Fixes Hashivault configuration with Chains

Initially when kms was misconfigured, then the chains controller pod was getting panic and ended up getting crashed Hence, this patch checks it the vault address is valid and if it is not valid, then returns the error which handles the pod from getting panic and crashed Signed-off-by: Puneet Punamiya [email protected]
tektoncd · Sep 22, 2023 · 07af149 · 07af149
1 parent 52b918e
commit 07af149
Showing 1 changed file with 13 additions and 1 deletion.
diff --git a/pkg/chains/signing/kms/kms.go b/pkg/chains/signing/kms/kms.go
@@ -17,8 +17,8 @@ package kms
 import (
 	"context"
 	"crypto"
-
 	"github.com/tektoncd/chains/pkg/config"
+	"net/http"
 
 	"github.com/sigstore/sigstore/pkg/signature"
 	"github.com/sigstore/sigstore/pkg/signature/kms"
@@ -41,6 +41,18 @@ type Signer struct {
 // NewSigner returns a configured Signer
 func NewSigner(ctx context.Context, cfg config.KMSSigner) (*Signer, error) {
 	kmsOpts := []signature.RPCOption{}
+
+	if cfg.Auth.Address != "" {
+		resp, err := http.Get(cfg.Auth.Address)
+		if err != nil {
+			return nil, err
+		}
+
+		if resp.StatusCode != 200 {
+			return nil, err
+		}
+	}
+
 	// pass through configuration options to RPCAuth used by KMS in sigstore
 	rpcAuth := options.RPCAuth{
 		Address: cfg.Auth.Address,