search

sigstore / scaffolding

Stuff to make standing up sigstore (esp. for testing) easier for e2e/integration testing.
Apache License 2.0
57 stars 56 forks source link

Add v1 Fulcio endpoint to prober #1160

Closed cmurphy closed 2 months ago

cmurphy commented 2 months ago

There is an SLO set up for the /api/v1/signingCert Fulcio endpoint[1], but it is currently reporting "No SLO status data" because the prober was never testing that endpoint. This lead to an outage that went undetected by the monitoring system.

Cosign uses the legacy certificate request endpoint in its Fulcio client[2][3]. This means that the v1 endpoint is likely the most used and therefore an important health indicator. This change adds the v1 endpoint to the prober test, which should populate Prometheus with data which should activate the SLO.

[1] https://github.com/sigstore/scaffolding/blob/8f7aa097e54eabcecbc671818f9eb5f0e723e54b/terraform/gcp/modules/monitoring/fulcio/slo.tf#L79-L83 [2] https://github.com/sigstore/cosign/blob/79db196e2d97e7dfc4d8201ef829d4ce906605a7/cmd/cosign/cli/fulcio/fulcio.go#L32 [3] https://github.com/sigstore/fulcio/blob/07b19da442b418ebcf072ac65a7abb25f0e3d5c8/pkg/api/client.go#L60

Summary

Release Note

Documentation

cmurphy commented 2 months ago

Accidentally pushed a commit to the wrong branch