Improve error logs for notation sign #868
Description
What is not working as expected?
This issue summarizes the error messages of notation sign that I suggest improving in v1.1.x.
Sign an artifact with an non-existing signing key in a key vault
Current behavior and output:
$ notation sign localhost:5000/test-repo:v1 --signature-format cose --plugin wabbitnetworks-kv --id https://feynman-kv.vault.wabbit.net/keys/feynmankv-networks-io/6670ffa5cb694c49b1e0a6bb6bdefaaa
Warning: Always sign the artifact using digest(@sha256:...) rather than a tag(:v1) because tags are mutable and a tag reference can point to a different artifact than the one signed.
Error: describe-key command failed: ERROR: A certificate with (name/id) feynmankv-networks-io/versions/6670ffa5cb694c49b1e0a6bb6bdefaaa was not found in this key vault. If you recently deleted this certificate you may be able to recover it using the correct recovery command. For help resolving this issue, please see https://go.wabbit.net/fwlink/?linkid=2125182
Status: 404 (Not Found)
ErrorCode: CertificateNotFound
Content:
{"error":{"code":"CertificateNotFound","message":"A certificate with (name/id) feynmankv-networks-io/versions/6670ffa5cb694c49b1e0a6bb6bdefaaa was not found in this key vault. If you recently deleted this certificate you may be able to recover it using the correct recovery command. For help resolving this issue, please see https://go.wabbit.net/fwlink/?linkid=2125182"}}
Headers:
Cache-Control: no-cache
Pragma: no-cache
x-ms-keyvault-region: eastus
x-ms-client-request-id: a2923244-ed47-461b-9dc1-d0b9f4202788
x-ms-request-id: 96103d99-c372-449f-adba-8d24b7d5da7e
x-ms-keyvault-service-version: 1.9.1116.1
x-ms-keyvault-network-info: conn_type=Ipv4;addr=20.65.162.175;act_addr_fam=InterNetwork;
X-Content-Type-Options: REDACTED
Strict-Transport-Security: REDACTED
Date: Wed, 13 Dec 2023 07:27:33 GMT
Content-Length: 376
Content-Type: application/json; charset=utf-8
Expires: -1
Suggested error message:
$ notation sign localhost:5000/test-repo:v1 --signature-format cose --plugin wabbitnetworks-kv --id https://feynman-kv.vault.wabbit.net/keys/feynmankv-networks-io/6670ffa5cb694c49b1e0a6bb6bdefaaa
Warning: Always sign the artifact using digest(@sha256:...) rather than a tag(:v1) because tags are mutable and a tag reference can point to a different artifact than the one signed.
Error response from server: A certificate with (name/id) feynmankv-networks-io/versions/6670ffa5cb694c49b1e0a6bb6bdefaaa was not found in this key vault.
Please make sure the certificate is available in the key vault. Use "--verbose" to see detailed logs.
Sign an artifact with an error signature format parameter
Current behavior and output:
$ notation sign localhost:5000/test-repo:v1 --signature-format cosee
Error: signature format "cosee" not supported
Suggested error message:
$ notation sign localhost:5000/test-repo:v1 --signature-format dsse
Error: signature format "dsse" not supported
Please use the supported signature envelope format "jws" or "cose"
What did you expect to happen?
See above
How can we reproduce it?
See above
Describe your environment
Linux Ubuntu 22.06
What is the version of your Notation CLI or Notation Library?
v1.0.1