From 850b89da5d72c1b18f261bbeb6cb54fb8f267dc3 Mon Sep 17 00:00:00 2001 From: Binbin Li Date: Wed, 28 Sep 2022 02:27:01 +0000 Subject: [PATCH 1/2] feat: support tagged reference Signed-off-by: Binbin Li --- cmd/notation/verify.go | 26 ++++++++++++++++---------- internal/ioutil/print.go | 31 ++++++++++++++++--------------- 2 files changed, 32 insertions(+), 25 deletions(-) diff --git a/cmd/notation/verify.go b/cmd/notation/verify.go index 3caf7c6f3..4dd5d1109 100644 --- a/cmd/notation/verify.go +++ b/cmd/notation/verify.go @@ -47,8 +47,19 @@ func verifyCommand(opts *verifyOpts) *cobra.Command { } func runVerify(command *cobra.Command, opts *verifyOpts) error { - // initialize. - verifier, err := getVerifier(opts) + // resolve the given reference and set the digest. + manifestDesc, err := getManifestDescriptorFromReference(command.Context(), &opts.SecureFlagOpts, opts.reference) + if err != nil { + return err + } + ref, err := orasregistry.ParseReference(opts.reference) + if err != nil { + return err + } + ref.Reference = manifestDesc.Digest.String() + + // initialize verifier. + verifier, err := getVerifier(opts, ref) if err != nil { return err } @@ -65,18 +76,13 @@ func runVerify(command *cobra.Command, opts *verifyOpts) error { ctx := verification.WithPluginConfig(command.Context(), configs) // core verify process. - outcomes, err := verifier.Verify(ctx, opts.reference) + outcomes, err := verifier.Verify(ctx, ref.String()) // write out. - return ioutil.PrintVerificationResults(os.Stdout, outcomes, err) + return ioutil.PrintVerificationResults(os.Stdout, outcomes, err, ref.Reference) } -func getVerifier(opts *verifyOpts) (*verification.Verifier, error) { - ref, err := orasregistry.ParseReference(opts.reference) - if err != nil { - return nil, err - } - +func getVerifier(opts *verifyOpts, ref orasregistry.Reference) (*verification.Verifier, error) { authClient, plainHTTP, err := getAuthClient(&opts.SecureFlagOpts, ref) if err != nil { return nil, err diff --git a/internal/ioutil/print.go b/internal/ioutil/print.go index 90993858a..7156f9ed3 100644 --- a/internal/ioutil/print.go +++ b/internal/ioutil/print.go @@ -54,28 +54,29 @@ func PrintCertificateMap(w io.Writer, v []config.CertificateReference) error { return tw.Flush() } -func PrintVerificationResults(w io.Writer, v []*verification.SignatureVerificationOutcome, resultErr error) error { +func PrintVerificationResults(w io.Writer, v []*verification.SignatureVerificationOutcome, resultErr error, digest string) error { tw := newTabWriter(w) - overallResult := "success" - if resultErr != nil { - overallResult = "failure" + if resultErr == nil { + fmt.Fprintf(tw, "%s\n", digest) + return nil } - fmt.Fprintf(tw, "OVERALL RESULT: %s\n", overallResult) - if resultErr != nil { - fmt.Fprintf(tw, "ERROR: %s\n", resultErr.Error()) - printOutcomes(tw, v) - } + fmt.Fprintf(tw, "ERROR: %s\n\n", resultErr.Error()) + printOutcomes(tw, v) return tw.Flush() } func printOutcomes(tw *tabwriter.Writer, outcomes []*verification.SignatureVerificationOutcome) { - if len(outcomes) > 0 { - fmt.Fprintln(tw, "DETAILED ERRORS:") - for _, outcome := range outcomes { - fmt.Println(outcome.Error) - } + if len(outcomes) == 1 { + fmt.Println("1 signature failed verification, error is listed as below:") + } else { + fmt.Printf("%d signatures failed verification, errors are listed as below:\n", len(outcomes)) } -} \ No newline at end of file + + for _, outcome := range outcomes { + // TODO: print out the signature digest once the outcome contains it. + fmt.Printf("%s\n\n", outcome.Error.Error()) + } +} From 0d2f8d772b58856b7fd70ce3543c1ce426eb0ce9 Mon Sep 17 00:00:00 2001 From: Binbin Li Date: Wed, 28 Sep 2022 05:33:16 +0000 Subject: [PATCH 2/2] refactor: refactor config plag Signed-off-by: Binbin Li --- cmd/notation/verify.go | 45 ++++++++++++++++++++----------------- cmd/notation/verify_test.go | 5 ++--- 2 files changed, 27 insertions(+), 23 deletions(-) diff --git a/cmd/notation/verify.go b/cmd/notation/verify.go index 4dd5d1109..3fea9e721 100644 --- a/cmd/notation/verify.go +++ b/cmd/notation/verify.go @@ -2,12 +2,11 @@ package main import ( "errors" - "fmt" "os" - "strings" "github.com/notaryproject/notation-go/registry" "github.com/notaryproject/notation-go/verification" + "github.com/notaryproject/notation/internal/cmd" "github.com/notaryproject/notation/internal/ioutil" orasregistry "oras.land/oras-go/v2/registry" @@ -18,7 +17,7 @@ import ( type verifyOpts struct { SecureFlagOpts reference string - config []string + config string } func verifyCommand(opts *verifyOpts) *cobra.Command { @@ -26,10 +25,10 @@ func verifyCommand(opts *verifyOpts) *cobra.Command { opts = &verifyOpts{} } command := &cobra.Command{ - Use: "verify ", + Use: "verify [flags] ", Short: "Verifies OCI Artifacts", Long: `Verifies OCI Artifacts: - notation verify [--config =] [--username ] [--password ] `, + notation verify [--config =,...] [--username ] [--password ] `, Args: func(cmd *cobra.Command, args []string) error { if len(args) == 0 { return errors.New("missing reference") @@ -42,21 +41,16 @@ func verifyCommand(opts *verifyOpts) *cobra.Command { }, } opts.ApplyFlags(command.Flags()) - command.Flags().StringSliceVar(&opts.config, "config", nil, "verification plugin config (accepts multiple inputs)") + command.Flags().StringVarP(&opts.config, "config", "c", "", "list of comma-separated {key}={value} pairs that are passed as is to the plugin") return command } func runVerify(command *cobra.Command, opts *verifyOpts) error { // resolve the given reference and set the digest. - manifestDesc, err := getManifestDescriptorFromReference(command.Context(), &opts.SecureFlagOpts, opts.reference) - if err != nil { - return err - } - ref, err := orasregistry.ParseReference(opts.reference) + ref, err := resolveReference(command, opts) if err != nil { return err } - ref.Reference = manifestDesc.Digest.String() // initialize verifier. verifier, err := getVerifier(opts, ref) @@ -65,17 +59,13 @@ func runVerify(command *cobra.Command, opts *verifyOpts) error { } // set up verification plugin config. - configs := make(map[string]string) - for _, c := range opts.config { - parts := strings.Split(c, "=") - if len(parts) != 2 { - return fmt.Errorf("invalid config option: %s", c) - } - configs[parts[0]] = parts[1] + configs, err := cmd.ParseFlagPluginConfig(opts.config) + if err != nil { + return err } - ctx := verification.WithPluginConfig(command.Context(), configs) // core verify process. + ctx := verification.WithPluginConfig(command.Context(), configs) outcomes, err := verifier.Verify(ctx, ref.String()) // write out. @@ -92,3 +82,18 @@ func getVerifier(opts *verifyOpts, ref orasregistry.Reference) (*verification.Ve return verification.NewVerifier(repo) } + +func resolveReference(command *cobra.Command, opts *verifyOpts) (orasregistry.Reference, error) { + ref, err := orasregistry.ParseReference(opts.reference) + if err != nil { + return orasregistry.Reference{}, err + } + + manifestDesc, err := getManifestDescriptorFromReference(command.Context(), &opts.SecureFlagOpts, opts.reference) + if err != nil { + return orasregistry.Reference{}, err + } + + ref.Reference = manifestDesc.Digest.String() + return ref, nil +} diff --git a/cmd/notation/verify_test.go b/cmd/notation/verify_test.go index 349f638eb..ff3de9c7a 100644 --- a/cmd/notation/verify_test.go +++ b/cmd/notation/verify_test.go @@ -37,13 +37,12 @@ func TestVerifyCommand_MoreArgs(t *testing.T) { SecureFlagOpts: SecureFlagOpts{ PlainHTTP: true, }, - config: []string{"key1=val1", "key2=val2"}, + config: "key1=val1,key2=val2", } if err := command.ParseFlags([]string{ expected.reference, "--plain-http", - "--config", expected.config[0], - "--config", expected.config[1]}); err != nil { + "--config", expected.config}); err != nil { t.Fatalf("Parse Flag failed: %v", err) } if err := command.Args(command, command.Flags().Args()); err != nil {