From 645d7501f0cad275157ec1e05890fb10e2ab81d7 Mon Sep 17 00:00:00 2001 From: Meredith Lancaster Date: Tue, 26 Nov 2024 13:35:19 -0700 Subject: [PATCH] order policy info so relevant info is printed next to each other Signed-off-by: Meredith Lancaster --- pkg/cmd/attestation/verification/policy.go | 34 +++++++++++++--------- 1 file changed, 20 insertions(+), 14 deletions(-) diff --git a/pkg/cmd/attestation/verification/policy.go b/pkg/cmd/attestation/verification/policy.go index 4e92d773c..966dd9e9f 100644 --- a/pkg/cmd/attestation/verification/policy.go +++ b/pkg/cmd/attestation/verification/policy.go @@ -52,29 +52,35 @@ func (c EnforcementCriteria) Valid() error { func (c EnforcementCriteria) BuildPolicyInformation() string { template := - ` + fmt.Sprintf(` The following policy criteria will be enforced against all attestations: -- Predicate type must match %s -- Signing certificate's OIDC issuer must match %s -- Source Repository Owner URI must match %s` - - info := fmt.Sprintf(template, c.PredicateType, c.Certificate.Issuer, c.Certificate.SourceRepositoryOwnerURI) - - if c.Certificate.SourceRepositoryURI != "" { - info += fmt.Sprintf("\n- Source Repository URI must match %s", c.Certificate.SourceRepositoryURI) - } +- Predicate type must match %s`, c.PredicateType) if c.Certificate.RunnerEnvironment == GitHubRunner { - info += "\n- Attestation must have been generated by an Action workflow executed in a GitHub hosted runner" + runnerInfo := "\n- Attestation must have been generated by an Action workflow executed in a GitHub hosted runner" + template += runnerInfo } + ownerUriInfo := fmt.Sprintf("\n- Source Repository Owner URI must match %s", c.Certificate.SourceRepositoryOwnerURI) + template += ownerUriInfo + + if c.Certificate.SourceRepositoryURI != "" { + repoUriInfo := fmt.Sprintf("\n- Source Repository URI must match %s", c.Certificate.SourceRepositoryURI) + template += repoUriInfo + } + + issuerInfo := fmt.Sprintf("\n- Signing certificate's OIDC issuer must match %s", c.Certificate.Issuer) + template += issuerInfo + if c.SAN != "" { - info += fmt.Sprintf("\n- Signing certificate Subject Alternative Name must match %s", c.SAN) + sanInfo := fmt.Sprintf("\n- Signing certificate Subject Alternative Name must match %s", c.SAN) + template += sanInfo } else if c.SANRegex != "" { - info += fmt.Sprintf("\n- Signing certificate must have a Subject Alternative Name matching the regex %s", c.SANRegex) + sanRegexInfo := fmt.Sprintf("\n- Signing certificate Subject Alternative Name must match the regex %s", c.SANRegex) + template += sanRegexInfo } - return info + return template } func (c EnforcementCriteria) BuildPolicyInformationForTable() [][]string {