feat: add timestamp and traceId to verification response (ratify-proj…

…ect#1697) Signed-off-by: Joshua Duffney <[email protected]>
duffney · Aug 16, 2024 · 2a36491 · 2a36491
1 parent bed493d
commit 2a36491
Show file tree

Hide file tree

Showing 6 changed files with 27 additions and 10 deletions.
diff --git a/httpserver/handlers.go b/httpserver/handlers.go
@@ -141,12 +141,12 @@ func (server *Server) verify(ctx context.Context, w http.ResponseWriter, r *http
 						logger.GetLogger(ctx, server.LogOption).Warnf("unable to insert cache entry for subject %v", resolvedSubjectReference)
 					}
 				}
-
-				if res, err := json.MarshalIndent(result, "", "  "); err == nil {
-					logger.GetLogger(ctx, server.LogOption).Infof("verify result for subject %s: %s", resolvedSubjectReference, string(res))
-				}
 			}
-			returnItem.Value = fromVerifyResult(result, server.GetExecutor(ctx).PolicyEnforcer.GetPolicyType(ctx))
+			verificationResponse := fromVerifyResult(ctx, result, server.GetExecutor(ctx).PolicyEnforcer.GetPolicyType(ctx))
+			returnItem.Value = verificationResponse
+			if res, err := json.MarshalIndent(verificationResponse, "", "  "); err == nil {
+				logger.GetLogger(ctx, server.LogOption).Infof("verification response for subject %s: \n%s", resolvedSubjectReference, string(res))
+			}
 			logger.GetLogger(ctx, server.LogOption).Debugf("verification: execution time for image %s: %dms", resolvedSubjectReference, time.Since(routineStartTime).Milliseconds())
 		}(utils.SanitizeString(key), ctx)
 	}

diff --git a/httpserver/types.go b/httpserver/types.go
@@ -16,6 +16,10 @@ limitations under the License.
 package httpserver
 
 import (
+	"context"
+	"time"
+
+	"github.com/ratify-project/ratify/internal/logger"
 	"github.com/ratify-project/ratify/pkg/executor/types"
 	pt "github.com/ratify-project/ratify/pkg/policyprovider/types"
 )
@@ -32,17 +36,21 @@ const (
 type VerificationResponse struct {
 	Version         string        `json:"version"`
 	IsSuccess       bool          `json:"isSuccess"`
+	TraceID         string        `json:"traceID,omitempty"`
+	Timestamp       string        `json:"timestamp,omitempty"`
 	VerifierReports []interface{} `json:"verifierReports,omitempty"`
 }
 
-func fromVerifyResult(res types.VerifyResult, policyType string) VerificationResponse {
+func fromVerifyResult(ctx context.Context, res types.VerifyResult, policyType string) VerificationResponse {
 	version := ResultVersion0_2_0
 	if policyType == pt.RegoPolicy {
 		version = ResultVersion1_1_0
 	}
 	return VerificationResponse{
 		Version:         version,
 		IsSuccess:       res.IsSuccess,
+		Timestamp:       time.Now().Format(time.RFC3339Nano),
+		TraceID:         logger.GetTraceID(ctx),
 		VerifierReports: res.VerifierReports,
 	}
 }
diff --git a/httpserver/types_test.go b/httpserver/types_test.go
@@ -16,6 +16,7 @@ limitations under the License.
 package httpserver
 
 import (
+	"context"
 	"testing"
 
 	"github.com/ratify-project/ratify/pkg/executor/types"
@@ -43,7 +44,7 @@ func TestFromVerifyResult(t *testing.T) {
 
 	for _, tc := range testCases {
 		t.Run(tc.name, func(t *testing.T) {
-			if res := fromVerifyResult(result, tc.policyType); res.Version != tc.expectedVersion {
+			if res := fromVerifyResult(context.Background(), result, tc.policyType); res.Version != tc.expectedVersion {
 				t.Fatalf("Expected version to be %s, got %s", tc.expectedVersion, res.Version)
 			}
 		})

diff --git a/internal/logger/logger.go b/internal/logger/logger.go
@@ -101,6 +101,15 @@ func GetLogger(ctx context.Context, opt Option) dcontext.Logger {
 	return dcontext.GetLogger(ctx, ContextKeyComponentType)
 }
 
+// GetTraceID returns the trace ID from the context.
+func GetTraceID(ctx context.Context) string {
+	traceID := ctx.Value(ContextKeyTraceID)
+	if traceID == nil {
+		return ""
+	}
+	return traceID.(string)
+}
+
 // setTraceID sets the trace ID in the context. If the trace ID is not present in the request headers, a new one is generated.
 func setTraceID(ctx context.Context, r *http.Request) context.Context {
 	traceID := ""

diff --git a/internal/logger/logger_test.go b/internal/logger/logger_test.go
@@ -23,7 +23,6 @@ import (
 	"testing"
 
 	logstash "github.com/bshuster-repo/logrus-logstash-hook"
-	dcontext "github.com/docker/distribution/context"
 	"github.com/sirupsen/logrus"
 	"github.com/stretchr/testify/assert"
 )
@@ -75,7 +74,7 @@ func TestInitContext(t *testing.T) {
 		t.Run(tc.name, func(t *testing.T) {
 			traceIDHeaderNames = tc.headerNames
 			ctx := InitContext(context.Background(), tc.r)
-			traceID := dcontext.GetStringValue(ctx, ContextKeyTraceID)
+			traceID := GetTraceID(ctx)
 			if traceID == "" {
 				t.Fatalf("expected non-empty traceID, but got empty one")
 			}

diff --git a/library/default/template.yaml b/library/default/template.yaml
@@ -44,5 +44,5 @@ spec:
         general_violation[{"result": result}] {
           subject_validation := remote_data.responses[_]
           subject_validation[1].isSuccess == false
-          result := sprintf("Failed to verify the artifact: %s", [subject_validation[0]])
+          result := sprintf("Time=%s, failed to verify the artifact: %s, trace-id: %s", [subject_validation[1].timestamp, subject_validation[0], subject_validation[1].traceID])
         }