Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

fix: showing verifier config parse detail in err log #1791

Merged
merged 6 commits into from
Sep 11, 2024
Merged

fix: showing verifier config parse detail in err log #1791

merged 6 commits into from
Sep 11, 2024

Conversation

junczhu
Copy link
Collaborator

@junczhu junczhu commented Sep 10, 2024
edited
Loading

Description

What this PR does / why we need it:

Which issue(s) this PR fixes (optional, using fixes #<issue number>(, fixes #<issue_number>, ...) format, will close the issue(s) when the PR gets merged):

Showing verifier config parse error about using VerificationCertStores in mixed format in err log

Type of change

Please delete options that are not relevant.
Before:
Screen Capture
image
Details

time=2024-09-10T12:50:33.130136555Z level=debug msg=creating notation with config map[artifactTypes:application/vnd.cncf.notary.signature name:verifier-notation trustPolicyDoc:map[trustPolicies:[map[name:default registryScopes:[*] signatureVerification:map[level:strict] trustStores:[ca:ca-certs] trustedIdentities:[*]]] version:1.0] type:notation verificationCertStores:map[ca:map[ca-certs:[certstore-inline]] certs:[ratify-notation-inline-cert]]], namespace '' component-type=verifier go.version=go1.21.10
time=2024-09-10T12:50:33.130257057Z level=error msg=Error: config invalid, Code: CONFIG_INVALID, Plugin Name: verifier-notation, Component Type: verifier unable to create verifier from verifier config
time=2024-09-10T12:50:33.130325558Z level=error msg=Error: config invalid, Code: CONFIG_INVALID, Plugin Name: verifier-notation, Component Type: verifierunable to create verifier from verifier crd
time=2024-09-10T12:50:33.135608041Z level=error msg=Reconciler error Verifier=verifier-notation controller=verifier controllerGroup=config.ratify.deislabs.io controllerKind=Verifier error=Error: config invalid, Code: CONFIG_INVALID, Plugin Name: verifier-notation, Component Type: verifier name=verifier-notation namespace= reconcileID=39a4c842-9f20-44f7-a25a-049cb3582754 stacktrace=goroutine 371 [running]:
runtime/debug.Stack()

After:
Screen Capture
image
Details

time=2024-09-10T12:46:30.633387288Z level=debug msg=creating Notation verifier with config map[artifactTypes:application/vnd.cncf.notary.signature name:verifier-notation trustPolicyDoc:map[trustPolicies:[map[name:default registryScopes:[*] signatureVerification:map[level:strict] trustStores:[ca:ca-certs] trustedIdentities:[*]]] version:1.0] type:notation verificationCertStores:map[ca:map[ca-certs:[certstore-inline]] certs:[ratify-notation-inline-cert]]], namespace '' component-type=verifier go.version=go1.22.7
time=2024-09-10T12:46:30.63350789Z level=debug msg=Get VerificationCertStores in legacy format component-type=verifier go.version=go1.22.7
time=2024-09-10T12:46:30.63351519Z level=error msg=Get VerificationCertStores in mixed format component-type=verifier go.version=go1.22.7
time=2024-09-10T12:46:30.63352709Z level=error msg=CONFIG_INVALID: Failed to create the Notation Verifier: The verificationCertStores is misconfigured with both legacy and new formats: Please provide only one format for the VerificationCertStores. Refer to the Notation Verifier configuration guide: https://ratify.dev/docs/plugins/verifier/notation#configuration unable to create verifier from verifier config
time=2024-09-10T12:46:30.633532391Z level=error msg=CONFIG_INVALID: Unable to create verifier from verifier CR: Failed to create the Notation Verifier: The verificationCertStores is misconfigured with both legacy and new formats: Please provide only one format for the VerificationCertStores. Refer to the Notation Verifier configuration guide: https://ratify.dev/docs/plugins/verifier/notation#configuration
time=2024-09-10T12:46:30.638637571Z level=error msg=Reconciler error Verifier=verifier-notation controller=verifier controllerGroup=config.ratify.deislabs.io controllerKind=Verifier error=CONFIG_INVALID: Unable to create verifier from verifier CR: Failed to create the Notation Verifier: The verificationCertStores is misconfigured with both legacy and new formats: Please provide only one format for the VerificationCertStores. Refer to the Notation Verifier configuration guide: https://ratify.dev/docs/plugins/verifier/notation#configuration name=verifier-notation namespace= reconcileID=cb08ddae-74df-4fb0-97b1-1a41221504fd stacktrace=goroutine 338 [running]:
runtime/debug.Stack()
  • Bug fix (non-breaking change which fixes an issue)

How Has This Been Tested?

-[x] AKS test in my own fork.
image

ref: https://github.com/junczhu/ratify/actions/runs/10789084563/job/29921271326?pr=22

Checklist:

  • Does the affected code have corresponding tests?
  • Are the changes documented, not just with inline documentation, but also with conceptual documentation such as an overview of a new feature, or task-based documentation like a tutorial? Consider if this change should be announced on your project blog.
  • Does this introduce breaking changes that would require an announcement or bumping the major version?
  • Do all new files have appropriate license header?

Post Merge Requirements

  • MAINTAINERS: manually trigger the "Publish Package" workflow after merging any PR that indicates Helm Chart Change

binbin-li
binbin-li reviewed Sep 10, 2024
View reviewed changes
pkg/verifier/notation/notation.go Outdated Show resolved Hide resolved
pkg/verifier/notation/notation.go Outdated Show resolved Hide resolved
@junczhu junczhu marked this pull request as ready for review September 10, 2024 07:55
@junczhu junczhu changed the title fix: add log to verifier parse fix: showing verifier config parse detail in err log Sep 10, 2024
@codecov Codecov
Copy link

codecov bot commented Sep 10, 2024
edited
Loading

Codecov Report

All modified and coverable lines are covered by tests ✅

Files with missing lines Coverage Δ
pkg/verifier/notation/notation.go 98.14% <100.00%> (+10.02%) ⬆️

... and 21 files with indirect coverage changes

@junczhu junczhu enabled auto-merge (squash) September 10, 2024 12:54
@akashsinghal
Copy link
Collaborator

Just curious, why are there 2 different CONFIG_INVALID error logs. They both seem to be saying basically the same thing?

@binbin-li
Copy link
Collaborator

Just curious, why are there 2 different CONFIG_INVALID error logs. They both seem to be saying basically the same thing?

I guess the second error wraps the first one(nested one) but we logged both.

binbin-li
binbin-li reviewed Sep 11, 2024
View reviewed changes
pkg/verifier/notation/notation.go Outdated
Comment on lines 240 to 241
logger.GetLogger(context.Background(), logOpt).Error("Get VerificationCertStores in mixed format")
return re.ErrorCodeConfigInvalid.WithDetail("The verificationCertStores is misconfigured with both legacy and new formats").WithRemediation("Please provide only one format for the VerificationCertStores. Refer to the Notation Verifier configuration guide: https://ratify.dev/docs/plugins/verifier/notation#configuration")
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggested change
logger.GetLogger(context.Background(), logOpt).Error("Get VerificationCertStores in mixed format")
return re.ErrorCodeConfigInvalid.WithDetail("The verificationCertStores is misconfigured with both legacy and new formats").WithRemediation("Please provide only one format for the VerificationCertStores. Refer to the Notation Verifier configuration guide: https://ratify.dev/docs/plugins/verifier/notation#configuration")
err := re.ErrorCodeConfigInvalid.WithDetail("The verificationCertStores is misconfigured with both legacy and new formats: %+v", conf).WithRemediation("Please provide only one format for the VerificationCertStores. Refer to the Notation Verifier configuration guide: https://ratify.dev/docs/plugins/verifier/notation#configuration")
logger.GetLogger(context.Background(), logOpt).Error(err)
return err

Copy link
Collaborator Author

@junczhu junczhu Sep 11, 2024
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Updated.

@junczhu
Copy link
Collaborator Author

junczhu commented Sep 11, 2024

Found similar issue been raised to the markdown link checker: tcort/markdown-link-check#349
Double confirmed that the outlined links are working just fine:
image

 [✖] https://ratify.dev/docs/troubleshoot/key-management-provider/kmp-tsg#cert_invalid → Status: 0
 [✖] https://ratify.dev/docs/plugins/verifier/notation → Status: 0

@junczhu junczhu merged commit 5381e0c into ratify-project:dev Sep 11, 2024
19 checks passed
akashsinghal pushed a commit to akashsinghal/ratify that referenced this pull request Sep 13, 2024
@junczhu @akashsinghal
fix: showing verifier config parse detail in err log (ratify-project#…
076c9ca 
…1791)

Signed-off-by: akashsinghal <[email protected]>
binbin-li pushed a commit to binbin-li/ratify that referenced this pull request Sep 14, 2024
@junczhu @binbin-li
fix: showing verifier config parse detail in err log (ratify-project#…
ce1c082 
…1791)
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@binbin-li binbin-li binbin-li approved these changes

@akashsinghal akashsinghal Awaiting requested review from akashsinghal akashsinghal is a code owner

@jimmyraywv jimmyraywv Awaiting requested review from jimmyraywv jimmyraywv is a code owner

@luisdlp luisdlp Awaiting requested review from luisdlp luisdlp is a code owner

@susanshi susanshi Awaiting requested review from susanshi susanshi is a code owner

@toddysm toddysm Awaiting requested review from toddysm toddysm is a code owner

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@junczhu @akashsinghal @binbin-li