From 0ad3d0ef67d46f6b2e9fb0bffb4639f71311500c Mon Sep 17 00:00:00 2001
From: Bob Callaway <bcallaway@google.com>
Date: Wed, 1 Nov 2023 08:38:56 -0400
Subject: [PATCH] always increment counter for rekor prober

Signed-off-by: Bob Callaway <bcallaway@google.com>
---
 cmd/prober/write.go | 10 ++++++----
 1 file changed, 6 insertions(+), 4 deletions(-)

diff --git a/cmd/prober/write.go b/cmd/prober/write.go
index 6366ca18e..c17004340 100644
--- a/cmd/prober/write.go
+++ b/cmd/prober/write.go
@@ -136,8 +136,12 @@ func fulcioWriteEndpoint(ctx context.Context, priv *ecdsa.PrivateKey) (*x509.Cer
 // if a certificate is provided, the Rekor entry will contain that certificate,
 // otherwise the provided key is used
 func rekorWriteEndpoint(ctx context.Context, cert *x509.Certificate, priv *ecdsa.PrivateKey) error {
+	verified := "false"
 	endpoint := rekorEndpoint
 	hostPath := rekorURL + endpoint
+	defer func() {
+		verificationCounter.With(prometheus.Labels{verifiedLabel: verified}).Inc()
+	}()
 
 	body, err := rekorEntryRequest(cert, priv)
 	if err != nil {
@@ -170,15 +174,13 @@ func rekorWriteEndpoint(ctx context.Context, cert *x509.Certificate, priv *ecdsa
 		logEntryAnon = e
 		break
 	}
-	verified := "true"
 	rekorPubKeys, err := cosign.GetRekorPubs(ctx)
 	if err != nil {
 		return fmt.Errorf("getting rekor public keys: %w", err)
 	}
-	if err = cosign.VerifyTLogEntryOffline(ctx, &logEntryAnon, rekorPubKeys); err != nil {
-		verified = "false"
+	if err = cosign.VerifyTLogEntryOffline(ctx, &logEntryAnon, rekorPubKeys); err == nil {
+		verified = "true"
 	}
-	verificationCounter.With(prometheus.Labels{verifiedLabel: verified}).Inc()
 	return err
 }