Report more debug info in external data response

[binbin-li]

What would you like to be added?

Ratify embeds the artifact reference, verifier reports and error (if exist) in the external data response. Take below an example failure message from terminal:

Error from server (Forbidden): admission webhook "validation.gatekeeper.sh" denied the request: [ratify-constraint] Subject failed verification: ghcr.io/ratify-project/ratify/notary-image@sha256:8e3d01113285a0e4aa574da8eb9c0f112a1eb979d72f73399d7175ba3cdb1c1b

Users could only know the artifact reference from the output. If they need to look into the root cause, they have to inspect logs in terms of the provided image digest. However, it would be difficult when there are lots of logs, especially when many requests with the same image digest.

One possible improvement is to display the traceId, timestamp and error in the error output. Given the struct of the response Item:

	// Key is the request from the provider.
	Key string `json:"key,omitempty"`
	// Value is the response from the provider.
	Value interface{} `json:"value,omitempty"`
	// Error is the error from the provider.
	Error string `json:"error,omitempty"`
}

We can either pass additional info like traceId and timestamp in the Value or Error field. If it's embeded in Value field, we would need to update the verifierReport schema. And to be honest, I don't think traceId and timestamp belongs to verifier result. As for Error field, we can concatenate traceId and timestamp with original error string, which requires constraint template to parse it.

Anything else you would like to add?

No response

Are you willing to submit PRs to contribute to this feature?

• [ ] Yes, I am willing to implement it.