Skip to content

Commit

Permalink
Don't require cert-identity or cert-oidc-issuer in keyed mode
Browse files Browse the repository at this point in the history 
Signed-off-by: kpk47 <kkris@google.com>
  • Loading branch information
@kpk47
kpk47 committed Nov 7, 2022
1 parent e5e9636 commit 8cc212f
Show file tree
Hide file tree
Showing 4 changed files with 6 additions and 14 deletions.
8 changes: 0 additions & 8 deletions cmd/cosign/cli/verify.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -16,7 +16,6 @@
package cli

import (
"errors"
"fmt"

"github.com/google/go-containerregistry/pkg/name"
Expand Down Expand Up @@ -182,10 +181,6 @@ against the transparency log.`,
Args: cobra.MinimumNArgs(1),
PersistentPreRun: options.BindViper,
RunE: func(cmd *cobra.Command, args []string) error {
if o.CertVerify.CertIdentity == "" || o.CertVerify.CertOidcIssuer == "" {
return errors.New("--certificate-identity and --certificate-oidc-issuer are required for verification")
}

v := verify.VerifyAttestationCommand{
RegistryOptions: o.Registry,
CheckClaims: o.CheckClaims,
Expand Down Expand Up @@ -269,9 +264,6 @@ The blob may be specified as a path to a file or - for stdin.`,
Args: cobra.ExactArgs(1),
PersistentPreRun: options.BindViper,
RunE: func(cmd *cobra.Command, args []string) error {
if o.CertVerify.CertIdentity == "" || o.CertVerify.CertOidcIssuer == "" {
return errors.New("--certificate-identity and --certificate-oidc-issuer are required for verification")
}
ko := options.KeyOpts{
KeyRef: o.Key,
Sk: o.SecurityKey.Use,
Expand Down
4 changes: 2 additions & 2 deletions cmd/cosign/cli/verify/verify.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -96,8 +96,8 @@ func (c *VerifyCommand) Exec(ctx context.Context, images []string) (err error) {
return fmt.Errorf("constructing client options: %w", err)
}

if c.CertIdentity == "" || c.CertOidcIssuer == "" {
return errors.New("--certificate-identity and --certificate-oidc-issuer are required for verification")
if c.KeyRef == "" && (c.CertIdentity == "" || c.CertOidcIssuer == "") {
return errors.New("--certificate-identity and --certificate-oidc-issuer are required for verification in keyless mode")
}

co := &cosign.CheckOpts{
Expand Down
4 changes: 2 additions & 2 deletions cmd/cosign/cli/verify/verify_attestation.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -79,8 +79,8 @@ func (c *VerifyAttestationCommand) Exec(ctx context.Context, images []string) (e
return fmt.Errorf("constructing client options: %w", err)
}

if c.CertIdentity == "" || c.CertOidcIssuer == "" {
return errors.New("--certificate-identity and --certificate-oidc-issuer are required for verification")
if c.KeyRef == "" && (c.CertIdentity == "" || c.CertOidcIssuer == "") {
return errors.New("--certificate-identity and --certificate-oidc-issuer are required for verification in keyless mode")
}

co := &cosign.CheckOpts{
Expand Down
4 changes: 2 additions & 2 deletions cmd/cosign/cli/verify/verify_blob.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -100,8 +100,8 @@ func (c *VerifyBlobCmd) Exec(ctx context.Context, blobRef string) error {
return err
}

if c.CertIdentity == "" || c.CertOIDCIssuer == "" {
return errors.New("--certificate-identity and --certificate-oidc-issuer are required for verification")
if c.KeyRef == "" && (c.CertIdentity == "" || c.CertOIDCIssuer == "") {
return errors.New("--certificate-identity and --certificate-oidc-issuer are required for verification in keyless mode")
}

co := &cosign.CheckOpts{
Expand Down

0 comments on commit 8cc212f

Please sign in to comment.