Skip to content

Commit

Permalink
update for using reflect instead of mapstructure
Browse files Browse the repository at this point in the history 
Signed-off-by: Javan lacerda <javanlacerda@google.com>
  • Loading branch information
@javanlacerda
javanlacerda committed Jun 30, 2024
1 parent 96a6663 commit 611d5c4
Show file tree
Hide file tree
Showing 3 changed files with 21 additions and 34 deletions.
2 changes: 1 addition & 1 deletion go.mod
View file
Original file line number Diff line number Diff line change
Expand Up @@ -22,7 +22,6 @@ require (
github.com/grpc-ecosystem/grpc-gateway/v2 v2.20.0
github.com/hashicorp/golang-lru v1.0.2
github.com/magiconair/properties v1.8.7
github.com/mitchellh/mapstructure v1.5.0
github.com/prometheus/client_golang v1.19.1
github.com/prometheus/client_model v0.6.1
github.com/prometheus/common v0.54.0
Expand Down Expand Up @@ -111,6 +110,7 @@ require (
github.com/letsencrypt/boulder v0.0.0-20230907030200-6d76a0f91e1e // indirect
github.com/miekg/pkcs11 v1.1.1 // indirect
github.com/mitchellh/go-homedir v1.1.0 // indirect
github.com/mitchellh/mapstructure v1.5.0 // indirect
github.com/opencontainers/go-digest v1.0.0 // indirect
github.com/pelletier/go-toml/v2 v2.2.2 // indirect
github.com/pkg/browser v0.0.0-20240102092130-5ac0b6a4141c // indirect
Expand Down
15 changes: 6 additions & 9 deletions pkg/config/config.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -32,7 +32,6 @@ import (

"github.com/coreos/go-oidc/v3/oidc"
lru "github.com/hashicorp/golang-lru"
"github.com/mitchellh/mapstructure"
"github.com/sigstore/fulcio/pkg/certificate"
fulciogrpc "github.com/sigstore/fulcio/pkg/generated/protobuf"
"github.com/sigstore/fulcio/pkg/log"
Expand Down Expand Up @@ -470,18 +469,16 @@ func validateCIIssuerMetadata(fulcioConfig *FulcioConfig) error {
}

for _, ciIssuerMetadata := range fulcioConfig.CIIssuerMetadata {
claimsTemplates := make(map[string]interface{})
err := mapstructure.Decode(ciIssuerMetadata.ExtensionTemplates, &claimsTemplates)
if err != nil {
return err
}
for _, temp := range claimsTemplates {
err := checkParse(temp)
v := reflect.Indirect(reflect.ValueOf(&ciIssuerMetadata.ExtensionTemplates))
for i := 0; i < v.NumField(); i++ {
s := v.Field(i).String()
err := checkParse(s)
if err != nil {
return err
}
}
err = checkParse(ciIssuerMetadata.SubjectAlternativeNameTemplate)

err := checkParse(ciIssuerMetadata.SubjectAlternativeNameTemplate)
if err != nil {
return err
}
Expand Down
38 changes: 14 additions & 24 deletions pkg/identity/ciprovider/principal.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -21,11 +21,10 @@ import (
"fmt"
"html/template"
"net/url"
"reflect"
"strings"

"github.com/coreos/go-oidc/v3/oidc"
"github.com/mitchellh/mapstructure"
"github.com/sigstore/fulcio/pkg/certificate"
"github.com/sigstore/fulcio/pkg/config"
"github.com/sigstore/fulcio/pkg/identity"
)
Expand Down Expand Up @@ -127,33 +126,24 @@ func (principal ciPrincipal) Embed(_ context.Context, cert *x509.Certificate) er
}
uris := []*url.URL{sanURL}
cert.URIs = uris
mapExtensionsForTemplate := make(map[string]interface{})
err = mapstructure.Decode(claimsTemplates, &mapExtensionsForTemplate)
if err != nil {
return err
}

for k, v := range mapValuesToString(mapExtensionsForTemplate) {
// It avoids to try applying template or replace for a empty string.
if v != "" {
mapExtensionsForTemplate[k], err = applyTemplateOrReplace(v, claims, defaults)
if err != nil {
return err
}
v := reflect.Indirect(reflect.ValueOf(&claimsTemplates))
for i := 0; i < v.NumField(); i++ {
s := v.Field(i).String() // value of each field, e.g the template string
if s == "" {
continue
}
extValue, err := applyTemplateOrReplace(s, claims, defaults)
if err != nil {
return err
}
v.Field(i).SetString(extValue)
}
ext := &certificate.Extensions{
Issuer: principal.Token.Issuer,
}
err = mapstructure.Decode(mapExtensionsForTemplate, &ext)
if err != nil {
return err
}

// Guarantees to set the extension issuer as the token issuer
// regardless of whether this field has been set before
ext.Issuer = principal.Token.Issuer
claimsTemplates.Issuer = principal.Token.Issuer
// Embed additional information into custom extensions
cert.ExtraExtensions, err = ext.Render()
cert.ExtraExtensions, err = claimsTemplates.Render()
if err != nil {
return err
}
Expand Down

0 comments on commit 611d5c4

Please sign in to comment.