cliplugin changes break cosign tests #1979
Description
Description
I was trying to update cosign sigstore/sigstore dependency and I ran into a few test failures that seems to be related to recent changes in #1956 . Those changes do not recognize anymore a "raw" keyref such as /path/to/key and thus a lot of cosign tests fail.
// getPluginExecutableAndKeyResourceID parses the inputKeyResourceID into the plugin executable and the actual keyResourceID.
func getPluginExecutableAndKeyResourceID(inputKeyResourceID string) (string, string, error) {
parts := strings.SplitN(inputKeyResourceID, "://", 2)
if len(parts) != 2 {
return "", "", fmt.Errorf("%w: expected format: [plugin name]://[key ref], got: %s", ErrorInputKeyResourceID, inputKeyResourceID)
}
pluginName, keyResourceID := parts[0], parts[1]
executable := PluginBinaryPrefix + pluginName
return executable, keyResourceID, nil
}
This function now errors out when you provide a regular path without any provider, but it does not return kms.ProviderNotFoundError, thus cosign (and maybe other clients) interpret that as an hard-failure.
I think one fix could be to return a kms.ProviderNotFoundError in that function (maybe we can add a msg field to the error, if we want to keep the error message like it is now.
Thoughts?
Version
cosign version ✘ 130
______ ______ _______. __ _______ .__ __.
/ | / __ \ / || | / _____|| \ | |
| ,----'| | | | | (----`| | | | __ | \| |
| | | | | | \ \ | | | | |_ | | . ` |
| `----.| `--' | .----) | | | | |__| | | |\ |
\______| \______/ |_______/ |__| \______| |__| \__|
cosign: A tool for Container Signing, Verification and Storage in an OCI registry.
GitVersion: 2.4.2
GitCommit: b6df9c777c365ce063a7e65075f2b08a3c76de2f
GitTreeState: "clean"
BuildDate: 2025-02-04T19:41:37Z
GoVersion: go1.23.6
Compiler: gc
Platform: darwin/arm64
but with github.com/sigstore/sigstore v1.8.14 in go.mod.