STACKITGit/cli
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
cli/pkg/cmd/attestation/test/data/sigstoreBundle-invalid-signature.json
Meredith Lancaster 90b7bf97c5
gh-attestation cmd integration (#8698) 
* add attestation cmd

Signed-off-by: Meredith Lancaster <malancas@github.com>

* add codeowners

Signed-off-by: Meredith Lancaster <malancas@github.com>

* update args passed to the attestation cmd

Signed-off-by: Meredith Lancaster <malancas@github.com>

* rename file

Signed-off-by: Meredith Lancaster <malancas@github.com>

* use gh-attestation branch for passing iostreams from the root

Signed-off-by: Meredith Lancaster <malancas@github.com>

* add package security team entry to codeowners

Signed-off-by: Meredith Lancaster <malancas@github.com>

* start moving over verify cmd and general verification code

Signed-off-by: Meredith Lancaster <malancas@github.com>

* clean up common and verify specific policy code

Signed-off-by: Meredith Lancaster <malancas@github.com>

* move artifact package over

Signed-off-by: Meredith Lancaster <malancas@github.com>

* start pulling in the github api client wrapper

Signed-off-by: Meredith Lancaster <malancas@github.com>

* fix imports

Signed-off-by: Meredith Lancaster <malancas@github.com>

* add logger and test packages

Signed-off-by: Meredith Lancaster <malancas@github.com>

* add additional packages to support verify command

Signed-off-by: Meredith Lancaster <malancas@github.com>

* fix mock api client

Signed-off-by: Meredith Lancaster <malancas@github.com>

* clean up mock api client

Signed-off-by: Meredith Lancaster <malancas@github.com>

* include missing fields

Signed-off-by: Meredith Lancaster <malancas@github.com>

* use correct owner

Signed-off-by: Meredith Lancaster <malancas@github.com>

* add more mock api client options

Signed-off-by: Meredith Lancaster <malancas@github.com>

* add download cmd

Signed-off-by: Meredith Lancaster <malancas@github.com>

* add inspect cmd

Signed-off-by: Meredith Lancaster <malancas@github.com>

* pass factory object to inspect cmd, add inspect sub cmd to attestation cmd

Signed-off-by: Meredith Lancaster <malancas@github.com>

* add verify-tuf-root cmd

Signed-off-by: Meredith Lancaster <malancas@github.com>

* pass iostream struct from command

Signed-off-by: Meredith Lancaster <malancas@github.com>

* rename logger pkg to logger

Signed-off-by: Meredith Lancaster <malancas@github.com>

* fix path in codeowners

Signed-off-by: Meredith Lancaster <malancas@github.com>

* formatter

Signed-off-by: Meredith Lancaster <malancas@github.com>

* go mod tidy

Signed-off-by: Meredith Lancaster <malancas@github.com>

* fix printf linter issue

Signed-off-by: Meredith Lancaster <malancas@github.com>

* fix printf linter issue

Signed-off-by: Meredith Lancaster <malancas@github.com>

* check user's GH host for compatibility

Signed-off-by: Meredith Lancaster <malancas@github.com>

* pass oci client to commands directly

Signed-off-by: Meredith Lancaster <malancas@github.com>

* rename command

Signed-off-by: Meredith Lancaster <malancas@github.com>

* mark tuf-root-verify cmd hidden

Signed-off-by: Meredith Lancaster <malancas@github.com>

* move client initialization back to subcommands

Signed-off-by: Meredith Lancaster <malancas@github.com>

* add more verbose options and logging

Signed-off-by: Meredith Lancaster <malancas@github.com>

* add missing logger

Signed-off-by: Meredith Lancaster <malancas@github.com>

* add testing around OCI and API client

Signed-off-by: Meredith Lancaster <malancas@github.com>

* add integration test

Signed-off-by: Meredith Lancaster <malancas@github.com>

* fix file path

Signed-off-by: Meredith Lancaster <malancas@github.com>

* fix command

Signed-off-by: Meredith Lancaster <malancas@github.com>

* build executable before integration test

Signed-off-by: Meredith Lancaster <malancas@github.com>

* split integration tests

Signed-off-by: Meredith Lancaster <malancas@github.com>

* remove integration test steps

Signed-off-by: Meredith Lancaster <malancas@github.com>

* fix flag value

Signed-off-by: Meredith Lancaster <malancas@github.com>

* run integration tests on ubuntu for now

Signed-off-by: Meredith Lancaster <malancas@github.com>

* pull over doc updates

Signed-off-by: Meredith Lancaster <malancas@github.com>

* delete unused test data

Signed-off-by: Meredith Lancaster <malancas@github.com>

* remove Go patch version

Signed-off-by: Meredith Lancaster <malancas@github.com>

* switch assert to require

Signed-off-by: Meredith Lancaster <malancas@github.com>

* rename file

Signed-off-by: Meredith Lancaster <malancas@github.com>

* move integration tests to prexisting test workflow

Signed-off-by: Meredith Lancaster <malancas@github.com>

* use platform matrix for integration tests

Signed-off-by: Meredith Lancaster <malancas@github.com>

* simplify build step

Signed-off-by: Meredith Lancaster <malancas@github.com>

* use StringEnumFlag handling

Signed-off-by: Meredith Lancaster <malancas@github.com>

* typo

Signed-off-by: Meredith Lancaster <malancas@github.com>

* use the iostreams.Test helper func

Signed-off-by: Meredith Lancaster <malancas@github.com>

* create interface for oci client

Signed-off-by: Meredith Lancaster <malancas@github.com>

* add tests for oci client

Signed-off-by: Meredith Lancaster <malancas@github.com>

* rename files

Signed-off-by: Meredith Lancaster <malancas@github.com>

* format file

Signed-off-by: Meredith Lancaster <malancas@github.com>

* fix shellcheck issues

Signed-off-by: Meredith Lancaster <malancas@github.com>

* use testing TempDir method

Signed-off-by: Meredith Lancaster <malancas@github.com>

* cleanup unused tempdir handling

Signed-off-by: Meredith Lancaster <malancas@github.com>

* use table driven tests

Signed-off-by: Meredith Lancaster <malancas@github.com>

* check correct cmd

Signed-off-by: Meredith Lancaster <malancas@github.com>

* support repo option in download sub cmd

Signed-off-by: Meredith Lancaster <malancas@github.com>

* switch over to using RunE

Signed-off-by: Meredith Lancaster <malancas@github.com>

* unexport top level subcommand funcs

Signed-off-by: Meredith Lancaster <malancas@github.com>

* add comment around keychain option

Signed-off-by: Meredith Lancaster <malancas@github.com>

* update comments

Signed-off-by: Meredith Lancaster <malancas@github.com>

* fix inconsistent naming

Signed-off-by: Meredith Lancaster <malancas@github.com>

* add tests for CLI commands

Signed-off-by: Meredith Lancaster <malancas@github.com>

* check for noattestationsfound err

Signed-off-by: Meredith Lancaster <malancas@github.com>

* try out metadata abstraction instead

Signed-off-by: Meredith Lancaster <malancas@github.com>

* switch to using MetadataStore abstraction

Signed-off-by: Meredith Lancaster <malancas@github.com>

* include test case with failing metadata store

Signed-off-by: Meredith Lancaster <malancas@github.com>

* look for err specific to file write

Signed-off-by: Meredith Lancaster <malancas@github.com>

* unexport fields

Signed-off-by: Meredith Lancaster <malancas@github.com>

* return err when an unsupported hash alg is provided

Signed-off-by: Meredith Lancaster <malancas@github.com>

* PrintTableToStdOut returns err when rendering fails

Signed-off-by: Meredith Lancaster <malancas@github.com>

* start adding sigstore verifier unit tests

Signed-off-by: Meredith Lancaster <malancas@github.com>

* add more sigstore verifier specific tests

Signed-off-by: Meredith Lancaster <malancas@github.com>

* use cli table printer

Signed-off-by: Meredith Lancaster <malancas@github.com>

* return JSON results in slice instead of table

Signed-off-by: Meredith Lancaster <malancas@github.com>

* move mock client to test file

Signed-off-by: Meredith Lancaster <malancas@github.com>

* remove unneeded table printer method

Signed-off-by: Meredith Lancaster <malancas@github.com>

* add initial tests for tufrootverify cmd

Signed-off-by: Meredith Lancaster <malancas@github.com>

* formatting

Signed-off-by: Meredith Lancaster <malancas@github.com>

* cleanup method

Signed-off-by: Meredith Lancaster <malancas@github.com>

* close file in error handling branch

Signed-off-by: Meredith Lancaster <malancas@github.com>

* normalize artifact path

Signed-off-by: Meredith Lancaster <malancas@github.com>

* remove unneeded embedded file system

Signed-off-by: Meredith Lancaster <malancas@github.com>

* include image name reference err

Signed-off-by: Meredith Lancaster <malancas@github.com>

* use GH_DEBUG value for io handling

Signed-off-by: Meredith Lancaster <malancas@github.com>

* remove quiet and verbose flags

Signed-off-by: Meredith Lancaster <malancas@github.com>

* add more tufrootveriify tests

Signed-off-by: Meredith Lancaster <malancas@github.com>

* GitHubTUFOptions no longer needs to return error

Signed-off-by: Meredith Lancaster <malancas@github.com>

* remove unneeded slice

Signed-off-by: Meredith Lancaster <malancas@github.com>

* normalize all relative paths

Signed-off-by: Meredith Lancaster <malancas@github.com>

* clean up nil client checks

Signed-off-by: Meredith Lancaster <malancas@github.com>

* set api server based on host

Signed-off-by: Meredith Lancaster <malancas@github.com>

* add comment about http client

Signed-off-by: Meredith Lancaster <malancas@github.com>

* use format flag to handle json output in verify cmd

Signed-off-by: Meredith Lancaster <malancas@github.com>

* use format flag to handle json output

Signed-off-by: Meredith Lancaster <malancas@github.com>

* use normalized path for cli test arg

Signed-off-by: Meredith Lancaster <malancas@github.com>

* add tests for json output

Signed-off-by: Meredith Lancaster <malancas@github.com>

* cleanup error wrapping

Signed-off-by: Meredith Lancaster <malancas@github.com>

* use test fixtures correctly by normalizing path

Signed-off-by: Meredith Lancaster <malancas@github.com>

* dont clean

Signed-off-by: Meredith Lancaster <malancas@github.com>

* escape backwards slash for windows files with replace

Signed-off-by: Meredith Lancaster <malancas@github.com>

* use strings.Split func

Signed-off-by: Meredith Lancaster <malancas@github.com>

* use strings.Replace for all command tests

Signed-off-by: Meredith Lancaster <malancas@github.com>

* use CLI cache dir to store tuf metadata

Signed-off-by: Meredith Lancaster <malancas@github.com>

* Tweaked docstrings for gh attestation download

* Tweaked docstrings for gh attestation verify

* Fix for bug in gh attestation where the wrong hostname was being passed to the API client.

* lets hide tuf-root-verify eh?

* Forgot verify's short str.

* add remote verification test

Signed-off-by: Meredith Lancaster <malancas@github.com>

* Revert "add remote verification test"

This reverts commit c0ceb99ca8.

* update json result handling

Signed-off-by: Meredith Lancaster <malancas@github.com>

* add json tags to struct returned by command

Signed-off-by: Meredith Lancaster <malancas@github.com>

* fix how json results are handled

Signed-off-by: Meredith Lancaster <malancas@github.com>

* add test to ensure JSON output is valid

Signed-off-by: Meredith Lancaster <malancas@github.com>

---------

Signed-off-by: Meredith Lancaster <malancas@github.com>
Co-authored-by: Phill MV <phillmv@github.com>
2024-04-01 11:13:47 -06:00

48 lines
5.6 KiB
JSON
Raw Blame History

{
"mediaType": "application/vnd.dev.sigstore.bundle+json;version=0.1",
"verificationMaterial": {
"tlogEntries": [
{
"logIndex": "6751924",
"logId": {
"keyId": "wNI9atQGlz+VWfO6LRygH4QUfY/8W4RFwiT5i5WRgB0="
},
"kindVersion": {
"kind": "intoto",
"version": "0.0.2"
},
"integratedTime": "1667948287",
"inclusionPromise": {
"signedEntryTimestamp": "MEQCIEzguFRaGzOpMw9JJGUfqSJQ11qlzpcyVCkZfZYPwpLCAiBzdU4LnjtVKYCfyoTImFh3OLFWeOKygtS47Z8fp1GYHg=="
},
"canonicalizedBody": "eyJhcGlWZXJzaW9uIjoiMC4wLjIiLCJraW5kIjoiaW50b3RvIiwic3BlYyI6eyJjb250ZW50Ijp7ImVudmVsb3BlIjp7InBheWxvYWRUeXBlIjoidGV4dC9wbGFpbiIsInNpZ25hdHVyZXMiOlt7InB1YmxpY0tleSI6IkxTMHRMUzFDUlVkSlRpQkRSVkpVU1VaSlEwRlVSUzB0TFMwdENrMUpTVU51ZWtORFFXbFhaMEYzU1VKQlowbFZWa2gzWldoUGRFZHVORXRUUkRGSU9GSkpOVGd4VFdaaWVXVjNkME5uV1VsTGIxcEplbW93UlVGM1RYY0tUbnBGVmsxQ1RVZEJNVlZGUTJoTlRXTXliRzVqTTFKMlkyMVZkVnBIVmpKTlVqUjNTRUZaUkZaUlVVUkZlRlo2WVZka2VtUkhPWGxhVXpGd1ltNVNiQXBqYlRGc1drZHNhR1JIVlhkSWFHTk9UV3BKZUUxVVFUUk5ha2t4VDBSQk1sZG9ZMDVOYWtsNFRWUkJORTFxVFhkUFJFRXlWMnBCUVUxR2EzZEZkMWxJQ2t0dldrbDZhakJEUVZGWlNVdHZXa2w2YWpCRVFWRmpSRkZuUVVWSFp6WklhbmgwTWxWT2FVb3hhM2QzY1RWWVVVbEpkMDFhYmtwbVZsRXpZa1l3TVhVS1drdDBaVTFrWTFZdk0zRm9RMjFYVDJWamIzaFNjWGR5WWxsVWMyaEhaemxPZVZoalFtSjJaVFo2UzNkYVZsUk1aWEZQUTBGVlVYZG5aMFpCVFVFMFJ3cEJNVlZrUkhkRlFpOTNVVVZCZDBsSVowUkJWRUpuVGxaSVUxVkZSRVJCUzBKblozSkNaMFZHUWxGalJFRjZRV1JDWjA1V1NGRTBSVVpuVVZVM1YzQlNDall3YzBOd1oyWjFNRFIzWTNOcWRrTkdlSFF3WmsxcmQwaDNXVVJXVWpCcVFrSm5kMFp2UVZVek9WQndlakZaYTBWYVlqVnhUbXB3UzBaWGFYaHBORmtLV2tRNGQwaDNXVVJXVWpCU1FWRklMMEpDVlhkRk5FVlNXVzVLY0ZsWE5VRmFSMVp2V1ZjeGJHTnBOV3BpTWpCM1RFRlpTMHQzV1VKQ1FVZEVkbnBCUWdwQlVWRmxZVWhTTUdOSVRUWk1lVGx1WVZoU2IyUlhTWFZaTWpsMFRESjRkbG95YkhWTU1qbG9aRmhTYjAxSlIwcENaMjl5UW1kRlJVRmtXalZCWjFGRENrSkljMFZsVVVJelFVaFZRVE5VTUhkaGMySklSVlJLYWtkU05HTnRWMk16UVhGS1MxaHlhbVZRU3pNdmFEUndlV2RET0hBM2J6UkJRVUZIUlZkWVkxSUtPRUZCUVVKQlRVRlNha0pGUVdsQ1VsUnlSMFUxV1RGRmJsbHVhV0ZLUWl0dWMzWTRPVlpoV1hnelVWcHFiMk5GYVc0emNqa3hkMlpyUVVsblRYTnpLd3BtYzNOMU5WTk1VV3R1TjFkRVZFdFlaMjkzTjFONFlraFpVMXBxTTNscmVFRnlWbTUxZWtWM1EyZFpTVXR2V2tsNmFqQkZRWGROUkdGQlFYZGFVVWw0Q2tGUWFsTkhaR1JNU1haNVZVMUhTV3RhSzNVMlNtaEZPWEF4VG1wME0yUkZkSGRaYTAxNFptNUZWakpyTjAxSU1VSldiWGhuT1ZCelNtcHhlV05tYVNzS1pVRkpkMFJoUzI0eVEyUlBlRXR6ZUdObldVNXBORWgyYVVWdVduRjRiV1ZFZVc4eVdVWkpkSHB3U0daSlRWRnRZMUpUYkRreFZXVlBVME00SzFCMVJ3cG5kMDFMQ2kwdExTMHRSVTVFSUVORlVsUkpSa2xEUVZSRkxTMHRMUzBLIiwic2lnIjoiVFVWVlEwbERWV2hCVm1WM1puZExiR3MxWmxaNmNGSkVWVkJvUlhjNVR6aEpNbkI0UXpWdVZHNVFabGxFUW5OUFFXbEZRVEJhUm5Gek9UbFJaMUk1YlVGMFJrMVhkRmR5VDJwdFZVTTBOM3BuWVc5dmJFdEpiMHhJTDA5M1pFMDkifV19LCJoYXNoIjp7ImFsZ29yaXRobSI6InNoYTI1NiIsInZhbHVlIjoiZGNiNDkyNTljODY2MDdjMzQ2MzVkYWJiNDQzMWYwNjVlOWE3YTczNDcwNGNiNzNmMGFhMGY2YWFhMzg5NmEwNCJ9LCJwYXlsb2FkSGFzaCI6eyJhbGdvcml0aG0iOiJzaGEyNTYiLCJ2YWx1ZSI6IjY4ZTY1NmIyNTFlNjdlODM1OGJlZjg0ODNhYjBkNTFjNjYxOWYzZTdhMWE5ZjBlNzU4MzhkNDFmZjM2OGY3MjgifX19fQ=="
}
],
"timestampVerificationData": {
"rfc3161Timestamps": []
},
"x509CertificateChain": {
"certificates": [
{
"rawBytes": "MIICnzCCAiWgAwIBAgIUVHwehOtGn4KSD1H8RI581MfbyewwCgYIKoZIzj0EAwMwNzEVMBMGA1UEChMMc2lnc3RvcmUuZGV2MR4wHAYDVQQDExVzaWdzdG9yZS1pbnRlcm1lZGlhdGUwHhcNMjIxMTA4MjI1ODA2WhcNMjIxMTA4MjMwODA2WjAAMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEGg6Hjxt2UNiJ1kwwq5XQIIwMZnJfVQ3bF01uZKteMdcV/3qhCmWOecoxRqwrbYTshGg9NyXcBbve6zKwZVTLeqOCAUQwggFAMA4GA1UdDwEB/wQEAwIHgDATBgNVHSUEDDAKBggrBgEFBQcDAzAdBgNVHQ4EFgQU7WpR60sCpgfu04wcsjvCFxt0fMkwHwYDVR0jBBgwFoAU39Ppz1YkEZb5qNjpKFWixi4YZD8wHwYDVR0RAQH/BBUwE4ERYnJpYW5AZGVoYW1lci5jb20wLAYKKwYBBAGDvzABAQQeaHR0cHM6Ly9naXRodWIuY29tL2xvZ2luL29hdXRoMIGJBgorBgEEAdZ5AgQCBHsEeQB3AHUA3T0wasbHETJjGR4cmWc3AqJKXrjePK3/h4pygC8p7o4AAAGEWXcR8AAABAMARjBEAiBRTrGE5Y1EnYniaJB+nsv89VaYx3QZjocEin3r91wfkAIgMss+fssu5SLQkn7WDTKXgow7SxbHYSZj3ykxArVnuzEwCgYIKoZIzj0EAwMDaAAwZQIxAPjSGddLIvyUMGIkZ+u6JhE9p1Njt3dEtwYkMxfnEV2k7MH1BVmxg9PsJjqycfi+eAIwDaKn2CdOxKsxcgYNi4HviEnZqxmeDyo2YFItzpHfIMQmcRSl91UeOSC8+PuGgwMK"
},
{
"rawBytes": "MIICGjCCAaGgAwIBAgIUALnViVfnU0brJasmRkHrn/UnfaQwCgYIKoZIzj0EAwMwKjEVMBMGA1UEChMMc2lnc3RvcmUuZGV2MREwDwYDVQQDEwhzaWdzdG9yZTAeFw0yMjA0MTMyMDA2MTVaFw0zMTEwMDUxMzU2NThaMDcxFTATBgNVBAoTDHNpZ3N0b3JlLmRldjEeMBwGA1UEAxMVc2lnc3RvcmUtaW50ZXJtZWRpYXRlMHYwEAYHKoZIzj0CAQYFK4EEACIDYgAE8RVS/ysH+NOvuDZyPIZtilgUF9NlarYpAd9HP1vBBH1U5CV77LSS7s0ZiH4nE7Hv7ptS6LvvR/STk798LVgMzLlJ4HeIfF3tHSaexLcYpSASr1kS0N/RgBJz/9jWCiXno3sweTAOBgNVHQ8BAf8EBAMCAQYwEwYDVR0lBAwwCgYIKwYBBQUHAwMwEgYDVR0TAQH/BAgwBgEB/wIBADAdBgNVHQ4EFgQU39Ppz1YkEZb5qNjpKFWixi4YZD8wHwYDVR0jBBgwFoAUWMAeX5FFpWapesyQoZMi0CrFxfowCgYIKoZIzj0EAwMDZwAwZAIwPCsQK4DYiZYDPIaDi5HFKnfxXx6ASSVmERfsynYBiX2X6SJRnZU84/9DZdnFvvxmAjBOt6QpBlc4J/0DxvkTCqpclvziL6BCCPnjdlIB3Pu3BxsPmygUY7Ii2zbdCdliiow="
},
{
"rawBytes": "MIIB9zCCAXygAwIBAgIUALZNAPFdxHPwjeDloDwyYChAO/4wCgYIKoZIzj0EAwMwKjEVMBMGA1UEChMMc2lnc3RvcmUuZGV2MREwDwYDVQQDEwhzaWdzdG9yZTAeFw0yMTEwMDcxMzU2NTlaFw0zMTEwMDUxMzU2NThaMCoxFTATBgNVBAoTDHNpZ3N0b3JlLmRldjERMA8GA1UEAxMIc2lnc3RvcmUwdjAQBgcqhkjOPQIBBgUrgQQAIgNiAAT7XeFT4rb3PQGwS4IajtLk3/OlnpgangaBclYpsYBr5i+4ynB07ceb3LP0OIOZdxexX69c5iVuyJRQ+Hz05yi+UF3uBWAlHpiS5sh0+H2GHE7SXrk1EC5m1Tr19L9gg92jYzBhMA4GA1UdDwEB/wQEAwIBBjAPBgNVHRMBAf8EBTADAQH/MB0GA1UdDgQWBBRYwB5fkUWlZql6zJChkyLQKsXF+jAfBgNVHSMEGDAWgBRYwB5fkUWlZql6zJChkyLQKsXF+jAKBggqhkjOPQQDAwNpADBmAjEAj1nHeXZp+13NWBNa+EDsDP8G1WWg1tCMWP/WHPqpaVo0jhsweNFZgSs0eE7wYI4qAjEA2WB9ot98sIkoF3vZYdd3/VtWB5b9TNMea7Ix/stJ5TfcLLeABLE4BNJOsQ4vnBHJ"
}
]
}
},
"dsseEnvelope": {
"payload": "aGVsbG8sIHdvcmxkIQ==",
"payloadType": "text/plain",
"signatures": [
{
"sig": "NEUCICUhAVewfwKlk5fVzpRDUPhEw9O8I2pxC5nTnPfYDBsOAiEA0ZFqs99QgR9mAtFMWtWrOjmUC47zgaoolKIoLH/OwdM=",
"keyid": ""
}
]
}
}
Reference in a new issue View git blame Copy permalink