Skip to content

Commit

Permalink
improve verification message and file permissions
Browse files Browse the repository at this point in the history
Signed-off-by: Sanskar Jaiswal <[email protected]>
  • Loading branch information
aryan9600 committed Mar 25, 2022
1 parent 0d66b81 commit 94abac5
Show file tree
Hide file tree
Showing 3 changed files with 11 additions and 11 deletions.
9 changes: 4 additions & 5 deletions controllers/helmchart_controller.go
Original file line number Diff line number Diff line change
Expand Up @@ -1038,13 +1038,11 @@ func observeChartBuild(obj *sourcev1.HelmChart, build *chart.Build, err error) {

if build.VerificationSignature != nil && build.ProvFilePath != "" {
var sigVerMsg strings.Builder
sigVerMsg.WriteString(fmt.Sprintf("chart signed by: '%v'", strings.Join(build.VerificationSignature.Identities[:], ",")))
sigVerMsg.WriteString(fmt.Sprintf(" using key with fingeprint: '%X'", build.VerificationSignature.KeyFingerprint))
sigVerMsg.WriteString(fmt.Sprintf(" and hash verified: '%s'", build.VerificationSignature.FileHash))
sigVerMsg.WriteString(fmt.Sprintf("verified chart hash: '%s'", build.VerificationSignature.FileHash))
sigVerMsg.WriteString(fmt.Sprintf(" signed by: '%s'", build.VerificationSignature.Identity))
sigVerMsg.WriteString(fmt.Sprintf(" with key: '%X'", build.VerificationSignature.KeyFingerprint))

conditions.MarkTrue(obj, sourcev1.SourceVerifiedCondition, sourcev1.ChartVerificationSucceededReason, sigVerMsg.String())
} else {
conditions.Delete(obj, sourcev1.SourceVerifiedCondition)
}

if err != nil {
Expand Down Expand Up @@ -1080,6 +1078,7 @@ func reasonForBuild(build *chart.Build) string {

func (r *HelmChartReconciler) getProvenanceKeyring(ctx context.Context, chart *sourcev1.HelmChart) ([]byte, error) {
if chart.Spec.VerificationKeyring == nil {
conditions.Delete(chart, sourcev1.SourceVerifiedCondition)
return nil, nil
}
name := types.NamespacedName{
Expand Down
8 changes: 4 additions & 4 deletions controllers/helmchart_controller_test.go
Original file line number Diff line number Diff line change
Expand Up @@ -327,10 +327,10 @@ func TestHelmChartReconciler_reconcileStorage(t *testing.T) {
if err := testStorage.MkdirAll(*obj.Status.Artifact); err != nil {
return err
}
if err := testStorage.AtomicWriteFile(obj.Status.Artifact, strings.NewReader(v), 0644); err != nil {
if err := testStorage.AtomicWriteFile(obj.Status.Artifact, strings.NewReader(v), 0o644); err != nil {
return err
}
if err := testStorage.AtomicWriteFile(provArtifact, strings.NewReader(v), 0644); err != nil {
if err := testStorage.AtomicWriteFile(provArtifact, strings.NewReader(v), 0o644); err != nil {
return err
}
}
Expand Down Expand Up @@ -384,7 +384,7 @@ func TestHelmChartReconciler_reconcileStorage(t *testing.T) {
if err := testStorage.MkdirAll(*obj.Status.Artifact); err != nil {
return err
}
if err := testStorage.AtomicWriteFile(obj.Status.Artifact, strings.NewReader("file"), 0644); err != nil {
if err := testStorage.AtomicWriteFile(obj.Status.Artifact, strings.NewReader("file"), 0o644); err != nil {
return err
}
return nil
Expand Down Expand Up @@ -551,7 +551,7 @@ func TestHelmChartReconciler_reconcileSource(t *testing.T) {
g.Expect(obj.Status.ObservedSourceArtifactRevision).To(Equal(gitArtifact.Revision))
g.Expect(obj.Status.Conditions).To(conditions.MatchConditions([]metav1.Condition{
*conditions.TrueCondition(sourcev1.ArtifactOutdatedCondition, "NewChart", "pulled 'helmchart' chart with version '0.1.0'"),
*conditions.TrueCondition(sourcev1.SourceVerifiedCondition, sourcev1.ChartVerificationSucceededReason, "chart signed by: 'TestUser' using key with fingeprint: '943CB5929ECDA2B5B5EC88BC7035BA97D32A87C1' and hash verified: 'sha256:007c7b7446eebcb18caeffe9898a3356ba1795f54df40ad39cfcc7382874a10a'"),
*conditions.TrueCondition(sourcev1.SourceVerifiedCondition, sourcev1.ChartVerificationSucceededReason, "verified chart hash: 'sha256:007c7b7446eebcb18caeffe9898a3356ba1795f54df40ad39cfcc7382874a10a' signed by: 'TestUser' with key: '943CB5929ECDA2B5B5EC88BC7035BA97D32A87C1'"),
}))
},
cleanFunc: func(g *WithT, build *chart.Build) {
Expand Down
5 changes: 3 additions & 2 deletions internal/helm/chart/verify.go
Original file line number Diff line number Diff line change
Expand Up @@ -74,7 +74,7 @@ func provenanceFilePath(path string) string {

// ref: https://github.com/helm/helm/blob/v3.8.0/pkg/action/verify.go#L47-L51
type VerificationSignature struct {
Identities []string
Identity string
KeyFingerprint [20]byte
FileHash string
}
Expand All @@ -84,7 +84,8 @@ func buildVerificationSig(ver *provenance.Verification) *VerificationSignature {
if ver != nil {
if ver.SignedBy != nil {
for name := range ver.SignedBy.Identities {
verSig.Identities = append(verSig.Identities, name)
verSig.Identity = name
break
}
}
verSig.FileHash = ver.FileHash
Expand Down

0 comments on commit 94abac5

Please sign in to comment.