Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

test: create fake TUF test root and create test SETs for verification #1750

Merged
merged 2 commits into from Apr 13, 2022
Merged

test: create fake TUF test root and create test SETs for verification #1750

merged 2 commits into from Apr 13, 2022

Conversation

asraa
Copy link
Contributor

@asraa asraa commented Apr 13, 2022

Summary

  • Adds a fake test TUF root set up that can be used to configure test rekor and fulcio signing keys
  • Completes a fake SET test using a test TUF root

cc @haydentherapper

Ticket Link

Fixes

Release Note

@codecov-commenter
Copy link

codecov-commenter commented Apr 13, 2022
edited

Codecov Report

Merging #1750 (9ef41c6) into main (36afb67) will increase coverage by 0.47%.
The diff coverage is 0.00%.

@@            Coverage Diff             @@
##             main    #1750      +/-   ##
==========================================
+ Coverage   29.66%   30.13%   +0.47%     
==========================================
  Files         142      143       +1     
  Lines        8501     8607     +106     
==========================================
+ Hits         2522     2594      +72     
- Misses       5706     5712       +6     
- Partials      273      301      +28
Impacted Files Coverage Δ
pkg/cosign/tuf/testutils.go 0.00% <0.00%> (ø)
pkg/cosign/tuf/client.go 62.69% <0.00%> (-0.95%) ⬇️
cmd/cosign/cli/fulcio/fulcio.go 25.00% <0.00%> (-0.61%) ⬇️
cmd/cosign/cli/verify/verify_blob.go 10.49% <0.00%> (-0.04%) ⬇️
pkg/cosign/verify.go 23.69% <0.00%> (+5.21%) ⬆️
cmd/cosign/cli/fulcio/fulcioroots/fulcioroots.go 36.50% <0.00%> (+7.56%) ⬆️
pkg/cosign/tlog.go 17.39% <0.00%> (+11.59%) ⬆️

Continue to review full report at Codecov.

Legend - Click here to learn more
Δ = absolute <relative> (impact), ø = not affected, ? = missing data
Powered by Codecov. Last update 36afb67...9ef41c6. Read the comment docs.

@asraa
wip
bd64489 
Signed-off-by: Asra Ali <asraa@google.com>

add fake SET test

Signed-off-by: Asra Ali <asraa@google.com>

fix

Signed-off-by: Asra Ali <asraa@google.com>

fix test

Signed-off-by: Asra Ali <asraa@google.com>

fix

Signed-off-by: Asra Ali <asraa@google.com>
haydentherapper
haydentherapper approved these changes Apr 13, 2022
View reviewed changes
Copy link
Contributor

@haydentherapper haydentherapper left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Great work, this is excellent! I'll add the tests for the CT log once this is merged!

pkg/cosign/tuf/testutils.go Show resolved Hide resolved
pkg/cosign/tuf/testutils.go
t.Error(err)
}
// Serve remote repository.
s := httptest.NewServer(http.FileServer(http.Dir(filepath.Join(td, "repository"))))
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

nit: Kinda outside the scope of this PR cause I think it'd require a more significant refactoring, but it'd be nice if there was a way to initialize the TUF metadata without an outbound network call. I don't love having to stand up HTTP servers in unit tests.

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

FWIW it's a local server, but I agree -- t we also wanted to keep a remote cache URL/bucket information, so pulling out the remote as a parameter to Initialize wouldn't let the TufClient have that info.

However, we can just support local filesystem roots as "mirrors". Tests can provide the path to the root.

#1753

Will do as a follow up!

pkg/cosign/tuf/testutils.go Show resolved Hide resolved
@asraa asraa mentioned this pull request Apr 13, 2022
Closed
@asraa
address haydentherapper comments
9ef41c6 
Signed-off-by: Asra Ali <asraa@google.com>
@dlorenc dlorenc merged commit 650dc80 into sigstore:main Apr 13, 2022
@github-actions github-actions bot added this to the v1.8.0 milestone Apr 13, 2022
mlieberman85 pushed a commit to mlieberman85/cosign that referenced this pull request May 6, 2022
@asraa @mlieberman85
test: create fake TUF test root and create test SETs for verification (
afde6ce 
…sigstore#1750)

* wip

Signed-off-by: Asra Ali <asraa@google.com>

add fake SET test

Signed-off-by: Asra Ali <asraa@google.com>

fix

Signed-off-by: Asra Ali <asraa@google.com>

fix test

Signed-off-by: Asra Ali <asraa@google.com>

fix

Signed-off-by: Asra Ali <asraa@google.com>

* address haydentherapper comments

Signed-off-by: Asra Ali <asraa@google.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@dlorenc dlorenc dlorenc approved these changes

@haydentherapper haydentherapper haydentherapper approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
v1.8.0
Development

Successfully merging this pull request may close these issues.

None yet
4 participants
@asraa @codecov-commenter @dlorenc @haydentherapper