Add verification key to repository verified status

bigkevmcd · bigkevmcd · commit c159d260dbe2 · 2023-06-28T09:28:02.000+01:00
This adds the ID of the key that was successful to the verified status
for GitRepository resources.

Signed-off-by: Kevin McDermott &lt;kevin@weave.works&gt;
diff --git a/internal/controller/gitrepository_controller.go b/internal/controller/gitrepository_controller.go
@@ -903,7 +903,8 @@ func (r *GitRepositoryReconciler) verifyCommitSignature(ctx context.Context, obj
 		keyRings = append(keyRings, string(v))
 	}
 	// Verify commit with GPG data from secret
-	if _, err := commit.Verify(keyRings...); err != nil {
+	entity, err := commit.Verify(keyRings...)
+	if err != nil {
 		e := serror.NewGeneric(
 			fmt.Errorf("signature verification of commit '%s' failed: %w", commit.Hash.String(), err),
 			"InvalidCommitSignature",
@@ -914,9 +915,9 @@ func (r *GitRepositoryReconciler) verifyCommitSignature(ctx context.Context, obj
 	}
 
 	conditions.MarkTrue(obj, sourcev1.SourceVerifiedCondition, meta.SucceededReason,
-		"verified signature of commit '%s'", commit.Hash.String())
+		"verified signature of commit '%s' with key '%s'", commit.Hash.String(), entity)
 	r.eventLogf(ctx, obj, eventv1.EventTypeTrace, "VerifiedCommit",
-		"verified signature of commit '%s'", commit.Hash.String())
+		"verified signature of commit '%s' with key '%s'", commit.Hash.String(), entity)
 	return sreconcile.ResultSuccess, nil
 }
 
diff --git a/internal/controller/gitrepository_controller_test.go b/internal/controller/gitrepository_controller_test.go
@@ -1519,7 +1519,7 @@ func TestGitRepositoryReconciler_verifyCommitSignature(t *testing.T) {
 			},
 			want: sreconcile.ResultSuccess,
 			assertConditions: []metav1.Condition{
-				*conditions.TrueCondition(sourcev1.SourceVerifiedCondition, meta.SucceededReason, "verified signature of commit 'shasum'"),
+				*conditions.TrueCondition(sourcev1.SourceVerifiedCondition, meta.SucceededReason, "verified signature of commit 'shasum' with key '3299AEB0E4085BAF'"),
 			},
 		},
 		{

Original file line number	Diff line number	Diff line change
`@@ -903,7 +903,8 @@ func (r *GitRepositoryReconciler) verifyCommitSignature(ctx context.Context, obj`
`903`	`903`	`keyRings = append(keyRings, string(v))`
`904`	`904`	`}`
`905`	`905`	`// Verify commit with GPG data from secret`
`906`		`- if _, err := commit.Verify(keyRings...); err != nil {`
	`906`	`+ entity, err := commit.Verify(keyRings...)`
	`907`	`+ if err != nil {`
`907`	`908`	`e := serror.NewGeneric(`
`908`	`909`	`fmt.Errorf("signature verification of commit '%s' failed: %w", commit.Hash.String(), err),`
`909`	`910`	`"InvalidCommitSignature",`
`@@ -914,9 +915,9 @@ func (r *GitRepositoryReconciler) verifyCommitSignature(ctx context.Context, obj`
`914`	`915`	`}`
`915`	`916`
`916`	`917`	`conditions.MarkTrue(obj, sourcev1.SourceVerifiedCondition, meta.SucceededReason,`
`917`		`- "verified signature of commit '%s'", commit.Hash.String())`
	`918`	`+ "verified signature of commit '%s' with key '%s'", commit.Hash.String(), entity)`
`918`	`919`	`r.eventLogf(ctx, obj, eventv1.EventTypeTrace, "VerifiedCommit",`
`919`		`- "verified signature of commit '%s'", commit.Hash.String())`
	`920`	`+ "verified signature of commit '%s' with key '%s'", commit.Hash.String(), entity)`
`920`	`921`	`return sreconcile.ResultSuccess, nil`
`921`	`922`	`}`
`922`	`923`
Original file line number	Diff line number	Diff line change
`@@ -1519,7 +1519,7 @@ func TestGitRepositoryReconciler_verifyCommitSignature(t *testing.T) {`
`1519`	`1519`	`},`
`1520`	`1520`	`want: sreconcile.ResultSuccess,`
`1521`	`1521`	`assertConditions: []metav1.Condition{`
`1522`		`- *conditions.TrueCondition(sourcev1.SourceVerifiedCondition, meta.SucceededReason, "verified signature of commit 'shasum'"),`
	`1522`	`+ *conditions.TrueCondition(sourcev1.SourceVerifiedCondition, meta.SucceededReason, "verified signature of commit 'shasum' with key '3299AEB0E4085BAF'"),`
`1523`	`1523`	`},`
`1524`	`1524`	`},`
`1525`	`1525`	`{`