-
Notifications
You must be signed in to change notification settings - Fork 553
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[cosign/pkg] High-level, pluggable, composable, cosign
ing and verification flows
#844
Comments
The imagined high-level API would be something like:
or possibly, for the more functional people in the audience:
The inputs would be presented to steps in turn and results passed to subsequent steps. This way we can fully abstract away interactions with storage, eliminate complex control flow related to upload/verification with |
I think the key bit here is that we should decompose the CLI spaghetti monster around a few key interfaces: type Signer interface {
Sign(Signable) (Sig, error)
Attest(Signable, Attestation) (Sig, error)
}
type Verifier interface {
...
} We could split out implementations of these interfaces into separate packages for:
The over-arching goal would be for the CLI to effectively be a glorified orchestrator that composes these packages based on options, but that downstream library consumers with more focused intentions could compose specific elements more concretely (e.g. if I know I want Fulcio, I don't need to vendor every KMS system's SDK). |
I'm late in adding thoughts, but here's a first pass of questions after trying to use the existing functions (under
Let me know if there's a place to find the latest state of this work, and if it'd be helpful for me to grab some tasks on this refactor as well. ✌️ |
I'm wondering if perhaps the IIUC, implementations of A related question is: should both My suspicion is that callers of I'd love to hear others' latest thinking. ❤️ In the meantime, I plan to open a draft PR soon with some of my ideas thus far, intended for open-season critique! |
Question: Should we consider moving some part of this to sigstore/sigstore? A lot of the logic that's getting changed seems to be pure signature logic, as opposed to logic that's coupled closely with container images and registries. |
Splitting
Yes and no. We are dealing with signatures on arbitrary inputs, which just so happen to be living in an OCI world. |
This makes sense. I think this is a separate question from "which methods does the
This seems like the right distinction. So maybe "yes" to "some part", but only for logic that's truly decoupled from the OCI world. Thanks for the response, @dekkagaijin! |
Right now
cosign
as a package is tightly coupled with its signing and verification implementation:fulcio
certsrekor
This leads to significant amounts of control flow being required to properly implement even canonical signing/verifying operations.
As a follow-up to @mattmoor's work to bury OCI registry-specific implementation under a more generic API, we should also consider how we could present individual operations (e.g.
fulcio
,rekor
upload/verification) as generic, pluggable parts of a high-level control flow.The text was updated successfully, but these errors were encountered: