From 4ae0470dcdecfa098f2c875978b40b87a0438b75 Mon Sep 17 00:00:00 2001 From: Meredith Lancaster Date: Tue, 12 Mar 2024 18:05:02 -0600 Subject: [PATCH] unexport top level subcommand funcs Signed-off-by: Meredith Lancaster --- pkg/cmd/attestation/download/download.go | 4 +-- pkg/cmd/attestation/download/download_test.go | 16 ++++----- pkg/cmd/attestation/inspect/inspect.go | 6 ++-- pkg/cmd/attestation/inspect/inspect_test.go | 12 +++---- pkg/cmd/attestation/verify/verify.go | 6 ++-- pkg/cmd/attestation/verify/verify_test.go | 36 +++++++++---------- 6 files changed, 40 insertions(+), 40 deletions(-) diff --git a/pkg/cmd/attestation/download/download.go b/pkg/cmd/attestation/download/download.go index 142d6cd9f..a2cb38cc2 100644 --- a/pkg/cmd/attestation/download/download.go +++ b/pkg/cmd/attestation/download/download.go @@ -88,7 +88,7 @@ func NewDownloadCmd(f *cmdutil.Factory) *cobra.Command { if err := auth.IsHostSupported(); err != nil { return err } - if err := RunDownload(opts); err != nil { + if err := runDownload(opts); err != nil { return fmt.Errorf("Failed to download the artifact's bundle(s): %w", err) } return nil @@ -106,7 +106,7 @@ func NewDownloadCmd(f *cmdutil.Factory) *cobra.Command { return downloadCmd } -func RunDownload(opts *Options) error { +func runDownload(opts *Options) error { if opts.APIClient == nil { return fmt.Errorf("missing API client") } diff --git a/pkg/cmd/attestation/download/download_test.go b/pkg/cmd/attestation/download/download_test.go index f2c7fccee..4a988331a 100644 --- a/pkg/cmd/attestation/download/download_test.go +++ b/pkg/cmd/attestation/download/download_test.go @@ -30,7 +30,7 @@ func TestRunDownload(t *testing.T) { } t.Run("fetch and store attestations successfully with owner", func(t *testing.T) { - err := RunDownload(&baseOpts) + err := runDownload(&baseOpts) require.NoError(t, err) artifact, err := artifact.NewDigestedArtifact(baseOpts.OCIClient, baseOpts.ArtifactPath, baseOpts.DigestAlgorithm) @@ -50,7 +50,7 @@ func TestRunDownload(t *testing.T) { opts.Owner = "" opts.Repo = "sigstore/sigstore-js" - err := RunDownload(&opts) + err := runDownload(&opts) require.NoError(t, err) artifact, err := artifact.NewDigestedArtifact(opts.OCIClient, opts.ArtifactPath, opts.DigestAlgorithm) @@ -69,7 +69,7 @@ func TestRunDownload(t *testing.T) { opts := baseOpts opts.ArtifactPath = "oci://ghcr.io/github/test" - err := RunDownload(&opts) + err := runDownload(&opts) require.NoError(t, err) artifact, err := artifact.NewDigestedArtifact(opts.OCIClient, opts.ArtifactPath, opts.DigestAlgorithm) @@ -88,7 +88,7 @@ func TestRunDownload(t *testing.T) { opts := baseOpts opts.ArtifactPath = "../test/data/not-real.zip" - err := RunDownload(&opts) + err := runDownload(&opts) require.Error(t, err) }) @@ -100,7 +100,7 @@ func TestRunDownload(t *testing.T) { }, } - err := RunDownload(&opts) + err := runDownload(&opts) require.NoError(t, err) artifact, err := artifact.NewDigestedArtifact(opts.OCIClient, opts.ArtifactPath, opts.DigestAlgorithm) @@ -113,7 +113,7 @@ func TestRunDownload(t *testing.T) { opts.ArtifactPath = "oci://ghcr.io/github/test" opts.OCIClient = oci.ReferenceFailClient{} - err := RunDownload(&opts) + err := runDownload(&opts) require.Error(t, err) require.ErrorContains(t, err, "failed to digest artifact") }) @@ -122,13 +122,13 @@ func TestRunDownload(t *testing.T) { customOpts := baseOpts customOpts.ArtifactPath = "oci://ghcr.io/github/test" customOpts.OCIClient = nil - require.Error(t, RunDownload(&customOpts)) + require.Error(t, runDownload(&customOpts)) }) t.Run("with missing API client", func(t *testing.T) { customOpts := baseOpts customOpts.APIClient = nil - require.Error(t, RunDownload(&customOpts)) + require.Error(t, runDownload(&customOpts)) }) } diff --git a/pkg/cmd/attestation/inspect/inspect.go b/pkg/cmd/attestation/inspect/inspect.go index 2041309ba..24ce22fc9 100644 --- a/pkg/cmd/attestation/inspect/inspect.go +++ b/pkg/cmd/attestation/inspect/inspect.go @@ -66,7 +66,7 @@ func NewInspectCmd(f *cmdutil.Factory) *cobra.Command { return nil }, - // Use Run instead of RunE because if an error is returned by RunInspect + // Use Run instead of RunE because if an error is returned by runInspect // when RunE is used, the command usage will be printed // We only want to print the error, not usage RunE: func(cmd *cobra.Command, args []string) error { @@ -75,7 +75,7 @@ func NewInspectCmd(f *cmdutil.Factory) *cobra.Command { if err := auth.IsHostSupported(); err != nil { return err } - if err := RunInspect(opts); err != nil { + if err := runInspect(opts); err != nil { return fmt.Errorf("Failed to inspect the artifact and bundle: %w", err) } return nil @@ -93,7 +93,7 @@ func NewInspectCmd(f *cmdutil.Factory) *cobra.Command { return inspectCmd } -func RunInspect(opts *Options) error { +func runInspect(opts *Options) error { artifact, err := artifact.NewDigestedArtifact(opts.OCIClient, opts.ArtifactPath, opts.DigestAlgorithm) if err != nil { return fmt.Errorf("failed to digest artifact: %s", err) diff --git a/pkg/cmd/attestation/inspect/inspect_test.go b/pkg/cmd/attestation/inspect/inspect_test.go index d11f91005..c72a52231 100644 --- a/pkg/cmd/attestation/inspect/inspect_test.go +++ b/pkg/cmd/attestation/inspect/inspect_test.go @@ -30,26 +30,26 @@ func TestRunInspect(t *testing.T) { } t.Run("with valid artifact and bundle", func(t *testing.T) { - require.Nil(t, RunInspect(&opts)) + require.Nil(t, runInspect(&opts)) }) t.Run("with missing artifact path", func(t *testing.T) { customOpts := opts customOpts.ArtifactPath = "../test/data/non-existent-artifact.zip" - require.Error(t, RunInspect(&customOpts)) + require.Error(t, runInspect(&customOpts)) }) t.Run("with missing bundle path", func(t *testing.T) { customOpts := opts customOpts.BundlePath = "../test/data/non-existent-sigstoreBundle.json" - require.Error(t, RunInspect(&customOpts)) + require.Error(t, runInspect(&customOpts)) }) t.Run("with invalid signature", func(t *testing.T) { customOpts := opts customOpts.BundlePath = "../test/data/sigstoreBundle-invalid-signature.json" - err := RunInspect(&customOpts) + err := runInspect(&customOpts) require.Error(t, err) require.ErrorContains(t, err, "at least one attestation failed to verify") require.ErrorContains(t, err, "verifying with issuer \"sigstore.dev\"") @@ -58,13 +58,13 @@ func TestRunInspect(t *testing.T) { t.Run("with valid artifact and JSON lines file containing multiple bundles", func(t *testing.T) { customOpts := opts customOpts.BundlePath = "../test/data/sigstore-js-2.1.0_with_2_bundles.jsonl" - require.Nil(t, RunInspect(&customOpts)) + require.Nil(t, runInspect(&customOpts)) }) t.Run("with missing OCI client", func(t *testing.T) { customOpts := opts customOpts.ArtifactPath = "oci://ghcr.io/github/test" customOpts.OCIClient = nil - require.Error(t, RunInspect(&customOpts)) + require.Error(t, runInspect(&customOpts)) }) } diff --git a/pkg/cmd/attestation/verify/verify.go b/pkg/cmd/attestation/verify/verify.go index ec3529ee1..074b25fb1 100644 --- a/pkg/cmd/attestation/verify/verify.go +++ b/pkg/cmd/attestation/verify/verify.go @@ -88,7 +88,7 @@ func NewVerifyCmd(f *cmdutil.Factory) *cobra.Command { return nil }, - // Use Run instead of RunE because if an error is returned by RunVerify + // Use Run instead of RunE because if an error is returned by runVerify // when RunE is used, the command usage will be printed // We only want to print the error, not usage RunE: func(cmd *cobra.Command, args []string) error { @@ -103,7 +103,7 @@ func NewVerifyCmd(f *cmdutil.Factory) *cobra.Command { if err := auth.IsHostSupported(); err != nil { return err } - if err := RunVerify(opts); err != nil { + if err := runVerify(opts); err != nil { return fmt.Errorf("Failed to verify the artifact: %w", err) } return nil @@ -134,7 +134,7 @@ func NewVerifyCmd(f *cmdutil.Factory) *cobra.Command { return verifyCmd } -func RunVerify(opts *Options) error { +func runVerify(opts *Options) error { artifact, err := artifact.NewDigestedArtifact(opts.OCIClient, opts.ArtifactPath, opts.DigestAlgorithm) if err != nil { return fmt.Errorf("failed to digest artifact: %s", err) diff --git a/pkg/cmd/attestation/verify/verify_test.go b/pkg/cmd/attestation/verify/verify_test.go index 0baf7cd67..d7b9cdba3 100644 --- a/pkg/cmd/attestation/verify/verify_test.go +++ b/pkg/cmd/attestation/verify/verify_test.go @@ -36,7 +36,7 @@ func TestRunVerify(t *testing.T) { } t.Run("with valid artifact and bundle", func(t *testing.T) { - require.Nil(t, RunVerify(&publicGoodOpts)) + require.Nil(t, runVerify(&publicGoodOpts)) }) t.Run("with failing OCI artifact fetch", func(t *testing.T) { @@ -44,7 +44,7 @@ func TestRunVerify(t *testing.T) { opts.ArtifactPath = "oci://ghcr.io/github/test" opts.OCIClient = oci.ReferenceFailClient{} - err := RunVerify(&opts) + err := runVerify(&opts) require.Error(t, err) require.ErrorContains(t, err, "failed to digest artifact") }) @@ -52,20 +52,20 @@ func TestRunVerify(t *testing.T) { t.Run("with missing artifact path", func(t *testing.T) { opts := publicGoodOpts opts.ArtifactPath = "../test/data/non-existent-artifact.zip" - require.Error(t, RunVerify(&opts)) + require.Error(t, runVerify(&opts)) }) t.Run("with missing bundle path", func(t *testing.T) { opts := publicGoodOpts opts.BundlePath = "../test/data/non-existent-sigstoreBundle.json" - require.Error(t, RunVerify(&opts)) + require.Error(t, runVerify(&opts)) }) t.Run("with invalid signature", func(t *testing.T) { opts := publicGoodOpts opts.BundlePath = "../test/data/sigstoreBundle-invalid-signature.json" - err := RunVerify(&opts) + err := runVerify(&opts) require.Error(t, err) require.ErrorContains(t, err, "at least one attestation failed to verify") require.ErrorContains(t, err, "verifying with issuer \"sigstore.dev\"") @@ -76,7 +76,7 @@ func TestRunVerify(t *testing.T) { opts.BundlePath = "" opts.Owner = "sigstore" - require.Nil(t, RunVerify(&opts)) + require.Nil(t, runVerify(&opts)) }) t.Run("with repo", func(t *testing.T) { @@ -84,7 +84,7 @@ func TestRunVerify(t *testing.T) { opts.BundlePath = "" opts.Repo = "github/example" - require.Nil(t, RunVerify(&opts)) + require.Nil(t, runVerify(&opts)) }) t.Run("with invalid repo", func(t *testing.T) { @@ -93,7 +93,7 @@ func TestRunVerify(t *testing.T) { opts.Repo = "wrong/example" opts.APIClient = api.NewFailTestClient() - err := RunVerify(&opts) + err := runVerify(&opts) require.Error(t, err) require.ErrorContains(t, err, "failed to fetch attestations for subject") }) @@ -104,7 +104,7 @@ func TestRunVerify(t *testing.T) { opts.APIClient = api.NewFailTestClient() opts.Owner = "wrong-owner" - err := RunVerify(&opts) + err := runVerify(&opts) require.Error(t, err) require.ErrorContains(t, err, "failed to fetch attestations for subject") }) @@ -112,7 +112,7 @@ func TestRunVerify(t *testing.T) { t.Run("with invalid OIDC issuer", func(t *testing.T) { opts := publicGoodOpts opts.OIDCIssuer = "not-a-real-issuer" - require.Error(t, RunVerify(&opts)) + require.Error(t, runVerify(&opts)) }) t.Run("with SAN enforcement", func(t *testing.T) { @@ -126,52 +126,52 @@ func TestRunVerify(t *testing.T) { Owner: "sigstore", SAN: SigstoreSanValue, } - require.Nil(t, RunVerify(&opts)) + require.Nil(t, runVerify(&opts)) }) t.Run("with invalid SAN", func(t *testing.T) { opts := publicGoodOpts opts.SAN = "fake san" - require.Error(t, RunVerify(&opts)) + require.Error(t, runVerify(&opts)) }) t.Run("with SAN regex enforcement", func(t *testing.T) { opts := publicGoodOpts opts.SANRegex = SigstoreSanRegex - require.Nil(t, RunVerify(&opts)) + require.Nil(t, runVerify(&opts)) }) t.Run("with invalid SAN regex", func(t *testing.T) { opts := publicGoodOpts opts.SANRegex = "^https://github.com/sigstore/not-real/" - require.Error(t, RunVerify(&opts)) + require.Error(t, runVerify(&opts)) }) t.Run("with no matching OIDC issuer", func(t *testing.T) { opts := publicGoodOpts opts.OIDCIssuer = "some-other-issuer" - require.Error(t, RunVerify(&opts)) + require.Error(t, runVerify(&opts)) }) t.Run("with valid artifact and JSON lines file containing multiple Sigstore bundles", func(t *testing.T) { opts := publicGoodOpts opts.BundlePath = "../test/data/sigstore-js-2.1.0_with_2_bundles.jsonl" - require.Nil(t, RunVerify(&opts)) + require.Nil(t, runVerify(&opts)) }) t.Run("with missing OCI client", func(t *testing.T) { customOpts := publicGoodOpts customOpts.ArtifactPath = "oci://ghcr.io/github/test" customOpts.OCIClient = nil - require.Error(t, RunVerify(&customOpts)) + require.Error(t, runVerify(&customOpts)) }) t.Run("with missing API client", func(t *testing.T) { customOpts := publicGoodOpts customOpts.APIClient = nil customOpts.BundlePath = "" - require.Error(t, RunVerify(&customOpts)) + require.Error(t, runVerify(&customOpts)) }) }