STACKITGit/cli
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

order policy info so relevant info is printed next to each other

Browse source 
Signed-off-by: Meredith Lancaster <malancas@github.com>
This commit is contained in:
Meredith Lancaster 2024-11-26 13:35:19 -07:00
parent c7d3e6daeb
commit 645d7501f0
1 changed files with 20 additions and 14 deletions
Download patch file Download diff file Expand all files Collapse all files

34
pkg/cmd/attestation/verification/policy.go
View file

@ -52,29 +52,35 @@ func (c EnforcementCriteria) Valid() error {
func (c EnforcementCriteria) BuildPolicyInformation() string {
template :=
`
fmt.Sprintf(`
The following policy criteria will be enforced against all attestations:
- Predicate type must match %s
- Signing certificate's OIDC issuer must match %s
- Source Repository Owner URI must match %s`
info := fmt.Sprintf(template, c.PredicateType, c.Certificate.Issuer, c.Certificate.SourceRepositoryOwnerURI)
if c.Certificate.SourceRepositoryURI != "" {
info += fmt.Sprintf("\n- Source Repository URI must match %s", c.Certificate.SourceRepositoryURI)
}
- Predicate type must match %s`, c.PredicateType)
if c.Certificate.RunnerEnvironment == GitHubRunner {
info += "\n- Attestation must have been generated by an Action workflow executed in a GitHub hosted runner"
runnerInfo := "\n- Attestation must have been generated by an Action workflow executed in a GitHub hosted runner"
template += runnerInfo
}
ownerUriInfo := fmt.Sprintf("\n- Source Repository Owner URI must match %s", c.Certificate.SourceRepositoryOwnerURI)
template += ownerUriInfo
if c.Certificate.SourceRepositoryURI != "" {
repoUriInfo := fmt.Sprintf("\n- Source Repository URI must match %s", c.Certificate.SourceRepositoryURI)
template += repoUriInfo
}
issuerInfo := fmt.Sprintf("\n- Signing certificate's OIDC issuer must match %s", c.Certificate.Issuer)
template += issuerInfo
if c.SAN != "" {
info += fmt.Sprintf("\n- Signing certificate Subject Alternative Name must match %s", c.SAN)
sanInfo := fmt.Sprintf("\n- Signing certificate Subject Alternative Name must match %s", c.SAN)
template += sanInfo
} else if c.SANRegex != "" {
info += fmt.Sprintf("\n- Signing certificate must have a Subject Alternative Name matching the regex %s", c.SANRegex)
sanRegexInfo := fmt.Sprintf("\n- Signing certificate Subject Alternative Name must match the regex %s", c.SANRegex)
template += sanRegexInfo
}
return info
return template
}
func (c EnforcementCriteria) BuildPolicyInformationForTable() [][]string {