Skip to content
Permalink

Comparing changes

This is a direct comparison between two commits made in this repository or its related repositories. View the default comparison for this range or learn more about diff comparisons.

Open a pull request

Create a new pull request by comparing changes across two branches. If you need to, you can also . Learn more about diff comparisons here.
base repository: securesign/secure-sign-operator
Failed to load repositories. Confirm that selected base ref is valid, then try again.
Loading
base: 77ab1ced1231e7d4cd3a7c5778a155ad865e0e55
Choose a base ref
..
head repository: securesign/secure-sign-operator
Failed to load repositories. Confirm that selected head ref is valid, then try again.
Loading
compare: 12191556659588f8f6e149afd564bb479d74eb3f
Choose a head ref
Showing with 718 additions and 155 deletions.
  1. +3 −0 .golangci.yml
  2. +8 −8 .tekton/rhtas-operator-bundle-pull-request.yaml
  3. +8 −8 .tekton/rhtas-operator-bundle-push.yaml
  4. +8 −8 .tekton/rhtas-operator-pull-request.yaml
  5. +8 −8 .tekton/rhtas-operator-push.yaml
  6. +1 −1 Makefile
  7. +6 −0 api/v1alpha1/common.go
  8. +6 −0 api/v1alpha1/ctlog_types.go
  9. +1 −0 api/v1alpha1/fulcio_types.go
  10. +28 −2 api/v1alpha1/fulcio_types_test.go
  11. +5 −0 api/v1alpha1/zz_generated.deepcopy.go
  12. +3 −3 bundle/manifests/rhtas-operator.clusterserviceversion.yaml
  13. +15 −0 bundle/manifests/rhtas.redhat.com_ctlogs.yaml
  14. +9 −0 bundle/manifests/rhtas.redhat.com_fulcios.yaml
  15. +24 −0 bundle/manifests/rhtas.redhat.com_securesigns.yaml
  16. +7 −13 ci/dev-images.sed
  17. +15 −0 config/crd/bases/rhtas.redhat.com_ctlogs.yaml
  18. +9 −0 config/crd/bases/rhtas.redhat.com_fulcios.yaml
  19. +24 −0 config/crd/bases/rhtas.redhat.com_securesigns.yaml
  20. +14 −13 internal/controller/constants/images.go
  21. +4 −0 internal/controller/ctlog/actions/constants.go
  22. +35 −17 internal/controller/ctlog/actions/{serverConfig.go → server_config.go}
  23. +320 −0 internal/controller/ctlog/actions/server_config_test.go
  24. +13 −0 internal/controller/ctlog/actions/testdata/cert.pem
  25. +5 −0 internal/controller/ctlog/actions/testdata/private_key.pem
  26. +4 −0 internal/controller/ctlog/actions/testdata/public_key.pem
  27. +1 −0 internal/controller/ctlog/utils/errors.go
  28. +1 −0 internal/controller/fulcio/utils/errors.go
  29. +3 −1 internal/controller/fulcio/utils/fulcio_deployment.go
  30. +67 −0 internal/controller/fulcio/utils/fulcio_deployment_test.go
  31. +3 −8 test/e2e/byodb_test.go
  32. +3 −3 test/e2e/cli_server_test.go
  33. +4 −7 test/e2e/common_install_test.go
  34. +8 −10 test/e2e/config_update_test.go
  35. +6 −12 test/e2e/key_autodiscovery_test.go
  36. +10 −10 test/e2e/provided_certs_test.go
  37. +9 −0 test/e2e/support/common.go
  38. +20 −23 test/e2e/upgrade_test.go
3 changes: 3 additions & 0 deletions .golangci.yml
View file
Original file line number Diff line number Diff line change
@@ -1,6 +1,9 @@
run:
deadline: 5m
allow-parallel-runners: true
build-tags:
- integration
- upgrade

issues:
# don't skip warning about doc comments
16 changes: 8 additions & 8 deletions .tekton/rhtas-operator-bundle-pull-request.yaml
View file
Original file line number Diff line number Diff line change
@@ -46,7 +46,7 @@ spec:
- name: name
value: show-sbom
- name: bundle
value: quay.io/redhat-appstudio-tekton-catalog/task-show-sbom:0.1@sha256:3ea2255c6ad2dd1074de45227deab51b69dba57901f44dbca80fe1c57646b107
value: quay.io/redhat-appstudio-tekton-catalog/task-show-sbom:0.1@sha256:8e0f8cad75e6f674d72a874385b69c4651afc0c9dcc59feffe0d85844687d852
- name: kind
value: task
resolver: bundles
@@ -190,7 +190,7 @@ spec:
- name: name
value: prefetch-dependencies
- name: bundle
value: quay.io/redhat-appstudio-tekton-catalog/task-prefetch-dependencies:0.1@sha256:610ba9e81465fdc5456ed2846503c6cb6f38413d1211e5c63ba152fd1ff2c3ee
value: quay.io/redhat-appstudio-tekton-catalog/task-prefetch-dependencies:0.1@sha256:492db3ca0bf5c44b67a38ba937de645a5282be2cb447dc30d0227424ca3c736f
- name: kind
value: task
resolver: bundles
@@ -225,7 +225,7 @@ spec:
- name: name
value: buildah
- name: bundle
value: quay.io/redhat-appstudio-tekton-catalog/task-buildah:0.2@sha256:a4abd67493676e3b68d3088cd48358cb7c7fa47903e990d6662b6e8c49697b8b
value: quay.io/redhat-appstudio-tekton-catalog/task-buildah:0.2@sha256:20cdb35358caec75325be04df377443ac1ba91eceece8c0a436a3558ab2959cb
- name: kind
value: task
resolver: bundles
@@ -277,7 +277,7 @@ spec:
- name: name
value: deprecated-image-check
- name: bundle
value: quay.io/redhat-appstudio-tekton-catalog/task-deprecated-image-check:0.4@sha256:3f956e0cd9b0a183e4fd95e010aa668a788ef564d3af1f7aecaaf6e2ccc2ce93
value: quay.io/redhat-appstudio-tekton-catalog/task-deprecated-image-check:0.4@sha256:6c389c2f670975cc0dfdd07dcb33142b1668bbfd46f6af520dd0ab736c56e7e9
- name: kind
value: task
resolver: bundles
@@ -299,7 +299,7 @@ spec:
- name: name
value: clair-scan
- name: bundle
value: quay.io/redhat-appstudio-tekton-catalog/task-clair-scan:0.1@sha256:3d9d05162d5807cde4431e80f0f126f4c19994c0c1633629a62ece9a43b966cd
value: quay.io/redhat-appstudio-tekton-catalog/task-clair-scan:0.1@sha256:a1bbc7354d8dc8fef41caca236bde682fc6a9230065a5537f1dc1ca4f1e39e83
- name: kind
value: task
resolver: bundles
@@ -316,7 +316,7 @@ spec:
- name: name
value: sast-snyk-check
- name: bundle
value: quay.io/redhat-appstudio-tekton-catalog/task-sast-snyk-check:0.1@sha256:e6acf744313561b376b44724e81188f354b84cf3b0b3875e75efe7e0209637a2
value: quay.io/redhat-appstudio-tekton-catalog/task-sast-snyk-check:0.1@sha256:1ef6a3ab9c4ba9e735c6924008714ef2a873597837be9d4d927522d5d733bd07
- name: kind
value: task
resolver: bundles
@@ -360,7 +360,7 @@ spec:
- name: name
value: clamav-scan
- name: bundle
value: quay.io/konflux-ci/tekton-catalog/task-clamav-scan:0.1@sha256:a5742024c2755d3636110aea0b86d298660bb8b7708894674baec16bb90b7106
value: quay.io/konflux-ci/tekton-catalog/task-clamav-scan:0.1@sha256:4cb5750b01759a4f3d02bb8c6869e80dcde7bd4c7f5c0a68dd18e57ea2ac676f
- name: kind
value: task
resolver: bundles
@@ -382,7 +382,7 @@ spec:
- name: name
value: sbom-json-check
- name: bundle
value: quay.io/redhat-appstudio-tekton-catalog/task-sbom-json-check:0.1@sha256:d34362be8843715b1bcdaf55fcbf1be315094e0dc840562c5cec22716a37a1fe
value: quay.io/redhat-appstudio-tekton-catalog/task-sbom-json-check:0.1@sha256:501181e78ec76a0a9083ffc275f5307ba5653a762259412bcffaeb314f13f8ec
- name: kind
value: task
resolver: bundles
16 changes: 8 additions & 8 deletions .tekton/rhtas-operator-bundle-push.yaml
View file
Original file line number Diff line number Diff line change
@@ -44,7 +44,7 @@ spec:
- name: name
value: show-sbom
- name: bundle
value: quay.io/redhat-appstudio-tekton-catalog/task-show-sbom:0.1@sha256:3ea2255c6ad2dd1074de45227deab51b69dba57901f44dbca80fe1c57646b107
value: quay.io/redhat-appstudio-tekton-catalog/task-show-sbom:0.1@sha256:8e0f8cad75e6f674d72a874385b69c4651afc0c9dcc59feffe0d85844687d852
- name: kind
value: task
resolver: bundles
@@ -188,7 +188,7 @@ spec:
- name: name
value: prefetch-dependencies
- name: bundle
value: quay.io/redhat-appstudio-tekton-catalog/task-prefetch-dependencies:0.1@sha256:610ba9e81465fdc5456ed2846503c6cb6f38413d1211e5c63ba152fd1ff2c3ee
value: quay.io/redhat-appstudio-tekton-catalog/task-prefetch-dependencies:0.1@sha256:492db3ca0bf5c44b67a38ba937de645a5282be2cb447dc30d0227424ca3c736f
- name: kind
value: task
resolver: bundles
@@ -223,7 +223,7 @@ spec:
- name: name
value: buildah
- name: bundle
value: quay.io/redhat-appstudio-tekton-catalog/task-buildah:0.2@sha256:a4abd67493676e3b68d3088cd48358cb7c7fa47903e990d6662b6e8c49697b8b
value: quay.io/redhat-appstudio-tekton-catalog/task-buildah:0.2@sha256:20cdb35358caec75325be04df377443ac1ba91eceece8c0a436a3558ab2959cb
- name: kind
value: task
resolver: bundles
@@ -275,7 +275,7 @@ spec:
- name: name
value: deprecated-image-check
- name: bundle
value: quay.io/redhat-appstudio-tekton-catalog/task-deprecated-image-check:0.4@sha256:3f956e0cd9b0a183e4fd95e010aa668a788ef564d3af1f7aecaaf6e2ccc2ce93
value: quay.io/redhat-appstudio-tekton-catalog/task-deprecated-image-check:0.4@sha256:6c389c2f670975cc0dfdd07dcb33142b1668bbfd46f6af520dd0ab736c56e7e9
- name: kind
value: task
resolver: bundles
@@ -297,7 +297,7 @@ spec:
- name: name
value: clair-scan
- name: bundle
value: quay.io/redhat-appstudio-tekton-catalog/task-clair-scan:0.1@sha256:3d9d05162d5807cde4431e80f0f126f4c19994c0c1633629a62ece9a43b966cd
value: quay.io/redhat-appstudio-tekton-catalog/task-clair-scan:0.1@sha256:a1bbc7354d8dc8fef41caca236bde682fc6a9230065a5537f1dc1ca4f1e39e83
- name: kind
value: task
resolver: bundles
@@ -314,7 +314,7 @@ spec:
- name: name
value: sast-snyk-check
- name: bundle
value: quay.io/redhat-appstudio-tekton-catalog/task-sast-snyk-check:0.1@sha256:e6acf744313561b376b44724e81188f354b84cf3b0b3875e75efe7e0209637a2
value: quay.io/redhat-appstudio-tekton-catalog/task-sast-snyk-check:0.1@sha256:1ef6a3ab9c4ba9e735c6924008714ef2a873597837be9d4d927522d5d733bd07
- name: kind
value: task
resolver: bundles
@@ -358,7 +358,7 @@ spec:
- name: name
value: clamav-scan
- name: bundle
value: quay.io/konflux-ci/tekton-catalog/task-clamav-scan:0.1@sha256:a5742024c2755d3636110aea0b86d298660bb8b7708894674baec16bb90b7106
value: quay.io/konflux-ci/tekton-catalog/task-clamav-scan:0.1@sha256:4cb5750b01759a4f3d02bb8c6869e80dcde7bd4c7f5c0a68dd18e57ea2ac676f
- name: kind
value: task
resolver: bundles
@@ -380,7 +380,7 @@ spec:
- name: name
value: sbom-json-check
- name: bundle
value: quay.io/redhat-appstudio-tekton-catalog/task-sbom-json-check:0.1@sha256:d34362be8843715b1bcdaf55fcbf1be315094e0dc840562c5cec22716a37a1fe
value: quay.io/redhat-appstudio-tekton-catalog/task-sbom-json-check:0.1@sha256:501181e78ec76a0a9083ffc275f5307ba5653a762259412bcffaeb314f13f8ec
- name: kind
value: task
resolver: bundles
16 changes: 8 additions & 8 deletions .tekton/rhtas-operator-pull-request.yaml
View file
Original file line number Diff line number Diff line change
@@ -47,7 +47,7 @@ spec:
- name: name
value: show-sbom
- name: bundle
value: quay.io/redhat-appstudio-tekton-catalog/task-show-sbom:0.1@sha256:3ea2255c6ad2dd1074de45227deab51b69dba57901f44dbca80fe1c57646b107
value: quay.io/redhat-appstudio-tekton-catalog/task-show-sbom:0.1@sha256:8e0f8cad75e6f674d72a874385b69c4651afc0c9dcc59feffe0d85844687d852
- name: kind
value: task
resolver: bundles
@@ -191,7 +191,7 @@ spec:
- name: name
value: prefetch-dependencies
- name: bundle
value: quay.io/redhat-appstudio-tekton-catalog/task-prefetch-dependencies:0.1@sha256:610ba9e81465fdc5456ed2846503c6cb6f38413d1211e5c63ba152fd1ff2c3ee
value: quay.io/redhat-appstudio-tekton-catalog/task-prefetch-dependencies:0.1@sha256:492db3ca0bf5c44b67a38ba937de645a5282be2cb447dc30d0227424ca3c736f
- name: kind
value: task
resolver: bundles
@@ -226,7 +226,7 @@ spec:
- name: name
value: buildah
- name: bundle
value: quay.io/redhat-appstudio-tekton-catalog/task-buildah:0.2@sha256:a4abd67493676e3b68d3088cd48358cb7c7fa47903e990d6662b6e8c49697b8b
value: quay.io/redhat-appstudio-tekton-catalog/task-buildah:0.2@sha256:20cdb35358caec75325be04df377443ac1ba91eceece8c0a436a3558ab2959cb
- name: kind
value: task
resolver: bundles
@@ -278,7 +278,7 @@ spec:
- name: name
value: deprecated-image-check
- name: bundle
value: quay.io/redhat-appstudio-tekton-catalog/task-deprecated-image-check:0.4@sha256:3f956e0cd9b0a183e4fd95e010aa668a788ef564d3af1f7aecaaf6e2ccc2ce93
value: quay.io/redhat-appstudio-tekton-catalog/task-deprecated-image-check:0.4@sha256:6c389c2f670975cc0dfdd07dcb33142b1668bbfd46f6af520dd0ab736c56e7e9
- name: kind
value: task
resolver: bundles
@@ -300,7 +300,7 @@ spec:
- name: name
value: clair-scan
- name: bundle
value: quay.io/redhat-appstudio-tekton-catalog/task-clair-scan:0.1@sha256:3d9d05162d5807cde4431e80f0f126f4c19994c0c1633629a62ece9a43b966cd
value: quay.io/redhat-appstudio-tekton-catalog/task-clair-scan:0.1@sha256:a1bbc7354d8dc8fef41caca236bde682fc6a9230065a5537f1dc1ca4f1e39e83
- name: kind
value: task
resolver: bundles
@@ -317,7 +317,7 @@ spec:
- name: name
value: sast-snyk-check
- name: bundle
value: quay.io/redhat-appstudio-tekton-catalog/task-sast-snyk-check:0.1@sha256:e6acf744313561b376b44724e81188f354b84cf3b0b3875e75efe7e0209637a2
value: quay.io/redhat-appstudio-tekton-catalog/task-sast-snyk-check:0.1@sha256:1ef6a3ab9c4ba9e735c6924008714ef2a873597837be9d4d927522d5d733bd07
- name: kind
value: task
resolver: bundles
@@ -361,7 +361,7 @@ spec:
- name: name
value: clamav-scan
- name: bundle
value: quay.io/konflux-ci/tekton-catalog/task-clamav-scan:0.1@sha256:a5742024c2755d3636110aea0b86d298660bb8b7708894674baec16bb90b7106
value: quay.io/konflux-ci/tekton-catalog/task-clamav-scan:0.1@sha256:4cb5750b01759a4f3d02bb8c6869e80dcde7bd4c7f5c0a68dd18e57ea2ac676f
- name: kind
value: task
resolver: bundles
@@ -383,7 +383,7 @@ spec:
- name: name
value: sbom-json-check
- name: bundle
value: quay.io/redhat-appstudio-tekton-catalog/task-sbom-json-check:0.1@sha256:d34362be8843715b1bcdaf55fcbf1be315094e0dc840562c5cec22716a37a1fe
value: quay.io/redhat-appstudio-tekton-catalog/task-sbom-json-check:0.1@sha256:501181e78ec76a0a9083ffc275f5307ba5653a762259412bcffaeb314f13f8ec
- name: kind
value: task
resolver: bundles
16 changes: 8 additions & 8 deletions .tekton/rhtas-operator-push.yaml
View file
Original file line number Diff line number Diff line change
@@ -45,7 +45,7 @@ spec:
- name: name
value: show-sbom
- name: bundle
value: quay.io/redhat-appstudio-tekton-catalog/task-show-sbom:0.1@sha256:3ea2255c6ad2dd1074de45227deab51b69dba57901f44dbca80fe1c57646b107
value: quay.io/redhat-appstudio-tekton-catalog/task-show-sbom:0.1@sha256:8e0f8cad75e6f674d72a874385b69c4651afc0c9dcc59feffe0d85844687d852
- name: kind
value: task
resolver: bundles
@@ -189,7 +189,7 @@ spec:
- name: name
value: prefetch-dependencies
- name: bundle
value: quay.io/redhat-appstudio-tekton-catalog/task-prefetch-dependencies:0.1@sha256:610ba9e81465fdc5456ed2846503c6cb6f38413d1211e5c63ba152fd1ff2c3ee
value: quay.io/redhat-appstudio-tekton-catalog/task-prefetch-dependencies:0.1@sha256:492db3ca0bf5c44b67a38ba937de645a5282be2cb447dc30d0227424ca3c736f
- name: kind
value: task
resolver: bundles
@@ -224,7 +224,7 @@ spec:
- name: name
value: buildah
- name: bundle
value: quay.io/redhat-appstudio-tekton-catalog/task-buildah:0.2@sha256:a4abd67493676e3b68d3088cd48358cb7c7fa47903e990d6662b6e8c49697b8b
value: quay.io/redhat-appstudio-tekton-catalog/task-buildah:0.2@sha256:20cdb35358caec75325be04df377443ac1ba91eceece8c0a436a3558ab2959cb
- name: kind
value: task
resolver: bundles
@@ -276,7 +276,7 @@ spec:
- name: name
value: deprecated-image-check
- name: bundle
value: quay.io/redhat-appstudio-tekton-catalog/task-deprecated-image-check:0.4@sha256:3f956e0cd9b0a183e4fd95e010aa668a788ef564d3af1f7aecaaf6e2ccc2ce93
value: quay.io/redhat-appstudio-tekton-catalog/task-deprecated-image-check:0.4@sha256:6c389c2f670975cc0dfdd07dcb33142b1668bbfd46f6af520dd0ab736c56e7e9
- name: kind
value: task
resolver: bundles
@@ -298,7 +298,7 @@ spec:
- name: name
value: clair-scan
- name: bundle
value: quay.io/redhat-appstudio-tekton-catalog/task-clair-scan:0.1@sha256:3d9d05162d5807cde4431e80f0f126f4c19994c0c1633629a62ece9a43b966cd
value: quay.io/redhat-appstudio-tekton-catalog/task-clair-scan:0.1@sha256:a1bbc7354d8dc8fef41caca236bde682fc6a9230065a5537f1dc1ca4f1e39e83
- name: kind
value: task
resolver: bundles
@@ -315,7 +315,7 @@ spec:
- name: name
value: sast-snyk-check
- name: bundle
value: quay.io/redhat-appstudio-tekton-catalog/task-sast-snyk-check:0.1@sha256:e6acf744313561b376b44724e81188f354b84cf3b0b3875e75efe7e0209637a2
value: quay.io/redhat-appstudio-tekton-catalog/task-sast-snyk-check:0.1@sha256:1ef6a3ab9c4ba9e735c6924008714ef2a873597837be9d4d927522d5d733bd07
- name: kind
value: task
resolver: bundles
@@ -359,7 +359,7 @@ spec:
- name: name
value: clamav-scan
- name: bundle
value: quay.io/konflux-ci/tekton-catalog/task-clamav-scan:0.1@sha256:a5742024c2755d3636110aea0b86d298660bb8b7708894674baec16bb90b7106
value: quay.io/konflux-ci/tekton-catalog/task-clamav-scan:0.1@sha256:4cb5750b01759a4f3d02bb8c6869e80dcde7bd4c7f5c0a68dd18e57ea2ac676f
- name: kind
value: task
resolver: bundles
@@ -381,7 +381,7 @@ spec:
- name: name
value: sbom-json-check
- name: bundle
value: quay.io/redhat-appstudio-tekton-catalog/task-sbom-json-check:0.1@sha256:d34362be8843715b1bcdaf55fcbf1be315094e0dc840562c5cec22716a37a1fe
value: quay.io/redhat-appstudio-tekton-catalog/task-sbom-json-check:0.1@sha256:501181e78ec76a0a9083ffc275f5307ba5653a762259412bcffaeb314f13f8ec
- name: kind
value: task
resolver: bundles
2 changes: 1 addition & 1 deletion Makefile
View file
Original file line number Diff line number Diff line change
@@ -135,7 +135,7 @@ test-e2e:
# Switch images from `registry.redhat.io` images to the dev images
.PHONY: dev-images
dev-images:
sed -f ci/dev-images.sed -i internal/controller/constants/images.go
sed -E -f ci/dev-images.sed -i internal/controller/constants/images.go

GOLANGCI_LINT = $(shell pwd)/bin/golangci-lint
GOLANGCI_LINT_VERSION ?= v1.54.2
6 changes: 6 additions & 0 deletions api/v1alpha1/common.go
View file
Original file line number Diff line number Diff line change
@@ -45,6 +45,12 @@ type CtlogService struct {
//+kubebuilder:default:=0
//+optional
Port *int32 `json:"port,omitempty"`
// Prefix is the name of the log. The prefix cannot be empty and can
// contain "/" path separator characters to define global override handler prefix.
//+kubebuilder:validation:Pattern:="^[a-z0-9]([-a-z0-9/]*[a-z0-9])?$"
//+kubebuilder:default:=trusted-artifact-signer
//+optional
Prefix string `json:"prefix,omitempty"`
}

// LocalObjectReference contains enough information to let you locate the
6 changes: 6 additions & 0 deletions api/v1alpha1/ctlog_types.go
View file
Original file line number Diff line number Diff line change
@@ -42,6 +42,12 @@ type CTlogSpec struct {
// Trillian service configuration
//+kubebuilder:default:={port: 8091}
Trillian TrillianService `json:"trillian,omitempty"`

// Secret holding Certificate Transparency server config in text proto format
// If it is set then any setting of treeID, privateKeyRef, privateKeyPasswordRef,
// publicKeyRef, rootCertificates and trillian will be overridden.
//+optional
ServerConfigRef *LocalObjectReference `json:"serverConfigRef,omitempty"`
// Reference to TLS server certificate, private key and CA certificate
//+optional
TLSCertificate TLSCert `json:"tls"`
1 change: 1 addition & 0 deletions api/v1alpha1/fulcio_types.go
View file
Original file line number Diff line number Diff line change
@@ -14,6 +14,7 @@ type FulcioSpec struct {
ExternalAccess ExternalAccess `json:"externalAccess,omitempty"`
// Ctlog service configuration
//+optional
//+kubebuilder:default:={prefix: trusted-artifact-signer}
Ctlog CtlogService `json:"ctlog,omitempty"`
// Fulcio Configuration
//+required
Loading