Add TUF type (#383)

* Adds rekor TUF type Co-authored-by: Santiago Torres <[email protected]> Co-authored-by: Trishank Karthik Kuppusamy <[email protected]> Co-authored-by: Marina Moore <[email protected]> Signed-off-by: Asra Ali <[email protected]> * add type documentation Signed-off-by: Asra Ali <[email protected]> * Address bob comments Signed-off-by: Asra Ali <[email protected]> * run make Signed-off-by: Asra Ali <[email protected]> * wip Signed-off-by: Asra Ali <[email protected]> * Address comments Signed-off-by: Asra Ali <[email protected]> Co-authored-by: Santiago Torres <[email protected]> Co-authored-by: Trishank Karthik Kuppusamy <[email protected]> Co-authored-by: Marina Moore <[email protected]>
sigstore · Aug 18, 2021 · 4fcdcaa · 4fcdcaa
1 parent b7e0a46
commit 4fcdcaa
Show file tree

Hide file tree

Showing 58 changed files with 2,875 additions and 2,519 deletions.
diff --git a/Makefile b/Makefile
@@ -50,8 +50,8 @@ SERVER_PKG=github.com/sigstore/rekor/cmd/rekor-server/app
 SERVER_LDFLAGS="-X $(SERVER_PKG).GitVersion=$(GIT_VERSION) -X $(SERVER_PKG).gitCommit=$(GIT_HASH) -X $(SERVER_PKG).gitTreeState=$(GIT_TREESTATE) -X $(SERVER_PKG).buildDate=$(BUILD_DATE)"
 
 $(GENSRC): $(SWAGGER) $(OPENAPIDEPS)
-	$(SWAGGER) generate client -f openapi.yaml -q -r COPYRIGHT.txt -t pkg/generated --default-consumes application/json\;q=1
-	$(SWAGGER) generate server -f openapi.yaml -q -r COPYRIGHT.txt -t pkg/generated --exclude-main -A rekor_server --exclude-spec --flag-strategy=pflag --default-produces application/json
+	$(SWAGGER) generate client -f openapi.yaml -q -r COPYRIGHT.txt -t pkg/generated --default-consumes application/json\;q=1 --additional-initialism=TUF
+	$(SWAGGER) generate server -f openapi.yaml -q -r COPYRIGHT.txt -t pkg/generated --exclude-main -A rekor_server --exclude-spec --flag-strategy=pflag --default-produces application/json --additional-initialism=TUF
 
 .PHONY: validate-openapi
 validate-openapi: $(SWAGGER)

diff --git a/cmd/rekor-cli/app/root.go b/cmd/rekor-cli/app/root.go
@@ -35,6 +35,7 @@ import (
 	_ "github.com/sigstore/rekor/pkg/types/rekord/v0.0.1"
 	_ "github.com/sigstore/rekor/pkg/types/rfc3161/v0.0.1"
 	_ "github.com/sigstore/rekor/pkg/types/rpm/v0.0.1"
+	_ "github.com/sigstore/rekor/pkg/types/tuf/v0.0.1"
 )
 
 var rootCmd = &cobra.Command{

diff --git a/cmd/rekor-cli/app/search.go b/cmd/rekor-cli/app/search.go
@@ -165,6 +165,8 @@ var searchCmd = &cobra.Command{
 				params.Query.PublicKey.Format = swag.String(models.SearchIndexPublicKeyFormatX509)
 			case "ssh":
 				params.Query.PublicKey.Format = swag.String(models.SearchIndexPublicKeyFormatSSH)
+			case "tuf":
+				params.Query.PublicKey.Format = swag.String(models.SearchIndexPublicKeyFormatTUF)
 			default:
 				return nil, fmt.Errorf("unknown pki-format %v", pkiFormat)
 			}

diff --git a/cmd/rekor-server/app/serve.go b/cmd/rekor-server/app/serve.go
@@ -42,6 +42,8 @@ import (
 	rfc3161_v001 "github.com/sigstore/rekor/pkg/types/rfc3161/v0.0.1"
 	"github.com/sigstore/rekor/pkg/types/rpm"
 	rpm_v001 "github.com/sigstore/rekor/pkg/types/rpm/v0.0.1"
+	"github.com/sigstore/rekor/pkg/types/tuf"
+	tuf_v001 "github.com/sigstore/rekor/pkg/types/tuf/v0.0.1"
 )
 
 // serveCmd represents the serve command
@@ -85,6 +87,7 @@ var serveCmd = &cobra.Command{
 			rfc3161.KIND: rfc3161_v001.APIVERSION,
 			alpine.KIND:  alpine_v001.APIVERSION,
 			helm.KIND:    helm_v001.APIVERSION,
+			tuf.KIND:     tuf_v001.APIVERSION,
 		}
 
 		for k, v := range pluggableTypeMap {

diff --git a/go.mod b/go.mod
@@ -46,6 +46,8 @@ require (
 	github.com/spf13/cobra v1.2.1
 	github.com/spf13/pflag v1.0.5
 	github.com/spf13/viper v1.8.1
+	github.com/tent/canonical-json-go v0.0.0-20130607151641-96e4ba3a7613
+	github.com/theupdateframework/go-tuf v0.0.0-20210722233521-90e262754396
 	github.com/tidwall/pretty v1.2.0 // indirect
 	github.com/tilinna/clock v1.1.0 // indirect
 	github.com/ulikunitz/xz v0.5.10 // indirect

diff --git a/go.sum b/go.sum
@@ -1119,6 +1119,7 @@ github.com/stretchr/testify v1.7.0/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/
 github.com/subosito/gotenv v1.2.0 h1:Slr1R9HxAlEKefgq5jn9U+DnETlIUa6HfgEzj0g5d7s=
 github.com/subosito/gotenv v1.2.0/go.mod h1:N0PQaV/YGNqwC0u51sEeR/aUtSLEXKX9iv69rRypqCw=
 github.com/syndtr/goleveldb v1.0.0/go.mod h1:ZVVdQEZoIme9iO1Ch2Jdy24qqXrMMOU6lpPAyBWyWuQ=
+github.com/tent/canonical-json-go v0.0.0-20130607151641-96e4ba3a7613 h1:iGnD/q9160NWqKZZ5vY4p0dMiYMRknzctfSkqA4nBDw=
 github.com/tent/canonical-json-go v0.0.0-20130607151641-96e4ba3a7613/go.mod h1:g6AnIpDSYMcphz193otpSIzN+11Rs+AAIIC6rm1enug=
 github.com/theupdateframework/go-tuf v0.0.0-20210722233521-90e262754396 h1:j4odVZMwglHp54CYsNHd0wls+lkQzxloQU9AQjQu0W4=
 github.com/theupdateframework/go-tuf v0.0.0-20210722233521-90e262754396/go.mod h1:L+uU/NRFK/7h0NYAnsmvsX9EghDB5QVCcHCIrK2h5nw=

diff --git a/openapi.yaml b/openapi.yaml
@@ -329,6 +329,23 @@ definitions:
         - spec
       additionalProperties: false
 
+  tuf:
+    type: object
+    description: TUF metadata
+    allOf:
+    - $ref: '#/definitions/ProposedEntry'
+    - properties:
+        apiVersion:
+          type: string
+          pattern: ^(0|[1-9]\d*)\.(0|[1-9]\d*)\.(0|[1-9]\d*)(?:-((?:0|[1-9]\d*|\d*[a-zA-Z-][0-9a-zA-Z-]*)(?:\.(?:0|[1-9]\d*|\d*[a-zA-Z-][0-9a-zA-Z-]*))*))?(?:\+([0-9a-zA-Z-]+(?:\.[0-9a-zA-Z-]+)*))?$
+        spec:
+          type: object
+          $ref: 'pkg/types/tuf/tuf_schema.json'
+      required:
+        - apiVersion
+        - spec
+      additionalProperties: false
+
   alpine:
     type: object
     description: Alpine package
@@ -469,7 +486,7 @@ definitions:
         properties:
           format:
             type: string
-            enum: ['pgp','x509','minisign', 'ssh']
+            enum: ['pgp','x509','minisign', 'ssh', 'tuf']
           content:
             type: string
             format: byte

diff --git a/pkg/api/error.go b/pkg/api/error.go
@@ -27,6 +27,7 @@ import (
 	"github.com/sigstore/rekor/pkg/generated/models"
 	"github.com/sigstore/rekor/pkg/generated/restapi/operations/entries"
 	"github.com/sigstore/rekor/pkg/generated/restapi/operations/index"
+	"github.com/sigstore/rekor/pkg/generated/restapi/operations/pubkey"
 	"github.com/sigstore/rekor/pkg/generated/restapi/operations/timestamp"
 	"github.com/sigstore/rekor/pkg/generated/restapi/operations/tlog"
 	"github.com/sigstore/rekor/pkg/log"
@@ -134,9 +135,9 @@ func handleRekorAPIError(params interface{}, code int, err error, message string
 		default:
 			return tlog.NewGetLogProofDefault(code).WithPayload(errorMsg(message, code))
 		}
-	case tlog.GetPublicKeyParams:
+	case pubkey.GetPublicKeyParams:
 		logMsg(params.HTTPRequest)
-		return tlog.NewGetPublicKeyDefault(code).WithPayload(errorMsg(message, code))
+		return pubkey.NewGetPublicKeyDefault(code).WithPayload(errorMsg(message, code))
 	case index.SearchIndexParams:
 		logMsg(params.HTTPRequest)
 		switch code {

diff --git a/pkg/generated/client/operations/get_public_key_parameters.go b/pkg/generated/client/operations/get_public_key_parameters.go
diff --git a/pkg/generated/client/operations/get_public_key_responses.go b/pkg/generated/client/operations/get_public_key_responses.go