Merge branch 'main' of github.com:kosli-dev/cli into install-script

Author: sofusalbertsen

Makefile

@@ -129,6 +129,8 @@ logs_integration_test_server:
 follow_integration_test_server:
 	@docker logs cli_kosli_server -f ${CONTAINER} 2>&1
 
+enter_integration_test_server:
+	@docker exec -it --workdir / cli_kosli_server bash
 
 docker:
 	@docker build -t kosli-cli .

cmd/kosli/archiveAttestationType_test.go

@@ -36,10 +36,10 @@ func (suite *ArchiveAttestationTypeCommandTestSuite) TestArchiveAttestationTypeC
 			golden: "Custom attestation type archive-attestation-type was archived\n",
 		},
 		{
-			wantError: true,
-			name:      "archiving non-existing custom attestation type fails",
-			cmd:       fmt.Sprintf(`archive attestation-type non-existing %s`, suite.defaultKosliArguments),
-			golden:    "Error: Custom attestation type 'non-existing' does not exist for org 'docs-cmd-test-user'. \n",
+			wantError:   true,
+			name:        "archiving non-existing custom attestation type fails",
+			cmd:         fmt.Sprintf(`archive attestation-type non-existing %s`, suite.defaultKosliArguments),
+			goldenRegex: "^Error: Custom attestation type 'non-existing' does not exist for org 'docs-cmd-test-user'",
 		},
 		{
 			wantError: true,

cmd/kosli/assertArtifact.go

@@ -7,6 +7,7 @@ import (
 	"net/http"
 	"net/url"
 
+	"github.com/kosli-dev/cli/internal/output"
 	"github.com/kosli-dev/cli/internal/requests"
 	"github.com/spf13/cobra"
 )
@@ -45,6 +46,7 @@ type assertArtifactOptions struct {
 	fingerprint        string // This is calculated or provided by the user
 	flowName           string
 	envName            string
+	output             string
 }
 
 func newAssertArtifactCmd(out io.Writer) *cobra.Command {
@@ -75,6 +77,8 @@ func newAssertArtifactCmd(out io.Writer) *cobra.Command {
 	cmd.Flags().StringVarP(&o.fingerprint, "fingerprint", "F", "", fingerprintFlag)
 	cmd.Flags().StringVarP(&o.flowName, "flow", "f", "", flowNameFlag)
 	cmd.Flags().StringVar(&o.envName, "environment", "", envNameFlag)
+	cmd.Flags().StringVarP(&o.output, "output", "o", "table", outputFlag)
+
 	addFingerprintFlags(cmd, o.fingerprintOptions)
 	addDryRunFlag(cmd)
 
@@ -116,31 +120,92 @@ func (o *assertArtifactOptions) run(out io.Writer, args []string) error {
 		return err
 	}
 
+	return output.FormattedPrint(response.Body, o.output, out, 0,
+		map[string]output.FormatOutputFunc{
+			"table": printAssertAsTable,
+			"json":  output.PrintJson,
+		})
+}
+
+func printAssertAsTable(raw string, out io.Writer, page int) error {
 	var evaluationResult map[string]interface{}
-	err = json.Unmarshal([]byte(response.Body), &evaluationResult)
+	err := json.Unmarshal([]byte(raw), &evaluationResult)
 	if err != nil {
 		return err
 	}
 
+	flow, _ := evaluationResult["flow"].(string)
+	trail, _ := evaluationResult["trail"].(string)
 	scope := evaluationResult["scope"].(string)
+	complianceStatus, _ := evaluationResult["compliance_status"].(map[string]interface{})
+	attestationsStatuses, _ := complianceStatus["attestations_statuses"].([]interface{})
 
 	if evaluationResult["compliant"].(bool) {
 		logger.Info("COMPLIANT")
-		if scope == "flow" {
-			logger.Info("See more details at %s", evaluationResult["html_url"].(string))
-		}
 	} else {
-		if scope == "flow" {
-			return fmt.Errorf("not compliant\nSee more details at %s", evaluationResult["html_url"].(string))
-		} else {
-			jsonData, err := json.MarshalIndent(evaluationResult["policy_evaluations"], "", "  ")
-			if err != nil {
-				return fmt.Errorf("error marshalling evaluation result: %v", err)
+		logger.Info("Error: NON-COMPLIANT")
+	}
+	logger.Info("Flow: %v\nTrail %v", flow, trail)
+	logger.Info("%-32v %-30v %-15v %-10v", "Attestation-name", "type", "status", "compliant")
+
+	for _, item := range attestationsStatuses {
+		attestation := item.(map[string]interface{})
+		name := attestation["attestation_name"]
+		attType := attestation["attestation_type"]
+		status := attestation["status"]
+		isCompliant, _ := attestation["is_compliant"].(bool)
+		unexpected, _ := attestation["unexpected"].(bool)
+		unexpectedStr := ""
+		if unexpected {
+			unexpectedStr = "unexpected"
+		}
+
+		logger.Info("  %-32v %-30v %-15v %-10v %-10v", name, attType, status, isCompliant, unexpectedStr)
+	}
+	if scope == "environment" {
+		logger.Info("%-32v %-30v", "Policy-name", "status")
+		policyEvaluations := evaluationResult["policy_evaluations"].([]interface{})
+		for _, item := range policyEvaluations {
+			policyEvaluation := item.(map[string]interface{})
+			policyName := policyEvaluation["policy_name"]
+			policyStatus := policyEvaluation["status"]
+			logger.Info("  %-32v %-30v", policyName, policyStatus)
+			if policyStatus != "COMPLIANT" {
+				ruleEvaluations := policyEvaluation["rule_evaluations"].([]interface{})
+				var failures []string
+				for _, item2 := range ruleEvaluations {
+					ruleEvaluation := item2.(map[string]interface{})
+					ignored := ruleEvaluation["ignored"].(bool)
+					satisfied, _ := ruleEvaluation["satisfied"].(bool)
+					if !ignored && !satisfied {
+						rule := ruleEvaluation["rule"].(map[string]interface{})
+						resolutions := ruleEvaluation["resolutions"].([]interface{})
+						for _, item3 := range resolutions {
+							resolution := item3.(map[string]interface{})
+							resolutionType := resolution["type"].(string)
+							ruleDefinition := rule["definition"].(map[string]interface{})
+							attestationName := ruleDefinition["name"]
+							attestationType := ruleDefinition["type"]
+							switch resolutionType {
+							case "legacy_flow":
+								failures = append(failures, "artifact comes from a legacy flow and does not have the new attestations")
+							case "missing_attestation":
+								failures = append(failures, fmt.Sprintf("artifact is missing required '%v' (type: %v) attestation in trail", attestationName, attestationType))
+							case "non_compliant_attestation":
+								failures = append(failures, fmt.Sprintf("attestation '%v' is non-compliant in trail", attestationName))
+							case "non_compliant_in_trail":
+								failures = append(failures, "artifact is not compliant in trail")
+							}
+						}
+					}
+				}
+				for _, fail := range failures {
+					logger.Info("    %v", fail)
+				}
 			}
-			return fmt.Errorf("not compliant for env [%s]: \n %v", o.envName,
-				string(jsonData))
 		}
 	}
+	logger.Info("\nSee more details at %s", evaluationResult["html_url"].(string))
 
 	return nil
 }

cmd/kosli/assertArtifact_test.go

@@ -15,13 +15,15 @@ type AssertArtifactCommandTestSuite struct {
 	suite.Suite
 	defaultKosliArguments string
 	flowName              string
+	envName               string
 	artifactName          string
 	artifactPath          string
 	fingerprint           string
 }
 
 func (suite *AssertArtifactCommandTestSuite) SetupTest() {
 	suite.flowName = "assert-artifact"
+	suite.envName = "assert-artifact-environment"
 	suite.artifactName = "arti"
 	suite.artifactPath = "testdata/folder1/hello.txt"
 	global = &GlobalOpts{
@@ -35,6 +37,7 @@ func (suite *AssertArtifactCommandTestSuite) SetupTest() {
 	fingerprintOptions := &fingerprintOptions{
 		artifactType: "file",
 	}
+	CreateEnv(global.Org, suite.envName, "server", suite.Suite.T())
 	var err error
 	suite.fingerprint, err = GetSha256Digest(suite.artifactPath, fingerprintOptions, logger)
 	require.NoError(suite.Suite.T(), err)
@@ -58,12 +61,25 @@ func (suite *AssertArtifactCommandTestSuite) TestAssertArtifactCmd() {
 		{
 			name:        "asserting an existing compliant artifact (using --fingerprint) results in OK and zero exit",
 			cmd:         fmt.Sprintf(`assert artifact --fingerprint %s --flow %s %s`, suite.fingerprint, suite.flowName, suite.defaultKosliArguments),
-			goldenRegex: "COMPLIANT\nSee more details at http://localhost:8001/docs-cmd-test-user/flows/assert-artifact/artifacts/fcf33337634c2577a5d86fd7ecb0a25a7c1bb5d89c14fd236f546a5759252c02(?:\\?artifact_id=[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{8})?\n",
+			goldenRegex: "(?s)^COMPLIANT\n.*Attestation-name.*See more details at http://localhost(:8001)?/docs-cmd-test-user/flows/assert-artifact/artifacts/fcf33337634c2577a5d86fd7ecb0a25a7c1bb5d89c14fd236f546a5759252c02(?:\\?artifact_id=[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{8})?\n",
+		},
+		{
+			name:        "asserting an existing compliant artifact (using --fingerprint) for an environment results in OK and zero exit",
+			cmd:         fmt.Sprintf(`assert artifact --fingerprint %s --flow %s --environment %s %s`, suite.fingerprint, suite.flowName, suite.envName, suite.defaultKosliArguments),
+			goldenRegex: "(?s)^COMPLIANT\n.*Attestation-name.*Policy-name.*See more details at http://localhost(:8001)?/docs-cmd-test-user/flows/assert-artifact/artifacts/fcf33337634c2577a5d86fd7ecb0a25a7c1bb5d89c14fd236f546a5759252c02(?:\\?artifact_id=[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{8})?\n",
 		},
 		{
 			name:        "asserting an existing compliant artifact (using --artifact-type) results in OK and zero exit",
 			cmd:         fmt.Sprintf(`assert artifact %s --artifact-type file --flow %s %s`, suite.artifactPath, suite.flowName, suite.defaultKosliArguments),
-			goldenRegex: "COMPLIANT\nSee more details at http://localhost:8001/docs-cmd-test-user/flows/assert-artifact/artifacts/fcf33337634c2577a5d86fd7ecb0a25a7c1bb5d89c14fd236f546a5759252c02?(?:\\?artifact_id=[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{8})?\n",
+			goldenRegex: "(?s)^COMPLIANT\n.*See more details at http://localhost(:8001)?/docs-cmd-test-user/flows/assert-artifact/artifacts/fcf33337634c2577a5d86fd7ecb0a25a7c1bb5d89c14fd236f546a5759252c02?(?:\\?artifact_id=[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{8})?\n",
+		},
+		{
+			name: "json output of asserting an existing compliant artifact (using --artifact-type) results in OK and zero exit",
+			cmd:  fmt.Sprintf(`assert artifact %s --output json --artifact-type file --flow %s %s`, suite.artifactPath, suite.flowName, suite.defaultKosliArguments),
+			goldenJson: []jsonCheck{
+				{"compliant", true},
+				{"scope", "flow"},
+			},
 		},
 		{
 			wantError: true,

cmd/kosli/attestArtifact_test.go

@@ -82,10 +82,10 @@ func (suite *AttestArtifactCommandTestSuite) TestAttestArtifactCmd() {
 			golden:    "Error: --external-fingerprints have labels that don't have a URL in --external-url\n",
 		},
 		{
-			wantError: true,
-			name:      "fails (from server) when --external-fingerprint has invalid fingerprint",
-			cmd:       fmt.Sprintf("attest artifact testdata/file1 --fingerprint 7509e5bda0c762d2bac7f90d758b5b2263fa01ccbc542ab5e3df163be08e6ca9 --name cli --commit HEAD --build-url http://www.example.com --commit-url http://www.example.com --external-url file=https://http://www.example.com --external-fingerprint file=7509e5bda0  %s", suite.defaultKosliArguments),
-			golden:    "Error: Input payload validation failed: map[external_urls.file.fingerprint:'7509e5bda0' does not match '^[a-f0-9]{64}$']\n",
+			wantError:   true,
+			name:        "fails (from server) when --external-fingerprint has invalid fingerprint",
+			cmd:         fmt.Sprintf("attest artifact testdata/file1 --fingerprint 7509e5bda0c762d2bac7f90d758b5b2263fa01ccbc542ab5e3df163be08e6ca9 --name cli --commit HEAD --build-url http://www.example.com --commit-url http://www.example.com --external-url file=https://http://www.example.com --external-fingerprint file=7509e5bda0  %s", suite.defaultKosliArguments),
+			goldenRegex: "Error: Input payload validation failed: .*7509e5bda0",
 		},
 		{
 			name:   "can attest with annotations against a trail",

cmd/kosli/attestSonar_test.go

@@ -159,19 +159,19 @@ func (suite *AttestSonarCommandTestSuite) TestAttestSonarCmd() {
 			wantError: true,
 			name:      "if outdated task given (i.e. we try to get results for an older scan that SonarCloud has deleted), we get an error",
 			cmd:       fmt.Sprintf("attest sonar --name cli.foo --commit HEAD --origin-url http://www.example.com --sonar-working-dir testdata/sonar/sonarcloud/.scannerwork-old %s", suite.defaultKosliArguments),
-			golden:    "Error: analysis not found on https://sonarcloud.io. Snapshot may have been deleted by SonarQube\n",
+			golden:    "Error: No activity found for task 'AZERk4uWpzGpahwkB9ac' on https://sonarcloud.io. \nSonarQube may be experiencing problems, please check https://status.sonarqube.com/ and try again later. \nOtherwise if you are attesting an older scan, the snapshot may have been deleted by SonarQube.\n",
 		},
 		{
 			wantError: true,
 			name:      "if incorrect revision given (or the scan for the given revision has been deleted by SonarCloud)",
 			cmd:       fmt.Sprintf("attest sonar --name cli.foo --commit HEAD --origin-url http://www.example.com --sonar-project-key cyber-dojo_differ --sonar-revision b4d1053f2aac18c9fb4b9a289a8289199c932e12 %s", suite.defaultKosliArguments),
-			golden:    "Error: analysis for revision b4d1053f2aac18c9fb4b9a289a8289199c932e12 of project cyber-dojo_differ not found. Check the revision is correct. Snapshot may also have been deleted by SonarQube\n",
+			golden:    "Error: analysis for revision b4d1053f2aac18c9fb4b9a289a8289199c932e12 of project cyber-dojo_differ not found. Check the revision is correct. \nThe scan may still be being processed by SonarQube, try again later.\n Otherwise if you are attesting an older scan, the snapshot may also have been deleted by SonarQube\n",
 		},
 		{
 			wantError: true,
 			name:      "if incorrect project key given, we get an error message from Sonar",
 			cmd:       fmt.Sprintf("attest sonar --name cli.foo --commit HEAD --origin-url http://www.example.com --sonar-project-key cyber-dojo-differ --sonar-revision 38f3dc8b63abb632ac94a12b3f818b49f8047fa1 %s", suite.defaultKosliArguments),
-			golden:    "Error: sonar error: Component key 'cyber-dojo-differ' not found\n",
+			golden:    "Error: SonarQube error: Component key 'cyber-dojo-differ' not found\n",
 		},
 	}
 
@@ -261,7 +261,7 @@ func (suite *AttestSonarQubeCommandTestSuite) TestAttestSonarQubeCmd() {
 			wantError: true,
 			name:      "if incorrect project key given, we get an error message from Sonar",
 			cmd:       fmt.Sprintf("attest sonar --name cli.foo --commit HEAD --origin-url http://www.example.com --sonar-server-url http://localhost:9000 --sonar-project-key test99 --sonar-revision 38f3dc8b63abb632ac94a12b3f818b49f8047fa1 %s", suite.defaultKosliArguments),
-			golden:    "Error: sonar error: Component key 'test99' not found\n",
+			golden:    "Error: SonarQube error: Component key 'test99' not found\n",
 		},
 		{
 			wantError: true,

cmd/kosli/beginTrail_test.go

@@ -36,10 +36,10 @@ func (suite *BeginTrailCommandTestSuite) TestBeginTrailCmd() {
 			golden:    "Error: accepts 1 arg(s), received 2\n",
 		},
 		{
-			wantError: true,
-			name:      "fails when name is considered invalid by the server",
-			cmd:       fmt.Sprintf("begin trail foo?$bar --flow %s %s", suite.flowName, suite.defaultKosliArguments),
-			golden:    "Error: Input payload validation failed: map[name:'foo?$bar' does not match '^[a-zA-Z0-9][a-zA-Z0-9\\\\.\\\\-_~]*$']\n",
+			wantError:   true,
+			name:        "fails when name is considered invalid by the server",
+			cmd:         fmt.Sprintf("begin trail foo?$bar --flow %s %s", suite.flowName, suite.defaultKosliArguments),
+			goldenRegex: "^Error.*foo\\?\\$bar",
 		},
 		{
 			wantError: true,

cmd/kosli/createEnvironment_test.go

@@ -67,16 +67,16 @@ func (suite *CreateEnvironmentCommandTestSuite) TestCreateEnvironmentCmd() {
 			golden:    "Error: only one of --exclude-scaling, --include-scaling is allowed\n",
 		},
 		{
-			wantError: true,
-			name:      "fails if the type case does not match what the server accepts",
-			cmd:       "create env newEnv1 --type k8s" + suite.defaultKosliArguments,
-			golden:    "Error: Input payload validation failed: map[type:'k8s' is not one of ['K8S', 'ECS', 'S3', 'lambda', 'server', 'docker', 'azure-apps', 'logical']]\n",
+			wantError:   true,
+			name:        "fails if the type case does not match what the server accepts",
+			cmd:         "create env newEnv1 --type k8s" + suite.defaultKosliArguments,
+			goldenRegex: "^Error: Input payload validation failed: .*k8s",
 		},
 		{
-			wantError: true,
-			name:      "fails if the type is not recognized by the server",
-			cmd:       "create env newEnv1 --type unknown" + suite.defaultKosliArguments,
-			golden:    "Error: Input payload validation failed: map[type:'unknown' is not one of ['K8S', 'ECS', 'S3', 'lambda', 'server', 'docker', 'azure-apps', 'logical']]\n",
+			wantError:   true,
+			name:        "fails if the type is not recognized by the server",
+			cmd:         "create env newEnv1 --type unknown" + suite.defaultKosliArguments,
+			goldenRegex: "^Error: Input payload validation failed: .*unknown",
 		},
 		{
 			wantError: true,
@@ -97,10 +97,10 @@ func (suite *CreateEnvironmentCommandTestSuite) TestCreateEnvironmentCmd() {
 			golden:    "Error: accepts 1 arg(s), received 2\n",
 		},
 		{
-			wantError: true,
-			name:      "fails when name is considered invalid by the server",
-			cmd:       "create env 'foo bar' --type K8S" + suite.defaultKosliArguments,
-			golden:    "Error: Input payload validation failed: map[name:'foo bar' does not match '^[a-zA-Z0-9][a-zA-Z0-9\\\\.\\\\-_]*$']\n",
+			wantError:   true,
+			name:        "fails when name is considered invalid by the server",
+			cmd:         "create env 'foo bar' --type K8S" + suite.defaultKosliArguments,
+			goldenRegex: "^Error: Input payload validation failed: .*foo bar",
 		},
 		{
 			wantError: false,

cmd/kosli/createFlow_test.go

@@ -33,10 +33,10 @@ func (suite *CreateFlowCommandTestSuite) TestCreateFlowCmd() {
 			golden:    "Error: accepts 1 arg(s), received 2\n",
 		},
 		{
-			wantError: true,
-			name:      "fails when name is considered invalid by the server",
-			cmd:       "create flow 'foo bar'" + suite.defaultKosliArguments,
-			golden:    "Error: Input payload validation failed: map[name:'foo bar' does not match '^[a-zA-Z0-9][a-zA-Z0-9\\\\.\\\\-_~]*$']\n",
+			wantError:   true,
+			name:        "fails when name is considered invalid by the server",
+			cmd:         "create flow 'foo bar'" + suite.defaultKosliArguments,
+			goldenRegex: "^Error: .*foo bar",
 		},
 		{
 			name:   "can create a flow (by default legacy template is used)",

cmd/kosli/getAttestationType_test.go

@@ -35,10 +35,10 @@ func (suite *GetAttestationTypeCommandTestSuite) SetupTest() {
 func (suite *GetAttestationTypeCommandTestSuite) TestGetAttestationTypeCmd() {
 	tests := []cmdTestCase{
 		{
-			wantError: true,
-			name:      "getting a non existing attestation type fails",
-			cmd:       fmt.Sprintf(`get attestation-type foo %s`, suite.defaultKosliArguments),
-			golden:    fmt.Sprintf("Error: Custom attestation type 'foo' does not exist for org '%s'. \n", global.Org),
+			wantError:   true,
+			name:        "getting a non existing attestation type fails",
+			cmd:         fmt.Sprintf(`get attestation-type foo %s`, suite.defaultKosliArguments),
+			goldenRegex: fmt.Sprintf("^Error: Custom attestation type 'foo' does not exist for org '%s'", global.Org),
 		},
 		{
 			wantError: true,
@@ -74,11 +74,6 @@ func (suite *GetAttestationTypeCommandTestSuite) TestGetAttestationTypeCmd() {
 			cmd:        fmt.Sprintf(`get attestation-type %s@v1 %s`, suite.attestationTypeName, suite.defaultKosliArguments),
 			goldenFile: "output/get/get-attestation-type-version.txt",
 		},
-		{
-			name:       "giving a non-integer version number returns the unversioned attestation type",
-			cmd:        fmt.Sprintf(`get attestation-type %s@vone %s`, suite.attestationTypeName, suite.defaultKosliArguments),
-			goldenFile: "output/get/get-attestation-type.txt",
-		},
 		{
 			name: "getting an existing attestation type with --output json works",
 			cmd:  fmt.Sprintf(`get attestation-type %s --output json %s`, suite.attestationTypeName, suite.defaultKosliArguments),