diff --git a/docs/api-types/index.md b/docs/api-types/index.md index 2ff69465..c3cdbb51 100644 --- a/docs/api-types/index.md +++ b/docs/api-types/index.md @@ -189,7 +189,7 @@ RFC3161Timestamp specifies the URL to a RFC3161 time-stamping server that holds | Field | Description | Scheme | Required | | ----- | ----------- | ------ | -------- | -| trustRootRef | Use the Certificate Chain from the referred TrustRoot.TimestampAuthorities | string | false | +| trustRootRef | Use the Certificate Chain from the referred TrustRoot.TimeStampAuthorities | string | false | [Back to TOC](#table-of-contents) diff --git a/go.mod b/go.mod index 6af1a99c..c6502409 100644 --- a/go.mod +++ b/go.mod @@ -42,7 +42,7 @@ require ( golang.org/x/sys v0.18.0 // indirect golang.org/x/time v0.5.0 google.golang.org/grpc v1.61.1 // indirect - google.golang.org/protobuf v1.32.0 + google.golang.org/protobuf v1.32.0 gopkg.in/yaml.v3 v3.0.1 k8s.io/api v0.29.2 k8s.io/apimachinery v0.29.2 diff --git a/pkg/apis/config/sigstore_keys.go b/pkg/apis/config/sigstore_keys.go index be753ecc..a49d663c 100644 --- a/pkg/apis/config/sigstore_keys.go +++ b/pkg/apis/config/sigstore_keys.go @@ -37,17 +37,12 @@ const ( SigstoreKeysConfigName = "config-sigstore-keys" ) +// Type aliases for types from protobuf-specs. TODO: Consider just importing +// the protobuf-specs types directly from each package as needed. + // SigstoreKeys contains all the necessary Keys and Certificates for validating // against a specific instance of Sigstore. -// TODO(vaikas): See about replacing these with the protos here once they land -// and see how easy it is to replace with protos instead of our custom defs -// above. -// https://github.com/sigstore/protobuf-specs/pull/5 -// And in particular: https://github.com/sigstore/protobuf-specs/pull/5/files#diff-b1f89b7fd3eb27b519380b092a2416f893a96fbba3f8c90cfa767e7687383ad4R70 -// Well, not the multi-root, but one instance of that is exactly the -// SigstoreKeys. type SigstoreKeys = pbtrustroot.TrustedRoot - type CertificateAuthority = pbtrustroot.CertificateAuthority type TransparencyLogInstance = pbtrustroot.TransparencyLogInstance type DistinguishedName = pbcommon.DistinguishedName @@ -102,19 +97,19 @@ func ConvertSigstoreKeys(_ context.Context, source *v1alpha1.SigstoreKeys) *Sigs sk.CertificateAuthorities[i] = ConvertCertificateAuthority(source.CertificateAuthorities[i]) } - sk.Tlogs = make([]*pbtrustroot.TransparencyLogInstance, len(source.Tlogs)) - for i := range source.Tlogs { - sk.Tlogs[i] = ConvertTransparencyLogInstance(source.Tlogs[i]) + sk.Tlogs = make([]*pbtrustroot.TransparencyLogInstance, len(source.TLogs)) + for i := range source.TLogs { + sk.Tlogs[i] = ConvertTransparencyLogInstance(source.TLogs[i]) } - sk.Ctlogs = make([]*pbtrustroot.TransparencyLogInstance, len(source.Ctlogs)) - for i := range source.Ctlogs { - sk.Ctlogs[i] = ConvertTransparencyLogInstance(source.Ctlogs[i]) + sk.Ctlogs = make([]*pbtrustroot.TransparencyLogInstance, len(source.CTLogs)) + for i := range source.CTLogs { + sk.Ctlogs[i] = ConvertTransparencyLogInstance(source.CTLogs[i]) } - sk.TimestampAuthorities = make([]*pbtrustroot.CertificateAuthority, len(source.TimestampAuthorities)) - for i := range source.TimestampAuthorities { - sk.TimestampAuthorities[i] = ConvertCertificateAuthority(source.TimestampAuthorities[i]) + sk.TimestampAuthorities = make([]*pbtrustroot.CertificateAuthority, len(source.TimeStampAuthorities)) + for i := range source.TimeStampAuthorities { + sk.TimestampAuthorities[i] = ConvertCertificateAuthority(source.TimeStampAuthorities[i]) } return sk } @@ -156,7 +151,7 @@ func ConvertTransparencyLogInstance(source v1alpha1.TransparencyLogInstance) *pb } return &pbtrustroot.TransparencyLogInstance{ - BaseUrl: source.BaseUrl.String(), + BaseUrl: source.BaseURL.String(), HashAlgorithm: hashAlgorithm, PublicKey: DeserializePublicKey(source.PublicKey), LogId: &pbcommon.LogId{ diff --git a/pkg/apis/policy/v1alpha1/clusterimagepolicy_types.go b/pkg/apis/policy/v1alpha1/clusterimagepolicy_types.go index b04dc124..32cf7978 100644 --- a/pkg/apis/policy/v1alpha1/clusterimagepolicy_types.go +++ b/pkg/apis/policy/v1alpha1/clusterimagepolicy_types.go @@ -337,7 +337,7 @@ type Identity struct { // RFC3161Timestamp specifies the URL to a RFC3161 time-stamping server that holds // the time-stamped verification for the signature type RFC3161Timestamp struct { - // Use the Certificate Chain from the referred TrustRoot.TimestampAuthorities + // Use the Certificate Chain from the referred TrustRoot.TimeStampAuthorities // +optional TrustRootRef string `json:"trustRootRef,omitempty"` } diff --git a/pkg/apis/policy/v1alpha1/trustroot_types.go b/pkg/apis/policy/v1alpha1/trustroot_types.go index 8630bb11..727c4efc 100644 --- a/pkg/apis/policy/v1alpha1/trustroot_types.go +++ b/pkg/apis/policy/v1alpha1/trustroot_types.go @@ -136,7 +136,7 @@ type Repository struct { // and verify an inclusion promise. type TransparencyLogInstance struct { // The base URL which can be used for URLs for clients. - BaseUrl apis.URL `json:"baseURL"` + BaseURL apis.URL `json:"baseURL"` // / The hash algorithm used for the Merkle Tree HashAlgorithm string `json:"hashAlgorithm"` // PEM encoded public key @@ -180,13 +180,13 @@ type SigstoreKeys struct { CertificateAuthorities []CertificateAuthority `json:"certificateAuthorities"` // Rekor log specifications // +optional - Tlogs []TransparencyLogInstance `json:"tLogs,omitempty"` + TLogs []TransparencyLogInstance `json:"tLogs,omitempty"` // Certificate Transparency Log // +optional - Ctlogs []TransparencyLogInstance `json:"ctLogs,omitempty"` + CTLogs []TransparencyLogInstance `json:"ctLogs,omitempty"` // Trusted timestamping authorities // +optional - TimestampAuthorities []CertificateAuthority `json:"timestampAuthorities,omitempty"` + TimeStampAuthorities []CertificateAuthority `json:"timestampAuthorities,omitempty"` } // TrustRootStatus represents the current state of a TrustRoot. diff --git a/pkg/apis/policy/v1alpha1/trustroot_validation.go b/pkg/apis/policy/v1alpha1/trustroot_validation.go index f2d28432..115f3049 100644 --- a/pkg/apis/policy/v1alpha1/trustroot_validation.go +++ b/pkg/apis/policy/v1alpha1/trustroot_validation.go @@ -106,7 +106,7 @@ func (remote *Remote) Validate(ctx context.Context) (errors *apis.FieldError) { } func (sigstoreKeys *SigstoreKeys) Validate(ctx context.Context) (errors *apis.FieldError) { - if len(sigstoreKeys.CertificateAuthorities) == 0 && len(sigstoreKeys.TimestampAuthorities) == 0 { + if len(sigstoreKeys.CertificateAuthorities) == 0 && len(sigstoreKeys.TimeStampAuthorities) == 0 { errors = errors.Also(apis.ErrMissingOneOf("certificateAuthority", "timestampAuthorities")) } else { for i, ca := range sigstoreKeys.CertificateAuthorities { @@ -116,13 +116,13 @@ func (sigstoreKeys *SigstoreKeys) Validate(ctx context.Context) (errors *apis.Fi // These are optionals, so we just validate them if they are there and do // not report them as missing. - for i, tsa := range sigstoreKeys.TimestampAuthorities { + for i, tsa := range sigstoreKeys.TimeStampAuthorities { errors = ValidateTimeStampAuthority(ctx, tsa).ViaFieldIndex("timestampAuthorities", i) } - for i, ctl := range sigstoreKeys.Ctlogs { + for i, ctl := range sigstoreKeys.CTLogs { errors = ValidateTransparencyLogInstance(ctx, ctl).ViaFieldIndex("ctLogs", i) } - for i, tl := range sigstoreKeys.Tlogs { + for i, tl := range sigstoreKeys.TLogs { errors = ValidateTransparencyLogInstance(ctx, tl).ViaFieldIndex("tLogs", i) } return @@ -183,7 +183,7 @@ func ValidateDistinguishedName(_ context.Context, dn DistinguishedName) (errors } func ValidateTransparencyLogInstance(_ context.Context, tli TransparencyLogInstance) (errors *apis.FieldError) { - if tli.BaseUrl.String() == "" { + if tli.BaseURL.String() == "" { errors = errors.Also(apis.ErrMissingField("baseURL")) } if tli.HashAlgorithm == "" { diff --git a/pkg/apis/policy/v1alpha1/zz_generated.deepcopy.go b/pkg/apis/policy/v1alpha1/zz_generated.deepcopy.go index ea577275..1743a248 100644 --- a/pkg/apis/policy/v1alpha1/zz_generated.deepcopy.go +++ b/pkg/apis/policy/v1alpha1/zz_generated.deepcopy.go @@ -523,22 +523,22 @@ func (in *SigstoreKeys) DeepCopyInto(out *SigstoreKeys) { (*in)[i].DeepCopyInto(&(*out)[i]) } } - if in.Tlogs != nil { - in, out := &in.Tlogs, &out.Tlogs + if in.TLogs != nil { + in, out := &in.TLogs, &out.TLogs *out = make([]TransparencyLogInstance, len(*in)) for i := range *in { (*in)[i].DeepCopyInto(&(*out)[i]) } } - if in.Ctlogs != nil { - in, out := &in.Ctlogs, &out.Ctlogs + if in.CTLogs != nil { + in, out := &in.CTLogs, &out.CTLogs *out = make([]TransparencyLogInstance, len(*in)) for i := range *in { (*in)[i].DeepCopyInto(&(*out)[i]) } } - if in.TimestampAuthorities != nil { - in, out := &in.TimestampAuthorities, &out.TimestampAuthorities + if in.TimeStampAuthorities != nil { + in, out := &in.TimeStampAuthorities, &out.TimeStampAuthorities *out = make([]CertificateAuthority, len(*in)) for i := range *in { (*in)[i].DeepCopyInto(&(*out)[i]) @@ -623,7 +623,7 @@ func (in *TLog) DeepCopy() *TLog { // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *TransparencyLogInstance) DeepCopyInto(out *TransparencyLogInstance) { *out = *in - in.BaseUrl.DeepCopyInto(&out.BaseUrl) + in.BaseURL.DeepCopyInto(&out.BaseURL) if in.PublicKey != nil { in, out := &in.PublicKey, &out.PublicKey *out = make([]byte, len(*in)) diff --git a/pkg/apis/policy/v1beta1/clusterimagepolicy_types.go b/pkg/apis/policy/v1beta1/clusterimagepolicy_types.go index 90bdf20d..8e1b1b8b 100644 --- a/pkg/apis/policy/v1beta1/clusterimagepolicy_types.go +++ b/pkg/apis/policy/v1beta1/clusterimagepolicy_types.go @@ -334,7 +334,7 @@ type Identity struct { // RFC3161Timestamp specifies the URL to a RFC3161 time-stamping server that holds // the time-stamped verification for the signature type RFC3161Timestamp struct { - // Use the Certificate Chain from the referred TrustRoot.TimestampAuthorities + // Use the Certificate Chain from the referred TrustRoot.TimeStampAuthorities // +optional TrustRootRef string `json:"trustRootRef,omitempty"` } diff --git a/pkg/reconciler/testing/v1alpha1/trustroot.go b/pkg/reconciler/testing/v1alpha1/trustroot.go index 5d463813..23f5591c 100644 --- a/pkg/reconciler/testing/v1alpha1/trustroot.go +++ b/pkg/reconciler/testing/v1alpha1/trustroot.go @@ -67,7 +67,7 @@ func WithTrustRootFinalizer(tr *v1alpha1.TrustRoot) { // WithSigstoreKeys constructs a TrustRootOption which is suitable // for reconciler table driven testing. It hardcodes things like -// organizations/common names, and URI/BaseUrls with predictable +// organizations/common names, and URI/BaseURLs with predictable // values. func WithSigstoreKeys(sk map[string]string) TrustRootOption { return func(tr *v1alpha1.TrustRoot) { @@ -80,17 +80,17 @@ func WithSigstoreKeys(sk map[string]string) TrustRootOption { URI: *apis.HTTPS("fulcio.example.com"), CertChain: []byte(sk["fulcio"]), }}, - Tlogs: []v1alpha1.TransparencyLogInstance{{ - BaseUrl: *apis.HTTPS("rekor.example.com"), + TLogs: []v1alpha1.TransparencyLogInstance{{ + BaseURL: *apis.HTTPS("rekor.example.com"), HashAlgorithm: "sha-256", PublicKey: []byte(sk["rekor"]), }}, - Ctlogs: []v1alpha1.TransparencyLogInstance{{ - BaseUrl: *apis.HTTPS("ctfe.example.com"), + CTLogs: []v1alpha1.TransparencyLogInstance{{ + BaseURL: *apis.HTTPS("ctfe.example.com"), HashAlgorithm: "sha-256", PublicKey: []byte(sk["ctfe"]), }}, - TimestampAuthorities: []v1alpha1.CertificateAuthority{{ + TimeStampAuthorities: []v1alpha1.CertificateAuthority{{ Subject: v1alpha1.DistinguishedName{ Organization: "tsa-organization", CommonName: "tsa-common-name", diff --git a/pkg/reconciler/trustroot/trustroot.go b/pkg/reconciler/trustroot/trustroot.go index 51532eec..20b97cd8 100644 --- a/pkg/reconciler/trustroot/trustroot.go +++ b/pkg/reconciler/trustroot/trustroot.go @@ -79,7 +79,7 @@ func (r *Reconciler) ReconcileKind(ctx context.Context, trustroot *v1alpha1.Trus return err } trustroot.Status.MarkInlineKeysOk() - // LogIds for Rekor get created from the PublicKey, so we need to construct + // LogIDs for Rekor get created from the PublicKey, so we need to construct // them before serializing. // Note this is identical to what we do with CTLog PublicKeys, but they // are not restricted to being only ecdsa.PublicKey. @@ -210,7 +210,7 @@ func pemToKeyAndID(pem []byte) (crypto.PublicKey, string, error) { } logID, err := cosign.GetTransparencyLogID(pk) if err != nil { - return nil, "", fmt.Errorf("failed to construct LogId for rekor: %w", err) + return nil, "", fmt.Errorf("failed to construct LogID for rekor: %w", err) } return pk, logID, nil } diff --git a/pkg/reconciler/trustroot/trustroot_test.go b/pkg/reconciler/trustroot/trustroot_test.go index ed75cbc1..e5c78eee 100644 --- a/pkg/reconciler/trustroot/trustroot_test.go +++ b/pkg/reconciler/trustroot/trustroot_test.go @@ -73,8 +73,8 @@ MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEvffI/l54rF7zt3/3BfNoX1twzqH7 7upU19F2Y+wuGoa2VcDZs2K98Q+gro8Ed8mAqA2zTTtHezAoi2oAueg78Q== -----END PUBLIC KEY----- ` - // This is the LogId for above PublicKey - ctfeLogId = "bbe211cdeecb41c47c88fb8e71ecc98196976a1c596cb563427004c02297b838" + // This is the LogID for above PublicKey + ctfeLogID = "bbe211cdeecb41c47c88fb8e71ecc98196976a1c596cb563427004c02297b838" fulcioCert = `-----BEGIN CERTIFICATE----- MIIFwzCCA6ugAwIBAgIIfUmh4cIZr8QwDQYJKoZIhvcNAQELBQAwfjEMMAoGA1UE @@ -115,8 +115,8 @@ MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEkv2fy2jJU+j8G2YeHkIUo+QRxnbG 09agOlsJ0yGUkNIVC1rBZjxVJp1JwcEiltd5TnQZvgbA89ceC+uTDaILWQ== -----END PUBLIC KEY----- ` - // This is the Rekor LogId constructed from above public key. - rekorLogId = "0b2d9e709031929627f2b11ca95e033288e7f47d19284d184ce09f38a91ec35e" + // This is the Rekor LogID constructed from above public key. + rekorLogID = "0b2d9e709031929627f2b11ca95e033288e7f47d19284d184ce09f38a91ec35e" tsaCertChain = `-----BEGIN CERTIFICATE----- MIIBzDCCAXKgAwIBAgIUZUPH+OO1avjh6yXuC5ULzb1+k2UwCgYIKoZIzj0EAwIw @@ -229,7 +229,7 @@ hw3P1+pEhW1KFW0aig+q9lK0xNcidCTcxA== // ctfe => CTLog Public Key // fulcio => CertificateAuthority certificate // rekor => TLog PublicKey -// tsa => TimestampAuthorities certificate chain (root, intermediate, leaf) +// tsa => TimeStampAuthorities certificate chain (root, intermediate, leaf) var sigstoreKeys = map[string]string{ "ctfe": ctfePublicKey, "fulcio": fulcioCert, @@ -460,11 +460,11 @@ func makeConfigMapWithSigstoreKeys() *corev1.ConfigMap { source := NewTrustRoot(trName, WithSigstoreKeys(sigstoreKeys)) c := config.ConvertSigstoreKeys(context.Background(), source.Spec.SigstoreKeys) for i := range c.Tlogs { - c.Tlogs[i].LogId = &config.LogId{KeyId: []byte(rekorLogId)} + c.Tlogs[i].LogId = &config.LogId{KeyId: []byte(rekorLogID)} } for i := range c.Ctlogs { - c.Ctlogs[i].LogId = &config.LogId{KeyId: []byte(ctfeLogId)} + c.Ctlogs[i].LogId = &config.LogId{KeyId: []byte(ctfeLogID)} } marshalled, err := resources.Marshal(c) if err != nil { @@ -662,8 +662,8 @@ func TestConvertSigstoreKeys(t *testing.T) { if err != nil { t.Fatalf("failed to parse url: %v", err) } - source.Tlogs = append(source.Tlogs, v1alpha1.TransparencyLogInstance{ - BaseUrl: *url, + source.TLogs = append(source.TLogs, v1alpha1.TransparencyLogInstance{ + BaseURL: *url, HashAlgorithm: tlog.hashAlgorithm, PublicKey: tlog.publicKey.pem, }) @@ -673,8 +673,8 @@ func TestConvertSigstoreKeys(t *testing.T) { if err != nil { t.Fatalf("failed to parse url: %v", err) } - source.Ctlogs = append(source.Ctlogs, v1alpha1.TransparencyLogInstance{ - BaseUrl: *url, + source.CTLogs = append(source.CTLogs, v1alpha1.TransparencyLogInstance{ + BaseURL: *url, HashAlgorithm: ctlog.hashAlgorithm, PublicKey: ctlog.publicKey.pem, }) @@ -698,7 +698,7 @@ func TestConvertSigstoreKeys(t *testing.T) { if err != nil { t.Fatalf("failed to parse url: %v", err) } - source.TimestampAuthorities = append(source.TimestampAuthorities, v1alpha1.CertificateAuthority{ + source.TimeStampAuthorities = append(source.TimeStampAuthorities, v1alpha1.CertificateAuthority{ Subject: v1alpha1.DistinguishedName{ Organization: tsa.org, CommonName: tsa.commonName, diff --git a/pkg/webhook/clusterimagepolicy/clusterimagepolicy_types.go b/pkg/webhook/clusterimagepolicy/clusterimagepolicy_types.go index 04e5da8d..e4097b35 100644 --- a/pkg/webhook/clusterimagepolicy/clusterimagepolicy_types.go +++ b/pkg/webhook/clusterimagepolicy/clusterimagepolicy_types.go @@ -161,7 +161,7 @@ type AttestationPolicy struct { // RFC3161Timestamp specifies the URL to a RFC3161 time-stamping server that holds // the time-stamped verification for the signature type RFC3161Timestamp struct { - // Use the Certificate Chain from the referred TrustRoot.TimestampAuthorities + // Use the Certificate Chain from the referred TrustRoot.TimeStampAuthorities // +optional TrustRootRef string `json:"trustRootRef,omitempty"` } diff --git a/pkg/webhook/validator_test.go b/pkg/webhook/validator_test.go index f61ebb25..3a652cae 100644 --- a/pkg/webhook/validator_test.go +++ b/pkg/webhook/validator_test.go @@ -116,16 +116,16 @@ MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAE7D2WvgqSzs9jpdJsOJ5Nl6xg8JXm Nmo7M3bN7+dQddw9Ibc2R3SV8tzBZw0rST8FKcn4apJepcKM4qUpYUeNfw== -----END PUBLIC KEY----- ` - // This is the Rekor LogId constructed from above public key. - rekorLogId = "0bac0fddd0c15fbc46f8b1bf51c2b57676a9f262294fe13417d85602e73f392a" + // This is the Rekor LogID constructed from above public key. + rekorLogID = "0bac0fddd0c15fbc46f8b1bf51c2b57676a9f262294fe13417d85602e73f392a" ctfePublicKey = `-----BEGIN PUBLIC KEY----- MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEJvCJi707fv5tMJ1U2TVMZ+uO4dKG aEcvjlCkgBCKXbrkumZV0m0dSlK1V1gxEiyQ8y6hk1MxJNe2AZrZUt7a4w== -----END PUBLIC KEY----- ` - // This is the LogId for above PublicKey - ctfeLogId = "39d1c085f7d5f3fe7a0de9e52a3ead14186891e52a9269d90de7990a30b55083" + // This is the LogID for above PublicKey + ctfeLogID = "39d1c085f7d5f3fe7a0de9e52a3ead14186891e52a9269d90de7990a30b55083" ) func TestValidatePodSpec(t *testing.T) { @@ -2959,7 +2959,7 @@ func TestFulcioCertsFromAuthority(t *testing.T) { CertChain: config.DeserializeCertChain([]byte(certChain)), }}, Ctlogs: []*config.TransparencyLogInstance{{ - LogId: &config.LogId{KeyId: []byte(ctfeLogId)}, + LogId: &config.LogId{KeyId: []byte(ctfeLogID)}, PublicKey: config.DeserializePublicKey([]byte(ctfePublicKey)), }}, } @@ -3012,7 +3012,7 @@ func TestFulcioCertsFromAuthority(t *testing.T) { ctx: testCtx, wantRoots: roots, wantIntermediates: intermediates, - wantCTLogKeys: &cosign.TrustedTransparencyLogPubKeys{Keys: map[string]cosign.TransparencyLogPubKey{ctfeLogId: {PubKey: marshalledPK, Status: tuf.Active}}}, + wantCTLogKeys: &cosign.TrustedTransparencyLogPubKeys{Keys: map[string]cosign.TransparencyLogPubKey{ctfeLogID: {PubKey: marshalledPK, Status: tuf.Active}}}, }} for _, tc := range tests { @@ -3061,17 +3061,17 @@ func TestRekorClientAndKeysFromAuthority(t *testing.T) { if len(embeddedPKs.Keys) != 1 { t.Fatalf("Did not get a single Public Key for Rekor") } - var embeddedLogId string + var embeddedLogID string var embeddedPK crypto.PublicKey for k, v := range embeddedPKs.Keys { - embeddedLogId = k + embeddedLogID = k embeddedPK = v.PubKey } sk := config.SigstoreKeys{ Tlogs: []*config.TransparencyLogInstance{{ PublicKey: config.DeserializePublicKey([]byte(rekorPublicKey)), - LogId: &config.LogId{KeyId: []byte(rekorLogId)}, + LogId: &config.LogId{KeyId: []byte(rekorLogID)}, BaseUrl: "rekor.example.com", }}, } @@ -3089,14 +3089,14 @@ func TestRekorClientAndKeysFromAuthority(t *testing.T) { tlog *v1alpha1.TLog wantErr string wantPK crypto.PublicKey - wantLogId string + wantLogID string wantClient bool ctx context.Context }{{ name: "no trustroots, uses embedded", tlog: &v1alpha1.TLog{URL: apis.HTTPS("rekor.sigstore.dev")}, wantPK: embeddedPK, - wantLogId: embeddedLogId, + wantLogID: embeddedLogID, wantClient: true, }, { @@ -3118,7 +3118,7 @@ func TestRekorClientAndKeysFromAuthority(t *testing.T) { name: "trustroot found", tlog: &v1alpha1.TLog{TrustRootRef: "test-trust-root"}, wantPK: ecpk, - wantLogId: rekorLogId, + wantLogID: rekorLogID, ctx: testCtx, wantClient: true, }} @@ -3139,10 +3139,10 @@ func TestRekorClientAndKeysFromAuthority(t *testing.T) { } else if err == nil && tc.wantErr != "" { t.Errorf("wanted error: %q got none", tc.wantErr) } - if tc.wantLogId != "" { + if tc.wantLogID != "" { if gotPKs == nil || gotPKs.Keys == nil { - t.Errorf("Wanted logid %s got none", tc.wantLogId) - } else if diff := cmp.Diff(gotPKs.Keys[tc.wantLogId].PubKey, tc.wantPK); diff != "" { + t.Errorf("Wanted logid %s got none", tc.wantLogID) + } else if diff := cmp.Diff(gotPKs.Keys[tc.wantLogID].PubKey, tc.wantPK); diff != "" { t.Errorf("did not get wanted PK: %s", diff) } } else if gotPKs != nil { @@ -3174,10 +3174,10 @@ func TestCheckOptsFromAuthority(t *testing.T) { if len(embeddedPKs.Keys) != 1 { t.Fatalf("Did not get a single Public Key for Rekor") } - var embeddedLogId string + var embeddedLogID string var embeddedPK crypto.PublicKey for k, v := range embeddedPKs.Keys { - embeddedLogId = k + embeddedLogID = k embeddedPK = v.PubKey } @@ -3228,7 +3228,7 @@ func TestCheckOptsFromAuthority(t *testing.T) { CertChain: config.DeserializeCertChain([]byte(certChain)), }}, Ctlogs: []*config.TransparencyLogInstance{{ - LogId: &config.LogId{KeyId: []byte(ctfeLogId)}, + LogId: &config.LogId{KeyId: []byte(ctfeLogID)}, PublicKey: config.DeserializePublicKey([]byte(ctfePublicKey)), }}, } @@ -3246,7 +3246,7 @@ func TestCheckOptsFromAuthority(t *testing.T) { CertChain: config.DeserializeCertChain([]byte(certChain)), }}, Ctlogs: []*config.TransparencyLogInstance{{ - LogId: &config.LogId{KeyId: []byte(ctfeLogId)}, + LogId: &config.LogId{KeyId: []byte(ctfeLogID)}, PublicKey: config.DeserializePublicKey([]byte(ctfePublicKey)), }}, } @@ -3275,7 +3275,7 @@ func TestCheckOptsFromAuthority(t *testing.T) { Keyless: &webhookcip.KeylessRef{URL: apis.HTTPS("fulcio.sigstore.dev")}, }, wantCheckOpts: &cosign.CheckOpts{ - RekorPubKeys: &cosign.TrustedTransparencyLogPubKeys{Keys: map[string]cosign.TransparencyLogPubKey{embeddedLogId: {PubKey: embeddedPK, Status: tuf.Active}}}, + RekorPubKeys: &cosign.TrustedTransparencyLogPubKeys{Keys: map[string]cosign.TransparencyLogPubKey{embeddedLogID: {PubKey: embeddedPK, Status: tuf.Active}}}, RootCerts: embeddedRoots, IntermediateCerts: embeddedIntermediates, CTLogPubKeys: embeddedCTLogKeys, @@ -3321,7 +3321,7 @@ func TestCheckOptsFromAuthority(t *testing.T) { RootCerts: roots, IntermediateCerts: intermediates, IgnoreTlog: true, - CTLogPubKeys: &cosign.TrustedTransparencyLogPubKeys{Keys: map[string]cosign.TransparencyLogPubKey{ctfeLogId: {PubKey: marshalledPK, Status: tuf.Active}}}, + CTLogPubKeys: &cosign.TrustedTransparencyLogPubKeys{Keys: map[string]cosign.TransparencyLogPubKey{ctfeLogID: {PubKey: marshalledPK, Status: tuf.Active}}}, }, }, { name: "trustroot found, combined, with Identities", @@ -3346,7 +3346,7 @@ func TestCheckOptsFromAuthority(t *testing.T) { Issuer: "issuer", Subject: "subject", }}, - CTLogPubKeys: &cosign.TrustedTransparencyLogPubKeys{Keys: map[string]cosign.TransparencyLogPubKey{ctfeLogId: {PubKey: marshalledPK, Status: tuf.Active}}}, + CTLogPubKeys: &cosign.TrustedTransparencyLogPubKeys{Keys: map[string]cosign.TransparencyLogPubKey{ctfeLogID: {PubKey: marshalledPK, Status: tuf.Active}}}, }, }}