From d34cac1cae30a028691eecb5a05050499e0d158f Mon Sep 17 00:00:00 2001 From: Matheus Santos Date: Wed, 15 Jun 2022 17:04:09 -0300 Subject: [PATCH 1/4] refactor: A check has been created to verify if p.sigstore is different from nil and if so the sigstore configuration function is called. Signed-off-by: Matheus Santos --- .../plugin/workloadattestor/k8s/k8s_posix.go | 43 +++++++++++-------- 1 file changed, 26 insertions(+), 17 deletions(-) diff --git a/pkg/agent/plugin/workloadattestor/k8s/k8s_posix.go b/pkg/agent/plugin/workloadattestor/k8s/k8s_posix.go index 65038a8e23..f4070213cf 100644 --- a/pkg/agent/plugin/workloadattestor/k8s/k8s_posix.go +++ b/pkg/agent/plugin/workloadattestor/k8s/k8s_posix.go @@ -338,23 +338,8 @@ func (p *Plugin) Configure(ctx context.Context, req *configv1.ConfigureRequest) return nil, err } - // Configure sigstore settings - p.sigstore.ClearSkipList() - if c.SkippedImages != nil { - for _, imageID := range c.SkippedImages { - p.sigstore.AddSkippedImage(imageID) - } - } - - p.sigstore.EnableAllowSubjectList(c.AllowedSubjectListEnabled) - p.sigstore.ClearAllowedSubjects() - if c.AllowedSubjects != nil { - for _, subject := range c.AllowedSubjects { - p.sigstore.AddAllowedSubject(subject) - } - } - if c.RekorURL != "" { - if err := p.sigstore.SetRekorURL(c.RekorURL); err != nil { + if p.sigstore != nil { + if err:= configureSigstore(c, p.sigstore); err != nil{ return nil, err } } @@ -364,6 +349,30 @@ func (p *Plugin) Configure(ctx context.Context, req *configv1.ConfigureRequest) return &configv1.ConfigureResponse{}, nil } +func configureSigstore(config *k8sConfig, sigstore sigstore.Sigstore) error { + // Configure sigstore settings + sigstore.ClearSkipList() + if config.SkippedImages != nil { + for _, imageID := range config.SkippedImages { + sigstore.AddSkippedImage(imageID) + } + } + + sigstore.EnableAllowSubjectList(config.AllowedSubjectListEnabled) + sigstore.ClearAllowedSubjects() + if config.AllowedSubjects != nil { + for _, subject := range config.AllowedSubjects { + sigstore.AddAllowedSubject(subject) + } + } + if config.RekorURL != "" { + if err := sigstore.SetRekorURL(config.RekorURL); err != nil { + return err + } + } + return nil +} + func (p *Plugin) setConfig(config *k8sConfig) { p.mu.Lock() defer p.mu.Unlock() From 28dbb749b49b5faf35562599eb700c34986ea1a6 Mon Sep 17 00:00:00 2001 From: Matheus Santos Date: Thu, 16 Jun 2022 09:13:51 -0300 Subject: [PATCH 2/4] fix: fixed lint errors Signed-off-by: Matheus Santos --- pkg/agent/plugin/workloadattestor/k8s/k8s_posix.go | 4 +--- 1 file changed, 1 insertion(+), 3 deletions(-) diff --git a/pkg/agent/plugin/workloadattestor/k8s/k8s_posix.go b/pkg/agent/plugin/workloadattestor/k8s/k8s_posix.go index f4070213cf..37e10cae0d 100644 --- a/pkg/agent/plugin/workloadattestor/k8s/k8s_posix.go +++ b/pkg/agent/plugin/workloadattestor/k8s/k8s_posix.go @@ -337,13 +337,11 @@ func (p *Plugin) Configure(ctx context.Context, req *configv1.ConfigureRequest) if err := p.reloadKubeletClient(c); err != nil { return nil, err } - if p.sigstore != nil { - if err:= configureSigstore(c, p.sigstore); err != nil{ + if err := configureSigstore(c, p.sigstore); err != nil { return nil, err } } - // Set the config p.setConfig(c) return &configv1.ConfigureResponse{}, nil From 1fddd73a718c25ae467287acac09e2442f08aa18 Mon Sep 17 00:00:00 2001 From: Matheus Santos Date: Thu, 16 Jun 2022 09:23:13 -0300 Subject: [PATCH 3/4] fix: fixed lint errors Signed-off-by: Matheus Santos --- pkg/agent/plugin/workloadattestor/k8s/k8s_posix.go | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/pkg/agent/plugin/workloadattestor/k8s/k8s_posix.go b/pkg/agent/plugin/workloadattestor/k8s/k8s_posix.go index 37e10cae0d..0b33007676 100644 --- a/pkg/agent/plugin/workloadattestor/k8s/k8s_posix.go +++ b/pkg/agent/plugin/workloadattestor/k8s/k8s_posix.go @@ -354,8 +354,7 @@ func configureSigstore(config *k8sConfig, sigstore sigstore.Sigstore) error { for _, imageID := range config.SkippedImages { sigstore.AddSkippedImage(imageID) } - } - + } sigstore.EnableAllowSubjectList(config.AllowedSubjectListEnabled) sigstore.ClearAllowedSubjects() if config.AllowedSubjects != nil { From 848cbd7d09bdbd46624cbee63bf791cff8a3e081 Mon Sep 17 00:00:00 2001 From: Matheus Santos Date: Thu, 16 Jun 2022 10:54:37 -0300 Subject: [PATCH 4/4] fix: fixed lint errors Signed-off-by: Matheus Santos --- pkg/agent/plugin/workloadattestor/k8s/k8s_posix.go | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/pkg/agent/plugin/workloadattestor/k8s/k8s_posix.go b/pkg/agent/plugin/workloadattestor/k8s/k8s_posix.go index 0b33007676..06dbfc4128 100644 --- a/pkg/agent/plugin/workloadattestor/k8s/k8s_posix.go +++ b/pkg/agent/plugin/workloadattestor/k8s/k8s_posix.go @@ -354,7 +354,7 @@ func configureSigstore(config *k8sConfig, sigstore sigstore.Sigstore) error { for _, imageID := range config.SkippedImages { sigstore.AddSkippedImage(imageID) } - } + } sigstore.EnableAllowSubjectList(config.AllowedSubjectListEnabled) sigstore.ClearAllowedSubjects() if config.AllowedSubjects != nil {