Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Fix bugs in googleca and update flag description #897

Merged
merged 5 commits into from
Nov 29, 2022
Merged

Fix bugs in googleca and update flag description #897

merged 5 commits into from
Nov 29, 2022
+148 −14

Conversation

priyawadhwa
Copy link
Contributor

@priyawadhwa priyawadhwa commented Nov 21, 2022
edited
Loading

This fixes 2 bugs in the googleca:

  1. We would always fail in TrustBundle because we were checking if len(roots) == 0 instead of if len(caCerts) == 0, roots was always empty at this point
  2. Allow specifying certificateAuthority in the gcp_private_ca_parent flag

Signed-off-by: Priya Wadhwa [email protected]

Release Note

Fix bugs in googleca and update flag description

haydentherapper
haydentherapper requested changes Nov 22, 2022
View reviewed changes
cmd/app/serve.go Show resolved Hide resolved
haydentherapper
haydentherapper requested changes Nov 22, 2022
View reviewed changes
cmd/app/serve.go Show resolved Hide resolved
pkg/ca/googleca/v1/googleca.go Show resolved Hide resolved
@priyawadhwa
Code review comments
ecedc7b 
Signed-off-by: Priya Wadhwa <[email protected]>
haydentherapper
haydentherapper reviewed Nov 25, 2022
View reviewed changes
Copy link
Contributor

@haydentherapper haydentherapper left a comment
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

just a couple comments, looks good!

cmd/app/serve.go Outdated Show resolved Hide resolved
pkg/ca/googleca/v1/googleca.go Outdated
parent string
client *privateca.CertificateAuthorityClient
certAuthority string
certAuthorityParent string
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I'd merge these two variables into one, caPool, since they represent the same resource. You can then check if certAuthority is set to decide whether or not to target a specific CA

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

So we do need both of them later on, the full certAuthorityParent in the GetCertificateAuthority request and just the name of the CA certAuthority when actually making the request for IssuingCertificateAuthorityId.

i think it's more understandable to do all the validation/string splitting logic at the beginning and then have everything we need later on when actually getting CA's/making requests.

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Oh I see my confusion, it's around terminology. I thought two referred to the same resource. I would use the terms from aip.dev to describe the resources and IDs here:

  • certAuthority -> certAuthorityID (since it represents just an ID)
  • certAuthorityParent -> certAuthorityResource (since it's the full resource string)
  • caPoolParent -> caPoolResource

Does that sound good? "parent" was what was confusing, since a parent of the a resource is a different resource.

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Sure, that's fine. I'd still keep "parent" personally to follow the google naming standards for a googleca, but am fine with changing it too. It's updated now.

@priyawadhwa
Fix nit
ba06735 
Signed-off-by: Priya Wadhwa <[email protected]>
@priyawadhwa
Update variable names
c0981b3 
Signed-off-by: Priya Wadhwa <[email protected]>
@codecov-commenter
Copy link

Codecov Report

Merging #897 (c0981b3) into main (81ecec8) will decrease coverage by 0.84%.
The diff coverage is 17.54%.

@@            Coverage Diff             @@
##             main     #897      +/-   ##
==========================================
- Coverage   55.63%   54.78%   -0.85%     
==========================================
  Files          38       38              
  Lines        2333     2380      +47     
==========================================
+ Hits         1298     1304       +6     
- Misses        939      980      +41     
  Partials       96       96
Impacted Files Coverage Δ
pkg/ca/googleca/v1/googleca.go 37.50% <14.54%> (-10.05%) ⬇️
cmd/app/serve.go 19.90% <100.00%> (+0.37%) ⬆️

Help us with your feedback. Take ten seconds to tell us how you rate us. Have a feature suggestion? Share it here.

@haydentherapper haydentherapper merged commit 865c05a into sigstore:main Nov 29, 2022
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@haydentherapper haydentherapper haydentherapper approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@priyawadhwa @codecov-commenter @haydentherapper