diff --git a/internal/flags/add.go b/internal/flags/add.go index 88c9af6..a3cb141 100644 --- a/internal/flags/add.go +++ b/internal/flags/add.go @@ -7,25 +7,25 @@ import ( type AddImageOpts struct { *StoreRootOpts - Name string - Key string - CertOidcIssuer string - CertOidcIssuerRegexp string - CertIdentity string - CertIdentityRegexp string - CertGithubWorkflowRepository string - Tlog bool - Platform string + Name string + Key string + CertOidcIssuer string + CertOidcIssuerRegexp string + CertIdentity string + CertIdentityRegexp string + CertGithubWorkflowRepository string + Tlog bool + Platform string } func (o *AddImageOpts) AddFlags(cmd *cobra.Command) { f := cmd.Flags() f.StringVarP(&o.Key, "key", "k", "", "(Optional) Location of public key to use for signature verification") - f.StringVar(&o.CertIdentity, "certificate-identity", "", "Cosign certificate-identity (either --certificate-identity or --certificate-identity-regexp required for keyless verification)") - f.StringVar(&o.CertIdentityRegexp, "certificate-identity-regexp", "", "Cosign certificate-identity-regexp (either --certificate-identity or --certificate-identity-regexp required for keyless verification)") + f.StringVar(&o.CertIdentity, "certificate-identity", "", "(Optional) Cosign certificate-identity (either --certificate-identity or --certificate-identity-regexp required for keyless verification)") + f.StringVar(&o.CertIdentityRegexp, "certificate-identity-regexp", "", "(Optional) Cosign certificate-identity-regexp (either --certificate-identity or --certificate-identity-regexp required for keyless verification)") f.StringVar(&o.CertOidcIssuer, "certificate-oidc-issuer", "", "(Optional) Cosign option to validate oidc issuer") f.StringVar(&o.CertOidcIssuerRegexp, "certificate-oidc-issuer-regexp", "", "(Optional) Cosign option to validate oidc issuer with regex") - f.StringVar(&o.CertGithubWorkflowRepository, "certificate-github-workflow-repository", "", "(Options) Cosign certificate-github-workflow-repository option") + f.StringVar(&o.CertGithubWorkflowRepository, "certificate-github-workflow-repository", "", "(Optional) Cosign certificate-github-workflow-repository option") f.BoolVarP(&o.Tlog, "use-tlog-verify", "v", false, "(Optional) Allow transparency log verification. (defaults to false)") f.StringVarP(&o.Platform, "platform", "p", "", "(Optional) Specifiy the platform of the image... i.e. linux/amd64 (defaults to all)") } diff --git a/internal/flags/sync.go b/internal/flags/sync.go index 7f790b6..1947434 100644 --- a/internal/flags/sync.go +++ b/internal/flags/sync.go @@ -7,19 +7,19 @@ import ( type SyncOpts struct { *StoreRootOpts - FileName []string - Key string - CertOidcIssuer string - CertOidcIssuerRegexp string - CertIdentity string - CertIdentityRegexp string - CertGithubWorkflowRepository string - Products []string - Platform string - Registry string - ProductRegistry string - TempOverride string - Tlog bool + FileName []string + Key string + CertOidcIssuer string + CertOidcIssuerRegexp string + CertIdentity string + CertIdentityRegexp string + CertGithubWorkflowRepository string + Products []string + Platform string + Registry string + ProductRegistry string + TempOverride string + Tlog bool } func (o *SyncOpts) AddFlags(cmd *cobra.Command) { @@ -27,11 +27,11 @@ func (o *SyncOpts) AddFlags(cmd *cobra.Command) { f.StringSliceVarP(&o.FileName, "filename", "f", []string{consts.DefaultHaulerManifestName}, "Specify the name of manifest(s) to sync") f.StringVarP(&o.Key, "key", "k", "", "(Optional) Location of public key to use for signature verification") - f.StringVar(&o.CertIdentity, "certificate-identity", "", "Cosign certificate-identity (either --certificate-identity or --certificate-identity-regexp required for keyless verification)") - f.StringVar(&o.CertIdentityRegexp, "certificate-identity-regexp", "", "Cosign certificate-identity-regexp (either --certificate-identity or --certificate-identity-regexp required for keyless verification)") + f.StringVar(&o.CertIdentity, "certificate-identity", "", "(Optional) Cosign certificate-identity (either --certificate-identity or --certificate-identity-regexp required for keyless verification)") + f.StringVar(&o.CertIdentityRegexp, "certificate-identity-regexp", "", "(Optional) Cosign certificate-identity-regexp (either --certificate-identity or --certificate-identity-regexp required for keyless verification)") f.StringVar(&o.CertOidcIssuer, "certificate-oidc-issuer", "", "(Optional) Cosign option to validate oidc issuer") f.StringVar(&o.CertOidcIssuerRegexp, "certificate-oidc-issuer-regexp", "", "(Optional) Cosign option to validate oidc issuer with regex") - f.StringVar(&o.CertGithubWorkflowRepository, "certificate-github-workflow-repository", "", "(Options) Cosign certificate-github-workflow-repository option") + f.StringVar(&o.CertGithubWorkflowRepository, "certificate-github-workflow-repository", "", "(Optional) Cosign certificate-github-workflow-repository option") f.StringSliceVar(&o.Products, "products", []string{}, "(Optional) Specify the product name to fetch collections from the product registry i.e. rancher=v2.10.1,rke2=v1.31.5+rke2r1") f.StringVarP(&o.Platform, "platform", "p", "", "(Optional) Specify the platform of the image... i.e linux/amd64 (defaults to all)") f.StringVarP(&o.Registry, "registry", "g", "", "(Optional) Specify the registry of the image for images that do not alredy define one") diff --git a/pkg/apis/hauler.cattle.io/v1/image.go b/pkg/apis/hauler.cattle.io/v1/image.go index 751c52c..735886e 100644 --- a/pkg/apis/hauler.cattle.io/v1/image.go +++ b/pkg/apis/hauler.cattle.io/v1/image.go @@ -28,10 +28,10 @@ type Image struct { Tlog bool `json:"use-tlog-verify"` // cosign keyless validation options - CertIdentity string `json:"certificate-identity"` - CertIdentityRegexp string `json:"certificate-identity-regexp"` - CertOidcIssuer string `json:"certificate-oidc-issuer"` - CertOidcIssuerRegexp string `json:"certificate-oidc-issuer-regexp"` + CertIdentity string `json:"certificate-identity"` + CertIdentityRegexp string `json:"certificate-identity-regexp"` + CertOidcIssuer string `json:"certificate-oidc-issuer"` + CertOidcIssuerRegexp string `json:"certificate-oidc-issuer-regexp"` CertGithubWorkflowRepository string `json:"certificate-github-workflow-repository"` // Platform of the image to be pulled. If not specified, all platforms will be pulled. diff --git a/pkg/apis/hauler.cattle.io/v1alpha1/image.go b/pkg/apis/hauler.cattle.io/v1alpha1/image.go index e25d7bd..a684bfa 100644 --- a/pkg/apis/hauler.cattle.io/v1alpha1/image.go +++ b/pkg/apis/hauler.cattle.io/v1alpha1/image.go @@ -28,10 +28,10 @@ type Image struct { Tlog bool `json:"use-tlog-verify"` // cosign keyless validation options - CertIdentity string `json:"certificate-identity"` - CertIdentityRegexp string `json:"certificate-identity-regexp"` - CertOidcIssuer string `json:"certificate-oidc-issuer"` - CertOidcIssuerRegexp string `json:"certificate-oidc-issuer-regexp"` + CertIdentity string `json:"certificate-identity"` + CertIdentityRegexp string `json:"certificate-identity-regexp"` + CertOidcIssuer string `json:"certificate-oidc-issuer"` + CertOidcIssuerRegexp string `json:"certificate-oidc-issuer-regexp"` CertGithubWorkflowRepository string `json:"certificate-github-workflow-repository"` // Platform of the image to be pulled. If not specified, all platforms will be pulled. diff --git a/pkg/consts/consts.go b/pkg/consts/consts.go index becd37f..2ef6ab0 100644 --- a/pkg/consts/consts.go +++ b/pkg/consts/consts.go @@ -51,11 +51,11 @@ const ( ImageAnnotationTlog = "hauler.dev/use-tlog-verify" // cosign keyless validation options - ImageAnnotationCertIdentity = "hauler.dev/certificate-identity" - ImageAnnotationCertIdentityRegexp = "hauler.dev/certificate-identity-regexp" - ImageAnnotationCertOidcIssuer = "hauler.dev/certificate-oidc-issuer" - ImageAnnotationCertOidcIssuerRegexp = "hauler.dev/certificate-oidc-issuer-regexp" - ImageAnnotationCertGithubWorkflowRepository = "hauler.dev/certificate-github-workflow-repository" + ImageAnnotationCertIdentity = "hauler.dev/certificate-identity" + ImageAnnotationCertIdentityRegexp = "hauler.dev/certificate-identity-regexp" + ImageAnnotationCertOidcIssuer = "hauler.dev/certificate-oidc-issuer" + ImageAnnotationCertOidcIssuerRegexp = "hauler.dev/certificate-oidc-issuer-regexp" + ImageAnnotationCertGithubWorkflowRepository = "hauler.dev/certificate-github-workflow-repository" // content kinds ImagesContentKind = "Images" diff --git a/pkg/cosign/cosign.go b/pkg/cosign/cosign.go index e669083..8a26ac2 100644 --- a/pkg/cosign/cosign.go +++ b/pkg/cosign/cosign.go @@ -51,16 +51,16 @@ func VerifyKeylessSignature(ctx context.Context, s *store.Layout, identity strin operation := func() error { certVerifyOptions := options.CertVerifyOptions{ - CertOidcIssuer: oidcIssuer, - CertOidcIssuerRegexp: oidcIssuer, - CertIdentity: identity, - CertIdentityRegexp: identityRegexp, + CertOidcIssuer: oidcIssuer, + CertOidcIssuerRegexp: oidcIssuer, + CertIdentity: identity, + CertIdentityRegexp: identityRegexp, CertGithubWorkflowRepository: ghWorkflowRepository, } v := &verify.VerifyCommand{ - CertVerifyOptions: certVerifyOptions, - IgnoreTlog: false, // Ignore transparency log is set to false by default for keyless signature verification + CertVerifyOptions: certVerifyOptions, + IgnoreTlog: false, // Ignore transparency log is set to false by default for keyless signature verification CertGithubWorkflowRepository: ghWorkflowRepository, }