add more verbose options and logging
Signed-off-by: Meredith Lancaster <malancas@github.com>
This commit is contained in:
Meredith Lancaster
parent
155a7c9111
commit
4273980a42
6 changed files with 21 additions and 11 deletions
|
|
@ -7,6 +7,7 @@ import (
|
|||
"strings"
|
||||
|
||||
"github.com/cli/cli/v2/api"
|
||||
"github.com/cli/cli/v2/pkg/cmd/attestation/logging"
|
||||
)
|
||||
|
||||
const (
|
||||
|
|
@ -25,15 +26,17 @@ type Client interface {
|
|||
}
|
||||
|
||||
type LiveClient struct {
|
||||
host string
|
||||
api apiClient
|
||||
api apiClient
|
||||
host string
|
||||
logger *logging.Logger
|
||||
}
|
||||
|
||||
func NewLiveClient(hc *http.Client) *LiveClient {
|
||||
func NewLiveClient(hc *http.Client, l *logging.Logger) *LiveClient {
|
||||
liveAPIClient := api.NewClientFromHTTP(hc)
|
||||
return &LiveClient{
|
||||
host: "https://api.github.com",
|
||||
api: liveAPIClient,
|
||||
api: liveAPIClient,
|
||||
host: "https://api.github.com",
|
||||
logger: l,
|
||||
}
|
||||
}
|
||||
|
||||
|
|
@ -60,6 +63,8 @@ func (c *LiveClient) GetByOwnerAndDigest(owner, digest string, limit int) ([]*At
|
|||
}
|
||||
|
||||
func (c *LiveClient) getAttestations(url, name, digest string, limit int) ([]*Attestation, error) {
|
||||
c.logger.VerbosePrintf("Fetching attestations for artifact digest %s\n\n", digest)
|
||||
|
||||
perPage := limit
|
||||
if perPage <= 0 || perPage > maxLimitForFlag {
|
||||
return nil, fmt.Errorf("limit must be greater than 0 and less than or equal to %d", maxLimitForFlag)
|
||||
|
|
|
|||
|
|
@ -77,7 +77,7 @@ func NewDownloadCmd(f *cmdutil.Factory) *cobra.Command {
|
|||
opts.Logger.Println(opts.Logger.ColorScheme.Red(err.Error()))
|
||||
os.Exit(1)
|
||||
}
|
||||
opts.APIClient = api.NewLiveClient(hc)
|
||||
opts.APIClient = api.NewLiveClient(hc, opts.Logger)
|
||||
|
||||
opts.OCIClient = oci.NewLiveClient()
|
||||
|
||||
|
|
|
|||
|
|
@ -88,6 +88,9 @@ func NewInspectCmd(f *cmdutil.Factory) *cobra.Command {
|
|||
inspectCmd.MarkFlagRequired("bundle") //nolint:errcheck
|
||||
inspectCmd.Flags().StringVarP(&opts.DigestAlgorithm, "digest-alg", "d", "sha256", "The algorithm used to compute a digest of the artifact (sha256 or sha512)")
|
||||
inspectCmd.Flags().BoolVarP(&opts.JsonResult, "json-result", "j", false, "Output inspect result as JSON lines")
|
||||
inspectCmd.Flags().BoolVarP(&opts.Quiet, "quiet", "q", false, "If set to true, the CLI will not print any diagnostic logging.")
|
||||
inspectCmd.Flags().BoolVarP(&opts.Verbose, "verbose", "v", false, "If set to true, the CLI will print verbose diagnostic logging.")
|
||||
inspectCmd.MarkFlagsMutuallyExclusive("quiet", "verbose")
|
||||
|
||||
return inspectCmd
|
||||
}
|
||||
|
|
|
|||
|
|
@ -16,6 +16,7 @@ type Options struct {
|
|||
DigestAlgorithm string
|
||||
JsonResult bool
|
||||
Verbose bool
|
||||
Quiet bool
|
||||
Logger *logging.Logger
|
||||
OCIClient oci.Client
|
||||
}
|
||||
|
|
|
|||
|
|
@ -114,8 +114,9 @@ func (v *SigstoreVerifier) Verify(attestations []*api.Attestation) *SigstoreResu
|
|||
results[i] = apr
|
||||
}
|
||||
|
||||
totalAttestations := len(attestations)
|
||||
for i, apr := range results {
|
||||
v.Logger.VerbosePrintf("Verifying attestation #%d against the configured Sigstore trust roots\n", i+1)
|
||||
v.Logger.VerbosePrintf("Verifying attestation %d/%d against the configured Sigstore trust roots\n", i+1, totalAttestations)
|
||||
|
||||
// determine which verifier should attempt verification against the bundle
|
||||
verifier, issuer, err := v.chooseVerifier(apr.Attestation.Bundle)
|
||||
|
|
@ -125,7 +126,7 @@ func (v *SigstoreVerifier) Verify(attestations []*api.Attestation) *SigstoreResu
|
|||
}
|
||||
}
|
||||
|
||||
v.Logger.VerbosePrintf("Attempting verification against issuer \"%s\"...\n", issuer)
|
||||
v.Logger.VerbosePrintf("Attempting verification against issuer \"%s\"\n", issuer)
|
||||
// attempt to verify the attestation
|
||||
result, err := verifier.Verify(apr.Attestation.Bundle, v.policy)
|
||||
// if verification fails, create the error and exit verification early
|
||||
|
|
|
|||
|
|
@ -98,7 +98,7 @@ func NewVerifyCmd(f *cmdutil.Factory) *cobra.Command {
|
|||
opts.Logger.Println(opts.Logger.ColorScheme.Red(err.Error()))
|
||||
os.Exit(1)
|
||||
}
|
||||
opts.APIClient = api.NewLiveClient(hc)
|
||||
opts.APIClient = api.NewLiveClient(hc, opts.Logger)
|
||||
|
||||
opts.OCIClient = oci.NewLiveClient()
|
||||
|
||||
|
|
@ -183,7 +183,7 @@ func RunVerify(opts *Options) error {
|
|||
}
|
||||
|
||||
opts.Logger.VerbosePrint(opts.Logger.ColorScheme.Green(
|
||||
"Successfully verified all attestations against Sigstore!\n\n",
|
||||
"Successfully verified all attestations against Sigstore!\n",
|
||||
))
|
||||
|
||||
// Try verifying the attestation's predicate type against the expect SLSA predicate type
|
||||
|
|
@ -219,7 +219,7 @@ func RunVerify(opts *Options) error {
|
|||
}
|
||||
|
||||
func verifySLSAPredicateType(logger *logging.Logger, apr []*verification.AttestationProcessingResult) error {
|
||||
logger.VerbosePrint("Evaluating attestations have valid SLSA predicate type...\n")
|
||||
logger.VerbosePrint("Evaluating attestations have valid SLSA predicate type")
|
||||
|
||||
for _, result := range apr {
|
||||
if result.VerificationResult.Statement.PredicateType != SLSAPredicateType {
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue