Skip to content

Commit

Permalink
add missing third_party packages
Browse files Browse the repository at this point in the history
Signed-off-by: hectorj2f <[email protected]>
  • Loading branch information
hectorj2f committed Mar 30, 2022
1 parent 2c7a774 commit b167c26
Show file tree
Hide file tree
Showing 68 changed files with 10,870 additions and 552 deletions.
2 changes: 1 addition & 1 deletion cmd/cosign/cli/attest.go
Original file line number Diff line number Diff line change
Expand Up @@ -71,7 +71,7 @@ func Attest() *cobra.Command {
OIDCIssuer: o.OIDC.Issuer,
OIDCClientID: o.OIDC.ClientID,
OIDCClientSecret: o.OIDC.ClientSecret,
OIDCRedirectURI: o.OIDC.RedirectURI,
OIDCRedirectURL: o.OIDC.RedirectURL,
}
for _, img := range args {
if err := attest.AttestCmd(cmd.Context(), ko, o.Registry, img, o.Cert, o.CertChain, o.NoUpload,
Expand Down
16 changes: 8 additions & 8 deletions cmd/cosign/cli/fulcio/fulcio.go
Original file line number Diff line number Diff line change
Expand Up @@ -51,17 +51,17 @@ type realConnector struct {
flow oauthflow.TokenGetter
}

func (rf *realConnector) OIDConnect(url, clientID, secret, redirectURI string) (*oauthflow.OIDCIDToken, error) {
return oauthflow.OIDConnect(url, clientID, secret, redirectURI, rf.flow)
func (rf *realConnector) OIDConnect(url, clientID, secret, RedirectURL string) (*oauthflow.OIDCIDToken, error) {
return oauthflow.OIDConnect(url, clientID, secret, RedirectURL, rf.flow)
}

func getCertForOauthID(priv *ecdsa.PrivateKey, fc api.Client, connector oidcConnector, oidcIssuer, oidcClientID, oidcClientSecret, oidcRedirectURI string) (*api.CertificateResponse, error) {
func getCertForOauthID(priv *ecdsa.PrivateKey, fc api.Client, connector oidcConnector, oidcIssuer, oidcClientID, oidcClientSecret, oidcRedirectURL string) (*api.CertificateResponse, error) {
pubBytes, err := x509.MarshalPKIXPublicKey(&priv.PublicKey)
if err != nil {
return nil, err
}

tok, err := connector.OIDConnect(oidcIssuer, oidcClientID, oidcClientSecret, oidcRedirectURI)
tok, err := connector.OIDConnect(oidcIssuer, oidcClientID, oidcClientSecret, oidcRedirectURL)
if err != nil {
return nil, err
}
Expand All @@ -85,7 +85,7 @@ func getCertForOauthID(priv *ecdsa.PrivateKey, fc api.Client, connector oidcConn
}

// GetCert returns the PEM-encoded signature of the OIDC identity returned as part of an interactive oauth2 flow plus the PEM-encoded cert chain.
func GetCert(ctx context.Context, priv *ecdsa.PrivateKey, idToken, flow, oidcIssuer, oidcClientID, oidcClientSecret, oidcRedirectURI string, fClient api.Client) (*api.CertificateResponse, error) {
func GetCert(ctx context.Context, priv *ecdsa.PrivateKey, idToken, flow, oidcIssuer, oidcClientID, oidcClientSecret, oidcRedirectURL string, fClient api.Client) (*api.CertificateResponse, error) {
c := &realConnector{}
switch flow {
case FlowDevice:
Expand All @@ -99,7 +99,7 @@ func GetCert(ctx context.Context, priv *ecdsa.PrivateKey, idToken, flow, oidcIss
return nil, fmt.Errorf("unsupported oauth flow: %s", flow)
}

return getCertForOauthID(priv, fClient, c, oidcIssuer, oidcClientID, oidcClientSecret, oidcRedirectURI)
return getCertForOauthID(priv, fClient, c, oidcIssuer, oidcClientID, oidcClientSecret, oidcRedirectURL)
}

type Signer struct {
Expand All @@ -110,7 +110,7 @@ type Signer struct {
*signature.ECDSASignerVerifier
}

func NewSigner(ctx context.Context, idToken, oidcIssuer, oidcClientID, oidcClientSecret, oidcRedirectURI string, fClient api.Client) (*Signer, error) {
func NewSigner(ctx context.Context, idToken, oidcIssuer, oidcClientID, oidcClientSecret, oidcRedirectURL string, fClient api.Client) (*Signer, error) {
priv, err := cosign.GeneratePrivateKey()
if err != nil {
return nil, errors.Wrap(err, "generating cert")
Expand All @@ -131,7 +131,7 @@ func NewSigner(ctx context.Context, idToken, oidcIssuer, oidcClientID, oidcClien
default:
flow = FlowNormal
}
Resp, err := GetCert(ctx, priv, idToken, flow, oidcIssuer, oidcClientID, oidcClientSecret, oidcRedirectURI, fClient) // TODO, use the chain.
Resp, err := GetCert(ctx, priv, idToken, flow, oidcIssuer, oidcClientID, oidcClientSecret, oidcRedirectURL, fClient) // TODO, use the chain.
if err != nil {
return nil, errors.Wrap(err, "retrieving cert")
}
Expand Down
2 changes: 1 addition & 1 deletion cmd/cosign/cli/fulcio/fulcio_test.go
Original file line number Diff line number Diff line change
Expand Up @@ -36,7 +36,7 @@ type testFlow struct {
err error
}

func (tf *testFlow) OIDConnect(url, clientID, secret, redirectURI string) (*oauthflow.OIDCIDToken, error) {
func (tf *testFlow) OIDConnect(url, clientID, secret, RedirectURL string) (*oauthflow.OIDCIDToken, error) {
if tf.err != nil {
return nil, tf.err
}
Expand Down
4 changes: 2 additions & 2 deletions cmd/cosign/cli/fulcio/fulcioverifier/fulcioverifier.go
Original file line number Diff line number Diff line change
Expand Up @@ -110,8 +110,8 @@ func verifySCT(ctx context.Context, certPEM, rawSCT []byte) error {
return verifySctErr
}

func NewSigner(ctx context.Context, idToken, oidcIssuer, oidcClientID, oidcClientSecret, oidcRedirectURI string, fClient api.Client) (*fulcio.Signer, error) {
fs, err := fulcio.NewSigner(ctx, idToken, oidcIssuer, oidcClientID, oidcClientSecret, oidcRedirectURI, fClient)
func NewSigner(ctx context.Context, idToken, oidcIssuer, oidcClientID, oidcClientSecret, oidcRedirectURL string, fClient api.Client) (*fulcio.Signer, error) {
fs, err := fulcio.NewSigner(ctx, idToken, oidcIssuer, oidcClientID, oidcClientSecret, oidcRedirectURL, fClient)
if err != nil {
return nil, err
}
Expand Down
6 changes: 3 additions & 3 deletions cmd/cosign/cli/options/oidc.go
Original file line number Diff line number Diff line change
Expand Up @@ -26,7 +26,7 @@ type OIDCOptions struct {
Issuer string
ClientID string
ClientSecret string
RedirectURI string
RedirectURL string
}

var _ Interface = (*OIDCOptions)(nil)
Expand All @@ -42,6 +42,6 @@ func (o *OIDCOptions) AddFlags(cmd *cobra.Command) {
cmd.Flags().StringVar(&o.ClientSecret, "oidc-client-secret", "",
"[EXPERIMENTAL] OIDC client secret for application")

cmd.Flags().StringVar(&o.RedirectURI, "oidc-redirect-uri", "",
"[EXPERIMENTAL] OIDC redirect URI")
cmd.Flags().StringVar(&o.RedirectURL, "oidc-redirect-url", "",
"[EXPERIMENTAL] OIDC redirect URL (Optional). The default oidc-redirect-url is 'http://localhost:0/auth/callback'.")
}
2 changes: 1 addition & 1 deletion cmd/cosign/cli/policy_init.go
Original file line number Diff line number Diff line change
Expand Up @@ -183,7 +183,7 @@ func signPolicy() *cobra.Command {
OIDCIssuer: o.OIDC.Issuer,
OIDCClientID: o.OIDC.ClientID,
OIDCClientSecret: o.OIDC.ClientSecret,
OIDCRedirectURI: o.OIDC.RedirectURI,
OIDCRedirectURL: o.OIDC.RedirectURL,
})
if err != nil {
return err
Expand Down
2 changes: 1 addition & 1 deletion cmd/cosign/cli/sign.go
Original file line number Diff line number Diff line change
Expand Up @@ -87,7 +87,7 @@ func Sign() *cobra.Command {
OIDCIssuer: o.OIDC.Issuer,
OIDCClientID: o.OIDC.ClientID,
OIDCClientSecret: o.OIDC.ClientSecret,
OIDCRedirectURI: o.OIDC.RedirectURI,
OIDCRedirectURL: o.OIDC.RedirectURL,
}
annotationsMap, err := o.AnnotationsMap()
if err != nil {
Expand Down
4 changes: 2 additions & 2 deletions cmd/cosign/cli/sign/sign.go
Original file line number Diff line number Diff line change
Expand Up @@ -438,11 +438,11 @@ func keylessSigner(ctx context.Context, ko KeyOpts) (*SignerVerifier, error) {
var k *fulcio.Signer

if ko.InsecureSkipFulcioVerify {
if k, err = fulcio.NewSigner(ctx, tok, ko.OIDCIssuer, ko.OIDCClientID, ko.OIDCClientSecret, ko.OIDCRedirectURI, fClient); err != nil {
if k, err = fulcio.NewSigner(ctx, tok, ko.OIDCIssuer, ko.OIDCClientID, ko.OIDCClientSecret, ko.OIDCRedirectURL, fClient); err != nil {
return nil, errors.Wrap(err, "getting key from Fulcio")
}
} else {
if k, err = fulcioverifier.NewSigner(ctx, tok, ko.OIDCIssuer, ko.OIDCClientID, ko.OIDCClientSecret, ko.OIDCRedirectURI, fClient); err != nil {
if k, err = fulcioverifier.NewSigner(ctx, tok, ko.OIDCIssuer, ko.OIDCClientID, ko.OIDCClientSecret, ko.OIDCRedirectURL, fClient); err != nil {
return nil, errors.Wrap(err, "getting key from Fulcio")
}
}
Expand Down
2 changes: 1 addition & 1 deletion cmd/cosign/cli/sign/sign_blob.go
Original file line number Diff line number Diff line change
Expand Up @@ -45,7 +45,7 @@ type KeyOpts struct {
OIDCIssuer string
OIDCClientID string
OIDCClientSecret string
OIDCRedirectURI string
OIDCRedirectURL string
BundlePath string

// Modeled after InsecureSkipVerify in tls.Config, this disables
Expand Down
2 changes: 1 addition & 1 deletion cmd/cosign/cli/signblob.go
Original file line number Diff line number Diff line change
Expand Up @@ -76,7 +76,7 @@ func SignBlob() *cobra.Command {
OIDCIssuer: o.OIDC.Issuer,
OIDCClientID: o.OIDC.ClientID,
OIDCClientSecret: o.OIDC.ClientSecret,
OIDCRedirectURI: o.OIDC.RedirectURI,
OIDCRedirectURL: o.OIDC.RedirectURL,
BundlePath: o.BundlePath,
}
for _, blob := range args {
Expand Down
2 changes: 1 addition & 1 deletion doc/cosign_attest.md

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

2 changes: 1 addition & 1 deletion doc/cosign_policy_sign.md

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

2 changes: 1 addition & 1 deletion doc/cosign_sign-blob.md

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

2 changes: 1 addition & 1 deletion doc/cosign_sign.md

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

14 changes: 9 additions & 5 deletions go.mod
Original file line number Diff line number Diff line change
Expand Up @@ -24,9 +24,12 @@ require (
github.com/hashicorp/go-retryablehttp v0.7.0
github.com/hashicorp/go-rootcerts v1.0.2
github.com/hashicorp/go-secure-stdlib/parseutil v0.1.3
github.com/hashicorp/go-syslog v1.0.0
github.com/hashicorp/yamux v0.0.0-20211028200310-0bc27b27de87
github.com/in-toto/in-toto-golang v0.3.4-0.20211211042327-af1f9fb822bf
github.com/jmhodges/clock v0.0.0-20160418191101-880ee4c33548
github.com/kelseyhightower/envconfig v1.4.0
github.com/letsencrypt/boulder v0.0.0-20220322173223-dd8be8d7b02c
github.com/manifoldco/promptui v0.9.0
github.com/miekg/pkcs11 v1.1.1
github.com/mitchellh/go-homedir v1.1.0
Expand All @@ -43,6 +46,7 @@ require (
github.com/spiffe/go-spiffe/v2 v2.0.0
github.com/stretchr/testify v1.7.1
github.com/theupdateframework/go-tuf v0.0.0-20220211205608-f0c3294f63b9
github.com/titanous/rocacheck v0.0.0-20171023193734-afe73141d399
github.com/xanzy/go-gitlab v0.60.0
golang.org/x/net v0.0.0-20220225172249-27dd8689420f
golang.org/x/oauth2 v0.0.0-20220309155454-6242fa91716a
Expand All @@ -51,6 +55,7 @@ require (
golang.org/x/time v0.0.0-20220224211638-0e9765cccd65
google.golang.org/api v0.73.0
gopkg.in/square/go-jose.v2 v2.6.0
gopkg.in/yaml.v2 v2.4.0
k8s.io/api v0.23.5
k8s.io/apimachinery v0.23.5
k8s.io/client-go v0.23.5
Expand Down Expand Up @@ -216,13 +221,11 @@ require (
github.com/jedisct1/go-minisign v0.0.0-20210703085342-c1f07ee84431 // indirect
github.com/jhump/protoreflect v1.9.0 // indirect
github.com/jmespath/go-jmespath v0.4.0 // indirect
github.com/jmhodges/clock v0.0.0-20160418191101-880ee4c33548 // indirect
github.com/jonboulle/clockwork v0.2.2 // indirect
github.com/josharian/intern v1.0.0 // indirect
github.com/json-iterator/go v1.1.12 // indirect
github.com/klauspost/compress v1.14.2 // indirect
github.com/leodido/go-urn v1.2.1 // indirect
github.com/letsencrypt/boulder v0.0.0-20220322173223-dd8be8d7b02c // indirect
github.com/magiconair/properties v1.8.5 // indirect
github.com/mailru/easyjson v0.7.7 // indirect
github.com/mattn/go-colorable v0.1.12 // indirect
Expand Down Expand Up @@ -261,7 +264,6 @@ require (
github.com/syndtr/goleveldb v1.0.1-0.20210819022825-2ae1ddf74ef7 // indirect
github.com/tent/canonical-json-go v0.0.0-20130607151641-96e4ba3a7613 // indirect
github.com/thales-e-security/pool v0.0.2 // indirect
github.com/titanous/rocacheck v0.0.0-20171023193734-afe73141d399 // indirect
github.com/tmc/grpc-websocket-proxy v0.0.0-20201229170055-e5319fda7802 // indirect
github.com/vbatts/tar-split v0.11.2 // indirect
github.com/xeipuuv/gojsonpointer v0.0.0-20190905194746-02993c407bfb // indirect
Expand Down Expand Up @@ -305,7 +307,6 @@ require (
gopkg.in/inf.v0 v0.9.1 // indirect
gopkg.in/ini.v1 v1.66.2 // indirect
gopkg.in/natefinch/lumberjack.v2 v2.0.0 // indirect
gopkg.in/yaml.v2 v2.4.0 // indirect
gopkg.in/yaml.v3 v3.0.0-20210107192922-496545a6307b // indirect
k8s.io/apiextensions-apiserver v0.23.4 // indirect
k8s.io/gengo v0.0.0-20220307231824-4627b89bbf1b // indirect
Expand All @@ -314,4 +315,7 @@ require (
sigs.k8s.io/structured-merge-diff/v4 v4.2.1 // indirect
)

replace github.com/sigstore/sigstore => github.com/hectorj2f/sigstore v1.1.1-0.20220328195805-4ade568cebda
replace (
github.com/letsencrypt/boulder v0.0.0-20220322173223-dd8be8d7b02c => github.com/cpanato/boulder v0.0.0-20220330104659-1d6951d8899d
github.com/sigstore/sigstore => github.com/hectorj2f/sigstore v1.1.1-0.20220330171825-1e4923762731
)
9 changes: 5 additions & 4 deletions go.sum
Original file line number Diff line number Diff line change
Expand Up @@ -606,6 +606,8 @@ github.com/coreos/go-systemd/v22 v22.3.2 h1:D9/bQk5vlXQFZ6Kwuu6zaiXJ9oTPe68++AzA
github.com/coreos/go-systemd/v22 v22.3.2/go.mod h1:Y58oyj3AT4RCenI/lSvhwexgC+NSVTIJ3seZv2GcEnc=
github.com/coreos/pkg v0.0.0-20160727233714-3ac0863d7acf/go.mod h1:E3G3o1h8I7cfcXa63jLwjI0eiQQMgzzUDFVpN/nH/eA=
github.com/coreos/pkg v0.0.0-20180928190104-399ea9e2e55f/go.mod h1:E3G3o1h8I7cfcXa63jLwjI0eiQQMgzzUDFVpN/nH/eA=
github.com/cpanato/boulder v0.0.0-20220330104659-1d6951d8899d h1:JblF0wU1lYg66lOIA4LndgRntuM5esKjZu0jnSU4/dc=
github.com/cpanato/boulder v0.0.0-20220330104659-1d6951d8899d/go.mod h1:F55w6/hz1kINxEur+vH/ZtG8yGZpx6cG5ZNOTDA9CFg=
github.com/cpuguy83/go-md2man v1.0.10 h1:BSKMNlYxDvnunlTymqtgONjNnaRV1sTpcovwwjF22jk=
github.com/cpuguy83/go-md2man v1.0.10/go.mod h1:SmD6nW6nTyfqj6ABTjUi3V3JVMnlJmwcJI5acqYI6dE=
github.com/cpuguy83/go-md2man/v2 v2.0.0-20190314233015-f79a8a8ca69d/go.mod h1:maD7wRr/U5Z6m/iR4s+kqSMx2CaBsrgA7czyZG/E6dU=
Expand Down Expand Up @@ -1330,6 +1332,7 @@ github.com/hashicorp/go-secure-stdlib/tlsutil v0.1.1/go.mod h1:l8slYwnJA26yBz+Er
github.com/hashicorp/go-sockaddr v1.0.0/go.mod h1:7Xibr9yA9JjQq1JpNB2Vw7kxv8xerXegt+ozgdvDeDU=
github.com/hashicorp/go-sockaddr v1.0.2 h1:ztczhD1jLxIRjVejw8gFomI1BQZOe2WoVOu0SyteCQc=
github.com/hashicorp/go-sockaddr v1.0.2/go.mod h1:rB4wwRAUzs07qva3c5SdrY/NEtAUjGlgmH/UkBUC97A=
github.com/hashicorp/go-syslog v1.0.0 h1:KaodqZuhUoZereWVIYmpUgZysurB1kBLX2j0MwMrUAE=
github.com/hashicorp/go-syslog v1.0.0/go.mod h1:qPfqrKkXGihmCqbJM2mZgkZGvKG1dFdvsLplgctolz4=
github.com/hashicorp/go-uuid v1.0.0/go.mod h1:6SBZvOh/SIDV7/2o3Jml5SYk/TvGqwFJ/bN7x4byOro=
github.com/hashicorp/go-uuid v1.0.1/go.mod h1:6SBZvOh/SIDV7/2o3Jml5SYk/TvGqwFJ/bN7x4byOro=
Expand Down Expand Up @@ -1363,8 +1366,8 @@ github.com/hashicorp/vault/sdk v0.4.1/go.mod h1:aZ3fNuL5VNydQk8GcLJ2TV8YCRVvyaak
github.com/hashicorp/yamux v0.0.0-20180604194846-3520598351bb/go.mod h1:+NfK9FKeTrX5uv1uIXGdwYDTeHna2qgaIlx54MXqjAM=
github.com/hashicorp/yamux v0.0.0-20211028200310-0bc27b27de87 h1:xixZ2bWeofWV68J+x6AzmKuVM/JWCQwkWm6GW/MUR6I=
github.com/hashicorp/yamux v0.0.0-20211028200310-0bc27b27de87/go.mod h1:CtWFDAQgb7dxtzFs4tWbplKIe2jSi3+5vKbgIO0SLnQ=
github.com/hectorj2f/sigstore v1.1.1-0.20220328195805-4ade568cebda h1:7TcxMiwbWEWTqnNlX03trmvPaatE4yvLOK3LI23NJTY=
github.com/hectorj2f/sigstore v1.1.1-0.20220328195805-4ade568cebda/go.mod h1:xStpn6YKjRehCrfPiBQPWlI1oIhYtl7omc0kS/Ldpic=
github.com/hectorj2f/sigstore v1.1.1-0.20220330171825-1e4923762731 h1:+/Eq79ED1f+nKeiF2UJkp/X31Gp7vZwVfjOLaW03iAM=
github.com/hectorj2f/sigstore v1.1.1-0.20220330171825-1e4923762731/go.mod h1:xStpn6YKjRehCrfPiBQPWlI1oIhYtl7omc0kS/Ldpic=
github.com/honeycombio/beeline-go v1.1.1 h1:sU8r4ae34uEL3/CguSl8Mr+Asz9DL1nfH9Wwk85Pc7U=
github.com/honeycombio/beeline-go v1.1.1/go.mod h1:kN0cfUGBMfA87DyCYbiiLoSzWsnw3bluZvNEWtatHxk=
github.com/honeycombio/libhoney-go v1.15.2 h1:5NGcjOxZZma13dmzNcl3OtGbF1hECA0XHJNHEb2t2ck=
Expand Down Expand Up @@ -1539,8 +1542,6 @@ github.com/leodido/go-urn v1.1.0/go.mod h1:+cyI34gQWZcE1eQU7NVgKkkzdXDQHr1dBMtdA
github.com/leodido/go-urn v1.2.0/go.mod h1:+8+nEpDfqqsY+g338gtMEUOtuK+4dEMhiQEgxpxOKII=
github.com/leodido/go-urn v1.2.1 h1:BqpAaACuzVSgi/VLzGZIobT2z4v53pjosyNd9Yv6n/w=
github.com/leodido/go-urn v1.2.1/go.mod h1:zt4jvISO2HfUBqxjfIshjdMTYS56ZS/qv49ictyFfxY=
github.com/letsencrypt/boulder v0.0.0-20220322173223-dd8be8d7b02c h1:aBMJWbywHY1Sys03sjMT3+RubosunLOyHYCS9piAeiI=
github.com/letsencrypt/boulder v0.0.0-20220322173223-dd8be8d7b02c/go.mod h1:7nZQ5CFpTKy5lJeAPeWlKcXHXnYqknvYQPuNte1aK/0=
github.com/letsencrypt/challtestsrv v1.2.1/go.mod h1:Ur4e4FvELUXLGhkMztHOsPIsvGxD/kzSJninOrkM+zc=
github.com/letsencrypt/pkcs11key/v4 v4.0.0/go.mod h1:EFUvBDay26dErnNb70Nd0/VW3tJiIbETBPTl9ATXQag=
github.com/lib/pq v1.0.0/go.mod h1:5WUZQaWbwv1U+lTReE5YruASi9Al49XbQIvNi/34Woo=
Expand Down
Loading

0 comments on commit b167c26

Please sign in to comment.