Add verification failed reason

2020-04-14 16:42:25 +03:00 · 2020-04-14 16:42:25 +03:00 · 40c1851ffc
parent 440c70d010
commit 40c1851ffc
4 changed files with 13 additions and 7 deletions
--- a/api/v1alpha1/condition_types.go
+++ b/api/v1alpha1/condition_types.go
@ -65,4 +65,8 @@ const (
 	// AuthenticationFailedReason represents the fact that a given secret does not
 	// have the required fields or the provided credentials do not match.
 	AuthenticationFailedReason string = "AuthenticationFailed"
+
+	// VerificationFailedReason represents the fact that the cryptographic provenance
+	// verification for the source failed.
+	VerificationFailedReason string = "VerificationFailed"
 )
--- a/api/v1alpha1/gitrepository_types.go
+++ b/api/v1alpha1/gitrepository_types.go
@ -80,7 +80,7 @@ type GitRepositoryVerification struct {
 	SecretRef corev1.LocalObjectReference `json:"secretRef,omitempty"`
 }

-// GitRepositoryStatus defines the observed state of Git repository.
+// GitRepositoryStatus defines the observed state of a Git repository.
 type GitRepositoryStatus struct {
 	// +optional
 	Conditions []SourceCondition `json:"conditions,omitempty"`
--- a/config/crd/bases/source.fluxcd.io_gitrepositories.yaml
+++ b/config/crd/bases/source.fluxcd.io_gitrepositories.yaml
@ -87,10 +87,12 @@ spec:
              pattern: ^(http|https|ssh)://
              type: string
            verify:
-              description: Verify PGP signature for the commit that HEAD points to.
+              description: Verify OpenPGP signature for the commit that HEAD points
+                to.
              properties:
                mode:
-                  description: Mode describes what git object should be verified.
+                  description: Mode describes what git object should be verified,
+                    currently ('head').
                  enum:
                  - head
                  type: string
@ -111,7 +113,7 @@ spec:
          - url
          type: object
        status:
-          description: GitRepositoryStatus defines the observed state of the GitRepository.
+          description: GitRepositoryStatus defines the observed state of a Git repository.
          properties:
            artifact:
              description: Artifact represents the output of the last successful repository
--- a/controllers/gitrepository_controller.go
+++ b/controllers/gitrepository_controller.go
@ -271,7 +271,7 @@ func (r *GitRepositoryReconciler) sync(ctx context.Context, repository sourcev1.

 		if commit.PGPSignature == "" {
 			err = fmt.Errorf("PGP signature not found for commit '%s'", ref.Hash())
-			return sourcev1.GitRepositoryNotReady(repository, sourcev1.GitOperationFailedReason, err.Error()), err
+			return sourcev1.GitRepositoryNotReady(repository, sourcev1.VerificationFailedReason, err.Error()), err
 		}

 		name := types.NamespacedName{
@ -283,7 +283,7 @@ func (r *GitRepositoryReconciler) sync(ctx context.Context, repository sourcev1.
 		err = r.Client.Get(ctx, name, &secret)
 		if err != nil {
 			err = fmt.Errorf("PGP public keys secret error: %w", err)
-			return sourcev1.GitRepositoryNotReady(repository, sourcev1.GitOperationFailedReason, err.Error()), err
+			return sourcev1.GitRepositoryNotReady(repository, sourcev1.VerificationFailedReason, err.Error()), err
 		}

 		var verified bool
@ -296,7 +296,7 @@ func (r *GitRepositoryReconciler) sync(ctx context.Context, repository sourcev1.

 		if !verified {
 			err = fmt.Errorf("PGP signature of '%s' can't be verified", commit.Author)
-			return sourcev1.GitRepositoryNotReady(repository, sourcev1.GitOperationFailedReason, err.Error()), err
+			return sourcev1.GitRepositoryNotReady(repository, sourcev1.VerificationFailedReason, err.Error()), err
 		}
 	}