feat: adds NonExistentTag Exit Code to Error #2766
Conversation
Codecov Report
@@ Coverage Diff @@
## main #2766 +/- ##
==========================================
- Coverage 29.54% 29.51% -0.04%
==========================================
Files 151 151
Lines 9646 9657 +11
==========================================
Hits 2850 2850
- Misses 6357 6368 +11
Partials 439 439
Help us with your feedback. Take ten seconds to tell us how you rate us. Have a feature suggestion? Share it here. |
|
@znewman01 Here is the additional exit code functionality for verifying a non existing image and an image with no signatures. There's less code than #2673 because the main wrapping code has been done previous. So this PR just adds the exit codes error type for a non existing image and image without any signatures and throwing it where it errors. |
ChrisJBurns
force-pushed
the
main
branch
2 times, most recently
from
85ec491 to
521ab75
Compare
|
Someone might need to rerun the E2E tests? |
| @@ -484,6 +484,12 @@ func VerifyImageSignatures(ctx context.Context, signedImgRef name.Reference, co | |||
| // entity that minimizes registry requests when supplied with a digest input | |||
| digest, err := ociremote.ResolveDigest(signedImgRef, co.RegistryClientOpts...) | |||
| if err != nil { | |||
| if strings.Contains(err.Error(), "MANIFEST_UNKNOWN") { | |||
| return nil, false, &VerificationError{ | |||
There was a problem hiding this comment.
Nit: I think best practice for wrapping errors is to store the inner error inside the struct and format the message inside the Error function.
|
@znewman01 I tell you what I can do, if we merge this PR, I can get another one up that wraps the errors a bit more nicely. As I'll have to do the same to the other errors we're wrapping as part of the previous exit codes anyways, worth having a single PR to address them all in one go. e2e tests still seem to be failing with same error, not entirely sure if it's an intermittent error or if there is a genuine problem I've introduced as part of this PR. |
Works for me 👍
Filed #2786 |
Unfortunately, this is blocking all PR submissions! We'll get right on it |
|
Rebase and try again? |
- adds the exit code to when cosign throws an error due to a user trying to verify an image tag that doesn't exist. - adds functionality with associated exit code for when there are no signatures found for an image Signed-off-by: ChrisJBurns <[email protected]>
|
@znewman01 Accidental close there from me, tests are running, fingers crossed! |
- adds the exit code to when cosign throws an error due to a user trying to verify an image tag that doesn't exist. - adds functionality with associated exit code for when there are no signatures found for an image Signed-off-by: ChrisJBurns <[email protected]>
Fixes rest of of #948
As described in #948 "Currently if you run cosign verify against a non existing image, against a not signed image, against a signed image with a different key, the exit status is the same (1)" . #2673 implements exit codes for the scenario of an image being signed with a different key, this PR addresses the non existing image and no signatures found.
Summary
cosignthrows an error due to a user trying to verify an image tag that doesn't exist.