Merge pull request #28 from matheusdefarias/adding-sigstore-cosign-adjustments-pr

willallves · web-flow · commit 9aea3d809a43 · 2022-06-22T14:04:52.000-04:00
A check has been created to verify if p.sigstore is different from nil
diff --git a/pkg/agent/plugin/workloadattestor/k8s/k8s_posix.go b/pkg/agent/plugin/workloadattestor/k8s/k8s_posix.go
@@ -337,31 +337,37 @@ func (p *Plugin) Configure(ctx context.Context, req *configv1.ConfigureRequest)
 	if err := p.reloadKubeletClient(c); err != nil {
 		return nil, err
 	}
+	if p.sigstore != nil {
+		if err := configureSigstore(c, p.sigstore); err != nil {
+			return nil, err
+		}
+	}
+	// Set the config
+	p.setConfig(c)
+	return &configv1.ConfigureResponse{}, nil
+}
 
+func configureSigstore(config *k8sConfig, sigstore sigstore.Sigstore) error {
 	// Configure sigstore settings
-	p.sigstore.ClearSkipList()
-	if c.SkippedImages != nil {
-		for _, imageID := range c.SkippedImages {
-			p.sigstore.AddSkippedImage(imageID)
+	sigstore.ClearSkipList()
+	if config.SkippedImages != nil {
+		for _, imageID := range config.SkippedImages {
+			sigstore.AddSkippedImage(imageID)
 		}
 	}
-
-	p.sigstore.EnableAllowSubjectList(c.AllowedSubjectListEnabled)
-	p.sigstore.ClearAllowedSubjects()
-	if c.AllowedSubjects != nil {
-		for _, subject := range c.AllowedSubjects {
-			p.sigstore.AddAllowedSubject(subject)
+	sigstore.EnableAllowSubjectList(config.AllowedSubjectListEnabled)
+	sigstore.ClearAllowedSubjects()
+	if config.AllowedSubjects != nil {
+		for _, subject := range config.AllowedSubjects {
+			sigstore.AddAllowedSubject(subject)
 		}
 	}
-	if c.RekorURL != "" {
-		if err := p.sigstore.SetRekorURL(c.RekorURL); err != nil {
-			return nil, err
+	if config.RekorURL != "" {
+		if err := sigstore.SetRekorURL(config.RekorURL); err != nil {
+			return err
 		}
 	}
-
-	// Set the config
-	p.setConfig(c)
-	return &configv1.ConfigureResponse{}, nil
+	return nil
 }
 
 func (p *Plugin) setConfig(config *k8sConfig) {
