EVD creation - Adding a signing key to environment variables and util…

…izing it during creation

evidence/cli/command_cli.go

@@ -70,15 +70,42 @@ func validateCreateEvidenceCommonContext(ctx *components.Context) error {
 	if !ctx.IsFlagSet(predicate) || assertValueProvided(ctx, predicate) != nil {
 		return errorutils.CheckErrorf("'predicate' is a mandatory field for creating evidence: --%s", predicate)
 	}
+
 	if !ctx.IsFlagSet(predicateType) || assertValueProvided(ctx, predicateType) != nil {
 		return errorutils.CheckErrorf("'predicate-type' is a mandatory field for creating evidence: --%s", predicateType)
 	}
-	if !ctx.IsFlagSet(key) || assertValueProvided(ctx, key) != nil {
-		return errorutils.CheckErrorf("'key' is a mandatory field for creating evidence: --%s", key)
+
+	if err := ensureKeyExists(ctx, key); err != nil {
+		return err
+	}
+
+	if !ctx.IsFlagSet(keyAlias) {
+		setKeyAliasIfNeeded(ctx, keyAlias)
 	}
+
 	return nil
 }
 
+func ensureKeyExists(ctx *components.Context, key string) error {
+	if ctx.IsFlagSet(key) && assertValueProvided(ctx, key) == nil {
+		return nil
+	}
+
+	signingKeyValue, _ := getEnvVariable(evdSigningKey)
+	if signingKeyValue == "" {
+		return errorutils.CheckErrorf("'key' or EVD_KEY must be provided when creating evidence: --%s", key)
+	}
+	ctx.AddStringFlag(key, signingKeyValue)
+	return nil
+}
+
+func setKeyAliasIfNeeded(ctx *components.Context, keyAlias string) {
+	evdKeyAliasValue, _ := getEnvVariable(evdKeyAlias)
+	if evdKeyAliasValue != "" {
+		ctx.AddStringFlag(keyAlias, evdKeyAliasValue)
+	}
+}
+
 func getAndValidateSubject(ctx *components.Context) (string, error) {
 	var foundSubjects []string
 	for _, key := range subjectTypes {

evidence/cli/command_cli_test.go

@@ -7,13 +7,17 @@ import (
 	"github.com/stretchr/testify/assert"
 	"github.com/urfave/cli"
 	"go.uber.org/mock/gomock"
+	"os"
 	"testing"
 )
 
 func TestCreateEvidence_Context(t *testing.T) {
 	ctrl := gomock.NewController(t)
 	defer ctrl.Finish()
 
+	assert.NoError(t, os.Setenv(evdSigningKey, "PGP"), "Failed to set env: "+evdSigningKey)
+	defer os.Unsetenv(evdSigningKey)
+
 	app := cli.NewApp()
 	app.Commands = []cli.Command{
 		{
@@ -106,6 +110,18 @@ func TestCreateEvidence_Context(t *testing.T) {
 			},
 			expectErr: false,
 		},
+		{
+			name: "ValidContext With Key As Env Var- Package",
+			flags: []components.Flag{
+				setDefaultValue(predicate, predicate),
+				setDefaultValue(predicateType, "InToto"),
+				setDefaultValue(packageName, packageName),
+				setDefaultValue(packageVersion, packageVersion),
+				setDefaultValue(packageRepoName, packageRepoName),
+				setDefaultValue("url", "url"),
+			},
+			expectErr: false,
+		},
 		{
 			name: "InvalidContext - Missing package version",
 			flags: []components.Flag{

evidence/cli/flags.go

@@ -36,6 +36,12 @@ const (
 	keyAlias        = "key-alias"
 )
 
+const (
+	// Evidence environments vars
+	evdSigningKey = "evd_key"
+	evdKeyAlias   = "evd_key_alias"
+)
+
 // Flag keys mapped to their corresponding components.Flag definition.
 var flagsMap = map[string]components.Flag{
 	// Common commands flags
@@ -57,7 +63,7 @@ var flagsMap = map[string]components.Flag{
 	predicateType:   components.NewStringFlag(predicateType, "Type of the predicate.", func(f *components.StringFlag) { f.Mandatory = true }),
 	subjectRepoPath: components.NewStringFlag(subjectRepoPath, "Full path to some subject' location.", func(f *components.StringFlag) { f.Mandatory = false }),
 	subjectSha256:   components.NewStringFlag(subjectSha256, "Subject checksum sha256.", func(f *components.StringFlag) { f.Mandatory = false }),
-	key:             components.NewStringFlag(key, "Path to a private key that will sign the DSSE. Supported keys: 'ecdsa','rsa' and 'ed25519'.", func(f *components.StringFlag) { f.Mandatory = true }),
+	key:             components.NewStringFlag(key, "Path to a private key that will sign the DSSE. Supported keys: 'ecdsa','rsa' and 'ed25519'.", func(f *components.StringFlag) { f.Mandatory = false }),
 	keyAlias:        components.NewStringFlag(keyAlias, "Key alias", func(f *components.StringFlag) { f.Mandatory = false }),
 }
 

evidence/cli/utils.go

@@ -1,6 +1,10 @@
 package cli
 
-import "github.com/jfrog/jfrog-cli-core/v2/common/commands"
+import (
+	"fmt"
+	"github.com/jfrog/jfrog-cli-core/v2/common/commands"
+	"os"
+)
 
 type execCommandFunc func(command commands.Command) error
 
@@ -14,3 +18,10 @@ var subjectTypes = []string{
 	buildName,
 	packageName,
 }
+
+func getEnvVariable(envVarName string) (string, error) {
+	if key, exists := os.LookupEnv(envVarName); exists {
+		return key, nil
+	}
+	return "", fmt.Errorf("'%s'  field wasn't provided.", envVarName)
+}

go.mod

@@ -95,5 +95,7 @@ require (
 	gopkg.in/yaml.v3 v3.0.1 // indirect
 )
 
+replace github.com/jfrog/jfrog-cli-core/v2 => ../../jfrog-cli-core/
+
 //replace github.com/jfrog/jfrog-cli-core/v2 => github.com/jfrog/jfrog-cli-core/v2 v2.31.1-0.20240811150357-12a9330a2d67
 //replace github.com/jfrog/jfrog-client-go => github.com/jfrog/jfrog-client-go v1.28.1-0.20240811142930-ab9715567376

go.sum

@@ -91,8 +91,6 @@ github.com/jfrog/build-info-go v1.10.5 h1:cW03JlPlKv7RMUU896uLUxyLWXAmCgR5Y5QX0f
 github.com/jfrog/build-info-go v1.10.5/go.mod h1:JcISnovFXKx3wWf3p1fcMmlPdt6adxScXvoJN4WXqIE=
 github.com/jfrog/gofrog v1.7.6 h1:QmfAiRzVyaI7JYGsB7cxfAJePAZTzFz0gRWZSE27c6s=
 github.com/jfrog/gofrog v1.7.6/go.mod h1:ntr1txqNOZtHplmaNd7rS4f8jpA5Apx8em70oYEe7+4=
-github.com/jfrog/jfrog-cli-core/v2 v2.56.8 h1:UexulAwRVN20VmYACijkTFYKqtUq5myE4okEgmUrorw=
-github.com/jfrog/jfrog-cli-core/v2 v2.56.8/go.mod h1:RY74eDpw1WBxruSfZ0HO1ax7c1NAj+rbBgA/hVOJNME=
 github.com/jfrog/jfrog-client-go v1.48.0 h1:hx5B7+Wnobmzq4aFVZtALtbEVDFcjpn0Wb4q2m6H4KU=
 github.com/jfrog/jfrog-client-go v1.48.0/go.mod h1:1a7bmQHkRmPEza9wva2+WVrYzrGbosrMymq57kyG5gU=
 github.com/kevinburke/ssh_config v1.2.0 h1:x584FjTGwHzMwvHx18PXxbBVzfnxogHaAReU4gf13a4=