search

sigstore / rekor-monitor

Log monitor for Rekor to verify immutability and monitor entries
Apache License 2.0
25 stars 26 forks source link

Refactor Object Identifier extension struct #520

Closed linus-sun closed 2 days ago

linus-sun commented 3 days ago

Description

Noted here:- currently, the MonitoredValues struct has separate fields for OID extensions and matching values via construction from an asn1.OID, OID extensions supported by Fulcio, or construction from OID dot notation. These fields are parsed together into a list when monitored in MatchedIndices, making it harder to keep track of what OID fields are currently being tracked. A more elegant solution would go as follows:

Refactor all OID matcher fields into one struct, as follows:

type OIDExtensions struct {
    OIDMatchers // OIDs extensions constructed via asn1
    FulcioExtensions // OID extensions supported by Fulcio
    CustomOIDs // OID extensions constructed via dot notation
}

func (exts OIDExtensions) AllOIDMatchers ([]OIDMatcher) {
    // Parse and merge all OIDMatchers from OIDMatchers, FulcioExtensions, and CustomOIDs
}

This would make it easier to keep track of all OIDMatchers being monitored by calling the builtin method on the field. We can remove these individual fields from MonitoredValues and replace with the containing OIDExtensions struct.

linus-sun commented 3 days ago

Going to be picking this up concurrently with work to refactor MatchedIndices into separate helpers for each set of values and MatchedIndices as a wrapper for all individual helpers