wip, linting, getting tests to pass
This commit is contained in:
Phill MV
parent
b50022db08
commit
c8e6ac2e6c
4 changed files with 47 additions and 78 deletions
|
|
@ -6,7 +6,6 @@ import (
|
|||
"strings"
|
||||
|
||||
"github.com/cli/cli/v2/pkg/cmd/attestation/api"
|
||||
"github.com/cli/cli/v2/pkg/cmd/attestation/verification"
|
||||
)
|
||||
|
||||
type workflow struct {
|
||||
|
|
@ -111,28 +110,28 @@ func getAttestationDetail(tenant string, attr api.Attestation) (AttestationDetai
|
|||
}, nil
|
||||
}
|
||||
|
||||
func getDetailsAsSlice(tenant string, results []*verification.AttestationProcessingResult) ([][]string, error) {
|
||||
details := make([][]string, len(results))
|
||||
// func getDetailsAsSlice(tenant string, results []*verification.AttestationProcessingResult) ([][]string, error) {
|
||||
// details := make([][]string, len(results))
|
||||
//
|
||||
// for i, result := range results {
|
||||
// detail, err := getAttestationDetail(tenant, *result.Attestation)
|
||||
// if err != nil {
|
||||
// return nil, fmt.Errorf("failed to get attestation detail: %v", err)
|
||||
// }
|
||||
// details[i] = []string{detail.RepositoryName, detail.RepositoryID, detail.OrgName, detail.OrgID, detail.WorkflowID}
|
||||
// }
|
||||
// return details, nil
|
||||
// }
|
||||
|
||||
for i, result := range results {
|
||||
detail, err := getAttestationDetail(tenant, *result.Attestation)
|
||||
if err != nil {
|
||||
return nil, fmt.Errorf("failed to get attestation detail: %v", err)
|
||||
}
|
||||
details[i] = []string{detail.RepositoryName, detail.RepositoryID, detail.OrgName, detail.OrgID, detail.WorkflowID}
|
||||
}
|
||||
return details, nil
|
||||
}
|
||||
|
||||
func getAttestationDetails(tenant string, results []*verification.AttestationProcessingResult) ([]AttestationDetail, error) {
|
||||
details := make([]AttestationDetail, len(results))
|
||||
|
||||
for i, result := range results {
|
||||
detail, err := getAttestationDetail(tenant, *result.Attestation)
|
||||
if err != nil {
|
||||
return nil, fmt.Errorf("failed to get attestation detail: %v", err)
|
||||
}
|
||||
details[i] = detail
|
||||
}
|
||||
return details, nil
|
||||
}
|
||||
// func getAttestationDetails(tenant string, results []*verification.AttestationProcessingResult) ([]AttestationDetail, error) {
|
||||
// details := make([]AttestationDetail, len(results))
|
||||
//
|
||||
// for i, result := range results {
|
||||
// detail, err := getAttestationDetail(tenant, *result.Attestation)
|
||||
// if err != nil {
|
||||
// return nil, fmt.Errorf("failed to get attestation detail: %v", err)
|
||||
// }
|
||||
// details[i] = detail
|
||||
// }
|
||||
// return details, nil
|
||||
// }
|
||||
|
|
|
|||
|
|
@ -122,8 +122,6 @@ func NewInspectCmd(f *cmdutil.Factory, runF func(*Options) error) *cobra.Command
|
|||
},
|
||||
}
|
||||
|
||||
inspectCmd.Flags().StringVarP(&opts.BundlePath, "bundle", "b", "", "Path to bundle on disk, either a single bundle in a JSON file or a JSON lines file with multiple bundles")
|
||||
// inspectCmd.MarkFlagRequired("bundle") //nolint:errcheck
|
||||
inspectCmd.Flags().StringVarP(&opts.Hostname, "hostname", "", "", "Configure host to use")
|
||||
cmdutil.StringEnumFlag(inspectCmd, &opts.DigestAlgorithm, "digest-alg", "d", "sha256", []string{"sha256", "sha512"}, "The algorithm used to compute a digest of the artifact")
|
||||
cmdutil.AddFormatFlags(inspectCmd, &opts.exporter)
|
||||
|
|
@ -140,7 +138,7 @@ type BundleInspection struct {
|
|||
Certificate CertificateInspection `json:"certificate"`
|
||||
TransparencyLogEntries []TlogEntryInspection `json:"transparencyLogEntries"`
|
||||
SignedTimestamps []time.Time `json:"signedTimestamps"`
|
||||
Statement in_toto.Statement `json:"statement"`
|
||||
Statement *in_toto.Statement `json:"statement"`
|
||||
}
|
||||
|
||||
type CertificateInspection struct {
|
||||
|
|
@ -203,7 +201,7 @@ func runInspect(opts *Options) error {
|
|||
return fmt.Errorf("failed to fetch envelope statement: %w", err)
|
||||
}
|
||||
|
||||
inspectedBundle.Statement = *stmt
|
||||
inspectedBundle.Statement = stmt
|
||||
}
|
||||
|
||||
tlogTimestamps, err := dumpTlogs(entity)
|
||||
|
|
@ -253,12 +251,12 @@ func printInspectionSummary(logger *io.Handler, bundles []BundleInspection) {
|
|||
bundleSummaries := make([][][]string, len(bundles))
|
||||
for i, iB := range bundles {
|
||||
bundleSummaries[i] = [][]string{
|
||||
[]string{"Authentic", formatAuthentic(iB.Authentic, iB.Certificate.CertificateIssuer)},
|
||||
[]string{"Source NWO", formatNwo(iB.Certificate.SourceRepositoryURI)},
|
||||
[]string{"PredicateType", iB.Statement.GetPredicateType()},
|
||||
[]string{"SubjectAlternativeName", iB.Certificate.SubjectAlternativeName},
|
||||
[]string{"RunInvocationURI", iB.Certificate.RunInvocationURI},
|
||||
[]string{"CertificateNotBefore", iB.Certificate.NotBefore.Format(time.RFC3339)},
|
||||
{"Authentic", formatAuthentic(iB.Authentic, iB.Certificate.CertificateIssuer)},
|
||||
{"Source NWO", formatNwo(iB.Certificate.SourceRepositoryURI)},
|
||||
{"PredicateType", iB.Statement.GetPredicateType()},
|
||||
{"SubjectAlternativeName", iB.Certificate.SubjectAlternativeName},
|
||||
{"RunInvocationURI", iB.Certificate.RunInvocationURI},
|
||||
{"CertificateNotBefore", iB.Certificate.NotBefore.Format(time.RFC3339)},
|
||||
}
|
||||
}
|
||||
|
||||
|
|
|
|||
|
|
@ -52,9 +52,8 @@ func TestNewInspectCmd(t *testing.T) {
|
|||
}{
|
||||
{
|
||||
name: "Invalid digest-alg flag",
|
||||
cli: fmt.Sprintf("%s --bundle %s --digest-alg sha384", artifactPath, bundlePath),
|
||||
cli: fmt.Sprintf("%s --digest-alg sha384", bundlePath),
|
||||
wants: Options{
|
||||
ArtifactPath: artifactPath,
|
||||
BundlePath: bundlePath,
|
||||
DigestAlgorithm: "sha384",
|
||||
OCIClient: oci.MockClient{},
|
||||
|
|
@ -64,9 +63,8 @@ func TestNewInspectCmd(t *testing.T) {
|
|||
},
|
||||
{
|
||||
name: "Use default digest-alg value",
|
||||
cli: fmt.Sprintf("%s --bundle %s", artifactPath, bundlePath),
|
||||
cli: bundlePath,
|
||||
wants: Options{
|
||||
ArtifactPath: artifactPath,
|
||||
BundlePath: bundlePath,
|
||||
DigestAlgorithm: "sha256",
|
||||
OCIClient: oci.MockClient{},
|
||||
|
|
@ -76,9 +74,8 @@ func TestNewInspectCmd(t *testing.T) {
|
|||
},
|
||||
{
|
||||
name: "Use custom digest-alg value",
|
||||
cli: fmt.Sprintf("%s --bundle %s --digest-alg sha512", artifactPath, bundlePath),
|
||||
cli: fmt.Sprintf("%s --digest-alg sha512", bundlePath),
|
||||
wants: Options{
|
||||
ArtifactPath: artifactPath,
|
||||
BundlePath: bundlePath,
|
||||
DigestAlgorithm: "sha512",
|
||||
OCIClient: oci.MockClient{},
|
||||
|
|
@ -86,22 +83,10 @@ func TestNewInspectCmd(t *testing.T) {
|
|||
},
|
||||
wantsErr: false,
|
||||
},
|
||||
{
|
||||
name: "Missing bundle flag",
|
||||
cli: artifactPath,
|
||||
wants: Options{
|
||||
ArtifactPath: artifactPath,
|
||||
DigestAlgorithm: "sha256",
|
||||
OCIClient: oci.MockClient{},
|
||||
SigstoreVerifier: verification.NewMockSigstoreVerifier(t),
|
||||
},
|
||||
wantsErr: true,
|
||||
},
|
||||
{
|
||||
name: "Prints output in JSON format",
|
||||
cli: fmt.Sprintf("%s --bundle %s --format json", artifactPath, bundlePath),
|
||||
cli: fmt.Sprintf("%s --format json", bundlePath),
|
||||
wants: Options{
|
||||
ArtifactPath: artifactPath,
|
||||
BundlePath: bundlePath,
|
||||
DigestAlgorithm: "sha256",
|
||||
OCIClient: oci.MockClient{},
|
||||
|
|
@ -135,7 +120,7 @@ func TestNewInspectCmd(t *testing.T) {
|
|||
assert.Equal(t, tc.wants.BundlePath, opts.BundlePath)
|
||||
assert.Equal(t, tc.wants.DigestAlgorithm, opts.DigestAlgorithm)
|
||||
assert.NotNil(t, opts.Logger)
|
||||
assert.NotNil(t, opts.OCIClient)
|
||||
// assert.NotNil(t, opts.OCIClient)
|
||||
assert.Equal(t, tc.wantsExporter, opts.exporter != nil)
|
||||
})
|
||||
}
|
||||
|
|
@ -155,12 +140,6 @@ func TestRunInspect(t *testing.T) {
|
|||
require.Nil(t, runInspect(&opts))
|
||||
})
|
||||
|
||||
t.Run("with missing artifact path", func(t *testing.T) {
|
||||
customOpts := opts
|
||||
customOpts.ArtifactPath = test.NormalizeRelativePath("../test/data/non-existent-artifact.zip")
|
||||
require.Error(t, runInspect(&customOpts))
|
||||
})
|
||||
|
||||
t.Run("with missing bundle path", func(t *testing.T) {
|
||||
customOpts := opts
|
||||
customOpts.BundlePath = test.NormalizeRelativePath("../test/data/non-existent-sigstoreBundle.json")
|
||||
|
|
@ -181,7 +160,7 @@ func TestJSONOutput(t *testing.T) {
|
|||
}
|
||||
require.Nil(t, runInspect(&opts))
|
||||
|
||||
var target []AttestationDetail
|
||||
var target BundleInspectResult
|
||||
err := json.Unmarshal(out.Bytes(), &target)
|
||||
require.NoError(t, err)
|
||||
}
|
||||
|
|
|
|||
|
|
@ -1,18 +1,11 @@
|
|||
package inspect
|
||||
|
||||
import (
|
||||
"github.com/cli/cli/v2/pkg/cmd/attestation/artifact"
|
||||
"github.com/cli/cli/v2/pkg/cmd/attestation/verification"
|
||||
|
||||
sigstoreVerify "github.com/sigstore/sigstore-go/pkg/verify"
|
||||
)
|
||||
|
||||
func buildPolicy(a artifact.DigestedArtifact) (sigstoreVerify.PolicyBuilder, error) {
|
||||
artifactDigestPolicyOption, err := verification.BuildDigestPolicyOption(a)
|
||||
if err != nil {
|
||||
return sigstoreVerify.PolicyBuilder{}, err
|
||||
}
|
||||
|
||||
policy := sigstoreVerify.NewPolicy(artifactDigestPolicyOption, sigstoreVerify.WithoutIdentitiesUnsafe())
|
||||
return policy, nil
|
||||
}
|
||||
// func buildPolicy(a artifact.DigestedArtifact) (sigstoreVerify.PolicyBuilder, error) {
|
||||
// artifactDigestPolicyOption, err := verification.BuildDigestPolicyOption(a)
|
||||
// if err != nil {
|
||||
// return sigstoreVerify.PolicyBuilder{}, err
|
||||
// }
|
||||
//
|
||||
// policy := sigstoreVerify.NewPolicy(artifactDigestPolicyOption, sigstoreVerify.WithoutIdentitiesUnsafe())
|
||||
// return policy, nil
|
||||
// }
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue