mirror of
https://github.com/kyverno/kyverno.git
synced 2024-12-15 17:51:20 +00:00
ea19244876
* fix: expect base64 string in raw tuf root Signed-off-by: Vishal Choudhary <vishal.choudhary@nirmata.com> * fix: add tests Signed-off-by: Vishal Choudhary <vishal.choudhary@nirmata.com> * fix: rename kyverno yaml file Signed-off-by: Vishal Choudhary <vishal.choudhary@nirmata.com> --------- Signed-off-by: Vishal Choudhary <vishal.choudhary@nirmata.com> Co-authored-by: shuting <shuting@nirmata.com>
39 lines
1.1 KiB
Go
39 lines
1.1 KiB
Go
package internal
|
|
|
|
import (
|
|
"context"
|
|
"encoding/base64"
|
|
"fmt"
|
|
|
|
"github.com/go-logr/logr"
|
|
"github.com/sigstore/cosign/v2/pkg/blob"
|
|
"github.com/sigstore/sigstore/pkg/tuf"
|
|
)
|
|
|
|
func setupSigstoreTUF(ctx context.Context, logger logr.Logger) {
|
|
if !enableTUF {
|
|
return
|
|
}
|
|
|
|
logger = logger.WithName("sigstore-tuf").WithValues("tufRoot", tufRoot, "tufRootRaw", tufRootRaw, "tufMirror", tufMirror)
|
|
logger.Info("setup tuf client for sigstore...")
|
|
var tufRootBytes []byte
|
|
var err error
|
|
if tufRoot != "" {
|
|
tufRootBytes, err = blob.LoadFileOrURL(tufRoot)
|
|
if err != nil {
|
|
checkError(logger, err, fmt.Sprintf("Failed to read alternate TUF root file %s : %v", tufRoot, err))
|
|
}
|
|
} else if tufRootRaw != "" {
|
|
root, err := base64.StdEncoding.DecodeString(tufRootRaw)
|
|
if err != nil {
|
|
checkError(logger, err, fmt.Sprintf("Failed to base64 decode TUF root %s : %v", tufRootRaw, err))
|
|
}
|
|
tufRootBytes = root
|
|
}
|
|
|
|
logger.Info("Initializing TUF root")
|
|
if err := tuf.Initialize(ctx, tufMirror, tufRootBytes); err != nil {
|
|
checkError(logger, err, fmt.Sprintf("Failed to initialize TUF client from %s : %v", tufRoot, err))
|
|
}
|
|
}
|