From ac2b24626f0640de150b02b20af97e9184ca6e5c Mon Sep 17 00:00:00 2001 From: linus-sun Date: Tue, 19 Nov 2024 02:41:09 +0000 Subject: [PATCH] refactor prev checkpoint return value Signed-off-by: linus-sun --- cmd/rekor_monitor/main.go | 11 ++--------- pkg/rekor/verifier.go | 12 ++++++------ pkg/test/rekor_e2e/rekor_monitor_e2e_test.go | 10 ++++++++-- 3 files changed, 16 insertions(+), 17 deletions(-) diff --git a/cmd/rekor_monitor/main.go b/cmd/rekor_monitor/main.go index 2ff69f20..1d8b1a86 100644 --- a/cmd/rekor_monitor/main.go +++ b/cmd/rekor_monitor/main.go @@ -28,7 +28,6 @@ import ( "github.com/sigstore/rekor-monitor/pkg/identity" "github.com/sigstore/rekor-monitor/pkg/notifications" "github.com/sigstore/rekor-monitor/pkg/rekor" - "github.com/sigstore/rekor-monitor/pkg/util/file" "github.com/sigstore/rekor/pkg/client" "github.com/sigstore/rekor/pkg/generated/models" "github.com/sigstore/rekor/pkg/util" @@ -125,7 +124,8 @@ func main() { inputEndIndex := config.EndIndex var logInfo *models.LogInfo - logInfo, err = rekor.RunConsistencyCheck(rekorClient, verifier, *logInfoFile) + var prevCheckpoint *util.SignedCheckpoint + prevCheckpoint, logInfo, err = rekor.RunConsistencyCheck(rekorClient, verifier, *logInfoFile) if err != nil { fmt.Fprintf(os.Stderr, "error running consistency check: %v", err) return @@ -133,13 +133,6 @@ func main() { if config.StartIndex == nil { if *logInfoFile != "" { - var prevCheckpoint *util.SignedCheckpoint - prevCheckpoint, err = file.ReadLatestCheckpoint(*logInfoFile) - if err != nil { - fmt.Fprintf(os.Stderr, "reading checkpoint log: %v", err) - return - } - checkpointStartIndex := rekor.GetCheckpointIndex(logInfo, prevCheckpoint) config.StartIndex = &checkpointStartIndex } else { diff --git a/pkg/rekor/verifier.go b/pkg/rekor/verifier.go index 51afa5e6..2c2303e3 100644 --- a/pkg/rekor/verifier.go +++ b/pkg/rekor/verifier.go @@ -91,14 +91,14 @@ func verifyCheckpointConsistency(logInfoFile string, checkpoint *util.SignedChec } // RunConsistencyCheck periodically verifies the root hash consistency of a Rekor log. -func RunConsistencyCheck(rekorClient *client.Rekor, verifier signature.Verifier, logInfoFile string) (*models.LogInfo, error) { +func RunConsistencyCheck(rekorClient *client.Rekor, verifier signature.Verifier, logInfoFile string) (*util.SignedCheckpoint, *models.LogInfo, error) { logInfo, err := GetLogInfo(context.Background(), rekorClient) if err != nil { - return nil, fmt.Errorf("failed to get log info: %v", err) + return nil, nil, fmt.Errorf("failed to get log info: %v", err) } checkpoint, err := verifyLatestCheckpointSignature(logInfo, verifier) if err != nil { - return nil, fmt.Errorf("failed to verify signature of latest checkpoint: %v", err) + return nil, nil, fmt.Errorf("failed to verify signature of latest checkpoint: %v", err) } fi, err := os.Stat(logInfoFile) @@ -107,7 +107,7 @@ func RunConsistencyCheck(rekorClient *client.Rekor, verifier signature.Verifier, if err == nil && fi.Size() != 0 { prevCheckpoint, err = verifyCheckpointConsistency(logInfoFile, checkpoint, *logInfo.TreeID, rekorClient, verifier) if err != nil { - return nil, fmt.Errorf("failed to verify previous checkpoint: %v", err) + return nil, nil, fmt.Errorf("failed to verify previous checkpoint: %v", err) } } @@ -125,8 +125,8 @@ func RunConsistencyCheck(rekorClient *client.Rekor, verifier signature.Verifier, // to persist the last checkpoint. // Delete old checkpoints to avoid the log growing indefinitely if err := file.DeleteOldCheckpoints(logInfoFile); err != nil { - return nil, fmt.Errorf("failed to delete old checkpoints: %v", err) + return nil, nil, fmt.Errorf("failed to delete old checkpoints: %v", err) } - return logInfo, nil + return prevCheckpoint, logInfo, nil } diff --git a/pkg/test/rekor_e2e/rekor_monitor_e2e_test.go b/pkg/test/rekor_e2e/rekor_monitor_e2e_test.go index f242bf4f..79ac13bb 100644 --- a/pkg/test/rekor_e2e/rekor_monitor_e2e_test.go +++ b/pkg/test/rekor_e2e/rekor_monitor_e2e_test.go @@ -178,13 +178,16 @@ func TestIdentitySearch(t *testing.T) { t.Errorf("error getting log verifier: %v", err) } - logInfo, err = rekor.RunConsistencyCheck(rekorClient, verifier, tempLogInfoFileName) + prevCheckpoint, logInfo, err := rekor.RunConsistencyCheck(rekorClient, verifier, tempLogInfoFileName) if err != nil { t.Errorf("first consistency check failed: %v", err) } if logInfo == nil { t.Errorf("first consistency check did not return log info") } + if prevCheckpoint != nil { + t.Errorf("first consistency check should not have returned checkpoint") + } configRenderedOIDMatchers, err := configMonitoredValues.OIDMatchers.RenderOIDMatchers() if err != nil { @@ -221,7 +224,7 @@ func TestIdentitySearch(t *testing.T) { t.Errorf("error creating log entry: %v", err) } - logInfo, err = rekor.RunConsistencyCheck(rekorClient, verifier, tempLogInfoFileName) + prevCheckpoint, logInfo, err = rekor.RunConsistencyCheck(rekorClient, verifier, tempLogInfoFileName) if err != nil { t.Errorf("second consistency check failed: %v", err) } @@ -232,6 +235,9 @@ func TestIdentitySearch(t *testing.T) { if checkpoint.Size != 2 { t.Errorf("expected checkpoint size of 2, received size %d", checkpoint.Size) } + if prevCheckpoint.Size != 1 { + t.Errorf("expected previous checkpoint size of 1, received size %d", prevCheckpoint.Size) + } _, err = rekor.IdentitySearch(0, 1, rekorClient, monitoredVals, tempOutputIdentitiesFileName, nil) if err != nil {