Adds Support for Fulcio Client Credentials Flow, and Argument to Set Flow Explicitly

[nkreiger]

Summary

Implements this:

sigstore/sigstore#1619

---

It looks like the flag was also missing from the CLI ko.KeyOpts to set the fulcio flow explicitly. Should be 100% backwards compatible because the default was always an empty string.

Release Note

• Command Flag Addition - --fulcio-auth-flow to explicitly set the fulcio authentication flow
• API Addition, support for --fulcio-auth-flow=client_credentials as an authentication flow. Requires the Client ID and Client Secret.

Documentation

cosign sign --fulcio_url=<url> --fulcio-auth-flow=client_credentials --client-secret=<secret file> --client-id=sigstore

[codecov]

Codecov Report

Attention: Patch coverage is 19.35484% with 25 lines in your changes are missing coverage. Please review.

Project coverage is 40.41%. Comparing base (628df78) to head (ab8b0cd).
Report is 37 commits behind head on main.

❗ Current head ab8b0cd differs from pull request most recent head 2466c15. Consider uploading reports for the commit 2466c15 to get more accurate results

Files	Patch %	Lines
cmd/cosign/cli/options/fulcio.go	0.00%	3 Missing ⚠️
cmd/cosign/cli/signblob.go	0.00%	2 Missing and 1 partial ⚠️
...ernal/pkg/cosign/fulcio/fulcioroots/fulcioroots.go	0.00%	3 Missing ⚠️
cmd/cosign/cli/fulcio/fulcio.go	0.00%	2 Missing ⚠️
cmd/cosign/cli/public_key.go	0.00%	1 Missing and 1 partial ⚠️
cmd/cosign/cli/sign.go	0.00%	1 Missing and 1 partial ⚠️
cmd/cosign/cli/attest.go	0.00%	1 Missing ⚠️
cmd/cosign/cli/attest_blob.go	0.00%	1 Missing ⚠️
cmd/cosign/cli/env.go	0.00%	0 Missing and 1 partial ⚠️
cmd/cosign/cli/generate/generate.go	0.00%	1 Missing ⚠️
... and 6 more

Additional details and impacted files

@@            Coverage Diff             @@
##             main    #3571      +/-   ##
==========================================
+ Coverage   40.10%   40.41%   +0.31%     
==========================================
  Files         155      155              
  Lines       10044    10056      +12     
==========================================
+ Hits         4028     4064      +36     
+ Misses       5530     5503      -27     
- Partials      486      489       +3     

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

[haydentherapper]

Thanks! Were you able to test this out locally to confirm it's working as expected?

[haydentherapper]

Actually, can you rebase against main? There's a bunch of extra commits in this PR

[nkreiger]

Thanks! Were you able to test this out locally to confirm it's working as expected?

yes, I was!