From 40c1851ffcd9b555dc718cde60cf26a0a8b4467f Mon Sep 17 00:00:00 2001 From: stefanprodan Date: Tue, 14 Apr 2020 16:42:25 +0300 Subject: [PATCH] Add verification failed reason --- api/v1alpha1/condition_types.go | 4 ++++ api/v1alpha1/gitrepository_types.go | 2 +- config/crd/bases/source.fluxcd.io_gitrepositories.yaml | 8 +++++--- controllers/gitrepository_controller.go | 6 +++--- 4 files changed, 13 insertions(+), 7 deletions(-) diff --git a/api/v1alpha1/condition_types.go b/api/v1alpha1/condition_types.go index d62c563a..71e63097 100644 --- a/api/v1alpha1/condition_types.go +++ b/api/v1alpha1/condition_types.go @@ -65,4 +65,8 @@ const ( // AuthenticationFailedReason represents the fact that a given secret does not // have the required fields or the provided credentials do not match. AuthenticationFailedReason string = "AuthenticationFailed" + + // VerificationFailedReason represents the fact that the cryptographic provenance + // verification for the source failed. + VerificationFailedReason string = "VerificationFailed" ) diff --git a/api/v1alpha1/gitrepository_types.go b/api/v1alpha1/gitrepository_types.go index 02f4b407..c2560564 100644 --- a/api/v1alpha1/gitrepository_types.go +++ b/api/v1alpha1/gitrepository_types.go @@ -80,7 +80,7 @@ type GitRepositoryVerification struct { SecretRef corev1.LocalObjectReference `json:"secretRef,omitempty"` } -// GitRepositoryStatus defines the observed state of Git repository. +// GitRepositoryStatus defines the observed state of a Git repository. type GitRepositoryStatus struct { // +optional Conditions []SourceCondition `json:"conditions,omitempty"` diff --git a/config/crd/bases/source.fluxcd.io_gitrepositories.yaml b/config/crd/bases/source.fluxcd.io_gitrepositories.yaml index 2021a169..7fdd6fec 100644 --- a/config/crd/bases/source.fluxcd.io_gitrepositories.yaml +++ b/config/crd/bases/source.fluxcd.io_gitrepositories.yaml @@ -87,10 +87,12 @@ spec: pattern: ^(http|https|ssh):// type: string verify: - description: Verify PGP signature for the commit that HEAD points to. + description: Verify OpenPGP signature for the commit that HEAD points + to. properties: mode: - description: Mode describes what git object should be verified. + description: Mode describes what git object should be verified, + currently ('head'). enum: - head type: string @@ -111,7 +113,7 @@ spec: - url type: object status: - description: GitRepositoryStatus defines the observed state of the GitRepository. + description: GitRepositoryStatus defines the observed state of a Git repository. properties: artifact: description: Artifact represents the output of the last successful repository diff --git a/controllers/gitrepository_controller.go b/controllers/gitrepository_controller.go index 16a749ff..b76fb1b1 100644 --- a/controllers/gitrepository_controller.go +++ b/controllers/gitrepository_controller.go @@ -271,7 +271,7 @@ func (r *GitRepositoryReconciler) sync(ctx context.Context, repository sourcev1. if commit.PGPSignature == "" { err = fmt.Errorf("PGP signature not found for commit '%s'", ref.Hash()) - return sourcev1.GitRepositoryNotReady(repository, sourcev1.GitOperationFailedReason, err.Error()), err + return sourcev1.GitRepositoryNotReady(repository, sourcev1.VerificationFailedReason, err.Error()), err } name := types.NamespacedName{ @@ -283,7 +283,7 @@ func (r *GitRepositoryReconciler) sync(ctx context.Context, repository sourcev1. err = r.Client.Get(ctx, name, &secret) if err != nil { err = fmt.Errorf("PGP public keys secret error: %w", err) - return sourcev1.GitRepositoryNotReady(repository, sourcev1.GitOperationFailedReason, err.Error()), err + return sourcev1.GitRepositoryNotReady(repository, sourcev1.VerificationFailedReason, err.Error()), err } var verified bool @@ -296,7 +296,7 @@ func (r *GitRepositoryReconciler) sync(ctx context.Context, repository sourcev1. if !verified { err = fmt.Errorf("PGP signature of '%s' can't be verified", commit.Author) - return sourcev1.GitRepositoryNotReady(repository, sourcev1.GitOperationFailedReason, err.Error()), err + return sourcev1.GitRepositoryNotReady(repository, sourcev1.VerificationFailedReason, err.Error()), err } }