fix: add fail case scenario to e2e for verifying attestation, collect…

… all validation errors first

Signed-off-by: Batuhan Apaydın <[email protected]>

cmd/cosign/cli/verify_attestation.go

@@ -22,6 +22,7 @@ import (
 	"flag"
 	"fmt"
 	"io"
+	"os"
 	"strings"
 
 	"github.com/in-toto/in-toto-golang/in_toto"
@@ -204,6 +205,7 @@ func (c *VerifyAttestationCommand) Exec(ctx context.Context, args []string) (err
 			return err
 		}
 
+		var validationErrors []error
 		for _, vp := range verified {
 			var payloadData map[string]interface{}
 			err := json.Unmarshal(vp.Payload, &payloadData)
@@ -272,10 +274,18 @@ func (c *VerifyAttestationCommand) Exec(ctx context.Context, args []string) (err
 				}
 			}
 			if err := cue.ValidateJSON(payload, c.Policies.EntryPoints); err != nil {
-				return fmt.Errorf("validating policy: %w", err)
+				validationErrors = append(validationErrors, err)
 			}
 		}
 
+		if len(validationErrors) > 0 {
+			fmt.Println("Some errors occurred during the validation:")
+			for _, v := range validationErrors {
+				_, _ = fmt.Fprintf(os.Stderr, fmt.Sprintf("- %v\n", v))
+			}
+			return fmt.Errorf("%d errors occurred", len(validationErrors))
+		}
+
 		// The attestations are always JSON, so use the raw "text" mode for outputting them instead of conversion
 		PrintVerification(imageRef, verified, co, "text")
 	}

test/e2e_test.go

@@ -188,6 +188,8 @@ func TestAttestVerify(t *testing.T) {
 		t.Fatal(err)
 	}
 
+	mustErr(verifyAttestation.Exec(ctx, []string{imgName}), t)
+
 	// Success case
 	cuePolicy = `builder: id: "2"`
 	if err := ioutil.WriteFile(policyPath, []byte(cuePolicy), 0600); err != nil {