Add output flag for notation verify#1
Open
byronchien wants to merge 26 commits intoattestations-implfrom
Open
Conversation
Signed-off-by: Byron Chien <chienb@amazon.com>
Signed-off-by: Byron Chien <chienb@amazon.com>
Signed-off-by: Byron Chien <chienb@amazon.com>
Signed-off-by: Byron Chien <chienb@amazon.com>
Signed-off-by: Byron Chien <chienb@amazon.com>
cmd/notation/verify.go
Outdated
| } | ||
|
|
||
| func printMetadataIfPresent(outcome *notation.VerificationOutcome) { | ||
| func printResult(outputFormat string, reference string, outcome *notation.VerificationOutcome) error { |
There was a problem hiding this comment.
Suggested change
| func printResult(outputFormat string, reference string, outcome *notation.VerificationOutcome) error { | |
| func printResult(outputFormat, reference string, outcome *notation.VerificationOutcome) error { |
Owner
Author
There was a problem hiding this comment.
huh, didn't realize it wasn't necessary, is this a go thing?
specs/commandline/verify.md
Outdated
| "reference": "localhost:5000/net-monitor@sha256:b94d27b9934d3e08a52e52d7da7dabfac484efe37a5380ee9088f7ace2efcde9", | ||
| "userMetadata": { | ||
| "io.wabbit-networks.buildId": "123" | ||
| } |
cmd/notation/verify.go
Outdated
Comment on lines
88
to
90
| fmt.Printf("Resolved artifact tag `%s` to digest `%s` before verification.\n", ref.Reference, manifestDesc.Digest.String()) | ||
| fmt.Println("Warning: The resolved digest may not point to the same signed artifact, since tags are mutable.") | ||
| } |
There was a problem hiding this comment.
nit: this should go into std.err instead of std.out. its not part of your change but can we open an issue to track this?
cmd/notation/verify.go
Outdated
Comment on lines
193
to
195
| if outputFormat == ioutil.OutputJson { | ||
| output.UserMetadata = metadata | ||
| return ioutil.PrintObjectAsJson(output) | ||
| } |
There was a problem hiding this comment.
are we throwing away outputFormat object if output != json ?
Owner
Author
There was a problem hiding this comment.
yes, can make it cleaner and only setup the object if output format is json
cmd/notation/verify.go
Outdated
|
|
||
| func printMetadataIfPresent(outcome *notation.VerificationOutcome) { | ||
| func printResult(outputFormat, reference string, outcome *notation.VerificationOutcome) error { | ||
| output := verifyOutput{Reference: reference, Result: "Success", UserMetadata: map[string]string{}} |
There was a problem hiding this comment.
nit: usually its best practice to start with failure mode and add then override data, unless you have all the data you need to call success.
added 3 commits
February 2, 2023 09:34
Signed-off-by: Byron Chien <chienb@amazon.com>
Signed-off-by: Byron Chien <chienb@amazon.com>
Signed-off-by: Byron Chien <chienb@amazon.com>
byronchien
force-pushed
the
metadata-output
branch
from
305a491 to
cb6d2ed
Compare
added 3 commits
February 6, 2023 15:05
Signed-off-by: Byron Chien <chienb@amazon.com>
Signed-off-by: Byron Chien <chienb@amazon.com>
byronchien
force-pushed
the
attestations-impl
branch
2 times, most recently
from
5f040e0 to
1c3cddf
Compare
Signed-off-by: Byron Chien <chienb@amazon.com>
Signed-off-by: Byron Chien <chienb@amazon.com>
byronchien
force-pushed
the
metadata-output
branch
from
c049b11 to
aa74179
Compare
Signed-off-by: Byron Chien <chienb@amazon.com>
* Added error handling and unit tests. * WIP for notaryproject#516 * Resolves notaryproject#525 Signed-off-by: Junjie Gao <junjiegao@microsoft.com>
byronchien
force-pushed
the
attestations-impl
branch
from
a5d4634 to
8b8ea52
Compare
Signed-off-by: Byron Chien <chienb@amazon.com>
…y cmds (notaryproject#507) Adds support for signed user metadata in `notation sign` and `notation verify`. [Relevant spec](notaryproject#498) example sign usage: chienb@a07817b52895 notation % notation sign $IMAGE --user-metadata io.wabbit-networks.buildId=123 --user-metadata io.wabbit-networks.buildTime=123 Successfully signed localhost:5000/net-monitor@sha256:5a07385af4e6b6af81b0ebfd435aedccdfa3507f0609c658209e1aba57159b2b --------------- example verification: chienb@a07817b52895 notation % notation verify $IMAGE --user-metadata io.wabbit-networks.buildTime=123 Resolved artifact tag `v1` to digest `sha256:5a07385af4e6b6af81b0ebfd435aedccdfa3507f0609c658209e1aba57159b2b` before verification. Warning: The resolved digest may not point to the same signed artifact, since tags are mutable. Successfully verified signature for localhost:5000/net-monitor@sha256:5a07385af4e6b6af81b0ebfd435aedccdfa3507f0609c658209e1aba57159b2b The artifact was signed with the following user metadata. KEY VALUE io.wabbit-networks.buildTime 123 io.wabbit-networks.buildId 123 ----- Signed-off-by: Byron Chien <chienb@amazon.com>
Signed-off-by: Byron Chien <chienb@amazon.com>
Signed-off-by: Byron Chien <chienb@amazon.com>
byronchien
force-pushed
the
metadata-output
branch
from
e1f0559 to
b22ae06
Compare
Don't access value of default pointer if it is nil. This is actually a bug(unable to delete key if defualt key is not present) fix. Signed-off-by: Pritesh Bandi <pritesb@amazon.com>
Signed-off-by: Byron Chien <chienb@amazon.com>
Signed-off-by: Patrick Zheng <patrickzheng@microsoft.com>
- fail fast on unknown output format - print warnings to stderr for both output formats - omit empty metadata from json response Signed-off-by: Byron Chien <chienb@amazon.com>
Signed-off-by: Byron Chien <chienb@amazon.com>
- rename PrintObjectAsJson => PrintObjectAsJSON - move output format constants to flags.go - use switch for verify output behavior - add documentation output methods - call out failure behavior in spec Signed-off-by: Byron Chien <chienb@amazon.com>
byronchien
force-pushed
the
metadata-output
branch
from
ae0e5c5 to
79b3217
Compare
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
3 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Adds output flag for notation verify to format output as json. Also updates the notation verify spec for the new flag.
Signed-off-by: Byron Chien chienb@amazon.com