ocm hash cv command does not properly respect the recursive option #1419
Description
Context
ocm hash cv has the following flags
ocm hash componentversions — Hash Component Version
Synopsis:
ocm hash componentversions [<options>] {<component-reference>}
Aliases:
componentversions, componentversion, cv, components, component, comps, comp, c
Options:
--actual use actual component descriptor
-c, --constraints constraints version constraint
-H, --hash string hash algorithm (default "SHA-256")
-h, --help help for componentversions
--latest restrict component versions to latest
--lookup stringArray repository name or spec for closure lookup fallback
-N, --normalization string normalization algorithm (default "jsonNormalisation/v3")
-O, --outfile string Output file for normalized component descriptor (default "-")
-o, --output string output mode (JSON, json, norm, wide, yaml)
-r, --recursive follow component reference nesting
--repo string repository name or spec
-s, --sort stringArray sort fields
-U, --update update digests in component version
-V, --verify verify digests found in component version
However recursive is not actually used:
ocm/api/ocm/tools/signing/handle.go
Line 547 in 2e54f9f
Version
v0.20.0
To Reproduce
Steps to reproduce the behavior:
Sign a component with references in any way.
Verify that component with loglevel debug and observe the validation of all resources
Actual behavior
A component version is always recursively verified
Expected behavior
A component version should respect the recursive option from the closure option attached to the command: https://github.com/open-component-model/ocm/blob/4a1aa4fa4668b2a0758a0d0a2d2c0e7c5d180d7e/cmds/ocm/commands/common/options/closureoption/option.go
Screenshots (optional)
If applicable, add screenshots to help explain your problem.
Environment
- windows
- linux
- mac
Additional Comments
This is a finding from #1413