docs(notation): add comments around what is happening in checkOutcome

JasonTheDeveloper · JasonTheDeveloper · commit 0dedf6f098a9 · 2024-03-14T21:02:38.000+11:00
Signed-off-by: Jason &lt;jagoodse@microsoft.com&gt;
diff --git a/internal/oci/notation/notation.go b/internal/oci/notation/notation.go
@@ -252,28 +252,37 @@ func (v *NotationVerifier) checkOutcome(outcomes []*notation.VerificationOutcome
 		return oci.VerificationResultFailed, fmt.Errorf("signature verification failed for all the signatures associated with %s", url)
 	}
 
+	// should only ever be one item in the outcomes slice
 	outcome := outcomes[0]
 
+	// if the verification level is set to skip, we ignore the verification result
+	// as there should be no verification results in outcome and we do not want
+	// to mark the result as verified
 	if outcome.VerificationLevel == trustpolicy.LevelSkip {
 		return oci.VerificationResultIgnored, nil
 	}
 
 	ignore := false
 
+	// loop through verification results to check for errors
 	for _, i := range outcome.VerificationResults {
+		// error if action is not marked as `skip` and there is an error
 		if i.Error != nil {
+			// flag to ignore the verification result if the error is related to type `authenticity`
 			if i.Type == trustpolicy.TypeAuthenticity {
 				ignore = true
 			}
-
+			// log results of error
 			v.logger.Info(fmt.Sprintf("verification check for type %s failed for %s with message %s", i.Type, url, i.Error.Error()))
 		}
 	}
 
+	// if the ignore flag is set, we ignore the verification result so not to mark as verified
 	if ignore {
 		return oci.VerificationResultIgnored, nil
 	}
 
+	// result is okay to mark as verified
 	return oci.VerificationResultSuccess, nil
 }
 

Original file line number	Diff line number	Diff line change
`@@ -252,28 +252,37 @@ func (v NotationVerifier) checkOutcome(outcomes []notation.VerificationOutcome`
`252`	`252`	`return oci.VerificationResultFailed, fmt.Errorf("signature verification failed for all the signatures associated with %s", url)`
`253`	`253`	`}`
`254`	`254`
	`255`	`+ // should only ever be one item in the outcomes slice`
`255`	`256`	`outcome := outcomes[0]`
`256`	`257`
	`258`	`+ // if the verification level is set to skip, we ignore the verification result`
	`259`	`+ // as there should be no verification results in outcome and we do not want`
	`260`	`+ // to mark the result as verified`
`257`	`261`	`if outcome.VerificationLevel == trustpolicy.LevelSkip {`
`258`	`262`	`return oci.VerificationResultIgnored, nil`
`259`	`263`	`}`
`260`	`264`
`261`	`265`	`ignore := false`
`262`	`266`
	`267`	`+ // loop through verification results to check for errors`
`263`	`268`	`for _, i := range outcome.VerificationResults {`
	`269`	+ // error if action is not marked as `skip` and there is an error
`264`	`270`	`if i.Error != nil {`
	`271`	+ // flag to ignore the verification result if the error is related to type `authenticity`
`265`	`272`	`if i.Type == trustpolicy.TypeAuthenticity {`
`266`	`273`	`ignore = true`
`267`	`274`	`}`
`268`		`-`
	`275`	`+ // log results of error`
`269`	`276`	`v.logger.Info(fmt.Sprintf("verification check for type %s failed for %s with message %s", i.Type, url, i.Error.Error()))`
`270`	`277`	`}`
`271`	`278`	`}`
`272`	`279`
	`280`	`+ // if the ignore flag is set, we ignore the verification result so not to mark as verified`
`273`	`281`	`if ignore {`
`274`	`282`	`return oci.VerificationResultIgnored, nil`
`275`	`283`	`}`
`276`	`284`
	`285`	`+ // result is okay to mark as verified`
`277`	`286`	`return oci.VerificationResultSuccess, nil`
`278`	`287`	`}`
`279`	`288`