chore: migrate azure-sdk-for-go/containerregistry to the latest release #1829

shahramk64 · 2024-09-26T01:24:43Z

Description

What this PR does / why we need it:

auth provider currently uses an old preview version of azure sdk for go. With the latest release of the sdk, the necessary API to exchange the AAD access token for an ACR refresh token is exposed and we can migrate to this latest release.

Which issue(s) this PR fixes (optional, using `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close the issue(s) when the PR gets merged):

Fixes #959

Type of change

Please delete options that are not relevant.

Bug fix (non-breaking change which fixes an issue)
New feature (non-breaking change which adds functionality)
Breaking change (fix or feature that would cause existing functionality to not work as expected)
Helm Chart Change (any edit/addition/update that is necessary for changes merged to the main branch)
This change requires a documentation update

How Has This Been Tested?

Please describe the tests that you ran to verify your changes. Please also list any relevant details for your test configuration

Here is a link to the successful AKS run:
https://github.com/shahramk64/forked_ratify/actions/runs/11024417178/job/30676580847?pr=2

Checklist:

Does the affected code have corresponding tests?
Are the changes documented, not just with inline documentation, but also with conceptual documentation such as an overview of a new feature, or task-based documentation like a tutorial? Consider if this change should be announced on your project blog.
Does this introduce breaking changes that would require an announcement or bumping the major version?
Do all new files have appropriate license header?

Post Merge Requirements

MAINTAINERS: manually trigger the "Publish Package" workflow after merging any PR that indicates Helm Chart Change

codecov · 2024-09-26T01:28:42Z

Codecov Report

Attention: Patch coverage is 61.05263% with 37 lines in your changes missing coverage. Please review.

Files with missing lines	Patch %	Lines
...kg/common/oras/authprovider/azure/azureidentity.go	61.36%	16 Missing and 1 partial ⚠️
...n/oras/authprovider/azure/azureworkloadidentity.go	56.41%	16 Missing and 1 partial ⚠️
pkg/common/oras/authprovider/azure/helper.go	75.00%	2 Missing and 1 partial ⚠️

Files with missing lines	Coverage Δ
pkg/common/oras/authprovider/azure/helper.go	`75.00% <75.00%> (ø)`
...kg/common/oras/authprovider/azure/azureidentity.go	`60.37% <61.36%> (+35.73%)`	⬆️
...n/oras/authprovider/azure/azureworkloadidentity.go	`72.22% <56.41%> (+31.89%)`	⬆️

... and 129 files with indirect coverage changes

pkg/common/oras/authprovider/azure/azureworkloadidentity.go

susanshi · 2024-09-27T00:19:37Z

Hi @shahramk64 , thanks for the PR. please link to the AKS run in your fork once this is ready for review. thanks!

binbin-li · 2024-09-27T10:02:53Z

pkg/common/oras/authprovider/azure/azureidentity.go

-	rt, err := refreshTokenClient.GetFromExchange(ctx, "access_token", artifactHostName, d.tenantID, "", d.identityToken.Token)
+	client, err := azcontainerregistry.NewAuthenticationClient(serverURL, nil) // &AuthenticationClientOptions{ClientOptions: options})
+	if err != nil {
+		return provider.AuthConfig{}, re.ErrorCodeAuthDenied.NewError(re.AuthProvider, "", re.AzureWorkloadIdentityLink, err, "failed to create authentication client for container registry by azure managed identity token", re.HideStackTrace)


nit: we can follow the new pattern to generate a Ratify error: https://github.com/ratify-project/ratify/blob/dev/pkg/controllers/utils/verifier.go#L63

@binbin-li I tried to mimic the pattern that's already being used in this file (and in azureworkloadidentity.go) in multiple places. Should I go ahead and change all of them?

shahramk64 · 2024-09-29T09:43:37Z

@akashsinghal @susanshi
I added unit tests to azureworkloadidentity_test.go. I would appreciate it if you could have a look at it. Based on what I understood, to mock the exported functions in azcontainerregistry, I needed to use dependency injection, so I refactored azureworkloadidentity.go for that.
If this is the right way to write the unit tests, I'll follow the same pattern for azureidentity.go and will try to bring the coverage up to 80%

pkg/common/oras/authprovider/azure/azureidentity.go

akashsinghal · 2024-09-30T17:02:57Z

@akashsinghal @susanshi I added unit tests to azureworkloadidentity_test.go. I would appreciate it if you could have a look at it. Based on what I understood, to mock the exported functions in azcontainerregistry, I needed to use dependency injection, so I refactored azureworkloadidentity.go for that. If this is the right way to write the unit tests, I'll follow the same pattern for azureidentity.go and will try to bring the coverage up to 80%

Thanks @shahramk64. I think this mock approach makes sense if the underlying azure client cannot be mocked

pkg/common/oras/authprovider/azure/azureidentity.go

Signed-off-by: Shahram Kalantari <shahramk@gmail.com>

…ner-registry-SDK

shahramk64 · 2024-10-22T02:01:11Z

Here is a link to the latest e2e AKS run on my forked repo:
https://github.com/shahramk64/forked_ratify/actions/runs/11451048602/job/31860970244?pr=3

…ner-registry-SDK

susanshi · 2024-10-23T02:39:37Z

pkg/common/oras/authprovider/azure/azureidentity.go

+	var options *azcontainerregistry.AuthenticationClientOptions
+	client, err := d.authClientFactory.CreateAuthClient(serverURL, options)
+	if err != nil {
+		// return provider.AuthConfig{}, re.ErrorCodeAuthDenied.NewError(re.AuthProvider, "", re.AzureWorkloadIdentityLink, err, "failed to create authentication client for container registry by azure managed identity token", re.HideStackTrace)


should this commented out code be removed @shahramk64 ?

Signed-off-by: Shahram Kalantari <shahramk@gmail.com>

susanshi

thanks for updating the SDK and making significant effort to increase code coverage

binbin-li

lgtm, thanks for the sdk upgrade work!

…-project#1876) Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> chore: Bump github.com/prometheus/client_golang from 1.20.4 to 1.20.5 (ratify-project#1877) Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> chore: Bump vscode/devcontainers/go from `bdecb4c` to `46f85d1` in /.devcontainer (ratify-project#1879) Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> feat: crl cache Signed-off-by: Juncheng Zhu <junczhu@microsoft.com> feat: crl cache 2 Signed-off-by: Juncheng Zhu <junczhu@microsoft.com> feat: crl provider Signed-off-by: Juncheng Zhu <junczhu@microsoft.com> feat: added interfaces Signed-off-by: Juncheng Zhu <junczhu@microsoft.com> feat: crl refactor Signed-off-by: Juncheng Zhu <junczhu@microsoft.com> feat: crl refactor Signed-off-by: Juncheng Zhu <junczhu@microsoft.com> feat: crl refactor Signed-off-by: Juncheng Zhu <junczhu@microsoft.com> feat: crl refactor Signed-off-by: Juncheng Zhu <junczhu@microsoft.com> feat: integrate crl to verifier Signed-off-by: Juncheng Zhu <junczhu@microsoft.com> feat: kmp revocationfactory refactor Signed-off-by: Juncheng Zhu <junczhu@microsoft.com> chore: bump up go version to 1.22.8 (ratify-project#1880) Signed-off-by: Binbin Li <libinbin@microsoft.com> Signed-off-by: Binbin Li <libinbin050215@gmail.com> chore: Bump github.com/sigstore/sigstore from 1.8.9 to 1.8.10 (ratify-project#1878) Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> docs: design proposal for tag and digest co-existing [ISSUE 1657] (ratify-project#1793) docs: add CRL Design (ratify-project#1789) Signed-off-by: Juncheng Zhu <junczhu@microsoft.com> docs: Create proposal for verifying 'last-n' artifacts only. (ratify-project#1797) Signed-off-by: Susan Shi <huish@microsoft.com> docs: nVersionCount support for KMP design doc (ratify-project#1831) Signed-off-by: Joshua Duffney <jduffney@microsoft.com> ci: retry trivy db update upon failure (ratify-project#1881) Signed-off-by: Binbin Li <libinbin@microsoft.com> chore: Bump anchore/sbom-action from 0.17.4 to 0.17.5 (ratify-project#1882) Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> ci: fix tagging in publish-ghcr workflow (ratify-project#1884) Signed-off-by: Binbin Li <libinbin@microsoft.com> ci: retry trivy download-db on failure (ratify-project#1883) Signed-off-by: Binbin Li <libinbin@microsoft.com> chore: migrate azure-sdk-for-go/containerregistry to the latest release (ratify-project#1829) Signed-off-by: Shahram Kalantari <shahramk@gmail.com> chore: Bump github/codeql-action from 3.26.13 to 3.27.0 (ratify-project#1887) Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> feat: crl fetcher Signed-off-by: Juncheng Zhu <junczhu@microsoft.com> feat: crl fetcher Signed-off-by: Juncheng Zhu <junczhu@microsoft.com> feat: update bytesFetcher Signed-off-by: Juncheng Zhu <junczhu@microsoft.com> feat: crl provider Signed-off-by: Juncheng Zhu <junczhu@microsoft.com> feat: refactor the interface Signed-off-by: Juncheng Zhu <junczhu@microsoft.com> feat: integrate crl to verifier 2 Signed-off-by: Juncheng Zhu <junczhu@microsoft.com> feat: integrate crl to verifier 2 Signed-off-by: Juncheng Zhu <junczhu@microsoft.com> chore: update charts (ratify-project#1892) Signed-off-by: Juncheng Zhu <junczhu@microsoft.com> chore: Bump actions/checkout from 4.2.1 to 4.2.2 (ratify-project#1893) Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> chore: Bump actions/setup-go from 5.0.2 to 5.1.0 (ratify-project#1894) Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> chore: Bump k8s.io/apimachinery from 0.28.14 to 0.28.15 (ratify-project#1896) Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> chore: Bump distroless/static from `26f9b99` to `3a03fc0` in /httpserver (ratify-project#1899) Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> chore: Bump k8s.io/client-go from 0.28.14 to 0.28.15 (ratify-project#1897) Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> chore: Bump anchore/sbom-action from 0.17.5 to 0.17.6 (ratify-project#1903) Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> feat: allow service account annotations (ratify-project#1907) Signed-off-by: Maneesh Singh <mann.biher@yahoo.co.in> feat: add interface for testing Signed-off-by: Juncheng Zhu <junczhu@microsoft.com> feat: implemented interface Signed-off-by: Juncheng Zhu <junczhu@microsoft.com> feat: implemented interface Signed-off-by: Juncheng Zhu <junczhu@microsoft.com> test: working on test cases Signed-off-by: Juncheng Zhu <junczhu@microsoft.com> test: working on test cases 2 Signed-off-by: Juncheng Zhu <junczhu@microsoft.com> test: working on test cases 3 Signed-off-by: Juncheng Zhu <junczhu@microsoft.com> refactor: add cache constructor into fetcher constructor Signed-off-by: Juncheng Zhu <junczhu@microsoft.com> refactor: add cache constructor into fetcher constructor 2 Signed-off-by: Juncheng Zhu <junczhu@microsoft.com> refactor: add cache constructor into fetcher constructor 3 Signed-off-by: Juncheng Zhu <junczhu@microsoft.com> test: add cache constructor into fetcher constructor Signed-off-by: Juncheng Zhu <junczhu@microsoft.com> test: add cache constructor into fetcher constructor 2 Signed-off-by: Juncheng Zhu <junczhu@microsoft.com>

…-project#1876) Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> chore: Bump github.com/prometheus/client_golang from 1.20.4 to 1.20.5 (ratify-project#1877) Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> chore: Bump vscode/devcontainers/go from `bdecb4c` to `46f85d1` in /.devcontainer (ratify-project#1879) Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> feat: crl cache Signed-off-by: Juncheng Zhu <junczhu@microsoft.com> feat: crl cache 2 Signed-off-by: Juncheng Zhu <junczhu@microsoft.com> feat: crl provider Signed-off-by: Juncheng Zhu <junczhu@microsoft.com> feat: added interfaces Signed-off-by: Juncheng Zhu <junczhu@microsoft.com> feat: crl refactor Signed-off-by: Juncheng Zhu <junczhu@microsoft.com> feat: crl refactor Signed-off-by: Juncheng Zhu <junczhu@microsoft.com> feat: crl refactor Signed-off-by: Juncheng Zhu <junczhu@microsoft.com> feat: crl refactor Signed-off-by: Juncheng Zhu <junczhu@microsoft.com> feat: integrate crl to verifier Signed-off-by: Juncheng Zhu <junczhu@microsoft.com> feat: kmp revocationfactory refactor Signed-off-by: Juncheng Zhu <junczhu@microsoft.com> chore: bump up go version to 1.22.8 (ratify-project#1880) Signed-off-by: Binbin Li <libinbin@microsoft.com> Signed-off-by: Binbin Li <libinbin050215@gmail.com> chore: Bump github.com/sigstore/sigstore from 1.8.9 to 1.8.10 (ratify-project#1878) Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> docs: design proposal for tag and digest co-existing [ISSUE 1657] (ratify-project#1793) docs: add CRL Design (ratify-project#1789) Signed-off-by: Juncheng Zhu <junczhu@microsoft.com> docs: Create proposal for verifying 'last-n' artifacts only. (ratify-project#1797) Signed-off-by: Susan Shi <huish@microsoft.com> docs: nVersionCount support for KMP design doc (ratify-project#1831) Signed-off-by: Joshua Duffney <jduffney@microsoft.com> ci: retry trivy db update upon failure (ratify-project#1881) Signed-off-by: Binbin Li <libinbin@microsoft.com> chore: Bump anchore/sbom-action from 0.17.4 to 0.17.5 (ratify-project#1882) Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> ci: fix tagging in publish-ghcr workflow (ratify-project#1884) Signed-off-by: Binbin Li <libinbin@microsoft.com> ci: retry trivy download-db on failure (ratify-project#1883) Signed-off-by: Binbin Li <libinbin@microsoft.com> chore: migrate azure-sdk-for-go/containerregistry to the latest release (ratify-project#1829) Signed-off-by: Shahram Kalantari <shahramk@gmail.com> chore: Bump github/codeql-action from 3.26.13 to 3.27.0 (ratify-project#1887) Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> feat: crl fetcher Signed-off-by: Juncheng Zhu <junczhu@microsoft.com> feat: crl fetcher Signed-off-by: Juncheng Zhu <junczhu@microsoft.com> feat: update bytesFetcher Signed-off-by: Juncheng Zhu <junczhu@microsoft.com> feat: crl provider Signed-off-by: Juncheng Zhu <junczhu@microsoft.com> feat: refactor the interface Signed-off-by: Juncheng Zhu <junczhu@microsoft.com> feat: integrate crl to verifier 2 Signed-off-by: Juncheng Zhu <junczhu@microsoft.com> feat: integrate crl to verifier 2 Signed-off-by: Juncheng Zhu <junczhu@microsoft.com> chore: update charts (ratify-project#1892) Signed-off-by: Juncheng Zhu <junczhu@microsoft.com> chore: Bump actions/checkout from 4.2.1 to 4.2.2 (ratify-project#1893) Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> chore: Bump actions/setup-go from 5.0.2 to 5.1.0 (ratify-project#1894) Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> chore: Bump k8s.io/apimachinery from 0.28.14 to 0.28.15 (ratify-project#1896) Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> chore: Bump distroless/static from `26f9b99` to `3a03fc0` in /httpserver (ratify-project#1899) Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> chore: Bump k8s.io/client-go from 0.28.14 to 0.28.15 (ratify-project#1897) Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> chore: Bump anchore/sbom-action from 0.17.5 to 0.17.6 (ratify-project#1903) Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> feat: allow service account annotations (ratify-project#1907) Signed-off-by: Maneesh Singh <mann.biher@yahoo.co.in> feat: add interface for testing Signed-off-by: Juncheng Zhu <junczhu@microsoft.com> feat: implemented interface Signed-off-by: Juncheng Zhu <junczhu@microsoft.com> feat: implemented interface Signed-off-by: Juncheng Zhu <junczhu@microsoft.com> test: working on test cases Signed-off-by: Juncheng Zhu <junczhu@microsoft.com> test: working on test cases 2 Signed-off-by: Juncheng Zhu <junczhu@microsoft.com> test: working on test cases 3 Signed-off-by: Juncheng Zhu <junczhu@microsoft.com> refactor: add cache constructor into fetcher constructor Signed-off-by: Juncheng Zhu <junczhu@microsoft.com> refactor: add cache constructor into fetcher constructor 2 Signed-off-by: Juncheng Zhu <junczhu@microsoft.com> refactor: add cache constructor into fetcher constructor 3 Signed-off-by: Juncheng Zhu <junczhu@microsoft.com> test: add cache constructor into fetcher constructor Signed-off-by: Juncheng Zhu <junczhu@microsoft.com> test: add cache constructor into fetcher constructor 2 Signed-off-by: Juncheng Zhu <junczhu@microsoft.com> feat: kmprevocationfactory impl 1 Signed-off-by: Juncheng Zhu <junczhu@microsoft.com> chore: Bump github.com/aws/aws-sdk-go-v2 from 1.32.2 to 1.32.3 (ratify-project#1912) Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> chore: Bump github.com/aws/aws-sdk-go-v2/credentials from 1.17.41 to 1.17.42 (ratify-project#1911) Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> chore: Bump github.com/AzureAD/microsoft-authentication-library-for-go from 1.2.2 to 1.2.3 (ratify-project#1910) Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> chore: Bump anchore/sbom-action from 0.17.6 to 0.17.7 (ratify-project#1915) Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> chore: Bump github.com/golang-jwt/jwt/v4 from 4.5.0 to 4.5.1 (ratify-project#1916) Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> feat: support enabled status for kmp keys/certs (ratify-project#1874) Signed-off-by: Joshua Duffney <jduffney@microsoft.com> ci: add cron job to cache trivy db (ratify-project#1918) Signed-off-by: Binbin Li <libinbin@microsoft.com> fix: fix the conditional check on update-trivy-cache job (ratify-project#1919) Signed-off-by: Binbin Li <libinbin@microsoft.com> feat: add support for crl basic functionality with built-in cache (ratify-project#1890) Signed-off-by: Juncheng Zhu <junczhu@microsoft.com> Co-authored-by: Binbin Li <libinbin@microsoft.com> chore: Bump goreleaser/goreleaser-action from 6.0.0 to 6.1.0 (ratify-project#1920) Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> chore: Bump github/codeql-action from 3.27.0 to 3.27.1 (ratify-project#1922) Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> chore: Bump github.com/aws/aws-sdk-go-v2/credentials from 1.17.42 to 1.17.44 (ratify-project#1923) Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> chore: Bump golang from `0ca97f4` to `4cfe4a9` in /httpserver (ratify-project#1925) Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> chore: Bump github/codeql-action from 3.27.1 to 3.27.3 (ratify-project#1926) Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> feat: support alibaba cloud rrsa store auth provider (ratify-project#1909) Signed-off-by: dahu.kdh <dahu.kdh@alibaba-inc.com> feat: kmprevocationfactory impl 3 Signed-off-by: Juncheng Zhu <junczhu@microsoft.com> feat: kmprevocationfactory impl Signed-off-by: Juncheng Zhu <junczhu@microsoft.com> feat: kmprevocationfactory impl 2 Signed-off-by: Juncheng Zhu <junczhu@microsoft.com> feat: kmprevocationfactory impl 3 Signed-off-by: Juncheng Zhu <junczhu@microsoft.com> feat: kmprevocationfactory impl 4 Signed-off-by: Juncheng Zhu <junczhu@microsoft.com> feat: kmprevocationfactory impl 5 Signed-off-by: Juncheng Zhu <junczhu@microsoft.com> chore: kmprevocationfactory reform Signed-off-by: Juncheng Zhu <junczhu@microsoft.com> feat: update implementations Signed-off-by: Juncheng Zhu <junczhu@microsoft.com> feat: update implementations 2 Signed-off-by: Juncheng Zhu <junczhu@microsoft.com> feat: update implementations 3 Signed-off-by: Juncheng Zhu <junczhu@microsoft.com> feat: update implementations 4 Signed-off-by: Juncheng Zhu <junczhu@microsoft.com> feat: update implementations 5 Signed-off-by: Juncheng Zhu <junczhu@microsoft.com> feat: update implementations 6 Signed-off-by: Juncheng Zhu <junczhu@microsoft.com> feat: update implementations 7 Signed-off-by: Juncheng Zhu <junczhu@microsoft.com> feat: update implementations 8 Signed-off-by: Juncheng Zhu <junczhu@microsoft.com> chore: Bump github/codeql-action from 3.27.3 to 3.27.4 (ratify-project#1929) Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> chore: Bump alpine from `beefdbd` to `1e42bbe` (ratify-project#1937) Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> chore: Bump golang from `4cfe4a9` to `147f428` in /httpserver (ratify-project#1936) Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> chore: Bump distroless/static from `3a03fc0` to `d71f4b2` in /httpserver (ratify-project#1935) Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> chore: Bump github.com/aliyun/credentials-go from 1.3.10 to 1.3.11 (ratify-project#1934) Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> chore: Bump github.com/aws/aws-sdk-go-v2/credentials from 1.17.44 to 1.17.45 (ratify-project#1933) Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> chore: Bump codecov/codecov-action from 4.6.0 to 5.0.2 (ratify-project#1932) Signed-off-by: dependabot[bot] <support@github.com> chore: Replace deprecated autorest SDK with azidentity (ratify-project#1904) Signed-off-by: Shahram Kalantari <shahramk@gmail.com> chore: Bump step-security/harden-runner from 2.10.1 to 2.10.2 (ratify-project#1938) Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> chore: Bump codecov/codecov-action from 5.0.2 to 5.0.4 (ratify-project#1939) Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> chore: Bump codecov/codecov-action from 5.0.4 to 5.0.7 (ratify-project#1946) Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> chore: Bump github/codeql-action from 3.27.4 to 3.27.5 (ratify-project#1945) Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> chore: Bump anchore/sbom-action from 0.17.7 to 0.17.8 (ratify-project#1948) Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> chore: Bump github.com/aws/aws-sdk-go-v2/credentials from 1.17.45 to 1.17.46 (ratify-project#1953) Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> fix: add missing pod annotations and labels to deployment spec (ratify-project#1949) Signed-off-by: akashsinghal <akashsinghal@microsoft.com> chore: revert changes in AKV KMP provider Signed-off-by: Juncheng Zhu <junczhu@microsoft.com> chore: add more comments Signed-off-by: Juncheng Zhu <junczhu@microsoft.com> chore: add more comments and fix Signed-off-by: Juncheng Zhu <junczhu@microsoft.com> chore: update logging Signed-off-by: Juncheng Zhu <junczhu@microsoft.com> chore: update test Signed-off-by: Juncheng Zhu <junczhu@microsoft.com> chore: update test 2 Signed-off-by: Juncheng Zhu <junczhu@microsoft.com> chore: limited changes 3 Signed-off-by: Juncheng Zhu <junczhu@microsoft.com> chore: more changes applied Signed-off-by: Juncheng Zhu <junczhu@microsoft.com> chore: Bump github.com/sigstore/rekor from 1.3.6 to 1.3.7 (ratify-project#1952) Signed-off-by: dependabot[bot] <support@github.com> Signed-off-by: Susan Shi <huish@microsoft.com> Signed-off-by: Binbin Li <libinbin@microsoft.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> chore: bump up golangci-lint version (ratify-project#1961) Signed-off-by: Binbin Li <libinbin050215@gmail.com> fix(tls): allowing TLS when crd-manager disabled (ratify-project#1954) Signed-off-by: Jordan Langue <jordan.langue@doctolib.com> chore: Bump github.com/aws/aws-sdk-go-v2/config from 1.28.3 to 1.28.6 (ratify-project#1957) Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> chore: Bump distroless/static from `d71f4b2` to `6cd937e` in /httpserver (ratify-project#1960) Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> chore: fix go-lint Signed-off-by: Juncheng Zhu <junczhu@microsoft.com> chore: improve codecov Signed-off-by: Juncheng Zhu <junczhu@microsoft.com> chore: fix golint Signed-off-by: Juncheng Zhu <junczhu@microsoft.com> chore: remove the CRL Cache in truststore Signed-off-by: Juncheng Zhu <junczhu@microsoft.com> chore: renaming func Signed-off-by: Juncheng Zhu <junczhu@microsoft.com> chore: fix 1 Signed-off-by: Juncheng Zhu <junczhu@microsoft.com> chore: fix 2 Signed-off-by: Juncheng Zhu <junczhu@microsoft.com> chore: Bump github/codeql-action from 3.27.5 to 3.27.6 (ratify-project#1963) Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> chore: add more test case Signed-off-by: Juncheng Zhu <junczhu@microsoft.com> chore: fix golint Signed-off-by: Juncheng Zhu <junczhu@microsoft.com> chore: fix codecov Signed-off-by: Juncheng Zhu <junczhu@microsoft.com> chore: fix context reference Signed-off-by: Juncheng Zhu <junczhu@microsoft.com> chore: fix golint Signed-off-by: Juncheng Zhu <junczhu@microsoft.com> build: add image signing for all release images (ratify-project#1947) Signed-off-by: Akash Singhal <akashsinghal@microsoft.com> chore: Bump golang from `73f06be` to `574185e` in /httpserver (ratify-project#1973) Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

susanshi reviewed Sep 27, 2024

View reviewed changes

pkg/common/oras/authprovider/azure/azureworkloadidentity.go Outdated Show resolved Hide resolved

binbin-li reviewed Sep 27, 2024

View reviewed changes

shahramk64 force-pushed the skalantari/Migrate-to-the-latest-Azure-container-registry-SDK branch 3 times, most recently from 83e9788 to 4df7003 Compare September 29, 2024 09:36

akashsinghal reviewed Sep 30, 2024

View reviewed changes

pkg/common/oras/authprovider/azure/azureidentity.go Outdated Show resolved Hide resolved

akashsinghal reviewed Sep 30, 2024

View reviewed changes

pkg/common/oras/authprovider/azure/azureidentity.go Outdated Show resolved Hide resolved

shahramk64 force-pushed the skalantari/Migrate-to-the-latest-Azure-container-registry-SDK branch 5 times, most recently from aa6be1a to cf67ed3 Compare October 3, 2024 04:38

shahramk64 marked this pull request as ready for review October 3, 2024 04:50

shahramk64 requested review from jimmyraywv, luisdlp and toddysm as code owners October 3, 2024 04:50

akashsinghal reviewed Oct 3, 2024

View reviewed changes

pkg/common/oras/authprovider/azure/azureidentity.go Outdated Show resolved Hide resolved

akashsinghal reviewed Oct 3, 2024

View reviewed changes

pkg/common/oras/authprovider/azure/azureidentity.go Outdated Show resolved Hide resolved

shahramk64 force-pushed the skalantari/Migrate-to-the-latest-Azure-container-registry-SDK branch 8 times, most recently from c9d16ba to 62199c6 Compare October 14, 2024 04:14

shahramk64 added 15 commits October 22, 2024 09:45

chore: address comments

24d306d

Signed-off-by: Shahram Kalantari <shahramk@gmail.com>

chore: add comments

c5d87bf

Signed-off-by: Shahram Kalantari <shahramk@gmail.com>

chore: more unit tests

0d4e8a6

Signed-off-by: Shahram Kalantari <shahramk@gmail.com>

chore: remove unnecessary functions

cf5e7f0

Signed-off-by: Shahram Kalantari <shahramk@gmail.com>

fix: fix the bugs in the unit tests

f213c5f

Signed-off-by: Shahram Kalantari <shahramk@gmail.com>

fix: provide default implementation of the functions

3ec6a2d

Signed-off-by: Shahram Kalantari <shahramk@gmail.com>

chore: refactor

23cf3d2

Signed-off-by: Shahram Kalantari <shahramk@gmail.com>

chore: refactor azureworkloadidentity

598ff9e

Signed-off-by: Shahram Kalantari <shahramk@gmail.com>

chore: refactor azureidentity.go

03688b0

Signed-off-by: Shahram Kalantari <shahramk@gmail.com>

chore: move common code to helper.go

2a0c8d8

Signed-off-by: Shahram Kalantari <shahramk@gmail.com>

chore: unit tests for the helper.go file

947f28c

Signed-off-by: Shahram Kalantari <shahramk@gmail.com>

chore: create a const from the repetitive string

d50d306

Signed-off-by: Shahram Kalantari <shahramk@gmail.com>

chore: address comments

ac8e29e

Signed-off-by: Shahram Kalantari <shahramk@gmail.com>

chore: address comments

2344927

Signed-off-by: Shahram Kalantari <shahramk@gmail.com>

chore: address comments

10ea3e2

Signed-off-by: Shahram Kalantari <shahramk@gmail.com>

shahramk64 force-pushed the skalantari/Migrate-to-the-latest-Azure-container-registry-SDK branch from cbbf124 to 10ea3e2 Compare October 21, 2024 23:45

shahramk64 and others added 3 commits October 22, 2024 09:48

fix: ran go mod tidy

94f899d

Signed-off-by: Shahram Kalantari <shahramk@gmail.com>

Merge branch 'dev' into skalantari/Migrate-to-the-latest-Azure-contai…

cf25a94

…ner-registry-SDK

Merge branch 'dev' into skalantari/Migrate-to-the-latest-Azure-contai…

82c3091

…ner-registry-SDK

akashsinghal previously approved these changes Oct 22, 2024

View reviewed changes

Merge branch 'dev' into skalantari/Migrate-to-the-latest-Azure-contai…

dfd5e9a

…ner-registry-SDK

susanshi reviewed Oct 23, 2024

View reviewed changes

chore: remove commented code

a70ebef

Signed-off-by: Shahram Kalantari <shahramk@gmail.com>

shahramk64 dismissed akashsinghal’s stale review via a70ebef October 23, 2024 03:46

susanshi approved these changes Oct 23, 2024

View reviewed changes

binbin-li approved these changes Oct 23, 2024

View reviewed changes

susanshi merged commit 7c58a9a into ratify-project:dev Oct 23, 2024
19 of 20 checks passed

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

chore: migrate azure-sdk-for-go/containerregistry to the latest release #1829

chore: migrate azure-sdk-for-go/containerregistry to the latest release #1829

shahramk64 commented Sep 26, 2024 •

edited

Loading

codecov bot commented Sep 26, 2024 •

edited

Loading

susanshi commented Sep 27, 2024

binbin-li Sep 27, 2024

shahramk64 Oct 15, 2024

shahramk64 commented Sep 29, 2024

akashsinghal commented Sep 30, 2024

shahramk64 commented Oct 22, 2024

susanshi Oct 23, 2024 •

edited

Loading

susanshi left a comment

binbin-li left a comment

chore: migrate azure-sdk-for-go/containerregistry to the latest release #1829

chore: migrate azure-sdk-for-go/containerregistry to the latest release #1829

Conversation

shahramk64 commented Sep 26, 2024 • edited Loading

Description

What this PR does / why we need it:

Which issue(s) this PR fixes (optional, using fixes #<issue number>(, fixes #<issue_number>, ...) format, will close the issue(s) when the PR gets merged):

Type of change

How Has This Been Tested?

Checklist:

Post Merge Requirements

codecov bot commented Sep 26, 2024 • edited Loading

Codecov Report

susanshi commented Sep 27, 2024

binbin-li Sep 27, 2024

Choose a reason for hiding this comment

shahramk64 Oct 15, 2024

Choose a reason for hiding this comment

shahramk64 commented Sep 29, 2024

akashsinghal commented Sep 30, 2024

shahramk64 commented Oct 22, 2024

susanshi Oct 23, 2024 • edited Loading

Choose a reason for hiding this comment

susanshi left a comment

Choose a reason for hiding this comment

binbin-li left a comment

Choose a reason for hiding this comment

shahramk64 commented Sep 26, 2024 •

edited

Loading

Which issue(s) this PR fixes (optional, using `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close the issue(s) when the PR gets merged):

codecov bot commented Sep 26, 2024 •

edited

Loading

susanshi Oct 23, 2024 •

edited

Loading