[bug] cosign verify error parsing and output tables (#134)

* fix bug in cosign verify when using kms protocol for keys

* modify table row creation for verify signature tables

pkg/cosign/error.go

@@ -0,0 +1,34 @@
+package cosign
+
+import (
+	"errors"
+
+	cosignError "github.com/sigstore/cosign/v2/cmd/cosign/errors"
+)
+
+// isNoMatchingSignatureErr checks if the error is of type ErrNoMatchingSignature
+func isNoMatchingSignatureErr(err error) bool {
+	var ce *cosignError.CosignError
+	if errors.As(err, &ce) && ce.Code == cosignError.NoMatchingSignature {
+		return true
+	}
+	return false
+}
+
+// isImageWithoutSignatureErr checks if the error is of type ErrNoSignaturesFound
+func isImageWithoutSignatureErr(err error) bool {
+	var ce *cosignError.CosignError
+	if errors.As(err, &ce) && ce.Code == cosignError.ImageWithoutSignature {
+		return true
+	}
+	return false
+}
+
+// isNoCertificateFoundOnSignatureErr checks if the error is of type ErrNoCertificateFoundOnSignature
+func isNoCertificateFoundOnSignatureErr(err error) bool {
+	var ce *cosignError.CosignError
+	if errors.As(err, &ce) && ce.Code == cosignError.NoCertificateFoundOnSignature {
+		return true
+	}
+	return false
+}

pkg/cosign/verify.go

@@ -8,6 +8,7 @@ import (
 	"strings"
 	"time"
 
+	"github.com/Azure/azure-sdk-for-go/sdk/azcore/to"
 	"github.com/ChristofferNissen/helmper/pkg/image"
 	"github.com/ChristofferNissen/helmper/pkg/registry"
 	"github.com/ChristofferNissen/helmper/pkg/report"
@@ -132,6 +133,9 @@ func (vo *VerifyOption) Run(ctx context.Context) (map[*registry.Registry]map[*im
 		ExperimentalOCI11:            o.CommonVerifyOptions.ExperimentalOCI11,
 	}
 
+	keys := make([]string, 0)
+	rows := make(map[string]*table.Row)
+
 	m := make(map[*registry.Registry]map[*image.Image]bool, 0)
 	for r, elem := range vo.Data {
 		if elem == nil {
@@ -145,7 +149,13 @@ func (vo *VerifyOption) Run(ctx context.Context) (map[*registry.Registry]map[*im
 		for i, b := range elem {
 			// add row to overview table
 			ref := i.String()
-			row := table.Row{sc.Value("index_import"), ref}
+
+			// Check for existing row for Chart Name
+			row := rows[ref]
+			if row == nil {
+				row = to.Ptr(table.Row{sc.Value("index_import"), ref})
+				keys = append(keys, ref)
+			}
 
 			if b || vo.VerifyExisting {
 
@@ -176,30 +186,41 @@ func (vo *VerifyOption) Run(ctx context.Context) (map[*registry.Registry]map[*im
 					return v.Exec(ctx, []string{s})
 				})
 				slog.Debug(out)
+
 				if err != nil {
-					switch err.Error() {
-					case "no signatures found":
+					switch {
+					case isNoCertificateFoundOnSignatureErr(err):
+						fallthrough
+					case isNoMatchingSignatureErr(err):
+						fallthrough
+					case isImageWithoutSignatureErr(err):
 						elem[i] = true
 						_ = bar.Add(1)
-						row = append(row, terminal.StatusEmoji(false))
-						vo.Report.AddRow(row)
+						*row = append(*row, terminal.StatusEmoji(false))
 						sc.Inc("index_import")
 						continue
 					default:
 						return make(map[*registry.Registry]map[*image.Image]bool), err
 					}
 				}
+
 				elem[i] = false
-				_ = bar.Add(1)
-				row = append(row, terminal.StatusEmoji(true))
-				vo.Report.AddRow(row)
+				*row = append(*row, terminal.StatusEmoji(true))
+
 				sc.Inc("index_import")
+				_ = bar.Add(1)
 			}
 
+			rows[ref] = row
+
 		}
 		m[r] = elem
 	}
 
+	// Output table
+	for _, k := range keys {
+		vo.Report.AddRow(*rows[k])
+	}
 	vo.Report.AddHeader(header)
 
 	_ = bar.Finish()

pkg/cosign/verifyChart.go

@@ -7,6 +7,7 @@ import (
 	"strings"
 	"time"
 
+	"github.com/Azure/azure-sdk-for-go/sdk/azcore/to"
 	"github.com/ChristofferNissen/helmper/pkg/helm"
 	"github.com/ChristofferNissen/helmper/pkg/registry"
 	"github.com/ChristofferNissen/helmper/pkg/report"
@@ -132,6 +133,9 @@ func (vo *VerifyChartOption) Run(ctx context.Context) (map[*registry.Registry]ma
 		ExperimentalOCI11:            o.CommonVerifyOptions.ExperimentalOCI11,
 	}
 
+	keys := make([]string, 0)
+	rows := make(map[string]*table.Row)
+
 	m := make(map[*registry.Registry]map[*helm.Chart]bool, 0)
 	for r, elem := range vo.Data {
 		if elem == nil {
@@ -143,7 +147,14 @@ func (vo *VerifyChartOption) Run(ctx context.Context) (map[*registry.Registry]ma
 		header = append(header, rn)
 
 		for c, b := range elem {
-			row := table.Row{sc.Value("index_sign_charts"), fmt.Sprintf("charts/%s", c.Name), c.Version}
+
+			// Check for existing row for Chart Name
+			row := rows[c.Name]
+			if row == nil {
+				row = to.Ptr(table.Row{sc.Value("index_sign_charts"), fmt.Sprintf("charts/%s", c.Name), c.Version})
+				keys = append(keys, c.Name)
+			}
+
 			if b || vo.VerifyExisting {
 
 				name := fmt.Sprintf("%s/%s", chartutil.ChartsDir, c.Name)
@@ -160,31 +171,43 @@ func (vo *VerifyChartOption) Run(ctx context.Context) (map[*registry.Registry]ma
 					return err
 				})
 				slog.Debug(out)
+
 				if err != nil {
-					switch err.Error() {
-					case "no signatures found":
+					switch {
+					case isNoCertificateFoundOnSignatureErr(err):
+						fallthrough
+					case isNoMatchingSignatureErr(err):
+						fallthrough
+					case isImageWithoutSignatureErr(err):
 						elem[c] = true
-						row = append(row, terminal.StatusEmoji(false))
-						vo.Report.AddRow(row)
-						sc.Inc("index_sign_charts")
 						_ = bar.Add(1)
+						*row = append(*row, terminal.StatusEmoji(false))
+						sc.Inc("index_sign_charts")
 						continue
 					default:
 						return make(map[*registry.Registry]map[*helm.Chart]bool), err
 					}
 				}
+
 				elem[c] = false
-				row = append(row, terminal.StatusEmoji(true))
-				vo.Report.AddRow(row)
+				*row = append(*row, terminal.StatusEmoji(true))
+
 				sc.Inc("index_sign_charts")
 				_ = bar.Add(1)
 			}
+
+			rows[c.Name] = row
 		}
+
 		if len(elem) > 0 {
 			m[r] = elem
 		}
 	}
 
+	// Output table
+	for _, k := range keys {
+		vo.Report.AddRow(*rows[k])
+	}
 	vo.Report.AddHeader(header)
 
 	_ = bar.Finish()