clean up unneeded struct

Signed-off-by: Meredith Lancaster <malancas@github.com>
2024-10-31 10:08:05 -06:00 · 2024-10-31 10:08:05 -06:00 · 01f63c5cc3
commit 01f63c5cc3
parent 1652051fc2
4 changed files with 23 additions and 38 deletions
--- a/pkg/cmd/attestation/inspect/inspect.go
+++ b/pkg/cmd/attestation/inspect/inspect.go
@ -141,9 +141,9 @@ func runInspect(opts *Options) error {
 		return fmt.Errorf("failed to build policy: %v", err)
 	}

-	res := opts.SigstoreVerifier.Verify(attestations, policy)
-	if res.Error != nil {
-		return fmt.Errorf("at least one attestation failed to verify against Sigstore: %v", res.Error)
+	res, err := opts.SigstoreVerifier.Verify(attestations, policy)
+	if err != nil {
+		return fmt.Errorf("at least one attestation failed to verify against Sigstore: %v", err)
 	}

 	opts.Logger.VerbosePrint(opts.Logger.ColorScheme.Green(
@ -152,7 +152,7 @@ func runInspect(opts *Options) error {

 	// If the user provides the --format=json flag, print the results in JSON format
 	if opts.exporter != nil {
-		details, err := getAttestationDetails(opts.Tenant, res.VerifyResults)
+		details, err := getAttestationDetails(opts.Tenant, res)
 		if err != nil {
 			return fmt.Errorf("failed to get attestation detail: %v", err)
 		}
@ -165,7 +165,7 @@ func runInspect(opts *Options) error {
 	}

 	// otherwise, print results in a table
-	details, err := getDetailsAsSlice(opts.Tenant, res.VerifyResults)
+	details, err := getDetailsAsSlice(opts.Tenant, res)
 	if err != nil {
 		return fmt.Errorf("failed to parse attestation details: %v", err)
 	}
--- a/pkg/cmd/attestation/verification/mock_verifier.go
+++ b/pkg/cmd/attestation/verification/mock_verifier.go
@ -16,7 +16,7 @@ type MockSigstoreVerifier struct {
 	t *testing.T
 }

-func (v *MockSigstoreVerifier) Verify(attestations []*api.Attestation, policy verify.PolicyBuilder) *SigstoreResults {
+func (v *MockSigstoreVerifier) Verify(attestations []*api.Attestation, policy verify.PolicyBuilder) ([]*AttestationProcessingResult, error) {
 	statement := &in_toto.Statement{}
 	statement.PredicateType = SLSAPredicateV1

@ -41,9 +41,7 @@ func (v *MockSigstoreVerifier) Verify(attestations []*api.Attestation, policy ve

 	results := []*AttestationProcessingResult{&result}

-	return &SigstoreResults{
-		VerifyResults: results,
-	}
+	return results, nil
 }

 func NewMockSigstoreVerifier(t *testing.T) *MockSigstoreVerifier {
@ -52,8 +50,6 @@ func NewMockSigstoreVerifier(t *testing.T) *MockSigstoreVerifier {

 type FailSigstoreVerifier struct{}

-func (v *FailSigstoreVerifier) Verify(attestations []*api.Attestation, policy verify.PolicyBuilder) *SigstoreResults {
-	return &SigstoreResults{
-		Error: fmt.Errorf("failed to verify attestations"),
-	}
+func (v *FailSigstoreVerifier) Verify(attestations []*api.Attestation, policy verify.PolicyBuilder) ([]*AttestationProcessingResult, error) {
+	return nil, fmt.Errorf("failed to verify attestations")
 }
--- a/pkg/cmd/attestation/verification/sigstore.go
+++ b/pkg/cmd/attestation/verification/sigstore.go
@ -28,11 +28,6 @@ type AttestationProcessingResult struct {
 	VerificationResult *verify.VerificationResult `json:"verificationResult"`
 }

-type SigstoreResults struct {
-	VerifyResults []*AttestationProcessingResult
-	Error         error
-}
-
 type SigstoreConfig struct {
 	TrustedRoot  string
 	Logger       *io.Handler
@ -42,7 +37,7 @@ type SigstoreConfig struct {
 }

 type SigstoreVerifier interface {
-	Verify(attestations []*api.Attestation, policy verify.PolicyBuilder) *SigstoreResults
+	Verify(attestations []*api.Attestation, policy verify.PolicyBuilder) ([]*AttestationProcessingResult, error)
 }

 type LiveSigstoreVerifier struct {
@ -172,7 +167,7 @@ func getLowestCertInChain(ca *root.CertificateAuthority) (*x509.Certificate, err
 	return nil, fmt.Errorf("certificate authority had no certificates")
 }

-func (v *LiveSigstoreVerifier) Verify(attestations []*api.Attestation, policy verify.PolicyBuilder) *SigstoreResults {
+func (v *LiveSigstoreVerifier) Verify(attestations []*api.Attestation, policy verify.PolicyBuilder) ([]*AttestationProcessingResult, error) {
 	// initialize the processing apResults before attempting to verify
 	// with multiple verifiers
 	apResults := make([]*AttestationProcessingResult, len(attestations))
@ -192,9 +187,7 @@ func (v *LiveSigstoreVerifier) Verify(attestations []*api.Attestation, policy ve
 		// determine which verifier should attempt verification against the bundle
 		verifier, issuer, err := v.chooseVerifier(apr.Attestation.Bundle)
 		if err != nil {
-			return &SigstoreResults{
-				Error: fmt.Errorf("failed to find recognized issuer from bundle content: %v", err),
-			}
+			return nil, fmt.Errorf("failed to find recognized issuer from bundle content: %v", err)
 		}

 		v.config.Logger.VerbosePrintf("Attempting verification against issuer \"%s\"\n", issuer)
@ -206,9 +199,7 @@ func (v *LiveSigstoreVerifier) Verify(attestations []*api.Attestation, policy ve
 				"Failed to verify against issuer \"%s\" \n\n", issuer,
 			))

-			return &SigstoreResults{
-				Error: fmt.Errorf("verifying with issuer \"%s\"", issuer),
-			}
+			return nil, fmt.Errorf("verifying with issuer \"%s\"", issuer)
 		}

 		// if verification is successful, add the result
@ -220,13 +211,11 @@ func (v *LiveSigstoreVerifier) Verify(attestations []*api.Attestation, policy ve
 		atLeastOneVerified = true
 	}

-	if atLeastOneVerified {
-		return &SigstoreResults{
-			VerifyResults: apResults,
-		}
-	} else {
-		return &SigstoreResults{Error: ErrNoAttestationsVerified}
+	if !atLeastOneVerified {
+		return nil, ErrNoAttestationsVerified
 	}
+
+	return apResults, nil
 }

 func newCustomVerifier(trustedRoot *root.TrustedRoot) (*verify.SignedEntityVerifier, error) {
--- a/pkg/cmd/attestation/verify/verify.go
+++ b/pkg/cmd/attestation/verify/verify.go
@ -264,14 +264,14 @@ func runVerify(opts *Options) error {

 	opts.Logger.VerbosePrintf("Verifying attestations with predicate type: %s\n", opts.PredicateType)

-	sigstoreRes := opts.SigstoreVerifier.Verify(attestations, policy)
-	if sigstoreRes.Error != nil {
+	sgResults, err := opts.SigstoreVerifier.Verify(attestations, policy)
+	if err != nil {
 		opts.Logger.Println(opts.Logger.ColorScheme.Red("✗ Verification failed"))
-		return sigstoreRes.Error
+		return err
 	}

 	// Verify extensions
-	if err := verification.VerifyCertExtensions(sigstoreRes.VerifyResults, opts.Tenant, opts.Owner, opts.Repo, opts.OIDCIssuer); err != nil {
+	if err := verification.VerifyCertExtensions(sgResults, opts.Tenant, opts.Owner, opts.Repo, opts.OIDCIssuer); err != nil {
 		opts.Logger.Println(opts.Logger.ColorScheme.Red("✗ Verification failed"))
 		return err
 	}
@ -281,7 +281,7 @@ func runVerify(opts *Options) error {
 	// If an exporter is provided with the --json flag, write the results to the terminal in JSON format
 	if opts.exporter != nil {
 		// print the results to the terminal as an array of JSON objects
-		if err = opts.exporter.Write(opts.Logger.IO, sigstoreRes.VerifyResults); err != nil {
+		if err = opts.exporter.Write(opts.Logger.IO, sgResults); err != nil {
 			opts.Logger.Println(opts.Logger.ColorScheme.Red("✗ Failed to write JSON output"))
 			return err
 		}
@ -291,7 +291,7 @@ func runVerify(opts *Options) error {
 	opts.Logger.Printf("%s was attested by:\n", artifact.DigestWithAlg())

 	// Otherwise print the results to the terminal in a table
-	tableContent, err := buildTableVerifyContent(opts.Tenant, sigstoreRes.VerifyResults)
+	tableContent, err := buildTableVerifyContent(opts.Tenant, sgResults)
 	if err != nil {
 		opts.Logger.Println(opts.Logger.ColorScheme.Red("failed to parse results"))
 		return err