Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

doc: proposal for error message improvements #1662

Merged
merged 8 commits into from
Aug 8, 2024

Conversation

yizha1
Copy link
Collaborator

@yizha1 yizha1 commented Jul 28, 2024

Description

What this PR does / why we need it:

Which issue(s) this PR fixes (optional, using fixes #<issue number>(, fixes #<issue_number>, ...) format, will close the issue(s) when the PR gets merged):

Proposal for issue #1321

Type of change

Please delete options that are not relevant.

  • Bug fix (non-breaking change which fixes an issue)
  • New feature (non-breaking change which adds functionality)
  • Breaking change (fix or feature that would cause existing functionality to not work as expected)
  • Helm Chart Change (any edit/addition/update that is necessary for changes merged to the main branch)
  • This change requires a documentation update

How Has This Been Tested?

Please describe the tests that you ran to verify your changes. Please also list any relevant details for your test configuration

  • Test A
  • Test B

Checklist:

  • Does the affected code have corresponding tests?
  • Are the changes documented, not just with inline documentation, but also with conceptual documentation such as an overview of a new feature, or task-based documentation like a tutorial? Consider if this change should be announced on your project blog.
  • Does this introduce breaking changes that would require an announcement or bumping the major version?
  • Do all new files have appropriate license header?

Post Merge Requirements

  • MAINTAINERS: manually trigger the "Publish Package" workflow after merging any PR that indicates Helm Chart Change

Copy link

codecov bot commented Jul 28, 2024

Codecov Report

All modified and coverable lines are covered by tests ✅

yizha1 added 4 commits July 28, 2024 22:31
Signed-off-by: Yi Zha <[email protected]>
Signed-off-by: Yi Zha <[email protected]>
Signed-off-by: Yi Zha <[email protected]>
Signed-off-by: Yi Zha <[email protected]>
@yizha1 yizha1 marked this pull request as ready for review July 29, 2024 14:04
docs/proposals/Error-Messages-Improvements.md Outdated Show resolved Hide resolved
docs/proposals/Error-Messages-Improvements.md Outdated Show resolved Hide resolved
docs/proposals/Error-Messages-Improvements.md Outdated Show resolved Hide resolved
For the above first example, the error message in the Ratify log can be improved to:

```text
REPOSITORY_OPERATION_FAILURE: Failed to resolve the artifact descriptor: HEAD "https://roacr.azurecr.io/v2/net-monitor/manifests/v2": GET "https://roacr.azurecr.io/oauth2/token?
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This example is also confusing. Why are they two HTTP requests (HEAD and GET) and how is this helping the user understand what the reason is (if this is meant to explain the reason)?

Also, having everything lowercase makes those messages really hard to read because it is not clear where a sentence ends and starts.

Copy link
Collaborator Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@toddysm This message (HEAD and GET) was returned by ACR in this example. The ACR responded with an error and the response message was printed out. If we do not print out server response, we do not know what happened and the reason. In this case, the 401 unauthorized was also included in the message.

Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Passing through errors is not a user-friendly practice. We need to catch the error from ACR and wrap it into something meaningful\ for the user of Rarify. The user of Ratify may have no knowledge of where the artifact is and even not know what artifact descriptor is. We need to provide meaningful message for the user of Ratyify and not the user of ACR.

docs/proposals/Error-Messages-Improvements.md Outdated Show resolved Hide resolved
docs/proposals/Error-Messages-Improvements.md Outdated Show resolved Hide resolved
@susanshi
Copy link
Collaborator

@fseldow , could you take a look thanks!

"isSuccess": false,
"message": "NO_VERIFIER_REPORT: Failed to verify artifact docker.io/library/hello-world@sha256:1408fec50309afee38f3535383f5b09419e6dc0925bc69891e79d84cc4cdce6:
"errorReason": "No signature verification report is found."
"remediation": "The artifact was either not signed and should not be trusted, signed but missing a Verifier configuration for verification, or needs to be signed if it should be."
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

have one quick question. If we found the artifact was not signed, why the error reason is no signature verification report is found. It sounds more like verification failed or not signed

Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

That's good call. I think this proposal is mainly focusing on the overall format of the error, like what info should be printed in the log. For the specific message for each error, we'll handle it one by one.

Copy link
Collaborator Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@fseldow Updated. Please review it again.

@binbin-li binbin-li mentioned this pull request Jul 31, 2024
12 tasks
"isSuccess": false,
"message": "NO_VERIFIER_REPORT: Failed to verify artifact docker.io/library/hello-world@sha256:1408fec50309afee38f3535383f5b09419e6dc0925bc69891e79d84cc4cdce6:
"errorReason": "No signature verification report is found."
"remediation": "The artifact was either not signed and should not be trusted, signed but missing a Verifier configuration for verification, or needs to be signed if it should be."
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

another question, how can customer get the remediation msg? via kubectl logs ratify or constraint template violation msg?

Copy link
Collaborator Author

@yizha1 yizha1 Aug 1, 2024

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@fseldow as you said there are two ways, I prefer policy controller to customize the constraint template to use the remediation field, since it is not easy for users to identify the correct logs among many with kubectl logs

@binbin-li I think Ratify can also improve the current default constraint template to include the remediation message.

Copy link
Collaborator Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@fseldow Updated. Please review it again.

Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

#1669 I updated this issue to add tracking remediation in the CT.

Signed-off-by: Yi Zha <[email protected]>
@yizha1 yizha1 requested review from toddysm and fseldow August 1, 2024 09:26
@yizha1
Copy link
Collaborator Author

yizha1 commented Aug 1, 2024

@toddysm @fseldow would mind review it again? Thanks.

toddysm
toddysm previously approved these changes Aug 2, 2024
Copy link
Collaborator

@toddysm toddysm left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Please create new issue for wrapping the back-end (server) errors.

Signed-off-by: Yi Zha <[email protected]>
@yizha1
Copy link
Collaborator Author

yizha1 commented Aug 2, 2024

Please create new issue for wrapping the back-end (server) errors.

Created the issue: #1681

Copy link
Collaborator

@binbin-li binbin-li left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

lgtm

@binbin-li binbin-li enabled auto-merge August 8, 2024 00:15
@binbin-li binbin-li merged commit 1ecd579 into ratify-project:dev Aug 8, 2024
16 checks passed
@yizha1 yizha1 deleted the proposal_errorimprovements branch August 8, 2024 00:55
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

5 participants