feat: add index config

README.md

@@ -121,6 +121,7 @@ Rekor Sidekick uses a single configuration file with three important sections:
 
 - `server` to point to the Rekor server you want to monitor,
 - `policies` to specify which entries you want to alert on, and,
+- `index` to specify a starting Rekor index (default `-1` will tail the Rekor log)
 - `outputs` to specify where you want to send your alerts
 
 The `etc` directory contains sample configurations.

agent/agent.go

@@ -22,7 +22,7 @@ type impl struct {
 func New(c Config) (Agent, error) {
 	log := newLogger(c)
 
-	rc, err := rekor.NewClient(c.Server)
+	rc, err := rekor.NewClient(c.Server, c.Index)
 	if err != nil {
 		return nil, err
 	}

agent/config.go

@@ -5,6 +5,7 @@ import "github.com/nsmith5/rekor-sidekick/policy"
 // Config is the data required to configure an agent
 type Config struct {
 	Server   string                            `yaml:"server"`
+	Index    int                               `yaml:"index" default:"-1"`
 	Policies []policy.Policy                   `yaml:"policies"`
 	Outputs  map[string]map[string]interface{} `yaml:"outputs"`
 	Logging  struct {

etc/config.yaml

@@ -1,5 +1,8 @@
 server: https://rekor.sigstore.dev
 
+# Omit or set to -1 to tail the Rekor log
+# index: 0
+
 logging:
   level: trace
 

rekor/client.go

@@ -19,23 +19,28 @@ type impl struct {
 
 // NewClient returns a Rekor client or fails if the baseURL
 // is misconfigured.
-func NewClient(baseURL string) (Client, error) {
+func NewClient(baseURL string, index int) (Client, error) {
 	rc := impl{
 		baseURL:      baseURL,
 		currentIndex: 0,
 		Client:       new(http.Client),
 	}
 
-	// Grab the latest signed tree state and use the tree size as a starting
-	// point to start iterating log entries. Its not the very tip of the log,
-	// but its close enough for us.
-	state, err := rc.GetTreeState()
-	if err != nil {
-		// If this bailed... we're going to guess its probably misconfiguration
-		// not a temporary outage. Lets just bail hard.
-		return nil, fmt.Errorf("failed to get initial tree state. Is rekor server configured correctly? Failured caused by %w", err)
+	// No starting index provided by the config
+	if index == -1 {
+		// Grab the latest signed tree state and use the tree size as a starting
+		// point to start iterating log entries. Its not the very tip of the log,
+		// but its close enough for us.
+		state, err := rc.GetTreeState()
+		if err != nil {
+			// If this bailed... we're going to guess its probably misconfiguration
+			// not a temporary outage. Lets just bail hard.
+			return nil, fmt.Errorf("failed to get initial tree state. Is rekor server configured correctly? Failured caused by %w", err)
+		}
+		rc.currentIndex = state.TreeSize
+	} else {
+		rc.currentIndex = uint(index)
 	}
-	rc.currentIndex = state.TreeSize
 
 	return &rc, nil
 }

rekor/client_test.go

@@ -39,7 +39,7 @@ func TestGetLogEntry(t *testing.T) {
 		`/api/v1/log/entries`: `testdata/rekor-api-log-entry.json`,
 	})
 
-	rc, err := NewClient(ts.URL)
+	rc, err := NewClient(ts.URL, -1)
 	if err != nil {
 		t.Fatal(err)
 	}
@@ -62,7 +62,7 @@ func TestGetTreeState(t *testing.T) {
 		`/api/v1/log`: `testdata/rekor-api-log.json`,
 	})
 
-	rc, err := NewClient(ts.URL)
+	rc, err := NewClient(ts.URL, -1)
 	if err != nil {
 		t.Fatal(err)
 	}