new http-ping-only flag for 'timestamp-server serve' by dmitris · Pull Request #474 · sigstore/timestamp-authority

dmitris · 2023-09-11T17:26:21Z

Summary

The change adds a new command-line flag for the timestamp-server serve command to address the following need:

must serve timestamp requests only via the https server with mTLS
need to provide the ability to do ping-like checks over http server (for the load balancers that don't have access to the mTLS credentials)

The solution is to add the --http-ping-only boolean flag (default false) that when given, restricts the http server to serve only the (existing) /ping entrypoint - for others, the http server responds with '400 Forbidden' and a short message.

Since I could find no other alternative (despite asking in different forums/channels) in the swagger generation framework, I resorted to created a boolean global variable IsHTTPPingOnly in the new pkg/internal/cmdparams subpackage to pass the flag values to the server implementation in pkg/generated/restapi/configure_timestamp_server.go. If you can suggest a more elegant way to achieve the same goal, please let me know.

Related to #420.

Release Note

New features and improvements, including behavioural changes, UI changes and CLI changes
added the optional --http-ping-only boolean flag to restrict the http server to the /ping entrypoint.

Documentation

option is documented in the output of timestamp-server serve --help:

$ timestamp-server serve --help
Starts a http server and serves the configured api

Usage:
  timestamp-server serve [flags]
[...]
      --http-ping-only                  serve only /ping in the http server

codecov · 2023-09-11T17:28:22Z

Codecov Report

Merging #474 (42b38a4) into main (fa83a9b) will not change coverage.
Report is 1 commits behind head on main.
The diff coverage is 100.00%.

@@           Coverage Diff           @@
##             main     #474   +/-   ##
=======================================
  Coverage   53.38%   53.38%           
=======================================
  Files          20       20           
  Lines        1195     1195           
=======================================
  Hits          638      638           
  Misses        496      496           
  Partials       61       61

Files	Coverage Δ
pkg/ntpmonitor/config.go	`37.50% <ø> (ø)`
pkg/tests/server.go	`76.92% <100.00%> (ø)`

bobcallaway · 2023-09-15T14:25:12Z

shouldn't you return a 404 for any other path other than /ping? I'd argue that would be more expected behavior from an endpoint.

dmitris · 2023-09-18T14:01:30Z

shouldn't you return a 404 for any other path other than /ping? I'd argue that would be more expected behavior from an endpoint.

Probably both would work. My thinking: 404 would be good for URL where you for example had a typo. Here are resources actually "exist" - you haven't made a mistake specifying them - but with the given configuration, they are "off-limit" - not allowed to be accessed through the HTTP server. The ltext message further reinforces this point and explains the reason for the failure. I have changed the return code from 400 "Bad Request" to 403 "Unauthorized" now.

https://www.rfc-editor.org/rfc/rfc9110.html#section-15.5.4 says:

The 403 (Forbidden) status code indicates that the server understood the request but refuses to fulfill it. A server that wishes to make public why the request has been forbidden can describe that reason in the response content (if any).

The RFC9110 does say in the next paragraph:

An origin server that wishes to "hide" the current existence of a forbidden target resource MAY instead respond with a status code of 404 (Not Found).

but I think in the case of timestamp-server it would be preferably (for the system operators) not to hide the disallowed entrypoints but instead highlight in the response why they are not accessible.

bobcallaway · 2023-09-20T19:24:00Z

shouldn't you return a 404 for any other path other than /ping? I'd argue that would be more expected behavior from an endpoint.

Probably both would work. My thinking: 404 would be good for URL where you for example had a typo. Here are resources actually "exist" - you haven't made a mistake specifying them - but with the given configuration, they are "off-limit" - not allowed to be accessed through the HTTP server. The ltext message further reinforces this point and explains the reason for the failure. I have changed the return code from 400 "Bad Request" to 403 "Unauthorized" now.

https://www.rfc-editor.org/rfc/rfc9110.html#section-15.5.4 says:

The 403 (Forbidden) status code indicates that the server understood the request but refuses to fulfill it. A server that wishes to make public why the request has been forbidden can describe that reason in the response content (if any).

The RFC9110 does say in the next paragraph:

An origin server that wishes to "hide" the current existence of a forbidden target resource MAY instead respond with a status code of 404 (Not Found).

but I think in the case of timestamp-server it would be preferably (for the system operators) not to hide the disallowed entrypoints but instead highlight in the response why they are not accessible.

404 should be used for any path other than /ping. 403 conveys to me that the resource does exist, but the user agent has not presented sufficient credentials to be considered authorized to access the resource. That isn't the case here (we're not authenticating users of the health check).

dmitris · 2023-09-21T14:33:20Z

404 should be used for any path other than /ping.

OK, changed to return 404.

cmd/timestamp-server/app/serve.go

pkg/generated/restapi/configure_timestamp_server.go

bobcallaway

lgtm, minus two nits

pkg/generated/restapi/configure_timestamp_server.go

cmd/timestamp-server/app/serve.go

loosebazooka

minor stuff

pkg/internal/cmdparams/doc.go

pkg/internal/cmdparams/cmdparams.go

Add a small custom middlerware httpPingOnly to allow only /ping entrypoint for the http (non-https) server. Related to issue sigstore#420. Signed-off-by: Dmitry S <[email protected]>

New optional command-line flag --http-ping-only allows to enforce that the http server (which doesn't support mTLS) allows only to access the /ping entrypoint. This would limit the risk of the timestamp server being accessed without mTLS in case of the strict mTLS requirement while still allowing the mTLS-exempt /ping entrypoint to be called for example by the heartbeat checkers (load balancers etc.). Fixes sigstore#420. Signed-off-by: Dmitry Savintsev <[email protected]>

Signed-off-by: Dmitry Savintsev <[email protected]>

* remove parameter for httpPingOnly * remove debug message on httpPingOnly * use const 'pingPath' consistently Signed-off-by: Dmitry Savintsev <[email protected]>

Signed-off-by: Dmitry Savintsev <[email protected]>

…/main (#4) * Bump github.com/go-playground/validator/v10 from 10.15.2 to 10.15.3 (#457) Bumps [github.com/go-playground/validator/v10](https://github.com/go-playground/validator) from 10.15.2 to 10.15.3. - [Release notes](https://github.com/go-playground/validator/releases) - [Commits](https://github.com/go-playground/validator/compare/v10.15.2...v10.15.3) --- updated-dependencies: - dependency-name: github.com/go-playground/validator/v10 dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * Bump sigstore/cosign-installer from 3.1.1 to 3.1.2 (#463) Bumps [sigstore/cosign-installer](https://github.com/sigstore/cosign-installer) from 3.1.1 to 3.1.2. - [Release notes](https://github.com/sigstore/cosign-installer/releases) - [Commits](https://github.com/sigstore/cosign-installer/compare/6e04d228eb30da1757ee4e1dd75a0ec73a653e06...11086d25041f77fe8fe7b9ea4e48e3b9192b8f19) --- updated-dependencies: - dependency-name: sigstore/cosign-installer dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * Bump github.com/sigstore/sigstore from 1.7.2 to 1.7.3 (#458) Bumps [github.com/sigstore/sigstore](https://github.com/sigstore/sigstore) from 1.7.2 to 1.7.3. - [Release notes](https://github.com/sigstore/sigstore/releases) - [Commits](https://github.com/sigstore/sigstore/compare/v1.7.2...v1.7.3) --- updated-dependencies: - dependency-name: github.com/sigstore/sigstore dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * Bump github.com/sigstore/sigstore/pkg/signature/kms/azure (#459) Bumps [github.com/sigstore/sigstore/pkg/signature/kms/azure](https://github.com/sigstore/sigstore) from 1.7.2 to 1.7.3. - [Release notes](https://github.com/sigstore/sigstore/releases) - [Commits](https://github.com/sigstore/sigstore/compare/v1.7.2...v1.7.3) --- updated-dependencies: - dependency-name: github.com/sigstore/sigstore/pkg/signature/kms/azure dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * Bump github.com/sigstore/sigstore/pkg/signature/kms/hashivault (#460) Bumps [github.com/sigstore/sigstore/pkg/signature/kms/hashivault](https://github.com/sigstore/sigstore) from 1.7.2 to 1.7.3. - [Release notes](https://github.com/sigstore/sigstore/releases) - [Commits](https://github.com/sigstore/sigstore/compare/v1.7.2...v1.7.3) --- updated-dependencies: - dependency-name: github.com/sigstore/sigstore/pkg/signature/kms/hashivault dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * Bump github.com/sigstore/sigstore/pkg/signature/kms/aws (#461) Bumps [github.com/sigstore/sigstore/pkg/signature/kms/aws](https://github.com/sigstore/sigstore) from 1.7.2 to 1.7.3. - [Release notes](https://github.com/sigstore/sigstore/releases) - [Commits](https://github.com/sigstore/sigstore/compare/v1.7.2...v1.7.3) --- updated-dependencies: - dependency-name: github.com/sigstore/sigstore/pkg/signature/kms/aws dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * Bump github.com/sigstore/sigstore/pkg/signature/kms/gcp (#462) Bumps [github.com/sigstore/sigstore/pkg/signature/kms/gcp](https://github.com/sigstore/sigstore) from 1.7.2 to 1.7.3. - [Release notes](https://github.com/sigstore/sigstore/releases) - [Commits](https://github.com/sigstore/sigstore/compare/v1.7.2...v1.7.3) --- updated-dependencies: - dependency-name: github.com/sigstore/sigstore/pkg/signature/kms/gcp dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * Bump actions/checkout from 3.6.0 to 4.0.0 (#464) Bumps [actions/checkout](https://github.com/actions/checkout) from 3.6.0 to 4.0.0. - [Release notes](https://github.com/actions/checkout/releases) - [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md) - [Commits](https://github.com/actions/checkout/compare/f43a0e5ff2bd294095638e18286ca9a3d1956744...3df4ab11eba7bda6032a0b82a6bb43b11571feac) --- updated-dependencies: - dependency-name: actions/checkout dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * Bump goreleaser/goreleaser-action from 4.4.0 to 4.6.0 (#468) Bumps [goreleaser/goreleaser-action](https://github.com/goreleaser/goreleaser-action) from 4.4.0 to 4.6.0. - [Release notes](https://github.com/goreleaser/goreleaser-action/releases) - [Commits](https://github.com/goreleaser/goreleaser-action/compare/3fa32b8bb5620a2c1afe798654bbad59f9da4906...5fdedb94abba051217030cc86d4523cf3f02243d) --- updated-dependencies: - dependency-name: goreleaser/goreleaser-action dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * Bump github.com/rs/cors from 1.9.0 to 1.10.0 (#467) Bumps [github.com/rs/cors](https://github.com/rs/cors) from 1.9.0 to 1.10.0. - [Release notes](https://github.com/rs/cors/releases) - [Commits](https://github.com/rs/cors/compare/v1.9.0...v1.10.0) --- updated-dependencies: - dependency-name: github.com/rs/cors dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * Bump golang.org/x/net from 0.14.0 to 0.15.0 (#466) Bumps [golang.org/x/net](https://github.com/golang/net) from 0.14.0 to 0.15.0. - [Commits](https://github.com/golang/net/compare/v0.14.0...v0.15.0) --- updated-dependencies: - dependency-name: golang.org/x/net dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * Fix bug where TSA signing fails if cert hash != content hash. (#465) This was fixed upstream in https://github.com/digitorus/timestamp/pull/19. We should cut a patch release - the buggy behavior was introduced in v1.1.2. NOTE: This potentially breaks some users if they are relying on the new cert hash behavior introduced in v1.1.2 to support other hash types, but this fixes those who were broken by the v1.1.2 update. Support for other hash types can be added in another PR by moving to using [timestamp.CreateResponseWithOpts](https://pkg.go.dev/github.com/digitorus/timestamp#Timestamp.CreateResponseWithOpts) and passing in the appropriate hash (but I'm considering that out of scope for this PR). Signed-off-by: Billy Lynch <[email protected]> * Bump actions/upload-artifact from 3.1.2 to 3.1.3 (#470) Bumps [actions/upload-artifact](https://github.com/actions/upload-artifact) from 3.1.2 to 3.1.3. - [Release notes](https://github.com/actions/upload-artifact/releases) - [Commits](https://github.com/actions/upload-artifact/compare/0b7f8abb1508181956e8e162db84b466c27e18ce...a8a3f3ad30e3422c9c7b888a15615d19a852ae32) --- updated-dependencies: - dependency-name: actions/upload-artifact dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * Bump actions/dependency-review-action from 3.0.8 to 3.1.0 (#472) Bumps [actions/dependency-review-action](https://github.com/actions/dependency-review-action) from 3.0.8 to 3.1.0. - [Release notes](https://github.com/actions/dependency-review-action/releases) - [Commits](https://github.com/actions/dependency-review-action/compare/f6fff72a3217f580d5afd49a46826795305b63c7...6c5ccdad469c9f8a2996bfecaec55a631a347034) --- updated-dependencies: - dependency-name: actions/dependency-review-action dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * Bump actions/cache from 3.3.1 to 3.3.2 (#473) Bumps [actions/cache](https://github.com/actions/cache) from 3.3.1 to 3.3.2. - [Release notes](https://github.com/actions/cache/releases) - [Changelog](https://github.com/actions/cache/blob/main/RELEASES.md) - [Commits](https://github.com/actions/cache/compare/88522ab9f39a2ea568f7027eddc7d8d8bc9d59c8...704facf57e6136b1bc63b828d79edcd491f0ee84) --- updated-dependencies: - dependency-name: actions/cache dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * upgrade to Go1.21 (#471) * upgrade to Go1.21 Signed-off-by: cpanato <[email protected]> * fix lints Signed-off-by: cpanato <[email protected]> --------- Signed-off-by: cpanato <[email protected]> * Bump goreleaser/goreleaser-action from 4.6.0 to 5.0.0 (#475) Bumps [goreleaser/goreleaser-action](https://github.com/goreleaser/goreleaser-action) from 4.6.0 to 5.0.0. - [Release notes](https://github.com/goreleaser/goreleaser-action/releases) - [Commits](https://github.com/goreleaser/goreleaser-action/compare/5fdedb94abba051217030cc86d4523cf3f02243d...7ec5c2b0c6cdda6e8bbb49444bc797dd33d74dd8) --- updated-dependencies: - dependency-name: goreleaser/goreleaser-action dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * Bump go.step.sm/crypto from 0.35.0 to 0.35.1 (#478) Bumps [go.step.sm/crypto](https://github.com/smallstep/crypto) from 0.35.0 to 0.35.1. - [Release notes](https://github.com/smallstep/crypto/releases) - [Commits](https://github.com/smallstep/crypto/compare/v0.35.0...v0.35.1) --- updated-dependencies: - dependency-name: go.step.sm/crypto dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * Bump go.uber.org/zap from 1.25.0 to 1.26.0 (#477) Bumps [go.uber.org/zap](https://github.com/uber-go/zap) from 1.25.0 to 1.26.0. - [Release notes](https://github.com/uber-go/zap/releases) - [Changelog](https://github.com/uber-go/zap/blob/master/CHANGELOG.md) - [Commits](https://github.com/uber-go/zap/compare/v1.25.0...v1.26.0) --- updated-dependencies: - dependency-name: go.uber.org/zap dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * Bump github.com/go-playground/validator/v10 from 10.15.3 to 10.15.4 (#479) Bumps [github.com/go-playground/validator/v10](https://github.com/go-playground/validator) from 10.15.3 to 10.15.4. - [Release notes](https://github.com/go-playground/validator/releases) - [Commits](https://github.com/go-playground/validator/compare/v10.15.3...v10.15.4) --- updated-dependencies: - dependency-name: github.com/go-playground/validator/v10 dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * Bump golang from 1.20.7 to 1.21.1 (#469) Bumps golang from 1.20.7 to 1.21.1. --- updated-dependencies: - dependency-name: golang dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * expand README on Cloud KMS deployment (#476) Signed-off-by: Dmitry Savintsev <[email protected]> * Bump golang from `d2aad22` to `cffaba7` (#480) Bumps golang from `d2aad22` to `cffaba7`. --- updated-dependencies: - dependency-name: golang dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * Bump golang from `cffaba7` to `afccce4` (#481) Bumps golang from `cffaba7` to `afccce4`. --- updated-dependencies: - dependency-name: golang dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * Bump golang from `afccce4` to `c416cee` (#482) Bumps golang from `afccce4` to `c416cee`. --- updated-dependencies: - dependency-name: golang dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * Bump actions/checkout from 4.0.0 to 4.1.0 (#483) Bumps [actions/checkout](https://github.com/actions/checkout) from 4.0.0 to 4.1.0. - [Release notes](https://github.com/actions/checkout/releases) - [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md) - [Commits](https://github.com/actions/checkout/compare/3df4ab11eba7bda6032a0b82a6bb43b11571feac...8ade135a41bc03ea155e62e844d188df1ea18608) --- updated-dependencies: - dependency-name: actions/checkout dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * Bump golang from `c416cee` to `19600fd` (#484) Bumps golang from `c416cee` to `19600fd`. --- updated-dependencies: - dependency-name: golang dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * Bump github.com/prometheus/client_golang from 1.16.0 to 1.17.0 (#485) Bumps [github.com/prometheus/client_golang](https://github.com/prometheus/client_golang) from 1.16.0 to 1.17.0. - [Release notes](https://github.com/prometheus/client_golang/releases) - [Changelog](https://github.com/prometheus/client_golang/blob/v1.17.0/CHANGELOG.md) - [Commits](https://github.com/prometheus/client_golang/compare/v1.16.0...v1.17.0) --- updated-dependencies: - dependency-name: github.com/prometheus/client_golang dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * new http-ping-only flag for 'timestamp-server serve' (#474) * add httpPingOnly middleware Add a small custom middlerware httpPingOnly to allow only /ping entrypoint for the http (non-https) server. Related to issue #420. Signed-off-by: Dmitry S <[email protected]> * Add command-line flag --http-ping-only New optional command-line flag --http-ping-only allows to enforce that the http server (which doesn't support mTLS) allows only to access the /ping entrypoint. This would limit the risk of the timestamp server being accessed without mTLS in case of the strict mTLS requirement while still allowing the mTLS-exempt /ping entrypoint to be called for example by the heartbeat checkers (load balancers etc.). Fixes #420. Signed-off-by: Dmitry Savintsev <[email protected]> * use 404 for anything other than /ping Signed-off-by: Dmitry Savintsev <[email protected]> * minor changes based on PR feedback * remove parameter for httpPingOnly * remove debug message on httpPingOnly * use const 'pingPath' consistently Signed-off-by: Dmitry Savintsev <[email protected]> * 2023 as copyright year for new files Signed-off-by: Dmitry Savintsev <[email protected]> --------- Signed-off-by: Dmitry S <[email protected]> Signed-off-by: Dmitry Savintsev <[email protected]> * Bump github.com/go-playground/validator/v10 from 10.15.4 to 10.15.5 (#487) Bumps [github.com/go-playground/validator/v10](https://github.com/go-playground/validator) from 10.15.4 to 10.15.5. - [Release notes](https://github.com/go-playground/validator/releases) - [Commits](https://github.com/go-playground/validator/compare/v10.15.4...v10.15.5) --- updated-dependencies: - dependency-name: github.com/go-playground/validator/v10 dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * Bump github.com/rs/cors from 1.10.0 to 1.10.1 (#486) Bumps [github.com/rs/cors](https://github.com/rs/cors) from 1.10.0 to 1.10.1. - [Release notes](https://github.com/rs/cors/releases) - [Commits](https://github.com/rs/cors/compare/v1.10.0...v1.10.1) --- updated-dependencies: - dependency-name: github.com/rs/cors dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * Bump golang from 1.21.1 to 1.21.2 (#489) Bumps golang from 1.21.1 to 1.21.2. --- updated-dependencies: - dependency-name: golang dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * Bump golang.org/x/net from 0.15.0 to 0.16.0 (#490) Bumps [golang.org/x/net](https://github.com/golang/net) from 0.15.0 to 0.16.0. - [Commits](https://github.com/golang/net/compare/v0.15.0...v0.16.0) --- updated-dependencies: - dependency-name: golang.org/x/net dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * Bump ossf/scorecard-action from 2.2.0 to 2.3.0 (#493) Bumps [ossf/scorecard-action](https://github.com/ossf/scorecard-action) from 2.2.0 to 2.3.0. - [Release notes](https://github.com/ossf/scorecard-action/releases) - [Changelog](https://github.com/ossf/scorecard-action/blob/main/RELEASE.md) - [Commits](https://github.com/ossf/scorecard-action/compare/08b4669551908b1024bb425080c797723083c031...483ef80eb98fb506c348f7d62e28055e49fe2398) --- updated-dependencies: - dependency-name: ossf/scorecard-action dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * Bump sigs.k8s.io/release-utils from 0.7.4 to 0.7.5 (#492) Bumps [sigs.k8s.io/release-utils](https://github.com/kubernetes-sigs/release-utils) from 0.7.4 to 0.7.5. - [Release notes](https://github.com/kubernetes-sigs/release-utils/releases) - [Commits](https://github.com/kubernetes-sigs/release-utils/compare/v0.7.4...v0.7.5) --- updated-dependencies: - dependency-name: sigs.k8s.io/release-utils dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * Bump github.com/spf13/viper from 1.16.0 to 1.17.0 (#491) Bumps [github.com/spf13/viper](https://github.com/spf13/viper) from 1.16.0 to 1.17.0. - [Release notes](https://github.com/spf13/viper/releases) - [Commits](https://github.com/spf13/viper/compare/v1.16.0...v1.17.0) --- updated-dependencies: - dependency-name: github.com/spf13/viper dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * Bump go.step.sm/crypto from 0.35.1 to 0.36.0 (#494) Bumps [go.step.sm/crypto](https://github.com/smallstep/crypto) from 0.35.1 to 0.36.0. - [Release notes](https://github.com/smallstep/crypto/releases) - [Commits](https://github.com/smallstep/crypto/compare/v0.35.1...v0.36.0) --- updated-dependencies: - dependency-name: go.step.sm/crypto dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * Bump golang.org/x/net from 0.16.0 to 0.17.0 (#495) Bumps [golang.org/x/net](https://github.com/golang/net) from 0.16.0 to 0.17.0. - [Commits](https://github.com/golang/net/compare/v0.16.0...v0.17.0) --- updated-dependencies: - dependency-name: golang.org/x/net dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * Bump github.com/google/go-cmp from 0.5.9 to 0.6.0 (#496) Bumps [github.com/google/go-cmp](https://github.com/google/go-cmp) from 0.5.9 to 0.6.0. - [Release notes](https://github.com/google/go-cmp/releases) - [Commits](https://github.com/google/go-cmp/compare/v0.5.9...v0.6.0) --- updated-dependencies: - dependency-name: github.com/google/go-cmp dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * Bump golang from 1.21.2 to 1.21.3 (#497) Bumps golang from 1.21.2 to 1.21.3. --- updated-dependencies: - dependency-name: golang dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * Support other hash algs for pre-signed timestamp besides SHA256 (#488) There are three relevant hash algs used in this codebase: * The certificate hash alg, which specifies how the CA certificate hashed the to-be-signed certificate * The message hash alg, specified in the request, which says how the timestamp message was hashed * The timestamp hash alg, which specifies how the timestamp signer should hash the pre-signed timestamp structure The latter of these three was not configurable. We had a previous approach that used the certificate hash alg, but this does not have to match the timestamp hash alg. Signed-off-by: Hayden Blauzvern <[email protected]> * CHANGELOG for v1.2.0 (#498) Signed-off-by: Hayden Blauzvern <[email protected]> * Bump golang from `02d7116` to `b6142cd` (#499) Bumps golang from `02d7116` to `b6142cd`. --- updated-dependencies: - dependency-name: golang dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * Bump github.com/sigstore/sigstore/pkg/signature/kms/gcp (#501) Bumps [github.com/sigstore/sigstore/pkg/signature/kms/gcp](https://github.com/sigstore/sigstore) from 1.7.3 to 1.7.4. - [Release notes](https://github.com/sigstore/sigstore/releases) - [Commits](https://github.com/sigstore/sigstore/compare/v1.7.3...v1.7.4) --- updated-dependencies: - dependency-name: github.com/sigstore/sigstore/pkg/signature/kms/gcp dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * Bump github.com/sigstore/sigstore/pkg/signature/kms/azure (#500) Bumps [github.com/sigstore/sigstore/pkg/signature/kms/azure](https://github.com/sigstore/sigstore) from 1.7.3 to 1.7.4. - [Release notes](https://github.com/sigstore/sigstore/releases) - [Commits](https://github.com/sigstore/sigstore/compare/v1.7.3...v1.7.4) --- updated-dependencies: - dependency-name: github.com/sigstore/sigstore/pkg/signature/kms/azure dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * Bump github.com/sigstore/sigstore/pkg/signature/kms/hashivault (#502) Bumps [github.com/sigstore/sigstore/pkg/signature/kms/hashivault](https://github.com/sigstore/sigstore) from 1.7.3 to 1.7.4. - [Release notes](https://github.com/sigstore/sigstore/releases) - [Commits](https://github.com/sigstore/sigstore/compare/v1.7.3...v1.7.4) --- updated-dependencies: - dependency-name: github.com/sigstore/sigstore/pkg/signature/kms/hashivault dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * Bump github.com/sigstore/sigstore from 1.7.3 to 1.7.4 (#503) Bumps [github.com/sigstore/sigstore](https://github.com/sigstore/sigstore) from 1.7.3 to 1.7.4. - [Release notes](https://github.com/sigstore/sigstore/releases) - [Commits](https://github.com/sigstore/sigstore/compare/v1.7.3...v1.7.4) --- updated-dependencies: - dependency-name: github.com/sigstore/sigstore dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * Bump cloud.google.com/go/security from 1.15.1 to 1.15.2 (#504) Bumps [cloud.google.com/go/security](https://github.com/googleapis/google-cloud-go) from 1.15.1 to 1.15.2. - [Release notes](https://github.com/googleapis/google-cloud-go/releases) - [Changelog](https://github.com/googleapis/google-cloud-go/blob/main/CHANGES.md) - [Commits](https://github.com/googleapis/google-cloud-go/compare/kms/v1.15.1...kms/v1.15.2) --- updated-dependencies: - dependency-name: cloud.google.com/go/security dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * Bump golang from `b6142cd` to `24a0937` (#505) Bumps golang from `b6142cd` to `24a0937`. --- updated-dependencies: - dependency-name: golang dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * Bump github.com/sigstore/sigstore/pkg/signature/kms/aws (#506) Bumps [github.com/sigstore/sigstore/pkg/signature/kms/aws](https://github.com/sigstore/sigstore) from 1.7.3 to 1.7.4. - [Release notes](https://github.com/sigstore/sigstore/releases) - [Commits](https://github.com/sigstore/sigstore/compare/v1.7.3...v1.7.4) --- updated-dependencies: - dependency-name: github.com/sigstore/sigstore/pkg/signature/kms/aws dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * Bump actions/checkout from 4.1.0 to 4.1.1 (#507) Bumps [actions/checkout](https://github.com/actions/checkout) from 4.1.0 to 4.1.1. - [Release notes](https://github.com/actions/checkout/releases) - [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md) - [Commits](https://github.com/actions/checkout/compare/8ade135a41bc03ea155e62e844d188df1ea18608...b4ffde65f46336ab88eb53be808477a3936bae11) --- updated-dependencies: - dependency-name: actions/checkout dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * Bump go.step.sm/crypto from 0.36.0 to 0.36.1 (#508) Bumps [go.step.sm/crypto](https://github.com/smallstep/crypto) from 0.36.0 to 0.36.1. - [Release notes](https://github.com/smallstep/crypto/releases) - [Commits](https://github.com/smallstep/crypto/compare/v0.36.0...v0.36.1) --- updated-dependencies: - dependency-name: go.step.sm/crypto dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * Bump ossf/scorecard-action from 2.3.0 to 2.3.1 (#509) Bumps [ossf/scorecard-action](https://github.com/ossf/scorecard-action) from 2.3.0 to 2.3.1. - [Release notes](https://github.com/ossf/scorecard-action/releases) - [Changelog](https://github.com/ossf/scorecard-action/blob/main/RELEASE.md) - [Commits](https://github.com/ossf/scorecard-action/compare/483ef80eb98fb506c348f7d62e28055e49fe2398...0864cf19026789058feabb7e87baa5f140aac736) --- updated-dependencies: - dependency-name: ossf/scorecard-action dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * Bump github.com/sigstore/sigstore/pkg/signature/kms/gcp (#512) Bumps [github.com/sigstore/sigstore/pkg/signature/kms/gcp](https://github.com/sigstore/sigstore) from 1.7.4 to 1.7.5. - [Release notes](https://github.com/sigstore/sigstore/releases) - [Commits](https://github.com/sigstore/sigstore/compare/v1.7.4...v1.7.5) --- updated-dependencies: - dependency-name: github.com/sigstore/sigstore/pkg/signature/kms/gcp dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * Bump github.com/sigstore/sigstore/pkg/signature/kms/aws (#513) Bumps [github.com/sigstore/sigstore/pkg/signature/kms/aws](https://github.com/sigstore/sigstore) from 1.7.4 to 1.7.5. - [Release notes](https://github.com/sigstore/sigstore/releases) - [Commits](https://github.com/sigstore/sigstore/compare/v1.7.4...v1.7.5) --- updated-dependencies: - dependency-name: github.com/sigstore/sigstore/pkg/signature/kms/aws dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * Bump cloud.google.com/go/security from 1.15.2 to 1.15.3 (#510) Bumps [cloud.google.com/go/security](https://github.com/googleapis/google-cloud-go) from 1.15.2 to 1.15.3. - [Release notes](https://github.com/googleapis/google-cloud-go/releases) - [Changelog](https://github.com/googleapis/google-cloud-go/blob/main/CHANGES.md) - [Commits](https://github.com/googleapis/google-cloud-go/compare/kms/v1.15.2...kms/v1.15.3) --- updated-dependencies: - dependency-name: cloud.google.com/go/security dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * Bump sigs.k8s.io/release-utils from 0.7.5 to 0.7.6 (#511) Bumps [sigs.k8s.io/release-utils](https://github.com/kubernetes-sigs/release-utils) from 0.7.5 to 0.7.6. - [Release notes](https://github.com/kubernetes-sigs/release-utils/releases) - [Commits](https://github.com/kubernetes-sigs/release-utils/compare/v0.7.5...v0.7.6) --- updated-dependencies: - dependency-name: sigs.k8s.io/release-utils dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * Bump github.com/sigstore/sigstore from 1.7.4 to 1.7.5 (#514) Bumps [github.com/sigstore/sigstore](https://github.com/sigstore/sigstore) from 1.7.4 to 1.7.5. - [Release notes](https://github.com/sigstore/sigstore/releases) - [Commits](https://github.com/sigstore/sigstore/compare/v1.7.4...v1.7.5) --- updated-dependencies: - dependency-name: github.com/sigstore/sigstore dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * Bump github.com/sigstore/sigstore/pkg/signature/kms/azure (#515) Bumps [github.com/sigstore/sigstore/pkg/signature/kms/azure](https://github.com/sigstore/sigstore) from 1.7.4 to 1.7.5. - [Release notes](https://github.com/sigstore/sigstore/releases) - [Commits](https://github.com/sigstore/sigstore/compare/v1.7.4...v1.7.5) --- updated-dependencies: - dependency-name: github.com/sigstore/sigstore/pkg/signature/kms/azure dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * Bump github.com/sigstore/sigstore/pkg/signature/kms/hashivault (#516) Bumps [github.com/sigstore/sigstore/pkg/signature/kms/hashivault](https://github.com/sigstore/sigstore) from 1.7.4 to 1.7.5. - [Release notes](https://github.com/sigstore/sigstore/releases) - [Commits](https://github.com/sigstore/sigstore/compare/v1.7.4...v1.7.5) --- updated-dependencies: - dependency-name: github.com/sigstore/sigstore/pkg/signature/kms/hashivault dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * Bump golang from `24a0937` to `5206873` (#518) Bumps golang from `24a0937` to `5206873`. --- updated-dependencies: - dependency-name: golang dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * Bump cloud.google.com/go/security from 1.15.3 to 1.15.4 (#519) Bumps [cloud.google.com/go/security](https://github.com/googleapis/google-cloud-go) from 1.15.3 to 1.15.4. - [Release notes](https://github.com/googleapis/google-cloud-go/releases) - [Changelog](https://github.com/googleapis/google-cloud-go/blob/main/CHANGES.md) - [Commits](https://github.com/googleapis/google-cloud-go/compare/kms/v1.15.3...kms/v1.15.4) --- updated-dependencies: - dependency-name: cloud.google.com/go/security dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * Bump golang from `5206873` to `b113af1` (#520) Bumps golang from `5206873` to `b113af1`. --- updated-dependencies: - dependency-name: golang dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * Bump github.com/spf13/cobra from 1.7.0 to 1.8.0 (#522) Bumps [github.com/spf13/cobra](https://github.com/spf13/cobra) from 1.7.0 to 1.8.0. - [Release notes](https://github.com/spf13/cobra/releases) - [Commits](https://github.com/spf13/cobra/compare/v1.7.0...v1.8.0) --- updated-dependencies: - dependency-name: github.com/spf13/cobra dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * Bump github.com/go-playground/validator/v10 from 10.15.5 to 10.16.0 (#521) Bumps [github.com/go-playground/validator/v10](https://github.com/go-playground/validator) from 10.15.5 to 10.16.0. - [Release notes](https://github.com/go-playground/validator/releases) - [Commits](https://github.com/go-playground/validator/compare/v10.15.5...v10.16.0) --- updated-dependencies: - dependency-name: github.com/go-playground/validator/v10 dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * Bump actions/dependency-review-action from 3.1.0 to 3.1.1 (#523) Bumps [actions/dependency-review-action](https://github.com/actions/dependency-review-action) from 3.1.0 to 3.1.1. - [Release notes](https://github.com/actions/dependency-review-action/releases) - [Commits](https://github.com/actions/dependency-review-action/compare/6c5ccdad469c9f8a2996bfecaec55a631a347034...9f45b2463b475767b61721ccfef113fef513e6aa) --- updated-dependencies: - dependency-name: actions/dependency-review-action dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * Bump sigstore/cosign-installer from 3.1.2 to 3.2.0 (#526) Bumps [sigstore/cosign-installer](https://github.com/sigstore/cosign-installer) from 3.1.2 to 3.2.0. - [Release notes](https://github.com/sigstore/cosign-installer/releases) - [Commits](https://github.com/sigstore/cosign-installer/compare/11086d25041f77fe8fe7b9ea4e48e3b9192b8f19...1fc5bd396d372bee37d608f955b336615edf79c8) --- updated-dependencies: - dependency-name: sigstore/cosign-installer dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * Bump actions/dependency-review-action from 3.1.1 to 3.1.2 (#525) * Bump golang from 1.21.3 to 1.21.4 (#524) * Bump golang.org/x/net from 0.17.0 to 0.18.0 (#527) Bumps [golang.org/x/net](https://github.com/golang/net) from 0.17.0 to 0.18.0. - [Commits](https://github.com/golang/net/compare/v0.17.0...v0.18.0) --- updated-dependencies: - dependency-name: golang.org/x/net dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * Bump actions/dependency-review-action from 3.1.2 to 3.1.3 (#528) Bumps [actions/dependency-review-action](https://github.com/actions/dependency-review-action) from 3.1.2 to 3.1.3. - [Release notes](https://github.com/actions/dependency-review-action/releases) - [Commits](https://github.com/actions/dependency-review-action/compare/fde92acd0840415674c16b39c7d703fc28bc511e...7bbfa034e752445ea40215fff1c3bf9597993d3f) --- updated-dependencies: - dependency-name: actions/dependency-review-action dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * Bump sigs.k8s.io/release-utils from 0.7.6 to 0.7.7 (#529) Bumps [sigs.k8s.io/release-utils](https://github.com/kubernetes-sigs/release-utils) from 0.7.6 to 0.7.7. - [Release notes](https://github.com/kubernetes-sigs/release-utils/releases) - [Commits](https://github.com/kubernetes-sigs/release-utils/compare/v0.7.6...v0.7.7) --- updated-dependencies: - dependency-name: sigs.k8s.io/release-utils dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * Bump golang from `81cd210` to `57bf74a` (#530) Bumps golang from `81cd210` to `57bf74a`. --- updated-dependencies: - dependency-name: golang dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * Bump go.step.sm/crypto from 0.36.1 to 0.37.0 (#531) Bumps [go.step.sm/crypto](https://github.com/smallstep/crypto) from 0.36.1 to 0.37.0. - [Release notes](https://github.com/smallstep/crypto/releases) - [Commits](https://github.com/smallstep/crypto/compare/v0.36.1...v0.37.0) --- updated-dependencies: - dependency-name: go.step.sm/crypto dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * Bump anchore/sbom-action from 0.14.3 to 0.15.0 (#532) Bumps [anchore/sbom-action](https://github.com/anchore/sbom-action) from 0.14.3 to 0.15.0. - [Release notes](https://github.com/anchore/sbom-action/releases) - [Commits](https://github.com/anchore/sbom-action/compare/78fc58e266e87a38d4194b2137a3d4e9bcaf7ca1...fd74a6fb98a204a1ad35bbfae0122c1a302ff88b) --- updated-dependencies: - dependency-name: anchore/sbom-action dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * Bump golang from `57bf74a` to `daa9d10` (#533) * Bump golang from `daa9d10` to `9baee0e` (#534) Bumps golang from `daa9d10` to `9baee0e`. --- updated-dependencies: - dependency-name: golang dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * Bump actions/dependency-review-action from 3.1.3 to 3.1.4 (#535) Bumps [actions/dependency-review-action](https://github.com/actions/dependency-review-action) from 3.1.3 to 3.1.4. - [Release notes](https://github.com/actions/dependency-review-action/releases) - [Commits](https://github.com/actions/dependency-review-action/compare/7bbfa034e752445ea40215fff1c3bf9597993d3f...01bc87099ba56df1e897b6874784491ea6309bc4) --- updated-dependencies: - dependency-name: actions/dependency-review-action dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * Bump golang.org/x/net from 0.18.0 to 0.19.0 (#536) Bumps [golang.org/x/net](https://github.com/golang/net) from 0.18.0 to 0.19.0. - [Commits](https://github.com/golang/net/compare/v0.18.0...v0.19.0) --- updated-dependencies: - dependency-name: golang.org/x/net dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * Bump github.com/go-jose/go-jose/v3 from 3.0.0 to 3.0.1 (#537) Bumps [github.com/go-jose/go-jose/v3](https://github.com/go-jose/go-jose) from 3.0.0 to 3.0.1. - [Release notes](https://github.com/go-jose/go-jose/releases) - [Changelog](https://github.com/go-jose/go-jose/blob/v3/CHANGELOG.md) - [Commits](https://github.com/go-jose/go-jose/compare/v3.0.0...v3.0.1) --- updated-dependencies: - dependency-name: github.com/go-jose/go-jose/v3 dependency-type: indirect ... Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * Bump go.step.sm/crypto from 0.37.0 to 0.38.0 (#538) Bumps [go.step.sm/crypto](https://github.com/smallstep/crypto) from 0.37.0 to 0.38.0. - [Release notes](https://github.com/smallstep/crypto/releases) - [Commits](https://github.com/smallstep/crypto/compare/v0.37.0...v0.38.0) --- updated-dependencies: - dependency-name: go.step.sm/crypto dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * Bump github.com/go-openapi/spec from 0.20.9 to 0.20.11 (#539) Bumps [github.com/go-openapi/spec](https://github.com/go-openapi/spec) from 0.20.9 to 0.20.11. - [Commits](https://github.com/go-openapi/spec/compare/v0.20.9...v0.20.11) --- updated-dependencies: - dependency-name: github.com/go-openapi/spec dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * Bump github.com/go-openapi/strfmt from 0.21.7 to 0.21.8 (#540) Bumps [github.com/go-openapi/strfmt](https://github.com/go-openapi/strfmt) from 0.21.7 to 0.21.8. - [Commits](https://github.com/go-openapi/strfmt/compare/v0.21.7...v0.21.8) --- updated-dependencies: - dependency-name: github.com/go-openapi/strfmt dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * Bump github.com/sigstore/sigstore/pkg/signature/kms/azure (#541) Bumps [github.com/sigstore/sigstore/pkg/signature/kms/azure](https://github.com/sigstore/sigstore) from 1.7.5 to 1.7.6. - [Release notes](https://github.com/sigstore/sigstore/releases) - [Commits](https://github.com/sigstore/sigstore/compare/v1.7.5...v1.7.6) --- updated-dependencies: - dependency-name: github.com/sigstore/sigstore/pkg/signature/kms/azure dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * Bump github.com/sigstore/sigstore/pkg/signature/kms/gcp (#543) Bumps [github.com/sigstore/sigstore/pkg/signature/kms/gcp](https://github.com/sigstore/sigstore) from 1.7.5 to 1.7.6. - [Release notes](https://github.com/sigstore/sigstore/releases) - [Commits](https://github.com/sigstore/sigstore/compare/v1.7.5...v1.7.6) --- updated-dependencies: - dependency-name: github.com/sigstore/sigstore/pkg/signature/kms/gcp dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * Bump anchore/sbom-action from 0.15.0 to 0.15.1 (#546) Bumps [anchore/sbom-action](https://github.com/anchore/sbom-action) from 0.15.0 to 0.15.1. - [Release notes](https://github.com/anchore/sbom-action/releases) - [Commits](https://github.com/anchore/sbom-action/compare/fd74a6fb98a204a1ad35bbfae0122c1a302ff88b...5ecf649a417b8ae17dc8383dc32d46c03f2312df) --- updated-dependencies: - dependency-name: anchore/sbom-action dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * Bump github.com/sigstore/sigstore/pkg/signature/kms/aws (#545) Bumps [github.com/sigstore/sigstore/pkg/signature/kms/aws](https://github.com/sigstore/sigstore) from 1.7.5 to 1.7.6. - [Release notes](https://github.com/sigstore/sigstore/releases) - [Commits](https://github.com/sigstore/sigstore/compare/v1.7.5...v1.7.6) --- updated-dependencies: - dependency-name: github.com/sigstore/sigstore/pkg/signature/kms/aws dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * Bump github.com/sigstore/sigstore from 1.7.5 to 1.7.6 (#542) Bumps [github.com/sigstore/sigstore](https://github.com/sigstore/sigstore) from 1.7.5 to 1.7.6. - [Release notes](https://github.com/sigstore/sigstore/releases) - [Commits](https://github.com/sigstore/sigstore/compare/v1.7.5...v1.7.6) --- updated-dependencies: - dependency-name: github.com/sigstore/sigstore dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * Bump github.com/sigstore/sigstore/pkg/signature/kms/hashivault (#544) Bumps [github.com/sigstore/sigstore/pkg/signature/kms/hashivault](https://github.com/sigstore/sigstore) from 1.7.5 to 1.7.6. - [Release notes](https://github.com/sigstore/sigstore/releases) - [Commits](https://github.com/sigstore/sigstore/compare/v1.7.5...v1.7.6) --- updated-dependencies: - dependency-name: github.com/sigstore/sigstore/pkg/signature/kms/hashivault dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * Bump golang from 1.21.4 to 1.21.5 (#547) Bumps golang from 1.21.4 to 1.21.5. --- updated-dependencies: - dependency-name: golang dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * chore: update release-next sync'd with upstream Signed-off-by: Lance Ball <[email protected]> * chore: update Dockerfile sha Signed-off-by: Lance Ball <[email protected]> --------- Signed-off-by: dependabot[bot] <[email protected]> Signed-off-by: Billy Lynch <[email protected]> Signed-off-by: cpanato <[email protected]> Signed-off-by: Dmitry Savintsev <[email protected]> Signed-off-by: Dmitry S <[email protected]> Signed-off-by: Hayden Blauzvern <[email protected]> Signed-off-by: Lance Ball <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Billy Lynch <[email protected]> Co-authored-by: Carlos Tadeu Panato Junior <[email protected]> Co-authored-by: Dmitry Savintsev <[email protected]> Co-authored-by: Hayden B <[email protected]>

* add httpPingOnly middleware Add a small custom middlerware httpPingOnly to allow only /ping entrypoint for the http (non-https) server. Related to issue sigstore#420. Signed-off-by: Dmitry S <[email protected]> * Add command-line flag --http-ping-only New optional command-line flag --http-ping-only allows to enforce that the http server (which doesn't support mTLS) allows only to access the /ping entrypoint. This would limit the risk of the timestamp server being accessed without mTLS in case of the strict mTLS requirement while still allowing the mTLS-exempt /ping entrypoint to be called for example by the heartbeat checkers (load balancers etc.). Fixes sigstore#420. Signed-off-by: Dmitry Savintsev <[email protected]> * use 404 for anything other than /ping Signed-off-by: Dmitry Savintsev <[email protected]> * minor changes based on PR feedback * remove parameter for httpPingOnly * remove debug message on httpPingOnly * use const 'pingPath' consistently Signed-off-by: Dmitry Savintsev <[email protected]> * 2023 as copyright year for new files Signed-off-by: Dmitry Savintsev <[email protected]> --------- Signed-off-by: Dmitry S <[email protected]> Signed-off-by: Dmitry Savintsev <[email protected]>

dmitris requested a review from a team as a code owner September 11, 2023 17:26

dmitris changed the title ~~Healthcheck~~ new http-ping-only flag for 'timestamp-server serve' Sep 11, 2023

dmitris force-pushed the healthcheck branch 2 times, most recently from 740f769 to d2d6b46 Compare September 20, 2023 14:02

dmitris force-pushed the healthcheck branch from 25af529 to 95a838c Compare September 27, 2023 09:16

bobcallaway reviewed Sep 27, 2023

View reviewed changes

cmd/timestamp-server/app/serve.go Outdated Show resolved Hide resolved

pkg/generated/restapi/configure_timestamp_server.go Outdated Show resolved Hide resolved

dmitris force-pushed the healthcheck branch 2 times, most recently from 4ccf1b1 to 5e303a3 Compare September 27, 2023 20:50

bobcallaway reviewed Sep 27, 2023

View reviewed changes

pkg/generated/restapi/configure_timestamp_server.go Outdated Show resolved Hide resolved

cmd/timestamp-server/app/serve.go Outdated Show resolved Hide resolved

dmitris force-pushed the healthcheck branch 2 times, most recently from ddaa45a to b09fff4 Compare September 27, 2023 21:03

loosebazooka reviewed Sep 28, 2023

View reviewed changes

pkg/internal/cmdparams/doc.go Outdated Show resolved Hide resolved

pkg/internal/cmdparams/cmdparams.go Outdated Show resolved Hide resolved

dmitris added 4 commits September 28, 2023 21:35

add httpPingOnly middleware

16da59b

Add a small custom middlerware httpPingOnly to allow only /ping entrypoint for the http (non-https) server. Related to issue sigstore#420. Signed-off-by: Dmitry S <[email protected]>

use 404 for anything other than /ping

4d11c87

Signed-off-by: Dmitry Savintsev <[email protected]>

minor changes based on PR feedback

913a921

* remove parameter for httpPingOnly * remove debug message on httpPingOnly * use const 'pingPath' consistently Signed-off-by: Dmitry Savintsev <[email protected]>

dmitris force-pushed the healthcheck branch from b09fff4 to 19e6472 Compare September 28, 2023 19:37

2023 as copyright year for new files

42b38a4

Signed-off-by: Dmitry Savintsev <[email protected]>

dmitris force-pushed the healthcheck branch from 19e6472 to 42b38a4 Compare September 28, 2023 19:37

bobcallaway approved these changes Sep 29, 2023

View reviewed changes

cpanato approved these changes Sep 29, 2023

View reviewed changes

cpanato requested a review from loosebazooka September 29, 2023 19:06

bobcallaway merged commit 5db959c into sigstore:main Sep 29, 2023

dmitris deleted the healthcheck branch September 30, 2023 15:31

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

new http-ping-only flag for 'timestamp-server serve'#474

new http-ping-only flag for 'timestamp-server serve'#474
bobcallaway merged 5 commits intosigstore:mainfrom
dmitris:healthcheck

dmitris commented Sep 11, 2023 •

edited

Loading

Uh oh!

codecov bot commented Sep 11, 2023 •

edited

Loading

Uh oh!

bobcallaway commented Sep 15, 2023 •

edited

Loading

Uh oh!

dmitris commented Sep 18, 2023

Uh oh!

bobcallaway commented Sep 20, 2023

Uh oh!

dmitris commented Sep 21, 2023 •

edited

Loading

Uh oh!

Uh oh!

Uh oh!

bobcallaway left a comment

Uh oh!

Uh oh!

Uh oh!

loosebazooka left a comment

Uh oh!

Uh oh!

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

4 participants

Conversation

dmitris commented Sep 11, 2023 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

Summary

Release Note

Documentation

Uh oh!

codecov bot commented Sep 11, 2023 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

Codecov Report

Uh oh!

bobcallaway commented Sep 15, 2023 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

Uh oh!

dmitris commented Sep 18, 2023

Uh oh!

bobcallaway commented Sep 20, 2023

Uh oh!

dmitris commented Sep 21, 2023 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

Uh oh!

Uh oh!

Uh oh!

bobcallaway left a comment

Choose a reason for hiding this comment

Uh oh!

Uh oh!

Uh oh!

loosebazooka left a comment

Choose a reason for hiding this comment

Uh oh!

Uh oh!

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

4 participants

dmitris commented Sep 11, 2023 •

edited

Loading

codecov bot commented Sep 11, 2023 •

edited

Loading

bobcallaway commented Sep 15, 2023 •

edited

Loading

dmitris commented Sep 21, 2023 •

edited

Loading