update options to sane defaults

Signed-off-by: Christopher Phillips <christopher.phillips@anchore.com>
anchore · Mar 23, 2022 · 659e1da · 659e1da
1 parent f3c7ab5
commit 659e1da
Show file tree

Hide file tree

Showing 2 changed files with 19 additions and 7 deletions.
diff --git a/cmd/attest.go b/cmd/attest.go
@@ -142,14 +142,15 @@ func selectPassFunc(keypath string) (cosign.PassFunc, error) {
 
 func validateAttestationArgs(appConfig *config.Application, si *source.Input) (format sbom.Format, predicateType string, ko *sign.KeyOpts, err error) {
 	ko = &sign.KeyOpts{
+		KeyRef:                   appConfig.Attest.KeyRef,
 		Sk:                       false,
 		Slot:                     "signature",
-		FulcioURL:                "http://localhost:5555",
-		InsecureSkipFulcioVerify: true,
-		RekorURL:                 "https://rekor.sigstore.dev",
-		OIDCIssuer:               "http://dex-idp:8888/auth",
-		OIDCClientID:             "fulcio",
-		OIDCClientSecret:         "",
+		FulcioURL:                appConfig.Attest.FulcioURL,
+		InsecureSkipFulcioVerify: false,
+		RekorURL:                 appConfig.Attest.RekorURL,
+		OIDCIssuer:               appConfig.Attest.OIDCIssuer,
+		OIDCClientID:             appConfig.Attest.OIDCClientID,
+		OIDCClientSecret:         appConfig.Attest.OIDCClientSecret,
 	}
 
 	// if the original detection was from a local daemon we want to short circuit

diff --git a/internal/config/attest.go b/internal/config/attest.go
@@ -5,13 +5,20 @@ import (
 	"os"
 
 	"github.com/mitchellh/go-homedir"
+	"github.com/sigstore/cosign/cmd/cosign/cli/options"
 	"github.com/spf13/viper"
 )
 
 type attest struct {
 	KeyRef string `yaml:"key" json:"key" mapstructure:"key"` // same as --key, file path to the private key
 	// IMPORTANT: do not show the password in any YAML/JSON output (sensitive information)
-	Password string `yaml:"-" json:"-" mapstructure:"password"` // password for the private key
+	Password                 string `yaml:"-" json:"-" mapstructure:"password"` // password for the private key
+	FulcioURL                string `yaml:"fulcio_url" json:"fulcioUrl" mapstructure:"fulcio_url"`
+	InsecureSkipFulcioVerify bool   `yaml:""`
+	RekorURL                 string `yaml:"rekor_url" json:"rekorUrl" mapstructure:"rekor_url"`
+	OIDCIssuer               string `yaml:"oidc_issuer" json:"oidcIssuer" mapstructure:"oidc_issuer"`
+	OIDCClientID             string `yaml:"oidc_client_id" json:"oidcClientId" mapstructure:"oidc_client_id"`
+	OIDCClientSecret         string `yaml:"oidc_client_secret" json:"oidcClientSecret" mapstructure:"oidc_client_secret"`
 }
 
 func (cfg *attest) parseConfigValues() error {
@@ -35,4 +42,8 @@ func (cfg *attest) parseConfigValues() error {
 
 func (cfg attest) loadDefaultValues(v *viper.Viper) {
 	v.SetDefault("attest.password", "")
+	v.SetDefault("attest.fulcio_url", options.DefaultFulcioURL)
+	v.SetDefault("attest.rekor_url", options.DefaultRekorURL)
+	v.SetDefault("attest.oidc_issuer", options.DefaultOIDCIssuerURL)
+	v.SetDefault("attest.oidc_client_id", "sigstore")
 }