Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Search through all shards when searching by hash #1082

Merged
merged 5 commits into from
Sep 28, 2022

Conversation

priyawadhwa
Copy link
Contributor

@priyawadhwa priyawadhwa commented Sep 28, 2022

This adds in a test with cosign sign-blob and cosign verify-blob to make sure it is working as expected

Signed-off-by: Priya Wadhwa <priya@chainguard.dev>
Signed-off-by: Priya Wadhwa <priya@chainguard.dev>
Signed-off-by: Priya Wadhwa <priya@chainguard.dev>
@priyawadhwa priyawadhwa requested a review from a team as a code owner September 28, 2022 19:40
@haydentherapper
Copy link
Contributor

Do we need to block on the Cosign fix? It's fairly unlikely that someone has uploaded the same entry cross-shard - It likely only affects the individual who reported the issue, and we can find a workaround (re-sign and reupload).

@priyawadhwa priyawadhwa force-pushed the search-shards branch 3 times, most recently from 854f174 to 2eca7b5 Compare September 28, 2022 20:14
Signed-off-by: Priya Wadhwa <priya@chainguard.dev>
@priyawadhwa
Copy link
Contributor Author

@haydentherapper yep! removed that comment, this should be good to merge once it's green

dlorenc
dlorenc previously approved these changes Sep 28, 2022
@@ -24,6 +24,8 @@ set -ex
echo "Installing createtree..."
go install github.com/google/trillian/cmd/createtree@latest

echo "Installing cosign..."
go install github.com/sigstore/cosign/cmd/cosign@latest
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

this logic may evolve as time goes on - are we better actually reimplementing the logic here by directly calling the rekor APIs?

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

i think we probably want to test with cosign somewhere, whether it's here or in a prober. not super opinionated on this one.

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

+1 let's remove cosign and use rekor: the problem was reproducible with a SearchLogQuery

Copy link
Contributor

@asraa asraa left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

server changes look fine to me, but CLI logic is incorrect now, for e.g.

} else if len(resp.Payload) > 1 {

just create a follow-up issue, because this is imp

@@ -251,6 +254,10 @@ ENTRY_ID_2=$($REKOR_CLI get --log-index 3 --rekor_server http://localhost:3000 -
NUM_ELEMENTS=$(curl -f http://localhost:3000/api/v1/log/entries/retrieve -H "Content-Type: application/json" -H "Accept: application/json" -d "{ \"entryUUIDs\": [\"$ENTRY_ID_1\"]}" | jq '. | length')
stringsMatch $NUM_ELEMENTS "1"

# Make sure we can verify the blob we entered into the now-inactive shard
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

you can replace with a call to ./rekor verify --public-key blah --artifact blah --signature blah with the artifact properties

Signed-off-by: Priya Wadhwa <priya@chainguard.dev>
@codecov-commenter
Copy link

Codecov Report

Merging #1082 (0541dd0) into main (204d9af) will decrease coverage by 23.11%.
The diff coverage is 0.00%.

@@             Coverage Diff             @@
##             main    #1082       +/-   ##
===========================================
- Coverage   64.06%   40.94%   -23.12%     
===========================================
  Files          82       74        -8     
  Lines        7482     7082      -400     
===========================================
- Hits         4793     2900     -1893     
- Misses       2067     3877     +1810     
+ Partials      622      305      -317     
Flag Coverage Δ
e2etests ?
unittests 40.94% <0.00%> (-0.06%) ⬇️

Flags with carried forward coverage won't be shown. Click here to find out more.

Impacted Files Coverage Δ
pkg/api/entries.go 0.00% <0.00%> (-69.55%) ⬇️
pkg/sharding/ranges.go 43.69% <0.00%> (-7.63%) ⬇️
pkg/api/metrics.go 0.00% <0.00%> (-100.00%) ⬇️
cmd/rekor-cli/app/useragent.go 0.00% <0.00%> (-100.00%) ⬇️
pkg/api/public_key.go 0.00% <0.00%> (-66.67%) ⬇️
pkg/api/trillian_client.go 0.00% <0.00%> (-66.31%) ⬇️
pkg/api/api.go 0.00% <0.00%> (-64.29%) ⬇️
pkg/types/types.go 0.00% <0.00%> (-63.64%) ⬇️
pkg/types/versionmap.go 0.00% <0.00%> (-63.42%) ⬇️
... and 49 more

Help us with your feedback. Take ten seconds to tell us how you rate us. Have a feature suggestion? Share it here.

@priyawadhwa priyawadhwa merged commit 838f40b into sigstore:main Sep 28, 2022
@priyawadhwa priyawadhwa deleted the search-shards branch September 28, 2022 22:11
@github-actions github-actions bot added this to the v1.0.0 milestone Sep 28, 2022
bmwiedemann pushed a commit to bmwiedemann/openSUSE that referenced this pull request Oct 19, 2022
https://build.opensuse.org/request/show/1029934
by user msmeissn + dimstar_suse
- updated to rekor 1.0.0 (sc#SLE-23476):
  - add description on /api/v1/index/retrieve endpoint by @bobcallaway in sigstore/rekor#1073
  - Adding e2e test coverage by @cdris in sigstore/rekor#1071
  - export rekor build/version information by @cpanato in sigstore/rekor#1074
  - Use POST instead of GET for /api/log/entries/retrieve metrics. by @var-sdk in sigstore/rekor#1083
  - Search through all shards when searching by hash by @priyawadhwa in sigstore/rekor#1082
  - verify: verify checkpoint's STH against the inclusion proof root hash by @asraa in sigstore/rekor#1092
  - add ability to enable/disable specific rekor API endpoints by @bobcallaway in
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

6 participants