Add repo options to attest and artifact commands (#708)

* Move connecting to k8s cluster later in snapshot command

This means config is validated before connecting to cluster and allows us to run config validation tests without a k8s cluster being available.

* Add repo-id, repo-url and repo-provider options to attest artifact

* Infer repo provider from provided environment variables

* Ensure repository flag can be set and overrides the repoName

This applies to all attest commands

* Ensure GitRepoInfo is only sent if repoId and repoName are present

They might be inferred from environment variables or set directly in options

* Add repo options to begin trail command

* Add tests for new attest flags in each attest command

* Kosli API needs repo id, name AND url

Ensure that all 3 pieces of information are present before adding GitRepoInfo to API call

* Update docs for snyk attestation to include repo options

* Remove circleci as a repo provider. It does not provide git repos

* Add warning if repo information is not sent

Must have repo ID, URL and Name present to send repo info

* Only validate repo-url if it is explicitly provided.

Don't want to break CI flows if repoURL is inferred from CI environment variables

Author: pbeckham

cmd/kosli/attestArtifact.go

@@ -23,6 +23,10 @@ type attestArtifactOptions struct {
 	externalFingerprints map[string]string
 	externalURLs         map[string]string
 	annotations          map[string]string
+	repoID               string
+	repoName             string
+	repoURL              string
+	repoProvider         string
 }
 
 type AttestArtifactPayload struct {
@@ -118,6 +122,11 @@ func newAttestArtifactCmd(out io.Writer) *cobra.Command {
 			if err != nil {
 				return ErrorBeforePrintingUsage(cmd, err.Error())
 			}
+
+			if err := validateRepoFlags(o.repoURL, o.repoProvider, cmd.Flags().Changed("repo-url")); err != nil {
+				return err
+			}
+
 			return ValidateRegistryFlags(cmd, o.fingerprintOptions)
 		},
 		RunE: func(cmd *cobra.Command, args []string) error {
@@ -139,6 +148,10 @@ func newAttestArtifactCmd(out io.Writer) *cobra.Command {
 	cmd.Flags().StringToStringVar(&o.externalFingerprints, "external-fingerprint", map[string]string{}, externalFingerprintFlag)
 	cmd.Flags().StringToStringVar(&o.externalURLs, "external-url", map[string]string{}, externalURLFlag)
 	cmd.Flags().StringToStringVar(&o.annotations, "annotate", map[string]string{}, annotationFlag)
+	cmd.Flags().StringVar(&o.repoID, "repo-id", DefaultValue(ci, "repo-id"), repoIDFlag)
+	cmd.Flags().StringVar(&o.repoName, "repository", DefaultValue(ci, "repository"), repoNameFlag)
+	cmd.Flags().StringVar(&o.repoURL, "repo-url", DefaultValue(ci, "repo-url"), repoURLFlag)
+	cmd.Flags().StringVar(&o.repoProvider, "repo-provider", DefaultValue(ci, "repo-provider"), repoProviderFlag)
 	addFingerprintFlags(cmd, o.fingerprintOptions)
 
 	addDryRunFlag(cmd)
@@ -194,6 +207,7 @@ func (o *attestArtifactOptions) run(args []string) error {
 	if err != nil {
 		logger.Warn("failed to get git repo info. %s", err.Error())
 	}
+	o.payload.GitRepoInfo = mergeGitRepoInfo(o.payload.GitRepoInfo, o.repoID, o.repoName, o.repoURL, o.repoProvider)
 	o.payload.GitCommit = commitInfo.Sha1
 	o.payload.GitCommitInfo = &commitInfo.BasicCommitInfo
 

cmd/kosli/attestArtifact_test.go

@@ -111,6 +111,28 @@ func (suite *AttestArtifactCommandTestSuite) TestAttestArtifactCmd() {
 			cmd:       fmt.Sprintf("attest artifact testdata/file1 --artifact-type file --redact-commit-info author,bar --name cli --commit HEAD --build-url http://www.example.com --commit-url http://www.example.com  %s", suite.defaultKosliArguments),
 			golden:    "Error: bar is not an allowed value for --redact-commit-info\n",
 		},
+		{
+			wantError: true,
+			name:      "fails when --repo-url is not a valid URL",
+			cmd:       fmt.Sprintf("attest artifact testdata/file1 --fingerprint 7509e5bda0c762d2bac7f90d758b5b2263fa01ccbc542ab5e3df163be08e6ca9 --name cli --commit HEAD --build-url http://www.example.com --commit-url http://www.example.com --repo-url not-a-url %s", suite.defaultKosliArguments),
+			golden:    "Error: --repo-url 'not-a-url' is not a valid URL\n",
+		},
+		{
+			wantError: true,
+			name:      "fails when --repo-provider is not an allowed value",
+			cmd:       fmt.Sprintf("attest artifact testdata/file1 --fingerprint 7509e5bda0c762d2bac7f90d758b5b2263fa01ccbc542ab5e3df163be08e6ca9 --name cli --commit HEAD --build-url http://www.example.com --commit-url http://www.example.com --repo-provider jenkins %s", suite.defaultKosliArguments),
+			golden:    "Error: --repo-provider 'jenkins' is not allowed. Must be one of: github, gitlab, bitbucket, azure-devops\n",
+		},
+		{
+			name:   "can attest with all repo flags",
+			cmd:    fmt.Sprintf("attest artifact testdata/file1 --fingerprint 7509e5bda0c762d2bac7f90d758b5b2263fa01ccbc542ab5e3df163be08e6ca9 --name cli --commit HEAD --build-url http://www.example.com --commit-url http://www.example.com --repo-id test-repo-id --repository test-repo-name --repo-url https://github.com/org/repo --repo-provider github %s", suite.defaultKosliArguments),
+			golden: "artifact testdata/file1 was attested with fingerprint: 7509e5bda0c762d2bac7f90d758b5b2263fa01ccbc542ab5e3df163be08e6ca9\n",
+		},
+		{
+			name:   "can attest without repo-id and repository",
+			cmd:    fmt.Sprintf("attest artifact testdata/file1 --fingerprint 7509e5bda0c762d2bac7f90d758b5b2263fa01ccbc542ab5e3df163be08e6ca9 --name cli --commit HEAD --build-url http://www.example.com --commit-url http://www.example.com %s", suite.defaultKosliArguments),
+			golden: "artifact testdata/file1 was attested with fingerprint: 7509e5bda0c762d2bac7f90d758b5b2263fa01ccbc542ab5e3df163be08e6ca9\n",
+		},
 	}
 
 	runTestCmd(suite.T(), tests)

cmd/kosli/attestCustom.go

@@ -135,6 +135,7 @@ func newAttestCustomCmd(out io.Writer) *cobra.Command {
 		},
 
 		RunE: func(cmd *cobra.Command, args []string) error {
+			o.repoURLExplicit = cmd.Flags().Changed("repo-url")
 			return o.run(args)
 		},
 	}

cmd/kosli/attestGeneric.go

@@ -129,6 +129,7 @@ func newAttestGenericCmd(out io.Writer) *cobra.Command {
 		},
 
 		RunE: func(cmd *cobra.Command, args []string) error {
+			o.repoURLExplicit = cmd.Flags().Changed("repo-url")
 			return o.run(args)
 		},
 	}

cmd/kosli/attestGeneric_test.go

@@ -173,6 +173,23 @@ func (suite *AttestGenericCommandTestSuite) TestAttestGenericCmd() {
 			cmd:       fmt.Sprintf("attest generic --name bar --annotate foo.baz=bar %s", suite.defaultKosliArguments),
 			golden:    "Error: --annotate flag should be in the format key=value. Invalid key: 'foo.baz'. Key can only contain [A-Za-z0-9_]\n",
 		},
+		{
+			wantError: true,
+			name:      "fails when --repo-url is not a valid URL",
+			cmd:       fmt.Sprintf("attest generic --name foo --fingerprint 7509e5bda0c762d2bac7f90d758b5b2263fa01ccbc542ab5e3df163be08e6ca9 --repo-url not-a-url %s", suite.defaultKosliArguments),
+			golden:    "Error: --repo-url 'not-a-url' is not a valid URL\n",
+		},
+		{
+			wantError: true,
+			name:      "fails when --repo-provider is not an allowed value",
+			cmd:       fmt.Sprintf("attest generic --name foo --fingerprint 7509e5bda0c762d2bac7f90d758b5b2263fa01ccbc542ab5e3df163be08e6ca9 --repo-provider jenkins %s", suite.defaultKosliArguments),
+			golden:    "Error: --repo-provider 'jenkins' is not allowed. Must be one of: github, gitlab, bitbucket, azure-devops\n",
+		},
+		{
+			name:   "can attest with all repo flags",
+			cmd:    fmt.Sprintf("attest generic --name foo --fingerprint 7509e5bda0c762d2bac7f90d758b5b2263fa01ccbc542ab5e3df163be08e6ca9 --repo-id test-repo-id --repository test-repo-name --repo-url https://github.com/org/repo --repo-provider github %s", suite.defaultKosliArguments),
+			golden: "generic attestation 'foo' is reported to trail: test-123\n",
+		},
 	}
 
 	runTestCmd(suite.T(), tests)

cmd/kosli/attestJira.go

@@ -226,6 +226,7 @@ func newAttestJiraCmd(out io.Writer) *cobra.Command {
 
 		},
 		RunE: func(cmd *cobra.Command, args []string) error {
+			o.repoURLExplicit = cmd.Flags().Changed("repo-url")
 			return o.run(args)
 		},
 	}

cmd/kosli/attestJunit.go

@@ -132,6 +132,7 @@ func newAttestJunitCmd(out io.Writer) *cobra.Command {
 
 		},
 		RunE: func(cmd *cobra.Command, args []string) error {
+			o.repoURLExplicit = cmd.Flags().Changed("repo-url")
 			return o.run(args)
 		},
 	}

cmd/kosli/attestPRAzure.go

@@ -146,8 +146,9 @@ func newAttestAzurePRCmd(out io.Writer) *cobra.Command {
 
 		},
 		RunE: func(cmd *cobra.Command, args []string) error {
+			o.repoURLExplicit = cmd.Flags().Changed("repo-url")
 			o.retriever = azUtils.NewAzureConfig(azureFlagsValues.Token,
-				azureFlagsValues.OrgUrl, azureFlagsValues.Project, azureFlagsValues.Repository)
+				azureFlagsValues.OrgUrl, azureFlagsValues.Project, o.repoName)
 			return o.run(args)
 		},
 	}

cmd/kosli/attestPRAzure_test.go

@@ -115,10 +115,22 @@ func (suite *AttestAzurePRCommandTestSuite) TestAttestAzurePRCmd() {
 		{
 			wantError: true,
 			name:      "13 if there is a server error, this is output even when assert fails",
-			cmd: fmt.Sprintf(`attest pullrequest azure --fingerprint 1234e5bda0c762d2bac7f90d758b5b2263fa01ccbc542ab5e3df163be08e6ca9 --name foo 
+			cmd: fmt.Sprintf(`attest pullrequest azure --fingerprint 1234e5bda0c762d2bac7f90d758b5b2263fa01ccbc542ab5e3df163be08e6ca9 --name foo
 				--azure-org-url https://dev.azure.com/kosli --project kosli-azure --repository cli --commit HEAD --assert %s`, suite.defaultKosliArguments),
 			goldenRegex: "found 0 pull request\\(s\\) for commit: .*\nError: Artifact with fingerprint 1234e5bda0c762d2bac7f90d758b5b2263fa01ccbc542ab5e3df163be08e6ca9 does not exist in trail \"test-123\" of flow \"attest-azure-pr\" belonging to organization \"docs-cmd-test-user\"\nError: assert failed: no pull request found for the given commit: .*\n",
 		},
+		{
+			wantError: true,
+			name:      "14 fails when --repo-url is not a valid URL",
+			cmd:       fmt.Sprintf("attest pullrequest azure --name foo --commit HEAD --azure-token fake --azure-org-url https://dev.azure.com/myorg --project myproject --repository myrepo --repo-url not-a-url %s", suite.defaultKosliArguments),
+			golden:    "Error: --repo-url 'not-a-url' is not a valid URL\n",
+		},
+		{
+			wantError: true,
+			name:      "15 fails when --repo-provider is not an allowed value",
+			cmd:       fmt.Sprintf("attest pullrequest azure --name foo --commit HEAD --azure-token fake --azure-org-url https://dev.azure.com/myorg --project myproject --repository myrepo --repo-provider jenkins %s", suite.defaultKosliArguments),
+			golden:    "Error: --repo-provider 'jenkins' is not allowed. Must be one of: github, gitlab, bitbucket, azure-devops\n",
+		},
 	}
 
 	runTestCmd(suite.T(), tests)

cmd/kosli/attestPRBitbucket.go

@@ -166,6 +166,8 @@ func newAttestBitbucketPRCmd(out io.Writer) *cobra.Command {
 
 		},
 		RunE: func(cmd *cobra.Command, args []string) error {
+			o.repoURLExplicit = cmd.Flags().Changed("repo-url")
+			o.getRetriever().(*bbUtils.Config).Repository = o.repoName
 			return o.run(args)
 		},
 	}