[TEP-0091] add VerificationResult

This commit adds VerificationResult struct, the new struct has 2 fields, VerificationResultType and Err. VerificationResultType has 5 types: IgnoreNoMatchPolicy, WarnNoMatchPolicy, VerificationPass, VerificationError, WarnModeVerificationFail.

Signed-off-by: Yongxuan Zhang [email protected]

pkg/trustedresources/verify.go

@@ -41,6 +41,30 @@ const (
 	SignatureAnnotation = "tekton.dev/signature"
 )
 
+const (
+	IgnoreWhenNoMatchPolicy = iota
+	WarnWhenNoMatchPolicy
+	VerificationPass
+	VerificationError
+	WarnModeVerificationFail
+)
+
+// VerificationResultType indicates different cases of a verification result
+type VerificationResultType int
+
+// VerificationResult contains the type and message about the result of verification
+type VerificationResult struct {
+	// VerificationResultType has 5 types which is corresponding to 5 cases:
+	// 1) IgnoreWhenNoMatchPolicy: There are no matching policies, and verification was skipped. Err is nil in this case.
+	// 2) WarnWhenNoMatchPolicy: There are no matching policies, and warning is logged.
+	// 3) VerificationPass: The verification passed. Err is nil in this case.
+	// 4) VerificationError: The verification failed, it could be the signature doesn't match the public key or there are errors during verification.
+	// 5) WarnModeVerificationFail: Only Warn mode verification policies fail, there may be no enforce mode policies or all enforce mode policies mode pass.
+	VerificationResultType VerificationResultType
+	// Err contains the error message when there is a warning logged or error returned.
+	Err error
+}
+
 // VerifyTask verifies the signature and public key against task.
 // Skip the verification when no policies are found and trusted-resources-verification-no-match-policy is set to ignore or warn
 // Return an error when no policies are found and trusted-resources-verification-no-match-policy is set to fail,