feat(policy): improve error messages (#2345)

Piskoo · migmartri · web-flow · commit 173a050c5554 · 2025-08-11T18:36:53.000+02:00
Signed-off-by: Sylwester Piskozub &lt;sylwesterpiskozub@gmail.com&gt;
Signed-off-by: Miguel Martinez Trivino &lt;miguel@chainloop.dev&gt;
Co-authored-by: Miguel Martinez Trivino &lt;miguel@chainloop.dev&gt;
diff --git a/app/cli/cmd/policy_develop_eval.go b/app/cli/cmd/policy_develop_eval.go
@@ -55,7 +55,7 @@ evaluates the policy against the provided material or attestation.`,
 
 			policyEval, err := action.NewPolicyEval(opts, actionOpts)
 			if err != nil {
-				return fmt.Errorf("failed to initialize policy evaluation: %w", err)
+				return err
 			}
 
 			result, err := policyEval.Run()
diff --git a/app/cli/cmd/policy_develop_lint.go b/app/cli/cmd/policy_develop_lint.go
@@ -40,7 +40,7 @@ func newPolicyDevelopLintCmd() *cobra.Command {
 		RunE: func(cmd *cobra.Command, _ []string) error {
 			a, err := action.NewPolicyLint(actionOpts)
 			if err != nil {
-				return fmt.Errorf("failed to initialize linter: %w", err)
+				return err
 			}
 
 			result, err := a.Run(cmd.Context(), &action.PolicyLintOpts{
@@ -49,7 +49,7 @@ func newPolicyDevelopLintCmd() *cobra.Command {
 				RegalConfig: regalConfig,
 			})
 			if err != nil {
-				return fmt.Errorf("linting policy: %w", err)
+				return err
 			}
 
 			if result.Valid {
diff --git a/app/cli/internal/action/policy_develop_eval.go b/app/cli/internal/action/policy_develop_eval.go
@@ -16,8 +16,6 @@
 package action
 
 import (
-	"fmt"
-
 	"github.com/chainloop-dev/chainloop/app/cli/internal/policydevel"
 )
 
@@ -62,7 +60,7 @@ func (action *PolicyEval) Run() ([]*PolicyEvalResult, error) {
 	// Evaluate policy
 	resp, err := policydevel.Evaluate(evalOpts, action.Logger)
 	if err != nil {
-		return nil, fmt.Errorf("evaluating policy: %w", err)
+		return nil, err
 	}
 
 	results := make([]*PolicyEvalResult, 0, len(resp))
diff --git a/app/cli/internal/action/policy_develop_lint.go b/app/cli/internal/action/policy_develop_lint.go
@@ -17,7 +17,6 @@ package action
 
 import (
 	"context"
-	"fmt"
 
 	"github.com/chainloop-dev/chainloop/app/cli/internal/policydevel"
 )
@@ -47,7 +46,7 @@ func (action *PolicyLint) Run(_ context.Context, opts *PolicyLintOpts) (*PolicyL
 	// Read policies
 	policy, err := policydevel.Lookup(opts.PolicyPath, opts.RegalConfig, opts.Format)
 	if err != nil {
-		return nil, fmt.Errorf("loading policy: %w", err)
+		return nil, err
 	}
 
 	// Run all validations
diff --git a/app/cli/internal/policydevel/lint.go b/app/cli/internal/policydevel/lint.go
@@ -85,15 +85,15 @@ func (p *PolicyToLint) AddError(path, message string, line int) {
 func Lookup(absPath, config string, format bool) (*PolicyToLint, error) {
 	resolvedPath, err := resourceloader.GetPathForResource(absPath)
 	if err != nil {
-		return nil, fmt.Errorf("failed to resolve policy file: %w", err)
+		return nil, err
 	}
 
 	fileInfo, err := os.Stat(resolvedPath)
 	if err != nil {
 		if os.IsNotExist(err) {
 			return nil, fmt.Errorf("policy file does not exist: %s", resolvedPath)
 		}
-		return nil, fmt.Errorf("failed to stat file %q: %w", resolvedPath, err)
+		return nil, err
 	}
 	if fileInfo.IsDir() {
 		return nil, fmt.Errorf("expected a file but got a directory: %s", resolvedPath)
@@ -142,14 +142,14 @@ func (p *PolicyToLint) loadReferencedRegoFiles(baseDir string) error {
 
 				resolvedPath, err := resourceloader.GetPathForResource(regoPath)
 				if err != nil {
-					return fmt.Errorf("failed to resolve rego file %q: %w", regoPath, err)
+					return err
 				}
 				if _, ok := seen[resolvedPath]; ok {
 					continue // avoid duplicates
 				}
 				seen[resolvedPath] = struct{}{}
 				if err := p.processFile(resolvedPath); err != nil {
-					return fmt.Errorf("failed to load referenced rego file %q: %w", resolvedPath, err)
+					return err
 				}
 			}
 		}
@@ -160,7 +160,7 @@ func (p *PolicyToLint) loadReferencedRegoFiles(baseDir string) error {
 func (p *PolicyToLint) processFile(filePath string) error {
 	content, err := os.ReadFile(filePath)
 	if err != nil {
-		return fmt.Errorf("reading %s: %w", filepath.Base(filePath), err)
+		return err
 	}
 
 	ext := strings.ToLower(filepath.Ext(filePath))
@@ -197,7 +197,7 @@ func (p *PolicyToLint) Validate() {
 func (p *PolicyToLint) validateYAMLFile(file *File) {
 	var policy v1.Policy
 	if err := unmarshal.FromRaw(file.Content, unmarshal.RawFormatYAML, &policy, true); err != nil {
-		p.AddError(file.Path, fmt.Sprintf("failed to parse/validate: %v", err), 0)
+		p.AddError(file.Path, "failed to parse/validate policy", 0)
 		return
 	}
 
@@ -207,7 +207,7 @@ func (p *PolicyToLint) validateYAMLFile(file *File) {
 	if p.Format {
 		var root yaml.Node
 		if err := yaml.Unmarshal(file.Content, &root); err != nil {
-			p.AddError(file.Path, fmt.Sprintf("failed to parse YAML: %v", err), 0)
+			p.AddError(file.Path, "failed to parse YAML", 0)
 			return
 		}
 
@@ -222,13 +222,13 @@ func (p *PolicyToLint) validateYAMLFile(file *File) {
 		defer enc.Close()
 
 		if err := enc.Encode(&root); err != nil {
-			p.AddError(file.Path, fmt.Sprintf("failed to encode YAML: %v", err), 0)
+			p.AddError(file.Path, err.Error(), 0)
 			return
 		}
 
 		outYAML := buf.Bytes()
 		if err := os.WriteFile(file.Path, outYAML, 0600); err != nil {
-			p.AddError(file.Path, fmt.Sprintf("failed to write updated file: %v", err), 0)
+			p.AddError(file.Path, err.Error(), 0)
 		} else {
 			if err := os.WriteFile(file.Path, outYAML, 0600); err != nil {
 				p.AddError(file.Path, fmt.Sprintf("failed to save updated file: %v", err), 0)
@@ -260,7 +260,7 @@ func (p *PolicyToLint) validateRegoFile(file *File) {
 
 	if p.Format && formatted != original {
 		if err := os.WriteFile(file.Path, []byte(formatted), 0600); err != nil {
-			p.AddError(file.Path, fmt.Sprintf("failed to auto-format: %v", err), 0)
+			p.AddError(file.Path, err.Error(), 0)
 		} else {
 			file.Content = []byte(formatted)
 		}
@@ -286,7 +286,7 @@ func (p *PolicyToLint) validateAndFormatRego(content, path string) string {
 func (p *PolicyToLint) applyOPAFmt(content, file string) string {
 	formatted, err := format.SourceWithOpts(file, []byte(content), format.Opts{})
 	if err != nil {
-		p.AddError(file, "Auto-formatting failed", 0)
+		p.AddError(file, "auto-formatting failed", 0)
 		return content
 	}
 	return string(formatted)
@@ -352,7 +352,7 @@ func (p *PolicyToLint) runRegalLinter(filePath, content string) {
 
 	report, err := lntr.Lint(context.Background())
 	if err != nil {
-		p.AddError(filePath, fmt.Sprintf("linting failed: %v", err), 0)
+		p.AddError(filePath, err.Error(), 0)
 		return
 	}
 

Original file line number	Diff line number	Diff line change
@@ -55,7 +55,7 @@ evaluates the policy against the provided material or attestation.`,
`55`	`55`
`56`	`56`	`policyEval, err := action.NewPolicyEval(opts, actionOpts)`
`57`	`57`	`if err != nil {`
`58`		`- return fmt.Errorf("failed to initialize policy evaluation: %w", err)`
	`58`	`+ return err`
`59`	`59`	`}`
`60`	`60`
`61`	`61`	`result, err := policyEval.Run()`
Original file line number	Diff line number	Diff line change
`@@ -16,8 +16,6 @@`
`16`	`16`	`package action`
`17`	`17`
`18`	`18`	`import (`
`19`		`- "fmt"`
`20`		`-`
`21`	`19`	`"github.com/chainloop-dev/chainloop/app/cli/internal/policydevel"`
`22`	`20`	`)`
`23`	`21`
`@@ -62,7 +60,7 @@ func (action PolicyEval) Run() ([]PolicyEvalResult, error) {`
`62`	`60`	`// Evaluate policy`
`63`	`61`	`resp, err := policydevel.Evaluate(evalOpts, action.Logger)`
`64`	`62`	`if err != nil {`
`65`		`- return nil, fmt.Errorf("evaluating policy: %w", err)`
	`63`	`+ return nil, err`
`66`	`64`	`}`
`67`	`65`
`68`	`66`	`results := make([]*PolicyEvalResult, 0, len(resp))`
Original file line number	Diff line number	Diff line change
`@@ -17,7 +17,6 @@ package action`
`17`	`17`
`18`	`18`	`import (`
`19`	`19`	`"context"`
`20`		`- "fmt"`
`21`	`20`
`22`	`21`	`"github.com/chainloop-dev/chainloop/app/cli/internal/policydevel"`
`23`	`22`	`)`
`@@ -47,7 +46,7 @@ func (action PolicyLint) Run(_ context.Context, opts PolicyLintOpts) (*PolicyL`
`47`	`46`	`// Read policies`
`48`	`47`	`policy, err := policydevel.Lookup(opts.PolicyPath, opts.RegalConfig, opts.Format)`
`49`	`48`	`if err != nil {`
`50`		`- return nil, fmt.Errorf("loading policy: %w", err)`
	`49`	`+ return nil, err`
`51`	`50`	`}`
`52`	`51`
`53`	`52`	`// Run all validations`