-
Notifications
You must be signed in to change notification settings - Fork 1.8k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[TEP-0091] add KMS libraries #5890
Conversation
Skipping CI for Draft Pull Request. |
07ef5dd
to
5fd5e98
Compare
tracking issue: #5527 |
/retest |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
/lgtm
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
/lgtm
_ "github.com/sigstore/sigstore/pkg/signature/kms/aws" // pull in aws kms libraries | ||
_ "github.com/sigstore/sigstore/pkg/signature/kms/azure" // pull in azure kms libraries | ||
_ "github.com/sigstore/sigstore/pkg/signature/kms/gcp" // pull in gcp kms libraries | ||
_ "github.com/sigstore/sigstore/pkg/signature/kms/hashivault" // pull in hashivault kms libraries |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
are these blank identifiers here for now because the packages are not yet used? if so, why not import the packages in the PR where they are actually used?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
(I am usually not a fan of that approach, but oh well, sometimes there is no other way around 🙃 )
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Thank you so much!! @vdemeester.
Sorry I was ooo before and not able to answer this comment. @jerop
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
The comments here aren't very informative, consider removing them or including a one-line comment that we need to execute these packages' init functions for xyz reasons.
5fd5e98
to
b6a5918
Compare
/approve |
[APPROVALNOTIFIER] This PR is APPROVED This pull-request has been approved by: chuangw6, dibyom The full list of commands accepted by this bot can be found here. The pull request process is described here
Needs approval from an approver in each of these files:
Approvers can indicate their approval by writing |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Note to reviewers: This new dependency is covered under the flexibility section of TEP-0091.
_ "github.com/sigstore/sigstore/pkg/signature/kms/aws" // pull in aws kms libraries | ||
_ "github.com/sigstore/sigstore/pkg/signature/kms/azure" // pull in azure kms libraries | ||
_ "github.com/sigstore/sigstore/pkg/signature/kms/gcp" // pull in gcp kms libraries | ||
_ "github.com/sigstore/sigstore/pkg/signature/kms/hashivault" // pull in hashivault kms libraries |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
The comments here aren't very informative, consider removing them or including a one-line comment that we need to execute these packages' init functions for xyz reasons.
This commit adds kms libraries into trusted resources verifier package, so that we could use kms for verification. Before this commit we only supports loading keys from files. Signed-off-by: Yongxuan Zhang yongxuanzhang@google.com
b6a5918
to
73e3289
Compare
Thanks! We need to have comment for each line, so I changed the comments as you suggested |
/lgtm |
Changes
This commit adds kms libraries into trusted resources verifier package, so that we could use kms for verification. Before this commit we only supports loading keys from files.
This is similar to what we have done in Chains
/kind feature
Signed-off-by: Yongxuan Zhang yongxuanzhang@google.com
Submitter Checklist
As the author of this PR, please check off the items in this checklist:
functionality, content, code)
/kind <type>
. Valid types are bug, cleanup, design, documentation, feature, flake, misc, question, tepRelease Notes