KMS Support #1
Draft
KMS Support #1
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Signed-off-by: chaosinthecrd <[email protected]>
Signed-off-by: chaosinthecrd <[email protected]>
Signed-off-by: chaosinthecrd <[email protected]>
Signed-off-by: chaosinthecrd <[email protected]>
Signed-off-by: chaosinthecrd <[email protected]>
- needs cleanup and testing Signed-off-by: chaosinthecrd <[email protected]>
…verifying policy (in-toto#124) * fixing a couple of things * renamed fields and added intermediates for verify --------- Signed-off-by: chaosinthecrd <[email protected]>
* Included Tests for memory.go LoadEnvelope - Included tests for LoadEnvelope Signed-off-by: neilnaveen <[email protected]> * Fixed Lint Issues - Fixed lint issues - Renamed test function to TestLoadEnvelope Signed-off-by: neilnaveen <[email protected]> * Included Test for Search Function - Included test for search function - Cleaned up test for LoadEnvelope Signed-off-by: neilnaveen <[email protected]> * Apply suggestions from code review Signed-off-by: Tom Meadows <[email protected]> * Apply suggestions from code review Signed-off-by: Tom Meadows <[email protected]> * Apply suggestions from code review Signed-off-by: Tom Meadows <[email protected]> --------- Signed-off-by: neilnaveen <[email protected]> Signed-off-by: Tom Meadows <[email protected]> Co-authored-by: Tom Meadows <[email protected]>
* Included tests for GitHub attestations - Included tests for GitHub attestations and some simple clean up. Signed-off-by: naveensrinivasan <[email protected]> * Fixed review comments Signed-off-by: naveensrinivasan <[email protected]> --------- Signed-off-by: naveensrinivasan <[email protected]> Signed-off-by: Tom Meadows <[email protected]> Co-authored-by: Tom Meadows <[email protected]>
…to#133) Bumps [github.com/spiffe/go-spiffe/v2](https://github.com/spiffe/go-spiffe) from 2.1.6 to 2.1.7. - [Release notes](https://github.com/spiffe/go-spiffe/releases) - [Changelog](https://github.com/spiffe/go-spiffe/blob/main/CHANGELOG.md) - [Commits](spiffe/go-spiffe@v2.1.6...v2.1.7) --- updated-dependencies: - dependency-name: github.com/spiffe/go-spiffe/v2 dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Bumps [k8s.io/apimachinery](https://github.com/kubernetes/apimachinery) from 0.26.12 to 0.26.13. - [Commits](kubernetes/apimachinery@v0.26.12...v0.26.13) --- updated-dependencies: - dependency-name: k8s.io/apimachinery dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Bumps [actions/upload-artifact](https://github.com/actions/upload-artifact) from 4.1.0 to 4.2.0. - [Release notes](https://github.com/actions/upload-artifact/releases) - [Commits](actions/upload-artifact@1eb3cb2...694cdab) --- updated-dependencies: - dependency-name: actions/upload-artifact dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Bumps [github/codeql-action](https://github.com/github/codeql-action) from 3.23.0 to 3.23.1. - [Release notes](https://github.com/github/codeql-action/releases) - [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md) - [Commits](github/codeql-action@e5f05b8...0b21cf2) --- updated-dependencies: - dependency-name: github/codeql-action dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
…toto#137) Bumps [actions/dependency-review-action](https://github.com/actions/dependency-review-action) from 3.1.5 to 4.0.0. - [Release notes](https://github.com/actions/dependency-review-action/releases) - [Commits](actions/dependency-review-action@c74b580...4901385) --- updated-dependencies: - dependency-name: actions/dependency-review-action dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
…#132) * moving the timestamper interfaces to the timestamp directory Signed-off-by: chaosinthecrd <[email protected]> * adding license headers Signed-off-by: chaosinthecrd <[email protected]> --------- Signed-off-by: chaosinthecrd <[email protected]>
Signed-off-by: chaosinthecrd <[email protected]>
Signed-off-by: chaosinthecrd <[email protected]>
Signed-off-by: chaosinthecrd <[email protected]>
Signed-off-by: chaosinthecrd <[email protected]>
- Add support for querying multiple sources concurrently - Return the combined results from all sources - If any errors occur, return the first error and discard the results [source/multi.go] - Add `sync.WaitGroup` for waiting on all source queries to finish - Add `errs` and `resChan` channels for collecting errors and results from sources - Add goroutines for querying sources, collecting errors, and collecting results - If any errors occurred, return the first error and discard the results - Return the combined results from all sources Signed-off-by: naveensrinivasan <[email protected]> Co-authored-by: Tom Meadows <[email protected]>
adding policy ints option Signed-off-by: chaosinthecrd <[email protected]>
Signed-off-by: chaosinthecrd <[email protected]>
Signed-off-by: chaosinthecrd <[email protected]>
Signed-off-by: chaosinthecrd <[email protected]>
…n-toto#139) When the functionality to calculate gitoids was added, there was a bit of tech debt incurred since they didn't implement hash.Hash. This remedies this with an admitedly hacky implementation of hash.Hash that wraps the gitoid code. This also standardizes our cryptoutil fucntions around the DigestValue struct that was added around this time to differentiate between gitoids and regular hash functions. Signed-off-by: Mikhail Swift <[email protected]>
fixing error in workflow Signed-off-by: chaosinthecrd <[email protected]>
* improving run attestors Signed-off-by: chaosinthecrd <[email protected]> * finalising changes. Signed-off-by: chaosinthecrd <[email protected]> * improving run attestors Signed-off-by: chaosinthecrd <[email protected]> * finalising changes. Signed-off-by: chaosinthecrd <[email protected]> * addressing review, restoring run type order Signed-off-by: chaosinthecrd <[email protected]> * updating error handling logic Signed-off-by: chaosinthecrd <[email protected]> * updating to go 1.21 for errors.Join Signed-off-by: chaosinthecrd <[email protected]> --------- Signed-off-by: chaosinthecrd <[email protected]> Signed-off-by: Tom Meadows <[email protected]>
adding workaround due to failing workflows Signed-off-by: chaosinthecrd <[email protected]>
* adding logic so policy signature can be checked against constraints * threaded options into policy validation functionary --------- Signed-off-by: chaosinthecrd <[email protected]> Signed-off-by: John Kjell <[email protected]> Co-authored-by: John Kjell <[email protected]>
Signed-off-by: StepSecurity Bot <[email protected]>
Signed-off-by: chaosinthecrd <[email protected]>
Signed-off-by: chaosinthecrd <[email protected]>
Signed-off-by: chaosinthecrd <[email protected]>
Signed-off-by: chaosinthecrd <[email protected]>
Signed-off-by: John Kjell <[email protected]>
Signed-off-by: John Kjell <[email protected]>
Signed-off-by: chaosinthecrd <[email protected]>
Bumps [github/codeql-action](https://github.com/github/codeql-action) from 3.23.2 to 3.24.0. - [Release notes](https://github.com/github/codeql-action/releases) - [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md) - [Commits](github/codeql-action@b7bf0a3...e8893c5) --- updated-dependencies: - dependency-name: github/codeql-action dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Signed-off-by: chaosinthecrd <[email protected]>
…o#155) Bumps [golangci/golangci-lint-action](https://github.com/golangci/golangci-lint-action) from 3.7.0 to 4.0.0. - [Release notes](https://github.com/golangci/golangci-lint-action/releases) - [Commits](golangci/golangci-lint-action@3a91952...3cfe3a4) --- updated-dependencies: - dependency-name: golangci/golangci-lint-action dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Bumps [actions/upload-artifact](https://github.com/actions/upload-artifact) from 4.3.0 to 4.3.1. - [Release notes](https://github.com/actions/upload-artifact/releases) - [Commits](actions/upload-artifact@26f96df...5d5d22a) --- updated-dependencies: - dependency-name: actions/upload-artifact dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Tom Meadows <[email protected]>
) Bumps [step-security/harden-runner](https://github.com/step-security/harden-runner) from 2.6.1 to 2.7.0. - [Release notes](https://github.com/step-security/harden-runner/releases) - [Commits](step-security/harden-runner@eb238b5...63c24ba) --- updated-dependencies: - dependency-name: step-security/harden-runner dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Tom Meadows <[email protected]>
Bumps [actions/checkout](https://github.com/actions/checkout) from 3.6.0 to 4.1.1. - [Release notes](https://github.com/actions/checkout/releases) - [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md) - [Commits](actions/checkout@v3.6.0...b4ffde6) --- updated-dependencies: - dependency-name: actions/checkout dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Tom Meadows <[email protected]>
Signed-off-by: Mikhail Swift <[email protected]>
Signed-off-by: chaosinthecrd <[email protected]>
Signed-off-by: chaosinthecrd <[email protected]>
Signed-off-by: chaosinthecrd <[email protected]>
Signed-off-by: chaosinthecrd <[email protected]>
ChaosInTheCRD
added a commit
that referenced
this pull request
Feb 28, 2024
* first pass for implementing kms support Signed-off-by: chaosinthecrd <[email protected]> * saving progress on hashtype flag for kms signer Signed-off-by: chaosinthecrd <[email protected]> * saving kms progress for verifier Signed-off-by: chaosinthecrd <[email protected]> * updating go mod Signed-off-by: chaosinthecrd <[email protected]> * saving progrsss Signed-off-by: chaosinthecrd <[email protected]> * review of AWS KMS signer and adding scrappy implementation of GCP Signer - needs cleanup and testing Signed-off-by: chaosinthecrd <[email protected]> * adding tests and some other changes Signed-off-by: chaosinthecrd <[email protected]> * fixing license headers Signed-off-by: chaosinthecrd <[email protected]> * fixing header Signed-off-by: chaosinthecrd <[email protected]> * small refactor Signed-off-by: chaosinthecrd <[email protected]> * adding hashicorp vault kms signer Signed-off-by: chaosinthecrd <[email protected]> * small fixes Signed-off-by: chaosinthecrd <[email protected]> * adding unfinished fake kms client Signed-off-by: chaosinthecrd <[email protected]> * completing fake client for gcp Signed-off-by: chaosinthecrd <[email protected]> * adding signer test for gcp Signed-off-by: chaosinthecrd <[email protected]> * fixing local verification and adding support for PKCS #1 v1.5 Signed-off-by: chaosinthecrd <[email protected]> * the nested module isn't needed here Signed-off-by: chaosinthecrd <[email protected]> * adding implementation for kms provider options Signed-off-by: chaosinthecrd <[email protected]> * removing hashivault kms for now (not finished) Signed-off-by: chaosinthecrd <[email protected]> * Resolve linter errors Signed-off-by: John Kjell <[email protected]> * Remove unused function Signed-off-by: John Kjell <[email protected]> * added all the obvious options for aws and gcp kms Signed-off-by: chaosinthecrd <[email protected]> * fixing some linting errors Signed-off-by: chaosinthecrd <[email protected]> * some refactors made in the quest of folding out a bug Signed-off-by: chaosinthecrd <[email protected]> * making final changes for PR Signed-off-by: chaosinthecrd <[email protected]> * added public key to parse function Signed-off-by: chaosinthecrd <[email protected]> * removing them again haha Signed-off-by: chaosinthecrd <[email protected]> --------- Signed-off-by: chaosinthecrd <[email protected]> Signed-off-by: John Kjell <[email protected]> Co-authored-by: John Kjell <[email protected]>
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Opening a Draft PR here as an easy way of seeing the diff