review feedback

Signed-off-by: Tobias Trabelsi <[email protected]>

Author: Lerentis

cmd/cosign/cli/options/sign.go

@@ -21,27 +21,27 @@ import (
 
 // SignOptions is the top level wrapper for the sign command.
 type SignOptions struct {
-	Key                   string
-	Cert                  string
-	CertChain             string
-	Upload                bool
-	Output                string // deprecated: TODO remove when the output flag is fully deprecated
-	OutputSignature       string // TODO: this should be the root output file arg.
-	OutputPayload         string
-	OutputCertificate     string
-	PayloadPath           string
-	Recursive             bool
-	Attachment            string
-	SkipConfirmation      bool
-	TlogUpload            bool
-	TSAClientCACert       string
-	TSAClientCert         string
-	TSAClientKey          string
-	TSAServerName         string
-	TSAServerURL          string
-	IssueCertificate      bool
-	SignContainerIdentity string
-	HonorCreateTimestamp  bool
+	Key                     string
+	Cert                    string
+	CertChain               string
+	Upload                  bool
+	Output                  string // deprecated: TODO remove when the output flag is fully deprecated
+	OutputSignature         string // TODO: this should be the root output file arg.
+	OutputPayload           string
+	OutputCertificate       string
+	PayloadPath             string
+	Recursive               bool
+	Attachment              string
+	SkipConfirmation        bool
+	TlogUpload              bool
+	TSAClientCACert         string
+	TSAClientCert           string
+	TSAClientKey            string
+	TSAServerName           string
+	TSAServerURL            string
+	IssueCertificate        bool
+	SignContainerIdentity   string
+	RecordCreationTimestamp bool
 
 	Rekor       RekorOptions
 	Fulcio      FulcioOptions
@@ -132,5 +132,5 @@ func (o *SignOptions) AddFlags(cmd *cobra.Command) {
 	cmd.Flags().StringVar(&o.SignContainerIdentity, "sign-container-identity", "",
 		"manually set the .critical.docker-reference field for the signed identity, which is useful when image proxies are being used where the pull reference should match the signature")
 
-	cmd.Flags().BoolVar(&o.HonorCreateTimestamp, "honor-create-timestamp", false, "honor the create timestamp in the signature artefact to be pushed to the OCI registry")
+	cmd.Flags().BoolVar(&o.RecordCreationTimestamp, "record-creation-timestamp", false, "set the createdAt timestamp in the signature artifact to the time it was created; by default, cosign sets this to the zero value")
 }

cmd/cosign/cli/sign/sign.go

@@ -329,7 +329,7 @@ func signDigest(ctx context.Context, digest name.Digest, payload []byte, ko opti
 	}
 
 	// Attach the signature to the entity.
-	newSE, err := mutate.AttachSignatureToEntity(se, ociSig, mutate.WithDupeDetector(dd), mutate.WithHonorCreationTimestamp(signOpts.HonorCreateTimestamp))
+	newSE, err := mutate.AttachSignatureToEntity(se, ociSig, mutate.WithDupeDetector(dd), mutate.WithHonorCreationTimestamp(signOpts.RecordCreationTimestamp))
 	if err != nil {
 		return err
 	}

doc/cosign_sign.md

@@ -377,5 +377,5 @@ func (so *signOpts) dedupeAndReplace(sig oci.Signature, basefn func() (oci.Signa
 		}
 		return ReplaceSignatures(replace)
 	}
-	return AppendSignatures(base, so.hct, sig)
+	return AppendSignatures(base, so.rct, sig)
 }

pkg/oci/mutate/mutate.go

@@ -35,7 +35,7 @@ type SignOption func(*signOpts)
 type signOpts struct {
 	dd  DupeDetector
 	ro  ReplaceOp
-	hct bool
+	rct bool
 }
 
 func makeSignOpts(opts ...SignOption) *signOpts {
@@ -60,9 +60,9 @@ func WithReplaceOp(ro ReplaceOp) SignOption {
 	}
 }
 
-func WithHonorCreationTimestamp(hct bool) SignOption {
+func WithHonorCreationTimestamp(rct bool) SignOption {
 	return func(so *signOpts) {
-		so.hct = hct
+		so.rct = rct
 	}
 }
 

pkg/oci/mutate/options.go

@@ -25,7 +25,7 @@ import (
 
 // AppendSignatures produces a new oci.Signatures with the provided signatures
 // appended to the provided base signatures.
-func AppendSignatures(base oci.Signatures, honorTimestamp bool, sigs ...oci.Signature) (oci.Signatures, error) {
+func AppendSignatures(base oci.Signatures, recordCreationTimestamp bool, sigs ...oci.Signature) (oci.Signatures, error) {
 	adds := make([]mutate.Addendum, 0, len(sigs))
 	for _, sig := range sigs {
 		ann, err := sig.Annotations()
@@ -43,7 +43,7 @@ func AppendSignatures(base oci.Signatures, honorTimestamp bool, sigs ...oci.Sign
 		return nil, err
 	}
 
-	if honorTimestamp {
+	if recordCreationTimestamp {
 		t, err := now.Now()
 		if err != nil {
 			return nil, err

pkg/oci/mutate/signatures.go

@@ -49,7 +49,7 @@ func NewFile(payload []byte, opts ...Option) (oci.File, error) {
 	// Add annotations from options
 	img = mutate.Annotations(img, o.Annotations).(v1.Image)
 
-	if o.HonorCreateTimestamp {
+	if o.RecordCreationTimestamp {
 		t, err := now.Now()
 		if err != nil {
 			return nil, err

pkg/oci/static/file.go

@@ -32,7 +32,7 @@ func TestNewFile(t *testing.T) {
 		t.Fatalf("NewFile() = %v", err)
 	}
 
-	timestampedFile, err := NewFile([]byte(payload), WithLayerMediaType("foo"), WithAnnotations(map[string]string{"foo": "bar"}), WithHonorCreationTimestamp(true))
+	timestampedFile, err := NewFile([]byte(payload), WithLayerMediaType("foo"), WithAnnotations(map[string]string{"foo": "bar"}), WithRecordCreationTimestamp(true))
 
 	if err != nil {
 		t.Fatalf("NewFile() = %v", err)

pkg/oci/static/file_test.go

@@ -27,14 +27,14 @@ import (
 type Option func(*options)
 
 type options struct {
-	LayerMediaType       types.MediaType
-	ConfigMediaType      types.MediaType
-	Bundle               *bundle.RekorBundle
-	RFC3161Timestamp     *bundle.RFC3161Timestamp
-	Cert                 []byte
-	Chain                []byte
-	Annotations          map[string]string
-	HonorCreateTimestamp bool
+	LayerMediaType          types.MediaType
+	ConfigMediaType         types.MediaType
+	Bundle                  *bundle.RekorBundle
+	RFC3161Timestamp        *bundle.RFC3161Timestamp
+	Cert                    []byte
+	Chain                   []byte
+	Annotations             map[string]string
+	RecordCreationTimestamp bool
 }
 
 func makeOptions(opts ...Option) (*options, error) {
@@ -114,9 +114,9 @@ func WithCertChain(cert, chain []byte) Option {
 	}
 }
 
-// WithHonorCreationTimestamp sets the feature flag to honor the creation timestamp to time of running
-func WithHonorCreationTimestamp(hct bool) Option {
+// WithRecordCreationTimestamp sets the feature flag to honor the creation timestamp to time of running
+func WithRecordCreationTimestamp(rct bool) Option {
 	return func(o *options) {
-		o.HonorCreateTimestamp = hct
+		o.RecordCreationTimestamp = rct
 	}
 }