refining the output

joejstuart · joejstuart · commit ee5a9173a9a8 · 2025-11-06T16:18:28.000-06:00
diff --git a/cmd/validate/vsa.go b/cmd/validate/vsa.go
@@ -968,29 +968,6 @@ func displayFallbackImageSection(allData AllSectionsData, vsaData *validateVSADa
 	return err
 }
 
-// displayFinalSummarySection - Displays final SUMMARY section
-func displayFinalSummarySection(data AllSectionsData) {
-	fmt.Println("=== SUMMARY ===")
-	fmt.Printf("Images: %d\n", data.TotalImages)
-	fmt.Printf("VSA Passed: %d  |  VSA Failed: %d\n", data.VSAPassed, data.VSAFailed)
-
-	// Fallback summary
-	if data.FallbackUsed {
-		fmt.Printf("Fallback: PASSED %d  |  FAILED %d", data.FallbackPassed, data.FallbackFailed)
-		if data.FallbackNotUsed > 0 {
-			fmt.Printf("  |  NOT USED %d", data.FallbackNotUsed)
-		}
-		fmt.Println()
-	}
-
-	// Overall result
-	if data.OverallPassed {
-		fmt.Println("Overall Result: ✅ PASSED")
-	} else {
-		fmt.Println("Overall Result: ❌ FAILED")
-	}
-}
-
 // displayComponentResults displays the validation results for each component
 // Uses the new modular section-based approach
 func displayComponentResults(allResults []vsa.ComponentResult, data *validateVSAData, cmd *cobra.Command) error {
@@ -1020,7 +997,9 @@ func displayComponentResults(allResults []vsa.ComponentResult, data *validateVSA
 		fmt.Println()
 	}
 
-	displayFinalSummarySection(allData)
+	if allData.FallbackUsed {
+		fmt.Println("=== Fallback Summary (validate image) ===")
+	}
 
 	return nil
 }
diff --git a/cmd/validate/vsa_test.go b/cmd/validate/vsa_test.go
@@ -2389,249 +2389,6 @@ func TestCreateErrorResult(t *testing.T) {
 	assert.Equal(t, component.Name, result.ComponentName)
 	assert.Equal(t, component.ContainerImage, result.ImageRef)
 	assert.Equal(t, err, result.Error)
-
-	// Result should be created from error for proper display
-	assert.NotNil(t, result.Result)
-	assert.False(t, result.Result.Passed)
-	assert.Equal(t, "test error", result.Result.Message)
-	assert.False(t, result.Result.SignatureVerified)
-	assert.Equal(t, "retrieval_failed", result.Result.ReasonCode)
-
+	assert.Nil(t, result.Result)
 	assert.Nil(t, result.FallbackResult)
 }
-
-// TestCreateValidationResultFromError tests the createValidationResultFromError helper function
-func TestCreateValidationResultFromError(t *testing.T) {
-	tests := []struct {
-		name       string
-		err        error
-		wantNil    bool
-		wantReason string
-		wantMsg    string
-	}{
-		{
-			name:       "nil error",
-			err:        nil,
-			wantNil:    true,
-			wantReason: "",
-			wantMsg:    "",
-		},
-		{
-			name:       "timeout error",
-			err:        errors.New("exceeded allowed execution time of 5m0s"),
-			wantNil:    false,
-			wantReason: "retrieval_failed",
-			wantMsg:    "exceeded allowed execution time of 5m0s",
-		},
-		{
-			name:       "timeout error variant",
-			err:        errors.New("timeout occurred"),
-			wantNil:    false,
-			wantReason: "retrieval_failed",
-			wantMsg:    "timeout occurred",
-		},
-		{
-			name:       "no entries found error",
-			err:        errors.New("no entries found in Rekor"),
-			wantNil:    false,
-			wantReason: "no_vsa",
-			wantMsg:    "no entries found in Rekor",
-		},
-		{
-			name:       "not found error",
-			err:        errors.New("VSA not found"),
-			wantNil:    false,
-			wantReason: "no_vsa",
-			wantMsg:    "VSA not found",
-		},
-		{
-			name:       "signature error",
-			err:        errors.New("signature verification failed"),
-			wantNil:    false,
-			wantReason: "retrieval_failed",
-			wantMsg:    "signature verification failed",
-		},
-		{
-			name:       "generic error",
-			err:        errors.New("generic error message"),
-			wantNil:    false,
-			wantReason: "retrieval_failed",
-			wantMsg:    "generic error message",
-		},
-	}
-
-	for _, tt := range tests {
-		t.Run(tt.name, func(t *testing.T) {
-			result := createValidationResultFromError(tt.err)
-
-			if tt.wantNil {
-				assert.Nil(t, result)
-			} else {
-				assert.NotNil(t, result)
-				assert.False(t, result.Passed)
-				assert.Equal(t, tt.wantMsg, result.Message)
-				assert.False(t, result.SignatureVerified)
-				assert.Equal(t, tt.wantReason, result.ReasonCode)
-				assert.Empty(t, result.PredicateOutcome)
-			}
-		})
-	}
-}
-
-// TestAggregateAllSectionsData_ErrorHandling tests the error handling path in aggregateAllSectionsData
-func TestAggregateAllSectionsData_ErrorHandling(t *testing.T) {
-	tests := []struct {
-		name          string
-		results       []vsa.ComponentResult
-		wantVSAFailed int
-		wantVSAStatus string
-		wantSigStatus string
-		wantFallback  bool
-	}{
-		{
-			name: "error with no result",
-			results: []vsa.ComponentResult{
-				{
-					ComponentName: "test-component",
-					ImageRef:      "registry.com/image@sha256:12345678",
-					Error:         errors.New("VSA validation failed: timeout"),
-					Result:        nil,
-				},
-			},
-			wantVSAFailed: 1,
-			wantVSAStatus: "FAILED(reason=unknown)", // extractReasonFromMessage doesn't match "timeout" exactly
-			wantSigStatus: "NOT VERIFIED",
-			wantFallback:  false,
-		},
-		{
-			name: "error with result",
-			results: []vsa.ComponentResult{
-				{
-					ComponentName: "test-component",
-					ImageRef:      "registry.com/image@sha256:12345678",
-					Error:         errors.New("VSA validation failed"),
-					Result: &vsa.ValidationResult{
-						Passed:            false,
-						Message:           "timeout",
-						SignatureVerified: false,
-						ReasonCode:        "retrieval_failed",
-					},
-				},
-			},
-			wantVSAFailed: 1,
-			wantVSAStatus: "FAILED(reason=retrieval failed)", // Uses ReasonCode which maps to "retrieval failed"
-			wantSigStatus: "NOT VERIFIED",
-			wantFallback:  false,
-		},
-		{
-			name: "error with fallback result",
-			results: []vsa.ComponentResult{
-				{
-					ComponentName: "test-component",
-					ImageRef:      "registry.com/image@sha256:12345678",
-					Error:         nil,
-					Result: &vsa.ValidationResult{
-						Passed:            false,
-						Message:           "no VSA found",
-						SignatureVerified: false,
-						ReasonCode:        "no_vsa",
-					},
-					FallbackResult: &validate_utils.Result{
-						Component: applicationsnapshot.Component{
-							SnapshotComponent: app.SnapshotComponent{
-								Name: "test-component",
-							},
-							Success: true,
-						},
-					},
-				},
-			},
-			wantVSAFailed: 1,
-			wantVSAStatus: "FAILED(reason=no vsa)",
-			wantSigStatus: "NOT VERIFIED",
-			wantFallback:  true,
-		},
-		{
-			name: "mixed results",
-			results: []vsa.ComponentResult{
-				{
-					ComponentName: "component-1",
-					ImageRef:      "registry.com/image1@sha256:11111111",
-					Error:         errors.New("timeout"),
-					Result:        nil,
-				},
-				{
-					ComponentName: "component-2",
-					ImageRef:      "registry.com/image2@sha256:22222222",
-					Error:         nil,
-					Result: &vsa.ValidationResult{
-						Passed:            true,
-						SignatureVerified: true,
-					},
-				},
-			},
-			wantVSAFailed: 1,
-			wantVSAStatus: "FAILED(reason=unknown)", // extractReasonFromMessage doesn't match "timeout" exactly // First component
-			wantSigStatus: "NOT VERIFIED",           // Should be NOT VERIFIED due to first component
-			wantFallback:  false,
-		},
-	}
-
-	for _, tt := range tests {
-		t.Run(tt.name, func(t *testing.T) {
-			data := aggregateAllSectionsData(tt.results)
-
-			assert.Equal(t, len(tt.results), data.TotalImages)
-			assert.Equal(t, tt.wantVSAFailed, data.VSAFailed)
-			assert.Equal(t, tt.wantSigStatus, data.SignatureStatus)
-			assert.Equal(t, tt.wantFallback, data.FallbackUsed)
-
-			if len(data.ImageStatuses) > 0 {
-				// Check first image status
-				assert.Contains(t, data.ImageStatuses[0].VSAStatus, "FAILED")
-				if tt.wantVSAStatus != "" {
-					assert.Equal(t, tt.wantVSAStatus, data.ImageStatuses[0].VSAStatus)
-				}
-			}
-		})
-	}
-}
-
-// TestProcessSnapshotComponentWithWorkerContext_ErrorHandling tests error handling with fallback
-// This test verifies that when VSA validation fails, a ValidationResult is created from the error
-// and fallback is checked before returning the error
-func TestProcessSnapshotComponentWithWorkerContext_ErrorHandling(t *testing.T) {
-	ctx := context.Background()
-
-	// Create a component with valid image reference
-	component := app.SnapshotComponent{
-		Name:           "test-component",
-		ContainerImage: "registry.com/image@sha256:1234567890abcdef1234567890abcdef1234567890abcdef1234567890abcdef",
-	}
-
-	// Create data with fallback enabled
-	// Note: We don't set a retriever, so performVSAValidation will fail when trying to validate
-	// This tests the error handling path where an error occurs during VSA validation
-	data := &validateVSAData{
-		fallbackToImageValidation: true,
-		policySpec:                ecapi.EnterpriseContractPolicySpec{},
-		effectiveTime:             "now",
-		retriever:                 nil, // No retriever - will cause error in performVSAValidation
-	}
-
-	// Test with fallback enabled but no worker context
-	// This will fail at performVSAValidation due to nil retriever, but should create a ValidationResult
-	result := processSnapshotComponentWithWorkerContext(ctx, component, data, nil)
-
-	// Should have error and result set (even though validation failed)
-	// Note: This test may hit different error paths depending on initialization
-	// The key is that if there's an error, a ValidationResult should be created
-	if result.Error != nil {
-		// If error occurs, ValidationResult should be created for display
-		if result.Result != nil {
-			assert.False(t, result.Result.Passed)
-		}
-		// Error message may vary (VSA validation failed, fallback context not initialized, etc.)
-		assert.NotEmpty(t, result.Error.Error())
-	}
-}
