Show the federated IdP in the CLI instead of the Sigstore DEX instance #184
Conversation
mayaCostantini
force-pushed
the
show-federated-idp
branch
from
a64e430
to
0750dcc
Compare
|
Oh, can you fix the lint issues, please (lines too long) |
| # Calling the private attribute IdentityToken._federated issuer is a workaround | ||
| # For earlier versions of sigstore-python (<3.0.0) that do not support the | ||
| # federated_issuer property. | ||
| print(f"identity-provider: {oidc_token._federated_issuer}", |
There was a problem hiding this comment.
Is federated issuer always set? If a non-Dex token is used, what is this value?
There was a problem hiding this comment.
@woodruffw please advise
There was a problem hiding this comment.
@mayaCostantini this is the original issue + solution that @woodruffw told us should work sigstore/sigstore-python#970 (comment). So the right solution is probably .expected_certificate_subject instead of . _federated_issuer
There was a problem hiding this comment.
With sigstore-python 3.0.0, federated_issuer should fall back to the "top-level" issuer if the Dex-specific federation claim isn't present. You can see that here:
(Before 3.0.0, federated_issuer was called expected_certificate_subject, which was a misleading name. But they're the same API.)
|
Can you fix the lint failure? LGTM otherwise, thanks! |
Resolves sigstore#157 Signed-off-by: Maya Costantini <[email protected]>
mayaCostantini
force-pushed
the
show-federated-idp
branch
from
0750dcc
to
8a5c763
Compare
|
Thanks for the reviews, the linting issues should be fixed now. |
|
Thank you! |
Resolves #157
Summary
Show the federated IdP instead of the Sigstore DEX instance, extracted from
sigstore.oidc.IdentityToken.As mentioned in the comment, this is more of a workaround for versions of
sigstore-pythonearlier than3.0.0, as thefederated_issuerproperty could be called directly in the latest version.Release Note
Replaced DEX instance with federated IdP in signing CLI field
identity-provider.Documentation
No documentation required.