Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

cmd/build: don't expect key if alg is non-empty #5343

Merged
merged 1 commit into from Nov 2, 2022
Merged

cmd/build: don't expect key if alg is non-empty #5343

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Jump to
Jump to file
Failed to load files.
Diff view
Diff view
10 changes: 4 additions & 6 deletions cmd/build.go
View file
Open in desktop
Expand Up @@ -266,10 +266,8 @@ func dobuild(params buildParams, args []string) error {
return err
}

if bvc != nil || bsc != nil {
if !params.bundleMode {
return fmt.Errorf("enable bundle mode (ie. --bundle) to verify or sign bundle files or directories")
}
if (bvc != nil || bsc != nil) && !params.bundleMode {
return fmt.Errorf("enable bundle mode (ie. --bundle) to verify or sign bundle files or directories")
}

var capabilities *ast.Capabilities
Expand Down Expand Up @@ -350,8 +348,8 @@ func buildVerificationConfig(pubKey, pubKeyID, alg, scope string, excludeFiles [
}

func buildSigningConfig(key, alg, claimsFile, plugin string) (*bundle.SigningConfig, error) {
if key == "" && (plugin != "" || claimsFile != "" || alg != "") {
return nil, fmt.Errorf("specify the secret (HMAC) or path of the PEM file containing the private key (RSA and ECDSA)")
if key == "" && (plugin != "" || claimsFile != "") {
Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

☝️ This line is the relevant change, the rest is noise and cleanup 🧹

return nil, errSigningConfigIncomplete
}
if key == "" {
return nil, nil
Expand Down
33 changes: 33 additions & 0 deletions cmd/build_test.go
View file
Open in desktop
Expand Up @@ -291,6 +291,39 @@ func TestBuildVerificationConfigError(t *testing.T) {
})
}

func TestBuildSigningConfigError(t *testing.T) {
tests := []struct {
note string
key, plugin, claimsFile string
expErr bool
}{
{
note: "key+plugin+claimsFile unset",
},
{
note: "key+claimsFile unset",
plugin: "plugin",
expErr: true,
},
{
note: "key+plugin unset",
claimsFile: "claims",
expErr: true,
},
}
for _, tc := range tests {
t.Run(tc.note, func(t *testing.T) {
_, err := buildSigningConfig(tc.key, defaultTokenSigningAlg, tc.claimsFile, tc.plugin)
switch {
case tc.expErr && err == nil:
t.Fatal("Expected error but got nil")
case !tc.expErr && err != nil:
t.Fatalf("Expected no error but got %v", err)
}
})
}
}

func TestBuildPlanWithPruneUnused(t *testing.T) {

files := map[string]string{
Expand Down
4 changes: 3 additions & 1 deletion cmd/sign.go
View file
Open in desktop
Expand Up @@ -36,6 +36,8 @@ const (
signaturesFile = ".signatures.json"
)

var errSigningConfigIncomplete = fmt.Errorf("specify the secret (HMAC) or path of the PEM file containing the private key (RSA and ECDSA)")

func newSignCmdParams() signCmdParams {
return signCmdParams{}
}
Expand Down Expand Up @@ -271,7 +273,7 @@ func validateSignParams(args []string, params signCmdParams) error {
}

if params.key == "" {
return fmt.Errorf("specify the secret (HMAC) or path of the PEM file containing the private key (RSA and ECDSA)")
return errSigningConfigIncomplete
}

if !params.bundleMode {
Expand Down