
|
|
|
// AreFlagsValid checks that the provided flag combination is valid
|
|
// and returns an error otherwise
|
|
func (opts *AttestOptions) AreFlagsValid() error {
|
|
// If provided, check that the Repo option is in the expected format <OWNER>/<REPO>
|
|
if opts.Repo != "" && !isProvidedRepoValid(opts.Repo) {
|
|
return fmt.Errorf("invalid value provided for repo: %s", opts.Repo)
|
|
}
|
|
|
|
// If provided, check that the SignerRepo option is in the expected format <OWNER>/<REPO>
|
|
if opts.SignerRepo != "" && !isProvidedRepoValid(opts.SignerRepo) {
|
|
return fmt.Errorf("invalid value provided for signer-repo: %s", opts.SignerRepo)
|
|
}
|
|
|
|
// Check that limit is between 1 and 1000
|
|
if opts.Limit < 1 || opts.Limit > 1000 {
|
|
return fmt.Errorf("limit %d not allowed, must be between 1 and 1000", opts.Limit)
|
|
}
|
|
|
|
// Verify provided hostname
|
|
if opts.Hostname != "" {
|
|
if err := ghinstance.HostnameValidator(opts.Hostname); err != nil {
|
|
return fmt.Errorf("error parsing hostname: %w", err)
|
|
}
|
|
}
|
|
|
|
return nil
|
|
}
|
|
|
|
func isProvidedRepoValid(repo string) bool {
|
|
// we expect a provided repository argument be in the format <OWNER>/<REPO>
|
|
splitRepo := strings.Split(repo, "/")
|
|
return len(splitRepo) == 2
|
|
}
|