Skip to content

Commit

Permalink
feat: add timestamp and traceId to verification response (ratify-proj…
Browse files Browse the repository at this point in the history
…ect#1697)

Signed-off-by: akashsinghal <[email protected]>
  • Loading branch information
binbin-li authored and akashsinghal committed Sep 13, 2024
1 parent bbd05d4 commit 9546141
Show file tree
Hide file tree
Showing 6 changed files with 27 additions and 10 deletions.
10 changes: 5 additions & 5 deletions httpserver/handlers.go
Original file line number Diff line number Diff line change
Expand Up @@ -141,12 +141,12 @@ func (server *Server) verify(ctx context.Context, w http.ResponseWriter, r *http
logger.GetLogger(ctx, server.LogOption).Warnf("unable to insert cache entry for subject %v", resolvedSubjectReference)
}
}

if res, err := json.MarshalIndent(result, "", " "); err == nil {
logger.GetLogger(ctx, server.LogOption).Infof("verify result for subject %s: %s", resolvedSubjectReference, string(res))
}
}
returnItem.Value = fromVerifyResult(result, server.GetExecutor(ctx).PolicyEnforcer.GetPolicyType(ctx))
verificationResponse := fromVerifyResult(ctx, result, server.GetExecutor(ctx).PolicyEnforcer.GetPolicyType(ctx))
returnItem.Value = verificationResponse
if res, err := json.MarshalIndent(verificationResponse, "", " "); err == nil {
logger.GetLogger(ctx, server.LogOption).Infof("verification response for subject %s: \n%s", resolvedSubjectReference, string(res))
}
logger.GetLogger(ctx, server.LogOption).Debugf("verification: execution time for image %s: %dms", resolvedSubjectReference, time.Since(routineStartTime).Milliseconds())
}(utils.SanitizeString(key), ctx)
}
Expand Down
10 changes: 9 additions & 1 deletion httpserver/types.go
Original file line number Diff line number Diff line change
Expand Up @@ -16,6 +16,10 @@ limitations under the License.
package httpserver

import (
"context"
"time"

"github.com/ratify-project/ratify/internal/logger"
"github.com/ratify-project/ratify/pkg/executor/types"
pt "github.com/ratify-project/ratify/pkg/policyprovider/types"
)
Expand All @@ -32,17 +36,21 @@ const (
type VerificationResponse struct {
Version string `json:"version"`
IsSuccess bool `json:"isSuccess"`
TraceID string `json:"traceID,omitempty"`
Timestamp string `json:"timestamp,omitempty"`
VerifierReports []interface{} `json:"verifierReports,omitempty"`
}

func fromVerifyResult(res types.VerifyResult, policyType string) VerificationResponse {
func fromVerifyResult(ctx context.Context, res types.VerifyResult, policyType string) VerificationResponse {
version := ResultVersion0_2_0
if policyType == pt.RegoPolicy {
version = ResultVersion1_1_0
}
return VerificationResponse{
Version: version,
IsSuccess: res.IsSuccess,
Timestamp: time.Now().Format(time.RFC3339Nano),
TraceID: logger.GetTraceID(ctx),
VerifierReports: res.VerifierReports,
}
}
3 changes: 2 additions & 1 deletion httpserver/types_test.go
Original file line number Diff line number Diff line change
Expand Up @@ -16,6 +16,7 @@ limitations under the License.
package httpserver

import (
"context"
"testing"

"github.com/ratify-project/ratify/pkg/executor/types"
Expand Down Expand Up @@ -43,7 +44,7 @@ func TestFromVerifyResult(t *testing.T) {

for _, tc := range testCases {
t.Run(tc.name, func(t *testing.T) {
if res := fromVerifyResult(result, tc.policyType); res.Version != tc.expectedVersion {
if res := fromVerifyResult(context.Background(), result, tc.policyType); res.Version != tc.expectedVersion {
t.Fatalf("Expected version to be %s, got %s", tc.expectedVersion, res.Version)
}
})
Expand Down
9 changes: 9 additions & 0 deletions internal/logger/logger.go
Original file line number Diff line number Diff line change
Expand Up @@ -101,6 +101,15 @@ func GetLogger(ctx context.Context, opt Option) dcontext.Logger {
return dcontext.GetLogger(ctx, ContextKeyComponentType)
}

// GetTraceID returns the trace ID from the context.
func GetTraceID(ctx context.Context) string {
traceID := ctx.Value(ContextKeyTraceID)
if traceID == nil {
return ""
}
return traceID.(string)
}

// setTraceID sets the trace ID in the context. If the trace ID is not present in the request headers, a new one is generated.
func setTraceID(ctx context.Context, r *http.Request) context.Context {
traceID := ""
Expand Down
3 changes: 1 addition & 2 deletions internal/logger/logger_test.go
Original file line number Diff line number Diff line change
Expand Up @@ -23,7 +23,6 @@ import (
"testing"

logstash "github.com/bshuster-repo/logrus-logstash-hook"
dcontext "github.com/docker/distribution/context"
"github.com/sirupsen/logrus"
"github.com/stretchr/testify/assert"
)
Expand Down Expand Up @@ -75,7 +74,7 @@ func TestInitContext(t *testing.T) {
t.Run(tc.name, func(t *testing.T) {
traceIDHeaderNames = tc.headerNames
ctx := InitContext(context.Background(), tc.r)
traceID := dcontext.GetStringValue(ctx, ContextKeyTraceID)
traceID := GetTraceID(ctx)
if traceID == "" {
t.Fatalf("expected non-empty traceID, but got empty one")
}
Expand Down
2 changes: 1 addition & 1 deletion library/default/template.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -44,5 +44,5 @@ spec:
general_violation[{"result": result}] {
subject_validation := remote_data.responses[_]
subject_validation[1].isSuccess == false
result := sprintf("Failed to verify the artifact: %s", [subject_validation[0]])
result := sprintf("Time=%s, failed to verify the artifact: %s, trace-id: %s", [subject_validation[1].timestamp, subject_validation[0], subject_validation[1].traceID])
}

0 comments on commit 9546141

Please sign in to comment.