Skip to content

Adding functionality to check if GPG keys are valid for signing providers #47

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Closed
wants to merge 99 commits into from
Closed

Adding functionality to check if GPG keys are valid for signing providers #47

wants to merge 99 commits into from

Conversation

diofeher
Copy link
Member

@diofeher diofeher commented Jan 9, 2025
edited
Loading

This code is used by registry repo to validate if a key was used to sign a provider.

It's going to be used on registry. It closes opentofu/registry#1423

@diofeher
Refactoring in their own packages - gpg and storage
bca2624 
Signed-off-by: Diogenes Fernandes <[email protected]>
@diofeher
Cleanup
3b95889 
Signed-off-by: Diogenes Fernandes <[email protected]>
ghost
ghost suggested changes Jan 9, 2025
View reviewed changes
Copy link

@ghost ghost left a comment
edited by ghost
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thank you for the work @diofeher. There are a few things that would need to be changed here. Mainly, this shouldn't be part of the metadata API. Also, this PR seems to be lacking tests.

@diofeher
Copy link
Member Author

diofeher commented Jan 9, 2025
edited
Loading

Thanks for your feedback @abstractionfactory ! This PR was meant to be a draft, didn't see it was a normal PR, sorry :( I'm still testing with the another repo....
But it's good that I received feedback already, gonna fix these issues.

@diofeher diofeher marked this pull request as draft January 9, 2025 18:32
@diofeher
Refactoring into new package
7eb203f 
Signed-off-by: Diogenes Fernandes <[email protected]>
@diofeher
Move gpg into verification package
5724819 
Signed-off-by: Diogenes Fernandes <[email protected]>
@cam72cam
Copy link
Member

I think @abstractionfactory has been looking forward to getting this fixed for a while :)

@diofeher
Cleanup
87b097f 
Signed-off-by: Diogenes Fernandes <[email protected]>
@diofeher
Removing unused funcs
922aba6 
Signed-off-by: Diogenes Fernandes <[email protected]>
@diofeher
return err instead of writing to stderr
71b4bff 
Signed-off-by: Diogenes Fernandes <[email protected]>
@diofeher
godoc
2001fad 
Signed-off-by: Diogenes Fernandes <[email protected]>
@diofeher
godoc
a911610 
Signed-off-by: Diogenes Fernandes <[email protected]>
@diofeher
create an interface for GPGVerifier
d0bea6f 
Signed-off-by: Diogenes Fernandes <[email protected]>
@diofeher
refactoring on naming
663f241 
Signed-off-by: Diogenes Fernandes <[email protected]>
@ghost
Copy link

ghost commented Jan 10, 2025

Have I ever! :D Thanks for all your hard work @diofeher !

@diofeher
Using provider.Addr
ef465b8 
Signed-off-by: Diogenes Fernandes <[email protected]>
@diofeher
Rename to provider_verifier
229ffc2 
Signed-off-by: Diogenes Fernandes <[email protected]>
@diofeher diofeher mentioned this pull request Jan 10, 2025
Merged
@diofeher diofeher requested a review from a user January 10, 2025 15:55
@diofeher diofeher marked this pull request as ready for review January 10, 2025 15:56
@ghost ghost self-assigned this Jan 10, 2025
@diofeher
no need to use storage here
cbaeaef 
Signed-off-by: Diogenes Fernandes <[email protected]>
ghost
ghost suggested changes Jan 13, 2025
View reviewed changes
Copy link

@ghost ghost left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Hi @diofeher thank you very much for your work!

diofeher and others added 6 commits January 13, 2025 09:43
@diofeher
Update provider_verifier/provider_verifier_download.go
8e28c2d 
Co-authored-by: AbstractionFactory <[email protected]>
Signed-off-by: Diógenes Fernandes <[email protected]>
@diofeher
Update provider_verifier/provider_verifier_download.go
f0922d9 
Co-authored-by: AbstractionFactory <[email protected]>
Signed-off-by: Diógenes Fernandes <[email protected]>
@diofeher
Update provider_verifier/provider_verifier_verify.go
c0bb78b 
Co-authored-by: AbstractionFactory <[email protected]>
Signed-off-by: Diógenes Fernandes <[email protected]>
@diofeher
addressing a few suggestions from abstractionFactory
e5a0bed 
Signed-off-by: Diogenes Fernandes <[email protected]>
@diofeher
addressing more suggestions from abstractionFactory
e4b93ff 
Signed-off-by: Diogenes Fernandes <[email protected]>
@diofeher
encapsulating gethexkeyid
ac6b3ad 
Signed-off-by: Diogenes Fernandes <[email protected]>
@diofeher
capitalize letters on error handling messages
591e5e3 
Signed-off-by: Diógenes Fernandes <[email protected]>
@diofeher
typo
de5aafd 
Signed-off-by: Diógenes Fernandes <[email protected]>
@diofeher
gonna fix this in another PR
1e6ae78 
Signed-off-by: Diógenes Fernandes <[email protected]>
@diofeher
capitalize
0c83be2 
Signed-off-by: Diogenes Fernandes <[email protected]>
@diofeher
Merge branch 'main' into feat/check-gpg-keys
936e74e
yhakbar
yhakbar reviewed Feb 11, 2025
View reviewed changes
Copy link

@yhakbar yhakbar left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Most of my comments are NITs.

Given that I'm not a maintainer of the project, I won't give explicit approval. I don't see any major issues, though.

Resonance1584
Resonance1584 reviewed Feb 11, 2025
View reviewed changes
Copy link

@Resonance1584 Resonance1584 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Looks really good overall! I have one comment around if the gopenpgp package is thread safe

@diofeher
Addressing Yousif comments
d5e5e09 
Signed-off-by: Diógenes Fernandes <[email protected]>
@diofeher
Addressing Yousif comments 2
28b11bd 
Signed-off-by: Diógenes Fernandes <[email protected]>
@diofeher
Addressing Yousif comments - status code
0428656 
Signed-off-by: Diógenes Fernandes <[email protected]>
@diofeher
using a constant for method get
5471ed4 
Signed-off-by: Diógenes Fernandes <[email protected]>
@diofeher
joined errs
77506f3 
Signed-off-by: Diógenes Fernandes <[email protected]>
@diofeher
using t.helper
ca8f5e6 
Signed-off-by: Diógenes Fernandes <[email protected]>
@diofeher
adding retry func
ea866be 
Signed-off-by: Diógenes Fernandes <[email protected]>
@diofeher
using t.parallel
5df7cf2 
Signed-off-by: Diógenes Fernandes <[email protected]>
@diofeher
removing t.parallel
248b0ed 
Signed-off-by: Diógenes Fernandes <[email protected]>
@diofeher
using t.parallel and helper
29adc1e 
Signed-off-by: Diógenes Fernandes <[email protected]>
@diofeher
Merge branch 'main' into feat/check-gpg-keys
c60d4cf
@diofeher diofeher requested a review from a user February 13, 2025 12:58
@diofeher diofeher marked this pull request as ready for review February 13, 2025 12:58
ghost
ghost suggested changes Feb 13, 2025
View reviewed changes
Copy link

@ghost ghost left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This is looking a lot better as far as tests and code intent is concerned, but it looks like the public signature has now switched to being an abstraction for the provider key itself, which was not the intention. If that was the case, this package would be in the wrong place (check where the provider types are).

Also, it is worth mentioning that mixing value types and tools/services in one data structure makes keeping the code clean tricky, because tools have dependencies (such as the metadata API) and it becomes had to not bloat the instantiation of the value-type with dependencies. It's a better idea to separate value types and services into separate entities.

@diofeher
Refactoring abstractions
982035b 
Signed-off-by: Diogenes Fernandes <[email protected]>
@diofeher
fix docs
2edd774 
Signed-off-by: Diogenes Fernandes <[email protected]>
@diofeher
use a better name
3de176e 
Signed-off-by: Diogenes Fernandes <[email protected]>
@ghost ghost removed their assignment Feb 18, 2025
@diofeher
testing.TB to testing.T
0f11d0a 
Signed-off-by: Diógenes Fernandes <[email protected]>
@Yantrio Yantrio marked this pull request as draft March 3, 2025 15:49
@Yantrio
Copy link
Member

Yantrio commented Mar 3, 2025

I've moved this to draft so that we can discuss this more amongst the opentofu team.

@diofeher
Copy link
Member Author

Closing this one in favor of opentofu/registry#1423

@diofeher diofeher closed this Apr 23, 2025
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@Resonance1584 Resonance1584 Resonance1584 left review comments

@yhakbar yhakbar yhakbar left review comments

@ollevche ollevche ollevche left review comments

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
6 participants
@diofeher @cam72cam @Yantrio @Resonance1584 @yhakbar @ollevche