[TEP-0091] add VerificationResult

The commit adds VerificationResult struct, the new struct has 2 fields, VerificationResultType and Err. VerificationResultType has 4 types: VerificationSkip, VerificationPass, VerificationWarn, VerificationError. Signed-off-by: Yongxuan Zhang [email protected]
tektoncd · May 16, 2023 · b7118bf · b7118bf
1 parent d6c0f69
commit b7118bf
Showing 1 changed file with 23 additions and 0 deletions.
diff --git a/pkg/trustedresources/verify.go b/pkg/trustedresources/verify.go
@@ -41,6 +41,29 @@ const (
 	SignatureAnnotation = "tekton.dev/signature"
 )
 
+const (
+	VerificationSkip = iota
+	VerificationPass
+	VerificationWarn
+	VerificationError
+)
+
+// VerificationResultType indicates different cases of a verification result
+type VerificationResultType int
+
+// VerificationResult contains the type and message about the result of verification
+type VerificationResult struct {
+	// VerificationResultType has 5 types which is corresponding to 5 cases:
+	// 1) VerificationSkip: The verification was skipped. Err is nil in this case.
+	// 2) VerificationPass: The verification passed. Err is nil in this case.
+	// 3) VerificationWarn: A warning is logged. It could be no matching policies and feature flag "trusted-resources-verification-no-match-policy" is warn,
+	//    or only Warn mode verification policies fail.
+	// 4) VerificationError: The verification failed, it could be the signature doesn't match the public key or there are errors during verification.
+	VerificationResultType VerificationResultType
+	// Err contains the error message when there is a warning logged or error returned.
+	Err error
+}
+
 // VerifyTask verifies the signature and public key against task.
 // Skip the verification when no policies are found and trusted-resources-verification-no-match-policy is set to ignore or warn
 // Return an error when no policies are found and trusted-resources-verification-no-match-policy is set to fail,