Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Add auth flow option to KeyOpts. #1827

Merged
merged 1 commit into from
May 2, 2022
Merged

Conversation

wlynch
Copy link
Member

@wlynch wlynch commented May 2, 2022

Summary

This change adds an option for callers to manually select the fulcio
auth flow to go through. This allows callers that don't fit into the
default heuristic to have some control over how cosign is invoked.

For now, this is only added as a KeyOpt and not a flag, since this is
currently only needed by tools calling the cosign libraries, not cosign
itself. Flags can be added on later if needed.

This change should not have any impact on existing cosign behavior.

Because there are no unit tests for fulcio.NewSigner at the moment,
this is difficult to test in a way that isn't trivial. This is probably a good
target to improve coverage as part of #1385

Signed-off-by: Billy Lynch billy@chainguard.dev

Ticket Link

Fixes #1785

Release Note

Users calling cosign via library can set the fulcio interactive flow used with KeyOpts.

This change adds an option for callers to manually select the fulcio
auth flow to go through. This allows callers that don't fit into the
default heuristic to have some control over how cosign is invoked.

For now, this is only added as a KeyOpt and not a flag, since this is
currently only needed by tools calling the cosign libraries, not cosign
itself. Flags can be added on later if needed.

This change should not have any impact on existing cosign behavior.

Signed-off-by: Billy Lynch <billy@chainguard.dev>
@codecov-commenter
Copy link

codecov-commenter commented May 2, 2022

Codecov Report

Merging #1827 (150e47b) into main (e74f180) will decrease coverage by 0.01%.
The diff coverage is 0.00%.

@@            Coverage Diff             @@
##             main    #1827      +/-   ##
==========================================
- Coverage   33.02%   33.01%   -0.02%     
==========================================
  Files         147      147              
  Lines        9347     9350       +3     
==========================================
  Hits         3087     3087              
- Misses       5906     5909       +3     
  Partials      354      354              
Impacted Files Coverage Δ
cmd/cosign/cli/fulcio/fulcio.go 21.42% <0.00%> (-0.68%) ⬇️

Continue to review full report at Codecov.

Legend - Click here to learn more
Δ = absolute <relative> (impact), ø = not affected, ? = missing data
Powered by Codecov. Last update e74f180...150e47b. Read the comment docs.

@dlorenc dlorenc merged commit 8efb042 into sigstore:main May 2, 2022
@github-actions github-actions bot added this to the v1.9.0 milestone May 2, 2022
mlieberman85 pushed a commit to mlieberman85/cosign that referenced this pull request May 6, 2022
This change adds an option for callers to manually select the fulcio
auth flow to go through. This allows callers that don't fit into the
default heuristic to have some control over how cosign is invoked.

For now, this is only added as a KeyOpt and not a flag, since this is
currently only needed by tools calling the cosign libraries, not cosign
itself. Flags can be added on later if needed.

This change should not have any impact on existing cosign behavior.

Signed-off-by: Billy Lynch <billy@chainguard.dev>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

Allow configurable interactive modes
3 participants