fmt and improve error messages

Signed-off-by: Jim Bugwadia <jim@nirmata.com>
2025-03-30 19:35:06 +00:00 · 2021-07-20 20:28:11 -07:00 · 2021-07-20 20:28:11 -07:00 · e4a311211b
commit e4a311211b
parent 30567be782
4 changed files with 20 additions and 12 deletions
--- a/pkg/cosign/cosign.go
+++ b/pkg/cosign/cosign.go
@ -5,6 +5,7 @@ import (
 	"crypto"
 	"encoding/json"
 	"fmt"
+	"github.com/gardener/controller-manager-library/pkg/logger"
 	"github.com/go-logr/logr"
 	"github.com/google/go-containerregistry/pkg/authn"
 	"github.com/google/go-containerregistry/pkg/authn/k8schain"
@ -13,6 +14,7 @@ import (
 	"github.com/sigstore/cosign/pkg/cosign"
 	"github.com/sigstore/sigstore/pkg/signature"
 	"k8s.io/client-go/kubernetes"
+	"strings"
 )

 // Initialize loads the image pull secrets and initializes the default auth method for container registry API calls
@ -54,6 +56,14 @@ func Verify(imageRef string, key []byte, log logr.Logger) (digest string, err er

 	verified, err := cosign.Verify(context.Background(), ref, cosignOpts, "https://rekor.sigstore.dev")
 	if err != nil {
+		msg := err.Error()
+		logger.Info("image verification failed", "error", msg)
+		if strings.Contains(msg, "NAME_UNKNOWN: repository name not known to registry") {
+			return "", fmt.Errorf("signature not found")
+		} else if strings.Contains(msg, "no matching signatures") {
+			return "", fmt.Errorf("invalid signature")
+		}
+
 		return "", errors.Wrap(err, "failed to verify image")
 	}

--- a/pkg/engine/context/evaluate.go
+++ b/pkg/engine/context/evaluate.go
@ -66,11 +66,10 @@ func (ctx *Context) isBuiltInVariable(variable string) bool {
 	return false
 }

-
 func (ctx *Context) HasChanged(jmespath string) (bool, error) {
 	objData, err := ctx.Query("request.object." + jmespath)
 	if err != nil {
-		return false, errors.Wrap(err,"failed to query request.object")
+		return false, errors.Wrap(err, "failed to query request.object")
 	}

 	if objData == nil {
@ -79,7 +78,7 @@ func (ctx *Context) HasChanged(jmespath string) (bool, error) {

 	oldObjData, err := ctx.Query("request.oldObject." + jmespath)
 	if err != nil {
-		return false, errors.Wrap(err,"failed to query request.object")
+		return false, errors.Wrap(err, "failed to query request.object")
 	}

 	if oldObjData == nil {
@ -92,4 +91,3 @@ func (ctx *Context) HasChanged(jmespath string) (bool, error) {

 	return true, nil
 }
-
--- a/pkg/engine/utils/utils.go
+++ b/pkg/engine/utils/utils.go
@ -116,7 +116,7 @@ func JsonPointerToJMESPath(jsonPointer string) string {
 	tokens := strings.Split(jsonPointer, "/")
 	i := 0
 	for _, t := range tokens {
-		if t == ""{
+		if t == "" {
 			continue
 		}

@ -134,4 +134,4 @@ func JsonPointerToJMESPath(jsonPointer string) string {
 	}

 	return sb.String()
-}
+}
--- a/pkg/engine/utils/utils_test.go
+++ b/pkg/engine/utils/utils_test.go
@ -29,9 +29,9 @@ func TestGetAnchorsFromMap_ThereAreNoAnchors(t *testing.T) {
 }

 func Test_JsonPointerToJMESPath(t *testing.T) {
-	assert.Equal(t, "a.b.c[1].d", JsonPointerToJMESPath("a/b/c/1//d"), )
-	assert.Equal(t, "a.b.c[1].d", JsonPointerToJMESPath("/a/b/c/1/d"), )
-	assert.Equal(t, "a.b.c[1].d", JsonPointerToJMESPath("/a/b/c/1/d/"), )
-	assert.Equal(t, "a[1].b.c[1].d", JsonPointerToJMESPath("a/1/b/c/1/d"), )
-	assert.Equal(t, "a[1].b.c[1].d[2]", JsonPointerToJMESPath("/a/1/b/c/1/d/2/"), )
-}
+	assert.Equal(t, "a.b.c[1].d", JsonPointerToJMESPath("a/b/c/1//d"))
+	assert.Equal(t, "a.b.c[1].d", JsonPointerToJMESPath("/a/b/c/1/d"))
+	assert.Equal(t, "a.b.c[1].d", JsonPointerToJMESPath("/a/b/c/1/d/"))
+	assert.Equal(t, "a[1].b.c[1].d", JsonPointerToJMESPath("a/1/b/c/1/d"))
+	assert.Equal(t, "a[1].b.c[1].d[2]", JsonPointerToJMESPath("/a/1/b/c/1/d/2/"))
+}