From bb4715c84c4768b14c8a4831b91b070868b2a9ba Mon Sep 17 00:00:00 2001
From: Vishal Choudhary <sendtovishalchoudhary@gmail.com>
Date: Tue, 17 Oct 2023 17:06:55 +0530
Subject: [PATCH] fix: allow cosign download sbom when image is absent (#3245)

* fix: allow cosign download sbom when image is absent

Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com>

* fix: remove lint issue

Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com>

* fix: add errors.As

Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com>

* feat: added comments

Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com>

---------

Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com>
---
 cmd/cosign/cli/download/attestation.go | 13 ++++++++++++-
 cmd/cosign/cli/download/sbom.go        | 12 +++++++++++-
 2 files changed, 23 insertions(+), 2 deletions(-)

diff --git a/cmd/cosign/cli/download/attestation.go b/cmd/cosign/cli/download/attestation.go
index 1861494aadc..152e934103d 100644
--- a/cmd/cosign/cli/download/attestation.go
+++ b/cmd/cosign/cli/download/attestation.go
@@ -18,6 +18,7 @@ package download
 import (
 	"context"
 	"encoding/json"
+	"errors"
 	"fmt"
 
 	"github.com/google/go-containerregistry/pkg/name"
@@ -46,8 +47,18 @@ func AttestationCmd(ctx context.Context, regOpts options.RegistryOptions, attOpt
 	}
 
 	se, err := ociremote.SignedEntity(ref, ociremoteOpts...)
+	var entityNotFoundError *ociremote.EntityNotFoundError
 	if err != nil {
-		return err
+		if errors.As(err, &entityNotFoundError) {
+			if digest, ok := ref.(name.Digest); ok {
+				// We don't need to access the original image to download the attached attestation
+				se = ociremote.SignedUnknown(digest)
+			} else {
+				return err
+			}
+		} else {
+			return err
+		}
 	}
 
 	se, err = platform.SignedEntityForPlatform(se, attOptions.Platform)
diff --git a/cmd/cosign/cli/download/sbom.go b/cmd/cosign/cli/download/sbom.go
index 2e3c41a1c97..79c6968fac2 100644
--- a/cmd/cosign/cli/download/sbom.go
+++ b/cmd/cosign/cli/download/sbom.go
@@ -44,8 +44,18 @@ func SBOMCmd(
 	}
 
 	se, err := ociremote.SignedEntity(ref, ociremoteOpts...)
+	var entityNotFoundError *ociremote.EntityNotFoundError
 	if err != nil {
-		return nil, err
+		if errors.As(err, &entityNotFoundError) {
+			// We don't need to access the original image to download the attached sbom
+			if digest, ok := ref.(name.Digest); ok {
+				se = ociremote.SignedUnknown(digest)
+			} else {
+				return nil, err
+			}
+		} else {
+			return nil, err
+		}
 	}
 
 	se, err = platform.SignedEntityForPlatform(se, dnOpts.Platform)