From 4273980a42d175fdd68e0ae6ccf5731e2d93e866 Mon Sep 17 00:00:00 2001 From: Meredith Lancaster Date: Wed, 6 Mar 2024 07:57:23 -0700 Subject: [PATCH] add more verbose options and logging Signed-off-by: Meredith Lancaster --- pkg/cmd/attestation/api/client.go | 15 ++++++++++----- pkg/cmd/attestation/download/download.go | 2 +- pkg/cmd/attestation/inspect/inspect.go | 3 +++ pkg/cmd/attestation/inspect/options.go | 1 + pkg/cmd/attestation/verification/sigstore.go | 5 +++-- pkg/cmd/attestation/verify/verify.go | 6 +++--- 6 files changed, 21 insertions(+), 11 deletions(-) diff --git a/pkg/cmd/attestation/api/client.go b/pkg/cmd/attestation/api/client.go index ca292d3c8..1e7e43246 100644 --- a/pkg/cmd/attestation/api/client.go +++ b/pkg/cmd/attestation/api/client.go @@ -7,6 +7,7 @@ import ( "strings" "github.com/cli/cli/v2/api" + "github.com/cli/cli/v2/pkg/cmd/attestation/logging" ) const ( @@ -25,15 +26,17 @@ type Client interface { } type LiveClient struct { - host string - api apiClient + api apiClient + host string + logger *logging.Logger } -func NewLiveClient(hc *http.Client) *LiveClient { +func NewLiveClient(hc *http.Client, l *logging.Logger) *LiveClient { liveAPIClient := api.NewClientFromHTTP(hc) return &LiveClient{ - host: "https://api.github.com", - api: liveAPIClient, + api: liveAPIClient, + host: "https://api.github.com", + logger: l, } } @@ -60,6 +63,8 @@ func (c *LiveClient) GetByOwnerAndDigest(owner, digest string, limit int) ([]*At } func (c *LiveClient) getAttestations(url, name, digest string, limit int) ([]*Attestation, error) { + c.logger.VerbosePrintf("Fetching attestations for artifact digest %s\n\n", digest) + perPage := limit if perPage <= 0 || perPage > maxLimitForFlag { return nil, fmt.Errorf("limit must be greater than 0 and less than or equal to %d", maxLimitForFlag) diff --git a/pkg/cmd/attestation/download/download.go b/pkg/cmd/attestation/download/download.go index 817f55d44..95d61f53a 100644 --- a/pkg/cmd/attestation/download/download.go +++ b/pkg/cmd/attestation/download/download.go @@ -77,7 +77,7 @@ func NewDownloadCmd(f *cmdutil.Factory) *cobra.Command { opts.Logger.Println(opts.Logger.ColorScheme.Red(err.Error())) os.Exit(1) } - opts.APIClient = api.NewLiveClient(hc) + opts.APIClient = api.NewLiveClient(hc, opts.Logger) opts.OCIClient = oci.NewLiveClient() diff --git a/pkg/cmd/attestation/inspect/inspect.go b/pkg/cmd/attestation/inspect/inspect.go index 0f14f2128..ffb663b66 100644 --- a/pkg/cmd/attestation/inspect/inspect.go +++ b/pkg/cmd/attestation/inspect/inspect.go @@ -88,6 +88,9 @@ func NewInspectCmd(f *cmdutil.Factory) *cobra.Command { inspectCmd.MarkFlagRequired("bundle") //nolint:errcheck inspectCmd.Flags().StringVarP(&opts.DigestAlgorithm, "digest-alg", "d", "sha256", "The algorithm used to compute a digest of the artifact (sha256 or sha512)") inspectCmd.Flags().BoolVarP(&opts.JsonResult, "json-result", "j", false, "Output inspect result as JSON lines") + inspectCmd.Flags().BoolVarP(&opts.Quiet, "quiet", "q", false, "If set to true, the CLI will not print any diagnostic logging.") + inspectCmd.Flags().BoolVarP(&opts.Verbose, "verbose", "v", false, "If set to true, the CLI will print verbose diagnostic logging.") + inspectCmd.MarkFlagsMutuallyExclusive("quiet", "verbose") return inspectCmd } diff --git a/pkg/cmd/attestation/inspect/options.go b/pkg/cmd/attestation/inspect/options.go index 3c9952da5..eaedd73f1 100644 --- a/pkg/cmd/attestation/inspect/options.go +++ b/pkg/cmd/attestation/inspect/options.go @@ -16,6 +16,7 @@ type Options struct { DigestAlgorithm string JsonResult bool Verbose bool + Quiet bool Logger *logging.Logger OCIClient oci.Client } diff --git a/pkg/cmd/attestation/verification/sigstore.go b/pkg/cmd/attestation/verification/sigstore.go index 9ac93e353..938280133 100644 --- a/pkg/cmd/attestation/verification/sigstore.go +++ b/pkg/cmd/attestation/verification/sigstore.go @@ -114,8 +114,9 @@ func (v *SigstoreVerifier) Verify(attestations []*api.Attestation) *SigstoreResu results[i] = apr } + totalAttestations := len(attestations) for i, apr := range results { - v.Logger.VerbosePrintf("Verifying attestation #%d against the configured Sigstore trust roots\n", i+1) + v.Logger.VerbosePrintf("Verifying attestation %d/%d against the configured Sigstore trust roots\n", i+1, totalAttestations) // determine which verifier should attempt verification against the bundle verifier, issuer, err := v.chooseVerifier(apr.Attestation.Bundle) @@ -125,7 +126,7 @@ func (v *SigstoreVerifier) Verify(attestations []*api.Attestation) *SigstoreResu } } - v.Logger.VerbosePrintf("Attempting verification against issuer \"%s\"...\n", issuer) + v.Logger.VerbosePrintf("Attempting verification against issuer \"%s\"\n", issuer) // attempt to verify the attestation result, err := verifier.Verify(apr.Attestation.Bundle, v.policy) // if verification fails, create the error and exit verification early diff --git a/pkg/cmd/attestation/verify/verify.go b/pkg/cmd/attestation/verify/verify.go index 0d7184a01..d02087eaf 100644 --- a/pkg/cmd/attestation/verify/verify.go +++ b/pkg/cmd/attestation/verify/verify.go @@ -98,7 +98,7 @@ func NewVerifyCmd(f *cmdutil.Factory) *cobra.Command { opts.Logger.Println(opts.Logger.ColorScheme.Red(err.Error())) os.Exit(1) } - opts.APIClient = api.NewLiveClient(hc) + opts.APIClient = api.NewLiveClient(hc, opts.Logger) opts.OCIClient = oci.NewLiveClient() @@ -183,7 +183,7 @@ func RunVerify(opts *Options) error { } opts.Logger.VerbosePrint(opts.Logger.ColorScheme.Green( - "Successfully verified all attestations against Sigstore!\n\n", + "Successfully verified all attestations against Sigstore!\n", )) // Try verifying the attestation's predicate type against the expect SLSA predicate type @@ -219,7 +219,7 @@ func RunVerify(opts *Options) error { } func verifySLSAPredicateType(logger *logging.Logger, apr []*verification.AttestationProcessingResult) error { - logger.VerbosePrint("Evaluating attestations have valid SLSA predicate type...\n") + logger.VerbosePrint("Evaluating attestations have valid SLSA predicate type") for _, result := range apr { if result.VerificationResult.Statement.PredicateType != SLSAPredicateType {