From b67f47b6200a6629d89f6efcad18baf880c74feb Mon Sep 17 00:00:00 2001 From: osaidw Date: Wed, 31 Jul 2024 16:55:12 +0300 Subject: [PATCH 01/16] Create Build Evidence. --- evidence/cli/command_build.go | 31 ++++++ evidence/cli/command_controller.go | 2 + evidence/cli/flags.go | 4 +- evidence/cli/mocks/command_mock.go | 49 ---------- evidence/cli/utils.go | 1 + evidence/create_base.go | 3 - evidence/create_build.go | 128 +++++++++++++++++++++++++ evidence/create_build_test.go | 89 +++++++++++++++++ evidence/create_release_bundle_test.go | 13 ++- evidence/utils/datex.go | 9 ++ 10 files changed, 271 insertions(+), 58 deletions(-) create mode 100644 evidence/cli/command_build.go delete mode 100644 evidence/cli/mocks/command_mock.go create mode 100644 evidence/create_build.go create mode 100644 evidence/create_build_test.go create mode 100644 evidence/utils/datex.go diff --git a/evidence/cli/command_build.go b/evidence/cli/command_build.go new file mode 100644 index 0000000..b7742f1 --- /dev/null +++ b/evidence/cli/command_build.go @@ -0,0 +1,31 @@ +package cli + +import ( + "github.com/jfrog/jfrog-cli-artifactory/evidence" + "github.com/jfrog/jfrog-cli-core/v2/plugins/components" + coreConfig "github.com/jfrog/jfrog-cli-core/v2/utils/config" +) + +type evidenceBuildCommand struct { + ctx *components.Context + execute execCommandFunc +} + +func NewEvidenceBuildCommand(ctx *components.Context, execute execCommandFunc) EvidenceCommands { + return &evidenceBuildCommand{ + ctx: ctx, + execute: execute, + } +} + +func (erc *evidenceBuildCommand) CreateEvidence(serverDetails *coreConfig.ServerDetails) error { + createCmd := evidence.NewCreateEvidenceBuild( + serverDetails, + erc.ctx.GetStringFlagValue(predicate), + erc.ctx.GetStringFlagValue(predicateType), + erc.ctx.GetStringFlagValue(key), + erc.ctx.GetStringFlagValue(keyId), + erc.ctx.GetStringFlagValue(project), + erc.ctx.GetStringFlagValue(build)) + return erc.execute(createCmd) +} diff --git a/evidence/cli/command_controller.go b/evidence/cli/command_controller.go index b9234ff..fee5a7b 100644 --- a/evidence/cli/command_controller.go +++ b/evidence/cli/command_controller.go @@ -49,6 +49,8 @@ func createEvidence(c *components.Context) error { command = NewEvidenceCustomCommand(c, execFunc) case releaseBundle: command = NewEvidenceReleaseBundleCommand(c, execFunc) + case build: + command = NewEvidenceBuildCommand(c, execFunc) default: return errors.New("unsupported subject") } diff --git a/evidence/cli/flags.go b/evidence/cli/flags.go index 82ff283..0cf036f 100644 --- a/evidence/cli/flags.go +++ b/evidence/cli/flags.go @@ -21,6 +21,7 @@ const ( // RLM flags keys releaseBundle = "release-bundle" + build = "build" // Unique evidence flags evidencePrefix = "evd-" @@ -42,6 +43,7 @@ var flagsMap = map[string]components.Flag{ project: components.NewStringFlag(project, "Project key associated with the created evidence.", func(f *components.StringFlag) { f.Mandatory = false }), releaseBundle: components.NewStringFlag(releaseBundle, "Release Bundle name and version. Format: :", func(f *components.StringFlag) { f.Mandatory = false }), + build: components.NewStringFlag(build, "Build name and number. Format: :", func(f *components.StringFlag) { f.Mandatory = false }), predicate: components.NewStringFlag(predicate, "Path to the predicate, arbitrary JSON.", func(f *components.StringFlag) { f.Mandatory = true }), predicateType: components.NewStringFlag(predicateType, "Type of the predicate.", func(f *components.StringFlag) { f.Mandatory = true }), @@ -52,7 +54,7 @@ var flagsMap = map[string]components.Flag{ var commandFlags = map[string][]string{ CreateEvidence: { - url, user, password, accessToken, ServerId, project, releaseBundle, predicate, predicateType, repoPath, key, keyId, + url, user, password, accessToken, ServerId, project, releaseBundle, build, predicate, predicateType, repoPath, key, keyId, }, } diff --git a/evidence/cli/mocks/command_mock.go b/evidence/cli/mocks/command_mock.go deleted file mode 100644 index 65aa509..0000000 --- a/evidence/cli/mocks/command_mock.go +++ /dev/null @@ -1,49 +0,0 @@ -// Code generated by MockGen. DO NOT EDIT. -// Source: command.go - -// Package mock_cli is a generated GoMock package. -package mock_cli - -import ( - reflect "reflect" - - gomock "github.com/golang/mock/gomock" - config "github.com/jfrog/jfrog-cli-core/v2/utils/config" -) - -// MockEvidenceCommands is a mock of EvidenceCommands interface. -type MockEvidenceCommands struct { - ctrl *gomock.Controller - recorder *MockEvidenceCommandsMockRecorder -} - -// MockEvidenceCommandsMockRecorder is the mock recorder for MockEvidenceCommands. -type MockEvidenceCommandsMockRecorder struct { - mock *MockEvidenceCommands -} - -// NewMockEvidenceCommands creates a new mock instance. -func NewMockEvidenceCommands(ctrl *gomock.Controller) *MockEvidenceCommands { - mock := &MockEvidenceCommands{ctrl: ctrl} - mock.recorder = &MockEvidenceCommandsMockRecorder{mock} - return mock -} - -// EXPECT returns an object that allows the caller to indicate expected use. -func (m *MockEvidenceCommands) EXPECT() *MockEvidenceCommandsMockRecorder { - return m.recorder -} - -// CreateEvidence mocks base method. -func (m *MockEvidenceCommands) CreateEvidence(arg0 *config.ServerDetails) error { - m.ctrl.T.Helper() - ret := m.ctrl.Call(m, "CreateEvidence", arg0) - ret0, _ := ret[0].(error) - return ret0 -} - -// CreateEvidence indicates an expected call of CreateEvidence. -func (mr *MockEvidenceCommandsMockRecorder) CreateEvidence(arg0 interface{}) *gomock.Call { - mr.mock.ctrl.T.Helper() - return mr.mock.ctrl.RecordCallWithMethodType(mr.mock, "CreateEvidence", reflect.TypeOf((*MockEvidenceCommands)(nil).CreateEvidence), arg0) -} diff --git a/evidence/cli/utils.go b/evidence/cli/utils.go index e90fa80..f1ce84c 100644 --- a/evidence/cli/utils.go +++ b/evidence/cli/utils.go @@ -11,4 +11,5 @@ func exec(command commands.Command) error { var subjectTypes = []string{ repoPath, releaseBundle, + build, } diff --git a/evidence/create_base.go b/evidence/create_base.go index 39bf4ce..c2c5910 100644 --- a/evidence/create_base.go +++ b/evidence/create_base.go @@ -54,7 +54,6 @@ func (c *createEvidenceBase) buildIntotoStatementJson(subject string) ([]byte, e artifactoryClient, err := c.createArtifactoryClient() if err != nil { - log.Error("failed to create Artifactory client", err) return nil, err } @@ -74,7 +73,6 @@ func (c *createEvidenceBase) buildIntotoStatementJson(subject string) ([]byte, e func (c *createEvidenceBase) uploadEvidence(envelope []byte, repoPath string) error { evidenceManager, err := utils.CreateEvidenceServiceManager(c.serverDetails, false) if err != nil { - log.Error("failed to create Evidence client", err) return err } @@ -84,7 +82,6 @@ func (c *createEvidenceBase) uploadEvidence(envelope []byte, repoPath string) er } body, err := evidenceManager.UploadEvidence(evidenceDetails) if err != nil { - log.Error("failed to upload evidence file", err) return err } diff --git a/evidence/create_build.go b/evidence/create_build.go new file mode 100644 index 0000000..aa8e9fc --- /dev/null +++ b/evidence/create_build.go @@ -0,0 +1,128 @@ +package evidence + +import ( + "fmt" + "github.com/jfrog/jfrog-cli-artifactory/evidence/utils" + "github.com/jfrog/jfrog-cli-core/v2/utils/config" + coreConfig "github.com/jfrog/jfrog-cli-core/v2/utils/config" + "github.com/jfrog/jfrog-client-go/artifactory" + "github.com/jfrog/jfrog-client-go/artifactory/services" + "github.com/jfrog/jfrog-client-go/utils/errorutils" + "github.com/jfrog/jfrog-client-go/utils/log" + "strings" +) + +type createEvidenceBuild struct { + createEvidenceBase + project string + build string +} + +func NewCreateEvidenceBuild(serverDetails *coreConfig.ServerDetails, predicateFilePath string, predicateType string, key string, keyId string, + project string, build string) Command { + return &createEvidenceBuild{ + createEvidenceBase: createEvidenceBase{ + serverDetails: serverDetails, + predicateFilePath: predicateFilePath, + predicateType: predicateType, + key: key, + keyId: keyId, + }, + project: project, + build: build, + } +} + +func (c *createEvidenceBuild) CommandName() string { + return "create-build-evidence" +} + +func (c *createEvidenceBuild) ServerDetails() (*config.ServerDetails, error) { + return c.serverDetails, nil +} + +func (c *createEvidenceBuild) Run() error { + artifactoryClient, err := c.createArtifactoryClient() + if err != nil { + log.Error("failed to create Artifactory client", err) + return err + } + subject, err := c.buildBuildInfoSubjectPath(artifactoryClient) + if err != nil { + return err + } + envelope, err := c.createEnvelope(subject) + if err != nil { + return err + } + err = c.uploadEvidence(envelope, subject) + if err != nil { + return err + } + + return nil +} + +func (c *createEvidenceBuild) buildBuildInfoSubjectPath(artifactoryClient artifactory.ArtifactoryServicesManager) (string, error) { + build := strings.Split(c.build, ":") + if len(build) != 2 { + return "", fmt.Errorf("invalid build format. expected format is :") + } + name := build[0] + number := build[1] + + timestamp, err := getBuildLatestTimestamp(name, number, c.project, artifactoryClient) + if err != nil { + return "", err + } + + repoKey := buildBuildInfoRepoKey(c.project) + buildInfoPath := buildBuildInfoPath(repoKey, name, number, timestamp) + buildInfoChecksum, err := getBuildInfoPathChecksum(buildInfoPath, artifactoryClient) + if err != nil { + return "", err + } + return buildInfoPath + "@" + buildInfoChecksum, nil +} + +func getBuildLatestTimestamp(name string, number string, project string, artifactoryClient artifactory.ArtifactoryServicesManager) (string, error) { + buildInfo := services.BuildInfoParams{ + BuildName: name, + BuildNumber: number, + ProjectKey: project, + } + res, b, err := artifactoryClient.GetBuildInfo(buildInfo) + if !b { + errorMessage := fmt.Sprintf("failed to find build, name:%s, number:%s, project: %s", name, number, project) + if err != nil { + return "", err + } + return "", errorutils.CheckErrorf(errorMessage) + } + timestamp, err := utils.ParseIsoTimestamp(res.BuildInfo.Started) + if err != nil { + return "", err + } + return fmt.Sprintf("%d", timestamp.UnixMilli()), nil +} + +func buildBuildInfoRepoKey(project string) string { + if project == "" || project == "default" { + return "artifactory-build-info" + } + return fmt.Sprintf("%s-build-info", project) +} + +func buildBuildInfoPath(repoKey string, name string, number string, timestamp string) string { + jsonFile := fmt.Sprintf("%s-%s.json", number, timestamp) + return fmt.Sprintf("%s/%s/%s", repoKey, name, jsonFile) +} + +func getBuildInfoPathChecksum(buildInfoPath string, artifactoryClient artifactory.ArtifactoryServicesManager) (string, error) { + res, err := artifactoryClient.FileInfo(buildInfoPath) + if err != nil { + log.Warn(fmt.Sprintf("build info json path '%s' does not exist.", buildInfoPath)) + return "", err + } + return res.Checksums.Sha256, nil +} diff --git a/evidence/create_build_test.go b/evidence/create_build_test.go new file mode 100644 index 0000000..3b39f77 --- /dev/null +++ b/evidence/create_build_test.go @@ -0,0 +1,89 @@ +package evidence + +import ( + "github.com/jfrog/jfrog-client-go/artifactory/services/utils" + "github.com/stretchr/testify/assert" + "testing" +) + +import ( + buildinfo "github.com/jfrog/build-info-go/entities" + "github.com/jfrog/jfrog-client-go/artifactory" + "github.com/jfrog/jfrog-client-go/artifactory/services" +) + +type mockArtifactoryServicesManagerBuild struct { + artifactory.EmptyArtifactoryServicesManager +} + +func (m *mockArtifactoryServicesManagerBuild) FileInfo(relativePath string) (*utils.FileInfo, error) { + fi := &utils.FileInfo{ + Checksums: struct { + Sha1 string `json:"sha1,omitempty"` + Sha256 string `json:"sha256,omitempty"` + Md5 string `json:"md5,omitempty"` + }{ + Sha256: "dummy_sha256", + }, + } + return fi, nil +} + +func (m *mockArtifactoryServicesManagerBuild) GetBuildInfo(services.BuildInfoParams) (*buildinfo.PublishedBuildInfo, bool, error) { + buildInfo := &buildinfo.PublishedBuildInfo{ + BuildInfo: buildinfo.BuildInfo{ + Started: "2024-01-17T15:04:05.000-0700", + }, + } + return buildInfo, true, nil +} + +func TestBuildInfo(t *testing.T) { + tests := []struct { + name string + project string + build string + expectedPath string + expectError bool + }{ + { + name: "Valid build with project", + project: "myProject", + build: "buildName:1", + expectedPath: "myProject-build-info/buildName/1-1705529045000.json@dummy_sha256", + expectError: false, + }, + { + name: "Valid build default project", + project: "default", + build: "buildName:1", + expectedPath: "artifactory-build-info/buildName/1-1705529045000.json@dummy_sha256", + expectError: false, + }, + { + name: "Invalid build format", + project: "myProject", + build: "buildName-1", + expectedPath: "", + expectError: true, + }, + } + + for _, tt := range tests { + t.Run(tt.name, func(t *testing.T) { + c := &createEvidenceBuild{ + project: tt.project, + build: tt.build, + } + aa := &mockArtifactoryServicesManagerBuild{} + path, err := c.buildBuildInfoSubjectPath(aa) + if tt.expectError { + assert.Error(t, err) + assert.Empty(t, path) + } else { + assert.NoError(t, err) + assert.Equal(t, tt.expectedPath, path) + } + }) + } +} diff --git a/evidence/create_release_bundle_test.go b/evidence/create_release_bundle_test.go index a98689c..5653665 100644 --- a/evidence/create_release_bundle_test.go +++ b/evidence/create_release_bundle_test.go @@ -1,17 +1,20 @@ package evidence import ( - "github.com/jfrog/jfrog-client-go/artifactory" - "github.com/jfrog/jfrog-client-go/artifactory/services/utils" "github.com/stretchr/testify/assert" "testing" ) -type mockArtifactoryServicesManager struct { +import ( + "github.com/jfrog/jfrog-client-go/artifactory" + "github.com/jfrog/jfrog-client-go/artifactory/services/utils" +) + +type mockReleaseBundleArtifactoryServicesManager struct { artifactory.EmptyArtifactoryServicesManager } -func (m *mockArtifactoryServicesManager) FileInfo(relativePath string) (*utils.FileInfo, error) { +func (m *mockReleaseBundleArtifactoryServicesManager) FileInfo(relativePath string) (*utils.FileInfo, error) { fi := &utils.FileInfo{ Checksums: struct { Sha1 string `json:"sha1,omitempty"` @@ -75,7 +78,7 @@ func TestReleaseBundle(t *testing.T) { project: tt.project, releaseBundle: tt.releaseBundle, } - aa := &mockArtifactoryServicesManager{} + aa := &mockReleaseBundleArtifactoryServicesManager{} path, err := c.buildReleaseBundleSubjectPath(aa) if tt.expectError { assert.Error(t, err) diff --git a/evidence/utils/datex.go b/evidence/utils/datex.go new file mode 100644 index 0000000..27b27ad --- /dev/null +++ b/evidence/utils/datex.go @@ -0,0 +1,9 @@ +package utils + +import "time" + +const IsoDateTimeLayout = "2006-01-02T15:04:05.000-0700" + +func ParseIsoTimestamp(isoTimestamp string) (time.Time, error) { + return time.Parse(IsoDateTimeLayout, isoTimestamp) +} From d9c3eed00267d37a317c47bb9a645085897882b8 Mon Sep 17 00:00:00 2001 From: osaidw Date: Sun, 4 Aug 2024 10:09:52 +0300 Subject: [PATCH 02/16] Create Build Evidence. --- evidence/create_build.go | 14 +++++++------- 1 file changed, 7 insertions(+), 7 deletions(-) diff --git a/evidence/create_build.go b/evidence/create_build.go index aa8e9fc..fd60cc2 100644 --- a/evidence/create_build.go +++ b/evidence/create_build.go @@ -18,8 +18,8 @@ type createEvidenceBuild struct { build string } -func NewCreateEvidenceBuild(serverDetails *coreConfig.ServerDetails, predicateFilePath string, predicateType string, key string, keyId string, - project string, build string) Command { +func NewCreateEvidenceBuild(serverDetails *coreConfig.ServerDetails, + predicateFilePath, predicateType, key, keyId, project, build string) Command { return &createEvidenceBuild{ createEvidenceBase: createEvidenceBase{ serverDetails: serverDetails, @@ -91,12 +91,12 @@ func getBuildLatestTimestamp(name string, number string, project string, artifac BuildNumber: number, ProjectKey: project, } - res, b, err := artifactoryClient.GetBuildInfo(buildInfo) - if !b { + res, ok, err := artifactoryClient.GetBuildInfo(buildInfo) + if err != nil { + return "", err + } + if !ok { errorMessage := fmt.Sprintf("failed to find build, name:%s, number:%s, project: %s", name, number, project) - if err != nil { - return "", err - } return "", errorutils.CheckErrorf(errorMessage) } timestamp, err := utils.ParseIsoTimestamp(res.BuildInfo.Started) From bf36c53b89589eb2354cbfc961444e046f56c5d8 Mon Sep 17 00:00:00 2001 From: osaidw Date: Sun, 4 Aug 2024 17:06:29 +0300 Subject: [PATCH 03/16] Evidence CLI - update fields names. --- evidence/cli/command.go | 3 +- evidence/cli/command_build.go | 29 +++++++--- evidence/cli/command_controller.go | 16 +++--- evidence/cli/command_controller_test.go | 62 +++++++++++++++++---- evidence/cli/command_custom.go | 18 +++++-- evidence/cli/command_relesae_bundle.go | 18 ++++++- evidence/cli/flags.go | 53 ++++++++++++------ evidence/cli/utils.go | 4 +- evidence/create_base.go | 8 +-- evidence/create_build.go | 42 +++++++-------- evidence/create_build_test.go | 52 +++++++++--------- evidence/create_custom.go | 14 ++--- evidence/create_release_bundle.go | 33 +++++------- evidence/create_release_bundle_test.go | 71 ++++++++++++------------- evidence/intoto/intoto_statement_v1.go | 12 ++--- 15 files changed, 261 insertions(+), 174 deletions(-) diff --git a/evidence/cli/command.go b/evidence/cli/command.go index 3e1b7fd..68800a3 100644 --- a/evidence/cli/command.go +++ b/evidence/cli/command.go @@ -3,9 +3,10 @@ package cli //go:generate ${PROJECT_DIR}/scripts/mockgen.sh ${GOFILE} import ( + "github.com/jfrog/jfrog-cli-core/v2/plugins/components" coreConfig "github.com/jfrog/jfrog-cli-core/v2/utils/config" ) type EvidenceCommands interface { - CreateEvidence(*coreConfig.ServerDetails) error + CreateEvidence(ctx *components.Context, serverDetails *coreConfig.ServerDetails) error } diff --git a/evidence/cli/command_build.go b/evidence/cli/command_build.go index b7742f1..dc7f893 100644 --- a/evidence/cli/command_build.go +++ b/evidence/cli/command_build.go @@ -4,6 +4,7 @@ import ( "github.com/jfrog/jfrog-cli-artifactory/evidence" "github.com/jfrog/jfrog-cli-core/v2/plugins/components" coreConfig "github.com/jfrog/jfrog-cli-core/v2/utils/config" + "github.com/jfrog/jfrog-client-go/utils/errorutils" ) type evidenceBuildCommand struct { @@ -18,14 +19,26 @@ func NewEvidenceBuildCommand(ctx *components.Context, execute execCommandFunc) E } } -func (erc *evidenceBuildCommand) CreateEvidence(serverDetails *coreConfig.ServerDetails) error { +func (ebc *evidenceBuildCommand) CreateEvidence(ctx *components.Context, serverDetails *coreConfig.ServerDetails) error { + err := ebc.validateEvidenceBuildContext(ctx) + if err != nil { + return err + } + createCmd := evidence.NewCreateEvidenceBuild( serverDetails, - erc.ctx.GetStringFlagValue(predicate), - erc.ctx.GetStringFlagValue(predicateType), - erc.ctx.GetStringFlagValue(key), - erc.ctx.GetStringFlagValue(keyId), - erc.ctx.GetStringFlagValue(project), - erc.ctx.GetStringFlagValue(build)) - return erc.execute(createCmd) + ebc.ctx.GetStringFlagValue(predicate), + ebc.ctx.GetStringFlagValue(predicateType), + ebc.ctx.GetStringFlagValue(key), + ebc.ctx.GetStringFlagValue(keyId), + ebc.ctx.GetStringFlagValue(project), + ebc.ctx.GetStringFlagValue(buildName), + ebc.ctx.GetStringFlagValue(buildNumber)) + return ebc.execute(createCmd) +} +func (ebc *evidenceBuildCommand) validateEvidenceBuildContext(c *components.Context) error { + if !c.IsFlagSet(buildNumber) || assertValueProvided(c, buildNumber) != nil { + return errorutils.CheckErrorf("'buildNumber' is a mandatory field for creating a Release Bundle evidence: --%s", buildNumber) + } + return nil } diff --git a/evidence/cli/command_controller.go b/evidence/cli/command_controller.go index fee5a7b..d30aeee 100644 --- a/evidence/cli/command_controller.go +++ b/evidence/cli/command_controller.go @@ -31,7 +31,7 @@ var execFunc = func(command commands.Command) error { } func createEvidence(c *components.Context) error { - if err := validateCreateEvidenceContext(c); err != nil { + if err := validateCreateEvidenceCommonContext(c); err != nil { return err } subject, err := getAndValidateSubject(c) @@ -45,20 +45,20 @@ func createEvidence(c *components.Context) error { var command EvidenceCommands switch subject { - case repoPath: + case subjectRepoPath: command = NewEvidenceCustomCommand(c, execFunc) case releaseBundle: command = NewEvidenceReleaseBundleCommand(c, execFunc) - case build: + case buildName: command = NewEvidenceBuildCommand(c, execFunc) default: return errors.New("unsupported subject") } - return command.CreateEvidence(serverDetails) + return command.CreateEvidence(c, serverDetails) } -func validateCreateEvidenceContext(c *components.Context) error { +func validateCreateEvidenceCommonContext(c *components.Context) error { if show, err := pluginsCommon.ShowCmdHelpIfNeeded(c, c.Arguments); show || err != nil { return err } @@ -68,13 +68,13 @@ func validateCreateEvidenceContext(c *components.Context) error { } if !c.IsFlagSet(predicate) || assertValueProvided(c, predicate) != nil { - return errorutils.CheckErrorf("'predicate' is a mandatory field for creating a custom evidence: --%s", predicate) + return errorutils.CheckErrorf("'predicate' is a mandatory field for creating evidence: --%s", predicate) } if !c.IsFlagSet(predicateType) || assertValueProvided(c, predicateType) != nil { - return errorutils.CheckErrorf("'predicate-type' is a mandatory field for creating a custom evidence: --%s", predicateType) + return errorutils.CheckErrorf("'predicate-type' is a mandatory field for creating evidence: --%s", predicateType) } if !c.IsFlagSet(key) || assertValueProvided(c, key) != nil { - return errorutils.CheckErrorf("'key' is a mandatory field for creating a custom evidence: --%s", key) + return errorutils.CheckErrorf("'key' is a mandatory field for creating evidence: --%s", key) } return nil } diff --git a/evidence/cli/command_controller_test.go b/evidence/cli/command_controller_test.go index fd6c3c3..6baff90 100644 --- a/evidence/cli/command_controller_test.go +++ b/evidence/cli/command_controller_test.go @@ -22,27 +22,32 @@ func TestCreateEvidence_Context(t *testing.T) { }{ { name: "InvalidContext - Missing Subject", - context: createContext("somePredicate", "InToto", "PGP", "", ""), + context: createCustomContext("somePredicate", "InToto", "PGP", "", ""), expectErr: true, }, { name: "InvalidContext - Missing Predicate", - context: createContext("", "InToto", "PGP", "someBundle", ""), + context: createCustomContext("", "InToto", "PGP", "someBundle", ""), expectErr: true, }, { name: "InvalidContext - Subject Duplication", - context: createContext("somePredicate", "InToto", "PGP", "someBundle", "path"), + context: createCustomAndRBContext("somePredicate", "InToto", "PGP", "someBundle", "1.0.0", "rb", "rbv"), expectErr: true, }, { name: "ValidContext - ReleaseBundle", - context: createContext("somePredicate", "InToto", "PGP", "someBundle:1", ""), + context: createRBContext("somePredicate", "InToto", "PGP", "someBundle:1", "1.0.0"), expectErr: false, }, { name: "ValidContext - RepoPath", - context: createContext("somePredicate", "InToto", "PGP", "", "path"), + context: createCustomContext("somePredicate", "InToto", "PGP", "path", "sha256"), + expectErr: false, + }, + { + name: "ValidContext - Build", + context: createBuildContext("somePredicate", "InToto", "PGP", "name", "number"), expectErr: false, }, } @@ -67,15 +72,52 @@ func TestCreateEvidence_Context(t *testing.T) { } } -func createContext(predicate string, predicateType string, key string, rb string, repoPath string) *components.Context { +func createCommonContext(ctx *components.Context, _predicate, _predicateType, _key string) *components.Context { + setStringFlagValue(ctx, predicate, _predicate) + setStringFlagValue(ctx, predicateType, _predicateType) + setStringFlagValue(ctx, key, _key) + return ctx +} + +func createCustomAndRBContext(_predicate, _predicateType, _key, repoPath, sha256, rb, rbv string) *components.Context { ctx := &components.Context{ Arguments: []string{}, } - setStringFlagValue(ctx, predicate, predicate) - setStringFlagValue(ctx, predicateType, predicateType) - setStringFlagValue(ctx, key, key) - setStringFlagValue(ctx, repoPath, repoPath) + createCommonContext(ctx, _predicate, _predicateType, _key) + setStringFlagValue(ctx, subjectRepoPath, repoPath) + setStringFlagValue(ctx, subjectSha256, sha256) setStringFlagValue(ctx, releaseBundle, rb) + setStringFlagValue(ctx, releaseBundleVersion, rbv) + return ctx +} + +func createCustomContext(_predicate, _predicateType, _key, repoPath, sha256 string) *components.Context { + ctx := &components.Context{ + Arguments: []string{}, + } + createCommonContext(ctx, _predicate, _predicateType, _key) + setStringFlagValue(ctx, subjectRepoPath, repoPath) + setStringFlagValue(ctx, subjectSha256, sha256) + return ctx +} + +func createRBContext(_predicate, _predicateType, _key, rb, rbv string) *components.Context { + ctx := &components.Context{ + Arguments: []string{}, + } + createCommonContext(ctx, _predicate, _predicateType, _key) + setStringFlagValue(ctx, releaseBundle, rb) + setStringFlagValue(ctx, releaseBundleVersion, rbv) + return ctx +} + +func createBuildContext(_predicate, _predicateType, _key, _buildName, _buildNumber string) *components.Context { + ctx := &components.Context{ + Arguments: []string{}, + } + createCommonContext(ctx, _predicate, _predicateType, _key) + setStringFlagValue(ctx, buildName, _buildName) + setStringFlagValue(ctx, buildNumber, _buildNumber) return ctx } diff --git a/evidence/cli/command_custom.go b/evidence/cli/command_custom.go index 6a22566..ec4c0c7 100644 --- a/evidence/cli/command_custom.go +++ b/evidence/cli/command_custom.go @@ -4,6 +4,7 @@ import ( "github.com/jfrog/jfrog-cli-artifactory/evidence" "github.com/jfrog/jfrog-cli-core/v2/plugins/components" coreConfig "github.com/jfrog/jfrog-cli-core/v2/utils/config" + "github.com/jfrog/jfrog-client-go/utils/errorutils" ) type evidenceCustomCommand struct { @@ -17,14 +18,25 @@ func NewEvidenceCustomCommand(ctx *components.Context, execute execCommandFunc) execute: execute, } } - -func (ecc *evidenceCustomCommand) CreateEvidence(serverDetails *coreConfig.ServerDetails) error { +func (ecc *evidenceCustomCommand) CreateEvidence(ctx *components.Context, serverDetails *coreConfig.ServerDetails) error { + err := ecc.validateEvidenceCustomContext(ctx) + if err != nil { + return err + } createCmd := evidence.NewCreateEvidenceCustom( serverDetails, ecc.ctx.GetStringFlagValue(predicate), ecc.ctx.GetStringFlagValue(predicateType), ecc.ctx.GetStringFlagValue(key), ecc.ctx.GetStringFlagValue(keyId), - ecc.ctx.GetStringFlagValue(repoPath)) + ecc.ctx.GetStringFlagValue(subjectRepoPath), + ecc.ctx.GetStringFlagValue(subjectSha256)) return ecc.execute(createCmd) } + +func (ecc *evidenceCustomCommand) validateEvidenceCustomContext(c *components.Context) error { + if !c.IsFlagSet(subjectSha256) || assertValueProvided(c, subjectSha256) != nil { + return errorutils.CheckErrorf("'subject-sha256' is a mandatory field for creating a custom evidence: --%s", subjectSha256) + } + return nil +} diff --git a/evidence/cli/command_relesae_bundle.go b/evidence/cli/command_relesae_bundle.go index 464bd7e..aaa1140 100644 --- a/evidence/cli/command_relesae_bundle.go +++ b/evidence/cli/command_relesae_bundle.go @@ -4,6 +4,7 @@ import ( "github.com/jfrog/jfrog-cli-artifactory/evidence" "github.com/jfrog/jfrog-cli-core/v2/plugins/components" coreConfig "github.com/jfrog/jfrog-cli-core/v2/utils/config" + "github.com/jfrog/jfrog-client-go/utils/errorutils" ) type evidenceReleaseBundleCommand struct { @@ -18,7 +19,12 @@ func NewEvidenceReleaseBundleCommand(ctx *components.Context, execute execComman } } -func (erc *evidenceReleaseBundleCommand) CreateEvidence(serverDetails *coreConfig.ServerDetails) error { +func (erc *evidenceReleaseBundleCommand) CreateEvidence(ctx *components.Context, serverDetails *coreConfig.ServerDetails) error { + err := erc.validateEvidenceReleaseBundleContext(ctx) + if err != nil { + return err + } + createCmd := evidence.NewCreateEvidenceReleaseBundle( serverDetails, erc.ctx.GetStringFlagValue(predicate), @@ -26,6 +32,14 @@ func (erc *evidenceReleaseBundleCommand) CreateEvidence(serverDetails *coreConfi erc.ctx.GetStringFlagValue(key), erc.ctx.GetStringFlagValue(keyId), erc.ctx.GetStringFlagValue(project), - erc.ctx.GetStringFlagValue(releaseBundle)) + erc.ctx.GetStringFlagValue(releaseBundle), + erc.ctx.GetStringFlagValue(releaseBundleVersion)) return erc.execute(createCmd) } + +func (erc *evidenceReleaseBundleCommand) validateEvidenceReleaseBundleContext(c *components.Context) error { + if !c.IsFlagSet(releaseBundleVersion) || assertValueProvided(c, releaseBundleVersion) != nil { + return errorutils.CheckErrorf("'releaseBundleVersion' is a mandatory field for creating a Release Bundle evidence: --%s", releaseBundleVersion) + } + return nil +} diff --git a/evidence/cli/flags.go b/evidence/cli/flags.go index 0cf036f..5bcbfaa 100644 --- a/evidence/cli/flags.go +++ b/evidence/cli/flags.go @@ -20,16 +20,19 @@ const ( project = "project" // RLM flags keys - releaseBundle = "release-bundle" - build = "build" + releaseBundle = "release-bundle" + releaseBundleVersion = "release-bundle-version" + buildName = "build-name" + buildNumber = "build-number" // Unique evidence flags - evidencePrefix = "evd-" - predicate = "predicate" - predicateType = "predicate-type" - repoPath = "repo-path" - key = "key" - keyId = "key-name" + evidencePrefix = "evd-" + predicate = "predicate" + predicateType = "predicate-type" + subjectRepoPath = "subject-repo-path" + subjectSha256 = "subject-sha256" + key = "key" + keyId = "key-name" ) // Flag keys mapped to their corresponding components.Flag definition. @@ -42,19 +45,37 @@ var flagsMap = map[string]components.Flag{ accessToken: components.NewStringFlag(accessToken, "JFrog access token.", func(f *components.StringFlag) { f.Mandatory = false }), project: components.NewStringFlag(project, "Project key associated with the created evidence.", func(f *components.StringFlag) { f.Mandatory = false }), - releaseBundle: components.NewStringFlag(releaseBundle, "Release Bundle name and version. Format: :", func(f *components.StringFlag) { f.Mandatory = false }), - build: components.NewStringFlag(build, "Build name and number. Format: :", func(f *components.StringFlag) { f.Mandatory = false }), + releaseBundle: components.NewStringFlag(releaseBundle, "Release Bundle name.", func(f *components.StringFlag) { f.Mandatory = false }), + releaseBundleVersion: components.NewStringFlag(releaseBundleVersion, "Release Bundle version.", func(f *components.StringFlag) { f.Mandatory = false }), + buildName: components.NewStringFlag(buildName, "Build name.", func(f *components.StringFlag) { f.Mandatory = false }), + buildNumber: components.NewStringFlag(buildNumber, "Build number.", func(f *components.StringFlag) { f.Mandatory = false }), - predicate: components.NewStringFlag(predicate, "Path to the predicate, arbitrary JSON.", func(f *components.StringFlag) { f.Mandatory = true }), - predicateType: components.NewStringFlag(predicateType, "Type of the predicate.", func(f *components.StringFlag) { f.Mandatory = true }), - repoPath: components.NewStringFlag(repoPath, "Full path to some artifact' location.", func(f *components.StringFlag) { f.Mandatory = false }), - key: components.NewStringFlag(key, "Path to a private key that will sign the DSSE. Supported keys: 'ecdsa','rsa' and 'ed25519'.", func(f *components.StringFlag) { f.Mandatory = true }), - keyId: components.NewStringFlag(keyId, "KeyId", func(f *components.StringFlag) { f.Mandatory = false }), + predicate: components.NewStringFlag(predicate, "Path to the predicate, arbitrary JSON.", func(f *components.StringFlag) { f.Mandatory = true }), + predicateType: components.NewStringFlag(predicateType, "Type of the predicate.", func(f *components.StringFlag) { f.Mandatory = true }), + subjectRepoPath: components.NewStringFlag(subjectRepoPath, "Full path to some subject' location.", func(f *components.StringFlag) { f.Mandatory = false }), + subjectSha256: components.NewStringFlag(subjectSha256, "subject checksum sha256.", func(f *components.StringFlag) { f.Mandatory = false }), + key: components.NewStringFlag(key, "Path to a private key that will sign the DSSE. Supported keys: 'ecdsa','rsa' and 'ed25519'.", func(f *components.StringFlag) { f.Mandatory = true }), + keyId: components.NewStringFlag(keyId, "KeyId", func(f *components.StringFlag) { f.Mandatory = false }), } var commandFlags = map[string][]string{ CreateEvidence: { - url, user, password, accessToken, ServerId, project, releaseBundle, build, predicate, predicateType, repoPath, key, keyId, + url, + user, + password, + accessToken, + ServerId, + project, + releaseBundle, + releaseBundleVersion, + buildName, + buildNumber, + predicate, + predicateType, + subjectRepoPath, + subjectSha256, + key, + keyId, }, } diff --git a/evidence/cli/utils.go b/evidence/cli/utils.go index f1ce84c..6219f4d 100644 --- a/evidence/cli/utils.go +++ b/evidence/cli/utils.go @@ -9,7 +9,7 @@ func exec(command commands.Command) error { } var subjectTypes = []string{ - repoPath, + subjectRepoPath, releaseBundle, - build, + buildName, } diff --git a/evidence/create_base.go b/evidence/create_base.go index c2c5910..4004b7c 100644 --- a/evidence/create_base.go +++ b/evidence/create_base.go @@ -26,8 +26,8 @@ type createEvidenceBase struct { keyId string } -func (c *createEvidenceBase) createEnvelope(subject string) ([]byte, error) { - statementJson, err := c.buildIntotoStatementJson(subject) +func (c *createEvidenceBase) createEnvelope(subject, subjectSha256 string) ([]byte, error) { + statementJson, err := c.buildIntotoStatementJson(subject, subjectSha256) if err != nil { return nil, err } @@ -45,7 +45,7 @@ func (c *createEvidenceBase) createEnvelope(subject string) ([]byte, error) { return envelopeBytes, nil } -func (c *createEvidenceBase) buildIntotoStatementJson(subject string) ([]byte, error) { +func (c *createEvidenceBase) buildIntotoStatementJson(subject, subjectSha256 string) ([]byte, error) { predicate, err := os.ReadFile(c.predicateFilePath) if err != nil { log.Warn(fmt.Sprintf("failed to read predicate file '%s'", predicate)) @@ -58,7 +58,7 @@ func (c *createEvidenceBase) buildIntotoStatementJson(subject string) ([]byte, e } statement := intoto.NewStatement(predicate, c.predicateType, c.serverDetails.User) - err = statement.SetSubject(artifactoryClient, subject) + err = statement.SetSubject(artifactoryClient, subject, subjectSha256) if err != nil { return nil, err } diff --git a/evidence/create_build.go b/evidence/create_build.go index fd60cc2..ee88ef7 100644 --- a/evidence/create_build.go +++ b/evidence/create_build.go @@ -9,17 +9,17 @@ import ( "github.com/jfrog/jfrog-client-go/artifactory/services" "github.com/jfrog/jfrog-client-go/utils/errorutils" "github.com/jfrog/jfrog-client-go/utils/log" - "strings" ) type createEvidenceBuild struct { createEvidenceBase - project string - build string + project string + buildName string + buildNumber string } func NewCreateEvidenceBuild(serverDetails *coreConfig.ServerDetails, - predicateFilePath, predicateType, key, keyId, project, build string) Command { + predicateFilePath, predicateType, key, keyId, project, buildName, buildNumber string) Command { return &createEvidenceBuild{ createEvidenceBase: createEvidenceBase{ serverDetails: serverDetails, @@ -28,13 +28,14 @@ func NewCreateEvidenceBuild(serverDetails *coreConfig.ServerDetails, key: key, keyId: keyId, }, - project: project, - build: build, + project: project, + buildName: buildName, + buildNumber: buildNumber, } } func (c *createEvidenceBuild) CommandName() string { - return "create-build-evidence" + return "create-buildName-evidence" } func (c *createEvidenceBuild) ServerDetails() (*config.ServerDetails, error) { @@ -47,11 +48,11 @@ func (c *createEvidenceBuild) Run() error { log.Error("failed to create Artifactory client", err) return err } - subject, err := c.buildBuildInfoSubjectPath(artifactoryClient) + subject, sha256, err := c.buildBuildInfoSubjectPath(artifactoryClient) if err != nil { return err } - envelope, err := c.createEnvelope(subject) + envelope, err := c.createEnvelope(subject, sha256) if err != nil { return err } @@ -63,26 +64,19 @@ func (c *createEvidenceBuild) Run() error { return nil } -func (c *createEvidenceBuild) buildBuildInfoSubjectPath(artifactoryClient artifactory.ArtifactoryServicesManager) (string, error) { - build := strings.Split(c.build, ":") - if len(build) != 2 { - return "", fmt.Errorf("invalid build format. expected format is :") - } - name := build[0] - number := build[1] - - timestamp, err := getBuildLatestTimestamp(name, number, c.project, artifactoryClient) +func (c *createEvidenceBuild) buildBuildInfoSubjectPath(artifactoryClient artifactory.ArtifactoryServicesManager) (string, string, error) { + timestamp, err := getBuildLatestTimestamp(c.buildName, c.buildNumber, c.project, artifactoryClient) if err != nil { - return "", err + return "", "", err } repoKey := buildBuildInfoRepoKey(c.project) - buildInfoPath := buildBuildInfoPath(repoKey, name, number, timestamp) + buildInfoPath := buildBuildInfoPath(repoKey, c.buildName, c.buildNumber, timestamp) buildInfoChecksum, err := getBuildInfoPathChecksum(buildInfoPath, artifactoryClient) if err != nil { - return "", err + return "", "", err } - return buildInfoPath + "@" + buildInfoChecksum, nil + return buildInfoPath, buildInfoChecksum, nil } func getBuildLatestTimestamp(name string, number string, project string, artifactoryClient artifactory.ArtifactoryServicesManager) (string, error) { @@ -96,7 +90,7 @@ func getBuildLatestTimestamp(name string, number string, project string, artifac return "", err } if !ok { - errorMessage := fmt.Sprintf("failed to find build, name:%s, number:%s, project: %s", name, number, project) + errorMessage := fmt.Sprintf("failed to find buildName, name:%s, number:%s, project: %s", name, number, project) return "", errorutils.CheckErrorf(errorMessage) } timestamp, err := utils.ParseIsoTimestamp(res.BuildInfo.Started) @@ -121,7 +115,7 @@ func buildBuildInfoPath(repoKey string, name string, number string, timestamp st func getBuildInfoPathChecksum(buildInfoPath string, artifactoryClient artifactory.ArtifactoryServicesManager) (string, error) { res, err := artifactoryClient.FileInfo(buildInfoPath) if err != nil { - log.Warn(fmt.Sprintf("build info json path '%s' does not exist.", buildInfoPath)) + log.Warn(fmt.Sprintf("buildName info json path '%s' does not exist.", buildInfoPath)) return "", err } return res.Checksums.Sha256, nil diff --git a/evidence/create_build_test.go b/evidence/create_build_test.go index 3b39f77..ff26065 100644 --- a/evidence/create_build_test.go +++ b/evidence/create_build_test.go @@ -40,49 +40,51 @@ func (m *mockArtifactoryServicesManagerBuild) GetBuildInfo(services.BuildInfoPar func TestBuildInfo(t *testing.T) { tests := []struct { - name string - project string - build string - expectedPath string - expectError bool + name string + project string + buildName string + buildNumber string + expectedPath string + expectedChecksum string + expectError bool }{ { - name: "Valid build with project", - project: "myProject", - build: "buildName:1", - expectedPath: "myProject-build-info/buildName/1-1705529045000.json@dummy_sha256", - expectError: false, + name: "Valid buildName with project", + project: "myProject", + buildName: "buildName", + buildNumber: "1", + expectedPath: "myProject-buildName-info/buildName/1-1705529045000.json", + expectedChecksum: "dummy_sha256", + expectError: false, }, { - name: "Valid build default project", - project: "default", - build: "buildName:1", - expectedPath: "artifactory-build-info/buildName/1-1705529045000.json@dummy_sha256", - expectError: false, - }, - { - name: "Invalid build format", - project: "myProject", - build: "buildName-1", - expectedPath: "", - expectError: true, + name: "Valid buildName default project", + project: "default", + buildName: "buildName", + buildNumber: "1", + expectedPath: "artifactory-buildName-info/buildName/1-1705529045000.json", + expectedChecksum: "dummy_sha256", + expectError: false, }, } for _, tt := range tests { t.Run(tt.name, func(t *testing.T) { c := &createEvidenceBuild{ - project: tt.project, - build: tt.build, + project: tt.project, + buildName: tt.buildName, + buildNumber: tt.buildNumber, } aa := &mockArtifactoryServicesManagerBuild{} - path, err := c.buildBuildInfoSubjectPath(aa) + path, sha256, err := c.buildBuildInfoSubjectPath(aa) if tt.expectError { assert.Error(t, err) assert.Empty(t, path) + assert.Empty(t, sha256) } else { assert.NoError(t, err) assert.Equal(t, tt.expectedPath, path) + assert.Equal(t, tt.expectedChecksum, sha256) } }) } diff --git a/evidence/create_custom.go b/evidence/create_custom.go index 1629c8f..68b9b64 100644 --- a/evidence/create_custom.go +++ b/evidence/create_custom.go @@ -7,11 +7,12 @@ import ( type createEvidenceCustom struct { createEvidenceBase - repoPath string + subjectRepoPath string + subjectSha256 string } -func NewCreateEvidenceCustom(serverDetails *coreConfig.ServerDetails, predicateFilePath string, predicateType string, key string, keyId string, - repoPath string) Command { +func NewCreateEvidenceCustom(serverDetails *coreConfig.ServerDetails, predicateFilePath, predicateType, key, keyId, subjectRepoPath, + subjectSha256 string) Command { return &createEvidenceCustom{ createEvidenceBase: createEvidenceBase{ serverDetails: serverDetails, @@ -20,7 +21,8 @@ func NewCreateEvidenceCustom(serverDetails *coreConfig.ServerDetails, predicateF key: key, keyId: keyId, }, - repoPath: repoPath, + subjectRepoPath: subjectRepoPath, + subjectSha256: subjectSha256, } } @@ -33,11 +35,11 @@ func (c *createEvidenceCustom) ServerDetails() (*config.ServerDetails, error) { } func (c *createEvidenceCustom) Run() error { - envelope, err := c.createEnvelope(c.repoPath) + envelope, err := c.createEnvelope(c.subjectRepoPath, c.subjectSha256) if err != nil { return err } - err = c.uploadEvidence(envelope, c.repoPath) + err = c.uploadEvidence(envelope, c.subjectRepoPath) if err != nil { return err } diff --git a/evidence/create_release_bundle.go b/evidence/create_release_bundle.go index e2fb230..8a5101b 100644 --- a/evidence/create_release_bundle.go +++ b/evidence/create_release_bundle.go @@ -6,17 +6,17 @@ import ( coreConfig "github.com/jfrog/jfrog-cli-core/v2/utils/config" "github.com/jfrog/jfrog-client-go/artifactory" "github.com/jfrog/jfrog-client-go/utils/log" - "strings" ) type createEvidenceReleaseBundle struct { createEvidenceBase - project string - releaseBundle string + project string + releaseBundle string + releaseBundleVersion string } -func NewCreateEvidenceReleaseBundle(serverDetails *coreConfig.ServerDetails, predicateFilePath string, predicateType string, key string, keyId string, - project string, releaseBundle string) Command { +func NewCreateEvidenceReleaseBundle(serverDetails *coreConfig.ServerDetails, predicateFilePath, predicateType, key, keyId, project, releaseBundle, + releaseBundleVersion string) Command { return &createEvidenceReleaseBundle{ createEvidenceBase: createEvidenceBase{ serverDetails: serverDetails, @@ -25,8 +25,9 @@ func NewCreateEvidenceReleaseBundle(serverDetails *coreConfig.ServerDetails, pre key: key, keyId: keyId, }, - project: project, - releaseBundle: releaseBundle, + project: project, + releaseBundle: releaseBundle, + releaseBundleVersion: releaseBundleVersion, } } @@ -44,11 +45,11 @@ func (c *createEvidenceReleaseBundle) Run() error { log.Error("failed to create Artifactory client", err) return err } - subject, err := c.buildReleaseBundleSubjectPath(artifactoryClient) + subject, sha256, err := c.buildReleaseBundleSubjectPath(artifactoryClient) if err != nil { return err } - envelope, err := c.createEnvelope(subject) + envelope, err := c.createEnvelope(subject, sha256) if err != nil { return err } @@ -60,22 +61,16 @@ func (c *createEvidenceReleaseBundle) Run() error { return nil } -func (c *createEvidenceReleaseBundle) buildReleaseBundleSubjectPath(artifactoryClient artifactory.ArtifactoryServicesManager) (string, error) { - releaseBundle := strings.Split(c.releaseBundle, ":") - if len(releaseBundle) != 2 { - return "", fmt.Errorf("invalid release bundle format. expected format is :") - } - name := releaseBundle[0] - version := releaseBundle[1] +func (c *createEvidenceReleaseBundle) buildReleaseBundleSubjectPath(artifactoryClient artifactory.ArtifactoryServicesManager) (string, string, error) { repoKey := buildRepoKey(c.project) - manifestPath := buildManifestPath(repoKey, name, version) + manifestPath := buildManifestPath(repoKey, c.releaseBundle, c.releaseBundleVersion) manifestChecksum, err := getManifestPathChecksum(manifestPath, artifactoryClient) if err != nil { - return "", err + return "", "", err } - return manifestPath + "@" + manifestChecksum, nil + return manifestPath, manifestChecksum, nil } func buildRepoKey(project string) string { diff --git a/evidence/create_release_bundle_test.go b/evidence/create_release_bundle_test.go index 5653665..fa20f40 100644 --- a/evidence/create_release_bundle_test.go +++ b/evidence/create_release_bundle_test.go @@ -29,63 +29,60 @@ func (m *mockReleaseBundleArtifactoryServicesManager) FileInfo(relativePath stri func TestReleaseBundle(t *testing.T) { tests := []struct { - name string - project string - releaseBundle string - expectedPath string - expectError bool + name string + project string + releaseBundle string + releaseBundleVersion string + expectedPath string + expectedCheckSum string + expectError bool }{ { - name: "Valid release bundle with project", - project: "myProject", - releaseBundle: "bundleName:1.0.0", - expectedPath: "myProject-release-bundles-v2/bundleName/1.0.0/release-bundle.json.evd@dummy_sha256", - expectError: false, + name: "Valid release bundle with project", + project: "myProject", + releaseBundle: "bundleName", + releaseBundleVersion: "1.0.0", + expectedPath: "myProject-release-bundles-v2/bundleName/1.0.0/release-bundle.json.evd", + expectedCheckSum: "dummy_sha256", + expectError: false, }, { - name: "Valid release bundle default project", - project: "default", - releaseBundle: "bundleName:1.0.0", - expectedPath: "release-bundles-v2/bundleName/1.0.0/release-bundle.json.evd@dummy_sha256", - expectError: false, + name: "Valid release bundle default project", + project: "default", + releaseBundle: "bundleName", + releaseBundleVersion: "1.0.0", + expectedPath: "release-bundles-v2/bundleName/1.0.0/release-bundle.json.evd", + expectedCheckSum: "dummy_sha256", + expectError: false, }, { - name: "Valid release bundle empty project", - project: "default", - releaseBundle: "bundleName:1.0.0", - expectedPath: "release-bundles-v2/bundleName/1.0.0/release-bundle.json.evd@dummy_sha256", - expectError: false, - }, - { - name: "Invalid release bundle format 1", - project: "myProject", - releaseBundle: "bundleName:1.0.0:111", - expectedPath: "", - expectError: true, - }, - { - name: "Invalid release bundle format 2", - project: "myProject", - releaseBundle: "bundleName111", - expectedPath: "", - expectError: true, + name: "Valid release bundle empty project", + project: "default", + releaseBundle: "bundleName", + releaseBundleVersion: "1.0.0", + expectedPath: "release-bundles-v2/bundleName/1.0.0/release-bundle.json.evd", + expectedCheckSum: "dummy_sha256", + expectError: false, }, } for _, tt := range tests { t.Run(tt.name, func(t *testing.T) { c := &createEvidenceReleaseBundle{ - project: tt.project, - releaseBundle: tt.releaseBundle, + project: tt.project, + releaseBundle: tt.releaseBundle, + releaseBundleVersion: tt.releaseBundleVersion, } aa := &mockReleaseBundleArtifactoryServicesManager{} - path, err := c.buildReleaseBundleSubjectPath(aa) + path, sha256, err := c.buildReleaseBundleSubjectPath(aa) if tt.expectError { assert.Error(t, err) + assert.Empty(t, sha256) assert.Empty(t, path) } else { assert.NoError(t, err) assert.Equal(t, tt.expectedPath, path) + assert.Equal(t, tt.expectedCheckSum, sha256) } }) } diff --git a/evidence/intoto/intoto_statement_v1.go b/evidence/intoto/intoto_statement_v1.go index 1d888d7..bd0b6b2 100644 --- a/evidence/intoto/intoto_statement_v1.go +++ b/evidence/intoto/intoto_statement_v1.go @@ -3,7 +3,6 @@ package intoto import ( "encoding/json" "github.com/jfrog/jfrog-client-go/utils/errorutils" - "strings" "time" "github.com/jfrog/jfrog-client-go/artifactory" @@ -42,18 +41,13 @@ func NewStatement(predicate []byte, predicateType string, user string) *Statemen } } -func (s *Statement) SetSubject(servicesManager artifactory.ArtifactoryServicesManager, subject string) error { - subjectAndSha := strings.Split(subject, "@") +func (s *Statement) SetSubject(servicesManager artifactory.ArtifactoryServicesManager, subject, subjectSha256 string) error { s.Subject = make([]ResourceDescriptor, 1) - if len(subjectAndSha) > 1 { - s.Subject[0].Digest.Sha256 = subjectAndSha[1] - } - - res, err := servicesManager.FileInfo(subjectAndSha[0]) + res, err := servicesManager.FileInfo(subject) if err != nil { return err } - if s.Subject[0].Digest.Sha256 != "" && res.Checksums.Sha256 != s.Subject[0].Digest.Sha256 { + if res.Checksums.Sha256 != subjectSha256 { return errorutils.CheckErrorf("provided sha256 does not match the file's sha256") } s.Subject[0].Digest.Sha256 = res.Checksums.Sha256 From d903e1d07d6c5fc26bff6239163b7bce35cb5e52 Mon Sep 17 00:00:00 2001 From: osaidw Date: Sun, 4 Aug 2024 17:08:24 +0300 Subject: [PATCH 04/16] Revert "Evidence CLI - update fields names." This reverts commit bf36c53b89589eb2354cbfc961444e046f56c5d8. --- evidence/cli/command.go | 3 +- evidence/cli/command_build.go | 29 +++------- evidence/cli/command_controller.go | 16 +++--- evidence/cli/command_controller_test.go | 62 ++++----------------- evidence/cli/command_custom.go | 18 ++----- evidence/cli/command_relesae_bundle.go | 18 +------ evidence/cli/flags.go | 53 ++++++------------ evidence/cli/utils.go | 4 +- evidence/create_base.go | 8 +-- evidence/create_build.go | 42 ++++++++------- evidence/create_build_test.go | 52 +++++++++--------- evidence/create_custom.go | 14 +++-- evidence/create_release_bundle.go | 33 +++++++----- evidence/create_release_bundle_test.go | 71 +++++++++++++------------ evidence/intoto/intoto_statement_v1.go | 12 +++-- 15 files changed, 174 insertions(+), 261 deletions(-) diff --git a/evidence/cli/command.go b/evidence/cli/command.go index 68800a3..3e1b7fd 100644 --- a/evidence/cli/command.go +++ b/evidence/cli/command.go @@ -3,10 +3,9 @@ package cli //go:generate ${PROJECT_DIR}/scripts/mockgen.sh ${GOFILE} import ( - "github.com/jfrog/jfrog-cli-core/v2/plugins/components" coreConfig "github.com/jfrog/jfrog-cli-core/v2/utils/config" ) type EvidenceCommands interface { - CreateEvidence(ctx *components.Context, serverDetails *coreConfig.ServerDetails) error + CreateEvidence(*coreConfig.ServerDetails) error } diff --git a/evidence/cli/command_build.go b/evidence/cli/command_build.go index dc7f893..b7742f1 100644 --- a/evidence/cli/command_build.go +++ b/evidence/cli/command_build.go @@ -4,7 +4,6 @@ import ( "github.com/jfrog/jfrog-cli-artifactory/evidence" "github.com/jfrog/jfrog-cli-core/v2/plugins/components" coreConfig "github.com/jfrog/jfrog-cli-core/v2/utils/config" - "github.com/jfrog/jfrog-client-go/utils/errorutils" ) type evidenceBuildCommand struct { @@ -19,26 +18,14 @@ func NewEvidenceBuildCommand(ctx *components.Context, execute execCommandFunc) E } } -func (ebc *evidenceBuildCommand) CreateEvidence(ctx *components.Context, serverDetails *coreConfig.ServerDetails) error { - err := ebc.validateEvidenceBuildContext(ctx) - if err != nil { - return err - } - +func (erc *evidenceBuildCommand) CreateEvidence(serverDetails *coreConfig.ServerDetails) error { createCmd := evidence.NewCreateEvidenceBuild( serverDetails, - ebc.ctx.GetStringFlagValue(predicate), - ebc.ctx.GetStringFlagValue(predicateType), - ebc.ctx.GetStringFlagValue(key), - ebc.ctx.GetStringFlagValue(keyId), - ebc.ctx.GetStringFlagValue(project), - ebc.ctx.GetStringFlagValue(buildName), - ebc.ctx.GetStringFlagValue(buildNumber)) - return ebc.execute(createCmd) -} -func (ebc *evidenceBuildCommand) validateEvidenceBuildContext(c *components.Context) error { - if !c.IsFlagSet(buildNumber) || assertValueProvided(c, buildNumber) != nil { - return errorutils.CheckErrorf("'buildNumber' is a mandatory field for creating a Release Bundle evidence: --%s", buildNumber) - } - return nil + erc.ctx.GetStringFlagValue(predicate), + erc.ctx.GetStringFlagValue(predicateType), + erc.ctx.GetStringFlagValue(key), + erc.ctx.GetStringFlagValue(keyId), + erc.ctx.GetStringFlagValue(project), + erc.ctx.GetStringFlagValue(build)) + return erc.execute(createCmd) } diff --git a/evidence/cli/command_controller.go b/evidence/cli/command_controller.go index d30aeee..fee5a7b 100644 --- a/evidence/cli/command_controller.go +++ b/evidence/cli/command_controller.go @@ -31,7 +31,7 @@ var execFunc = func(command commands.Command) error { } func createEvidence(c *components.Context) error { - if err := validateCreateEvidenceCommonContext(c); err != nil { + if err := validateCreateEvidenceContext(c); err != nil { return err } subject, err := getAndValidateSubject(c) @@ -45,20 +45,20 @@ func createEvidence(c *components.Context) error { var command EvidenceCommands switch subject { - case subjectRepoPath: + case repoPath: command = NewEvidenceCustomCommand(c, execFunc) case releaseBundle: command = NewEvidenceReleaseBundleCommand(c, execFunc) - case buildName: + case build: command = NewEvidenceBuildCommand(c, execFunc) default: return errors.New("unsupported subject") } - return command.CreateEvidence(c, serverDetails) + return command.CreateEvidence(serverDetails) } -func validateCreateEvidenceCommonContext(c *components.Context) error { +func validateCreateEvidenceContext(c *components.Context) error { if show, err := pluginsCommon.ShowCmdHelpIfNeeded(c, c.Arguments); show || err != nil { return err } @@ -68,13 +68,13 @@ func validateCreateEvidenceCommonContext(c *components.Context) error { } if !c.IsFlagSet(predicate) || assertValueProvided(c, predicate) != nil { - return errorutils.CheckErrorf("'predicate' is a mandatory field for creating evidence: --%s", predicate) + return errorutils.CheckErrorf("'predicate' is a mandatory field for creating a custom evidence: --%s", predicate) } if !c.IsFlagSet(predicateType) || assertValueProvided(c, predicateType) != nil { - return errorutils.CheckErrorf("'predicate-type' is a mandatory field for creating evidence: --%s", predicateType) + return errorutils.CheckErrorf("'predicate-type' is a mandatory field for creating a custom evidence: --%s", predicateType) } if !c.IsFlagSet(key) || assertValueProvided(c, key) != nil { - return errorutils.CheckErrorf("'key' is a mandatory field for creating evidence: --%s", key) + return errorutils.CheckErrorf("'key' is a mandatory field for creating a custom evidence: --%s", key) } return nil } diff --git a/evidence/cli/command_controller_test.go b/evidence/cli/command_controller_test.go index 6baff90..fd6c3c3 100644 --- a/evidence/cli/command_controller_test.go +++ b/evidence/cli/command_controller_test.go @@ -22,32 +22,27 @@ func TestCreateEvidence_Context(t *testing.T) { }{ { name: "InvalidContext - Missing Subject", - context: createCustomContext("somePredicate", "InToto", "PGP", "", ""), + context: createContext("somePredicate", "InToto", "PGP", "", ""), expectErr: true, }, { name: "InvalidContext - Missing Predicate", - context: createCustomContext("", "InToto", "PGP", "someBundle", ""), + context: createContext("", "InToto", "PGP", "someBundle", ""), expectErr: true, }, { name: "InvalidContext - Subject Duplication", - context: createCustomAndRBContext("somePredicate", "InToto", "PGP", "someBundle", "1.0.0", "rb", "rbv"), + context: createContext("somePredicate", "InToto", "PGP", "someBundle", "path"), expectErr: true, }, { name: "ValidContext - ReleaseBundle", - context: createRBContext("somePredicate", "InToto", "PGP", "someBundle:1", "1.0.0"), + context: createContext("somePredicate", "InToto", "PGP", "someBundle:1", ""), expectErr: false, }, { name: "ValidContext - RepoPath", - context: createCustomContext("somePredicate", "InToto", "PGP", "path", "sha256"), - expectErr: false, - }, - { - name: "ValidContext - Build", - context: createBuildContext("somePredicate", "InToto", "PGP", "name", "number"), + context: createContext("somePredicate", "InToto", "PGP", "", "path"), expectErr: false, }, } @@ -72,52 +67,15 @@ func TestCreateEvidence_Context(t *testing.T) { } } -func createCommonContext(ctx *components.Context, _predicate, _predicateType, _key string) *components.Context { - setStringFlagValue(ctx, predicate, _predicate) - setStringFlagValue(ctx, predicateType, _predicateType) - setStringFlagValue(ctx, key, _key) - return ctx -} - -func createCustomAndRBContext(_predicate, _predicateType, _key, repoPath, sha256, rb, rbv string) *components.Context { +func createContext(predicate string, predicateType string, key string, rb string, repoPath string) *components.Context { ctx := &components.Context{ Arguments: []string{}, } - createCommonContext(ctx, _predicate, _predicateType, _key) - setStringFlagValue(ctx, subjectRepoPath, repoPath) - setStringFlagValue(ctx, subjectSha256, sha256) + setStringFlagValue(ctx, predicate, predicate) + setStringFlagValue(ctx, predicateType, predicateType) + setStringFlagValue(ctx, key, key) + setStringFlagValue(ctx, repoPath, repoPath) setStringFlagValue(ctx, releaseBundle, rb) - setStringFlagValue(ctx, releaseBundleVersion, rbv) - return ctx -} - -func createCustomContext(_predicate, _predicateType, _key, repoPath, sha256 string) *components.Context { - ctx := &components.Context{ - Arguments: []string{}, - } - createCommonContext(ctx, _predicate, _predicateType, _key) - setStringFlagValue(ctx, subjectRepoPath, repoPath) - setStringFlagValue(ctx, subjectSha256, sha256) - return ctx -} - -func createRBContext(_predicate, _predicateType, _key, rb, rbv string) *components.Context { - ctx := &components.Context{ - Arguments: []string{}, - } - createCommonContext(ctx, _predicate, _predicateType, _key) - setStringFlagValue(ctx, releaseBundle, rb) - setStringFlagValue(ctx, releaseBundleVersion, rbv) - return ctx -} - -func createBuildContext(_predicate, _predicateType, _key, _buildName, _buildNumber string) *components.Context { - ctx := &components.Context{ - Arguments: []string{}, - } - createCommonContext(ctx, _predicate, _predicateType, _key) - setStringFlagValue(ctx, buildName, _buildName) - setStringFlagValue(ctx, buildNumber, _buildNumber) return ctx } diff --git a/evidence/cli/command_custom.go b/evidence/cli/command_custom.go index ec4c0c7..6a22566 100644 --- a/evidence/cli/command_custom.go +++ b/evidence/cli/command_custom.go @@ -4,7 +4,6 @@ import ( "github.com/jfrog/jfrog-cli-artifactory/evidence" "github.com/jfrog/jfrog-cli-core/v2/plugins/components" coreConfig "github.com/jfrog/jfrog-cli-core/v2/utils/config" - "github.com/jfrog/jfrog-client-go/utils/errorutils" ) type evidenceCustomCommand struct { @@ -18,25 +17,14 @@ func NewEvidenceCustomCommand(ctx *components.Context, execute execCommandFunc) execute: execute, } } -func (ecc *evidenceCustomCommand) CreateEvidence(ctx *components.Context, serverDetails *coreConfig.ServerDetails) error { - err := ecc.validateEvidenceCustomContext(ctx) - if err != nil { - return err - } + +func (ecc *evidenceCustomCommand) CreateEvidence(serverDetails *coreConfig.ServerDetails) error { createCmd := evidence.NewCreateEvidenceCustom( serverDetails, ecc.ctx.GetStringFlagValue(predicate), ecc.ctx.GetStringFlagValue(predicateType), ecc.ctx.GetStringFlagValue(key), ecc.ctx.GetStringFlagValue(keyId), - ecc.ctx.GetStringFlagValue(subjectRepoPath), - ecc.ctx.GetStringFlagValue(subjectSha256)) + ecc.ctx.GetStringFlagValue(repoPath)) return ecc.execute(createCmd) } - -func (ecc *evidenceCustomCommand) validateEvidenceCustomContext(c *components.Context) error { - if !c.IsFlagSet(subjectSha256) || assertValueProvided(c, subjectSha256) != nil { - return errorutils.CheckErrorf("'subject-sha256' is a mandatory field for creating a custom evidence: --%s", subjectSha256) - } - return nil -} diff --git a/evidence/cli/command_relesae_bundle.go b/evidence/cli/command_relesae_bundle.go index aaa1140..464bd7e 100644 --- a/evidence/cli/command_relesae_bundle.go +++ b/evidence/cli/command_relesae_bundle.go @@ -4,7 +4,6 @@ import ( "github.com/jfrog/jfrog-cli-artifactory/evidence" "github.com/jfrog/jfrog-cli-core/v2/plugins/components" coreConfig "github.com/jfrog/jfrog-cli-core/v2/utils/config" - "github.com/jfrog/jfrog-client-go/utils/errorutils" ) type evidenceReleaseBundleCommand struct { @@ -19,12 +18,7 @@ func NewEvidenceReleaseBundleCommand(ctx *components.Context, execute execComman } } -func (erc *evidenceReleaseBundleCommand) CreateEvidence(ctx *components.Context, serverDetails *coreConfig.ServerDetails) error { - err := erc.validateEvidenceReleaseBundleContext(ctx) - if err != nil { - return err - } - +func (erc *evidenceReleaseBundleCommand) CreateEvidence(serverDetails *coreConfig.ServerDetails) error { createCmd := evidence.NewCreateEvidenceReleaseBundle( serverDetails, erc.ctx.GetStringFlagValue(predicate), @@ -32,14 +26,6 @@ func (erc *evidenceReleaseBundleCommand) CreateEvidence(ctx *components.Context, erc.ctx.GetStringFlagValue(key), erc.ctx.GetStringFlagValue(keyId), erc.ctx.GetStringFlagValue(project), - erc.ctx.GetStringFlagValue(releaseBundle), - erc.ctx.GetStringFlagValue(releaseBundleVersion)) + erc.ctx.GetStringFlagValue(releaseBundle)) return erc.execute(createCmd) } - -func (erc *evidenceReleaseBundleCommand) validateEvidenceReleaseBundleContext(c *components.Context) error { - if !c.IsFlagSet(releaseBundleVersion) || assertValueProvided(c, releaseBundleVersion) != nil { - return errorutils.CheckErrorf("'releaseBundleVersion' is a mandatory field for creating a Release Bundle evidence: --%s", releaseBundleVersion) - } - return nil -} diff --git a/evidence/cli/flags.go b/evidence/cli/flags.go index 5bcbfaa..0cf036f 100644 --- a/evidence/cli/flags.go +++ b/evidence/cli/flags.go @@ -20,19 +20,16 @@ const ( project = "project" // RLM flags keys - releaseBundle = "release-bundle" - releaseBundleVersion = "release-bundle-version" - buildName = "build-name" - buildNumber = "build-number" + releaseBundle = "release-bundle" + build = "build" // Unique evidence flags - evidencePrefix = "evd-" - predicate = "predicate" - predicateType = "predicate-type" - subjectRepoPath = "subject-repo-path" - subjectSha256 = "subject-sha256" - key = "key" - keyId = "key-name" + evidencePrefix = "evd-" + predicate = "predicate" + predicateType = "predicate-type" + repoPath = "repo-path" + key = "key" + keyId = "key-name" ) // Flag keys mapped to their corresponding components.Flag definition. @@ -45,37 +42,19 @@ var flagsMap = map[string]components.Flag{ accessToken: components.NewStringFlag(accessToken, "JFrog access token.", func(f *components.StringFlag) { f.Mandatory = false }), project: components.NewStringFlag(project, "Project key associated with the created evidence.", func(f *components.StringFlag) { f.Mandatory = false }), - releaseBundle: components.NewStringFlag(releaseBundle, "Release Bundle name.", func(f *components.StringFlag) { f.Mandatory = false }), - releaseBundleVersion: components.NewStringFlag(releaseBundleVersion, "Release Bundle version.", func(f *components.StringFlag) { f.Mandatory = false }), - buildName: components.NewStringFlag(buildName, "Build name.", func(f *components.StringFlag) { f.Mandatory = false }), - buildNumber: components.NewStringFlag(buildNumber, "Build number.", func(f *components.StringFlag) { f.Mandatory = false }), + releaseBundle: components.NewStringFlag(releaseBundle, "Release Bundle name and version. Format: :", func(f *components.StringFlag) { f.Mandatory = false }), + build: components.NewStringFlag(build, "Build name and number. Format: :", func(f *components.StringFlag) { f.Mandatory = false }), - predicate: components.NewStringFlag(predicate, "Path to the predicate, arbitrary JSON.", func(f *components.StringFlag) { f.Mandatory = true }), - predicateType: components.NewStringFlag(predicateType, "Type of the predicate.", func(f *components.StringFlag) { f.Mandatory = true }), - subjectRepoPath: components.NewStringFlag(subjectRepoPath, "Full path to some subject' location.", func(f *components.StringFlag) { f.Mandatory = false }), - subjectSha256: components.NewStringFlag(subjectSha256, "subject checksum sha256.", func(f *components.StringFlag) { f.Mandatory = false }), - key: components.NewStringFlag(key, "Path to a private key that will sign the DSSE. Supported keys: 'ecdsa','rsa' and 'ed25519'.", func(f *components.StringFlag) { f.Mandatory = true }), - keyId: components.NewStringFlag(keyId, "KeyId", func(f *components.StringFlag) { f.Mandatory = false }), + predicate: components.NewStringFlag(predicate, "Path to the predicate, arbitrary JSON.", func(f *components.StringFlag) { f.Mandatory = true }), + predicateType: components.NewStringFlag(predicateType, "Type of the predicate.", func(f *components.StringFlag) { f.Mandatory = true }), + repoPath: components.NewStringFlag(repoPath, "Full path to some artifact' location.", func(f *components.StringFlag) { f.Mandatory = false }), + key: components.NewStringFlag(key, "Path to a private key that will sign the DSSE. Supported keys: 'ecdsa','rsa' and 'ed25519'.", func(f *components.StringFlag) { f.Mandatory = true }), + keyId: components.NewStringFlag(keyId, "KeyId", func(f *components.StringFlag) { f.Mandatory = false }), } var commandFlags = map[string][]string{ CreateEvidence: { - url, - user, - password, - accessToken, - ServerId, - project, - releaseBundle, - releaseBundleVersion, - buildName, - buildNumber, - predicate, - predicateType, - subjectRepoPath, - subjectSha256, - key, - keyId, + url, user, password, accessToken, ServerId, project, releaseBundle, build, predicate, predicateType, repoPath, key, keyId, }, } diff --git a/evidence/cli/utils.go b/evidence/cli/utils.go index 6219f4d..f1ce84c 100644 --- a/evidence/cli/utils.go +++ b/evidence/cli/utils.go @@ -9,7 +9,7 @@ func exec(command commands.Command) error { } var subjectTypes = []string{ - subjectRepoPath, + repoPath, releaseBundle, - buildName, + build, } diff --git a/evidence/create_base.go b/evidence/create_base.go index 4004b7c..c2c5910 100644 --- a/evidence/create_base.go +++ b/evidence/create_base.go @@ -26,8 +26,8 @@ type createEvidenceBase struct { keyId string } -func (c *createEvidenceBase) createEnvelope(subject, subjectSha256 string) ([]byte, error) { - statementJson, err := c.buildIntotoStatementJson(subject, subjectSha256) +func (c *createEvidenceBase) createEnvelope(subject string) ([]byte, error) { + statementJson, err := c.buildIntotoStatementJson(subject) if err != nil { return nil, err } @@ -45,7 +45,7 @@ func (c *createEvidenceBase) createEnvelope(subject, subjectSha256 string) ([]by return envelopeBytes, nil } -func (c *createEvidenceBase) buildIntotoStatementJson(subject, subjectSha256 string) ([]byte, error) { +func (c *createEvidenceBase) buildIntotoStatementJson(subject string) ([]byte, error) { predicate, err := os.ReadFile(c.predicateFilePath) if err != nil { log.Warn(fmt.Sprintf("failed to read predicate file '%s'", predicate)) @@ -58,7 +58,7 @@ func (c *createEvidenceBase) buildIntotoStatementJson(subject, subjectSha256 str } statement := intoto.NewStatement(predicate, c.predicateType, c.serverDetails.User) - err = statement.SetSubject(artifactoryClient, subject, subjectSha256) + err = statement.SetSubject(artifactoryClient, subject) if err != nil { return nil, err } diff --git a/evidence/create_build.go b/evidence/create_build.go index ee88ef7..fd60cc2 100644 --- a/evidence/create_build.go +++ b/evidence/create_build.go @@ -9,17 +9,17 @@ import ( "github.com/jfrog/jfrog-client-go/artifactory/services" "github.com/jfrog/jfrog-client-go/utils/errorutils" "github.com/jfrog/jfrog-client-go/utils/log" + "strings" ) type createEvidenceBuild struct { createEvidenceBase - project string - buildName string - buildNumber string + project string + build string } func NewCreateEvidenceBuild(serverDetails *coreConfig.ServerDetails, - predicateFilePath, predicateType, key, keyId, project, buildName, buildNumber string) Command { + predicateFilePath, predicateType, key, keyId, project, build string) Command { return &createEvidenceBuild{ createEvidenceBase: createEvidenceBase{ serverDetails: serverDetails, @@ -28,14 +28,13 @@ func NewCreateEvidenceBuild(serverDetails *coreConfig.ServerDetails, key: key, keyId: keyId, }, - project: project, - buildName: buildName, - buildNumber: buildNumber, + project: project, + build: build, } } func (c *createEvidenceBuild) CommandName() string { - return "create-buildName-evidence" + return "create-build-evidence" } func (c *createEvidenceBuild) ServerDetails() (*config.ServerDetails, error) { @@ -48,11 +47,11 @@ func (c *createEvidenceBuild) Run() error { log.Error("failed to create Artifactory client", err) return err } - subject, sha256, err := c.buildBuildInfoSubjectPath(artifactoryClient) + subject, err := c.buildBuildInfoSubjectPath(artifactoryClient) if err != nil { return err } - envelope, err := c.createEnvelope(subject, sha256) + envelope, err := c.createEnvelope(subject) if err != nil { return err } @@ -64,19 +63,26 @@ func (c *createEvidenceBuild) Run() error { return nil } -func (c *createEvidenceBuild) buildBuildInfoSubjectPath(artifactoryClient artifactory.ArtifactoryServicesManager) (string, string, error) { - timestamp, err := getBuildLatestTimestamp(c.buildName, c.buildNumber, c.project, artifactoryClient) +func (c *createEvidenceBuild) buildBuildInfoSubjectPath(artifactoryClient artifactory.ArtifactoryServicesManager) (string, error) { + build := strings.Split(c.build, ":") + if len(build) != 2 { + return "", fmt.Errorf("invalid build format. expected format is :") + } + name := build[0] + number := build[1] + + timestamp, err := getBuildLatestTimestamp(name, number, c.project, artifactoryClient) if err != nil { - return "", "", err + return "", err } repoKey := buildBuildInfoRepoKey(c.project) - buildInfoPath := buildBuildInfoPath(repoKey, c.buildName, c.buildNumber, timestamp) + buildInfoPath := buildBuildInfoPath(repoKey, name, number, timestamp) buildInfoChecksum, err := getBuildInfoPathChecksum(buildInfoPath, artifactoryClient) if err != nil { - return "", "", err + return "", err } - return buildInfoPath, buildInfoChecksum, nil + return buildInfoPath + "@" + buildInfoChecksum, nil } func getBuildLatestTimestamp(name string, number string, project string, artifactoryClient artifactory.ArtifactoryServicesManager) (string, error) { @@ -90,7 +96,7 @@ func getBuildLatestTimestamp(name string, number string, project string, artifac return "", err } if !ok { - errorMessage := fmt.Sprintf("failed to find buildName, name:%s, number:%s, project: %s", name, number, project) + errorMessage := fmt.Sprintf("failed to find build, name:%s, number:%s, project: %s", name, number, project) return "", errorutils.CheckErrorf(errorMessage) } timestamp, err := utils.ParseIsoTimestamp(res.BuildInfo.Started) @@ -115,7 +121,7 @@ func buildBuildInfoPath(repoKey string, name string, number string, timestamp st func getBuildInfoPathChecksum(buildInfoPath string, artifactoryClient artifactory.ArtifactoryServicesManager) (string, error) { res, err := artifactoryClient.FileInfo(buildInfoPath) if err != nil { - log.Warn(fmt.Sprintf("buildName info json path '%s' does not exist.", buildInfoPath)) + log.Warn(fmt.Sprintf("build info json path '%s' does not exist.", buildInfoPath)) return "", err } return res.Checksums.Sha256, nil diff --git a/evidence/create_build_test.go b/evidence/create_build_test.go index ff26065..3b39f77 100644 --- a/evidence/create_build_test.go +++ b/evidence/create_build_test.go @@ -40,51 +40,49 @@ func (m *mockArtifactoryServicesManagerBuild) GetBuildInfo(services.BuildInfoPar func TestBuildInfo(t *testing.T) { tests := []struct { - name string - project string - buildName string - buildNumber string - expectedPath string - expectedChecksum string - expectError bool + name string + project string + build string + expectedPath string + expectError bool }{ { - name: "Valid buildName with project", - project: "myProject", - buildName: "buildName", - buildNumber: "1", - expectedPath: "myProject-buildName-info/buildName/1-1705529045000.json", - expectedChecksum: "dummy_sha256", - expectError: false, + name: "Valid build with project", + project: "myProject", + build: "buildName:1", + expectedPath: "myProject-build-info/buildName/1-1705529045000.json@dummy_sha256", + expectError: false, }, { - name: "Valid buildName default project", - project: "default", - buildName: "buildName", - buildNumber: "1", - expectedPath: "artifactory-buildName-info/buildName/1-1705529045000.json", - expectedChecksum: "dummy_sha256", - expectError: false, + name: "Valid build default project", + project: "default", + build: "buildName:1", + expectedPath: "artifactory-build-info/buildName/1-1705529045000.json@dummy_sha256", + expectError: false, + }, + { + name: "Invalid build format", + project: "myProject", + build: "buildName-1", + expectedPath: "", + expectError: true, }, } for _, tt := range tests { t.Run(tt.name, func(t *testing.T) { c := &createEvidenceBuild{ - project: tt.project, - buildName: tt.buildName, - buildNumber: tt.buildNumber, + project: tt.project, + build: tt.build, } aa := &mockArtifactoryServicesManagerBuild{} - path, sha256, err := c.buildBuildInfoSubjectPath(aa) + path, err := c.buildBuildInfoSubjectPath(aa) if tt.expectError { assert.Error(t, err) assert.Empty(t, path) - assert.Empty(t, sha256) } else { assert.NoError(t, err) assert.Equal(t, tt.expectedPath, path) - assert.Equal(t, tt.expectedChecksum, sha256) } }) } diff --git a/evidence/create_custom.go b/evidence/create_custom.go index 68b9b64..1629c8f 100644 --- a/evidence/create_custom.go +++ b/evidence/create_custom.go @@ -7,12 +7,11 @@ import ( type createEvidenceCustom struct { createEvidenceBase - subjectRepoPath string - subjectSha256 string + repoPath string } -func NewCreateEvidenceCustom(serverDetails *coreConfig.ServerDetails, predicateFilePath, predicateType, key, keyId, subjectRepoPath, - subjectSha256 string) Command { +func NewCreateEvidenceCustom(serverDetails *coreConfig.ServerDetails, predicateFilePath string, predicateType string, key string, keyId string, + repoPath string) Command { return &createEvidenceCustom{ createEvidenceBase: createEvidenceBase{ serverDetails: serverDetails, @@ -21,8 +20,7 @@ func NewCreateEvidenceCustom(serverDetails *coreConfig.ServerDetails, predicateF key: key, keyId: keyId, }, - subjectRepoPath: subjectRepoPath, - subjectSha256: subjectSha256, + repoPath: repoPath, } } @@ -35,11 +33,11 @@ func (c *createEvidenceCustom) ServerDetails() (*config.ServerDetails, error) { } func (c *createEvidenceCustom) Run() error { - envelope, err := c.createEnvelope(c.subjectRepoPath, c.subjectSha256) + envelope, err := c.createEnvelope(c.repoPath) if err != nil { return err } - err = c.uploadEvidence(envelope, c.subjectRepoPath) + err = c.uploadEvidence(envelope, c.repoPath) if err != nil { return err } diff --git a/evidence/create_release_bundle.go b/evidence/create_release_bundle.go index 8a5101b..e2fb230 100644 --- a/evidence/create_release_bundle.go +++ b/evidence/create_release_bundle.go @@ -6,17 +6,17 @@ import ( coreConfig "github.com/jfrog/jfrog-cli-core/v2/utils/config" "github.com/jfrog/jfrog-client-go/artifactory" "github.com/jfrog/jfrog-client-go/utils/log" + "strings" ) type createEvidenceReleaseBundle struct { createEvidenceBase - project string - releaseBundle string - releaseBundleVersion string + project string + releaseBundle string } -func NewCreateEvidenceReleaseBundle(serverDetails *coreConfig.ServerDetails, predicateFilePath, predicateType, key, keyId, project, releaseBundle, - releaseBundleVersion string) Command { +func NewCreateEvidenceReleaseBundle(serverDetails *coreConfig.ServerDetails, predicateFilePath string, predicateType string, key string, keyId string, + project string, releaseBundle string) Command { return &createEvidenceReleaseBundle{ createEvidenceBase: createEvidenceBase{ serverDetails: serverDetails, @@ -25,9 +25,8 @@ func NewCreateEvidenceReleaseBundle(serverDetails *coreConfig.ServerDetails, pre key: key, keyId: keyId, }, - project: project, - releaseBundle: releaseBundle, - releaseBundleVersion: releaseBundleVersion, + project: project, + releaseBundle: releaseBundle, } } @@ -45,11 +44,11 @@ func (c *createEvidenceReleaseBundle) Run() error { log.Error("failed to create Artifactory client", err) return err } - subject, sha256, err := c.buildReleaseBundleSubjectPath(artifactoryClient) + subject, err := c.buildReleaseBundleSubjectPath(artifactoryClient) if err != nil { return err } - envelope, err := c.createEnvelope(subject, sha256) + envelope, err := c.createEnvelope(subject) if err != nil { return err } @@ -61,16 +60,22 @@ func (c *createEvidenceReleaseBundle) Run() error { return nil } -func (c *createEvidenceReleaseBundle) buildReleaseBundleSubjectPath(artifactoryClient artifactory.ArtifactoryServicesManager) (string, string, error) { +func (c *createEvidenceReleaseBundle) buildReleaseBundleSubjectPath(artifactoryClient artifactory.ArtifactoryServicesManager) (string, error) { + releaseBundle := strings.Split(c.releaseBundle, ":") + if len(releaseBundle) != 2 { + return "", fmt.Errorf("invalid release bundle format. expected format is :") + } + name := releaseBundle[0] + version := releaseBundle[1] repoKey := buildRepoKey(c.project) - manifestPath := buildManifestPath(repoKey, c.releaseBundle, c.releaseBundleVersion) + manifestPath := buildManifestPath(repoKey, name, version) manifestChecksum, err := getManifestPathChecksum(manifestPath, artifactoryClient) if err != nil { - return "", "", err + return "", err } - return manifestPath, manifestChecksum, nil + return manifestPath + "@" + manifestChecksum, nil } func buildRepoKey(project string) string { diff --git a/evidence/create_release_bundle_test.go b/evidence/create_release_bundle_test.go index fa20f40..5653665 100644 --- a/evidence/create_release_bundle_test.go +++ b/evidence/create_release_bundle_test.go @@ -29,60 +29,63 @@ func (m *mockReleaseBundleArtifactoryServicesManager) FileInfo(relativePath stri func TestReleaseBundle(t *testing.T) { tests := []struct { - name string - project string - releaseBundle string - releaseBundleVersion string - expectedPath string - expectedCheckSum string - expectError bool + name string + project string + releaseBundle string + expectedPath string + expectError bool }{ { - name: "Valid release bundle with project", - project: "myProject", - releaseBundle: "bundleName", - releaseBundleVersion: "1.0.0", - expectedPath: "myProject-release-bundles-v2/bundleName/1.0.0/release-bundle.json.evd", - expectedCheckSum: "dummy_sha256", - expectError: false, + name: "Valid release bundle with project", + project: "myProject", + releaseBundle: "bundleName:1.0.0", + expectedPath: "myProject-release-bundles-v2/bundleName/1.0.0/release-bundle.json.evd@dummy_sha256", + expectError: false, }, { - name: "Valid release bundle default project", - project: "default", - releaseBundle: "bundleName", - releaseBundleVersion: "1.0.0", - expectedPath: "release-bundles-v2/bundleName/1.0.0/release-bundle.json.evd", - expectedCheckSum: "dummy_sha256", - expectError: false, + name: "Valid release bundle default project", + project: "default", + releaseBundle: "bundleName:1.0.0", + expectedPath: "release-bundles-v2/bundleName/1.0.0/release-bundle.json.evd@dummy_sha256", + expectError: false, }, { - name: "Valid release bundle empty project", - project: "default", - releaseBundle: "bundleName", - releaseBundleVersion: "1.0.0", - expectedPath: "release-bundles-v2/bundleName/1.0.0/release-bundle.json.evd", - expectedCheckSum: "dummy_sha256", - expectError: false, + name: "Valid release bundle empty project", + project: "default", + releaseBundle: "bundleName:1.0.0", + expectedPath: "release-bundles-v2/bundleName/1.0.0/release-bundle.json.evd@dummy_sha256", + expectError: false, + }, + { + name: "Invalid release bundle format 1", + project: "myProject", + releaseBundle: "bundleName:1.0.0:111", + expectedPath: "", + expectError: true, + }, + { + name: "Invalid release bundle format 2", + project: "myProject", + releaseBundle: "bundleName111", + expectedPath: "", + expectError: true, }, } for _, tt := range tests { t.Run(tt.name, func(t *testing.T) { c := &createEvidenceReleaseBundle{ - project: tt.project, - releaseBundle: tt.releaseBundle, - releaseBundleVersion: tt.releaseBundleVersion, + project: tt.project, + releaseBundle: tt.releaseBundle, } aa := &mockReleaseBundleArtifactoryServicesManager{} - path, sha256, err := c.buildReleaseBundleSubjectPath(aa) + path, err := c.buildReleaseBundleSubjectPath(aa) if tt.expectError { assert.Error(t, err) - assert.Empty(t, sha256) assert.Empty(t, path) } else { assert.NoError(t, err) assert.Equal(t, tt.expectedPath, path) - assert.Equal(t, tt.expectedCheckSum, sha256) } }) } diff --git a/evidence/intoto/intoto_statement_v1.go b/evidence/intoto/intoto_statement_v1.go index bd0b6b2..1d888d7 100644 --- a/evidence/intoto/intoto_statement_v1.go +++ b/evidence/intoto/intoto_statement_v1.go @@ -3,6 +3,7 @@ package intoto import ( "encoding/json" "github.com/jfrog/jfrog-client-go/utils/errorutils" + "strings" "time" "github.com/jfrog/jfrog-client-go/artifactory" @@ -41,13 +42,18 @@ func NewStatement(predicate []byte, predicateType string, user string) *Statemen } } -func (s *Statement) SetSubject(servicesManager artifactory.ArtifactoryServicesManager, subject, subjectSha256 string) error { +func (s *Statement) SetSubject(servicesManager artifactory.ArtifactoryServicesManager, subject string) error { + subjectAndSha := strings.Split(subject, "@") s.Subject = make([]ResourceDescriptor, 1) - res, err := servicesManager.FileInfo(subject) + if len(subjectAndSha) > 1 { + s.Subject[0].Digest.Sha256 = subjectAndSha[1] + } + + res, err := servicesManager.FileInfo(subjectAndSha[0]) if err != nil { return err } - if res.Checksums.Sha256 != subjectSha256 { + if s.Subject[0].Digest.Sha256 != "" && res.Checksums.Sha256 != s.Subject[0].Digest.Sha256 { return errorutils.CheckErrorf("provided sha256 does not match the file's sha256") } s.Subject[0].Digest.Sha256 = res.Checksums.Sha256 From dcfacf1fef7006d4f0ab0e1e89b25a5c753ce13a Mon Sep 17 00:00:00 2001 From: osaidw Date: Sun, 4 Aug 2024 17:15:19 +0300 Subject: [PATCH 05/16] Evidence CLI - update fields names --- evidence/cli/command.go | 3 +- evidence/cli/command_build.go | 29 +++++++--- evidence/cli/command_controller.go | 16 +++--- evidence/cli/command_controller_test.go | 62 +++++++++++++++++---- evidence/cli/command_custom.go | 18 +++++-- evidence/cli/command_relesae_bundle.go | 18 ++++++- evidence/cli/flags.go | 53 ++++++++++++------ evidence/cli/utils.go | 4 +- evidence/create_base.go | 8 +-- evidence/create_build.go | 42 +++++++-------- evidence/create_build_test.go | 52 +++++++++--------- evidence/create_custom.go | 14 ++--- evidence/create_release_bundle.go | 33 +++++------- evidence/create_release_bundle_test.go | 71 ++++++++++++------------- evidence/intoto/intoto_statement_v1.go | 12 ++--- 15 files changed, 261 insertions(+), 174 deletions(-) diff --git a/evidence/cli/command.go b/evidence/cli/command.go index 3e1b7fd..68800a3 100644 --- a/evidence/cli/command.go +++ b/evidence/cli/command.go @@ -3,9 +3,10 @@ package cli //go:generate ${PROJECT_DIR}/scripts/mockgen.sh ${GOFILE} import ( + "github.com/jfrog/jfrog-cli-core/v2/plugins/components" coreConfig "github.com/jfrog/jfrog-cli-core/v2/utils/config" ) type EvidenceCommands interface { - CreateEvidence(*coreConfig.ServerDetails) error + CreateEvidence(ctx *components.Context, serverDetails *coreConfig.ServerDetails) error } diff --git a/evidence/cli/command_build.go b/evidence/cli/command_build.go index b7742f1..dc7f893 100644 --- a/evidence/cli/command_build.go +++ b/evidence/cli/command_build.go @@ -4,6 +4,7 @@ import ( "github.com/jfrog/jfrog-cli-artifactory/evidence" "github.com/jfrog/jfrog-cli-core/v2/plugins/components" coreConfig "github.com/jfrog/jfrog-cli-core/v2/utils/config" + "github.com/jfrog/jfrog-client-go/utils/errorutils" ) type evidenceBuildCommand struct { @@ -18,14 +19,26 @@ func NewEvidenceBuildCommand(ctx *components.Context, execute execCommandFunc) E } } -func (erc *evidenceBuildCommand) CreateEvidence(serverDetails *coreConfig.ServerDetails) error { +func (ebc *evidenceBuildCommand) CreateEvidence(ctx *components.Context, serverDetails *coreConfig.ServerDetails) error { + err := ebc.validateEvidenceBuildContext(ctx) + if err != nil { + return err + } + createCmd := evidence.NewCreateEvidenceBuild( serverDetails, - erc.ctx.GetStringFlagValue(predicate), - erc.ctx.GetStringFlagValue(predicateType), - erc.ctx.GetStringFlagValue(key), - erc.ctx.GetStringFlagValue(keyId), - erc.ctx.GetStringFlagValue(project), - erc.ctx.GetStringFlagValue(build)) - return erc.execute(createCmd) + ebc.ctx.GetStringFlagValue(predicate), + ebc.ctx.GetStringFlagValue(predicateType), + ebc.ctx.GetStringFlagValue(key), + ebc.ctx.GetStringFlagValue(keyId), + ebc.ctx.GetStringFlagValue(project), + ebc.ctx.GetStringFlagValue(buildName), + ebc.ctx.GetStringFlagValue(buildNumber)) + return ebc.execute(createCmd) +} +func (ebc *evidenceBuildCommand) validateEvidenceBuildContext(c *components.Context) error { + if !c.IsFlagSet(buildNumber) || assertValueProvided(c, buildNumber) != nil { + return errorutils.CheckErrorf("'buildNumber' is a mandatory field for creating a Release Bundle evidence: --%s", buildNumber) + } + return nil } diff --git a/evidence/cli/command_controller.go b/evidence/cli/command_controller.go index fee5a7b..d30aeee 100644 --- a/evidence/cli/command_controller.go +++ b/evidence/cli/command_controller.go @@ -31,7 +31,7 @@ var execFunc = func(command commands.Command) error { } func createEvidence(c *components.Context) error { - if err := validateCreateEvidenceContext(c); err != nil { + if err := validateCreateEvidenceCommonContext(c); err != nil { return err } subject, err := getAndValidateSubject(c) @@ -45,20 +45,20 @@ func createEvidence(c *components.Context) error { var command EvidenceCommands switch subject { - case repoPath: + case subjectRepoPath: command = NewEvidenceCustomCommand(c, execFunc) case releaseBundle: command = NewEvidenceReleaseBundleCommand(c, execFunc) - case build: + case buildName: command = NewEvidenceBuildCommand(c, execFunc) default: return errors.New("unsupported subject") } - return command.CreateEvidence(serverDetails) + return command.CreateEvidence(c, serverDetails) } -func validateCreateEvidenceContext(c *components.Context) error { +func validateCreateEvidenceCommonContext(c *components.Context) error { if show, err := pluginsCommon.ShowCmdHelpIfNeeded(c, c.Arguments); show || err != nil { return err } @@ -68,13 +68,13 @@ func validateCreateEvidenceContext(c *components.Context) error { } if !c.IsFlagSet(predicate) || assertValueProvided(c, predicate) != nil { - return errorutils.CheckErrorf("'predicate' is a mandatory field for creating a custom evidence: --%s", predicate) + return errorutils.CheckErrorf("'predicate' is a mandatory field for creating evidence: --%s", predicate) } if !c.IsFlagSet(predicateType) || assertValueProvided(c, predicateType) != nil { - return errorutils.CheckErrorf("'predicate-type' is a mandatory field for creating a custom evidence: --%s", predicateType) + return errorutils.CheckErrorf("'predicate-type' is a mandatory field for creating evidence: --%s", predicateType) } if !c.IsFlagSet(key) || assertValueProvided(c, key) != nil { - return errorutils.CheckErrorf("'key' is a mandatory field for creating a custom evidence: --%s", key) + return errorutils.CheckErrorf("'key' is a mandatory field for creating evidence: --%s", key) } return nil } diff --git a/evidence/cli/command_controller_test.go b/evidence/cli/command_controller_test.go index fd6c3c3..6baff90 100644 --- a/evidence/cli/command_controller_test.go +++ b/evidence/cli/command_controller_test.go @@ -22,27 +22,32 @@ func TestCreateEvidence_Context(t *testing.T) { }{ { name: "InvalidContext - Missing Subject", - context: createContext("somePredicate", "InToto", "PGP", "", ""), + context: createCustomContext("somePredicate", "InToto", "PGP", "", ""), expectErr: true, }, { name: "InvalidContext - Missing Predicate", - context: createContext("", "InToto", "PGP", "someBundle", ""), + context: createCustomContext("", "InToto", "PGP", "someBundle", ""), expectErr: true, }, { name: "InvalidContext - Subject Duplication", - context: createContext("somePredicate", "InToto", "PGP", "someBundle", "path"), + context: createCustomAndRBContext("somePredicate", "InToto", "PGP", "someBundle", "1.0.0", "rb", "rbv"), expectErr: true, }, { name: "ValidContext - ReleaseBundle", - context: createContext("somePredicate", "InToto", "PGP", "someBundle:1", ""), + context: createRBContext("somePredicate", "InToto", "PGP", "someBundle:1", "1.0.0"), expectErr: false, }, { name: "ValidContext - RepoPath", - context: createContext("somePredicate", "InToto", "PGP", "", "path"), + context: createCustomContext("somePredicate", "InToto", "PGP", "path", "sha256"), + expectErr: false, + }, + { + name: "ValidContext - Build", + context: createBuildContext("somePredicate", "InToto", "PGP", "name", "number"), expectErr: false, }, } @@ -67,15 +72,52 @@ func TestCreateEvidence_Context(t *testing.T) { } } -func createContext(predicate string, predicateType string, key string, rb string, repoPath string) *components.Context { +func createCommonContext(ctx *components.Context, _predicate, _predicateType, _key string) *components.Context { + setStringFlagValue(ctx, predicate, _predicate) + setStringFlagValue(ctx, predicateType, _predicateType) + setStringFlagValue(ctx, key, _key) + return ctx +} + +func createCustomAndRBContext(_predicate, _predicateType, _key, repoPath, sha256, rb, rbv string) *components.Context { ctx := &components.Context{ Arguments: []string{}, } - setStringFlagValue(ctx, predicate, predicate) - setStringFlagValue(ctx, predicateType, predicateType) - setStringFlagValue(ctx, key, key) - setStringFlagValue(ctx, repoPath, repoPath) + createCommonContext(ctx, _predicate, _predicateType, _key) + setStringFlagValue(ctx, subjectRepoPath, repoPath) + setStringFlagValue(ctx, subjectSha256, sha256) setStringFlagValue(ctx, releaseBundle, rb) + setStringFlagValue(ctx, releaseBundleVersion, rbv) + return ctx +} + +func createCustomContext(_predicate, _predicateType, _key, repoPath, sha256 string) *components.Context { + ctx := &components.Context{ + Arguments: []string{}, + } + createCommonContext(ctx, _predicate, _predicateType, _key) + setStringFlagValue(ctx, subjectRepoPath, repoPath) + setStringFlagValue(ctx, subjectSha256, sha256) + return ctx +} + +func createRBContext(_predicate, _predicateType, _key, rb, rbv string) *components.Context { + ctx := &components.Context{ + Arguments: []string{}, + } + createCommonContext(ctx, _predicate, _predicateType, _key) + setStringFlagValue(ctx, releaseBundle, rb) + setStringFlagValue(ctx, releaseBundleVersion, rbv) + return ctx +} + +func createBuildContext(_predicate, _predicateType, _key, _buildName, _buildNumber string) *components.Context { + ctx := &components.Context{ + Arguments: []string{}, + } + createCommonContext(ctx, _predicate, _predicateType, _key) + setStringFlagValue(ctx, buildName, _buildName) + setStringFlagValue(ctx, buildNumber, _buildNumber) return ctx } diff --git a/evidence/cli/command_custom.go b/evidence/cli/command_custom.go index 6a22566..ec4c0c7 100644 --- a/evidence/cli/command_custom.go +++ b/evidence/cli/command_custom.go @@ -4,6 +4,7 @@ import ( "github.com/jfrog/jfrog-cli-artifactory/evidence" "github.com/jfrog/jfrog-cli-core/v2/plugins/components" coreConfig "github.com/jfrog/jfrog-cli-core/v2/utils/config" + "github.com/jfrog/jfrog-client-go/utils/errorutils" ) type evidenceCustomCommand struct { @@ -17,14 +18,25 @@ func NewEvidenceCustomCommand(ctx *components.Context, execute execCommandFunc) execute: execute, } } - -func (ecc *evidenceCustomCommand) CreateEvidence(serverDetails *coreConfig.ServerDetails) error { +func (ecc *evidenceCustomCommand) CreateEvidence(ctx *components.Context, serverDetails *coreConfig.ServerDetails) error { + err := ecc.validateEvidenceCustomContext(ctx) + if err != nil { + return err + } createCmd := evidence.NewCreateEvidenceCustom( serverDetails, ecc.ctx.GetStringFlagValue(predicate), ecc.ctx.GetStringFlagValue(predicateType), ecc.ctx.GetStringFlagValue(key), ecc.ctx.GetStringFlagValue(keyId), - ecc.ctx.GetStringFlagValue(repoPath)) + ecc.ctx.GetStringFlagValue(subjectRepoPath), + ecc.ctx.GetStringFlagValue(subjectSha256)) return ecc.execute(createCmd) } + +func (ecc *evidenceCustomCommand) validateEvidenceCustomContext(c *components.Context) error { + if !c.IsFlagSet(subjectSha256) || assertValueProvided(c, subjectSha256) != nil { + return errorutils.CheckErrorf("'subject-sha256' is a mandatory field for creating a custom evidence: --%s", subjectSha256) + } + return nil +} diff --git a/evidence/cli/command_relesae_bundle.go b/evidence/cli/command_relesae_bundle.go index 464bd7e..aaa1140 100644 --- a/evidence/cli/command_relesae_bundle.go +++ b/evidence/cli/command_relesae_bundle.go @@ -4,6 +4,7 @@ import ( "github.com/jfrog/jfrog-cli-artifactory/evidence" "github.com/jfrog/jfrog-cli-core/v2/plugins/components" coreConfig "github.com/jfrog/jfrog-cli-core/v2/utils/config" + "github.com/jfrog/jfrog-client-go/utils/errorutils" ) type evidenceReleaseBundleCommand struct { @@ -18,7 +19,12 @@ func NewEvidenceReleaseBundleCommand(ctx *components.Context, execute execComman } } -func (erc *evidenceReleaseBundleCommand) CreateEvidence(serverDetails *coreConfig.ServerDetails) error { +func (erc *evidenceReleaseBundleCommand) CreateEvidence(ctx *components.Context, serverDetails *coreConfig.ServerDetails) error { + err := erc.validateEvidenceReleaseBundleContext(ctx) + if err != nil { + return err + } + createCmd := evidence.NewCreateEvidenceReleaseBundle( serverDetails, erc.ctx.GetStringFlagValue(predicate), @@ -26,6 +32,14 @@ func (erc *evidenceReleaseBundleCommand) CreateEvidence(serverDetails *coreConfi erc.ctx.GetStringFlagValue(key), erc.ctx.GetStringFlagValue(keyId), erc.ctx.GetStringFlagValue(project), - erc.ctx.GetStringFlagValue(releaseBundle)) + erc.ctx.GetStringFlagValue(releaseBundle), + erc.ctx.GetStringFlagValue(releaseBundleVersion)) return erc.execute(createCmd) } + +func (erc *evidenceReleaseBundleCommand) validateEvidenceReleaseBundleContext(c *components.Context) error { + if !c.IsFlagSet(releaseBundleVersion) || assertValueProvided(c, releaseBundleVersion) != nil { + return errorutils.CheckErrorf("'releaseBundleVersion' is a mandatory field for creating a Release Bundle evidence: --%s", releaseBundleVersion) + } + return nil +} diff --git a/evidence/cli/flags.go b/evidence/cli/flags.go index 0cf036f..5bcbfaa 100644 --- a/evidence/cli/flags.go +++ b/evidence/cli/flags.go @@ -20,16 +20,19 @@ const ( project = "project" // RLM flags keys - releaseBundle = "release-bundle" - build = "build" + releaseBundle = "release-bundle" + releaseBundleVersion = "release-bundle-version" + buildName = "build-name" + buildNumber = "build-number" // Unique evidence flags - evidencePrefix = "evd-" - predicate = "predicate" - predicateType = "predicate-type" - repoPath = "repo-path" - key = "key" - keyId = "key-name" + evidencePrefix = "evd-" + predicate = "predicate" + predicateType = "predicate-type" + subjectRepoPath = "subject-repo-path" + subjectSha256 = "subject-sha256" + key = "key" + keyId = "key-name" ) // Flag keys mapped to their corresponding components.Flag definition. @@ -42,19 +45,37 @@ var flagsMap = map[string]components.Flag{ accessToken: components.NewStringFlag(accessToken, "JFrog access token.", func(f *components.StringFlag) { f.Mandatory = false }), project: components.NewStringFlag(project, "Project key associated with the created evidence.", func(f *components.StringFlag) { f.Mandatory = false }), - releaseBundle: components.NewStringFlag(releaseBundle, "Release Bundle name and version. Format: :", func(f *components.StringFlag) { f.Mandatory = false }), - build: components.NewStringFlag(build, "Build name and number. Format: :", func(f *components.StringFlag) { f.Mandatory = false }), + releaseBundle: components.NewStringFlag(releaseBundle, "Release Bundle name.", func(f *components.StringFlag) { f.Mandatory = false }), + releaseBundleVersion: components.NewStringFlag(releaseBundleVersion, "Release Bundle version.", func(f *components.StringFlag) { f.Mandatory = false }), + buildName: components.NewStringFlag(buildName, "Build name.", func(f *components.StringFlag) { f.Mandatory = false }), + buildNumber: components.NewStringFlag(buildNumber, "Build number.", func(f *components.StringFlag) { f.Mandatory = false }), - predicate: components.NewStringFlag(predicate, "Path to the predicate, arbitrary JSON.", func(f *components.StringFlag) { f.Mandatory = true }), - predicateType: components.NewStringFlag(predicateType, "Type of the predicate.", func(f *components.StringFlag) { f.Mandatory = true }), - repoPath: components.NewStringFlag(repoPath, "Full path to some artifact' location.", func(f *components.StringFlag) { f.Mandatory = false }), - key: components.NewStringFlag(key, "Path to a private key that will sign the DSSE. Supported keys: 'ecdsa','rsa' and 'ed25519'.", func(f *components.StringFlag) { f.Mandatory = true }), - keyId: components.NewStringFlag(keyId, "KeyId", func(f *components.StringFlag) { f.Mandatory = false }), + predicate: components.NewStringFlag(predicate, "Path to the predicate, arbitrary JSON.", func(f *components.StringFlag) { f.Mandatory = true }), + predicateType: components.NewStringFlag(predicateType, "Type of the predicate.", func(f *components.StringFlag) { f.Mandatory = true }), + subjectRepoPath: components.NewStringFlag(subjectRepoPath, "Full path to some subject' location.", func(f *components.StringFlag) { f.Mandatory = false }), + subjectSha256: components.NewStringFlag(subjectSha256, "subject checksum sha256.", func(f *components.StringFlag) { f.Mandatory = false }), + key: components.NewStringFlag(key, "Path to a private key that will sign the DSSE. Supported keys: 'ecdsa','rsa' and 'ed25519'.", func(f *components.StringFlag) { f.Mandatory = true }), + keyId: components.NewStringFlag(keyId, "KeyId", func(f *components.StringFlag) { f.Mandatory = false }), } var commandFlags = map[string][]string{ CreateEvidence: { - url, user, password, accessToken, ServerId, project, releaseBundle, build, predicate, predicateType, repoPath, key, keyId, + url, + user, + password, + accessToken, + ServerId, + project, + releaseBundle, + releaseBundleVersion, + buildName, + buildNumber, + predicate, + predicateType, + subjectRepoPath, + subjectSha256, + key, + keyId, }, } diff --git a/evidence/cli/utils.go b/evidence/cli/utils.go index f1ce84c..6219f4d 100644 --- a/evidence/cli/utils.go +++ b/evidence/cli/utils.go @@ -9,7 +9,7 @@ func exec(command commands.Command) error { } var subjectTypes = []string{ - repoPath, + subjectRepoPath, releaseBundle, - build, + buildName, } diff --git a/evidence/create_base.go b/evidence/create_base.go index c2c5910..4004b7c 100644 --- a/evidence/create_base.go +++ b/evidence/create_base.go @@ -26,8 +26,8 @@ type createEvidenceBase struct { keyId string } -func (c *createEvidenceBase) createEnvelope(subject string) ([]byte, error) { - statementJson, err := c.buildIntotoStatementJson(subject) +func (c *createEvidenceBase) createEnvelope(subject, subjectSha256 string) ([]byte, error) { + statementJson, err := c.buildIntotoStatementJson(subject, subjectSha256) if err != nil { return nil, err } @@ -45,7 +45,7 @@ func (c *createEvidenceBase) createEnvelope(subject string) ([]byte, error) { return envelopeBytes, nil } -func (c *createEvidenceBase) buildIntotoStatementJson(subject string) ([]byte, error) { +func (c *createEvidenceBase) buildIntotoStatementJson(subject, subjectSha256 string) ([]byte, error) { predicate, err := os.ReadFile(c.predicateFilePath) if err != nil { log.Warn(fmt.Sprintf("failed to read predicate file '%s'", predicate)) @@ -58,7 +58,7 @@ func (c *createEvidenceBase) buildIntotoStatementJson(subject string) ([]byte, e } statement := intoto.NewStatement(predicate, c.predicateType, c.serverDetails.User) - err = statement.SetSubject(artifactoryClient, subject) + err = statement.SetSubject(artifactoryClient, subject, subjectSha256) if err != nil { return nil, err } diff --git a/evidence/create_build.go b/evidence/create_build.go index fd60cc2..ee88ef7 100644 --- a/evidence/create_build.go +++ b/evidence/create_build.go @@ -9,17 +9,17 @@ import ( "github.com/jfrog/jfrog-client-go/artifactory/services" "github.com/jfrog/jfrog-client-go/utils/errorutils" "github.com/jfrog/jfrog-client-go/utils/log" - "strings" ) type createEvidenceBuild struct { createEvidenceBase - project string - build string + project string + buildName string + buildNumber string } func NewCreateEvidenceBuild(serverDetails *coreConfig.ServerDetails, - predicateFilePath, predicateType, key, keyId, project, build string) Command { + predicateFilePath, predicateType, key, keyId, project, buildName, buildNumber string) Command { return &createEvidenceBuild{ createEvidenceBase: createEvidenceBase{ serverDetails: serverDetails, @@ -28,13 +28,14 @@ func NewCreateEvidenceBuild(serverDetails *coreConfig.ServerDetails, key: key, keyId: keyId, }, - project: project, - build: build, + project: project, + buildName: buildName, + buildNumber: buildNumber, } } func (c *createEvidenceBuild) CommandName() string { - return "create-build-evidence" + return "create-buildName-evidence" } func (c *createEvidenceBuild) ServerDetails() (*config.ServerDetails, error) { @@ -47,11 +48,11 @@ func (c *createEvidenceBuild) Run() error { log.Error("failed to create Artifactory client", err) return err } - subject, err := c.buildBuildInfoSubjectPath(artifactoryClient) + subject, sha256, err := c.buildBuildInfoSubjectPath(artifactoryClient) if err != nil { return err } - envelope, err := c.createEnvelope(subject) + envelope, err := c.createEnvelope(subject, sha256) if err != nil { return err } @@ -63,26 +64,19 @@ func (c *createEvidenceBuild) Run() error { return nil } -func (c *createEvidenceBuild) buildBuildInfoSubjectPath(artifactoryClient artifactory.ArtifactoryServicesManager) (string, error) { - build := strings.Split(c.build, ":") - if len(build) != 2 { - return "", fmt.Errorf("invalid build format. expected format is :") - } - name := build[0] - number := build[1] - - timestamp, err := getBuildLatestTimestamp(name, number, c.project, artifactoryClient) +func (c *createEvidenceBuild) buildBuildInfoSubjectPath(artifactoryClient artifactory.ArtifactoryServicesManager) (string, string, error) { + timestamp, err := getBuildLatestTimestamp(c.buildName, c.buildNumber, c.project, artifactoryClient) if err != nil { - return "", err + return "", "", err } repoKey := buildBuildInfoRepoKey(c.project) - buildInfoPath := buildBuildInfoPath(repoKey, name, number, timestamp) + buildInfoPath := buildBuildInfoPath(repoKey, c.buildName, c.buildNumber, timestamp) buildInfoChecksum, err := getBuildInfoPathChecksum(buildInfoPath, artifactoryClient) if err != nil { - return "", err + return "", "", err } - return buildInfoPath + "@" + buildInfoChecksum, nil + return buildInfoPath, buildInfoChecksum, nil } func getBuildLatestTimestamp(name string, number string, project string, artifactoryClient artifactory.ArtifactoryServicesManager) (string, error) { @@ -96,7 +90,7 @@ func getBuildLatestTimestamp(name string, number string, project string, artifac return "", err } if !ok { - errorMessage := fmt.Sprintf("failed to find build, name:%s, number:%s, project: %s", name, number, project) + errorMessage := fmt.Sprintf("failed to find buildName, name:%s, number:%s, project: %s", name, number, project) return "", errorutils.CheckErrorf(errorMessage) } timestamp, err := utils.ParseIsoTimestamp(res.BuildInfo.Started) @@ -121,7 +115,7 @@ func buildBuildInfoPath(repoKey string, name string, number string, timestamp st func getBuildInfoPathChecksum(buildInfoPath string, artifactoryClient artifactory.ArtifactoryServicesManager) (string, error) { res, err := artifactoryClient.FileInfo(buildInfoPath) if err != nil { - log.Warn(fmt.Sprintf("build info json path '%s' does not exist.", buildInfoPath)) + log.Warn(fmt.Sprintf("buildName info json path '%s' does not exist.", buildInfoPath)) return "", err } return res.Checksums.Sha256, nil diff --git a/evidence/create_build_test.go b/evidence/create_build_test.go index 3b39f77..ff26065 100644 --- a/evidence/create_build_test.go +++ b/evidence/create_build_test.go @@ -40,49 +40,51 @@ func (m *mockArtifactoryServicesManagerBuild) GetBuildInfo(services.BuildInfoPar func TestBuildInfo(t *testing.T) { tests := []struct { - name string - project string - build string - expectedPath string - expectError bool + name string + project string + buildName string + buildNumber string + expectedPath string + expectedChecksum string + expectError bool }{ { - name: "Valid build with project", - project: "myProject", - build: "buildName:1", - expectedPath: "myProject-build-info/buildName/1-1705529045000.json@dummy_sha256", - expectError: false, + name: "Valid buildName with project", + project: "myProject", + buildName: "buildName", + buildNumber: "1", + expectedPath: "myProject-buildName-info/buildName/1-1705529045000.json", + expectedChecksum: "dummy_sha256", + expectError: false, }, { - name: "Valid build default project", - project: "default", - build: "buildName:1", - expectedPath: "artifactory-build-info/buildName/1-1705529045000.json@dummy_sha256", - expectError: false, - }, - { - name: "Invalid build format", - project: "myProject", - build: "buildName-1", - expectedPath: "", - expectError: true, + name: "Valid buildName default project", + project: "default", + buildName: "buildName", + buildNumber: "1", + expectedPath: "artifactory-buildName-info/buildName/1-1705529045000.json", + expectedChecksum: "dummy_sha256", + expectError: false, }, } for _, tt := range tests { t.Run(tt.name, func(t *testing.T) { c := &createEvidenceBuild{ - project: tt.project, - build: tt.build, + project: tt.project, + buildName: tt.buildName, + buildNumber: tt.buildNumber, } aa := &mockArtifactoryServicesManagerBuild{} - path, err := c.buildBuildInfoSubjectPath(aa) + path, sha256, err := c.buildBuildInfoSubjectPath(aa) if tt.expectError { assert.Error(t, err) assert.Empty(t, path) + assert.Empty(t, sha256) } else { assert.NoError(t, err) assert.Equal(t, tt.expectedPath, path) + assert.Equal(t, tt.expectedChecksum, sha256) } }) } diff --git a/evidence/create_custom.go b/evidence/create_custom.go index 1629c8f..68b9b64 100644 --- a/evidence/create_custom.go +++ b/evidence/create_custom.go @@ -7,11 +7,12 @@ import ( type createEvidenceCustom struct { createEvidenceBase - repoPath string + subjectRepoPath string + subjectSha256 string } -func NewCreateEvidenceCustom(serverDetails *coreConfig.ServerDetails, predicateFilePath string, predicateType string, key string, keyId string, - repoPath string) Command { +func NewCreateEvidenceCustom(serverDetails *coreConfig.ServerDetails, predicateFilePath, predicateType, key, keyId, subjectRepoPath, + subjectSha256 string) Command { return &createEvidenceCustom{ createEvidenceBase: createEvidenceBase{ serverDetails: serverDetails, @@ -20,7 +21,8 @@ func NewCreateEvidenceCustom(serverDetails *coreConfig.ServerDetails, predicateF key: key, keyId: keyId, }, - repoPath: repoPath, + subjectRepoPath: subjectRepoPath, + subjectSha256: subjectSha256, } } @@ -33,11 +35,11 @@ func (c *createEvidenceCustom) ServerDetails() (*config.ServerDetails, error) { } func (c *createEvidenceCustom) Run() error { - envelope, err := c.createEnvelope(c.repoPath) + envelope, err := c.createEnvelope(c.subjectRepoPath, c.subjectSha256) if err != nil { return err } - err = c.uploadEvidence(envelope, c.repoPath) + err = c.uploadEvidence(envelope, c.subjectRepoPath) if err != nil { return err } diff --git a/evidence/create_release_bundle.go b/evidence/create_release_bundle.go index e2fb230..8a5101b 100644 --- a/evidence/create_release_bundle.go +++ b/evidence/create_release_bundle.go @@ -6,17 +6,17 @@ import ( coreConfig "github.com/jfrog/jfrog-cli-core/v2/utils/config" "github.com/jfrog/jfrog-client-go/artifactory" "github.com/jfrog/jfrog-client-go/utils/log" - "strings" ) type createEvidenceReleaseBundle struct { createEvidenceBase - project string - releaseBundle string + project string + releaseBundle string + releaseBundleVersion string } -func NewCreateEvidenceReleaseBundle(serverDetails *coreConfig.ServerDetails, predicateFilePath string, predicateType string, key string, keyId string, - project string, releaseBundle string) Command { +func NewCreateEvidenceReleaseBundle(serverDetails *coreConfig.ServerDetails, predicateFilePath, predicateType, key, keyId, project, releaseBundle, + releaseBundleVersion string) Command { return &createEvidenceReleaseBundle{ createEvidenceBase: createEvidenceBase{ serverDetails: serverDetails, @@ -25,8 +25,9 @@ func NewCreateEvidenceReleaseBundle(serverDetails *coreConfig.ServerDetails, pre key: key, keyId: keyId, }, - project: project, - releaseBundle: releaseBundle, + project: project, + releaseBundle: releaseBundle, + releaseBundleVersion: releaseBundleVersion, } } @@ -44,11 +45,11 @@ func (c *createEvidenceReleaseBundle) Run() error { log.Error("failed to create Artifactory client", err) return err } - subject, err := c.buildReleaseBundleSubjectPath(artifactoryClient) + subject, sha256, err := c.buildReleaseBundleSubjectPath(artifactoryClient) if err != nil { return err } - envelope, err := c.createEnvelope(subject) + envelope, err := c.createEnvelope(subject, sha256) if err != nil { return err } @@ -60,22 +61,16 @@ func (c *createEvidenceReleaseBundle) Run() error { return nil } -func (c *createEvidenceReleaseBundle) buildReleaseBundleSubjectPath(artifactoryClient artifactory.ArtifactoryServicesManager) (string, error) { - releaseBundle := strings.Split(c.releaseBundle, ":") - if len(releaseBundle) != 2 { - return "", fmt.Errorf("invalid release bundle format. expected format is :") - } - name := releaseBundle[0] - version := releaseBundle[1] +func (c *createEvidenceReleaseBundle) buildReleaseBundleSubjectPath(artifactoryClient artifactory.ArtifactoryServicesManager) (string, string, error) { repoKey := buildRepoKey(c.project) - manifestPath := buildManifestPath(repoKey, name, version) + manifestPath := buildManifestPath(repoKey, c.releaseBundle, c.releaseBundleVersion) manifestChecksum, err := getManifestPathChecksum(manifestPath, artifactoryClient) if err != nil { - return "", err + return "", "", err } - return manifestPath + "@" + manifestChecksum, nil + return manifestPath, manifestChecksum, nil } func buildRepoKey(project string) string { diff --git a/evidence/create_release_bundle_test.go b/evidence/create_release_bundle_test.go index 5653665..fa20f40 100644 --- a/evidence/create_release_bundle_test.go +++ b/evidence/create_release_bundle_test.go @@ -29,63 +29,60 @@ func (m *mockReleaseBundleArtifactoryServicesManager) FileInfo(relativePath stri func TestReleaseBundle(t *testing.T) { tests := []struct { - name string - project string - releaseBundle string - expectedPath string - expectError bool + name string + project string + releaseBundle string + releaseBundleVersion string + expectedPath string + expectedCheckSum string + expectError bool }{ { - name: "Valid release bundle with project", - project: "myProject", - releaseBundle: "bundleName:1.0.0", - expectedPath: "myProject-release-bundles-v2/bundleName/1.0.0/release-bundle.json.evd@dummy_sha256", - expectError: false, + name: "Valid release bundle with project", + project: "myProject", + releaseBundle: "bundleName", + releaseBundleVersion: "1.0.0", + expectedPath: "myProject-release-bundles-v2/bundleName/1.0.0/release-bundle.json.evd", + expectedCheckSum: "dummy_sha256", + expectError: false, }, { - name: "Valid release bundle default project", - project: "default", - releaseBundle: "bundleName:1.0.0", - expectedPath: "release-bundles-v2/bundleName/1.0.0/release-bundle.json.evd@dummy_sha256", - expectError: false, + name: "Valid release bundle default project", + project: "default", + releaseBundle: "bundleName", + releaseBundleVersion: "1.0.0", + expectedPath: "release-bundles-v2/bundleName/1.0.0/release-bundle.json.evd", + expectedCheckSum: "dummy_sha256", + expectError: false, }, { - name: "Valid release bundle empty project", - project: "default", - releaseBundle: "bundleName:1.0.0", - expectedPath: "release-bundles-v2/bundleName/1.0.0/release-bundle.json.evd@dummy_sha256", - expectError: false, - }, - { - name: "Invalid release bundle format 1", - project: "myProject", - releaseBundle: "bundleName:1.0.0:111", - expectedPath: "", - expectError: true, - }, - { - name: "Invalid release bundle format 2", - project: "myProject", - releaseBundle: "bundleName111", - expectedPath: "", - expectError: true, + name: "Valid release bundle empty project", + project: "default", + releaseBundle: "bundleName", + releaseBundleVersion: "1.0.0", + expectedPath: "release-bundles-v2/bundleName/1.0.0/release-bundle.json.evd", + expectedCheckSum: "dummy_sha256", + expectError: false, }, } for _, tt := range tests { t.Run(tt.name, func(t *testing.T) { c := &createEvidenceReleaseBundle{ - project: tt.project, - releaseBundle: tt.releaseBundle, + project: tt.project, + releaseBundle: tt.releaseBundle, + releaseBundleVersion: tt.releaseBundleVersion, } aa := &mockReleaseBundleArtifactoryServicesManager{} - path, err := c.buildReleaseBundleSubjectPath(aa) + path, sha256, err := c.buildReleaseBundleSubjectPath(aa) if tt.expectError { assert.Error(t, err) + assert.Empty(t, sha256) assert.Empty(t, path) } else { assert.NoError(t, err) assert.Equal(t, tt.expectedPath, path) + assert.Equal(t, tt.expectedCheckSum, sha256) } }) } diff --git a/evidence/intoto/intoto_statement_v1.go b/evidence/intoto/intoto_statement_v1.go index 1d888d7..bd0b6b2 100644 --- a/evidence/intoto/intoto_statement_v1.go +++ b/evidence/intoto/intoto_statement_v1.go @@ -3,7 +3,6 @@ package intoto import ( "encoding/json" "github.com/jfrog/jfrog-client-go/utils/errorutils" - "strings" "time" "github.com/jfrog/jfrog-client-go/artifactory" @@ -42,18 +41,13 @@ func NewStatement(predicate []byte, predicateType string, user string) *Statemen } } -func (s *Statement) SetSubject(servicesManager artifactory.ArtifactoryServicesManager, subject string) error { - subjectAndSha := strings.Split(subject, "@") +func (s *Statement) SetSubject(servicesManager artifactory.ArtifactoryServicesManager, subject, subjectSha256 string) error { s.Subject = make([]ResourceDescriptor, 1) - if len(subjectAndSha) > 1 { - s.Subject[0].Digest.Sha256 = subjectAndSha[1] - } - - res, err := servicesManager.FileInfo(subjectAndSha[0]) + res, err := servicesManager.FileInfo(subject) if err != nil { return err } - if s.Subject[0].Digest.Sha256 != "" && res.Checksums.Sha256 != s.Subject[0].Digest.Sha256 { + if res.Checksums.Sha256 != subjectSha256 { return errorutils.CheckErrorf("provided sha256 does not match the file's sha256") } s.Subject[0].Digest.Sha256 = res.Checksums.Sha256 From 709f5bef8ce7b46ea1f04761dc231eb3040443e8 Mon Sep 17 00:00:00 2001 From: osaidw Date: Sun, 4 Aug 2024 17:29:48 +0300 Subject: [PATCH 06/16] Evidence CLI - update fields names --- evidence/cli/command_custom.go | 12 ------------ evidence/create_build_test.go | 4 ++-- evidence/intoto/intoto_statement_v1.go | 2 +- evidence/intoto/intoto_statement_v1_test.go | 4 ++-- 4 files changed, 5 insertions(+), 17 deletions(-) diff --git a/evidence/cli/command_custom.go b/evidence/cli/command_custom.go index ec4c0c7..006aa25 100644 --- a/evidence/cli/command_custom.go +++ b/evidence/cli/command_custom.go @@ -4,7 +4,6 @@ import ( "github.com/jfrog/jfrog-cli-artifactory/evidence" "github.com/jfrog/jfrog-cli-core/v2/plugins/components" coreConfig "github.com/jfrog/jfrog-cli-core/v2/utils/config" - "github.com/jfrog/jfrog-client-go/utils/errorutils" ) type evidenceCustomCommand struct { @@ -19,10 +18,6 @@ func NewEvidenceCustomCommand(ctx *components.Context, execute execCommandFunc) } } func (ecc *evidenceCustomCommand) CreateEvidence(ctx *components.Context, serverDetails *coreConfig.ServerDetails) error { - err := ecc.validateEvidenceCustomContext(ctx) - if err != nil { - return err - } createCmd := evidence.NewCreateEvidenceCustom( serverDetails, ecc.ctx.GetStringFlagValue(predicate), @@ -33,10 +28,3 @@ func (ecc *evidenceCustomCommand) CreateEvidence(ctx *components.Context, server ecc.ctx.GetStringFlagValue(subjectSha256)) return ecc.execute(createCmd) } - -func (ecc *evidenceCustomCommand) validateEvidenceCustomContext(c *components.Context) error { - if !c.IsFlagSet(subjectSha256) || assertValueProvided(c, subjectSha256) != nil { - return errorutils.CheckErrorf("'subject-sha256' is a mandatory field for creating a custom evidence: --%s", subjectSha256) - } - return nil -} diff --git a/evidence/create_build_test.go b/evidence/create_build_test.go index ff26065..2c89a97 100644 --- a/evidence/create_build_test.go +++ b/evidence/create_build_test.go @@ -53,7 +53,7 @@ func TestBuildInfo(t *testing.T) { project: "myProject", buildName: "buildName", buildNumber: "1", - expectedPath: "myProject-buildName-info/buildName/1-1705529045000.json", + expectedPath: "myProject-build-info/buildName/1-1705529045000.json", expectedChecksum: "dummy_sha256", expectError: false, }, @@ -62,7 +62,7 @@ func TestBuildInfo(t *testing.T) { project: "default", buildName: "buildName", buildNumber: "1", - expectedPath: "artifactory-buildName-info/buildName/1-1705529045000.json", + expectedPath: "artifactory-build-info/buildName/1-1705529045000.json", expectedChecksum: "dummy_sha256", expectError: false, }, diff --git a/evidence/intoto/intoto_statement_v1.go b/evidence/intoto/intoto_statement_v1.go index bd0b6b2..cb60c81 100644 --- a/evidence/intoto/intoto_statement_v1.go +++ b/evidence/intoto/intoto_statement_v1.go @@ -47,7 +47,7 @@ func (s *Statement) SetSubject(servicesManager artifactory.ArtifactoryServicesMa if err != nil { return err } - if res.Checksums.Sha256 != subjectSha256 { + if subjectSha256 != "" && res.Checksums.Sha256 != subjectSha256 { return errorutils.CheckErrorf("provided sha256 does not match the file's sha256") } s.Subject[0].Digest.Sha256 = res.Checksums.Sha256 diff --git a/evidence/intoto/intoto_statement_v1_test.go b/evidence/intoto/intoto_statement_v1_test.go index 3c1ead7..4192bbf 100644 --- a/evidence/intoto/intoto_statement_v1_test.go +++ b/evidence/intoto/intoto_statement_v1_test.go @@ -47,7 +47,7 @@ func TestSetSubjectSha256NotEqual(t *testing.T) { st := NewStatement([]byte(predicate), predicateType, "") assert.NotNil(t, st) aa := &mockArtifactoryServicesManager{} - err := st.SetSubject(aa, "path/to/file.txt@e77779f5a976c7f4a5406907790bb8cad6148406282f07cd143fd1de64ca169d") + err := st.SetSubject(aa, "path/to/file.txt", "e77779f5a976c7f4a5406907790bb8cad6148406282f07cd143fd1de64ca169d") assert.Error(t, err) } @@ -57,7 +57,7 @@ func TestSetSubjectSha256Equal(t *testing.T) { st := NewStatement([]byte(predicate), predicateType, "") assert.NotNil(t, st) aa := &mockArtifactoryServicesManager{} - err := st.SetSubject(aa, "path/to/file.txt@e06f59f5a976c7f4a5406907790bb8cad6148406282f07cd143fd1de64ca169d") + err := st.SetSubject(aa, "path/to/file.txt", "e06f59f5a976c7f4a5406907790bb8cad6148406282f07cd143fd1de64ca169d") assert.NoError(t, err) } From 6b71910af3e89c308e0f68c1c99defba462f235c Mon Sep 17 00:00:00 2001 From: osaidw Date: Mon, 5 Aug 2024 16:43:37 +0300 Subject: [PATCH 07/16] Evidence CLI - update fields names --- evidence/cli/command_build.go | 5 +- .../{command_controller.go => command_cli.go} | 2 +- evidence/cli/command_cli_test.go | 122 ++++++++++++++++ evidence/cli/command_controller_test.go | 137 ------------------ evidence/cli/command_custom.go | 2 +- evidence/cli/command_relesae_bundle.go | 4 +- go.mod | 7 +- go.sum | 14 ++ 8 files changed, 147 insertions(+), 146 deletions(-) rename evidence/cli/{command_controller.go => command_cli.go} (98%) create mode 100644 evidence/cli/command_cli_test.go delete mode 100644 evidence/cli/command_controller_test.go diff --git a/evidence/cli/command_build.go b/evidence/cli/command_build.go index dc7f893..226968c 100644 --- a/evidence/cli/command_build.go +++ b/evidence/cli/command_build.go @@ -36,8 +36,9 @@ func (ebc *evidenceBuildCommand) CreateEvidence(ctx *components.Context, serverD ebc.ctx.GetStringFlagValue(buildNumber)) return ebc.execute(createCmd) } -func (ebc *evidenceBuildCommand) validateEvidenceBuildContext(c *components.Context) error { - if !c.IsFlagSet(buildNumber) || assertValueProvided(c, buildNumber) != nil { + +func (ebc *evidenceBuildCommand) validateEvidenceBuildContext(ctx *components.Context) error { + if !ctx.IsFlagSet(buildNumber) || assertValueProvided(ctx, buildNumber) != nil { return errorutils.CheckErrorf("'buildNumber' is a mandatory field for creating a Release Bundle evidence: --%s", buildNumber) } return nil diff --git a/evidence/cli/command_controller.go b/evidence/cli/command_cli.go similarity index 98% rename from evidence/cli/command_controller.go rename to evidence/cli/command_cli.go index d30aeee..3950798 100644 --- a/evidence/cli/command_controller.go +++ b/evidence/cli/command_cli.go @@ -88,7 +88,7 @@ func getAndValidateSubject(c *components.Context) (string, error) { } if len(foundSubjects) == 0 { - return "", errorutils.CheckErrorf("Subject must be one of the fields: [%s]", strings.Join(subjectTypes, ", ")) + return "", errorutils.CheckErrorf("subject must be one of the fields: [%s]", strings.Join(subjectTypes, ", ")) } if len(foundSubjects) > 1 { return "", errorutils.CheckErrorf("multiple subjects found: [%s]", strings.Join(foundSubjects, ", ")) diff --git a/evidence/cli/command_cli_test.go b/evidence/cli/command_cli_test.go new file mode 100644 index 0000000..37657ec --- /dev/null +++ b/evidence/cli/command_cli_test.go @@ -0,0 +1,122 @@ +package cli + +import ( + "flag" + "github.com/golang/mock/gomock" + "github.com/jfrog/jfrog-cli-core/v2/common/commands" + "github.com/jfrog/jfrog-cli-core/v2/plugins/components" + "github.com/stretchr/testify/assert" + "github.com/urfave/cli" + "testing" +) + +func TestCreateEvidence_Context(t *testing.T) { + ctrl := gomock.NewController(t) + defer ctrl.Finish() + + app := cli.NewApp() + app.Commands = []cli.Command{ + { + Name: "create", + }, + } + set := flag.NewFlagSet(predicate, 0) + ctx := cli.NewContext(app, set, nil) + + tests := []struct { + name string + flags []components.Flag + expectErr bool + }{ + { + name: "InvalidContext - Missing Subject", + flags: []components.Flag{ + setDefaultValue(predicate, predicate), + setDefaultValue(predicateType, predicateType), + setDefaultValue(key, key), + }, + expectErr: true, + }, + { + name: "InvalidContext - Missing Predicate", + flags: []components.Flag{ + setDefaultValue("", ""), + setDefaultValue(predicateType, "InToto"), + setDefaultValue(key, "PGP"), + }, + expectErr: true, + }, + { + name: "InvalidContext - Subject Duplication", + flags: []components.Flag{ + setDefaultValue(predicate, predicate), + setDefaultValue(predicateType, "InToto"), + setDefaultValue(key, "PGP"), + setDefaultValue(subjectRepoPath, subjectRepoPath), + setDefaultValue(releaseBundle, releaseBundle), + setDefaultValue(releaseBundleVersion, releaseBundleVersion), + }, + expectErr: true, + }, + { + name: "ValidContext - ReleaseBundle", + flags: []components.Flag{ + setDefaultValue(predicate, predicate), + setDefaultValue(predicateType, "InToto"), + setDefaultValue(key, "PGP"), + setDefaultValue(releaseBundle, releaseBundle), + setDefaultValue(releaseBundleVersion, releaseBundleVersion), + }, + expectErr: false, + }, + { + name: "ValidContext - RepoPath", + flags: []components.Flag{ + setDefaultValue(predicate, predicate), + setDefaultValue(predicateType, "InToto"), + setDefaultValue(key, "PGP"), + setDefaultValue(subjectRepoPath, subjectRepoPath), + }, + expectErr: false, + }, + { + name: "ValidContext - Build", + flags: []components.Flag{ + setDefaultValue(predicate, predicate), + setDefaultValue(predicateType, "InToto"), + setDefaultValue(key, "PGP"), + setDefaultValue(buildName, buildName), + setDefaultValue(buildNumber, buildNumber), + }, + expectErr: false, + }, + } + + for _, tt := range tests { + t.Run(tt.name, func(t *testing.T) { + context, err1 := components.ConvertContext(ctx, tt.flags...) + if err1 != nil { + return + } + + execFunc = func(command commands.Command) error { + return nil + } + // Replace execFunc with the mockExec function + defer func() { execFunc = exec }() // Restore original execFunc after test + + err := createEvidence(context) + if tt.expectErr { + assert.Error(t, err) + } else { + assert.NoError(t, err) + } + }) + } +} + +func setDefaultValue(flag string, defaultValue string) components.Flag { + f := components.NewStringFlag(flag, flag) + f.DefaultValue = defaultValue + return f +} diff --git a/evidence/cli/command_controller_test.go b/evidence/cli/command_controller_test.go deleted file mode 100644 index 6baff90..0000000 --- a/evidence/cli/command_controller_test.go +++ /dev/null @@ -1,137 +0,0 @@ -package cli - -import ( - "github.com/golang/mock/gomock" - "github.com/jfrog/jfrog-cli-core/v2/common/commands" - "reflect" - "testing" - "unsafe" - - "github.com/jfrog/jfrog-cli-core/v2/plugins/components" - "github.com/stretchr/testify/assert" -) - -func TestCreateEvidence_Context(t *testing.T) { - ctrl := gomock.NewController(t) - defer ctrl.Finish() - - tests := []struct { - name string - context *components.Context - expectErr bool - }{ - { - name: "InvalidContext - Missing Subject", - context: createCustomContext("somePredicate", "InToto", "PGP", "", ""), - expectErr: true, - }, - { - name: "InvalidContext - Missing Predicate", - context: createCustomContext("", "InToto", "PGP", "someBundle", ""), - expectErr: true, - }, - { - name: "InvalidContext - Subject Duplication", - context: createCustomAndRBContext("somePredicate", "InToto", "PGP", "someBundle", "1.0.0", "rb", "rbv"), - expectErr: true, - }, - { - name: "ValidContext - ReleaseBundle", - context: createRBContext("somePredicate", "InToto", "PGP", "someBundle:1", "1.0.0"), - expectErr: false, - }, - { - name: "ValidContext - RepoPath", - context: createCustomContext("somePredicate", "InToto", "PGP", "path", "sha256"), - expectErr: false, - }, - { - name: "ValidContext - Build", - context: createBuildContext("somePredicate", "InToto", "PGP", "name", "number"), - expectErr: false, - }, - } - - for _, tt := range tests { - t.Run(tt.name, func(t *testing.T) { - - execFunc = func(command commands.Command) error { - return nil - } - - // Replace execFunc with the mockExec function - defer func() { execFunc = exec }() // Restore original execFunc after test - - err := createEvidence(tt.context) - if tt.expectErr { - assert.Error(t, err) - } else { - assert.NoError(t, err) - } - }) - } -} - -func createCommonContext(ctx *components.Context, _predicate, _predicateType, _key string) *components.Context { - setStringFlagValue(ctx, predicate, _predicate) - setStringFlagValue(ctx, predicateType, _predicateType) - setStringFlagValue(ctx, key, _key) - return ctx -} - -func createCustomAndRBContext(_predicate, _predicateType, _key, repoPath, sha256, rb, rbv string) *components.Context { - ctx := &components.Context{ - Arguments: []string{}, - } - createCommonContext(ctx, _predicate, _predicateType, _key) - setStringFlagValue(ctx, subjectRepoPath, repoPath) - setStringFlagValue(ctx, subjectSha256, sha256) - setStringFlagValue(ctx, releaseBundle, rb) - setStringFlagValue(ctx, releaseBundleVersion, rbv) - return ctx -} - -func createCustomContext(_predicate, _predicateType, _key, repoPath, sha256 string) *components.Context { - ctx := &components.Context{ - Arguments: []string{}, - } - createCommonContext(ctx, _predicate, _predicateType, _key) - setStringFlagValue(ctx, subjectRepoPath, repoPath) - setStringFlagValue(ctx, subjectSha256, sha256) - return ctx -} - -func createRBContext(_predicate, _predicateType, _key, rb, rbv string) *components.Context { - ctx := &components.Context{ - Arguments: []string{}, - } - createCommonContext(ctx, _predicate, _predicateType, _key) - setStringFlagValue(ctx, releaseBundle, rb) - setStringFlagValue(ctx, releaseBundleVersion, rbv) - return ctx -} - -func createBuildContext(_predicate, _predicateType, _key, _buildName, _buildNumber string) *components.Context { - ctx := &components.Context{ - Arguments: []string{}, - } - createCommonContext(ctx, _predicate, _predicateType, _key) - setStringFlagValue(ctx, buildName, _buildName) - setStringFlagValue(ctx, buildNumber, _buildNumber) - return ctx -} - -func setStringFlagValue(ctx *components.Context, flagName, value string) { - val := reflect.ValueOf(ctx).Elem() - stringFlags := val.FieldByName("stringFlags") - - // If the field is not settable, we need to make it settable - if !stringFlags.CanSet() { - stringFlags = reflect.NewAt(stringFlags.Type(), unsafe.Pointer(stringFlags.UnsafeAddr())).Elem() - } - - if stringFlags.IsNil() { - stringFlags.Set(reflect.MakeMap(stringFlags.Type())) - } - stringFlags.SetMapIndex(reflect.ValueOf(flagName), reflect.ValueOf(value)) -} diff --git a/evidence/cli/command_custom.go b/evidence/cli/command_custom.go index 006aa25..914557a 100644 --- a/evidence/cli/command_custom.go +++ b/evidence/cli/command_custom.go @@ -17,7 +17,7 @@ func NewEvidenceCustomCommand(ctx *components.Context, execute execCommandFunc) execute: execute, } } -func (ecc *evidenceCustomCommand) CreateEvidence(ctx *components.Context, serverDetails *coreConfig.ServerDetails) error { +func (ecc *evidenceCustomCommand) CreateEvidence(_ *components.Context, serverDetails *coreConfig.ServerDetails) error { createCmd := evidence.NewCreateEvidenceCustom( serverDetails, ecc.ctx.GetStringFlagValue(predicate), diff --git a/evidence/cli/command_relesae_bundle.go b/evidence/cli/command_relesae_bundle.go index aaa1140..08fde8c 100644 --- a/evidence/cli/command_relesae_bundle.go +++ b/evidence/cli/command_relesae_bundle.go @@ -37,8 +37,8 @@ func (erc *evidenceReleaseBundleCommand) CreateEvidence(ctx *components.Context, return erc.execute(createCmd) } -func (erc *evidenceReleaseBundleCommand) validateEvidenceReleaseBundleContext(c *components.Context) error { - if !c.IsFlagSet(releaseBundleVersion) || assertValueProvided(c, releaseBundleVersion) != nil { +func (erc *evidenceReleaseBundleCommand) validateEvidenceReleaseBundleContext(ctx *components.Context) error { + if !ctx.IsFlagSet(releaseBundleVersion) || assertValueProvided(ctx, releaseBundleVersion) != nil { return errorutils.CheckErrorf("'releaseBundleVersion' is a mandatory field for creating a Release Bundle evidence: --%s", releaseBundleVersion) } return nil diff --git a/go.mod b/go.mod index 19229cc..f21f4ce 100644 --- a/go.mod +++ b/go.mod @@ -3,11 +3,15 @@ module github.com/jfrog/jfrog-cli-artifactory go 1.22.3 require ( + github.com/golang/mock v1.6.0 + github.com/jfrog/build-info-go v1.9.29 + github.com/jfrog/gofrog v1.7.4 github.com/jfrog/jfrog-cli-core/v2 v2.53.3 github.com/jfrog/jfrog-client-go v1.42.0 github.com/pkg/errors v0.9.1 github.com/secure-systems-lab/go-securesystemslib v0.8.0 github.com/stretchr/testify v1.9.0 + github.com/urfave/cli v1.22.15 ) require ( @@ -40,8 +44,6 @@ require ( github.com/jbenet/go-context v0.0.0-20150711004518-d14ea06fba99 // indirect github.com/jedib0t/go-pretty/v6 v6.5.9 // indirect github.com/jfrog/archiver/v3 v3.6.1 // indirect - github.com/jfrog/build-info-go v1.9.29 // indirect - github.com/jfrog/gofrog v1.7.4 // indirect github.com/kevinburke/ssh_config v1.2.0 // indirect github.com/klauspost/compress v1.17.9 // indirect github.com/klauspost/cpuid/v2 v2.2.3 // indirect @@ -74,7 +76,6 @@ require ( github.com/spf13/viper v1.19.0 // indirect github.com/subosito/gotenv v1.6.0 // indirect github.com/ulikunitz/xz v0.5.12 // indirect - github.com/urfave/cli v1.22.15 // indirect github.com/xanzy/ssh-agent v0.3.3 // indirect github.com/xi2/xz v0.0.0-20171230120015-48954b6210f8 // indirect github.com/xo/terminfo v0.0.0-20210125001918-ca9a967f8778 // indirect diff --git a/go.sum b/go.sum index d714f8d..03ca569 100644 --- a/go.sum +++ b/go.sum @@ -73,6 +73,8 @@ github.com/golang-jwt/jwt/v4 v4.5.0 h1:7cYmW1XlMY7h7ii7UhUyChSgS5wUJEnm9uZVTGqOW github.com/golang-jwt/jwt/v4 v4.5.0/go.mod h1:m21LjoU+eqJr34lmDMbreY2eSTRJ1cv77w39/MY0Ch0= github.com/golang/groupcache v0.0.0-20210331224755-41bb18bfe9da h1:oI5xCqsCo564l8iNU+DwB5epxmsaqB+rhGL0m5jtYqE= github.com/golang/groupcache v0.0.0-20210331224755-41bb18bfe9da/go.mod h1:cIg4eruTrX1D+g88fzRXU5OdNfaM+9IcxsU14FzY7Hc= +github.com/golang/mock v1.6.0 h1:ErTB+efbowRARo13NNdxyJji2egdxLGQhRaY+DUumQc= +github.com/golang/mock v1.6.0/go.mod h1:p6yTPP+5HYm5mzsMV8JkE6ZKdX+/wYM6Hr+LicevLPs= github.com/golang/snappy v0.0.4 h1:yAGX7huGHXlcLOEtBnF4w7FQwA26wojNCwOYAEhLjQM= github.com/golang/snappy v0.0.4/go.mod h1:/XxbfmMg8lxefKM7IXC3fBNl/7bRcc72aCRzEWrmP2Q= github.com/google/go-cmp v0.6.0 h1:ofyhxvXcZhMsU5ulbFiLKl/XBFqE1GSq7atu8tAmTRI= @@ -220,12 +222,14 @@ github.com/xi2/xz v0.0.0-20171230120015-48954b6210f8 h1:nIPpBwaJSVYIxUFsDv3M8ofm github.com/xi2/xz v0.0.0-20171230120015-48954b6210f8/go.mod h1:HUYIGzjTL3rfEspMxjDjgmT5uz5wzYJKVo23qUhYTos= github.com/xo/terminfo v0.0.0-20210125001918-ca9a967f8778 h1:QldyIu/L63oPpyvQmHgvgickp1Yw510KJOqX7H24mg8= github.com/xo/terminfo v0.0.0-20210125001918-ca9a967f8778/go.mod h1:2MuV+tbUrU1zIOPMxZ5EncGwgmMJsa+9ucAQZXxsObs= +github.com/yuin/goldmark v1.3.5/go.mod h1:mwnBkeHKe2W/ZEtQ+71ViKU8L12m81fl3OWwC1Zlc8k= github.com/yuin/goldmark v1.4.13/go.mod h1:6yULJ656Px+3vBD8DxQVa3kxgyrAnzto9xy5taEt/CY= go.uber.org/atomic v1.9.0 h1:ECmE8Bn/WFTYwEW/bpKD3M8VtR/zQVbavAoalC1PYyE= go.uber.org/atomic v1.9.0/go.mod h1:fEN4uk6kAWBTFdckzkM89CLk9XfWZrxpCo0nPH17wJc= go.uber.org/multierr v1.9.0 h1:7fIwc/ZtS0q++VgcfqFDxSBZVv/Xo49/SYnDFupUwlI= go.uber.org/multierr v1.9.0/go.mod h1:X2jQV1h+kxSjClGpnseKVIxpmcjrj7MNnI0bnlfKTVQ= golang.org/x/crypto v0.0.0-20190308221718-c2843e01d9a2/go.mod h1:djNgcEr1/C05ACkg1iLfiJU5Ep61QUkGW8qpdssI0+w= +golang.org/x/crypto v0.0.0-20191011191535-87dc89f01550/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI= golang.org/x/crypto v0.0.0-20210921155107-089bfa567519/go.mod h1:GvvjBRRGRdwPK5ydBHafDWAxML/pGHZbMvKqRZ5+Abc= golang.org/x/crypto v0.0.0-20220622213112-05595931fe9d/go.mod h1:IxCIyHEi3zRg3s0A5j5BB6A9Jmi73HwBIUl50j+osU4= golang.org/x/crypto v0.3.1-0.20221117191849-2c476679df9a/go.mod h1:hebNnKkNXi2UzZN1eVRvBB7co0a+JxK6XbPiWVs/3J4= @@ -234,12 +238,15 @@ golang.org/x/crypto v0.25.0 h1:ypSNr+bnYL2YhwoMt2zPxHFmbAN1KZs/njMG3hxUp30= golang.org/x/crypto v0.25.0/go.mod h1:T+wALwcMOSE0kXgUAnPAHqTLW+XHgcELELW8VaDgm/M= golang.org/x/exp v0.0.0-20240707233637-46b078467d37 h1:uLDX+AfeFCct3a2C7uIWBKMJIR3CJMhcgfrUAqjRK6w= golang.org/x/exp v0.0.0-20240707233637-46b078467d37/go.mod h1:M4RDyNAINzryxdtnbRXRL/OHtkFuWGRjvuhBJpk2IlY= +golang.org/x/mod v0.4.2/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA= golang.org/x/mod v0.6.0-dev.0.20220419223038-86c51ed26bb4/go.mod h1:jJ57K6gSWd91VN4djpZkiMVwK6gcyfeH4XE8wZrZaV4= golang.org/x/mod v0.8.0/go.mod h1:iBbtSCu2XBx23ZKBPSOrRkjjQPZFPuis4dIYUhu/chs= golang.org/x/mod v0.19.0 h1:fEdghXQSo20giMthA7cd28ZC+jts4amQ3YMXiP5oMQ8= golang.org/x/mod v0.19.0/go.mod h1:hTbmBsO62+eylJbnUtE2MGJUyE7QWk4xUqPFrRgJ+7c= +golang.org/x/net v0.0.0-20190404232315-eb5bcb51f2a3/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg= golang.org/x/net v0.0.0-20190620200207-3b0461eec859/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= golang.org/x/net v0.0.0-20210226172049-e18ecbb05110/go.mod h1:m0MpNAwzfU5UDzcl9v0D8zg8gWTRqZa9RBIspLL5mdg= +golang.org/x/net v0.0.0-20210405180319-a5a99cb37ef4/go.mod h1:p54w0d4576C0XHj96bSt6lcn1PtDYWL6XObtHCRCNQM= golang.org/x/net v0.0.0-20211112202133-69e39bad7dc2/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y= golang.org/x/net v0.0.0-20220722155237-a158d28d115b/go.mod h1:XRhObCWvk6IyKnWLug+ECip1KBveYUHfp+8e9klMJ9c= golang.org/x/net v0.2.0/go.mod h1:KqCZLdyyvdV855qA2rE3GC2aiw5xGR5TEjj8smXukLY= @@ -249,6 +256,7 @@ golang.org/x/net v0.27.0 h1:5K3Njcw06/l2y9vpGCSdcxWOYHOUk3dVNGDXN+FvAys= golang.org/x/net v0.27.0/go.mod h1:dDi0PyhWNoiUOrAS8uXv/vnScO4wnHQO4mj9fn/RytE= golang.org/x/sync v0.0.0-20190423024810-112230192c58/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sync v0.0.0-20190911185100-cd5d95a43a6e/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= +golang.org/x/sync v0.0.0-20210220032951-036812b2e83c/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sync v0.0.0-20220722155255-886fb9371eb4/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sync v0.1.0/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sync v0.7.0 h1:YsImfSBoP9QPYL0xyKJPq0gcaJdG3rInoqxTWbfQu9M= @@ -256,6 +264,7 @@ golang.org/x/sync v0.7.0/go.mod h1:Czt+wKu1gCyEFDUtn0jG5QVvpJ6rzVqr5aXyt9drQfk= golang.org/x/sys v0.0.0-20181122145206-62eef0e2fa9b/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= golang.org/x/sys v0.0.0-20190215142949-d0b11bdaac8a/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= golang.org/x/sys v0.0.0-20190222072716-a9d3bda3a223/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= +golang.org/x/sys v0.0.0-20190412213103-97732733099d/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20191008105621-543471e840be/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20191026070338-33540a1f6037/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20191120155948-bd437916bb0e/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= @@ -265,7 +274,9 @@ golang.org/x/sys v0.0.0-20200909081042-eff7692f9009/go.mod h1:h1NjWce9XRLGQEsW7w golang.org/x/sys v0.0.0-20200918174421-af09f7315aff/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20201119102817-f84b799fce68/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20210124154548-22da62e12c0c/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= +golang.org/x/sys v0.0.0-20210330210617-4fbd30eecc44/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20210423082822-04245dca01da/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= +golang.org/x/sys v0.0.0-20210510120138-977fb7262007/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.0.0-20210615035016-665e8c7367d1/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.0.0-20220310020820-b874c991c1a5/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.0.0-20220520151302-bc2c85ada10a/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= @@ -298,11 +309,14 @@ golang.org/x/text v0.16.0 h1:a94ExnEXNtEwYLGJSIUxnWoxoRz/ZcCsV63ROupILh4= golang.org/x/text v0.16.0/go.mod h1:GhwF1Be+LQoKShO3cGOHzqOgRrGaYc9AvblQOmPVHnI= golang.org/x/tools v0.0.0-20180917221912-90fa682c2a6e/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ= golang.org/x/tools v0.0.0-20191119224855-298f0cb1881e/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo= +golang.org/x/tools v0.1.1/go.mod h1:o0xws9oXOQQZyjljx8fwUC0k7L1pTE6eaCbjGeHmOkk= golang.org/x/tools v0.1.12/go.mod h1:hNGJHUnrk76NpqgfD5Aqm5Crs+Hm0VOH/i9J2+nxYbc= golang.org/x/tools v0.6.0/go.mod h1:Xwgl3UAJ/d3gWutnCtw505GrjyAbvKui8lOU390QaIU= golang.org/x/tools v0.23.0 h1:SGsXPZ+2l4JsgaCKkx+FQ9YZ5XEtA1GZYuoDjenLjvg= golang.org/x/tools v0.23.0/go.mod h1:pnu6ufv6vQkll6szChhK3C3L/ruaIv5eBeztNG8wtsI= golang.org/x/xerrors v0.0.0-20190717185122-a985d3407aa7/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= +golang.org/x/xerrors v0.0.0-20191011141410-1b5146add898/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= +golang.org/x/xerrors v0.0.0-20200804184101-5ec99f83aff1/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0= gopkg.in/check.v1 v1.0.0-20190902080502-41f04d3bba15/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0= gopkg.in/check.v1 v1.0.0-20201130134442-10cb98267c6c h1:Hei/4ADfdWqJk1ZMxUNpqntNwaWcugrBjAiHlqqRiVk= From 3249c717ca1821d9c7efd79da436a66a238ad562 Mon Sep 17 00:00:00 2001 From: osaidw Date: Mon, 5 Aug 2024 16:46:58 +0300 Subject: [PATCH 08/16] Evidence CLI - update fields names --- evidence/cli/command_cli.go | 4 +--- 1 file changed, 1 insertion(+), 3 deletions(-) diff --git a/evidence/cli/command_cli.go b/evidence/cli/command_cli.go index 3950798..d4a3472 100644 --- a/evidence/cli/command_cli.go +++ b/evidence/cli/command_cli.go @@ -26,9 +26,7 @@ func GetCommands() []components.Command { } } -var execFunc = func(command commands.Command) error { - return commands.Exec(command) -} +var execFunc = commands.Exec func createEvidence(c *components.Context) error { if err := validateCreateEvidenceCommonContext(c); err != nil { From afe2025f629133a041c4a51ccb213464f7f2e6e9 Mon Sep 17 00:00:00 2001 From: osaidw Date: Mon, 5 Aug 2024 17:05:17 +0300 Subject: [PATCH 09/16] Evidence CLI - update fields names --- evidence/cli/command_cli_test.go | 3 +++ 1 file changed, 3 insertions(+) diff --git a/evidence/cli/command_cli_test.go b/evidence/cli/command_cli_test.go index 37657ec..e12e93a 100644 --- a/evidence/cli/command_cli_test.go +++ b/evidence/cli/command_cli_test.go @@ -66,6 +66,7 @@ func TestCreateEvidence_Context(t *testing.T) { setDefaultValue(key, "PGP"), setDefaultValue(releaseBundle, releaseBundle), setDefaultValue(releaseBundleVersion, releaseBundleVersion), + setDefaultValue("url", "url"), }, expectErr: false, }, @@ -76,6 +77,7 @@ func TestCreateEvidence_Context(t *testing.T) { setDefaultValue(predicateType, "InToto"), setDefaultValue(key, "PGP"), setDefaultValue(subjectRepoPath, subjectRepoPath), + setDefaultValue("url", "url"), }, expectErr: false, }, @@ -87,6 +89,7 @@ func TestCreateEvidence_Context(t *testing.T) { setDefaultValue(key, "PGP"), setDefaultValue(buildName, buildName), setDefaultValue(buildNumber, buildNumber), + setDefaultValue("url", "url"), }, expectErr: false, }, From 938356e162056b3f1950884d7d961297aaa03222 Mon Sep 17 00:00:00 2001 From: osaidw Date: Mon, 5 Aug 2024 17:16:33 +0300 Subject: [PATCH 10/16] Evidence CLI - update fields names --- Makefile | 2 ++ 1 file changed, 2 insertions(+) diff --git a/Makefile b/Makefile index 95eb9b3..59f03e6 100644 --- a/Makefile +++ b/Makefile @@ -9,6 +9,8 @@ GOARCH = $(shell go env GOARCH) # ---------------------------------------------------------------------------------------------------------------------- export PROJECT_DIR = $(CURDIR) +prereq: + $(GOCMD) install github.com/golang/mock/gomock@v1.6.0 clean-mock: @find . -name "*_mock.go" -delete From e347df1e4e394ca116151a86f9501f1891856b32 Mon Sep 17 00:00:00 2001 From: osaidw Date: Mon, 5 Aug 2024 17:17:49 +0300 Subject: [PATCH 11/16] Evidence CLI - update fields names --- Makefile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Makefile b/Makefile index 59f03e6..5878ed4 100644 --- a/Makefile +++ b/Makefile @@ -10,7 +10,7 @@ GOARCH = $(shell go env GOARCH) export PROJECT_DIR = $(CURDIR) prereq: - $(GOCMD) install github.com/golang/mock/gomock@v1.6.0 + $(GOCMD) install go.uber.org/mock/mockgen@v0.4.0 clean-mock: @find . -name "*_mock.go" -delete From e3e504936d1dd5038244eb14129e44096f268b00 Mon Sep 17 00:00:00 2001 From: osaidw Date: Mon, 5 Aug 2024 17:19:32 +0300 Subject: [PATCH 12/16] Evidence CLI - update fields names --- Makefile | 1 + 1 file changed, 1 insertion(+) diff --git a/Makefile b/Makefile index 5878ed4..4671828 100644 --- a/Makefile +++ b/Makefile @@ -11,6 +11,7 @@ export PROJECT_DIR = $(CURDIR) prereq: $(GOCMD) install go.uber.org/mock/mockgen@v0.4.0 + clean-mock: @find . -name "*_mock.go" -delete From b83432dcd73f42a076f385a8ca79af54b629d63b Mon Sep 17 00:00:00 2001 From: osaidw Date: Tue, 6 Aug 2024 12:56:16 +0300 Subject: [PATCH 13/16] Evidence CLI - Refactor code. --- evidence/cli/command_cli.go | 38 ++++++++++++++++++------------------- evidence/cli/flags.go | 3 +-- 2 files changed, 20 insertions(+), 21 deletions(-) diff --git a/evidence/cli/command_cli.go b/evidence/cli/command_cli.go index d4a3472..5a550db 100644 --- a/evidence/cli/command_cli.go +++ b/evidence/cli/command_cli.go @@ -28,15 +28,15 @@ func GetCommands() []components.Command { var execFunc = commands.Exec -func createEvidence(c *components.Context) error { - if err := validateCreateEvidenceCommonContext(c); err != nil { +func createEvidence(ctx *components.Context) error { + if err := validateCreateEvidenceCommonContext(ctx); err != nil { return err } - subject, err := getAndValidateSubject(c) + subject, err := getAndValidateSubject(ctx) if err != nil { return err } - serverDetails, err := evidenceDetailsByFlags(c) + serverDetails, err := evidenceDetailsByFlags(ctx) if err != nil { return err } @@ -44,43 +44,43 @@ func createEvidence(c *components.Context) error { var command EvidenceCommands switch subject { case subjectRepoPath: - command = NewEvidenceCustomCommand(c, execFunc) + command = NewEvidenceCustomCommand(ctx, execFunc) case releaseBundle: - command = NewEvidenceReleaseBundleCommand(c, execFunc) + command = NewEvidenceReleaseBundleCommand(ctx, execFunc) case buildName: - command = NewEvidenceBuildCommand(c, execFunc) + command = NewEvidenceBuildCommand(ctx, execFunc) default: return errors.New("unsupported subject") } - return command.CreateEvidence(c, serverDetails) + return command.CreateEvidence(ctx, serverDetails) } -func validateCreateEvidenceCommonContext(c *components.Context) error { - if show, err := pluginsCommon.ShowCmdHelpIfNeeded(c, c.Arguments); show || err != nil { +func validateCreateEvidenceCommonContext(ctx *components.Context) error { + if show, err := pluginsCommon.ShowCmdHelpIfNeeded(ctx, ctx.Arguments); show || err != nil { return err } - if len(c.Arguments) > 1 { - return pluginsCommon.WrongNumberOfArgumentsHandler(c) + if len(ctx.Arguments) > 1 { + return pluginsCommon.WrongNumberOfArgumentsHandler(ctx) } - if !c.IsFlagSet(predicate) || assertValueProvided(c, predicate) != nil { + if !ctx.IsFlagSet(predicate) || assertValueProvided(ctx, predicate) != nil { return errorutils.CheckErrorf("'predicate' is a mandatory field for creating evidence: --%s", predicate) } - if !c.IsFlagSet(predicateType) || assertValueProvided(c, predicateType) != nil { + if !ctx.IsFlagSet(predicateType) || assertValueProvided(ctx, predicateType) != nil { return errorutils.CheckErrorf("'predicate-type' is a mandatory field for creating evidence: --%s", predicateType) } - if !c.IsFlagSet(key) || assertValueProvided(c, key) != nil { + if !ctx.IsFlagSet(key) || assertValueProvided(ctx, key) != nil { return errorutils.CheckErrorf("'key' is a mandatory field for creating evidence: --%s", key) } return nil } -func getAndValidateSubject(c *components.Context) (string, error) { +func getAndValidateSubject(ctx *components.Context) (string, error) { var foundSubjects []string for _, key := range subjectTypes { - if c.GetStringFlagValue(key) != "" { + if ctx.GetStringFlagValue(key) != "" { foundSubjects = append(foundSubjects, key) } } @@ -94,8 +94,8 @@ func getAndValidateSubject(c *components.Context) (string, error) { return foundSubjects[0], nil } -func evidenceDetailsByFlags(c *components.Context) (*coreConfig.ServerDetails, error) { - serverDetails, err := pluginsCommon.CreateServerDetailsWithConfigOffer(c, true, commonCliUtils.Platform) +func evidenceDetailsByFlags(ctx *components.Context) (*coreConfig.ServerDetails, error) { + serverDetails, err := pluginsCommon.CreateServerDetailsWithConfigOffer(ctx, true, commonCliUtils.Platform) if err != nil { return nil, err } diff --git a/evidence/cli/flags.go b/evidence/cli/flags.go index 5bcbfaa..cc4c6d5 100644 --- a/evidence/cli/flags.go +++ b/evidence/cli/flags.go @@ -26,7 +26,6 @@ const ( buildNumber = "build-number" // Unique evidence flags - evidencePrefix = "evd-" predicate = "predicate" predicateType = "predicate-type" subjectRepoPath = "subject-repo-path" @@ -53,7 +52,7 @@ var flagsMap = map[string]components.Flag{ predicate: components.NewStringFlag(predicate, "Path to the predicate, arbitrary JSON.", func(f *components.StringFlag) { f.Mandatory = true }), predicateType: components.NewStringFlag(predicateType, "Type of the predicate.", func(f *components.StringFlag) { f.Mandatory = true }), subjectRepoPath: components.NewStringFlag(subjectRepoPath, "Full path to some subject' location.", func(f *components.StringFlag) { f.Mandatory = false }), - subjectSha256: components.NewStringFlag(subjectSha256, "subject checksum sha256.", func(f *components.StringFlag) { f.Mandatory = false }), + subjectSha256: components.NewStringFlag(subjectSha256, "Subject checksum sha256.", func(f *components.StringFlag) { f.Mandatory = false }), key: components.NewStringFlag(key, "Path to a private key that will sign the DSSE. Supported keys: 'ecdsa','rsa' and 'ed25519'.", func(f *components.StringFlag) { f.Mandatory = true }), keyId: components.NewStringFlag(keyId, "KeyId", func(f *components.StringFlag) { f.Mandatory = false }), } From 7ada34a2d3a024d0eb962fe8e444268065a5c6db Mon Sep 17 00:00:00 2001 From: osaidw Date: Tue, 6 Aug 2024 14:46:10 +0300 Subject: [PATCH 14/16] Evidence CLI - Update dependencies version. --- evidence/cli/command_cli_test.go | 2 +- go.mod | 16 +++++------ go.sum | 47 ++++++++++++-------------------- 3 files changed, 27 insertions(+), 38 deletions(-) diff --git a/evidence/cli/command_cli_test.go b/evidence/cli/command_cli_test.go index e12e93a..fba9e8c 100644 --- a/evidence/cli/command_cli_test.go +++ b/evidence/cli/command_cli_test.go @@ -2,11 +2,11 @@ package cli import ( "flag" - "github.com/golang/mock/gomock" "github.com/jfrog/jfrog-cli-core/v2/common/commands" "github.com/jfrog/jfrog-cli-core/v2/plugins/components" "github.com/stretchr/testify/assert" "github.com/urfave/cli" + "go.uber.org/mock/gomock" "testing" ) diff --git a/go.mod b/go.mod index f21f4ce..52e7d8d 100644 --- a/go.mod +++ b/go.mod @@ -3,21 +3,21 @@ module github.com/jfrog/jfrog-cli-artifactory go 1.22.3 require ( - github.com/golang/mock v1.6.0 - github.com/jfrog/build-info-go v1.9.29 - github.com/jfrog/gofrog v1.7.4 - github.com/jfrog/jfrog-cli-core/v2 v2.53.3 - github.com/jfrog/jfrog-client-go v1.42.0 + github.com/jfrog/build-info-go v1.9.32 + github.com/jfrog/gofrog v1.7.5 + github.com/jfrog/jfrog-cli-core/v2 v2.54.1 + github.com/jfrog/jfrog-client-go v1.43.2 github.com/pkg/errors v0.9.1 github.com/secure-systems-lab/go-securesystemslib v0.8.0 github.com/stretchr/testify v1.9.0 github.com/urfave/cli v1.22.15 + go.uber.org/mock v0.4.0 ) require ( dario.cat/mergo v1.0.0 // indirect - github.com/BurntSushi/toml v1.3.2 // indirect - github.com/CycloneDX/cyclonedx-go v0.8.0 // indirect + github.com/BurntSushi/toml v1.4.0 // indirect + github.com/CycloneDX/cyclonedx-go v0.9.0 // indirect github.com/Microsoft/go-winio v0.6.1 // indirect github.com/ProtonMail/go-crypto v1.0.0 // indirect github.com/andybalholm/brotli v1.1.0 // indirect @@ -82,7 +82,7 @@ require ( go.uber.org/atomic v1.9.0 // indirect go.uber.org/multierr v1.9.0 // indirect golang.org/x/crypto v0.25.0 // indirect - golang.org/x/exp v0.0.0-20240707233637-46b078467d37 // indirect + golang.org/x/exp v0.0.0-20240719175910-8a7402abbf56 // indirect golang.org/x/mod v0.19.0 // indirect golang.org/x/net v0.27.0 // indirect golang.org/x/sync v0.7.0 // indirect diff --git a/go.sum b/go.sum index 03ca569..648b15e 100644 --- a/go.sum +++ b/go.sum @@ -1,9 +1,10 @@ dario.cat/mergo v1.0.0 h1:AGCNq9Evsj31mOgNPcLyXc+4PNABt905YmuqPYYpBWk= dario.cat/mergo v1.0.0/go.mod h1:uNxQE+84aUszobStD9th8a29P2fMDhsBdgRYvZOxGmk= -github.com/BurntSushi/toml v1.3.2 h1:o7IhLm0Msx3BaB+n3Ag7L8EVlByGnpq14C4YWiu/gL8= github.com/BurntSushi/toml v1.3.2/go.mod h1:CxXYINrC8qIiEnFrOxCa7Jy5BFHlXnUU2pbicEuybxQ= -github.com/CycloneDX/cyclonedx-go v0.8.0 h1:FyWVj6x6hoJrui5uRQdYZcSievw3Z32Z88uYzG/0D6M= -github.com/CycloneDX/cyclonedx-go v0.8.0/go.mod h1:K2bA+324+Og0X84fA8HhN2X066K7Bxz4rpMQ4ZhjtSk= +github.com/BurntSushi/toml v1.4.0 h1:kuoIxZQy2WRRk1pttg9asf+WVv6tWQuBNVmK8+nqPr0= +github.com/BurntSushi/toml v1.4.0/go.mod h1:ukJfTF/6rtPPRCnwkur4qwRxa8vTRFBF0uk2lLoLwho= +github.com/CycloneDX/cyclonedx-go v0.9.0 h1:inaif7qD8bivyxp7XLgxUYtOXWtDez7+j72qKTMQTb8= +github.com/CycloneDX/cyclonedx-go v0.9.0/go.mod h1:NE/EWvzELOFlG6+ljX/QeMlVt9VKcTwu8u0ccsACEsw= github.com/Microsoft/go-winio v0.5.2/go.mod h1:WpS1mjBmmwHBEWmogvA2mj8546UReBk4v8QkMxJ6pZY= github.com/Microsoft/go-winio v0.6.1 h1:9/kr64B9VUZrLm5YYwbGtUJnMgqWVOdUAXu6Migciow= github.com/Microsoft/go-winio v0.6.1/go.mod h1:LRdKpFKfdobln8UmuiYcKPot9D2v6svN5+sAH+4kjUM= @@ -73,8 +74,6 @@ github.com/golang-jwt/jwt/v4 v4.5.0 h1:7cYmW1XlMY7h7ii7UhUyChSgS5wUJEnm9uZVTGqOW github.com/golang-jwt/jwt/v4 v4.5.0/go.mod h1:m21LjoU+eqJr34lmDMbreY2eSTRJ1cv77w39/MY0Ch0= github.com/golang/groupcache v0.0.0-20210331224755-41bb18bfe9da h1:oI5xCqsCo564l8iNU+DwB5epxmsaqB+rhGL0m5jtYqE= github.com/golang/groupcache v0.0.0-20210331224755-41bb18bfe9da/go.mod h1:cIg4eruTrX1D+g88fzRXU5OdNfaM+9IcxsU14FzY7Hc= -github.com/golang/mock v1.6.0 h1:ErTB+efbowRARo13NNdxyJji2egdxLGQhRaY+DUumQc= -github.com/golang/mock v1.6.0/go.mod h1:p6yTPP+5HYm5mzsMV8JkE6ZKdX+/wYM6Hr+LicevLPs= github.com/golang/snappy v0.0.4 h1:yAGX7huGHXlcLOEtBnF4w7FQwA26wojNCwOYAEhLjQM= github.com/golang/snappy v0.0.4/go.mod h1:/XxbfmMg8lxefKM7IXC3fBNl/7bRcc72aCRzEWrmP2Q= github.com/google/go-cmp v0.6.0 h1:ofyhxvXcZhMsU5ulbFiLKl/XBFqE1GSq7atu8tAmTRI= @@ -91,14 +90,14 @@ github.com/jedib0t/go-pretty/v6 v6.5.9 h1:ACteMBRrrmm1gMsXe9PSTOClQ63IXDUt03H5U+ github.com/jedib0t/go-pretty/v6 v6.5.9/go.mod h1:zbn98qrYlh95FIhwwsbIip0LYpwSG8SUOScs+v9/t0E= github.com/jfrog/archiver/v3 v3.6.1 h1:LOxnkw9pOn45DzCbZNFV6K0+6dCsQ0L8mR3ZcujO5eI= github.com/jfrog/archiver/v3 v3.6.1/go.mod h1:VgR+3WZS4N+i9FaDwLZbq+jeU4B4zctXL+gL4EMzfLw= -github.com/jfrog/build-info-go v1.9.29 h1:3vJ+kbk9PpU6wjisXi9c4qISNpYkISh/NmB5mq1ZlSY= -github.com/jfrog/build-info-go v1.9.29/go.mod h1:AzFJlN/yKfKuKcSBaGy5nNmKN1xzx6+XcRWAswCTLTA= -github.com/jfrog/gofrog v1.7.4 h1:on4AeWef5LJUhGCigSjTS4Ez3n9l8+NiZlXH6UYp05c= -github.com/jfrog/gofrog v1.7.4/go.mod h1:jyGiCgiqSSR7k86hcUSu67XVvmvkkgWTmPsH25wI298= -github.com/jfrog/jfrog-cli-core/v2 v2.53.3 h1:b5B+6epeSFE8lvQh/8xPcEl43JZUsiN8ybWBuKbW65k= -github.com/jfrog/jfrog-cli-core/v2 v2.53.3/go.mod h1:PiBf1/9I1BeyGA2jxwOaQEOtxebIIMhAJSN94JeT5e4= -github.com/jfrog/jfrog-client-go v1.42.0 h1:Wk9I8pewpHwoHsE9gebT8kL4M/XXTyPaf6eZhKvVoJA= -github.com/jfrog/jfrog-client-go v1.42.0/go.mod h1:Rc/g21FUWUzIp7YFUjo9n93jvELhwTNoT2fsiW5KQ1o= +github.com/jfrog/build-info-go v1.9.32 h1:PKXAMe84sMdob6eBtwwGz47Fz2cmjMwMPoHW8xuk08Q= +github.com/jfrog/build-info-go v1.9.32/go.mod h1:JTGnENexG1jRhKWCkQtZuDb0PerlzlSzF5OmMLG9kfc= +github.com/jfrog/gofrog v1.7.5 h1:dFgtEDefJdlq9cqTRoe09RLxS5Bxbe1Ev5+E6SmZHcg= +github.com/jfrog/gofrog v1.7.5/go.mod h1:jyGiCgiqSSR7k86hcUSu67XVvmvkkgWTmPsH25wI298= +github.com/jfrog/jfrog-cli-core/v2 v2.54.1 h1:oNIsqUVJ/P17qEcHgj9/c1nfO23stqqj1sHB7ldFNmQ= +github.com/jfrog/jfrog-cli-core/v2 v2.54.1/go.mod h1:o8Ux0XiXWayxBXbtkMd5Vbs2YJZZDNiS9jtN6yQ4Ur8= +github.com/jfrog/jfrog-client-go v1.43.2 h1:NLSTTSFUkrNiSYs8rpRW7/sd6gDTPOi/eMVkGEarXq0= +github.com/jfrog/jfrog-client-go v1.43.2/go.mod h1:JUevXnjHbGL0MIIPs48L/axJMW/q4ioWMR1e1NuVn8w= github.com/kevinburke/ssh_config v1.2.0 h1:x584FjTGwHzMwvHx18PXxbBVzfnxogHaAReU4gf13a4= github.com/kevinburke/ssh_config v1.2.0/go.mod h1:CT57kijsi8u/K/BOFA39wgDQJ9CxiF4nAY/ojJ6r6mM= github.com/klauspost/compress v1.4.1/go.mod h1:RyIbtBH6LamlWaDj8nUwkbUhJ87Yi3uG0guNDohfE1A= @@ -208,8 +207,8 @@ github.com/ulikunitz/xz v0.5.12 h1:37Nm15o69RwBkXM0J6A5OlE67RZTfzUxTj8fB3dfcsc= github.com/ulikunitz/xz v0.5.12/go.mod h1:nbz6k7qbPmH4IRqmfOplQw/tblSgqTqBwxkY0oWt/14= github.com/urfave/cli v1.22.15 h1:nuqt+pdC/KqswQKhETJjo7pvn/k4xMUxgW6liI7XpnM= github.com/urfave/cli v1.22.15/go.mod h1:wSan1hmo5zeyLGBjRJbzRTNk8gwoYa2B9n4q9dmRIc0= -github.com/vbauerster/mpb/v7 v7.5.3 h1:BkGfmb6nMrrBQDFECR/Q7RkKCw7ylMetCb4079CGs4w= -github.com/vbauerster/mpb/v7 v7.5.3/go.mod h1:i+h4QY6lmLvBNK2ah1fSreiw3ajskRlBp9AhY/PnuOE= +github.com/vbauerster/mpb/v8 v8.7.4 h1:p4f16iMfUt3PkAC73SCzAtgtSf8TYDqEbJUT3odPrPo= +github.com/vbauerster/mpb/v8 v8.7.4/go.mod h1:r1B5k2Ljj5KJFCekfihbiqyV4VaaRTANYmvWA2btufI= github.com/xanzy/ssh-agent v0.3.3 h1:+/15pJfg/RsTxqYcX6fHqOXZwwMP+2VyYWJeWM2qQFM= github.com/xanzy/ssh-agent v0.3.3/go.mod h1:6dzNDKs0J9rVPHPhaGCukekBHKqfl+L3KghI1Bc68Uw= github.com/xeipuuv/gojsonpointer v0.0.0-20180127040702-4e3ac2762d5f h1:J9EGpcZtP0E/raorCMxlFGSTBrsSlaDGf3jU/qvAE2c= @@ -222,31 +221,28 @@ github.com/xi2/xz v0.0.0-20171230120015-48954b6210f8 h1:nIPpBwaJSVYIxUFsDv3M8ofm github.com/xi2/xz v0.0.0-20171230120015-48954b6210f8/go.mod h1:HUYIGzjTL3rfEspMxjDjgmT5uz5wzYJKVo23qUhYTos= github.com/xo/terminfo v0.0.0-20210125001918-ca9a967f8778 h1:QldyIu/L63oPpyvQmHgvgickp1Yw510KJOqX7H24mg8= github.com/xo/terminfo v0.0.0-20210125001918-ca9a967f8778/go.mod h1:2MuV+tbUrU1zIOPMxZ5EncGwgmMJsa+9ucAQZXxsObs= -github.com/yuin/goldmark v1.3.5/go.mod h1:mwnBkeHKe2W/ZEtQ+71ViKU8L12m81fl3OWwC1Zlc8k= github.com/yuin/goldmark v1.4.13/go.mod h1:6yULJ656Px+3vBD8DxQVa3kxgyrAnzto9xy5taEt/CY= go.uber.org/atomic v1.9.0 h1:ECmE8Bn/WFTYwEW/bpKD3M8VtR/zQVbavAoalC1PYyE= go.uber.org/atomic v1.9.0/go.mod h1:fEN4uk6kAWBTFdckzkM89CLk9XfWZrxpCo0nPH17wJc= +go.uber.org/mock v0.4.0 h1:VcM4ZOtdbR4f6VXfiOpwpVJDL6lCReaZ6mw31wqh7KU= +go.uber.org/mock v0.4.0/go.mod h1:a6FSlNadKUHUa9IP5Vyt1zh4fC7uAwxMutEAscFbkZc= go.uber.org/multierr v1.9.0 h1:7fIwc/ZtS0q++VgcfqFDxSBZVv/Xo49/SYnDFupUwlI= go.uber.org/multierr v1.9.0/go.mod h1:X2jQV1h+kxSjClGpnseKVIxpmcjrj7MNnI0bnlfKTVQ= golang.org/x/crypto v0.0.0-20190308221718-c2843e01d9a2/go.mod h1:djNgcEr1/C05ACkg1iLfiJU5Ep61QUkGW8qpdssI0+w= -golang.org/x/crypto v0.0.0-20191011191535-87dc89f01550/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI= golang.org/x/crypto v0.0.0-20210921155107-089bfa567519/go.mod h1:GvvjBRRGRdwPK5ydBHafDWAxML/pGHZbMvKqRZ5+Abc= golang.org/x/crypto v0.0.0-20220622213112-05595931fe9d/go.mod h1:IxCIyHEi3zRg3s0A5j5BB6A9Jmi73HwBIUl50j+osU4= golang.org/x/crypto v0.3.1-0.20221117191849-2c476679df9a/go.mod h1:hebNnKkNXi2UzZN1eVRvBB7co0a+JxK6XbPiWVs/3J4= golang.org/x/crypto v0.7.0/go.mod h1:pYwdfH91IfpZVANVyUOhSIPZaFoJGxTFbZhFTx+dXZU= golang.org/x/crypto v0.25.0 h1:ypSNr+bnYL2YhwoMt2zPxHFmbAN1KZs/njMG3hxUp30= golang.org/x/crypto v0.25.0/go.mod h1:T+wALwcMOSE0kXgUAnPAHqTLW+XHgcELELW8VaDgm/M= -golang.org/x/exp v0.0.0-20240707233637-46b078467d37 h1:uLDX+AfeFCct3a2C7uIWBKMJIR3CJMhcgfrUAqjRK6w= -golang.org/x/exp v0.0.0-20240707233637-46b078467d37/go.mod h1:M4RDyNAINzryxdtnbRXRL/OHtkFuWGRjvuhBJpk2IlY= -golang.org/x/mod v0.4.2/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA= +golang.org/x/exp v0.0.0-20240719175910-8a7402abbf56 h1:2dVuKD2vS7b0QIHQbpyTISPd0LeHDbnYEryqj5Q1ug8= +golang.org/x/exp v0.0.0-20240719175910-8a7402abbf56/go.mod h1:M4RDyNAINzryxdtnbRXRL/OHtkFuWGRjvuhBJpk2IlY= golang.org/x/mod v0.6.0-dev.0.20220419223038-86c51ed26bb4/go.mod h1:jJ57K6gSWd91VN4djpZkiMVwK6gcyfeH4XE8wZrZaV4= golang.org/x/mod v0.8.0/go.mod h1:iBbtSCu2XBx23ZKBPSOrRkjjQPZFPuis4dIYUhu/chs= golang.org/x/mod v0.19.0 h1:fEdghXQSo20giMthA7cd28ZC+jts4amQ3YMXiP5oMQ8= golang.org/x/mod v0.19.0/go.mod h1:hTbmBsO62+eylJbnUtE2MGJUyE7QWk4xUqPFrRgJ+7c= -golang.org/x/net v0.0.0-20190404232315-eb5bcb51f2a3/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg= golang.org/x/net v0.0.0-20190620200207-3b0461eec859/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= golang.org/x/net v0.0.0-20210226172049-e18ecbb05110/go.mod h1:m0MpNAwzfU5UDzcl9v0D8zg8gWTRqZa9RBIspLL5mdg= -golang.org/x/net v0.0.0-20210405180319-a5a99cb37ef4/go.mod h1:p54w0d4576C0XHj96bSt6lcn1PtDYWL6XObtHCRCNQM= golang.org/x/net v0.0.0-20211112202133-69e39bad7dc2/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y= golang.org/x/net v0.0.0-20220722155237-a158d28d115b/go.mod h1:XRhObCWvk6IyKnWLug+ECip1KBveYUHfp+8e9klMJ9c= golang.org/x/net v0.2.0/go.mod h1:KqCZLdyyvdV855qA2rE3GC2aiw5xGR5TEjj8smXukLY= @@ -256,7 +252,6 @@ golang.org/x/net v0.27.0 h1:5K3Njcw06/l2y9vpGCSdcxWOYHOUk3dVNGDXN+FvAys= golang.org/x/net v0.27.0/go.mod h1:dDi0PyhWNoiUOrAS8uXv/vnScO4wnHQO4mj9fn/RytE= golang.org/x/sync v0.0.0-20190423024810-112230192c58/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sync v0.0.0-20190911185100-cd5d95a43a6e/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= -golang.org/x/sync v0.0.0-20210220032951-036812b2e83c/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sync v0.0.0-20220722155255-886fb9371eb4/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sync v0.1.0/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sync v0.7.0 h1:YsImfSBoP9QPYL0xyKJPq0gcaJdG3rInoqxTWbfQu9M= @@ -264,7 +259,6 @@ golang.org/x/sync v0.7.0/go.mod h1:Czt+wKu1gCyEFDUtn0jG5QVvpJ6rzVqr5aXyt9drQfk= golang.org/x/sys v0.0.0-20181122145206-62eef0e2fa9b/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= golang.org/x/sys v0.0.0-20190215142949-d0b11bdaac8a/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= golang.org/x/sys v0.0.0-20190222072716-a9d3bda3a223/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= -golang.org/x/sys v0.0.0-20190412213103-97732733099d/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20191008105621-543471e840be/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20191026070338-33540a1f6037/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20191120155948-bd437916bb0e/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= @@ -274,9 +268,7 @@ golang.org/x/sys v0.0.0-20200909081042-eff7692f9009/go.mod h1:h1NjWce9XRLGQEsW7w golang.org/x/sys v0.0.0-20200918174421-af09f7315aff/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20201119102817-f84b799fce68/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20210124154548-22da62e12c0c/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/sys v0.0.0-20210330210617-4fbd30eecc44/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20210423082822-04245dca01da/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/sys v0.0.0-20210510120138-977fb7262007/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.0.0-20210615035016-665e8c7367d1/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.0.0-20220310020820-b874c991c1a5/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.0.0-20220520151302-bc2c85ada10a/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= @@ -309,14 +301,11 @@ golang.org/x/text v0.16.0 h1:a94ExnEXNtEwYLGJSIUxnWoxoRz/ZcCsV63ROupILh4= golang.org/x/text v0.16.0/go.mod h1:GhwF1Be+LQoKShO3cGOHzqOgRrGaYc9AvblQOmPVHnI= golang.org/x/tools v0.0.0-20180917221912-90fa682c2a6e/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ= golang.org/x/tools v0.0.0-20191119224855-298f0cb1881e/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo= -golang.org/x/tools v0.1.1/go.mod h1:o0xws9oXOQQZyjljx8fwUC0k7L1pTE6eaCbjGeHmOkk= golang.org/x/tools v0.1.12/go.mod h1:hNGJHUnrk76NpqgfD5Aqm5Crs+Hm0VOH/i9J2+nxYbc= golang.org/x/tools v0.6.0/go.mod h1:Xwgl3UAJ/d3gWutnCtw505GrjyAbvKui8lOU390QaIU= golang.org/x/tools v0.23.0 h1:SGsXPZ+2l4JsgaCKkx+FQ9YZ5XEtA1GZYuoDjenLjvg= golang.org/x/tools v0.23.0/go.mod h1:pnu6ufv6vQkll6szChhK3C3L/ruaIv5eBeztNG8wtsI= golang.org/x/xerrors v0.0.0-20190717185122-a985d3407aa7/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= -golang.org/x/xerrors v0.0.0-20191011141410-1b5146add898/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= -golang.org/x/xerrors v0.0.0-20200804184101-5ec99f83aff1/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0= gopkg.in/check.v1 v1.0.0-20190902080502-41f04d3bba15/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0= gopkg.in/check.v1 v1.0.0-20201130134442-10cb98267c6c h1:Hei/4ADfdWqJk1ZMxUNpqntNwaWcugrBjAiHlqqRiVk= From 00e589c65c206b19f1c17a9f89a23cb87fa4ece8 Mon Sep 17 00:00:00 2001 From: osaidw Date: Sun, 11 Aug 2024 18:26:15 +0300 Subject: [PATCH 15/16] Evidence CLI - Create package evidence. --- evidence/cli/command_build.go | 2 +- evidence/cli/command_cli.go | 3 + evidence/cli/command_cli_test.go | 37 +++++++ evidence/cli/command_custom.go | 2 +- evidence/cli/command_package.go | 48 +++++++++ evidence/cli/command_relesae_bundle.go | 2 +- evidence/cli/flags.go | 15 ++- evidence/cli/utils.go | 1 + evidence/create_base.go | 9 ++ evidence/create_package.go | 129 +++++++++++++++++++++++++ evidence/create_package_test.go | 75 ++++++++++++++ evidence/create_release_bundle.go | 11 +-- evidence/model/graphql.go | 26 +++++ go.mod | 26 ++--- go.sum | 52 +++++----- 15 files changed, 385 insertions(+), 53 deletions(-) create mode 100644 evidence/cli/command_package.go create mode 100644 evidence/create_package.go create mode 100644 evidence/create_package_test.go create mode 100644 evidence/model/graphql.go diff --git a/evidence/cli/command_build.go b/evidence/cli/command_build.go index 226968c..72e65a9 100644 --- a/evidence/cli/command_build.go +++ b/evidence/cli/command_build.go @@ -30,7 +30,7 @@ func (ebc *evidenceBuildCommand) CreateEvidence(ctx *components.Context, serverD ebc.ctx.GetStringFlagValue(predicate), ebc.ctx.GetStringFlagValue(predicateType), ebc.ctx.GetStringFlagValue(key), - ebc.ctx.GetStringFlagValue(keyId), + ebc.ctx.GetStringFlagValue(KeyAlias), ebc.ctx.GetStringFlagValue(project), ebc.ctx.GetStringFlagValue(buildName), ebc.ctx.GetStringFlagValue(buildNumber)) diff --git a/evidence/cli/command_cli.go b/evidence/cli/command_cli.go index 5a550db..b7e9343 100644 --- a/evidence/cli/command_cli.go +++ b/evidence/cli/command_cli.go @@ -49,6 +49,8 @@ func createEvidence(ctx *components.Context) error { command = NewEvidenceReleaseBundleCommand(ctx, execFunc) case buildName: command = NewEvidenceBuildCommand(ctx, execFunc) + case packageName: + command = NewEvidencePackageCommand(ctx, execFunc) default: return errors.New("unsupported subject") } @@ -109,6 +111,7 @@ func evidenceDetailsByFlags(ctx *components.Context) (*coreConfig.ServerDetails, func platformToEvidenceUrls(rtDetails *coreConfig.ServerDetails) { rtDetails.ArtifactoryUrl = utils.AddTrailingSlashIfNeeded(rtDetails.Url) + "artifactory/" rtDetails.EvidenceUrl = utils.AddTrailingSlashIfNeeded(rtDetails.Url) + "evidence/" + rtDetails.MetadataUrl = utils.AddTrailingSlashIfNeeded(rtDetails.Url) + "metadata/" } func assertValueProvided(c *components.Context, fieldName string) error { diff --git a/evidence/cli/command_cli_test.go b/evidence/cli/command_cli_test.go index fba9e8c..fe4d83e 100644 --- a/evidence/cli/command_cli_test.go +++ b/evidence/cli/command_cli_test.go @@ -93,6 +93,43 @@ func TestCreateEvidence_Context(t *testing.T) { }, expectErr: false, }, + { + name: "ValidContext - Package", + flags: []components.Flag{ + setDefaultValue(predicate, predicate), + setDefaultValue(predicateType, "InToto"), + setDefaultValue(key, "PGP"), + setDefaultValue(packageName, packageName), + setDefaultValue(packageVersion, packageVersion), + setDefaultValue(packageRepoName, packageRepoName), + setDefaultValue("url", "url"), + }, + expectErr: false, + }, + { + name: "InvalidContext - Missing package version", + flags: []components.Flag{ + setDefaultValue(predicate, predicate), + setDefaultValue(predicateType, "InToto"), + setDefaultValue(key, "PGP"), + setDefaultValue(packageName, packageName), + setDefaultValue(packageRepoName, packageRepoName), + setDefaultValue("url", "url"), + }, + expectErr: true, + }, + { + name: "InvalidContext - Missing package repository key", + flags: []components.Flag{ + setDefaultValue(predicate, predicate), + setDefaultValue(predicateType, "InToto"), + setDefaultValue(key, "PGP"), + setDefaultValue(packageName, packageName), + setDefaultValue(packageVersion, packageVersion), + setDefaultValue("url", "url"), + }, + expectErr: true, + }, } for _, tt := range tests { diff --git a/evidence/cli/command_custom.go b/evidence/cli/command_custom.go index 914557a..197ded7 100644 --- a/evidence/cli/command_custom.go +++ b/evidence/cli/command_custom.go @@ -23,7 +23,7 @@ func (ecc *evidenceCustomCommand) CreateEvidence(_ *components.Context, serverDe ecc.ctx.GetStringFlagValue(predicate), ecc.ctx.GetStringFlagValue(predicateType), ecc.ctx.GetStringFlagValue(key), - ecc.ctx.GetStringFlagValue(keyId), + ecc.ctx.GetStringFlagValue(KeyAlias), ecc.ctx.GetStringFlagValue(subjectRepoPath), ecc.ctx.GetStringFlagValue(subjectSha256)) return ecc.execute(createCmd) diff --git a/evidence/cli/command_package.go b/evidence/cli/command_package.go new file mode 100644 index 0000000..4d2c2a7 --- /dev/null +++ b/evidence/cli/command_package.go @@ -0,0 +1,48 @@ +package cli + +import ( + "github.com/jfrog/jfrog-cli-artifactory/evidence" + "github.com/jfrog/jfrog-cli-core/v2/plugins/components" + coreConfig "github.com/jfrog/jfrog-cli-core/v2/utils/config" + "github.com/jfrog/jfrog-client-go/utils/errorutils" +) + +type evidencePackageCommand struct { + ctx *components.Context + execute execCommandFunc +} + +func NewEvidencePackageCommand(ctx *components.Context, execute execCommandFunc) EvidenceCommands { + return &evidencePackageCommand{ + ctx: ctx, + execute: execute, + } +} + +func (epc *evidencePackageCommand) CreateEvidence(ctx *components.Context, serverDetails *coreConfig.ServerDetails) error { + err := epc.validateEvidencePackageContext(ctx) + if err != nil { + return err + } + + createCmd := evidence.NewCreateEvidencePackage( + serverDetails, + epc.ctx.GetStringFlagValue(predicate), + epc.ctx.GetStringFlagValue(predicateType), + epc.ctx.GetStringFlagValue(key), + epc.ctx.GetStringFlagValue(KeyAlias), + epc.ctx.GetStringFlagValue(packageName), + epc.ctx.GetStringFlagValue(packageVersion), + epc.ctx.GetStringFlagValue(packageRepoName)) + return epc.execute(createCmd) +} + +func (epc *evidencePackageCommand) validateEvidencePackageContext(ctx *components.Context) error { + if !ctx.IsFlagSet(packageVersion) || assertValueProvided(ctx, packageVersion) != nil { + return errorutils.CheckErrorf("'packageVersion' is a mandatory field for creating a Package evidence: --%s", packageVersion) + } + if !ctx.IsFlagSet(packageRepoName) || assertValueProvided(ctx, packageRepoName) != nil { + return errorutils.CheckErrorf("'packageRepoName' is a mandatory field for creating a Package evidence: --%s", packageRepoName) + } + return nil +} diff --git a/evidence/cli/command_relesae_bundle.go b/evidence/cli/command_relesae_bundle.go index 08fde8c..a44c39f 100644 --- a/evidence/cli/command_relesae_bundle.go +++ b/evidence/cli/command_relesae_bundle.go @@ -30,7 +30,7 @@ func (erc *evidenceReleaseBundleCommand) CreateEvidence(ctx *components.Context, erc.ctx.GetStringFlagValue(predicate), erc.ctx.GetStringFlagValue(predicateType), erc.ctx.GetStringFlagValue(key), - erc.ctx.GetStringFlagValue(keyId), + erc.ctx.GetStringFlagValue(KeyAlias), erc.ctx.GetStringFlagValue(project), erc.ctx.GetStringFlagValue(releaseBundle), erc.ctx.GetStringFlagValue(releaseBundleVersion)) diff --git a/evidence/cli/flags.go b/evidence/cli/flags.go index cc4c6d5..82fb989 100644 --- a/evidence/cli/flags.go +++ b/evidence/cli/flags.go @@ -24,6 +24,9 @@ const ( releaseBundleVersion = "release-bundle-version" buildName = "build-name" buildNumber = "build-number" + packageName = "package-name" + packageVersion = "package-version" + packageRepoName = "package-repo-name" // Unique evidence flags predicate = "predicate" @@ -31,7 +34,7 @@ const ( subjectRepoPath = "subject-repo-path" subjectSha256 = "subject-sha256" key = "key" - keyId = "key-name" + KeyAlias = "key-alias" ) // Flag keys mapped to their corresponding components.Flag definition. @@ -48,13 +51,16 @@ var flagsMap = map[string]components.Flag{ releaseBundleVersion: components.NewStringFlag(releaseBundleVersion, "Release Bundle version.", func(f *components.StringFlag) { f.Mandatory = false }), buildName: components.NewStringFlag(buildName, "Build name.", func(f *components.StringFlag) { f.Mandatory = false }), buildNumber: components.NewStringFlag(buildNumber, "Build number.", func(f *components.StringFlag) { f.Mandatory = false }), + packageName: components.NewStringFlag(packageName, "Package name.", func(f *components.StringFlag) { f.Mandatory = false }), + packageVersion: components.NewStringFlag(packageVersion, "Package version.", func(f *components.StringFlag) { f.Mandatory = false }), + packageRepoName: components.NewStringFlag(packageRepoName, "Package repository Name.", func(f *components.StringFlag) { f.Mandatory = false }), predicate: components.NewStringFlag(predicate, "Path to the predicate, arbitrary JSON.", func(f *components.StringFlag) { f.Mandatory = true }), predicateType: components.NewStringFlag(predicateType, "Type of the predicate.", func(f *components.StringFlag) { f.Mandatory = true }), subjectRepoPath: components.NewStringFlag(subjectRepoPath, "Full path to some subject' location.", func(f *components.StringFlag) { f.Mandatory = false }), subjectSha256: components.NewStringFlag(subjectSha256, "Subject checksum sha256.", func(f *components.StringFlag) { f.Mandatory = false }), key: components.NewStringFlag(key, "Path to a private key that will sign the DSSE. Supported keys: 'ecdsa','rsa' and 'ed25519'.", func(f *components.StringFlag) { f.Mandatory = true }), - keyId: components.NewStringFlag(keyId, "KeyId", func(f *components.StringFlag) { f.Mandatory = false }), + KeyAlias: components.NewStringFlag(KeyAlias, "Key alias", func(f *components.StringFlag) { f.Mandatory = false }), } var commandFlags = map[string][]string{ @@ -69,12 +75,15 @@ var commandFlags = map[string][]string{ releaseBundleVersion, buildName, buildNumber, + packageName, + packageVersion, + packageRepoName, predicate, predicateType, subjectRepoPath, subjectSha256, key, - keyId, + KeyAlias, }, } diff --git a/evidence/cli/utils.go b/evidence/cli/utils.go index 6219f4d..944c5cd 100644 --- a/evidence/cli/utils.go +++ b/evidence/cli/utils.go @@ -12,4 +12,5 @@ var subjectTypes = []string{ subjectRepoPath, releaseBundle, buildName, + packageName, } diff --git a/evidence/create_base.go b/evidence/create_base.go index 4004b7c..80b4bf9 100644 --- a/evidence/create_base.go +++ b/evidence/create_base.go @@ -102,6 +102,15 @@ func (c *createEvidenceBase) createArtifactoryClient() (artifactory.ArtifactoryS return utils.CreateUploadServiceManager(c.serverDetails, 1, 0, 0, false, nil) } +func (c *createEvidenceBase) getFileChecksum(path string, artifactoryClient artifactory.ArtifactoryServicesManager) (string, error) { + res, err := artifactoryClient.FileInfo(path) + if err != nil { + log.Warn(fmt.Sprintf("file path '%s' does not exist.", path)) + return "", err + } + return res.Checksums.Sha256, nil +} + func createAndSignEnvelope(payloadJson []byte, key string, keyId string) (*dsse.Envelope, error) { // Load private key from file if ec.key is not a path to a file then try to load it as a key keyFile := []byte(key) diff --git a/evidence/create_package.go b/evidence/create_package.go new file mode 100644 index 0000000..ea8026f --- /dev/null +++ b/evidence/create_package.go @@ -0,0 +1,129 @@ +package evidence + +import ( + "encoding/json" + "fmt" + "github.com/jfrog/jfrog-cli-artifactory/evidence/model" + "github.com/jfrog/jfrog-cli-core/v2/artifactory/utils" + "github.com/jfrog/jfrog-cli-core/v2/utils/config" + coreConfig "github.com/jfrog/jfrog-cli-core/v2/utils/config" + "github.com/jfrog/jfrog-client-go/artifactory" + "github.com/jfrog/jfrog-client-go/artifactory/services" + "github.com/jfrog/jfrog-client-go/metadata" + "github.com/jfrog/jfrog-client-go/utils/errorutils" + "github.com/jfrog/jfrog-client-go/utils/log" +) + +const leadArtifactQueryTemplate = `{ + "query": "{versions(filter: {packageId: \"%s\", name: \"%s\", repositoriesIn: [{name: \"%s\"}]}) { edges { node { repos { name leadFilePath } } } } }" +}` + +type createEvidencePackage struct { + createEvidenceBase + packageName string + packageVersion string + packageRepoName string +} + +func NewCreateEvidencePackage(serverDetails *coreConfig.ServerDetails, predicateFilePath, predicateType, key, keyId, packageName, + packageVersion, packageRepoName string) Command { + return &createEvidencePackage{ + createEvidenceBase: createEvidenceBase{ + serverDetails: serverDetails, + predicateFilePath: predicateFilePath, + predicateType: predicateType, + key: key, + keyId: keyId, + }, + packageName: packageName, + packageVersion: packageVersion, + packageRepoName: packageRepoName, + } +} + +func (c *createEvidencePackage) CommandName() string { + return "create-package-evidence" +} + +func (c *createEvidencePackage) ServerDetails() (*config.ServerDetails, error) { + return c.serverDetails, nil +} + +func (c *createEvidencePackage) Run() error { + artifactoryClient, err := c.createArtifactoryClient() + if err != nil { + log.Error("failed to create Artifactory client", err) + return err + } + metadataClient, err := utils.CreateMetadataServiceManager(c.serverDetails, false) + if err != nil { + return err + } + + packageType, err := c.getPackageType(artifactoryClient) + if err != nil { + return err + } + + leadArtifact, err := c.getPackageVersionLeadArtifact(packageType, metadataClient) + if err != nil { + return err + } + leadArtifactPath := c.buildLeadArtifactPath(leadArtifact) + leadArtifactChecksum, err := c.getFileChecksum(leadArtifactPath, artifactoryClient) + if err != nil { + return err + } + envelope, err := c.createEnvelope(leadArtifactPath, leadArtifactChecksum) + if err != nil { + return err + } + err = c.uploadEvidence(envelope, leadArtifactPath) + if err != nil { + return err + } + + return nil +} + +func (c *createEvidencePackage) getPackageType(artifactoryClient artifactory.ArtifactoryServicesManager) (string, error) { + var request services.RepositoryDetails + err := artifactoryClient.GetRepository(c.packageRepoName, &request) + if err != nil { + return "", errorutils.CheckErrorf("No such package: %s/%s", c.packageRepoName, c.packageVersion) + } + return request.PackageType, nil +} + +func (c *createEvidencePackage) getPackageVersionLeadArtifact(packageType string, metadataClient metadata.Manager) (string, error) { + body, err := metadataClient.GraphqlQuery(c.createQuery(packageType)) + if err != nil { + return "", err + } + + res := &model.GraphqlResponse{} + err = json.Unmarshal(body, res) + if err != nil { + return "", err + } + if len(res.Data.Versions.Edges) == 0 { + return "", errorutils.CheckErrorf("No such package: %s/%s", c.packageRepoName, c.packageVersion) + } + + // Fetch the leadFilePath based on repoName + for _, repo := range res.Data.Versions.Edges[0].Node.Repos { + if repo.Name == c.packageRepoName { + return repo.LeadFilePath, nil + } + } + return "", errorutils.CheckErrorf("Can't find lead artifact of pacakge: %s/%s", c.packageRepoName, c.packageVersion) +} + +func (c *createEvidencePackage) createQuery(packageType string) []byte { + packageId := packageType + "://" + c.packageName + return []byte(fmt.Sprintf(leadArtifactQueryTemplate, packageId, c.packageVersion, c.packageRepoName)) +} + +func (c *createEvidencePackage) buildLeadArtifactPath(leadArtifact string) string { + return fmt.Sprintf("%s/%s", c.packageRepoName, leadArtifact) +} diff --git a/evidence/create_package_test.go b/evidence/create_package_test.go new file mode 100644 index 0000000..e61f2b4 --- /dev/null +++ b/evidence/create_package_test.go @@ -0,0 +1,75 @@ +package evidence + +import ( + "github.com/jfrog/jfrog-client-go/metadata" + "testing" + + "github.com/stretchr/testify/assert" +) + +type mockMetadataServiceManagerDuplicateRepositories struct{} + +func (m *mockMetadataServiceManagerDuplicateRepositories) GraphqlQuery(_ []byte) ([]byte, error) { + response := `{"data":{"versions":{"edges":[{"node":{"repos":[{"name":"nuget-local","leadFilePath":"MyLibrary/1.0.0/test.1.0.0.nupkg"},{"name":"local-test","leadFilePath":"MyLibrary/1.0.0/test.1.0.0.nupkg"}]}]}}}}` + return []byte(response), nil +} + +type mockMetadataServiceManagerGoodResponse struct{} + +func (m *mockMetadataServiceManagerGoodResponse) GraphqlQuery(_ []byte) ([]byte, error) { + response := `{"data":{"versions":{"edges":[{"node":{"repos":[{"name":"nuget-local","leadFilePath":"MyLibrary/1.0.0/test.1.0.0.nupkg"}]}}]}}}` + return []byte(response), nil +} + +func TestPackage(t *testing.T) { + tests := []struct { + name string + metadataClientMock metadata.Manager + packageName string + packageVersion string + repoName string + packageType string + expectedLeadArtifactPath string + expectError bool + }{ + { + name: "Get lead artifact successfully", + metadataClientMock: &mockMetadataServiceManagerGoodResponse{}, + packageName: "test", + packageVersion: "1.0.0", + repoName: "nuget-local", + packageType: "nuget", + expectedLeadArtifactPath: "nuget-local/MyLibrary/1.0.0/test.1.0.0.nupkg", + expectError: false, + }, + { + name: "Duplicate package name and version in the same repository", + metadataClientMock: &mockMetadataServiceManagerDuplicateRepositories{}, + packageName: "test", + packageVersion: "1.0.0", + repoName: "nuget-local", + packageType: "nuget", + expectedLeadArtifactPath: "", + expectError: true, + }, + } + + for _, tt := range tests { + t.Run(tt.name, func(t *testing.T) { + c := &createEvidencePackage{ + packageName: tt.packageName, + packageVersion: tt.packageVersion, + packageRepoName: tt.repoName, + } + leadArtifact, err := c.getPackageVersionLeadArtifact(tt.packageType, tt.metadataClientMock) + leadArtifactPath := c.buildLeadArtifactPath(leadArtifact) + if tt.expectError { + assert.Error(t, err) + assert.Empty(t, leadArtifact) + } else { + assert.NoError(t, err) + assert.Equal(t, tt.expectedLeadArtifactPath, leadArtifactPath) + } + }) + } +} diff --git a/evidence/create_release_bundle.go b/evidence/create_release_bundle.go index 8a5101b..ea76cd6 100644 --- a/evidence/create_release_bundle.go +++ b/evidence/create_release_bundle.go @@ -65,7 +65,7 @@ func (c *createEvidenceReleaseBundle) buildReleaseBundleSubjectPath(artifactoryC repoKey := buildRepoKey(c.project) manifestPath := buildManifestPath(repoKey, c.releaseBundle, c.releaseBundleVersion) - manifestChecksum, err := getManifestPathChecksum(manifestPath, artifactoryClient) + manifestChecksum, err := c.getFileChecksum(manifestPath, artifactoryClient) if err != nil { return "", "", err } @@ -83,12 +83,3 @@ func buildRepoKey(project string) string { func buildManifestPath(repoKey, name, version string) string { return fmt.Sprintf("%s/%s/%s/release-bundle.json.evd", repoKey, name, version) } - -func getManifestPathChecksum(manifestPath string, artifactoryClient artifactory.ArtifactoryServicesManager) (string, error) { - res, err := artifactoryClient.FileInfo(manifestPath) - if err != nil { - log.Warn(fmt.Sprintf("release bundle manifest path '%s' does not exist.", manifestPath)) - return "", err - } - return res.Checksums.Sha256, nil -} diff --git a/evidence/model/graphql.go b/evidence/model/graphql.go new file mode 100644 index 0000000..b4bed24 --- /dev/null +++ b/evidence/model/graphql.go @@ -0,0 +1,26 @@ +package model + +type GraphqlResponse struct { + Data VersionsData `json:"data"` +} + +type VersionsData struct { + Versions Versions `json:"versions"` +} + +type Versions struct { + Edges []VersionEdges `json:"edges"` +} + +type VersionEdges struct { + Node VersionNode `json:"node"` +} + +type VersionNode struct { + Repos []Repo `json:"repos"` +} + +type Repo struct { + Name string `json:"name"` + LeadFilePath string `json:"leadFilePath"` +} diff --git a/go.mod b/go.mod index 52e7d8d..33ec79c 100644 --- a/go.mod +++ b/go.mod @@ -5,7 +5,7 @@ go 1.22.3 require ( github.com/jfrog/build-info-go v1.9.32 github.com/jfrog/gofrog v1.7.5 - github.com/jfrog/jfrog-cli-core/v2 v2.54.1 + github.com/jfrog/jfrog-cli-core/v2 v2.54.2 github.com/jfrog/jfrog-client-go v1.43.2 github.com/pkg/errors v0.9.1 github.com/secure-systems-lab/go-securesystemslib v0.8.0 @@ -52,7 +52,7 @@ require ( github.com/manifoldco/promptui v0.9.0 // indirect github.com/mattn/go-colorable v0.1.13 // indirect github.com/mattn/go-isatty v0.0.20 // indirect - github.com/mattn/go-runewidth v0.0.15 // indirect + github.com/mattn/go-runewidth v0.0.16 // indirect github.com/mattn/go-tty v0.0.3 // indirect github.com/minio/sha256-simd v1.0.1 // indirect github.com/mitchellh/mapstructure v1.5.0 // indirect @@ -81,16 +81,20 @@ require ( github.com/xo/terminfo v0.0.0-20210125001918-ca9a967f8778 // indirect go.uber.org/atomic v1.9.0 // indirect go.uber.org/multierr v1.9.0 // indirect - golang.org/x/crypto v0.25.0 // indirect - golang.org/x/exp v0.0.0-20240719175910-8a7402abbf56 // indirect - golang.org/x/mod v0.19.0 // indirect - golang.org/x/net v0.27.0 // indirect - golang.org/x/sync v0.7.0 // indirect - golang.org/x/sys v0.22.0 // indirect - golang.org/x/term v0.22.0 // indirect - golang.org/x/text v0.16.0 // indirect - golang.org/x/tools v0.23.0 // indirect + golang.org/x/crypto v0.26.0 // indirect + golang.org/x/exp v0.0.0-20240808152545-0cdaa3abc0fa // indirect + golang.org/x/mod v0.20.0 // indirect + golang.org/x/net v0.28.0 // indirect + golang.org/x/sync v0.8.0 // indirect + golang.org/x/sys v0.23.0 // indirect + golang.org/x/term v0.23.0 // indirect + golang.org/x/text v0.17.0 // indirect + golang.org/x/tools v0.24.0 // indirect gopkg.in/ini.v1 v1.67.0 // indirect gopkg.in/warnings.v0 v0.1.2 // indirect gopkg.in/yaml.v3 v3.0.1 // indirect ) + +replace github.com/jfrog/jfrog-cli-core/v2 => github.com/jfrog/jfrog-cli-core/v2 v2.31.1-0.20240811150357-12a9330a2d67 + +replace github.com/jfrog/jfrog-client-go => github.com/jfrog/jfrog-client-go v1.28.1-0.20240811142930-ab9715567376 \ No newline at end of file diff --git a/go.sum b/go.sum index 648b15e..de5734f 100644 --- a/go.sum +++ b/go.sum @@ -94,10 +94,10 @@ github.com/jfrog/build-info-go v1.9.32 h1:PKXAMe84sMdob6eBtwwGz47Fz2cmjMwMPoHW8x github.com/jfrog/build-info-go v1.9.32/go.mod h1:JTGnENexG1jRhKWCkQtZuDb0PerlzlSzF5OmMLG9kfc= github.com/jfrog/gofrog v1.7.5 h1:dFgtEDefJdlq9cqTRoe09RLxS5Bxbe1Ev5+E6SmZHcg= github.com/jfrog/gofrog v1.7.5/go.mod h1:jyGiCgiqSSR7k86hcUSu67XVvmvkkgWTmPsH25wI298= -github.com/jfrog/jfrog-cli-core/v2 v2.54.1 h1:oNIsqUVJ/P17qEcHgj9/c1nfO23stqqj1sHB7ldFNmQ= -github.com/jfrog/jfrog-cli-core/v2 v2.54.1/go.mod h1:o8Ux0XiXWayxBXbtkMd5Vbs2YJZZDNiS9jtN6yQ4Ur8= -github.com/jfrog/jfrog-client-go v1.43.2 h1:NLSTTSFUkrNiSYs8rpRW7/sd6gDTPOi/eMVkGEarXq0= -github.com/jfrog/jfrog-client-go v1.43.2/go.mod h1:JUevXnjHbGL0MIIPs48L/axJMW/q4ioWMR1e1NuVn8w= +github.com/jfrog/jfrog-cli-core/v2 v2.31.1-0.20240811150357-12a9330a2d67 h1:ev3VOgr5/5dkoBIiX0lMGDPOIeqpyAbD4S9qBV+pkSY= +github.com/jfrog/jfrog-cli-core/v2 v2.31.1-0.20240811150357-12a9330a2d67/go.mod h1:lXoq+97FVeFUfTJd1oEeqFC6m2yC6ydjoEWwriOLBxQ= +github.com/jfrog/jfrog-client-go v1.28.1-0.20240811142930-ab9715567376 h1:ablnqrBY67NRA63pIwdEzdm5sKdfCyU+IPTsfzaYhQc= +github.com/jfrog/jfrog-client-go v1.28.1-0.20240811142930-ab9715567376/go.mod h1:JUevXnjHbGL0MIIPs48L/axJMW/q4ioWMR1e1NuVn8w= github.com/kevinburke/ssh_config v1.2.0 h1:x584FjTGwHzMwvHx18PXxbBVzfnxogHaAReU4gf13a4= github.com/kevinburke/ssh_config v1.2.0/go.mod h1:CT57kijsi8u/K/BOFA39wgDQJ9CxiF4nAY/ojJ6r6mM= github.com/klauspost/compress v1.4.1/go.mod h1:RyIbtBH6LamlWaDj8nUwkbUhJ87Yi3uG0guNDohfE1A= @@ -131,8 +131,8 @@ github.com/mattn/go-isatty v0.0.20 h1:xfD0iDuEKnDkl03q4limB+vH+GxLEtL/jb4xVJSWWE github.com/mattn/go-isatty v0.0.20/go.mod h1:W+V8PltTTMOvKvAeJH7IuucS94S2C6jfK/D7dTCTo3Y= github.com/mattn/go-runewidth v0.0.6/go.mod h1:H031xJmbD/WCDINGzjvQ9THkh0rPKHF+m2gUSrubnMI= github.com/mattn/go-runewidth v0.0.9/go.mod h1:H031xJmbD/WCDINGzjvQ9THkh0rPKHF+m2gUSrubnMI= -github.com/mattn/go-runewidth v0.0.15 h1:UNAjwbU9l54TA3KzvqLGxwWjHmMgBUVhBiTjelZgg3U= -github.com/mattn/go-runewidth v0.0.15/go.mod h1:Jdepj2loyihRzMpdS35Xk/zdY8IAYHsh153qUoGf23w= +github.com/mattn/go-runewidth v0.0.16 h1:E5ScNMtiwvlvB5paMFdw9p4kSQzbXFikJ5SQO6TULQc= +github.com/mattn/go-runewidth v0.0.16/go.mod h1:Jdepj2loyihRzMpdS35Xk/zdY8IAYHsh153qUoGf23w= github.com/mattn/go-tty v0.0.3 h1:5OfyWorkyO7xP52Mq7tB36ajHDG5OHrmBGIS/DtakQI= github.com/mattn/go-tty v0.0.3/go.mod h1:ihxohKRERHTVzN+aSVRwACLCeqIoZAWpoICkkvrWyR0= github.com/minio/sha256-simd v1.0.1 h1:6kaan5IFmwTNynnKKpDHe6FWHohJOHhCPchzK49dzMM= @@ -207,8 +207,8 @@ github.com/ulikunitz/xz v0.5.12 h1:37Nm15o69RwBkXM0J6A5OlE67RZTfzUxTj8fB3dfcsc= github.com/ulikunitz/xz v0.5.12/go.mod h1:nbz6k7qbPmH4IRqmfOplQw/tblSgqTqBwxkY0oWt/14= github.com/urfave/cli v1.22.15 h1:nuqt+pdC/KqswQKhETJjo7pvn/k4xMUxgW6liI7XpnM= github.com/urfave/cli v1.22.15/go.mod h1:wSan1hmo5zeyLGBjRJbzRTNk8gwoYa2B9n4q9dmRIc0= -github.com/vbauerster/mpb/v8 v8.7.4 h1:p4f16iMfUt3PkAC73SCzAtgtSf8TYDqEbJUT3odPrPo= -github.com/vbauerster/mpb/v8 v8.7.4/go.mod h1:r1B5k2Ljj5KJFCekfihbiqyV4VaaRTANYmvWA2btufI= +github.com/vbauerster/mpb/v8 v8.7.5 h1:hUF3zaNsuaBBwzEFoCvfuX3cpesQXZC0Phm/JcHZQ+c= +github.com/vbauerster/mpb/v8 v8.7.5/go.mod h1:bRCnR7K+mj5WXKsy0NWB6Or+wctYGvVwKn6huwvxKa0= github.com/xanzy/ssh-agent v0.3.3 h1:+/15pJfg/RsTxqYcX6fHqOXZwwMP+2VyYWJeWM2qQFM= github.com/xanzy/ssh-agent v0.3.3/go.mod h1:6dzNDKs0J9rVPHPhaGCukekBHKqfl+L3KghI1Bc68Uw= github.com/xeipuuv/gojsonpointer v0.0.0-20180127040702-4e3ac2762d5f h1:J9EGpcZtP0E/raorCMxlFGSTBrsSlaDGf3jU/qvAE2c= @@ -233,14 +233,14 @@ golang.org/x/crypto v0.0.0-20210921155107-089bfa567519/go.mod h1:GvvjBRRGRdwPK5y golang.org/x/crypto v0.0.0-20220622213112-05595931fe9d/go.mod h1:IxCIyHEi3zRg3s0A5j5BB6A9Jmi73HwBIUl50j+osU4= golang.org/x/crypto v0.3.1-0.20221117191849-2c476679df9a/go.mod h1:hebNnKkNXi2UzZN1eVRvBB7co0a+JxK6XbPiWVs/3J4= golang.org/x/crypto v0.7.0/go.mod h1:pYwdfH91IfpZVANVyUOhSIPZaFoJGxTFbZhFTx+dXZU= -golang.org/x/crypto v0.25.0 h1:ypSNr+bnYL2YhwoMt2zPxHFmbAN1KZs/njMG3hxUp30= -golang.org/x/crypto v0.25.0/go.mod h1:T+wALwcMOSE0kXgUAnPAHqTLW+XHgcELELW8VaDgm/M= -golang.org/x/exp v0.0.0-20240719175910-8a7402abbf56 h1:2dVuKD2vS7b0QIHQbpyTISPd0LeHDbnYEryqj5Q1ug8= -golang.org/x/exp v0.0.0-20240719175910-8a7402abbf56/go.mod h1:M4RDyNAINzryxdtnbRXRL/OHtkFuWGRjvuhBJpk2IlY= +golang.org/x/crypto v0.26.0 h1:RrRspgV4mU+YwB4FYnuBoKsUapNIL5cohGAmSH3azsw= +golang.org/x/crypto v0.26.0/go.mod h1:GY7jblb9wI+FOo5y8/S2oY4zWP07AkOJ4+jxCqdqn54= +golang.org/x/exp v0.0.0-20240808152545-0cdaa3abc0fa h1:ELnwvuAXPNtPk1TJRuGkI9fDTwym6AYBu0qzT8AcHdI= +golang.org/x/exp v0.0.0-20240808152545-0cdaa3abc0fa/go.mod h1:akd2r19cwCdwSwWeIdzYQGa/EZZyqcOdwWiwj5L5eKQ= golang.org/x/mod v0.6.0-dev.0.20220419223038-86c51ed26bb4/go.mod h1:jJ57K6gSWd91VN4djpZkiMVwK6gcyfeH4XE8wZrZaV4= golang.org/x/mod v0.8.0/go.mod h1:iBbtSCu2XBx23ZKBPSOrRkjjQPZFPuis4dIYUhu/chs= -golang.org/x/mod v0.19.0 h1:fEdghXQSo20giMthA7cd28ZC+jts4amQ3YMXiP5oMQ8= -golang.org/x/mod v0.19.0/go.mod h1:hTbmBsO62+eylJbnUtE2MGJUyE7QWk4xUqPFrRgJ+7c= +golang.org/x/mod v0.20.0 h1:utOm6MM3R3dnawAiJgn0y+xvuYRsm1RKM/4giyfDgV0= +golang.org/x/mod v0.20.0/go.mod h1:hTbmBsO62+eylJbnUtE2MGJUyE7QWk4xUqPFrRgJ+7c= golang.org/x/net v0.0.0-20190620200207-3b0461eec859/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= golang.org/x/net v0.0.0-20210226172049-e18ecbb05110/go.mod h1:m0MpNAwzfU5UDzcl9v0D8zg8gWTRqZa9RBIspLL5mdg= golang.org/x/net v0.0.0-20211112202133-69e39bad7dc2/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y= @@ -248,14 +248,14 @@ golang.org/x/net v0.0.0-20220722155237-a158d28d115b/go.mod h1:XRhObCWvk6IyKnWLug golang.org/x/net v0.2.0/go.mod h1:KqCZLdyyvdV855qA2rE3GC2aiw5xGR5TEjj8smXukLY= golang.org/x/net v0.6.0/go.mod h1:2Tu9+aMcznHK/AK1HMvgo6xiTLG5rD5rZLDS+rp2Bjs= golang.org/x/net v0.8.0/go.mod h1:QVkue5JL9kW//ek3r6jTKnTFis1tRmNAW2P1shuFdJc= -golang.org/x/net v0.27.0 h1:5K3Njcw06/l2y9vpGCSdcxWOYHOUk3dVNGDXN+FvAys= -golang.org/x/net v0.27.0/go.mod h1:dDi0PyhWNoiUOrAS8uXv/vnScO4wnHQO4mj9fn/RytE= +golang.org/x/net v0.28.0 h1:a9JDOJc5GMUJ0+UDqmLT86WiEy7iWyIhz8gz8E4e5hE= +golang.org/x/net v0.28.0/go.mod h1:yqtgsTWOOnlGLG9GFRrK3++bGOUEkNBoHZc8MEDWPNg= golang.org/x/sync v0.0.0-20190423024810-112230192c58/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sync v0.0.0-20190911185100-cd5d95a43a6e/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sync v0.0.0-20220722155255-886fb9371eb4/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sync v0.1.0/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= -golang.org/x/sync v0.7.0 h1:YsImfSBoP9QPYL0xyKJPq0gcaJdG3rInoqxTWbfQu9M= -golang.org/x/sync v0.7.0/go.mod h1:Czt+wKu1gCyEFDUtn0jG5QVvpJ6rzVqr5aXyt9drQfk= +golang.org/x/sync v0.8.0 h1:3NFvSEYkUoMifnESzZl15y791HH1qU2xm6eCJU5ZPXQ= +golang.org/x/sync v0.8.0/go.mod h1:Czt+wKu1gCyEFDUtn0jG5QVvpJ6rzVqr5aXyt9drQfk= golang.org/x/sys v0.0.0-20181122145206-62eef0e2fa9b/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= golang.org/x/sys v0.0.0-20190215142949-d0b11bdaac8a/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= golang.org/x/sys v0.0.0-20190222072716-a9d3bda3a223/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= @@ -281,15 +281,15 @@ golang.org/x/sys v0.2.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.3.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.5.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.6.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= -golang.org/x/sys v0.22.0 h1:RI27ohtqKCnwULzJLqkv897zojh5/DwS/ENaMzUOaWI= -golang.org/x/sys v0.22.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA= +golang.org/x/sys v0.23.0 h1:YfKFowiIMvtgl1UERQoTPPToxltDeZfbj4H7dVUCwmM= +golang.org/x/sys v0.23.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA= golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo= golang.org/x/term v0.0.0-20210927222741-03fcf44c2211/go.mod h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8= golang.org/x/term v0.2.0/go.mod h1:TVmDHMZPmdnySmBfhjOoOdhjzdE1h4u1VwSiw2l1Nuc= golang.org/x/term v0.5.0/go.mod h1:jMB1sMXY+tzblOD4FWmEbocvup2/aLOaQEp7JmGp78k= golang.org/x/term v0.6.0/go.mod h1:m6U89DPEgQRMq3DNkDClhWw02AUbt2daBVO4cn4Hv9U= -golang.org/x/term v0.22.0 h1:BbsgPEJULsl2fV/AT3v15Mjva5yXKQDyKf+TbDz7QJk= -golang.org/x/term v0.22.0/go.mod h1:F3qCibpT5AMpCRfhfT53vVJwhLtIVHhB9XDjfFvnMI4= +golang.org/x/term v0.23.0 h1:F6D4vR+EHoL9/sWAWgAR1H2DcHr4PareCbAaCo1RpuU= +golang.org/x/term v0.23.0/go.mod h1:DgV24QBUrK6jhZXl+20l6UWznPlwAHm1Q1mGHtydmSk= golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= golang.org/x/text v0.3.3/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ= golang.org/x/text v0.3.6/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ= @@ -297,14 +297,14 @@ golang.org/x/text v0.3.7/go.mod h1:u+2+/6zg+i71rQMx5EYifcz6MCKuco9NR6JIITiCfzQ= golang.org/x/text v0.4.0/go.mod h1:mrYo+phRRbMaCq/xk9113O4dZlRixOauAjOtrjsXDZ8= golang.org/x/text v0.7.0/go.mod h1:mrYo+phRRbMaCq/xk9113O4dZlRixOauAjOtrjsXDZ8= golang.org/x/text v0.8.0/go.mod h1:e1OnstbJyHTd6l/uOt8jFFHp6TRDWZR/bV3emEE/zU8= -golang.org/x/text v0.16.0 h1:a94ExnEXNtEwYLGJSIUxnWoxoRz/ZcCsV63ROupILh4= -golang.org/x/text v0.16.0/go.mod h1:GhwF1Be+LQoKShO3cGOHzqOgRrGaYc9AvblQOmPVHnI= +golang.org/x/text v0.17.0 h1:XtiM5bkSOt+ewxlOE/aE/AKEHibwj/6gvWMl9Rsh0Qc= +golang.org/x/text v0.17.0/go.mod h1:BuEKDfySbSR4drPmRPG/7iBdf8hvFMuRexcpahXilzY= golang.org/x/tools v0.0.0-20180917221912-90fa682c2a6e/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ= golang.org/x/tools v0.0.0-20191119224855-298f0cb1881e/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo= golang.org/x/tools v0.1.12/go.mod h1:hNGJHUnrk76NpqgfD5Aqm5Crs+Hm0VOH/i9J2+nxYbc= golang.org/x/tools v0.6.0/go.mod h1:Xwgl3UAJ/d3gWutnCtw505GrjyAbvKui8lOU390QaIU= -golang.org/x/tools v0.23.0 h1:SGsXPZ+2l4JsgaCKkx+FQ9YZ5XEtA1GZYuoDjenLjvg= -golang.org/x/tools v0.23.0/go.mod h1:pnu6ufv6vQkll6szChhK3C3L/ruaIv5eBeztNG8wtsI= +golang.org/x/tools v0.24.0 h1:J1shsA93PJUEVaUSaay7UXAyE8aimq3GW0pjlolpa24= +golang.org/x/tools v0.24.0/go.mod h1:YhNqVBIfWHdzvTLs0d8LCuMhkKUgSUKldakyV7W/WDQ= golang.org/x/xerrors v0.0.0-20190717185122-a985d3407aa7/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0= gopkg.in/check.v1 v1.0.0-20190902080502-41f04d3bba15/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0= From fe110b3858c17bff81287fde12bd8f0dbd36b11b Mon Sep 17 00:00:00 2001 From: osaidw Date: Mon, 12 Aug 2024 12:50:28 +0300 Subject: [PATCH 16/16] Evidence CLI - Create package evidence. --- evidence/cli/command_build.go | 4 ++-- evidence/cli/command_custom.go | 2 +- evidence/cli/command_package.go | 6 +++--- evidence/cli/command_relesae_bundle.go | 4 ++-- evidence/cli/flags.go | 6 +++--- evidence/create_package.go | 2 +- evidence/model/{graphql.go => metadata.go} | 2 +- 7 files changed, 13 insertions(+), 13 deletions(-) rename evidence/model/{graphql.go => metadata.go} (92%) diff --git a/evidence/cli/command_build.go b/evidence/cli/command_build.go index 72e65a9..bcac636 100644 --- a/evidence/cli/command_build.go +++ b/evidence/cli/command_build.go @@ -30,7 +30,7 @@ func (ebc *evidenceBuildCommand) CreateEvidence(ctx *components.Context, serverD ebc.ctx.GetStringFlagValue(predicate), ebc.ctx.GetStringFlagValue(predicateType), ebc.ctx.GetStringFlagValue(key), - ebc.ctx.GetStringFlagValue(KeyAlias), + ebc.ctx.GetStringFlagValue(keyAlias), ebc.ctx.GetStringFlagValue(project), ebc.ctx.GetStringFlagValue(buildName), ebc.ctx.GetStringFlagValue(buildNumber)) @@ -39,7 +39,7 @@ func (ebc *evidenceBuildCommand) CreateEvidence(ctx *components.Context, serverD func (ebc *evidenceBuildCommand) validateEvidenceBuildContext(ctx *components.Context) error { if !ctx.IsFlagSet(buildNumber) || assertValueProvided(ctx, buildNumber) != nil { - return errorutils.CheckErrorf("'buildNumber' is a mandatory field for creating a Release Bundle evidence: --%s", buildNumber) + return errorutils.CheckErrorf("--%s is a mandatory field for creating a Release Bundle evidence", buildNumber) } return nil } diff --git a/evidence/cli/command_custom.go b/evidence/cli/command_custom.go index 197ded7..87fd0a8 100644 --- a/evidence/cli/command_custom.go +++ b/evidence/cli/command_custom.go @@ -23,7 +23,7 @@ func (ecc *evidenceCustomCommand) CreateEvidence(_ *components.Context, serverDe ecc.ctx.GetStringFlagValue(predicate), ecc.ctx.GetStringFlagValue(predicateType), ecc.ctx.GetStringFlagValue(key), - ecc.ctx.GetStringFlagValue(KeyAlias), + ecc.ctx.GetStringFlagValue(keyAlias), ecc.ctx.GetStringFlagValue(subjectRepoPath), ecc.ctx.GetStringFlagValue(subjectSha256)) return ecc.execute(createCmd) diff --git a/evidence/cli/command_package.go b/evidence/cli/command_package.go index 4d2c2a7..73e937a 100644 --- a/evidence/cli/command_package.go +++ b/evidence/cli/command_package.go @@ -30,7 +30,7 @@ func (epc *evidencePackageCommand) CreateEvidence(ctx *components.Context, serve epc.ctx.GetStringFlagValue(predicate), epc.ctx.GetStringFlagValue(predicateType), epc.ctx.GetStringFlagValue(key), - epc.ctx.GetStringFlagValue(KeyAlias), + epc.ctx.GetStringFlagValue(keyAlias), epc.ctx.GetStringFlagValue(packageName), epc.ctx.GetStringFlagValue(packageVersion), epc.ctx.GetStringFlagValue(packageRepoName)) @@ -39,10 +39,10 @@ func (epc *evidencePackageCommand) CreateEvidence(ctx *components.Context, serve func (epc *evidencePackageCommand) validateEvidencePackageContext(ctx *components.Context) error { if !ctx.IsFlagSet(packageVersion) || assertValueProvided(ctx, packageVersion) != nil { - return errorutils.CheckErrorf("'packageVersion' is a mandatory field for creating a Package evidence: --%s", packageVersion) + return errorutils.CheckErrorf("--%s is a mandatory field for creating a Package evidence", packageVersion) } if !ctx.IsFlagSet(packageRepoName) || assertValueProvided(ctx, packageRepoName) != nil { - return errorutils.CheckErrorf("'packageRepoName' is a mandatory field for creating a Package evidence: --%s", packageRepoName) + return errorutils.CheckErrorf("--%s is a mandatory field for creating a Package evidence", packageRepoName) } return nil } diff --git a/evidence/cli/command_relesae_bundle.go b/evidence/cli/command_relesae_bundle.go index a44c39f..3c5e34d 100644 --- a/evidence/cli/command_relesae_bundle.go +++ b/evidence/cli/command_relesae_bundle.go @@ -30,7 +30,7 @@ func (erc *evidenceReleaseBundleCommand) CreateEvidence(ctx *components.Context, erc.ctx.GetStringFlagValue(predicate), erc.ctx.GetStringFlagValue(predicateType), erc.ctx.GetStringFlagValue(key), - erc.ctx.GetStringFlagValue(KeyAlias), + erc.ctx.GetStringFlagValue(keyAlias), erc.ctx.GetStringFlagValue(project), erc.ctx.GetStringFlagValue(releaseBundle), erc.ctx.GetStringFlagValue(releaseBundleVersion)) @@ -39,7 +39,7 @@ func (erc *evidenceReleaseBundleCommand) CreateEvidence(ctx *components.Context, func (erc *evidenceReleaseBundleCommand) validateEvidenceReleaseBundleContext(ctx *components.Context) error { if !ctx.IsFlagSet(releaseBundleVersion) || assertValueProvided(ctx, releaseBundleVersion) != nil { - return errorutils.CheckErrorf("'releaseBundleVersion' is a mandatory field for creating a Release Bundle evidence: --%s", releaseBundleVersion) + return errorutils.CheckErrorf("--%s is a mandatory field for creating a Release Bundle evidence", releaseBundleVersion) } return nil } diff --git a/evidence/cli/flags.go b/evidence/cli/flags.go index 82fb989..6e30ccb 100644 --- a/evidence/cli/flags.go +++ b/evidence/cli/flags.go @@ -34,7 +34,7 @@ const ( subjectRepoPath = "subject-repo-path" subjectSha256 = "subject-sha256" key = "key" - KeyAlias = "key-alias" + keyAlias = "key-alias" ) // Flag keys mapped to their corresponding components.Flag definition. @@ -60,7 +60,7 @@ var flagsMap = map[string]components.Flag{ subjectRepoPath: components.NewStringFlag(subjectRepoPath, "Full path to some subject' location.", func(f *components.StringFlag) { f.Mandatory = false }), subjectSha256: components.NewStringFlag(subjectSha256, "Subject checksum sha256.", func(f *components.StringFlag) { f.Mandatory = false }), key: components.NewStringFlag(key, "Path to a private key that will sign the DSSE. Supported keys: 'ecdsa','rsa' and 'ed25519'.", func(f *components.StringFlag) { f.Mandatory = true }), - KeyAlias: components.NewStringFlag(KeyAlias, "Key alias", func(f *components.StringFlag) { f.Mandatory = false }), + keyAlias: components.NewStringFlag(keyAlias, "Key alias", func(f *components.StringFlag) { f.Mandatory = false }), } var commandFlags = map[string][]string{ @@ -83,7 +83,7 @@ var commandFlags = map[string][]string{ subjectRepoPath, subjectSha256, key, - KeyAlias, + keyAlias, }, } diff --git a/evidence/create_package.go b/evidence/create_package.go index ea8026f..2d39a1c 100644 --- a/evidence/create_package.go +++ b/evidence/create_package.go @@ -101,7 +101,7 @@ func (c *createEvidencePackage) getPackageVersionLeadArtifact(packageType string return "", err } - res := &model.GraphqlResponse{} + res := &model.MetadataResponse{} err = json.Unmarshal(body, res) if err != nil { return "", err diff --git a/evidence/model/graphql.go b/evidence/model/metadata.go similarity index 92% rename from evidence/model/graphql.go rename to evidence/model/metadata.go index b4bed24..b125482 100644 --- a/evidence/model/graphql.go +++ b/evidence/model/metadata.go @@ -1,6 +1,6 @@ package model -type GraphqlResponse struct { +type MetadataResponse struct { Data VersionsData `json:"data"` }