Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

fix: fix #1930 for AWS KMS formats #1946

Merged
merged 6 commits into from Jun 2, 2022
Merged

fix: fix #1930 for AWS KMS formats #1946

merged 6 commits into from Jun 2, 2022

Conversation

vaikas
Copy link
Contributor

@vaikas vaikas commented Jun 2, 2022

Signed-off-by: Ville Aikas vaikas@chainguard.dev

Summary

Fix #1930 by adding validation for the AWS KMS formats. Only support either the key ARN or an alias ARN.
Also validate the endpoint if given.

Ticket Link

Fixes #1930

Release Note

ClusterImagePolicy for AWS KMS only supports key ARN or alias ARN

@vaikas
fix: fix sigstore#1930 for AWS KMS formats
492ac63 
Signed-off-by: Ville Aikas <vaikas@chainguard.dev>
@vaikas
use v2 of aws go-sdk, didn't realize there was one.
fed843c 
Signed-off-by: Ville Aikas <vaikas@chainguard.dev>
@vaikas vaikas requested a review from mattmoor June 2, 2022 10:21
@codecov-commenter
Copy link

codecov-commenter commented Jun 2, 2022
edited

Codecov Report

Merging #1946 (efc6da1) into main (ae90c74) will increase coverage by 0.70%.
The diff coverage is 89.47%.

@@            Coverage Diff             @@
##             main    #1946      +/-   ##
==========================================
+ Coverage   34.00%   34.71%   +0.70%     
==========================================
  Files         153      153              
  Lines        9981    10037      +56     
==========================================
+ Hits         3394     3484      +90     
+ Misses       6208     6166      -42     
- Partials      379      387       +8
Impacted Files Coverage Δ
...g/apis/policy/v1alpha1/clusterimagepolicy_types.go 0.00% <ø> (ø)
...kg/apis/policy/v1beta1/clusterimagepolicy_types.go 0.00% <ø> (ø)
...is/policy/v1beta1/clusterimagepolicy_validation.go 93.06% <89.28%> (-0.78%) ⬇️
...s/policy/v1alpha1/clusterimagepolicy_validation.go 93.06% <89.65%> (-0.69%) ⬇️
pkg/apis/policy/v1beta1/zz_generated.deepcopy.go 8.36% <0.00%> (+8.36%) ⬆️
pkg/apis/policy/v1alpha1/zz_generated.deepcopy.go 8.36% <0.00%> (+8.36%) ⬆️

Continue to review full report at Codecov.

Legend - Click here to learn more
Δ = absolute <relative> (impact), ø = not affected, ? = missing data
Powered by Codecov. Last update ae90c74...efc6da1. Read the comment docs.

@vaikas
Fix the lint + add missing authorities section to test crds. doh.
3e46a14 
Signed-off-by: Ville Aikas <vaikas@chainguard.dev>
@vaikas
can't even
a798d91 
Signed-off-by: Ville Aikas <vaikas@chainguard.dev>
@vaikas
Actually validate keyless ca-cert as keyref. Yikes.
95b2389 
Signed-off-by: Ville Aikas <vaikas@chainguard.dev>
@vaikas
also v1beta1.
efc6da1 
Signed-off-by: Ville Aikas <vaikas@chainguard.dev>
@dlorenc dlorenc merged commit 2ccb1a2 into sigstore:main Jun 2, 2022
@github-actions github-actions bot added this to the v1.9.0 milestone Jun 2, 2022
@vaikas vaikas deleted the issue-1930 branch June 3, 2022 05:06
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@hectorj2f hectorj2f hectorj2f approved these changes

@mattmoor mattmoor Awaiting requested review from mattmoor

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
v1.9.0
Development

Successfully merging this pull request may close these issues.

Consider restricting awskms:// options for admission control
4 participants
@vaikas @codecov-commenter @hectorj2f @dlorenc