Remove notation validation to avoid panics
Signed-off-by: Stefan Prodan <stefan.prodan@gmail.com>
This commit is contained in:
Stefan Prodan
@@ -18,19 +18,18 @@ package main
|
||||
|
||||
import (
|
||||
"context"
|
||||
"encoding/json"
|
||||
"errors"
|
||||
"fmt"
|
||||
"os"
|
||||
"path/filepath"
|
||||
"strings"
|
||||
|
||||
"github.com/fluxcd/flux2/v2/internal/utils"
|
||||
"github.com/fluxcd/flux2/v2/pkg/manifestgen/sourcesecret"
|
||||
"github.com/notaryproject/notation-go/verifier/trustpolicy"
|
||||
"github.com/spf13/cobra"
|
||||
corev1 "k8s.io/api/core/v1"
|
||||
"sigs.k8s.io/yaml"
|
||||
|
||||
"github.com/fluxcd/flux2/v2/internal/utils"
|
||||
"github.com/fluxcd/flux2/v2/pkg/manifestgen/sourcesecret"
|
||||
)
|
||||
|
||||
var createSecretNotationCmd = &cobra.Command{
|
||||
@@ -89,16 +88,6 @@ func createSecretNotationCmdRun(cmd *cobra.Command, args []string) error {
|
||||
return fmt.Errorf("unable to read trust policy file: %w", err)
|
||||
}
|
||||
|
||||
var doc trustpolicy.Document
|
||||
|
||||
if err := json.Unmarshal(policy, &doc); err != nil {
|
||||
return fmt.Errorf("failed to unmarshal trust policy %s: %w", secretNotationArgs.trustPolicyFile, err)
|
||||
}
|
||||
|
||||
if err := doc.Validate(); err != nil {
|
||||
return fmt.Errorf("invalid trust policy: %w", err)
|
||||
}
|
||||
|
||||
var (
|
||||
caCerts []sourcesecret.VerificationCrt
|
||||
fileErr error
|
||||
|
||||
@@ -24,10 +24,8 @@ import (
|
||||
)
|
||||
|
||||
const (
|
||||
trustPolicy = "./testdata/create_secret/notation/test-trust-policy.json"
|
||||
invalidTrustPolicy = "./testdata/create_secret/notation/invalid-trust-policy.json"
|
||||
invalidJson = "./testdata/create_secret/notation/invalid.json"
|
||||
testCertFolder = "./testdata/create_secret/notation"
|
||||
trustPolicy = "./testdata/create_secret/notation/test-trust-policy.json"
|
||||
testCertFolder = "./testdata/create_secret/notation"
|
||||
)
|
||||
|
||||
func TestCreateNotationSecret(t *testing.T) {
|
||||
@@ -81,16 +79,6 @@ func TestCreateNotationSecret(t *testing.T) {
|
||||
args: fmt.Sprintf("create secret notation notation-config --ca-cert-file=%s --trust-policy-file=%s", invalidCert.Name(), trustPolicy),
|
||||
assert: assertError("ca.p12 must end with either .crt or .pem"),
|
||||
},
|
||||
{
|
||||
name: "invalid trust policy",
|
||||
args: fmt.Sprintf("create secret notation notation-config --ca-cert-file=%s --trust-policy-file=%s", t.TempDir(), invalidTrustPolicy),
|
||||
assert: assertError("invalid trust policy: a trust policy statement is missing a name, every statement requires a name"),
|
||||
},
|
||||
{
|
||||
name: "invalid trust policy json",
|
||||
args: fmt.Sprintf("create secret notation notation-config --ca-cert-file=%s --trust-policy-file=%s", t.TempDir(), invalidJson),
|
||||
assert: assertError(fmt.Sprintf("failed to unmarshal trust policy %s: json: cannot unmarshal string into Go value of type trustpolicy.Document", invalidJson)),
|
||||
},
|
||||
{
|
||||
name: "crt secret",
|
||||
args: fmt.Sprintf("create secret notation notation-config --ca-cert-file=%s --trust-policy-file=%s --namespace=my-namespace --export", crt.Name(), trustPolicy),
|
||||
|
||||
@@ -1,4 +0,0 @@
|
||||
{
|
||||
"version": "1.0",
|
||||
"trustPolicies": [{}]
|
||||
}
|
||||
@@ -1 +0,0 @@
|
||||
""
|
||||
Reference in New Issue
Block a user