From a170c91c6d23d871078813db3d2bb8aa69a612c7 Mon Sep 17 00:00:00 2001 From: Meredith Lancaster Date: Wed, 20 Nov 2024 09:04:42 -0700 Subject: [PATCH] experiment with table output Signed-off-by: Meredith Lancaster --- pkg/cmd/attestation/io/handler.go | 4 ++++ pkg/cmd/attestation/verification/policy.go | 27 ++++++++++++++++++++++ pkg/cmd/attestation/verify/verify.go | 13 ++++++++++- 3 files changed, 43 insertions(+), 1 deletion(-) diff --git a/pkg/cmd/attestation/io/handler.go b/pkg/cmd/attestation/io/handler.go index 9664c7f65..e7ff4b631 100644 --- a/pkg/cmd/attestation/io/handler.go +++ b/pkg/cmd/attestation/io/handler.go @@ -29,6 +29,10 @@ func NewTestHandler() *Handler { return NewHandler(testIO) } +func (h *Handler) DebugEnabled() bool { + return h.debugEnabled +} + // Printf writes the formatted arguments to the stderr writer. func (h *Handler) Printf(f string, v ...interface{}) (int, error) { if !h.IO.IsStdoutTTY() { diff --git a/pkg/cmd/attestation/verification/policy.go b/pkg/cmd/attestation/verification/policy.go index d4976ab47..3364d9c2c 100644 --- a/pkg/cmd/attestation/verification/policy.go +++ b/pkg/cmd/attestation/verification/policy.go @@ -76,3 +76,30 @@ The following policy criteria will be enforced against all attestations: return info } + +func (c EnforcementCriteria) BuildPolicyInformationForTable() [][]string { + predicateInfo := []string{"Predicate type", c.PredicateType} + issuerInfo := []string{"Issuer", c.Certificate.Issuer} + ownerURIInfo := []string{"SourceRepositoryOwnerURI", c.Certificate.SourceRepositoryOwnerURI} + info := [][]string{predicateInfo, issuerInfo, ownerURIInfo} + + if c.Certificate.SourceRepositoryURI != "" { + sourceRepoURIInfo := []string{"SourceRepositoryURI", c.Certificate.SourceRepositoryURI} + info = append(info, sourceRepoURIInfo) + } + + if c.Certificate.RunnerEnvironment == GitHubRunner { + runnerInfo := []string{"RunnerEnvironment", c.Certificate.RunnerEnvironment} + info = append(info, runnerInfo) + } + + if c.SAN != "" { + sanInfo := []string{"SAN", c.SAN} + info = append(info, sanInfo) + } else if c.SANRegex != "" { + sanRegexInfo := []string{"SANRegex", c.SANRegex} + info = append(info, sanRegexInfo) + } + + return info +} diff --git a/pkg/cmd/attestation/verify/verify.go b/pkg/cmd/attestation/verify/verify.go index 2e057b9f3..462640439 100644 --- a/pkg/cmd/attestation/verify/verify.go +++ b/pkg/cmd/attestation/verify/verify.go @@ -243,7 +243,18 @@ func runVerify(opts *Options) error { attestations = filteredAttestations // print information about the policy that will be enforced against attestations - opts.Logger.Println(ec.BuildPolicyInformation()) + if opts.Logger.DebugEnabled() { + policyTableInfo := ec.BuildPolicyInformationForTable() + headers := []string{"attribute", "must match"} + opts.Logger.Println("") + if err = opts.Logger.PrintTable(headers, policyTableInfo); err != nil { + opts.Logger.Println(opts.Logger.ColorScheme.Red("failed to print policy information to table")) + return err + } + opts.Logger.Println("") + } else { + opts.Logger.Println(ec.BuildPolicyInformation()) + } sp, err := buildSigstoreVerifyPolicy(ec, *artifact) if err != nil {