-
Notifications
You must be signed in to change notification settings - Fork 84
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
feat: add support for json output for notation verify
#527
Conversation
Signed-off-by: Byron Chien <chienb@amazon.com>
Signed-off-by: Byron Chien <chienb@amazon.com>
Signed-off-by: Byron Chien <chienb@amazon.com>
Signed-off-by: Byron Chien <chienb@amazon.com>
Signed-off-by: Byron Chien <chienb@amazon.com>
Signed-off-by: Byron Chien <chienb@amazon.com>
Signed-off-by: Byron Chien <chienb@amazon.com>
Signed-off-by: Byron Chien <chienb@amazon.com>
Signed-off-by: Byron Chien <chienb@amazon.com>
Signed-off-by: Byron Chien <chienb@amazon.com>
305a491
to
cb6d2ed
Compare
Signed-off-by: Byron Chien <chienb@amazon.com>
Signed-off-by: Byron Chien <chienb@amazon.com>
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
There is no issue linked with this PR. Could you link at least one issue to this PR so that reviewers can have context?
Since this is a new feature, could you add E2E tests accordingly?
linked the related metadata PR and issue in the initial comment. will add E2E tests for this PR |
Signed-off-by: Byron Chien <chienb@amazon.com>
Signed-off-by: Byron Chien <chienb@amazon.com>
c049b11
to
aa74179
Compare
Signed-off-by: Byron Chien <chienb@amazon.com>
Signed-off-by: Byron Chien <chienb@amazon.com>
Signed-off-by: Byron Chien <chienb@amazon.com>
e1f0559
to
b22ae06
Compare
Signed-off-by: Byron Chien <chienb@amazon.com>
Codecov Report
📣 This organization is not using Codecov’s GitHub App Integration. We recommend you install it so Codecov can continue to function properly for your repositories. Learn more @@ Coverage Diff @@
## main #527 +/- ##
==========================================
- Coverage 36.34% 36.20% -0.15%
==========================================
Files 30 30
Lines 1607 1616 +9
==========================================
+ Hits 584 585 +1
- Misses 1002 1010 +8
Partials 21 21
📣 We’re building smart automated test selection to slash your CI/CD build times. Learn more |
notation verify
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
LGTM
- fail fast on unknown output format - print warnings to stderr for both output formats - omit empty metadata from json response Signed-off-by: Byron Chien <chienb@amazon.com>
"userMetadata": { | ||
"io.wabbit-networks.buildId": "123" | ||
}, | ||
"result": "Success" |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
What if the verification fails?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
for verification failure, no json is written to stdout, and the failure is logged to stderr.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
@byronchien If JSON is printed only if the verification passes, what's the meaning of showing "result": "Success"
?
/cc @priteshbandi @yizha1
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
When verification fails, I expect that the result would be failure
or failed
, and the failure reason will be included in the JSON object so that other scripts can parse it correctly.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Since this PR is merged, I've created #546 to track.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
result
can have two values, one is skip
and other one is success
. IMO for failure case displaying JSON for wont be useful because it wont contain any useful information which automation/script can use(non-zero exit code should suffice to show failure)
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
The JSON output is usually consumed by scripts or programs. How can them obtain the structured error message and detailed verification outcomes?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
To display error message/detailed verification output we need more than result
field something like resultReason
because result
will only say failure
. Also, in current state it wont be of much help since as there is only one genuine/expected failure use case i.e failed signature verification for all the signatures. Apart from genuine/expected error, all other errors should always be emitted as stdErr.
Are you suggest we should emit json for expected failure use cases or all failure use cases?
Moved conversation to #546 (comment)
Signed-off-by: Byron Chien <chienb@amazon.com>
- rename PrintObjectAsJson => PrintObjectAsJSON - move output format constants to flags.go - use switch for verify output behavior - add documentation output methods - call out failure behavior in spec Signed-off-by: Byron Chien <chienb@amazon.com>
ae0e5c5
to
79b3217
Compare
…ryproject#527)" This reverts commit 33c2281.
…ryproject#527)" This reverts commit 33c2281. Signed-off-by: Pritesh Bandi <pritesb@amazon.com>
…ryproject#527)" This reverts commit 33c2281. Signed-off-by: Pritesh Bandi <pritesb@amazon.com>
…ryproject#527)" This reverts commit 33c2281. Signed-off-by: Pritesh Bandi <priteshbandi@gmail.com>
…ryproject#527)" (notaryproject#551) This reverts commit 33c2281. We are reverting notaryproject#527 because we need to write spec first for json output. Signed-off-by: Pritesh Bandi <priteshbandi@gmail.com> Signed-off-by: Josh Duffney <jduffney@microsoft.com>
allows json output for
notation verify
.fixes notaryproject/roadmap#67, #498
Example output:
Note: PR is on top of changes that haven't been merged into main yet, so there's duplicate code from this PR adding metadata support.
suggested order for review: notation-go #261 => notation-core-go #111 => notation #527 (this one) =>notation #528