feat(cli): add -verify-static-json-mappings allow disabling verification

cerbos · Jan 25, 2024 · e480376 · e480376
1 parent ac784eb
commit e480376
Showing 1 changed file with 4 additions and 1 deletion.
diff --git a/cmd/reimage/main.go b/cmd/reimage/main.go
@@ -53,6 +53,7 @@ type app struct {
 	StaticMappings        string
 	StaticMappingsImg     string
 	static                *reimage.StaticRemapper
+	VerifyStaticMappings  bool
 	GrafeasParent         string
 	TrivyCommand          string
 	trivyCommand          []string
@@ -115,6 +116,8 @@ func setup() (*app, error) {
 
 	flag.StringVar(&a.GCPKMSKey, "gcp-kms-key", "", "KMS key, defaults to the first key listed in the binauthz attestation (e.g. projects/PROJECT/locations/LOCATION/keyRings/KEYRING/cryptoKeys/KEY/cryptoKeyVersions/V)")
 
+	flag.BoolVar(&a.VerifyStaticMappings, "verify-static-json-mappings", true, "when loading static mapping, verify that the targets are still valid")
+
 	flag.Parse()
 
 	if a.Version {
@@ -581,7 +584,7 @@ func main() {
 	app.log.Debug("reimage started")
 
 	var mappings map[string]reimage.QualifiedImage
-	rm, recorder, err := app.buildRemapper(!app.MappingsOnly)
+	rm, recorder, err := app.buildRemapper(app.VerifyStaticMappings)
 	if err != nil {
 		app.log.Error(err.Error())
 		os.Exit(1)