fix lint errors

Author: joejstuart

cmd/validate/vsa.go

@@ -52,24 +52,16 @@ const (
 	DefaultFallbackEnabled = true
 )
 
-// Helper functions for color-aware output
-func printVSAStatus(w io.Writer, message string, status string) {
-	if utils.ColorEnabled {
-		// No emojis - just output the message
-		fmt.Fprintf(w, "%s\n", message)
-	} else {
-		fmt.Fprintf(w, "[%s] %s\n", strings.ToUpper(status), message)
-	}
-}
+// Constants for validation status
+const (
+	unknownReason = "unknown"
+)
 
+// Helper function for color-aware output
 func printVSAInfo(w io.Writer, message string) {
 	fmt.Fprintf(w, "[INFO] %s\n", message)
 }
 
-func printVSAWarning(w io.Writer, message string) {
-	fmt.Fprintf(w, "[WARNING] %s\n", message)
-}
-
 // validateVSAData holds the command data
 type validateVSAData struct {
 	// Input options
@@ -592,7 +584,7 @@ func shortenImageDigest(imageRef string) string {
 // extractFallbackReason extracts the reason for fallback from ValidationResult
 func extractFallbackReason(result *vsa.ValidationResult) string {
 	if result == nil {
-		return "unknown"
+		return unknownReason
 	}
 
 	message := result.Message
@@ -612,7 +604,7 @@ func extractFallbackReason(result *vsa.ValidationResult) string {
 		return "retrieval failed"
 	}
 
-	return "unknown"
+	return unknownReason
 }
 
 // parsePolicyDiffFromMessage extracts policy diff counts from formatted message
@@ -643,6 +635,44 @@ func parsePolicyDiffFromMessage(message string) (added, removed, changed int, ha
 	return added, removed, changed, true
 }
 
+// processVSAResult processes a VSA validation result and updates the image status and aggregated data
+func processVSAResult(vsaResult *vsa.ValidationResult, imgStatus *ImageStatus, data *AllSectionsData, shortDigest string) {
+	if vsaResult.Passed {
+		imgStatus.VSAStatus = "PASSED"
+		data.VSAPassed++
+	} else {
+		reason := extractFallbackReason(vsaResult)
+		imgStatus.VSAStatus = fmt.Sprintf("FAILED(reason=%s)", reason)
+		data.VSAFailed++
+		data.FallbackReasons[reason] = true
+	}
+
+	// Aggregate signature status
+	if !vsaResult.SignatureVerified {
+		data.SignatureStatus = "NOT VERIFIED"
+	}
+
+	// Aggregate predicate status
+	if vsaResult.PredicateOutcome == "passed" {
+		data.PredicatePassed++
+	} else if vsaResult.PredicateOutcome != "" {
+		data.PredicateFailed++
+	}
+
+	// Check for policy diff (parse from message once)
+	if strings.Contains(vsaResult.Message, "Policy mismatch") {
+		data.HasPolicyDiff = true
+		data.AffectedImages = append(data.AffectedImages, shortDigest)
+		added, removed, changed, _ := parsePolicyDiffFromMessage(vsaResult.Message)
+		data.PolicyDiffCounts[shortDigest] = PolicyDiffCounts{
+			Added: added, Removed: removed, Changed: changed,
+		}
+		data.PolicyMismatches++
+	} else if vsaResult.Passed {
+		data.PolicyMatches++
+	}
+}
+
 // aggregateAllSectionsData - Single pass aggregation, collects all data needed
 func aggregateAllSectionsData(allResults []vsa.ComponentResult) AllSectionsData {
 	data := AllSectionsData{
@@ -664,40 +694,7 @@ func aggregateAllSectionsData(allResults []vsa.ComponentResult) AllSectionsData
 
 		// Process VSA result
 		if result.Result != nil {
-			if result.Result.Passed {
-				imgStatus.VSAStatus = "PASSED"
-				data.VSAPassed++
-			} else {
-				reason := extractFallbackReason(result.Result)
-				imgStatus.VSAStatus = fmt.Sprintf("FAILED(reason=%s)", reason)
-				data.VSAFailed++
-				data.FallbackReasons[reason] = true
-			}
-
-			// Aggregate signature status
-			if !result.Result.SignatureVerified {
-				data.SignatureStatus = "NOT VERIFIED"
-			}
-
-			// Aggregate predicate status
-			if result.Result.PredicateOutcome == "passed" {
-				data.PredicatePassed++
-			} else if result.Result.PredicateOutcome != "" {
-				data.PredicateFailed++
-			}
-
-			// Check for policy diff (parse from message once)
-			if strings.Contains(result.Result.Message, "Policy mismatch") {
-				data.HasPolicyDiff = true
-				data.AffectedImages = append(data.AffectedImages, shortDigest)
-				added, removed, changed, _ := parsePolicyDiffFromMessage(result.Result.Message)
-				data.PolicyDiffCounts[shortDigest] = PolicyDiffCounts{
-					Added: added, Removed: removed, Changed: changed,
-				}
-				data.PolicyMismatches++
-			} else if result.Result.Passed {
-				data.PolicyMatches++
-			}
+			processVSAResult(result.Result, &imgStatus, &data, shortDigest)
 		}
 
 		// Handle fallback
@@ -947,95 +944,6 @@ func displayComponentResults(allResults []vsa.ComponentResult, data *validateVSA
 	return nil
 }
 
-// displayFallbackResult displays fallback validation results
-// It shows VSA result first (why fallback was triggered), then the fallback image validation result
-func displayFallbackResult(result vsa.ComponentResult, data *validateVSAData) {
-	// Display VSA result first (shows why fallback was triggered)
-	if result.Result != nil {
-		displayVSAFailureResult(result, data)
-	}
-
-	// Then display fallback image validation result
-	printVSAInfo(os.Stdout, "  🔄 Fallback validation used")
-	if result.FallbackResult != nil {
-		displayImageValidationResult(*result.FallbackResult)
-	} else {
-		printVSAWarning(os.Stdout, "  No fallback result available")
-	}
-}
-
-// displayImageValidationResult displays image validation results from a validate_utils.Result
-// This matches the format used by the validate image command
-func displayImageValidationResult(result validate_utils.Result) {
-	if result.Err != nil {
-		printVSAStatus(os.Stdout, fmt.Sprintf("  Image validation error: %v", result.Err), "failure")
-		return
-	}
-
-	component := result.Component
-
-	// Display overall status
-	if component.Success {
-		printVSAStatus(os.Stdout, "  Image validation passed", "success")
-	} else {
-		printVSAStatus(os.Stdout, "  ❌ Image validation failed", "failure")
-	}
-
-	// Display summary counts
-	if len(component.Violations) > 0 || len(component.Warnings) > 0 || component.SuccessCount > 0 {
-		printVSAInfo(os.Stdout, fmt.Sprintf("    Violations: %d, Warnings: %d, Successes: %d",
-			len(component.Violations), len(component.Warnings), component.SuccessCount))
-	}
-
-	// Display violations
-	if len(component.Violations) > 0 {
-		for _, violation := range component.Violations {
-			code := "unknown"
-			if c, ok := violation.Metadata["code"]; ok {
-				code = fmt.Sprintf("%v", c)
-			}
-			printVSAStatus(os.Stdout, fmt.Sprintf("    [Violation] %s: %s", code, violation.Message), "failure")
-		}
-	}
-
-	// Display warnings
-	if len(component.Warnings) > 0 {
-		for _, warning := range component.Warnings {
-			code := "unknown"
-			if c, ok := warning.Metadata["code"]; ok {
-				code = fmt.Sprintf("%v", c)
-			}
-			printVSAWarning(os.Stdout, fmt.Sprintf("    [Warning] %s: %s", code, warning.Message))
-		}
-	}
-}
-
-// displayVSASuccessResult displays VSA success results
-func displayVSASuccessResult(result vsa.ComponentResult, data *validateVSAData) {
-	printVSAStatus(os.Stdout, fmt.Sprintf("Passed: %s", result.Result.Message), "success")
-	if result.Result.SignatureVerified {
-		printVSAInfo(os.Stdout, "   🔐 Signature verified")
-	} else if !data.ignoreSignatureVerification {
-		printVSAWarning(os.Stdout, "   Signature verification requested but not performed")
-	}
-	if result.Result.PredicateOutcome != "" {
-		printVSAInfo(os.Stdout, fmt.Sprintf("   Predicate Status: %s", result.Result.PredicateOutcome))
-	}
-}
-
-// displayVSAFailureResult displays VSA failure results
-func displayVSAFailureResult(result vsa.ComponentResult, data *validateVSAData) {
-	if result.Result.SignatureVerified {
-		printVSAInfo(os.Stdout, "  🔐 Signature verified")
-	} else if !data.ignoreSignatureVerification {
-		printVSAWarning(os.Stdout, "Signature verification requested but not performed")
-	}
-	if result.Result.PredicateOutcome != "" {
-		printVSAInfo(os.Stdout, fmt.Sprintf("  Predicate Status: %s", result.Result.PredicateOutcome))
-	}
-	printVSAStatus(os.Stdout, fmt.Sprintf("Failed: %s", result.Result.Message), "failure")
-}
-
 // handleSnapshotOutput handles output formatting for snapshot validation
 // When fallback components exist, it uses WriteReport (same format as validate image command)
 // Otherwise, it uses the VSA report format to avoid conflicts
@@ -1098,7 +1006,7 @@ func handleSnapshotOutput(allResults []vsa.ComponentResult, data *validateVSADat
 	}
 
 	// No fallback components - use VSA report format
-	report := createVSAReport(allResults, data)
+	report := createVSAReport(allResults)
 	return writeOutputToFormats(report, data, fs)
 }
 
@@ -1338,14 +1246,20 @@ func (r *VSAReport) PrintText(writer io.Writer) error {
 
 		if result.Error != nil {
 			fmt.Fprintf(writer, "  Error: %v\n", result.Error)
-		} else if result.FallbackResult != nil {
+			continue
+		}
+
+		if result.FallbackResult != nil {
 			fmt.Fprintf(writer, "  Fallback used\n")
 			if result.FallbackResult.Component.Success {
 				fmt.Fprintf(writer, "  Fallback succeeded\n")
 			} else {
 				fmt.Fprintf(writer, "  Fallback failed\n")
 			}
-		} else if result.Result != nil {
+			continue
+		}
+
+		if result.Result != nil {
 			if result.Result.Passed {
 				fmt.Fprintf(writer, "  VSA validation passed\n")
 			} else {
@@ -1403,25 +1317,33 @@ func writeOutputToFormats(formatter OutputFormatter, data *validateVSAData, fs a
 }
 
 // createVSAReport creates a report structure from VSA validation results
-func createVSAReport(results []vsa.ComponentResult, data *validateVSAData) *VSAReport {
+func createVSAReport(results []vsa.ComponentResult) *VSAReport {
 	successCount := 0
 	failureCount := 0
 	fallbackCount := 0
 
 	for _, result := range results {
 		if result.Error != nil {
 			failureCount++
-		} else if result.FallbackResult != nil {
+			continue
+		}
+
+		if result.FallbackResult != nil {
 			fallbackCount++
 			if result.FallbackResult.Component.Success {
 				successCount++
 			} else {
 				failureCount++
 			}
-		} else if result.Result != nil && result.Result.Passed {
-			successCount++
-		} else if result.Result != nil && !result.Result.Passed {
-			failureCount++
+			continue
+		}
+
+		if result.Result != nil {
+			if result.Result.Passed {
+				successCount++
+			} else {
+				failureCount++
+			}
 		}
 	}
 

cmd/validate/vsa_test.go

@@ -1410,30 +1410,19 @@ func TestOutputVSAWithUnifiedResults(t *testing.T) {
 
 			// outputVSAWithUnifiedResults was removed - output is now handled via handleSnapshotOutput
 			// in the unified path. Test the unified output handling instead.
-			// Create a ComponentResult with unified result to test output handling
-			// Create a minimal component for testing
-			comp := app.SnapshotComponent{
-				Name:           "test-component",
-				ContainerImage: "test-image",
-			}
-			unifiedResult := vsa.BuildUnifiedValidationResult(
-				tt.vsaResult,
-				tt.fallbackOutput,
-				nil, // fallbackErr
-				comp,
-				true, // usedFallback
-				tt.data.vsaIdentifier,
-				false,      // showSuccesses
-				[]string{}, // outputFormats
-			)
+			// Create ComponentResult with Result for VSA validation
+			// Since handleSnapshotOutput uses FallbackResult when set, we'll use Result for VSA-only path
 			componentResult := vsa.ComponentResult{
 				ComponentName: "test-component",
 				ImageRef:      "test-image",
-				UnifiedResult: unifiedResult,
+				Result:        tt.vsaResult,
 			}
 
+			// Create a mock command for handleSnapshotOutput
+			cmd := &cobra.Command{Use: "test"}
+
 			// Test handleSnapshotOutput which is the new unified output path
-			err := handleSnapshotOutput([]vsa.ComponentResult{componentResult}, tt.data, testFS)
+			err := handleSnapshotOutput([]vsa.ComponentResult{componentResult}, tt.data, testFS, cmd)
 
 			if tt.expectError {
 				assert.Error(t, err)
@@ -1700,18 +1689,14 @@ func TestCreateVSAReport(t *testing.T) {
 		{
 			ComponentName: "component-3",
 			ImageRef:      "postgres:latest",
-			UnifiedResult: &vsa.VSAValidationResult{
-				OverallSuccess: true,
-				UsedFallback:   true,
+			Result: &vsa.ValidationResult{
+				Passed:  true,
+				Message: "VSA validation passed with fallback",
 			},
 		},
 	}
 
-	data := &validateVSAData{
-		vsaIdentifier: "test-vsa-id",
-	}
-
-	report := createVSAReport(results, data)
+	report := createVSAReport(results)
 
 	// Verify report structure
 	assert.NotNil(t, report)
@@ -2023,7 +2008,7 @@ func TestCreateVSAReport_EdgeCases(t *testing.T) {
 
 	for _, tt := range tests {
 		t.Run(tt.name, func(t *testing.T) {
-			report := createVSAReport(tt.results, tt.data)
+			report := createVSAReport(tt.results)
 
 			assert.NotNil(t, report)