add signed chart check, tests and doc #287
Conversation
cmd/verify.go
Outdated
| return cmd | ||
| } | ||
|
|
||
| func init() { | ||
| rootCmd.AddCommand(NewVerifyCmd(viper.GetViper())) | ||
| } | ||
|
|
||
| func readPublicKeyFile(keyFilename string) (string, error) { |
There was a problem hiding this comment.
Is the function readPublicKeyFile getting used somewhere.If not then we can remove this.
| }) | ||
|
|
||
| if checkErr != nil { | ||
| return nil, NewCheckErr(checkErr) | ||
| } | ||
| _ = result.AddCheck(check, r) | ||
|
|
||
| if check.CheckId.Name == apiChecks.SignatureIsValid { | ||
| if len(c.publicKeys) == 1 && strings.Contains(r.Reason, checks.ChartSigned) { |
There was a problem hiding this comment.
The public keys is an array of string, but here we are checking whether it contains only one public key in c.publicKeys array. So if the user has to specify the public key per chart then why not have the type of c.publicKeys as a string instead of array.
There was a problem hiding this comment.
With an array we do not know which key was the correct one so cannot add digest to report. With cli we only get one key so if chart verifies we know that is the correct key so we can then add digest to report.
|
|
||
| userCacheDir = getCacheDir(opts) | ||
| if userCacheDir == "" { | ||
| return ChartCacheItem{}, err | ||
| } | ||
| cacheDir := path.Join(userCacheDir, "chart-verifier") |
There was a problem hiding this comment.
If this line cacheDir := path.Join(userCacheDir, "chart-verifier") required here now? getCacheDir(opts *CheckOptions) func seems to be returning the repocache/usercache with chart-verifier joined to the path.
There was a problem hiding this comment.
Goof spot, no longer needed. Removed.
mmulholla
force-pushed
the
sig-check-test-doc
branch
from
85a2670 to
d9d9dfb
Compare
mmulholla
force-pushed
the
sig-check-test-doc
branch
from
d9d9dfb to
898ff57
Compare
Chart verifier logic for new check is documented here: https://lucid.app/lucidchart/1fd9bb6c-98b9-4a20-8d69-8af003ce8ee1/edit?invitationId=inv_99e435e0-1db6-4181-873d-4ce60bef8d48&page=0_0#
Jora issue: https://issues.redhat.com/browse/HELM-410