diff --git a/pkg/cmd/attestation/artifact/oci/client.go b/pkg/cmd/attestation/artifact/oci/client.go index 87e0189a8..4e5acef3c 100644 --- a/pkg/cmd/attestation/artifact/oci/client.go +++ b/pkg/cmd/attestation/artifact/oci/client.go @@ -4,7 +4,6 @@ import ( "errors" "fmt" "io" - "net/http" "strings" "github.com/google/go-containerregistry/pkg/authn" @@ -69,33 +68,10 @@ func (c LiveClient) GetImageDigest(imgName string) (*v1.Hash, name.Reference, er return &desc.Digest, name, nil } -type noncompliantRegistryTransport struct{} - -// RoundTrip will check if a request and associated response fulfill the following: -// 1. The response returns a 406 status code -// 2. The request path contains /referrers/ -// If both conditions are met, the response's status code will be overwritten to 404 -// This is a temporary solution to handle non compliant registries that return -// an unexpected status code 406 when the go-containerregistry library used -// by this code attempts to make a request to the referrers API. -// The go-containerregistry library can handle 404 response but not a 406 response. -// See the related go-containerregistry issue: https://github.com/google/go-containerregistry/issues/1962 -func (a *noncompliantRegistryTransport) RoundTrip(req *http.Request) (*http.Response, error) { - resp, err := http.DefaultTransport.RoundTrip(req) - if err != nil { - return resp, err - } - if resp.StatusCode == http.StatusNotAcceptable && strings.Contains(req.URL.Path, "/referrers/") { - resp.StatusCode = http.StatusNotFound - } - - return resp, nil -} - func (c LiveClient) GetAttestations(ref name.Reference, digest string) ([]*api.Attestation, error) { attestations := make([]*api.Attestation, 0) - transportOpts := []remote.Option{remote.WithTransport(&noncompliantRegistryTransport{}), remote.WithAuthFromKeychain(authn.DefaultKeychain)} + transportOpts := []remote.Option{remote.WithAuthFromKeychain(authn.DefaultKeychain)} referrers, err := remote.Referrers(ref.Context().Digest(digest), transportOpts...) if err != nil { return attestations, fmt.Errorf("error getting referrers: %w", err) diff --git a/pkg/cmd/attestation/verification/attestation.go b/pkg/cmd/attestation/verification/attestation.go index fdfd667bd..db419ebac 100644 --- a/pkg/cmd/attestation/verification/attestation.go +++ b/pkg/cmd/attestation/verification/attestation.go @@ -29,43 +29,37 @@ type FetchRemoteAttestationsParams struct { // GetLocalAttestations returns a slice of attestations read from a local bundle file. func GetLocalAttestations(path string) ([]*api.Attestation, error) { + var attestations []*api.Attestation + var err error fileExt := filepath.Ext(path) - switch fileExt { - case ".json": - attestations, err := loadBundleFromJSONFile(path) - if err != nil { - var pathErr *os.PathError - if errors.As(err, &pathErr) { - return nil, fmt.Errorf("bundle could not be loaded from JSON file at %s", path) - } else if errors.Is(err, bundle.ErrValidation) { - return nil, err - } - return nil, fmt.Errorf("bundle content could not be parsed") - } - return attestations, nil - case ".jsonl": - attestations, err := loadBundlesFromJSONLinesFile(path) - if err != nil { - var pathErr *os.PathError - if errors.As(err, &pathErr) { - return nil, fmt.Errorf("bundles could not be loaded from JSON lines file at %s", path) - } else if errors.Is(err, bundle.ErrValidation) { - return nil, err - } - return nil, fmt.Errorf("bundle content could not be parsed") - } - return attestations, nil + if fileExt == ".json" { + attestations, err = loadBundleFromJSONFile(path) + } else if fileExt == ".jsonl" { + attestations, err = loadBundlesFromJSONLinesFile(path) + } else { + return nil, ErrUnrecognisedBundleExtension } - return nil, ErrUnrecognisedBundleExtension + + if err != nil { + var pathErr *os.PathError + if errors.As(err, &pathErr) { + return nil, fmt.Errorf("could not load content from file path %s: %w", path, err) + } else if errors.Is(err, bundle.ErrValidation) { + return nil, err + } + return nil, fmt.Errorf("bundle content could not be parsed: %w", err) + } + + return attestations, nil } func loadBundleFromJSONFile(path string) ([]*api.Attestation, error) { - localAttestation, err := bundle.LoadJSONFromPath(path) + b, err := bundle.LoadJSONFromPath(path) if err != nil { return nil, err } - return []*api.Attestation{{Bundle: localAttestation}}, nil + return []*api.Attestation{{Bundle: b}}, nil } func loadBundlesFromJSONLinesFile(path string) ([]*api.Attestation, error) { diff --git a/pkg/cmd/attestation/verification/attestation_test.go b/pkg/cmd/attestation/verification/attestation_test.go index 08f0ccfef..8acff0c37 100644 --- a/pkg/cmd/attestation/verification/attestation_test.go +++ b/pkg/cmd/attestation/verification/attestation_test.go @@ -92,7 +92,7 @@ func TestGetLocalAttestations(t *testing.T) { path := "../test/data/not-found-bundle.json" attestations, err := GetLocalAttestations(path) - require.ErrorContains(t, err, "bundle could not be loaded from JSON file") + require.ErrorContains(t, err, "could not load content from file path") require.Nil(t, attestations) }) @@ -100,7 +100,7 @@ func TestGetLocalAttestations(t *testing.T) { path := "../test/data/not-found-bundle.jsonl" attestations, err := GetLocalAttestations(path) - require.ErrorContains(t, err, "bundles could not be loaded from JSON lines file") + require.ErrorContains(t, err, "could not load content from file path") require.Nil(t, attestations) })