diff --git a/hack/gentestdata/gentestdata.go b/hack/gentestdata/gentestdata.go index 29c54646..2600749a 100644 --- a/hack/gentestdata/gentestdata.go +++ b/hack/gentestdata/gentestdata.go @@ -77,7 +77,23 @@ func main() { log.Fatal(err) } - marshalledEntryFromMirrorFS, tufRepo, rootJSON, err := genTUFRepo(sigstoreKeysMap) + tufRepo, rootJSON, err := genTUFRepo(map[string][]byte{ + "rekor.pem": []byte(sigstoreKeysMap["rekor"]), + "ctfe.pem": []byte(sigstoreKeysMap["ctfe"]), + "fulcio.pem": []byte(sigstoreKeysMap["fulcio"]), + }) + if err != nil { + log.Fatal(err) + } + + tufRepoWithTrustedRootJSON, rootJSONWithTrustedRootJSON, err := genTUFRepo(map[string][]byte{ + "trusted_root.json": marshalledEntry, + }) + if err != nil { + log.Fatal(err) + } + + marshalledEntryFromMirrorFS, err := genTrustedRoot(sigstoreKeysMap) if err != nil { log.Fatal(err) } @@ -92,6 +108,8 @@ func main() { mustWriteFile("marshalledEntryFromMirrorFS.json", marshalledEntryFromMirrorFS) mustWriteFile("tufRepo.tar", tufRepo) mustWriteFile("root.json", rootJSON) + mustWriteFile("tufRepoWithTrustedRootJSON.tar", tufRepoWithTrustedRootJSON) + mustWriteFile("rootWithTrustedRootJSON.json", rootJSONWithTrustedRootJSON) } func mustWriteFile(path string, data []byte) { @@ -204,39 +222,37 @@ func genLogID(pkBytes []byte) (string, error) { return cosign.GetTransparencyLogID(pk) } -func genTUFRepo(sigstoreKeysMap map[string]string) ([]byte, []byte, []byte, error) { - files := map[string][]byte{} - files["rekor.pem"] = []byte(sigstoreKeysMap["rekor"]) - files["ctfe.pem"] = []byte(sigstoreKeysMap["ctfe"]) - files["fulcio.pem"] = []byte(sigstoreKeysMap["fulcio"]) - +func genTUFRepo(files map[string][]byte) ([]byte, []byte, error) { defer os.RemoveAll(path.Join(os.TempDir(), "tuf")) // TODO: Update scaffolding to use os.MkdirTemp and remove this ctx := context.Background() local, dir, err := repo.CreateRepo(ctx, files) if err != nil { - return nil, nil, nil, err + return nil, nil, err } meta, err := local.GetMeta() if err != nil { - return nil, nil, nil, err + return nil, nil, err } rootJSON, ok := meta["root.json"] if !ok { - return nil, nil, nil, err + return nil, nil, err } var compressed bytes.Buffer if err := repo.CompressFS(os.DirFS(dir), &compressed, map[string]bool{"keys": true, "staged": true}); err != nil { - return nil, nil, nil, err + return nil, nil, err } + return compressed.Bytes(), rootJSON, nil +} +func genTrustedRoot(sigstoreKeysMap map[string]string) ([]byte, error) { tlogKey, _, err := config.DeserializePublicKey([]byte(sigstoreKeysMap["rekor"])) if err != nil { - return nil, nil, nil, err + return nil, err } ctlogKey, _, err := config.DeserializePublicKey([]byte(sigstoreKeysMap["ctfe"])) if err != nil { - return nil, nil, nil, err + return nil, err } trustRoot := &config.SigstoreKeys{ @@ -257,8 +273,8 @@ func genTUFRepo(sigstoreKeysMap map[string]string) ([]byte, []byte, []byte, erro } err = populateLogIDs(trustRoot) if err != nil { - return nil, nil, nil, err + return nil, err } trustRootBytes := []byte(protojson.Format(trustRoot)) - return trustRootBytes, compressed.Bytes(), rootJSON, nil + return trustRootBytes, nil } diff --git a/pkg/reconciler/trustroot/testdata/ctfeLogID.txt b/pkg/reconciler/trustroot/testdata/ctfeLogID.txt index 0d7a64f1..6e92256b 100644 --- a/pkg/reconciler/trustroot/testdata/ctfeLogID.txt +++ b/pkg/reconciler/trustroot/testdata/ctfeLogID.txt @@ -1 +1 @@ -f233e0255ba7b06f768210de40a72dad6456c364f864fef10654e9d1f3576cdf \ No newline at end of file +1710e23da0651aaa8194bc9652cd00a97c1fda9c76fce12f14eb635e42036954 \ No newline at end of file diff --git a/pkg/reconciler/trustroot/testdata/ctfePublicKey.pem b/pkg/reconciler/trustroot/testdata/ctfePublicKey.pem index 1bdc24e9..ea57536c 100644 --- a/pkg/reconciler/trustroot/testdata/ctfePublicKey.pem +++ b/pkg/reconciler/trustroot/testdata/ctfePublicKey.pem @@ -1,4 +1,4 @@ -----BEGIN PUBLIC KEY----- -MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAE/0axOYDFW1GxfRBsuCZEXDbNkMfz -RJqocd5QqkycTqqK47i7ip75BeyvmQcqYE6KRMnHQds1tlzkAxZ3RlPnFA== +MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEBQY7A479x/VleGrvxp1gQAykOZMj +ld4J6VWVLnN0WLiqOesr9QkSBVnBkYKw0pr6Bgr8Qjg6NA3x470DLPxrDQ== -----END PUBLIC KEY----- diff --git a/pkg/reconciler/trustroot/testdata/fulcioCertChain.pem b/pkg/reconciler/trustroot/testdata/fulcioCertChain.pem index 9a5052ae..4b10e30d 100644 --- a/pkg/reconciler/trustroot/testdata/fulcioCertChain.pem +++ b/pkg/reconciler/trustroot/testdata/fulcioCertChain.pem @@ -1,18 +1,18 @@ -----BEGIN CERTIFICATE----- -MIIBPjCB5KADAgECAgECMAoGCCqGSM49BAMCMA0xCzAJBgNVBAMTAmNhMB4XDTI0 -MDMyMjE5MzIwMVoXDTM0MDMyMjE5MzIwMVowDzENMAsGA1UEAxMEbGVhZjBZMBMG -ByqGSM49AgEGCCqGSM49AwEHA0IABH52pFOcobYjT5V85OtmQU+nxhhGNUayYt7f -LtsY8qDtQOCFW7P8Ya1B14IowM7fFbI0c5jeEczhTLqnGU4yrBqjMzAxMA4GA1Ud -DwEB/wQEAwIGwDAfBgNVHSMEGDAWgBQsTJia5d928QAnmtfYJffrTRnsFzAKBggq -hkjOPQQDAgNJADBGAiEAoIIysKwCCicQsX3URWsPS9N6aGIfhfdS22qZpvkbg88C -IQDezHPTP8Vp8fKnHoRplC6++c1N8yds5GlK9QNDSoTwug== +MIIBPTCB5KADAgECAgECMAoGCCqGSM49BAMCMA0xCzAJBgNVBAMTAmNhMB4XDTI0 +MDMyMjIwNDczOVoXDTM0MDMyMjIwNDczOVowDzENMAsGA1UEAxMEbGVhZjBZMBMG +ByqGSM49AgEGCCqGSM49AwEHA0IABNr99Dzn4PLhw3a9dP8YLwZaPnm3hpF3vt/5 +5rMc7N194IPRB+qCDQIKIsyFMQ937IA+ylxdYvwYPB30kw/nie+jMzAxMA4GA1Ud +DwEB/wQEAwIGwDAfBgNVHSMEGDAWgBSgpcC8Rht4JttKz/d6pqb87A+f+zAKBggq +hkjOPQQDAgNIADBFAiEAtuSOJ8LaCp6OrUIo8eKz7iYFEeOMI5d3aBEUSUp8y64C +IHnTyu87fhXigrwrrhx0mEluHBfqeBpJilenwWjcUzYT -----END CERTIFICATE----- -----BEGIN CERTIFICATE----- -MIIBSzCB8aADAgECAgEBMAoGCCqGSM49BAMCMA0xCzAJBgNVBAMTAmNhMB4XDTI0 -MDMyMjE5MzIwMVoXDTM0MDMyMjE5MzIwMVowDTELMAkGA1UEAxMCY2EwWTATBgcq -hkjOPQIBBggqhkjOPQMBBwNCAARtAqUJCj/Wb+rFJJn76UdcAcUA5H1w3PjIZRR8 -LBkBAkP/AmDDs0uKxl32jGaOISUtCVQUhnEx2XofoRdI1yQqo0IwQDAOBgNVHQ8B -Af8EBAMCAgQwDwYDVR0TAQH/BAUwAwEB/zAdBgNVHQ4EFgQULEyYmuXfdvEAJ5rX -2CX3600Z7BcwCgYIKoZIzj0EAwIDSQAwRgIhAMCf8nrN60qqT6MEL4nhu2OepICr -DiCugo150fQQKNRaAiEAldwHCU3UF8f7b+mtUyoJQ1K5nksElcvODJRutb/GvCk= +MIIBSTCB8aADAgECAgEBMAoGCCqGSM49BAMCMA0xCzAJBgNVBAMTAmNhMB4XDTI0 +MDMyMjIwNDczOVoXDTM0MDMyMjIwNDczOVowDTELMAkGA1UEAxMCY2EwWTATBgcq +hkjOPQIBBggqhkjOPQMBBwNCAATpp0ZNVPLAIzjTPkYzluuwuJxo4kmCLQRmznmz +9GE89huCeLhyLbgj6xLgLrlZPwEnlGRKdiba+pLxUzKVKTPAo0IwQDAOBgNVHQ8B +Af8EBAMCAgQwDwYDVR0TAQH/BAUwAwEB/zAdBgNVHQ4EFgQUoKXAvEYbeCbbSs/3 +eqam/OwPn/swCgYIKoZIzj0EAwIDRwAwRAIgPpFwR+kjxrG75XPEQCiKPwF1Zg55 +FZVT7PlNJKyIPYACIFMMqZ4//ncJoBxMtvTsr3++2d91SPpyis2cLiDcr3kW -----END CERTIFICATE----- diff --git a/pkg/reconciler/trustroot/testdata/marshalledEntry.json b/pkg/reconciler/trustroot/testdata/marshalledEntry.json index b0c9f8a5..e9fc1f2e 100644 --- a/pkg/reconciler/trustroot/testdata/marshalledEntry.json +++ b/pkg/reconciler/trustroot/testdata/marshalledEntry.json @@ -1,78 +1,78 @@ { - "mediaType": "application/vnd.dev.sigstore.trustedroot+json;version=0.1", - "tlogs": [ + "mediaType": "application/vnd.dev.sigstore.trustedroot+json;version=0.1", + "tlogs": [ { - "baseUrl": "https://rekor.example.com", - "hashAlgorithm": "SHA2_256", - "publicKey": { - "rawBytes": "MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEI4VIUxpIQaYEpS5Vlp7PHTB7ho3oWabbChqboVxueHh+wqimmPJXuXLe+Zu32VH+fN5WFn4AGajIGje1GBXtOw==", - "keyDetails": "PKIX_ECDSA_P256_SHA_256", - "validFor": { - "start": "1970-01-01T00:00:00Z" + "baseUrl": "https://rekor.example.com", + "hashAlgorithm": "SHA2_256", + "publicKey": { + "rawBytes": "MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAE1Vobk4rjNzYrf/uqDwEd/HDfCro89r63DaHCTRYQJaf/JHdJj/nxBl1e3ZCo0B7kB/uU+e7d56A9gPdelFc51g==", + "keyDetails": "PKIX_ECDSA_P256_SHA_256", + "validFor": { + "start": "1970-01-01T00:00:00Z" } }, - "logId": { - "keyId": "ODYzMWJhMjQwZTYxN2M1ZWY2NWU2Y2QxZjcwYjhhOTU1NTQ5ZmNhYjk5NmYyZGI2MGE1ZThjYWE5OWJlMWNmMg==" + "logId": { + "keyId": "YWRjNTE1MWY5OTExZWUxZjAwMWVkYzc0Y2Q3MWNkNThmOGExMWE0ODRhOGM5NzA5NDkwYjRkOTY2NDcxZjQxMQ==" } } ], - "certificateAuthorities": [ + "certificateAuthorities": [ { - "subject": { - "organization": "fulcio-organization", - "commonName": "fulcio-common-name" + "subject": { + "organization": "fulcio-organization", + "commonName": "fulcio-common-name" }, - "uri": "https://fulcio.example.com", - "certChain": { - "certificates": [ + "uri": "https://fulcio.example.com", + "certChain": { + "certificates": [ { - "rawBytes": "MIIBPjCB5KADAgECAgECMAoGCCqGSM49BAMCMA0xCzAJBgNVBAMTAmNhMB4XDTI0MDMyMjE5MzIwMVoXDTM0MDMyMjE5MzIwMVowDzENMAsGA1UEAxMEbGVhZjBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IABH52pFOcobYjT5V85OtmQU+nxhhGNUayYt7fLtsY8qDtQOCFW7P8Ya1B14IowM7fFbI0c5jeEczhTLqnGU4yrBqjMzAxMA4GA1UdDwEB/wQEAwIGwDAfBgNVHSMEGDAWgBQsTJia5d928QAnmtfYJffrTRnsFzAKBggqhkjOPQQDAgNJADBGAiEAoIIysKwCCicQsX3URWsPS9N6aGIfhfdS22qZpvkbg88CIQDezHPTP8Vp8fKnHoRplC6++c1N8yds5GlK9QNDSoTwug==" + "rawBytes": "MIIBPTCB5KADAgECAgECMAoGCCqGSM49BAMCMA0xCzAJBgNVBAMTAmNhMB4XDTI0MDMyMjIwNDczOVoXDTM0MDMyMjIwNDczOVowDzENMAsGA1UEAxMEbGVhZjBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IABNr99Dzn4PLhw3a9dP8YLwZaPnm3hpF3vt/55rMc7N194IPRB+qCDQIKIsyFMQ937IA+ylxdYvwYPB30kw/nie+jMzAxMA4GA1UdDwEB/wQEAwIGwDAfBgNVHSMEGDAWgBSgpcC8Rht4JttKz/d6pqb87A+f+zAKBggqhkjOPQQDAgNIADBFAiEAtuSOJ8LaCp6OrUIo8eKz7iYFEeOMI5d3aBEUSUp8y64CIHnTyu87fhXigrwrrhx0mEluHBfqeBpJilenwWjcUzYT" }, { - "rawBytes": "MIIBSzCB8aADAgECAgEBMAoGCCqGSM49BAMCMA0xCzAJBgNVBAMTAmNhMB4XDTI0MDMyMjE5MzIwMVoXDTM0MDMyMjE5MzIwMVowDTELMAkGA1UEAxMCY2EwWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAARtAqUJCj/Wb+rFJJn76UdcAcUA5H1w3PjIZRR8LBkBAkP/AmDDs0uKxl32jGaOISUtCVQUhnEx2XofoRdI1yQqo0IwQDAOBgNVHQ8BAf8EBAMCAgQwDwYDVR0TAQH/BAUwAwEB/zAdBgNVHQ4EFgQULEyYmuXfdvEAJ5rX2CX3600Z7BcwCgYIKoZIzj0EAwIDSQAwRgIhAMCf8nrN60qqT6MEL4nhu2OepICrDiCugo150fQQKNRaAiEAldwHCU3UF8f7b+mtUyoJQ1K5nksElcvODJRutb/GvCk=" + "rawBytes": "MIIBSTCB8aADAgECAgEBMAoGCCqGSM49BAMCMA0xCzAJBgNVBAMTAmNhMB4XDTI0MDMyMjIwNDczOVoXDTM0MDMyMjIwNDczOVowDTELMAkGA1UEAxMCY2EwWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAATpp0ZNVPLAIzjTPkYzluuwuJxo4kmCLQRmznmz9GE89huCeLhyLbgj6xLgLrlZPwEnlGRKdiba+pLxUzKVKTPAo0IwQDAOBgNVHQ8BAf8EBAMCAgQwDwYDVR0TAQH/BAUwAwEB/zAdBgNVHQ4EFgQUoKXAvEYbeCbbSs/3eqam/OwPn/swCgYIKoZIzj0EAwIDRwAwRAIgPpFwR+kjxrG75XPEQCiKPwF1Zg55FZVT7PlNJKyIPYACIFMMqZ4//ncJoBxMtvTsr3++2d91SPpyis2cLiDcr3kW" } ] }, - "validFor": { - "start": "1970-01-01T00:00:00Z" + "validFor": { + "start": "1970-01-01T00:00:00Z" } } ], - "ctlogs": [ + "ctlogs": [ { - "baseUrl": "https://ctfe.example.com", - "hashAlgorithm": "SHA2_256", - "publicKey": { - "rawBytes": "MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAE/0axOYDFW1GxfRBsuCZEXDbNkMfzRJqocd5QqkycTqqK47i7ip75BeyvmQcqYE6KRMnHQds1tlzkAxZ3RlPnFA==", - "keyDetails": "PKIX_ECDSA_P256_SHA_256", - "validFor": { - "start": "1970-01-01T00:00:00Z" + "baseUrl": "https://ctfe.example.com", + "hashAlgorithm": "SHA2_256", + "publicKey": { + "rawBytes": "MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEBQY7A479x/VleGrvxp1gQAykOZMjld4J6VWVLnN0WLiqOesr9QkSBVnBkYKw0pr6Bgr8Qjg6NA3x470DLPxrDQ==", + "keyDetails": "PKIX_ECDSA_P256_SHA_256", + "validFor": { + "start": "1970-01-01T00:00:00Z" } }, - "logId": { - "keyId": "ZjIzM2UwMjU1YmE3YjA2Zjc2ODIxMGRlNDBhNzJkYWQ2NDU2YzM2NGY4NjRmZWYxMDY1NGU5ZDFmMzU3NmNkZg==" + "logId": { + "keyId": "MTcxMGUyM2RhMDY1MWFhYTgxOTRiYzk2NTJjZDAwYTk3YzFmZGE5Yzc2ZmNlMTJmMTRlYjYzNWU0MjAzNjk1NA==" } } ], - "timestampAuthorities": [ + "timestampAuthorities": [ { - "subject": { - "organization": "tsa-organization", - "commonName": "tsa-common-name" + "subject": { + "organization": "tsa-organization", + "commonName": "tsa-common-name" }, - "uri": "https://tsa.example.com", - "certChain": { - "certificates": [ + "uri": "https://tsa.example.com", + "certChain": { + "certificates": [ { - "rawBytes": "MIIBPjCB5KADAgECAgECMAoGCCqGSM49BAMCMA0xCzAJBgNVBAMTAmNhMB4XDTI0MDMyMjE5MzIwMVoXDTM0MDMyMjE5MzIwMVowDzENMAsGA1UEAxMEbGVhZjBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IABCOUCx97+DsDdyvKgf/FhyiMIzd40bAquTXCeZlDeKsHUhsLHrLCa8fOV8njfl8dE2ABX/lwPA+czYfDW1myooGjMzAxMA4GA1UdDwEB/wQEAwIEEDAfBgNVHSMEGDAWgBRNdydaOxYhTIQG3d3Zp22F1Rj+XDAKBggqhkjOPQQDAgNJADBGAiEA7BJb9k0usb77EKqvbCfOF1fGeBFiU3i32+4HnUXC9GcCIQCZ+/gZ+G47t2OlCVNnE+9YasE9100MR/Sm9SBCzn6UTQ==" + "rawBytes": "MIIBPTCB5KADAgECAgECMAoGCCqGSM49BAMCMA0xCzAJBgNVBAMTAmNhMB4XDTI0MDMyMjIwNDczOVoXDTM0MDMyMjIwNDczOVowDzENMAsGA1UEAxMEbGVhZjBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IABDgjsTzgbEsFFuBFCp1LIRv4SwYLCLL1fxtq95tbtGj/wHQUmrKLxMLMxaxIzdJs54lIDP+LoKeK25+HBPftwtCjMzAxMA4GA1UdDwEB/wQEAwIEEDAfBgNVHSMEGDAWgBRRiPL3dEhG22Qh+0GTFJ/G1SW1yDAKBggqhkjOPQQDAgNIADBFAiABNvVUla7gqF/135UkA55FQ57M6r84IArwk43Zy2aPPgIhAO8/F8k9VB5+I1FSiQL1qsM8yO6SUpVF9E+hNJ9n/6zU" }, { - "rawBytes": "MIIBSzCB8aADAgECAgEBMAoGCCqGSM49BAMCMA0xCzAJBgNVBAMTAmNhMB4XDTI0MDMyMjE5MzIwMVoXDTM0MDMyMjE5MzIwMVowDTELMAkGA1UEAxMCY2EwWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAAQjjBapPc46v5hDtKeyNshq4Xdb+t+WX6R4Jgrwpy31o+0exhZhzlMYl1aelkZi/7u9fnNsuUVfgRjSZIC1aF+7o0IwQDAOBgNVHQ8BAf8EBAMCAgQwDwYDVR0TAQH/BAUwAwEB/zAdBgNVHQ4EFgQUTXcnWjsWIUyEBt3d2adthdUY/lwwCgYIKoZIzj0EAwIDSQAwRgIhAOYOmibcfPIN/8DYOdEsd6JVa1RJn7dwJJueg4rNwpBzAiEAiFSpjPSVbNRUJDUOYJGPpkmj+TLh5GCoz2Bw2/oed44=" + "rawBytes": "MIIBSzCB8aADAgECAgEBMAoGCCqGSM49BAMCMA0xCzAJBgNVBAMTAmNhMB4XDTI0MDMyMjIwNDczOVoXDTM0MDMyMjIwNDczOVowDTELMAkGA1UEAxMCY2EwWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAARjUhxtm6QXaB2bkGKHenCToVRPhVf0PTkuS7/hTGjHhELoMrD8r3nbqyceFEl4FUTzEMDfrj/YhefX7ZbeesSho0IwQDAOBgNVHQ8BAf8EBAMCAgQwDwYDVR0TAQH/BAUwAwEB/zAdBgNVHQ4EFgQUUYjy93RIRttkIftBkxSfxtUltcgwCgYIKoZIzj0EAwIDSQAwRgIhAJgRO/ig4ZBrlYjuNYpC/kqUIVsfSKLpS9c4/lkcTGBPAiEAq+euZ8zkevab16uWx7ZaEcElKYY3xzhTr5yQYeJPOcQ=" } ] }, - "validFor": { - "start": "1970-01-01T00:00:00Z" + "validFor": { + "start": "1970-01-01T00:00:00Z" } } ] diff --git a/pkg/reconciler/trustroot/testdata/marshalledEntryFromMirrorFS.json b/pkg/reconciler/trustroot/testdata/marshalledEntryFromMirrorFS.json index b61c78fd..a3774db9 100644 --- a/pkg/reconciler/trustroot/testdata/marshalledEntryFromMirrorFS.json +++ b/pkg/reconciler/trustroot/testdata/marshalledEntryFromMirrorFS.json @@ -1,48 +1,48 @@ { - "tlogs": [ + "tlogs": [ { - "hashAlgorithm": "SHA2_256", - "publicKey": { - "rawBytes": "MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEI4VIUxpIQaYEpS5Vlp7PHTB7ho3oWabbChqboVxueHh+wqimmPJXuXLe+Zu32VH+fN5WFn4AGajIGje1GBXtOw==", - "keyDetails": "PKIX_ECDSA_P256_SHA_256", - "validFor": { - "start": "1970-01-01T00:00:00Z" + "hashAlgorithm": "SHA2_256", + "publicKey": { + "rawBytes": "MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAE1Vobk4rjNzYrf/uqDwEd/HDfCro89r63DaHCTRYQJaf/JHdJj/nxBl1e3ZCo0B7kB/uU+e7d56A9gPdelFc51g==", + "keyDetails": "PKIX_ECDSA_P256_SHA_256", + "validFor": { + "start": "1970-01-01T00:00:00Z" } }, - "logId": { - "keyId": "ODYzMWJhMjQwZTYxN2M1ZWY2NWU2Y2QxZjcwYjhhOTU1NTQ5ZmNhYjk5NmYyZGI2MGE1ZThjYWE5OWJlMWNmMg==" + "logId": { + "keyId": "YWRjNTE1MWY5OTExZWUxZjAwMWVkYzc0Y2Q3MWNkNThmOGExMWE0ODRhOGM5NzA5NDkwYjRkOTY2NDcxZjQxMQ==" } } ], - "certificateAuthorities": [ + "certificateAuthorities": [ { - "certChain": { - "certificates": [ + "certChain": { + "certificates": [ { - "rawBytes": "MIIBPjCB5KADAgECAgECMAoGCCqGSM49BAMCMA0xCzAJBgNVBAMTAmNhMB4XDTI0MDMyMjE5MzIwMVoXDTM0MDMyMjE5MzIwMVowDzENMAsGA1UEAxMEbGVhZjBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IABH52pFOcobYjT5V85OtmQU+nxhhGNUayYt7fLtsY8qDtQOCFW7P8Ya1B14IowM7fFbI0c5jeEczhTLqnGU4yrBqjMzAxMA4GA1UdDwEB/wQEAwIGwDAfBgNVHSMEGDAWgBQsTJia5d928QAnmtfYJffrTRnsFzAKBggqhkjOPQQDAgNJADBGAiEAoIIysKwCCicQsX3URWsPS9N6aGIfhfdS22qZpvkbg88CIQDezHPTP8Vp8fKnHoRplC6++c1N8yds5GlK9QNDSoTwug==" + "rawBytes": "MIIBPTCB5KADAgECAgECMAoGCCqGSM49BAMCMA0xCzAJBgNVBAMTAmNhMB4XDTI0MDMyMjIwNDczOVoXDTM0MDMyMjIwNDczOVowDzENMAsGA1UEAxMEbGVhZjBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IABNr99Dzn4PLhw3a9dP8YLwZaPnm3hpF3vt/55rMc7N194IPRB+qCDQIKIsyFMQ937IA+ylxdYvwYPB30kw/nie+jMzAxMA4GA1UdDwEB/wQEAwIGwDAfBgNVHSMEGDAWgBSgpcC8Rht4JttKz/d6pqb87A+f+zAKBggqhkjOPQQDAgNIADBFAiEAtuSOJ8LaCp6OrUIo8eKz7iYFEeOMI5d3aBEUSUp8y64CIHnTyu87fhXigrwrrhx0mEluHBfqeBpJilenwWjcUzYT" }, { - "rawBytes": "MIIBSzCB8aADAgECAgEBMAoGCCqGSM49BAMCMA0xCzAJBgNVBAMTAmNhMB4XDTI0MDMyMjE5MzIwMVoXDTM0MDMyMjE5MzIwMVowDTELMAkGA1UEAxMCY2EwWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAARtAqUJCj/Wb+rFJJn76UdcAcUA5H1w3PjIZRR8LBkBAkP/AmDDs0uKxl32jGaOISUtCVQUhnEx2XofoRdI1yQqo0IwQDAOBgNVHQ8BAf8EBAMCAgQwDwYDVR0TAQH/BAUwAwEB/zAdBgNVHQ4EFgQULEyYmuXfdvEAJ5rX2CX3600Z7BcwCgYIKoZIzj0EAwIDSQAwRgIhAMCf8nrN60qqT6MEL4nhu2OepICrDiCugo150fQQKNRaAiEAldwHCU3UF8f7b+mtUyoJQ1K5nksElcvODJRutb/GvCk=" + "rawBytes": "MIIBSTCB8aADAgECAgEBMAoGCCqGSM49BAMCMA0xCzAJBgNVBAMTAmNhMB4XDTI0MDMyMjIwNDczOVoXDTM0MDMyMjIwNDczOVowDTELMAkGA1UEAxMCY2EwWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAATpp0ZNVPLAIzjTPkYzluuwuJxo4kmCLQRmznmz9GE89huCeLhyLbgj6xLgLrlZPwEnlGRKdiba+pLxUzKVKTPAo0IwQDAOBgNVHQ8BAf8EBAMCAgQwDwYDVR0TAQH/BAUwAwEB/zAdBgNVHQ4EFgQUoKXAvEYbeCbbSs/3eqam/OwPn/swCgYIKoZIzj0EAwIDRwAwRAIgPpFwR+kjxrG75XPEQCiKPwF1Zg55FZVT7PlNJKyIPYACIFMMqZ4//ncJoBxMtvTsr3++2d91SPpyis2cLiDcr3kW" } ] }, - "validFor": { - "start": "1970-01-01T00:00:00Z" + "validFor": { + "start": "1970-01-01T00:00:00Z" } } ], - "ctlogs": [ + "ctlogs": [ { - "hashAlgorithm": "SHA2_256", - "publicKey": { - "rawBytes": "MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAE/0axOYDFW1GxfRBsuCZEXDbNkMfzRJqocd5QqkycTqqK47i7ip75BeyvmQcqYE6KRMnHQds1tlzkAxZ3RlPnFA==", - "keyDetails": "PKIX_ECDSA_P256_SHA_256", - "validFor": { - "start": "1970-01-01T00:00:00Z" + "hashAlgorithm": "SHA2_256", + "publicKey": { + "rawBytes": "MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEBQY7A479x/VleGrvxp1gQAykOZMjld4J6VWVLnN0WLiqOesr9QkSBVnBkYKw0pr6Bgr8Qjg6NA3x470DLPxrDQ==", + "keyDetails": "PKIX_ECDSA_P256_SHA_256", + "validFor": { + "start": "1970-01-01T00:00:00Z" } }, - "logId": { - "keyId": "ZjIzM2UwMjU1YmE3YjA2Zjc2ODIxMGRlNDBhNzJkYWQ2NDU2YzM2NGY4NjRmZWYxMDY1NGU5ZDFmMzU3NmNkZg==" + "logId": { + "keyId": "MTcxMGUyM2RhMDY1MWFhYTgxOTRiYzk2NTJjZDAwYTk3YzFmZGE5Yzc2ZmNlMTJmMTRlYjYzNWU0MjAzNjk1NA==" } } ] diff --git a/pkg/reconciler/trustroot/testdata/rekorLogID.txt b/pkg/reconciler/trustroot/testdata/rekorLogID.txt index c8e072f9..e96bd223 100644 --- a/pkg/reconciler/trustroot/testdata/rekorLogID.txt +++ b/pkg/reconciler/trustroot/testdata/rekorLogID.txt @@ -1 +1 @@ -8631ba240e617c5ef65e6cd1f70b8a955549fcab996f2db60a5e8caa99be1cf2 \ No newline at end of file +adc5151f9911ee1f001edc74cd71cd58f8a11a484a8c9709490b4d966471f411 \ No newline at end of file diff --git a/pkg/reconciler/trustroot/testdata/rekorPublicKey.pem b/pkg/reconciler/trustroot/testdata/rekorPublicKey.pem index fa59362e..58573372 100644 --- a/pkg/reconciler/trustroot/testdata/rekorPublicKey.pem +++ b/pkg/reconciler/trustroot/testdata/rekorPublicKey.pem @@ -1,4 +1,4 @@ -----BEGIN PUBLIC KEY----- -MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEI4VIUxpIQaYEpS5Vlp7PHTB7ho3o -WabbChqboVxueHh+wqimmPJXuXLe+Zu32VH+fN5WFn4AGajIGje1GBXtOw== +MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAE1Vobk4rjNzYrf/uqDwEd/HDfCro8 +9r63DaHCTRYQJaf/JHdJj/nxBl1e3ZCo0B7kB/uU+e7d56A9gPdelFc51g== -----END PUBLIC KEY----- diff --git a/pkg/reconciler/trustroot/testdata/root.json b/pkg/reconciler/trustroot/testdata/root.json index d635f7bd..f7bae914 100644 --- a/pkg/reconciler/trustroot/testdata/root.json +++ b/pkg/reconciler/trustroot/testdata/root.json @@ -3,9 +3,9 @@ "_type": "root", "spec_version": "1.0", "version": 1, - "expires": "2024-09-22T15:32:01-04:00", + "expires": "2024-09-22T16:47:39-04:00", "keys": { - "4b22a801cd5addfbcf9646b3a2dd299d076be90a506d7173742df76a916b511f": { + "0c5ee15a0b35012b32989697c15e22f199d8534863a80197bea385adb908d0c9": { "keytype": "ed25519", "scheme": "ed25519", "keyid_hash_algorithms": [ @@ -13,10 +13,10 @@ "sha512" ], "keyval": { - "public": "a4d3caa7307b07ae60f8827d6a63a421caa9436818911ec4a5fec159c2e0a6ea" + "public": "06ba72d6fe28cc6d1d85ca8f933f7e855875af2cabb97dd075074f5d1c188249" } }, - "8296a838fbbcb44d3badbe77c37cd1d78a44518c8574f1e98c5991db886fae59": { + "b2cf295def74b86b6a50211bfcf3ab3839a2bdbed936d95cfacce1f4c31deedd": { "keytype": "ed25519", "scheme": "ed25519", "keyid_hash_algorithms": [ @@ -24,10 +24,10 @@ "sha512" ], "keyval": { - "public": "2e9da73f5b4a9abbcaf343214f54f897cd2d66b02199ed039fe1d4d3bd002b8b" + "public": "97c5f9488951eb67f16ea9328c9537c2ade4485a0b924ec0486a236f50e80f96" } }, - "93a9525c20dcad686288e943a3a1c5c26b185d838fa25d7ca07c6bd6a80a9093": { + "d4177b1e89bf7eb02c44285e9f7907eb089ff7951199179d6fd68280dbb4d69d": { "keytype": "ed25519", "scheme": "ed25519", "keyid_hash_algorithms": [ @@ -35,10 +35,10 @@ "sha512" ], "keyval": { - "public": "4c20f29a8b91b19ed8c2446354067fc52d234412ffc9432785f966a0cde6af93" + "public": "4b92888524b5cd2de6cad461f83fb86b3f5590792c037b416132811ba71e1e8b" } }, - "a182898f8f07aa5a376da7aeaf62dbe13a23f21dc8088e28936b67a08bbefb87": { + "fcf4d6c6bfa6fccb41df570cc60e6ef63cfe45baed10c0ead716de97f4a25264": { "keytype": "ed25519", "scheme": "ed25519", "keyid_hash_algorithms": [ @@ -46,32 +46,32 @@ "sha512" ], "keyval": { - "public": "d5a909f2ecbbe521323e5c84970b2937955e098605d43e6aa9fe14d682eef3b3" + "public": "6f98dc24fc1df15ed2888658f711dbe59433aa7b0a62334080100fa52a483716" } } }, "roles": { "root": { "keyids": [ - "8296a838fbbcb44d3badbe77c37cd1d78a44518c8574f1e98c5991db886fae59" + "d4177b1e89bf7eb02c44285e9f7907eb089ff7951199179d6fd68280dbb4d69d" ], "threshold": 1 }, "snapshot": { "keyids": [ - "a182898f8f07aa5a376da7aeaf62dbe13a23f21dc8088e28936b67a08bbefb87" + "b2cf295def74b86b6a50211bfcf3ab3839a2bdbed936d95cfacce1f4c31deedd" ], "threshold": 1 }, "targets": { "keyids": [ - "4b22a801cd5addfbcf9646b3a2dd299d076be90a506d7173742df76a916b511f" + "fcf4d6c6bfa6fccb41df570cc60e6ef63cfe45baed10c0ead716de97f4a25264" ], "threshold": 1 }, "timestamp": { "keyids": [ - "93a9525c20dcad686288e943a3a1c5c26b185d838fa25d7ca07c6bd6a80a9093" + "0c5ee15a0b35012b32989697c15e22f199d8534863a80197bea385adb908d0c9" ], "threshold": 1 } @@ -80,8 +80,8 @@ }, "signatures": [ { - "keyid": "8296a838fbbcb44d3badbe77c37cd1d78a44518c8574f1e98c5991db886fae59", - "sig": "053c49473376571093b419ce3f4a6fcf350d6b7bead1234fe5eae685ee3914b5c28b9cc1ccfdfa84a276374a54eefe06c0545c1ada32dd42194e5fa86f69510a" + "keyid": "d4177b1e89bf7eb02c44285e9f7907eb089ff7951199179d6fd68280dbb4d69d", + "sig": "0eca8e52cd9d8e18dc02593925bde4c44f2eac3e173199ff30a8a875391636f419914563fafe171d5b4b22917b8a6604ad77af5ea9f88166b3f8ca6c15332201" } ] } \ No newline at end of file diff --git a/pkg/reconciler/trustroot/testdata/rootWithTrustedRootJSON.json b/pkg/reconciler/trustroot/testdata/rootWithTrustedRootJSON.json new file mode 100644 index 00000000..cc9bb5cf --- /dev/null +++ b/pkg/reconciler/trustroot/testdata/rootWithTrustedRootJSON.json @@ -0,0 +1,87 @@ +{ + "signed": { + "_type": "root", + "spec_version": "1.0", + "version": 1, + "expires": "2024-09-22T16:47:40-04:00", + "keys": { + "1742f6a1f846f4042382403b907864f125c2fca7bd70d6c157a40ac8e6f7d505": { + "keytype": "ed25519", + "scheme": "ed25519", + "keyid_hash_algorithms": [ + "sha256", + "sha512" + ], + "keyval": { + "public": "3bfd19c0931a80cd3279322fc22b04b90831b1804f5dbc72c31676ca2ac82f97" + } + }, + "5dd6940e523073d10a6252f38a4dc2ebf33e23641c103682e43cb351a5672f43": { + "keytype": "ed25519", + "scheme": "ed25519", + "keyid_hash_algorithms": [ + "sha256", + "sha512" + ], + "keyval": { + "public": "d64a13987f3b0ccfcbfab8c5631acff1b69dda70e40c1aae0cb1f0f9575716cb" + } + }, + "8b635809713e0b6ae3370afeb6fa83d7aae2039b355e56d1211049246c3d1a4d": { + "keytype": "ed25519", + "scheme": "ed25519", + "keyid_hash_algorithms": [ + "sha256", + "sha512" + ], + "keyval": { + "public": "ecf8b527a4a4ce34718286dc9a67a5969060053bf1750e2dc74e065c9ab30ec1" + } + }, + "d263be84f7043dd0b4636fb797cfd1c9b455b9168f282cad8f48ff0ca47465fc": { + "keytype": "ed25519", + "scheme": "ed25519", + "keyid_hash_algorithms": [ + "sha256", + "sha512" + ], + "keyval": { + "public": "e7f35e9f47b6e2f38e62b184d9f9a54f085843c57bb102cab0fe684dabe1e0bd" + } + } + }, + "roles": { + "root": { + "keyids": [ + "1742f6a1f846f4042382403b907864f125c2fca7bd70d6c157a40ac8e6f7d505" + ], + "threshold": 1 + }, + "snapshot": { + "keyids": [ + "8b635809713e0b6ae3370afeb6fa83d7aae2039b355e56d1211049246c3d1a4d" + ], + "threshold": 1 + }, + "targets": { + "keyids": [ + "5dd6940e523073d10a6252f38a4dc2ebf33e23641c103682e43cb351a5672f43" + ], + "threshold": 1 + }, + "timestamp": { + "keyids": [ + "d263be84f7043dd0b4636fb797cfd1c9b455b9168f282cad8f48ff0ca47465fc" + ], + "threshold": 1 + } + }, + "consistent_snapshot": false + }, + "signatures": [ + { + "keyid": "1742f6a1f846f4042382403b907864f125c2fca7bd70d6c157a40ac8e6f7d505", + "sig": "1050176114e44eec30b0661a9016b0a1ce607b4168d8e84ab1d4c15d73c3bdb051f0c0b21b67f03c77d4a98ea7dabc5fd1404bbef2eaac605ddfa2a6145d0709" + } + ] +} \ No newline at end of file diff --git a/pkg/reconciler/trustroot/testdata/tsaCertChain.pem b/pkg/reconciler/trustroot/testdata/tsaCertChain.pem index e6131a87..0c657654 100644 --- a/pkg/reconciler/trustroot/testdata/tsaCertChain.pem +++ b/pkg/reconciler/trustroot/testdata/tsaCertChain.pem @@ -1,18 +1,18 @@ -----BEGIN CERTIFICATE----- -MIIBPjCB5KADAgECAgECMAoGCCqGSM49BAMCMA0xCzAJBgNVBAMTAmNhMB4XDTI0 -MDMyMjE5MzIwMVoXDTM0MDMyMjE5MzIwMVowDzENMAsGA1UEAxMEbGVhZjBZMBMG -ByqGSM49AgEGCCqGSM49AwEHA0IABCOUCx97+DsDdyvKgf/FhyiMIzd40bAquTXC -eZlDeKsHUhsLHrLCa8fOV8njfl8dE2ABX/lwPA+czYfDW1myooGjMzAxMA4GA1Ud -DwEB/wQEAwIEEDAfBgNVHSMEGDAWgBRNdydaOxYhTIQG3d3Zp22F1Rj+XDAKBggq -hkjOPQQDAgNJADBGAiEA7BJb9k0usb77EKqvbCfOF1fGeBFiU3i32+4HnUXC9GcC -IQCZ+/gZ+G47t2OlCVNnE+9YasE9100MR/Sm9SBCzn6UTQ== +MIIBPTCB5KADAgECAgECMAoGCCqGSM49BAMCMA0xCzAJBgNVBAMTAmNhMB4XDTI0 +MDMyMjIwNDczOVoXDTM0MDMyMjIwNDczOVowDzENMAsGA1UEAxMEbGVhZjBZMBMG +ByqGSM49AgEGCCqGSM49AwEHA0IABDgjsTzgbEsFFuBFCp1LIRv4SwYLCLL1fxtq +95tbtGj/wHQUmrKLxMLMxaxIzdJs54lIDP+LoKeK25+HBPftwtCjMzAxMA4GA1Ud +DwEB/wQEAwIEEDAfBgNVHSMEGDAWgBRRiPL3dEhG22Qh+0GTFJ/G1SW1yDAKBggq +hkjOPQQDAgNIADBFAiABNvVUla7gqF/135UkA55FQ57M6r84IArwk43Zy2aPPgIh +AO8/F8k9VB5+I1FSiQL1qsM8yO6SUpVF9E+hNJ9n/6zU -----END CERTIFICATE----- -----BEGIN CERTIFICATE----- MIIBSzCB8aADAgECAgEBMAoGCCqGSM49BAMCMA0xCzAJBgNVBAMTAmNhMB4XDTI0 -MDMyMjE5MzIwMVoXDTM0MDMyMjE5MzIwMVowDTELMAkGA1UEAxMCY2EwWTATBgcq -hkjOPQIBBggqhkjOPQMBBwNCAAQjjBapPc46v5hDtKeyNshq4Xdb+t+WX6R4Jgrw -py31o+0exhZhzlMYl1aelkZi/7u9fnNsuUVfgRjSZIC1aF+7o0IwQDAOBgNVHQ8B -Af8EBAMCAgQwDwYDVR0TAQH/BAUwAwEB/zAdBgNVHQ4EFgQUTXcnWjsWIUyEBt3d -2adthdUY/lwwCgYIKoZIzj0EAwIDSQAwRgIhAOYOmibcfPIN/8DYOdEsd6JVa1RJ -n7dwJJueg4rNwpBzAiEAiFSpjPSVbNRUJDUOYJGPpkmj+TLh5GCoz2Bw2/oed44= +MDMyMjIwNDczOVoXDTM0MDMyMjIwNDczOVowDTELMAkGA1UEAxMCY2EwWTATBgcq +hkjOPQIBBggqhkjOPQMBBwNCAARjUhxtm6QXaB2bkGKHenCToVRPhVf0PTkuS7/h +TGjHhELoMrD8r3nbqyceFEl4FUTzEMDfrj/YhefX7ZbeesSho0IwQDAOBgNVHQ8B +Af8EBAMCAgQwDwYDVR0TAQH/BAUwAwEB/zAdBgNVHQ4EFgQUUYjy93RIRttkIftB +kxSfxtUltcgwCgYIKoZIzj0EAwIDSQAwRgIhAJgRO/ig4ZBrlYjuNYpC/kqUIVsf +SKLpS9c4/lkcTGBPAiEAq+euZ8zkevab16uWx7ZaEcElKYY3xzhTr5yQYeJPOcQ= -----END CERTIFICATE----- diff --git a/pkg/reconciler/trustroot/testdata/tufRepo.tar b/pkg/reconciler/trustroot/testdata/tufRepo.tar index 2fcaab93..53f2a8d1 100644 Binary files a/pkg/reconciler/trustroot/testdata/tufRepo.tar and b/pkg/reconciler/trustroot/testdata/tufRepo.tar differ diff --git a/pkg/reconciler/trustroot/testdata/tufRepoWithTrustedRootJSON.tar b/pkg/reconciler/trustroot/testdata/tufRepoWithTrustedRootJSON.tar new file mode 100644 index 00000000..da8106fd Binary files /dev/null and b/pkg/reconciler/trustroot/testdata/tufRepoWithTrustedRootJSON.tar differ diff --git a/pkg/reconciler/trustroot/trustroot.go b/pkg/reconciler/trustroot/trustroot.go index e9c80e92..fdd763f8 100644 --- a/pkg/reconciler/trustroot/trustroot.go +++ b/pkg/reconciler/trustroot/trustroot.go @@ -240,7 +240,6 @@ func getSigstoreKeysFromTuf(ctx context.Context, tufClient *client.Client) (*con ret := &config.SigstoreKeys{} // if there is a "trusted_root.json" target, we can use that instead of the custom metadata - // TODO: Write tests for this if _, ok := targets["trusted_root.json"]; ok { dl := newDownloader() if err = tufClient.Download("trusted_root.json", &dl); err != nil { diff --git a/pkg/reconciler/trustroot/trustroot_test.go b/pkg/reconciler/trustroot/trustroot_test.go index c08da71d..6aee1084 100644 --- a/pkg/reconciler/trustroot/trustroot_test.go +++ b/pkg/reconciler/trustroot/trustroot_test.go @@ -168,6 +168,14 @@ var validRepository = testdata.Get("tufRepo.tar") // rootJSON is a valid root.json for above TUF repository. var rootJSON = testdata.Get("root.json") +// validRepositoryWithTrustedRootJSON is a valid tarred repository representing +// an air-gap TUF repository containing trusted_root.json. +var validRepositoryWithTrustedRootJSON = testdata.Get("tufRepoWithTrustedRootJSON.tar") + +// IMPORTANT: The next expiration is on 2024-09-21 +// rootJSON is a valid root.json for above TUF repository. +var rootWithTrustedRootJSON = testdata.Get("rootWithTrustedRootJSON.json") + func TestReconcile(t *testing.T) { table := TableTest{{ Name: "bad workqueue key", @@ -342,7 +350,7 @@ func TestReconcile(t *testing.T) { ), }, WantCreates: []runtime.Object{ - makeConfigMapWithMirrorFS(), + makeConfigMapWithMirrorFS(marshalledEntryFromMirrorFS), }, WantStatusUpdates: []clientgotesting.UpdateActionImpl{{ Object: NewTrustRoot(trName, @@ -352,6 +360,30 @@ func TestReconcile(t *testing.T) { WithTrustRootFinalizer, MarkReadyTrustRoot, )}}, + }, { + Name: "With repository containing trusted_root.json", + Key: testKey, + + SkipNamespaceValidation: true, // Cluster scoped + Objects: []runtime.Object{ + NewTrustRoot(trName, + WithTrustRootUID(uid), + WithTrustRootResourceVersion(resourceVersion), + WithRepository("targets", rootWithTrustedRootJSON, validRepositoryWithTrustedRootJSON), + WithTrustRootFinalizer, + ), + }, + WantCreates: []runtime.Object{ + makeConfigMapWithMirrorFS(marshalledEntry), + }, + WantStatusUpdates: []clientgotesting.UpdateActionImpl{{ + Object: NewTrustRoot(trName, + WithTrustRootUID(uid), + WithTrustRootResourceVersion(resourceVersion), + WithRepository("targets", rootWithTrustedRootJSON, validRepositoryWithTrustedRootJSON), + WithTrustRootFinalizer, + MarkReadyTrustRoot, + )}}, }} logger := logtesting.TestLogger(t) @@ -395,13 +427,13 @@ func makeConfigMapWithSigstoreKeys() *corev1.ConfigMap { return ret } -func makeConfigMapWithMirrorFS() *corev1.ConfigMap { +func makeConfigMapWithMirrorFS(entry string) *corev1.ConfigMap { return &corev1.ConfigMap{ ObjectMeta: metav1.ObjectMeta{ Namespace: system.Namespace(), Name: config.SigstoreKeysConfigName, }, - Data: map[string]string{"test-trustroot": marshalledEntryFromMirrorFS}, + Data: map[string]string{"test-trustroot": entry}, } }