diff --git a/pkg/imgpkg/signature/fetch_signatures.go b/pkg/imgpkg/signature/fetch_signatures.go index 1cd45e9e2..cbb7ad7b6 100644 --- a/pkg/imgpkg/signature/fetch_signatures.go +++ b/pkg/imgpkg/signature/fetch_signatures.go @@ -4,6 +4,7 @@ package signature import ( + "errors" "fmt" "sync" @@ -62,9 +63,9 @@ type FetchError struct { // Error message that contains all errors func (f *FetchError) Error() string { - msg := "Unable to retrieve the following images:\n" + msg := "Unable to retrieve the following images:" for _, err := range f.AllErrors { - msg = fmt.Sprintf("%sImage: '%s'\nError:%s", msg, err.ImageRef(), err.Error()) + msg = fmt.Sprintf("%s\nImage: '%s'\nError: %s", msg, err.ImageRef(), err.Error()) } return msg } @@ -104,7 +105,17 @@ func (s *Signatures) Fetch(images *imageset.UnprocessedImageRefs) (*imageset.Unp } imagesRefs, err := s.FetchForImageRefs(imgs) if err != nil { - return nil, err + var fetchError *FetchError + if !errors.As(err, &fetchError) { + return nil, err + } + + for _, fError := range fetchError.AllErrors { + var accessDeniedErr AccessDeniedErr + if !errors.As(fError, &accessDeniedErr) { + return nil, fetchError + } + } } for _, ref := range imagesRefs { signatures.Add(imageset.UnprocessedImageRef{ @@ -113,7 +124,7 @@ func (s *Signatures) Fetch(images *imageset.UnprocessedImageRefs) (*imageset.Unp }) } - return signatures, err + return signatures, nil } // FetchForImageRefs Retrieve the available signatures associated with the images provided diff --git a/pkg/imgpkg/signature/fetch_signatures_test.go b/pkg/imgpkg/signature/fetch_signatures_test.go index c42edadc0..5653b41ee 100644 --- a/pkg/imgpkg/signature/fetch_signatures_test.go +++ b/pkg/imgpkg/signature/fetch_signatures_test.go @@ -45,7 +45,32 @@ func TestSignatureRetriever_Signatures(t *testing.T) { assert.Equal(t, imageset.UnprocessedImageRef{DigestRef: "registry.io/img@sha256:cf31af331f38d1d7158470e095b132acd126a7180a54f263d386da88eb681d93", Tag: "some-tag"}, sign2) }) - t.Run("denied errors are provided as part of the error", func(t *testing.T) { + t.Run("denied errors, when calling Fetch, work as not found", func(t *testing.T) { + fakeSignatureFinder := &signaturefakes.FakeFinder{} + subject := signature.NewSignatures(fakeSignatureFinder, 2) + fakeSignatureFinder.SignatureCalls(func(digest regname.Digest) (imageset.UnprocessedImageRef, error) { + availableResults := map[string]imageset.UnprocessedImageRef{ + "sha256:4c8b96d4fffdfae29258d94a22ae4ad1fe36139d47288b8960d9958d1e63a9d0": {DigestRef: "registry.io/img@sha256:cf31af331f38d1d7158470e095b132acd126a7180a54f263d386da88eb681d93", Tag: "some-tag"}, + "sha256:56cb33b3b4bc45509c5ff7513ddc6ed78764f9ad5165cc32826e04da49d5462b": {DigestRef: "registry.io/img2@sha256:be154cc2b1211a9f98f4d708f4266650c9129784d0485d4507d9b0fa05d928b6", Tag: "some-other-tag"}, + } + if res, ok := availableResults[digest.DigestStr()]; ok { + return res, nil + } + return imageset.UnprocessedImageRef{}, signature.AccessDeniedErr{} + }) + + args := imageset.NewUnprocessedImageRefs() + args.Add(imageset.UnprocessedImageRef{DigestRef: "registry.io/img@sha256:4c8b96d4fffdfae29258d94a22ae4ad1fe36139d47288b8960d9958d1e63a9d0"}) + args.Add(imageset.UnprocessedImageRef{DigestRef: "registry.io/img1@sha256:6716afd7a68262a37d3f67681ed9dedf3b882938ad777f268f44d68894531f7a"}) + args.Add(imageset.UnprocessedImageRef{DigestRef: "registry.io/img2@sha256:56cb33b3b4bc45509c5ff7513ddc6ed78764f9ad5165cc32826e04da49d5462b"}) + args.Add(imageset.UnprocessedImageRef{DigestRef: "registry.io/img2@sha256:a40a266ca606d8dcbac60b4bb1ec42128ba7063f5eed3a997ec4546edc6cf209"}) + signatures, err := subject.Fetch(args) + require.NoError(t, err) + + require.Equal(t, 2, signatures.Length()) + }) + + t.Run("denied errors are provided as part of the error, when calling FetchForImageRefs", func(t *testing.T) { fakeSignatureFinder := &signaturefakes.FakeFinder{} subject := signature.NewSignatures(fakeSignatureFinder, 2) fakeSignatureFinder.SignatureCalls(func(digest regname.Digest) (imageset.UnprocessedImageRef, error) {