search

chaospuppy / imagesync

Imagesync is a tool that functions as a wrapper for Google's Crane tool to create, manage, and transfer a list of images from various sources to a single destination registry
GNU General Public License v3.0
3 stars 1 forks source link

use config for cosign info #13

Closed amartin120 closed 1 year ago

amartin120 commented 1 year ago

So how's this for an idea @chaospuppy? Instead of passing the cosign key path via an arg, what about adding a cosign block to the images.yaml like below. You'd still need to make sure that you mounted in the keys, but this could handle our "optional" problem along with allowing for multiple registries/keys. Thoughts?

cosign:
  - registry: registry1.dso.mil
    repo: ironbank
    key: /app/ib-cosign.pub
  - registry: docker.io
    repo: chaospuppy
    key: /app/cp-cosign.pub

TODO:

amartin120 commented 1 year ago

@chaospuppy After doing some additional homework on retrieving a dict from a list, I'm still happy with my use of next as it uses an iterator as an internal implementation, which is faster than generic methods. Not that speed is incredibly important for such a small list. I'm more than happy to discuss other options though.

https://stackoverflow.com/questions/7079241/python-get-a-dict-from-a-list-based-on-something-inside-the-dict

https://www.geeksforgeeks.org/python-find-dictionary-matching-value-in-list/?ref=lbp (Method #2)

Here's the equivalent if I had to rewrite it.

cosign_registry = None
for item in self.cosign_registries:
    if item.get("registry") == source.registry() and (
        item.get("repo") is None
        or item.get("repo") == source.repo().split("/")[0]
    ):
        cosign_registry = item
        break
amartin120 commented 1 year ago

@chaospuppy after merging your suggestions, I had to make some additional changes in order to get this to actually work for my testing. Any additional thoughts?

chaospuppy commented 1 year ago

LGTM @amartin120 ! Sorry for the delay