[SECURESIGN-3399] tuf init: add CLI options for configurable Rekor, Fulcio, CTLog, and TSA URIs instead of hardcoded values

.github/workflows/trust-root-test.yml

@@ -35,9 +35,13 @@ jobs:
       - run: |
           ./rhtas/tuf-repo-init.sh --export-keys file:///tmp/exported-keys \
             --fulcio-cert ./rhtas/test/fulcio-cert \
+            --fulcio-uri "https://fulcio.rhtas" \
             --tsa-cert ./rhtas/test/tsa-chain \
+            --tsa-uri "https://tsa.rhtas" \
             --ctlog-key ./rhtas/test/ctfe-pubkey \
+            --fulcio-uri "https://ctlog.rhtas" \
             --rekor-key ./rhtas/test/rekor-pubkey \
+            --fulcio-uri "https://rekor.rhtas" \
             /tmp/testrepo
       - run: curl -O -L "https://github.com/sigstore/cosign/releases/latest/download/cosign-linux-amd64" && mv cosign-linux-amd64 ${HOME}/.local/bin/cosign && sudo chmod +x ${HOME}/.local/bin/cosign
       - run: cosign -d initialize --mirror=file:///tmp/testrepo --root=/tmp/testrepo/root.json

rhtas/tuf-repo-init.sh

@@ -18,15 +18,27 @@ Options:
   --fulcio-cert
     Fulcio certificate chain file
 
+  --fulcio-uri
+    Fulcio base URI
+
   --tsa-cert
     TSA certificate chain file
 
+  --tsa-uri
+    TSA base URI
+
   --ctlog-key
     CTLog public key file
 
+  --ctlog-uri
+    CTLog base URI
+
   --rekor-key
     Rekor public key file
 
+  --rekor-uri
+    Rekor base URI
+
   --metadata-expiration
     Tuftool-compatible tetadata expiration time; defaults to 56 weeks
 EOF
@@ -38,6 +50,10 @@ export FULCIO_CERT=""
 export TSA_CERT=""
 export CTLOG_KEY=""
 export REKOR_KEY=""
+export FULCIO_URI=""
+export TSA_URI=""
+export CTLOG_URI=""
+export REKOR_URI=""
 export METADATA_EXPIRATION="in 52 weeks"
 
 while [[ $# -gt 0 ]]; do
@@ -57,21 +73,41 @@ while [[ $# -gt 0 ]]; do
       shift
       shift
       ;;
+    --fulcio-uri)
+      FULCIO_URI="$2"
+      shift
+      shift
+      ;;
     --tsa-cert)
       TSA_CERT="$2"
       shift
       shift
       ;;
+    --tsa-uri)
+      TSA_URI="$2"
+      shift
+      shift
+      ;;
     --ctlog-key)
       CTLOG_KEY="$2"
       shift
       shift
       ;;
+    --ctlog-uri)
+      CTLOG_URI="$2"
+      shift
+      shift
+      ;;
     --rekor-key)
       REKOR_KEY="$2"
       shift
       shift
       ;;
+    --rekor-uri)
+      REKOR_URI="$2"
+      shift
+      shift
+      ;;
     --metadata-expiration)
       METADATA_EXPIRATION="$2"
       shift
@@ -169,7 +205,7 @@ if [ -n "${FULCIO_CERT}" ]; then
     --key "${KEYDIR}/targets.pem" \
     --key "${KEYDIR}/timestamp.pem" \
     --set-fulcio-target "${FULCIO_CERT}" \
-    --fulcio-uri "https://fulcio.rhtas" \
+    --fulcio-uri "${FULCIO_URI}" \
     --targets-expires "${METADATA_EXPIRATION}" \
     --targets-version 1 \
     --snapshot-expires "${METADATA_EXPIRATION}" \
@@ -190,7 +226,7 @@ if [ -n "${TSA_CERT}" ]; then
     --key "${KEYDIR}/targets.pem" \
     --key "${KEYDIR}/timestamp.pem" \
     --set-tsa-target "${TSA_CERT}" \
-    --tsa-uri "https://tsa.rhtas" \
+    --tsa-uri "${TSA_URI}" \
     --targets-expires "${METADATA_EXPIRATION}" \
     --targets-version 1 \
     --snapshot-expires "${METADATA_EXPIRATION}" \
@@ -211,7 +247,7 @@ if [ -n "${CTLOG_KEY}" ]; then
     --key "${KEYDIR}/targets.pem" \
     --key "${KEYDIR}/timestamp.pem" \
     --set-ctlog-target "${CTLOG_KEY}" \
-    --ctlog-uri "https://ctlog.rhtas" \
+    --ctlog-uri "${CTLOG_URI}" \
     --targets-expires "${METADATA_EXPIRATION}" \
     --targets-version 1 \
     --snapshot-expires "${METADATA_EXPIRATION}" \
@@ -232,7 +268,7 @@ if [ -n "${REKOR_KEY}" ]; then
     --key "${KEYDIR}/targets.pem" \
     --key "${KEYDIR}/timestamp.pem" \
     --set-rekor-target "${REKOR_KEY}" \
-    --rekor-uri "https://rekor.rhtas" \
+    --rekor-uri "${REKOR_URI}" \
     --targets-expires "${METADATA_EXPIRATION}" \
     --targets-version 1 \
     --snapshot-expires "${METADATA_EXPIRATION}" \