Open yizha1 opened 4 months ago
Scenarios listed in the doc: https://hackmd.io/@H7a8_rG4SuaKwzu4NLT-9Q/HkFHgokv0#User-Scenarios
Work item break down:
Scenarios listed in the doc: https://hackmd.io/@H7a8_rG4SuaKwzu4NLT-9Q/HkFHgokv0#User-Scenarios
Work item break down:
- [ ] KMP configuration
- [ ] Store configuration
- [ ] Verifier configuration
- [ ] Policy configuration
- [ ] Access control to ACR/AKV
- [ ] Signature verification
After discussion with @yizha1, we have proposed some overall improvements to the current error handling framework.
What would you like to be added?
The error message of signature verification is not concise and actionable, see example,
Example1: "verification failed: Error: referrers not found, Code: REFERRERS_NOT_FOUND, Component Type: executor"
Example2: "Original Error: (Original Error: (signature is not produced by a trusted signer), Error: verify signature failure, Code: VERIFY_SIGNATURE_FAILURE, Plugin Name: notation, Component Type: verifier, Documentation: https://github.com/notaryproject/notaryproject/tree/main/specs, Detail: failed to verify signature of digest), Error: verify reference failure, Code: VERIFY_REFERENCE_FAILURE, Plugin Name: notation, Component Type: verifier"
It's hard to understand what happened, what happened and what needs to be done. There is a need for enhancements in the error messages related to signature verification. We can test the common scenarios for both Notary Project signatures and Cosign signatures, and check whether error messages are concise, precise, and actionable
Anything else you would like to add?
Discussed with Yi offline, we have more scenarios need to be covered, check this doc for more details: https://hackmd.io/@H7a8_rG4SuaKwzu4NLT-9Q/HkFHgokv0#User-Scenarios
Work item break down:
Are you willing to submit PRs to contribute to this feature?