Added the remaining code review changes including the api Route, the list function and the create function

Author: patrick.rissmann@l3montree.com

.vscode/settings.json

@@ -8,6 +8,8 @@
     "cSpell.words": [
         "devguard",
         "ghinstallation",
+        "gorm",
+        "montree",
         "Vulns"
     ]
 }

cmd/devguard/api/api.go

@@ -555,6 +555,9 @@ func BuildRouter(db core.DB) *echo.Echo {
 
 	assetVersionRouter.GET("/versions/", assetVersionController.Versions)
 
+	assetVersionRouter.GET("/attestations/", attestationController.List)
+	assetVersionRouter.POST("/attestations/", attestationController.Create)
+
 	assetRouter.POST("/integrations/gitlab/autosetup/", integrationController.AutoSetup, projectScopedRBAC(accesscontrol.ObjectAsset, accesscontrol.ActionUpdate))
 	assetRouter.PATCH("/", assetController.Update, projectScopedRBAC(accesscontrol.ObjectAsset, accesscontrol.ActionUpdate))
 
@@ -564,7 +567,6 @@ func BuildRouter(db core.DB) *echo.Echo {
 	assetRouter.GET("/in-toto/root.layout.json/", intotoController.RootLayout)
 
 	assetVersionRouter.GET("/in-toto/:supplyChainId/", intotoController.Read)
-	assetVersionRouter.POST("/attestations/", attestationController.Create)
 
 	apiV1Router.GET("/verify-supply-chain/", intotoController.VerifySupplyChain)
 
@@ -579,9 +581,6 @@ func BuildRouter(db core.DB) *echo.Echo {
 
 	dependencyVulnRouter.GET("/:dependencyVulnId/events/", vulnEventController.ReadAssetEventsByVulnID)
 
-	attestationRouter := assetVersionRouter.Group("/attestations")
-	attestationRouter.GET("/", attestationController.List)
-
 	routes := server.Routes()
 	sort.Slice(routes, func(i, j int) bool {
 		return routes[i].Path < routes[j].Path

internal/core/attestation/attestation_controller.go

@@ -1,7 +1,7 @@
 package attestation
 
 import (
-	"fmt"
+	"encoding/json"
 	"io"
 
 	"github.com/l3montree-dev/devguard/internal/core"
@@ -22,8 +22,9 @@ func NewAttestationController(repository core.AttestationRepository) *attestatio
 func (a *attestationController) List(ctx core.Context) error {
 
 	asset := core.GetAsset(ctx)
+	assetVersion := core.GetAssetVersion(ctx)
 
-	attestationList, err := a.attestationRepository.GetByAssetID(asset.GetID())
+	attestationList, err := a.attestationRepository.GetByAssetVersion(asset.GetID(), assetVersion.Name)
 	if err != nil {
 		return err
 	}
@@ -33,23 +34,24 @@ func (a *attestationController) List(ctx core.Context) error {
 
 func (a *attestationController) Create(ctx core.Context) error {
 	var attestation models.Attestation
+	jsonContent := make(map[string]any)
 
 	assetVersion := core.GetAssetVersion(ctx)
-
 	attestation.AssetID = core.GetAsset(ctx).ID
 
 	attestation.AssetVersionName = assetVersion.Name
 	attestation.AssetVersion = assetVersion
-	//How to get the name of the attestation ?
+	attestation.AttestationName = ctx.Request().Header.Get("X-Attestation-Name")
 
 	content, err := io.ReadAll(ctx.Request().Body)
-
 	if err != nil {
 		return echo.NewHTTPError(400, "unable to bind data to attestation model").WithInternal(err)
 	}
-	//json := make(map[string]string)
-	//err = json.Unmarshal(content, &json)
-	fmt.Printf("content: %s \n", content)
+
+	err = json.Unmarshal(content, &jsonContent)
+	if err != nil {
+		return err
+	}
 
 	err = core.V.Struct(attestation)
 	if err != nil {