From 03a833df89868b277ad301f2f7266ffd9006fe47 Mon Sep 17 00:00:00 2001 From: naveensrinivasan <172697+naveensrinivasan@users.noreply.github.com> Date: Thu, 26 Oct 2023 15:52:15 -0500 Subject: [PATCH] Fixed review comments Signed-off-by: naveensrinivasan <172697+naveensrinivasan@users.noreply.github.com> --- attestation/github/github.go | 15 +++++++------- attestation/github/github_test.go | 34 +------------------------------ 2 files changed, 8 insertions(+), 41 deletions(-) diff --git a/attestation/github/github.go b/attestation/github/github.go index cf0298f6..fad1b093 100644 --- a/attestation/github/github.go +++ b/attestation/github/github.go @@ -25,7 +25,6 @@ import ( "os" "strings" - "github.com/davecgh/go-spew/spew" "github.com/testifysec/go-witness/attestation" "github.com/testifysec/go-witness/attestation/jwt" "github.com/testifysec/go-witness/cryptoutil" @@ -117,16 +116,16 @@ func (a *Attestor) Attest(ctx *attestation.AttestationContext) error { jwtString, err := fetchToken(a.tokenURL, os.Getenv("ACTIONS_ID_TOKEN_REQUEST_TOKEN"), "witness") if err != nil { - return fmt.Errorf("error on fething token %w", err) + return fmt.Errorf("error on fetching token %w", err) } - spew.Dump(jwtString) + if jwtString == "" { + return fmt.Errorf("empty JWT string") + } - if jwtString != "" { - a.JWT = jwt.New(jwt.WithToken(jwtString), jwt.WithJWKSUrl(a.jwksURL)) - if err := a.JWT.Attest(ctx); err != nil { - return fmt.Errorf("error on attesting jwt %w", err) - } + a.JWT = jwt.New(jwt.WithToken(jwtString), jwt.WithJWKSUrl(a.jwksURL)) + if err := a.JWT.Attest(ctx); err != nil { + return fmt.Errorf("failed to attest github jwt: %w", err) } a.CIServerUrl = os.Getenv("GITHUB_SERVER_URL") diff --git a/attestation/github/github_test.go b/attestation/github/github_test.go index a09ee3c5..d2ac0e8f 100644 --- a/attestation/github/github_test.go +++ b/attestation/github/github_test.go @@ -22,7 +22,6 @@ import ( "testing" "github.com/stretchr/testify/assert" - "github.com/testifysec/go-witness/attestation" ) func createMockServer() *httptest.Server { @@ -40,18 +39,6 @@ func createMockServer() *httptest.Server { })) } -func createTokenServer() *httptest.Server { - return httptest.NewServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) { - if r.URL.Path == "/valid" && r.Header.Get("Authorization") == "bearer validBearer" { - w.Write([]byte(`{"protected": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9", - "payload": "eyJzdWIiOiIxMjM0NTY3ODkwIiwibmFtZSI6IkpvaG4gRG9lIiwiaWF0IjoxNTE2MjM5MDIyfQ", - "signature": "SflKxwRJSMeKKF2QT4fwpMeJf36POk6yJV_adQssw5c"}`)) - } else { - http.Error(w, "Unauthorized", http.StatusUnauthorized) - } - })) -} - func TestFetchToken(t *testing.T) { testCases := []struct { name string @@ -111,27 +98,8 @@ func TestFetchToken(t *testing.T) { } } -func TestAttestorAttest(t *testing.T) { - tokenServer := createTokenServer() - defer tokenServer.Close() - t.Setenv("GITHUB_ACTIONS", "true") - t.Setenv("ACTIONS_ID_TOKEN_REQUEST_URL", tokenServer.URL+"/valid") - t.Setenv("ACTIONS_ID_TOKEN_REQUEST_TOKEN", "validBearer") - - attestor := &Attestor{ - aud: tokenAudience, - jwksURL: tokenServer.URL, - tokenURL: os.Getenv("ACTIONS_ID_TOKEN_REQUEST_URL"), - } - - ctx := &attestation.AttestationContext{} - - err := attestor.Attest(ctx) - assert.NoError(t, err) -} - func TestSubjects(t *testing.T) { - tokenServer := createTokenServer() + tokenServer := createMockServer() defer tokenServer.Close() attestor := &Attestor{ aud: "projecturl",