From b5edac42a017c7ed8854a0f87b05cda2bfab4ecc Mon Sep 17 00:00:00 2001
From: Frankie Gallina-Jones <frankieg@vmware.com>
Date: Wed, 21 Sep 2022 18:31:02 -0400
Subject: [PATCH] small logic simplifications, new error case handled

---
 internal/dependency.go             | 10 ++++++----
 internal/dependency_cacher.go      | 17 +++++++++--------
 internal/dependency_cacher_test.go | 12 ++++++++++++
 3 files changed, 27 insertions(+), 12 deletions(-)

diff --git a/internal/dependency.go b/internal/dependency.go
index 72f5ab6..b5b2935 100644
--- a/internal/dependency.go
+++ b/internal/dependency.go
@@ -19,9 +19,11 @@ import (
 type Dependency struct {
 	DeprecationDate string `json:"deprecation_date,omitempty"`
 	// The ID field should be the `name` from the dep-server
-	ID             string   `json:"name,omitempty"`
-	SHA256         string   `json:"sha256,omitempty"`
-	Source         string   `json:"source,omitempty"`
+	ID string `json:"name,omitempty"`
+	// Deprecated: use Checksum instead.
+	SHA256 string `json:"sha256,omitempty"`
+	Source string `json:"source,omitempty"`
+	// Deprecated: use SourceChecksum instead.
 	SourceSHA256   string   `json:"source_sha256,omitempty"`
 	Stacks         []Stack  `json:"stacks,omitempty"`
 	URI            string   `json:"uri,omitempty"`
@@ -105,7 +107,7 @@ func GetCargoDependenciesWithinConstraint(dependencies []cargo.ConfigMetadataDep
 			return nil, err
 		}
 
-		if !c.Check(depVersion) || dependency.ID != constraint.ID {
+		if dependency.ID != constraint.ID || !c.Check(depVersion) {
 			continue
 		}
 
diff --git a/internal/dependency_cacher.go b/internal/dependency_cacher.go
index 7734190..c88372e 100644
--- a/internal/dependency_cacher.go
+++ b/internal/dependency_cacher.go
@@ -45,19 +45,20 @@ func (dc DependencyCacher) Cache(root string, deps []cargo.ConfigMetadataDepende
 			return nil, fmt.Errorf("failed to download dependency: %s", err)
 		}
 
-		var checksum string
-		var hash string
+		checksum := dep.Checksum
+		_, hash, _ := strings.Cut(dep.Checksum, ":")
 
-		if dep.SHA256 != "" {
+		if checksum == "" {
 			checksum = fmt.Sprintf("sha256:%s", dep.SHA256)
 			hash = dep.SHA256
-			dc.logger.Action("↳  dependencies/%s", dep.SHA256)
-		} else if dep.Checksum != "" {
-			checksum = dep.Checksum
-			hash = strings.SplitN(dep.Checksum, ":", 2)[1]
-			dc.logger.Action("↳  dependencies/%s", hash)
 		}
 
+		if checksum == "sha256:" {
+			return nil, fmt.Errorf("failed to create file for %s: no sha256 or checksum provided", dep.ID)
+		}
+
+		dc.logger.Action("↳  dependencies/%s", hash)
+
 		validatedSource := cargo.NewValidatedReader(source, checksum)
 
 		destination, err := os.Create(filepath.Join(dir, hash))
diff --git a/internal/dependency_cacher_test.go b/internal/dependency_cacher_test.go
index 19145a6..c475b44 100644
--- a/internal/dependency_cacher_test.go
+++ b/internal/dependency_cacher_test.go
@@ -173,6 +173,18 @@ func testDependencyCacher(t *testing.T, context spec.G, it spec.S) {
 				})
 			})
 
+			context("when the dependency has neither a SHA256 nor a checksum", func() {
+				it("returns a clear error", func() {
+					_, err := cacher.Cache(tmpDir, []cargo.ConfigMetadataDependency{
+						{
+							URI: "http://error-dep",
+							ID:  "no-checksum-dep",
+						},
+					})
+					Expect(err).To(MatchError("failed to create file for no-checksum-dep: no sha256 or checksum provided"))
+				})
+			})
+
 			context("when the checksum does not match", func() {
 				it("returns an error", func() {
 					_, err := cacher.Cache(tmpDir, []cargo.ConfigMetadataDependency{