log cosign outputs #139 (#146)

Signed-off-by: Denis Vaumoron <dvaumoron@gmail.com>

config/config.go

@@ -187,10 +187,7 @@ func InitConfigFromEnv() (Config, error) {
 
 func (conf *Config) InitDisplayer(proxyCall bool) {
 	if conf.ForceQuiet {
-		appLogger := hclog.New(&hclog.LoggerOptions{
-			Name: TenvName, Level: hclog.Off,
-		})
-		conf.Displayer = loghelper.MakeBasicDisplayer(appLogger, loghelper.NoDisplay)
+		conf.Displayer = loghelper.InertDisplayer
 		conf.DisplayVerbose = false
 	} else {
 		logLevel := hclog.Trace

go.sum

@@ -1,5 +1,3 @@
-github.com/BurntSushi/toml v1.3.2 h1:o7IhLm0Msx3BaB+n3Ag7L8EVlByGnpq14C4YWiu/gL8=
-github.com/BurntSushi/toml v1.3.2/go.mod h1:CxXYINrC8qIiEnFrOxCa7Jy5BFHlXnUU2pbicEuybxQ=
 github.com/BurntSushi/toml v1.4.0 h1:kuoIxZQy2WRRk1pttg9asf+WVv6tWQuBNVmK8+nqPr0=
 github.com/BurntSushi/toml v1.4.0/go.mod h1:ukJfTF/6rtPPRCnwkur4qwRxa8vTRFBF0uk2lLoLwho=
 github.com/ProtonMail/go-crypto v0.0.0-20230717121422-5aa5874ade95/go.mod h1:EjAoLdwvbIOoOQr3ihjnSoLZRtE8azugULFRteWMNc0=
@@ -35,8 +33,6 @@ github.com/google/go-cmp v0.6.0 h1:ofyhxvXcZhMsU5ulbFiLKl/XBFqE1GSq7atu8tAmTRI=
 github.com/google/go-cmp v0.6.0/go.mod h1:17dUlkBOakJ0+DkrSSNjCkIjxS6bF9zb3elmeNGIjoY=
 github.com/hashicorp/go-hclog v1.6.3 h1:Qr2kF+eVWjTiYmU7Y31tYlP1h0q/X3Nl3tPGdaB11/k=
 github.com/hashicorp/go-hclog v1.6.3/go.mod h1:W4Qnvbt70Wk/zYJryRzDRU/4r0kIg0PVHBcfoyhpF5M=
-github.com/hashicorp/go-version v1.6.0 h1:feTTfFNnjP967rlCxM/I9g701jU+RN74YKx2mOkIeek=
-github.com/hashicorp/go-version v1.6.0/go.mod h1:fltr4n8CU8Ke44wwGCBoEymUuxUHl09ZGVZPK5anwXA=
 github.com/hashicorp/go-version v1.7.0 h1:5tqGy27NaOTB8yJKUZELlFAS/LTKJkrmONwQKeRZfjY=
 github.com/hashicorp/go-version v1.7.0/go.mod h1:fltr4n8CU8Ke44wwGCBoEymUuxUHl09ZGVZPK5anwXA=
 github.com/hashicorp/hcl/v2 v2.20.1 h1:M6hgdyz7HYt1UN9e61j+qKJBqR3orTWbI1HKBJEdxtc=

pkg/check/cosign/check.go

@@ -23,6 +23,9 @@ import (
 	"os"
 	"os/exec"
 	"strings"
+
+	"github.com/hashicorp/go-hclog"
+	"github.com/tofuutils/tenv/pkg/loghelper"
 )
 
 const (
@@ -35,7 +38,7 @@ var (
 	ErrNotInstalled = errors.New("cosign executable not found")
 )
 
-func Check(data []byte, dataSig []byte, dataCert []byte, certIdentity string, certOidcIssuer string) error {
+func Check(data []byte, dataSig []byte, dataCert []byte, certIdentity string, certOidcIssuer string, displayer loghelper.Displayer) error {
 	_, err := exec.LookPath(cosignExecName)
 	if err != nil {
 		return ErrNotInstalled
@@ -63,9 +66,19 @@ func Check(data []byte, dataSig []byte, dataCert []byte, certIdentity string, ce
 		"verify-blob", "--certificate-identity", certIdentity, "--signature", dataSigFileName, "--certificate", dataCertFileName,
 		"--certificate-oidc-issuer", certOidcIssuer, dataFileName,
 	}
+
+	var outBuffer, errBuffer strings.Builder
 	cmd := exec.Command(cosignExecName, cmdArgs...)
+	cmd.Stdout = &outBuffer
+	cmd.Stderr = &errBuffer
+
+	cmd.Run() //nolint
+
+	stdOutContent, stdErrContent := outBuffer.String(), errBuffer.String()
+
+	displayer.Log(hclog.Debug, "cosign output", "stdOut", stdOutContent, "stdErr", stdErrContent)
 
-	if returnedData, _ := cmd.CombinedOutput(); !strings.Contains(string(returnedData), verified) {
+	if !strings.Contains(stdErrContent, verified) {
 		return ErrCheck
 	}
 

pkg/check/cosign/check_test.go

@@ -23,6 +23,7 @@ import (
 	"testing"
 
 	cosigncheck "github.com/tofuutils/tenv/pkg/check/cosign"
+	"github.com/tofuutils/tenv/pkg/loghelper"
 )
 
 const (
@@ -44,31 +45,31 @@ var dataCert []byte
  */
 
 func TestCosignCheckCorrect(t *testing.T) { //nolint
-	if err := cosigncheck.Check(data, dataSig, dataCert, identity, issuer); err != nil {
+	if err := cosigncheck.Check(data, dataSig, dataCert, identity, issuer, loghelper.InertDisplayer); err != nil {
 		t.Error("Unexpected error :", err)
 	}
 }
 
 func TestCosignCheckErrorCert(t *testing.T) { //nolint
-	if cosigncheck.Check(data, dataSig, dataCert[1:], identity, issuer) == nil {
+	if cosigncheck.Check(data, dataSig, dataCert[1:], identity, issuer, loghelper.InertDisplayer) == nil {
 		t.Error("Should fail on erroneous certificate")
 	}
 }
 
 func TestCosignCheckErrorIdentity(t *testing.T) { //nolint
-	if cosigncheck.Check(data, dataSig, dataCert, "me", issuer) == nil {
+	if cosigncheck.Check(data, dataSig, dataCert, "me", issuer, loghelper.InertDisplayer) == nil {
 		t.Error("Should fail on erroneous issuer")
 	}
 }
 
 func TestCosignCheckErrorIssuer(t *testing.T) { //nolint
-	if cosigncheck.Check(data, dataSig, dataCert, identity, "http://myself.com") == nil {
+	if cosigncheck.Check(data, dataSig, dataCert, identity, "http://myself.com", loghelper.InertDisplayer) == nil {
 		t.Error("Should fail on erroneous issuer")
 	}
 }
 
 func TestCosignCheckErrorSig(t *testing.T) { //nolint
-	if cosigncheck.Check(data, dataSig[1:], dataCert, identity, issuer) == nil {
+	if cosigncheck.Check(data, dataSig[1:], dataCert, identity, issuer, loghelper.InertDisplayer) == nil {
 		t.Error("Should fail on erroneous signature")
 	}
 }

pkg/lockfile/lockfile_test.go

@@ -26,7 +26,6 @@ import (
 	"testing"
 	"time"
 
-	"github.com/hashicorp/go-hclog"
 	"github.com/tofuutils/tenv/pkg/lockfile"
 	"github.com/tofuutils/tenv/pkg/loghelper"
 )
@@ -43,10 +42,6 @@ var data3 []byte
 func TestParallelWriteRead(t *testing.T) {
 	parallelDirPath := filepath.Join(os.TempDir(), "parallel")
 	parallelFilePath := filepath.Join(parallelDirPath, "rw_test")
-	appLogger := hclog.New(&hclog.LoggerOptions{
-		Name: "lockfile_test", Level: hclog.Off,
-	})
-	displayer := loghelper.MakeBasicDisplayer(appLogger, loghelper.NoDisplay)
 
 	err := os.RemoveAll(parallelDirPath)
 	if err != nil {
@@ -65,15 +60,15 @@ func TestParallelWriteRead(t *testing.T) {
 	var res1, res2, res3 []byte
 	done1, done2, done3 := make(chan struct{}), make(chan struct{}), make(chan struct{})
 	go func() {
-		res1, err1 = writeReadFile(parallelDirPath, parallelFilePath, data1, displayer)
+		res1, err1 = writeReadFile(parallelDirPath, parallelFilePath, data1, loghelper.InertDisplayer)
 		done1 <- struct{}{}
 	}()
 	go func() {
-		res2, err2 = writeReadFile(parallelDirPath, parallelFilePath, data2, displayer)
+		res2, err2 = writeReadFile(parallelDirPath, parallelFilePath, data2, loghelper.InertDisplayer)
 		done2 <- struct{}{}
 	}()
 	go func() {
-		res3, err3 = writeReadFile(parallelDirPath, parallelFilePath, data3, displayer)
+		res3, err3 = writeReadFile(parallelDirPath, parallelFilePath, data3, loghelper.InertDisplayer)
 		done3 <- struct{}{}
 	}()
 

pkg/loghelper/loghelper.go

@@ -29,6 +29,8 @@ import (
 
 const Error = "error"
 
+var InertDisplayer inertDisplayer //nolint
+
 type Displayer interface {
 	Display(msg string)
 	IsDebug() bool
@@ -60,6 +62,21 @@ func (bd BasicDisplayer) Log(level hclog.Level, msg string, args ...any) {
 func (bd BasicDisplayer) Flush(bool) {
 }
 
+type inertDisplayer struct{}
+
+func (inertDisplayer) Display(_ string) {
+}
+
+func (inertDisplayer) IsDebug() bool {
+	return false
+}
+
+func (inertDisplayer) Log(_ hclog.Level, _ string, _ ...any) {
+}
+
+func (inertDisplayer) Flush(bool) {
+}
+
 type logWrapper struct {
 	Displayer
 }
@@ -138,8 +155,6 @@ func LevelWarnOrDebug(debug bool) hclog.Level {
 	return hclog.Warn
 }
 
-func NoDisplay(string) {}
-
 func StdDisplay(msg string) {
 	fmt.Println(msg) //nolint
 }

versionmanager/retriever/tofu/tofuretriever.go

@@ -158,7 +158,7 @@ func (r TofuRetriever) checkSumAndSig(version *version.Version, stable bool, dat
 	}
 
 	identity := buildIdentity(version)
-	err = cosigncheck.Check(dataSums, dataSumsSig, dataSumsCert, identity, issuer)
+	err = cosigncheck.Check(dataSums, dataSumsSig, dataSumsCert, identity, issuer, r.conf.Displayer)
 	if err == nil || err != cosigncheck.ErrNotInstalled {
 		return err
 	}