refactor prev checkpoint return value

Signed-off-by: linus-sun <[email protected]>
sigstore · Nov 19, 2024 · a7b9c38 · a7b9c38
1 parent ca11079
commit a7b9c38
Show file tree

Hide file tree

Showing 3 changed files with 16 additions and 17 deletions.
diff --git a/cmd/rekor_monitor/main.go b/cmd/rekor_monitor/main.go
@@ -28,7 +28,6 @@ import (
 	"github.com/sigstore/rekor-monitor/pkg/identity"
 	"github.com/sigstore/rekor-monitor/pkg/notifications"
 	"github.com/sigstore/rekor-monitor/pkg/rekor"
-	"github.com/sigstore/rekor-monitor/pkg/util/file"
 	"github.com/sigstore/rekor/pkg/client"
 	"github.com/sigstore/rekor/pkg/generated/models"
 	"github.com/sigstore/rekor/pkg/util"
@@ -125,21 +124,15 @@ func main() {
 		inputEndIndex := config.EndIndex
 
 		var logInfo *models.LogInfo
-		logInfo, err = rekor.RunConsistencyCheck(rekorClient, verifier, *logInfoFile)
+		var prevCheckpoint *util.SignedCheckpoint
+		prevCheckpoint, logInfo, err = rekor.RunConsistencyCheck(rekorClient, verifier, *logInfoFile)
 		if err != nil {
 			fmt.Fprintf(os.Stderr, "error running consistency check: %v", err)
 			return
 		}
 
 		if config.StartIndex == nil {
 			if *logInfoFile != "" {
-				var prevCheckpoint *util.SignedCheckpoint
-				prevCheckpoint, err = file.ReadLatestCheckpoint(*logInfoFile)
-				if err != nil {
-					fmt.Fprintf(os.Stderr, "reading checkpoint log: %v", err)
-					return
-				}
-
 				checkpointStartIndex := rekor.GetCheckpointIndex(logInfo, prevCheckpoint)
 				config.StartIndex = &checkpointStartIndex
 			} else {

diff --git a/pkg/rekor/verifier.go b/pkg/rekor/verifier.go
@@ -91,14 +91,14 @@ func verifyCheckpointConsistency(logInfoFile string, checkpoint *util.SignedChec
 }
 
 // RunConsistencyCheck periodically verifies the root hash consistency of a Rekor log.
-func RunConsistencyCheck(rekorClient *client.Rekor, verifier signature.Verifier, logInfoFile string) (*models.LogInfo, error) {
+func RunConsistencyCheck(rekorClient *client.Rekor, verifier signature.Verifier, logInfoFile string) (*util.SignedCheckpoint, *models.LogInfo, error) {
 	logInfo, err := GetLogInfo(context.Background(), rekorClient)
 	if err != nil {
-		return nil, fmt.Errorf("failed to get log info: %v", err)
+		return nil, nil, fmt.Errorf("failed to get log info: %v", err)
 	}
 	checkpoint, err := verifyLatestCheckpointSignature(logInfo, verifier)
 	if err != nil {
-		return nil, fmt.Errorf("failed to verify signature of latest checkpoint: %v", err)
+		return nil, nil, fmt.Errorf("failed to verify signature of latest checkpoint: %v", err)
 	}
 
 	fi, err := os.Stat(logInfoFile)
@@ -107,7 +107,7 @@ func RunConsistencyCheck(rekorClient *client.Rekor, verifier signature.Verifier,
 	if err == nil && fi.Size() != 0 {
 		prevCheckpoint, err = verifyCheckpointConsistency(logInfoFile, checkpoint, *logInfo.TreeID, rekorClient, verifier)
 		if err != nil {
-			return nil, fmt.Errorf("failed to verify previous checkpoint: %v", err)
+			return nil, nil, fmt.Errorf("failed to verify previous checkpoint: %v", err)
 		}
 
 	}
@@ -125,8 +125,8 @@ func RunConsistencyCheck(rekorClient *client.Rekor, verifier signature.Verifier,
 	// to persist the last checkpoint.
 	// Delete old checkpoints to avoid the log growing indefinitely
 	if err := file.DeleteOldCheckpoints(logInfoFile); err != nil {
-		return nil, fmt.Errorf("failed to delete old checkpoints: %v", err)
+		return nil, nil, fmt.Errorf("failed to delete old checkpoints: %v", err)
 	}
 
-	return logInfo, nil
+	return prevCheckpoint, logInfo, nil
 }
diff --git a/pkg/test/rekor_e2e/rekor_monitor_e2e_test.go b/pkg/test/rekor_e2e/rekor_monitor_e2e_test.go
@@ -178,13 +178,16 @@ func TestIdentitySearch(t *testing.T) {
 		t.Errorf("error getting log verifier: %v", err)
 	}
 
-	logInfo, err = rekor.RunConsistencyCheck(rekorClient, verifier, tempLogInfoFileName)
+	prevCheckpoint, logInfo, err := rekor.RunConsistencyCheck(rekorClient, verifier, tempLogInfoFileName)
 	if err != nil {
 		t.Errorf("first consistency check failed: %v", err)
 	}
 	if logInfo == nil {
 		t.Errorf("first consistency check did not return log info")
 	}
+	if prevCheckpoint != nil {
+		t.Errorf("first consistency check should not have returned checkpoint")
+	}
 
 	configRenderedOIDMatchers, err := configMonitoredValues.OIDMatchers.RenderOIDMatchers()
 	if err != nil {
@@ -221,7 +224,7 @@ func TestIdentitySearch(t *testing.T) {
 		t.Errorf("error creating log entry: %v", err)
 	}
 
-	logInfo, err = rekor.RunConsistencyCheck(rekorClient, verifier, tempLogInfoFileName)
+	prevCheckpoint, logInfo, err = rekor.RunConsistencyCheck(rekorClient, verifier, tempLogInfoFileName)
 	if err != nil {
 		t.Errorf("second consistency check failed: %v", err)
 	}
@@ -232,6 +235,9 @@ func TestIdentitySearch(t *testing.T) {
 	if checkpoint.Size != 2 {
 		t.Errorf("expected checkpoint size of 2, received size %d", checkpoint.Size)
 	}
+	if prevCheckpoint.Size != 1 {
+		t.Errorf("expected checkpoint size of 1, received size %d", prevCheckpoint.Size)
+	}
 
 	_, err = rekor.IdentitySearch(0, 1, rekorClient, monitoredVals, tempOutputIdentitiesFileName, nil)
 	if err != nil {