Fix a few accidental renames and formatting mistakes

Signed-off-by: Cody Soyland <codysoyland@github.com>

docs/api-types/index.md

@@ -189,7 +189,7 @@ RFC3161Timestamp specifies the URL to a RFC3161 time-stamping server that holds
 
 | Field | Description | Scheme | Required |
 | ----- | ----------- | ------ | -------- |
-| trustRootRef | Use the Certificate Chain from the referred TrustRoot.TimestampAuthorities | string | false |
+| trustRootRef | Use the Certificate Chain from the referred TrustRoot.TimeStampAuthorities | string | false |
 
 [Back to TOC](#table-of-contents)
 

go.mod

@@ -42,7 +42,7 @@ require (
 	golang.org/x/sys v0.18.0 // indirect
 	golang.org/x/time v0.5.0
 	google.golang.org/grpc v1.61.1 // indirect
-	google.golang.org/protobuf v1.32.0 
+	google.golang.org/protobuf v1.32.0
 	gopkg.in/yaml.v3 v3.0.1
 	k8s.io/api v0.29.2
 	k8s.io/apimachinery v0.29.2

pkg/apis/config/sigstore_keys.go

@@ -37,17 +37,12 @@ const (
 	SigstoreKeysConfigName = "config-sigstore-keys"
 )
 
+// Type aliases for types from protobuf-specs. TODO: Consider just importing
+// the protobuf-specs types directly from each package as needed.
+
 // SigstoreKeys contains all the necessary Keys and Certificates for validating
 // against a specific instance of Sigstore.
-// TODO(vaikas): See about replacing these with the protos here once they land
-// and see how easy it is to replace with protos instead of our custom defs
-// above.
-// https://github.com/sigstore/protobuf-specs/pull/5
-// And in particular: https://github.com/sigstore/protobuf-specs/pull/5/files#diff-b1f89b7fd3eb27b519380b092a2416f893a96fbba3f8c90cfa767e7687383ad4R70
-// Well, not the multi-root, but one instance of that is exactly the
-// SigstoreKeys.
 type SigstoreKeys = pbtrustroot.TrustedRoot
-
 type CertificateAuthority = pbtrustroot.CertificateAuthority
 type TransparencyLogInstance = pbtrustroot.TransparencyLogInstance
 type DistinguishedName = pbcommon.DistinguishedName
@@ -102,19 +97,19 @@ func ConvertSigstoreKeys(_ context.Context, source *v1alpha1.SigstoreKeys) *Sigs
 		sk.CertificateAuthorities[i] = ConvertCertificateAuthority(source.CertificateAuthorities[i])
 	}
 
-	sk.Tlogs = make([]*pbtrustroot.TransparencyLogInstance, len(source.Tlogs))
-	for i := range source.Tlogs {
-		sk.Tlogs[i] = ConvertTransparencyLogInstance(source.Tlogs[i])
+	sk.Tlogs = make([]*pbtrustroot.TransparencyLogInstance, len(source.TLogs))
+	for i := range source.TLogs {
+		sk.Tlogs[i] = ConvertTransparencyLogInstance(source.TLogs[i])
 	}
 
-	sk.Ctlogs = make([]*pbtrustroot.TransparencyLogInstance, len(source.Ctlogs))
-	for i := range source.Ctlogs {
-		sk.Ctlogs[i] = ConvertTransparencyLogInstance(source.Ctlogs[i])
+	sk.Ctlogs = make([]*pbtrustroot.TransparencyLogInstance, len(source.CTLogs))
+	for i := range source.CTLogs {
+		sk.Ctlogs[i] = ConvertTransparencyLogInstance(source.CTLogs[i])
 	}
 
-	sk.TimestampAuthorities = make([]*pbtrustroot.CertificateAuthority, len(source.TimestampAuthorities))
-	for i := range source.TimestampAuthorities {
-		sk.TimestampAuthorities[i] = ConvertCertificateAuthority(source.TimestampAuthorities[i])
+	sk.TimestampAuthorities = make([]*pbtrustroot.CertificateAuthority, len(source.TimeStampAuthorities))
+	for i := range source.TimeStampAuthorities {
+		sk.TimestampAuthorities[i] = ConvertCertificateAuthority(source.TimeStampAuthorities[i])
 	}
 	return sk
 }
@@ -156,7 +151,7 @@ func ConvertTransparencyLogInstance(source v1alpha1.TransparencyLogInstance) *pb
 	}
 
 	return &pbtrustroot.TransparencyLogInstance{
-		BaseUrl:       source.BaseUrl.String(),
+		BaseUrl:       source.BaseURL.String(),
 		HashAlgorithm: hashAlgorithm,
 		PublicKey:     DeserializePublicKey(source.PublicKey),
 		LogId: &pbcommon.LogId{

pkg/apis/policy/v1alpha1/clusterimagepolicy_types.go

@@ -337,7 +337,7 @@ type Identity struct {
 // RFC3161Timestamp specifies the URL to a RFC3161 time-stamping server that holds
 // the time-stamped verification for the signature
 type RFC3161Timestamp struct {
-	// Use the Certificate Chain from the referred TrustRoot.TimestampAuthorities
+	// Use the Certificate Chain from the referred TrustRoot.TimeStampAuthorities
 	// +optional
 	TrustRootRef string `json:"trustRootRef,omitempty"`
 }

pkg/apis/policy/v1alpha1/trustroot_types.go

@@ -136,7 +136,7 @@ type Repository struct {
 // and verify an inclusion promise.
 type TransparencyLogInstance struct {
 	// The base URL which can be used for URLs for clients.
-	BaseUrl apis.URL `json:"baseURL"`
+	BaseURL apis.URL `json:"baseURL"`
 	// / The hash algorithm used for the Merkle Tree
 	HashAlgorithm string `json:"hashAlgorithm"`
 	// PEM encoded public key
@@ -180,13 +180,13 @@ type SigstoreKeys struct {
 	CertificateAuthorities []CertificateAuthority `json:"certificateAuthorities"`
 	// Rekor log specifications
 	// +optional
-	Tlogs []TransparencyLogInstance `json:"tLogs,omitempty"`
+	TLogs []TransparencyLogInstance `json:"tLogs,omitempty"`
 	// Certificate Transparency Log
 	// +optional
-	Ctlogs []TransparencyLogInstance `json:"ctLogs,omitempty"`
+	CTLogs []TransparencyLogInstance `json:"ctLogs,omitempty"`
 	// Trusted timestamping authorities
 	// +optional
-	TimestampAuthorities []CertificateAuthority `json:"timestampAuthorities,omitempty"`
+	TimeStampAuthorities []CertificateAuthority `json:"timestampAuthorities,omitempty"`
 }
 
 // TrustRootStatus represents the current state of a TrustRoot.

pkg/apis/policy/v1alpha1/trustroot_validation.go

@@ -106,7 +106,7 @@ func (remote *Remote) Validate(ctx context.Context) (errors *apis.FieldError) {
 }
 
 func (sigstoreKeys *SigstoreKeys) Validate(ctx context.Context) (errors *apis.FieldError) {
-	if len(sigstoreKeys.CertificateAuthorities) == 0 && len(sigstoreKeys.TimestampAuthorities) == 0 {
+	if len(sigstoreKeys.CertificateAuthorities) == 0 && len(sigstoreKeys.TimeStampAuthorities) == 0 {
 		errors = errors.Also(apis.ErrMissingOneOf("certificateAuthority", "timestampAuthorities"))
 	} else {
 		for i, ca := range sigstoreKeys.CertificateAuthorities {
@@ -116,13 +116,13 @@ func (sigstoreKeys *SigstoreKeys) Validate(ctx context.Context) (errors *apis.Fi
 
 	// These are optionals, so we just validate them if they are there and do
 	// not report them as missing.
-	for i, tsa := range sigstoreKeys.TimestampAuthorities {
+	for i, tsa := range sigstoreKeys.TimeStampAuthorities {
 		errors = ValidateTimeStampAuthority(ctx, tsa).ViaFieldIndex("timestampAuthorities", i)
 	}
-	for i, ctl := range sigstoreKeys.Ctlogs {
+	for i, ctl := range sigstoreKeys.CTLogs {
 		errors = ValidateTransparencyLogInstance(ctx, ctl).ViaFieldIndex("ctLogs", i)
 	}
-	for i, tl := range sigstoreKeys.Tlogs {
+	for i, tl := range sigstoreKeys.TLogs {
 		errors = ValidateTransparencyLogInstance(ctx, tl).ViaFieldIndex("tLogs", i)
 	}
 	return
@@ -183,7 +183,7 @@ func ValidateDistinguishedName(_ context.Context, dn DistinguishedName) (errors
 }
 
 func ValidateTransparencyLogInstance(_ context.Context, tli TransparencyLogInstance) (errors *apis.FieldError) {
-	if tli.BaseUrl.String() == "" {
+	if tli.BaseURL.String() == "" {
 		errors = errors.Also(apis.ErrMissingField("baseURL"))
 	}
 	if tli.HashAlgorithm == "" {

pkg/apis/policy/v1beta1/clusterimagepolicy_types.go

@@ -334,7 +334,7 @@ type Identity struct {
 // RFC3161Timestamp specifies the URL to a RFC3161 time-stamping server that holds
 // the time-stamped verification for the signature
 type RFC3161Timestamp struct {
-	// Use the Certificate Chain from the referred TrustRoot.TimestampAuthorities
+	// Use the Certificate Chain from the referred TrustRoot.TimeStampAuthorities
 	// +optional
 	TrustRootRef string `json:"trustRootRef,omitempty"`
 }

pkg/reconciler/testing/v1alpha1/trustroot.go

@@ -67,7 +67,7 @@ func WithTrustRootFinalizer(tr *v1alpha1.TrustRoot) {
 
 // WithSigstoreKeys constructs a TrustRootOption which is suitable
 // for reconciler table driven testing. It hardcodes things like
-// organizations/common names, and URI/BaseUrls with predictable
+// organizations/common names, and URI/BaseURLs with predictable
 // values.
 func WithSigstoreKeys(sk map[string]string) TrustRootOption {
 	return func(tr *v1alpha1.TrustRoot) {
@@ -80,17 +80,17 @@ func WithSigstoreKeys(sk map[string]string) TrustRootOption {
 				URI:       *apis.HTTPS("fulcio.example.com"),
 				CertChain: []byte(sk["fulcio"]),
 			}},
-			Tlogs: []v1alpha1.TransparencyLogInstance{{
-				BaseUrl:       *apis.HTTPS("rekor.example.com"),
+			TLogs: []v1alpha1.TransparencyLogInstance{{
+				BaseURL:       *apis.HTTPS("rekor.example.com"),
 				HashAlgorithm: "sha-256",
 				PublicKey:     []byte(sk["rekor"]),
 			}},
-			Ctlogs: []v1alpha1.TransparencyLogInstance{{
-				BaseUrl:       *apis.HTTPS("ctfe.example.com"),
+			CTLogs: []v1alpha1.TransparencyLogInstance{{
+				BaseURL:       *apis.HTTPS("ctfe.example.com"),
 				HashAlgorithm: "sha-256",
 				PublicKey:     []byte(sk["ctfe"]),
 			}},
-			TimestampAuthorities: []v1alpha1.CertificateAuthority{{
+			TimeStampAuthorities: []v1alpha1.CertificateAuthority{{
 				Subject: v1alpha1.DistinguishedName{
 					Organization: "tsa-organization",
 					CommonName:   "tsa-common-name",

pkg/reconciler/trustroot/trustroot.go

@@ -79,7 +79,7 @@ func (r *Reconciler) ReconcileKind(ctx context.Context, trustroot *v1alpha1.Trus
 		return err
 	}
 	trustroot.Status.MarkInlineKeysOk()
-	// LogIds for Rekor get created from the PublicKey, so we need to construct
+	// LogIDs for Rekor get created from the PublicKey, so we need to construct
 	// them before serializing.
 	// Note this is identical to what we do with CTLog PublicKeys, but they
 	// are not restricted to being only ecdsa.PublicKey.
@@ -210,7 +210,7 @@ func pemToKeyAndID(pem []byte) (crypto.PublicKey, string, error) {
 	}
 	logID, err := cosign.GetTransparencyLogID(pk)
 	if err != nil {
-		return nil, "", fmt.Errorf("failed to construct LogId for rekor: %w", err)
+		return nil, "", fmt.Errorf("failed to construct LogID for rekor: %w", err)
 	}
 	return pk, logID, nil
 }

pkg/reconciler/trustroot/trustroot_test.go

@@ -73,8 +73,8 @@ MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEvffI/l54rF7zt3/3BfNoX1twzqH7
 7upU19F2Y+wuGoa2VcDZs2K98Q+gro8Ed8mAqA2zTTtHezAoi2oAueg78Q==
 -----END PUBLIC KEY-----
 `
-	// This is the LogId for above PublicKey
-	ctfeLogId = "bbe211cdeecb41c47c88fb8e71ecc98196976a1c596cb563427004c02297b838"
+	// This is the LogID for above PublicKey
+	ctfeLogID = "bbe211cdeecb41c47c88fb8e71ecc98196976a1c596cb563427004c02297b838"
 
 	fulcioCert = `-----BEGIN CERTIFICATE-----
 MIIFwzCCA6ugAwIBAgIIfUmh4cIZr8QwDQYJKoZIhvcNAQELBQAwfjEMMAoGA1UE
@@ -115,8 +115,8 @@ MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEkv2fy2jJU+j8G2YeHkIUo+QRxnbG
 09agOlsJ0yGUkNIVC1rBZjxVJp1JwcEiltd5TnQZvgbA89ceC+uTDaILWQ==
 -----END PUBLIC KEY-----
 `
-	// This is the Rekor LogId constructed from above public key.
-	rekorLogId = "0b2d9e709031929627f2b11ca95e033288e7f47d19284d184ce09f38a91ec35e"
+	// This is the Rekor LogID constructed from above public key.
+	rekorLogID = "0b2d9e709031929627f2b11ca95e033288e7f47d19284d184ce09f38a91ec35e"
 
 	tsaCertChain = `-----BEGIN CERTIFICATE-----
 MIIBzDCCAXKgAwIBAgIUZUPH+OO1avjh6yXuC5ULzb1+k2UwCgYIKoZIzj0EAwIw
@@ -229,7 +229,7 @@ hw3P1+pEhW1KFW0aig+q9lK0xNcidCTcxA==
 // ctfe   => CTLog Public Key
 // fulcio => CertificateAuthority certificate
 // rekor  => TLog PublicKey
-// tsa    => TimestampAuthorities certificate chain (root, intermediate, leaf)
+// tsa    => TimeStampAuthorities certificate chain (root, intermediate, leaf)
 var sigstoreKeys = map[string]string{
 	"ctfe":   ctfePublicKey,
 	"fulcio": fulcioCert,
@@ -460,11 +460,11 @@ func makeConfigMapWithSigstoreKeys() *corev1.ConfigMap {
 	source := NewTrustRoot(trName, WithSigstoreKeys(sigstoreKeys))
 	c := config.ConvertSigstoreKeys(context.Background(), source.Spec.SigstoreKeys)
 	for i := range c.Tlogs {
-		c.Tlogs[i].LogId = &config.LogId{KeyId: []byte(rekorLogId)}
+		c.Tlogs[i].LogId = &config.LogId{KeyId: []byte(rekorLogID)}
 
 	}
 	for i := range c.Ctlogs {
-		c.Ctlogs[i].LogId = &config.LogId{KeyId: []byte(ctfeLogId)}
+		c.Ctlogs[i].LogId = &config.LogId{KeyId: []byte(ctfeLogID)}
 	}
 	marshalled, err := resources.Marshal(c)
 	if err != nil {
@@ -662,8 +662,8 @@ func TestConvertSigstoreKeys(t *testing.T) {
 		if err != nil {
 			t.Fatalf("failed to parse url: %v", err)
 		}
-		source.Tlogs = append(source.Tlogs, v1alpha1.TransparencyLogInstance{
-			BaseUrl:       *url,
+		source.TLogs = append(source.TLogs, v1alpha1.TransparencyLogInstance{
+			BaseURL:       *url,
 			HashAlgorithm: tlog.hashAlgorithm,
 			PublicKey:     tlog.publicKey.pem,
 		})
@@ -673,8 +673,8 @@ func TestConvertSigstoreKeys(t *testing.T) {
 		if err != nil {
 			t.Fatalf("failed to parse url: %v", err)
 		}
-		source.Ctlogs = append(source.Ctlogs, v1alpha1.TransparencyLogInstance{
-			BaseUrl:       *url,
+		source.CTLogs = append(source.CTLogs, v1alpha1.TransparencyLogInstance{
+			BaseURL:       *url,
 			HashAlgorithm: ctlog.hashAlgorithm,
 			PublicKey:     ctlog.publicKey.pem,
 		})
@@ -698,7 +698,7 @@ func TestConvertSigstoreKeys(t *testing.T) {
 		if err != nil {
 			t.Fatalf("failed to parse url: %v", err)
 		}
-		source.TimestampAuthorities = append(source.TimestampAuthorities, v1alpha1.CertificateAuthority{
+		source.TimeStampAuthorities = append(source.TimeStampAuthorities, v1alpha1.CertificateAuthority{
 			Subject: v1alpha1.DistinguishedName{
 				Organization: tsa.org,
 				CommonName:   tsa.commonName,

pkg/webhook/clusterimagepolicy/clusterimagepolicy_types.go

@@ -161,7 +161,7 @@ type AttestationPolicy struct {
 // RFC3161Timestamp specifies the URL to a RFC3161 time-stamping server that holds
 // the time-stamped verification for the signature
 type RFC3161Timestamp struct {
-	// Use the Certificate Chain from the referred TrustRoot.TimestampAuthorities
+	// Use the Certificate Chain from the referred TrustRoot.TimeStampAuthorities
 	// +optional
 	TrustRootRef string `json:"trustRootRef,omitempty"`
 }