refactor(notation): merge notationoptions with options struct

Signed-off-by: Jason <[email protected]>

Author: JasonTheDeveloper

internal/controller/helmchart_controller.go

@@ -1393,7 +1393,7 @@ func (r *HelmChartReconciler) makeVerifiers(ctx context.Context, obj *helmv1.Hel
 			return nil, err
 		}
 
-		defaultNotaryOciOpts := []soci.NotationOptions{
+		defaultNotaryOciOpts := []soci.Options{
 			soci.WithTrustStore(&doc),
 			soci.WithNotaryRemoteOptions(verifyOpts...),
 		}

internal/controller/ocirepository_controller.go

@@ -713,7 +713,7 @@ func (r *OCIRepositoryReconciler) verifySignature(ctx context.Context, obj *ociv
 
 		signatureVerified := false
 
-		defaultNotaryOciOpts := []soci.NotationOptions{
+		defaultNotaryOciOpts := []soci.Options{
 			soci.WithTrustStore(&doc),
 			soci.WithNotaryRemoteOptions(opt...),
 		}

internal/oci/notation.go

@@ -23,28 +23,16 @@ import (
 	oauth "oras.land/oras-go/v2/registry/remote/auth"
 )
 
-// notationOptions is a struct that holds options for notation verifier
-type notationOptions struct {
-	PublicCertificate []byte
-	TrustStore        *trustpolicy.Document
-	Keychain          authn.Keychain
-	ROpt              []remote.Option
-	Insecure          bool
-}
-
-// NotationOptions is a function that configures the options applied to a notation verifier
-type NotationOptions func(opts *notationOptions)
-
 // WithInsecureRegistry sets notation to verify against insecure registry.
-func WithInsecureRegistry(insecure bool) NotationOptions {
-	return func(opts *notationOptions) {
+func WithInsecureRegistry(insecure bool) Options {
+	return func(opts *options) {
 		opts.Insecure = insecure
 	}
 }
 
 // WithTrustStore sets the trust store configuration.
-func WithTrustStore(trustStore *trustpolicy.Document) NotationOptions {
-	return func(opts *notationOptions) {
+func WithTrustStore(trustStore *trustpolicy.Document) Options {
+	return func(opts *options) {
 		opts.TrustStore = trustStore
 	}
 }
@@ -54,24 +42,24 @@ func WithTrustStore(trustStore *trustpolicy.Document) NotationOptions {
 // It takes in the certificate data as a byte slice and the name of the certificate.
 // The function returns a NotationOptions function option that sets the public certificate
 // in the notation options.
-func WithNotaryPublicCertificate(data []byte) NotationOptions {
-	return func(opts *notationOptions) {
-		opts.PublicCertificate = data
+func WithNotaryPublicCertificate(data []byte) Options {
+	return func(opts *options) {
+		opts.PublicKey = data
 	}
 }
 
 // WithNotaryRemoteOptions is a functional option for overriding the default
 // remote options used by the verifier
-func WithNotaryRemoteOptions(opts ...remote.Option) NotationOptions {
-	return func(o *notationOptions) {
+func WithNotaryRemoteOptions(opts ...remote.Option) Options {
+	return func(o *options) {
 		o.ROpt = opts
 	}
 }
 
 // WithNotaryKeychain is a functional option for overriding the default
 // remote options used by the verifier
-func WithNotaryKeychain(key authn.Keychain) NotationOptions {
-	return func(o *notationOptions) {
+func WithNotaryKeychain(key authn.Keychain) Options {
+	return func(o *options) {
 		o.Keychain = key
 	}
 }
@@ -105,14 +93,14 @@ func (s trustStore) GetCertificates(ctx context.Context, storeType truststore.Ty
 }
 
 // NewNotaryVerifier initializes a new NotaryVerifier
-func NewNotaryVerifier(opts ...NotationOptions) (*NotaryVerifier, error) {
-	o := notationOptions{}
+func NewNotaryVerifier(opts ...Options) (*NotaryVerifier, error) {
+	o := options{}
 	for _, opt := range opts {
 		opt(&o)
 	}
 
 	store := &trustStore{
-		cert: o.PublicCertificate,
+		cert: o.PublicKey,
 	}
 
 	verifier, err := verifier.New(o.TrustStore, store, nil)

internal/oci/notation_test.go

@@ -10,40 +10,40 @@ import (
 	"github.com/notaryproject/notation-go/verifier/trustpolicy"
 )
 
-func TestNotaryOptions(t *testing.T) {
+func TestOptionsForNotary(t *testing.T) {
 	testCases := []struct {
 		name string
-		opts []NotationOptions
-		want *notationOptions
+		opts []Options
+		want *options
 	}{
 		{
 			name: "no options",
-			want: &notationOptions{},
+			want: &options{},
 		},
 		{
 			name: "signature option",
-			opts: []NotationOptions{WithNotaryPublicCertificate([]byte("foo"))},
-			want: &notationOptions{
-				PublicCertificate: []byte("foo"),
-				ROpt:              nil,
+			opts: []Options{WithNotaryPublicCertificate([]byte("foo"))},
+			want: &options{
+				PublicKey: []byte("foo"),
+				ROpt:      nil,
 			},
 		},
 		{
 			name: "keychain option",
-			opts: []NotationOptions{WithNotaryRemoteOptions(remote.WithAuthFromKeychain(authn.DefaultKeychain))},
-			want: &notationOptions{
-				PublicCertificate: nil,
-				ROpt:              []remote.Option{remote.WithAuthFromKeychain(authn.DefaultKeychain)},
+			opts: []Options{WithNotaryRemoteOptions(remote.WithAuthFromKeychain(authn.DefaultKeychain))},
+			want: &options{
+				PublicKey: nil,
+				ROpt:      []remote.Option{remote.WithAuthFromKeychain(authn.DefaultKeychain)},
 			},
 		},
 		{
 			name: "keychain and authenticator option",
-			opts: []NotationOptions{WithNotaryRemoteOptions(
+			opts: []Options{WithNotaryRemoteOptions(
 				remote.WithAuth(&authn.Basic{Username: "foo", Password: "bar"}),
 				remote.WithAuthFromKeychain(authn.DefaultKeychain),
 			)},
-			want: &notationOptions{
-				PublicCertificate: nil,
+			want: &options{
+				PublicKey: nil,
 				ROpt: []remote.Option{
 					remote.WithAuth(&authn.Basic{Username: "foo", Password: "bar"}),
 					remote.WithAuthFromKeychain(authn.DefaultKeychain),
@@ -52,13 +52,13 @@ func TestNotaryOptions(t *testing.T) {
 		},
 		{
 			name: "keychain, authenticator and transport option",
-			opts: []NotationOptions{WithNotaryRemoteOptions(
+			opts: []Options{WithNotaryRemoteOptions(
 				remote.WithAuth(&authn.Basic{Username: "foo", Password: "bar"}),
 				remote.WithAuthFromKeychain(authn.DefaultKeychain),
 				remote.WithTransport(http.DefaultTransport),
 			)},
-			want: &notationOptions{
-				PublicCertificate: nil,
+			want: &options{
+				PublicKey: nil,
 				ROpt: []remote.Option{
 					remote.WithAuth(&authn.Basic{Username: "foo", Password: "bar"}),
 					remote.WithAuthFromKeychain(authn.DefaultKeychain),
@@ -68,63 +68,63 @@ func TestNotaryOptions(t *testing.T) {
 		},
 		{
 			name: "truststore, empty document",
-			opts: []NotationOptions{WithTrustStore(&trustpolicy.Document{})},
-			want: &notationOptions{
-				PublicCertificate: nil,
-				ROpt:              nil,
-				TrustStore:        &trustpolicy.Document{},
+			opts: []Options{WithTrustStore(&trustpolicy.Document{})},
+			want: &options{
+				PublicKey:  nil,
+				ROpt:       nil,
+				TrustStore: &trustpolicy.Document{},
 			},
 		},
 		{
 			name: "truststore, dummy document",
-			opts: []NotationOptions{WithTrustStore(dummyPolicyDocument())},
-			want: &notationOptions{
-				PublicCertificate: nil,
-				ROpt:              nil,
-				TrustStore:        dummyPolicyDocument(),
+			opts: []Options{WithTrustStore(dummyPolicyDocument())},
+			want: &options{
+				PublicKey:  nil,
+				ROpt:       nil,
+				TrustStore: dummyPolicyDocument(),
 			},
 		},
 		{
 			name: "insecure, false",
-			opts: []NotationOptions{WithInsecureRegistry(false)},
-			want: &notationOptions{
-				PublicCertificate: nil,
-				ROpt:              nil,
-				TrustStore:        nil,
-				Insecure:          false,
+			opts: []Options{WithInsecureRegistry(false)},
+			want: &options{
+				PublicKey:  nil,
+				ROpt:       nil,
+				TrustStore: nil,
+				Insecure:   false,
 			},
 		},
 		{
 			name: "insecure, true",
-			opts: []NotationOptions{WithInsecureRegistry(true)},
-			want: &notationOptions{
-				PublicCertificate: nil,
-				ROpt:              nil,
-				TrustStore:        nil,
-				Insecure:          true,
+			opts: []Options{WithInsecureRegistry(true)},
+			want: &options{
+				PublicKey:  nil,
+				ROpt:       nil,
+				TrustStore: nil,
+				Insecure:   true,
 			},
 		},
 		{
 			name: "insecure, default",
-			opts: []NotationOptions{},
-			want: &notationOptions{
-				PublicCertificate: nil,
-				ROpt:              nil,
-				TrustStore:        nil,
-				Insecure:          false,
+			opts: []Options{},
+			want: &options{
+				PublicKey:  nil,
+				ROpt:       nil,
+				TrustStore: nil,
+				Insecure:   false,
 			},
 		},
 	}
 
 	// Run the test cases
 	for _, tc := range testCases {
 		t.Run(tc.name, func(t *testing.T) {
-			o := notationOptions{}
+			o := options{}
 			for _, opt := range tc.opts {
 				opt(&o)
 			}
-			if !reflect.DeepEqual(o.PublicCertificate, tc.want.PublicCertificate) {
-				t.Errorf("got %#v, want %#v", &o.PublicCertificate, tc.want.PublicCertificate)
+			if !reflect.DeepEqual(o.PublicKey, tc.want.PublicKey) {
+				t.Errorf("got %#v, want %#v", &o.PublicKey, tc.want.PublicKey)
 			}
 
 			if !reflect.DeepEqual(o.TrustStore, tc.want.TrustStore) {

internal/oci/verifier.go

@@ -21,8 +21,10 @@ import (
 	"crypto"
 	"fmt"
 
+	"github.com/google/go-containerregistry/pkg/authn"
 	"github.com/google/go-containerregistry/pkg/name"
 	"github.com/google/go-containerregistry/pkg/v1/remote"
+	"github.com/notaryproject/notation-go/verifier/trustpolicy"
 	"github.com/sigstore/cosign/v2/cmd/cosign/cli/fulcio"
 	coptions "github.com/sigstore/cosign/v2/cmd/cosign/cli/options"
 	"github.com/sigstore/cosign/v2/cmd/cosign/cli/rekor"
@@ -43,6 +45,9 @@ type options struct {
 	PublicKey  []byte
 	ROpt       []remote.Option
 	Identities []cosign.Identity
+	TrustStore *trustpolicy.Document
+	Keychain   authn.Keychain
+	Insecure   bool
 }
 
 // Options is a function that configures the options applied to a Verifier.