From 5d6a771714bb7b8ec1dde9e344f0dce4da3ec58d Mon Sep 17 00:00:00 2001 From: robnester-rh Date: Wed, 9 Oct 2024 13:28:41 -0400 Subject: [PATCH] EC-908 Move GetPinnedURL func to go-gather. This commit removes the GetPinnedURL function from ec-cli as it has been relocated to go-gather. This commit also makes the necessary changes to test files based on modifications of the GetPinnedURL function in go-gather. Signed-off-by: robnester-rh --- cmd/inspect/inspect_policy_test.go | 4 +- cmd/validate/__snapshots__/image_test.snap | 4 +- cmd/validate/image_integration_test.go | 2 +- cmd/validate/image_test.go | 12 +- features/__snapshots__/inspect_policy.snap | 8 +- features/__snapshots__/validate_image.snap | 120 +++++----- go.mod | 22 +- go.sum | 44 ++-- internal/policy/source/source.go | 42 +--- internal/policy/source/source_test.go | 242 --------------------- 10 files changed, 110 insertions(+), 390 deletions(-) diff --git a/cmd/inspect/inspect_policy_test.go b/cmd/inspect/inspect_policy_test.go index bfb559802..560a723f5 100644 --- a/cmd/inspect/inspect_policy_test.go +++ b/cmd/inspect/inspect_policy_test.go @@ -85,7 +85,7 @@ func TestFetchSourcesFromPolicy(t *testing.T) { assert.NoError(t, err) assert.Equal(t, "[one,two,three]", inspectPolicyCmd.Flag("source").Value.String()) - assert.Equal(t, "# Source: one\n\n# Source: three\n\n# Source: two\n\n", buffy.String()) + assert.Equal(t, "# Source: file::one\n\n# Source: file::three\n\n# Source: file::two\n\n", buffy.String()) } func TestFetchSources(t *testing.T) { @@ -131,7 +131,7 @@ func TestFetchSources(t *testing.T) { assert.NoError(t, err) assert.Equal(t, "[one,two,three]", inspectPolicyCmd.Flag("source").Value.String()) - assert.Equal(t, "# Source: one\n\n# Source: three\n\n# Source: two\n\n", buffy.String()) + assert.Equal(t, "# Source: file::one\n\n# Source: file::three\n\n# Source: file::two\n\n", buffy.String()) } func TestSourcesAndPolicyCantBeBothProvided(t *testing.T) { diff --git a/cmd/validate/__snapshots__/image_test.snap b/cmd/validate/__snapshots__/image_test.snap index 4f7107032..3e4376ee6 100755 --- a/cmd/validate/__snapshots__/image_test.snap +++ b/cmd/validate/__snapshots__/image_test.snap @@ -28,7 +28,7 @@ ] }, "policy": [ - "oci://quay.io/hacbs-contract/ec-release-policy:latest@sha256:da54bca5477bf4e3449bc37de1822888fa0fbb8d89c640218cb31b987374d357" + "oci::quay.io/hacbs-contract/ec-release-policy:latest@sha256:da54bca5477bf4e3449bc37de1822888fa0fbb8d89c640218cb31b987374d357" ] } ] @@ -66,7 +66,7 @@ ] }, "policy": [ - "oci://quay.io/hacbs-contract/ec-release-policy:latest@sha256:da54bca5477bf4e3449bc37de1822888fa0fbb8d89c640218cb31b987374d357" + "oci::quay.io/hacbs-contract/ec-release-policy:latest@sha256:da54bca5477bf4e3449bc37de1822888fa0fbb8d89c640218cb31b987374d357" ] } ] diff --git a/cmd/validate/image_integration_test.go b/cmd/validate/image_integration_test.go index d94faddaf..c530904e8 100644 --- a/cmd/validate/image_integration_test.go +++ b/cmd/validate/image_integration_test.go @@ -73,7 +73,7 @@ func TestEvaluatorLifecycle(t *testing.T) { newConftestEvaluator = func(_ context.Context, s []source.PolicySource, _ evaluator.ConfigProvider, _ v1alpha1.Source) (evaluator.Evaluator, error) { // We are splitting this url to get to the index of the evaluator. - idx, err := strconv.Atoi(strings.Split(strings.Split(s[0].PolicyUrl(), "@")[0], "://")[1]) + idx, err := strconv.Atoi(strings.Split(strings.Split(s[0].PolicyUrl(), "@")[0], "::")[1]) require.NoError(t, err) return evaluators[idx], nil diff --git a/cmd/validate/image_test.go b/cmd/validate/image_test.go index e9f83e207..5d8ad1c0b 100644 --- a/cmd/validate/image_test.go +++ b/cmd/validate/image_test.go @@ -699,10 +699,10 @@ spec: assert.NoError(t, err) assert.JSONEq(t, `{ "data": [ - "oci://registry/policy-data:latest@sha256:da54bca5477bf4e3449bc37de1822888fa0fbb8d89c640218cb31b987374d357" + "oci::registry/policy-data:latest@sha256:da54bca5477bf4e3449bc37de1822888fa0fbb8d89c640218cb31b987374d357" ], "policy": [ - "oci://registry/policy:latest@sha256:da54bca5477bf4e3449bc37de1822888fa0fbb8d89c640218cb31b987374d357" + "oci::registry/policy:latest@sha256:da54bca5477bf4e3449bc37de1822888fa0fbb8d89c640218cb31b987374d357" ], "ruleData": { "custom_rule_data":{"prefix_data":["registry1"]}, @@ -773,17 +773,17 @@ func Test_ValidateImageErrorLog(t *testing.T) { ctx = oci.WithClient(ctx, &client) mdl := MockDownloader{} - mdl.On("Download", mock.Anything, "oci::registry/policy:latest", false).Return(&ociMetadata.OCIMetadata{Digest: "sha256:da54bca5477bf4e3449bc37de1822888fa0fbb8d89c640218cb31b987374d357"}, nil) - mdl.On("Download", mock.Anything, "oci::registry/policy-data:latest", false).Return(&ociMetadata.OCIMetadata{Digest: "sha256:da54bca5477bf4e3449bc37de1822888fa0fbb8d89c640218cb31b987374d357"}, nil) + mdl.On("Download", mock.Anything, "oci://registry/policy:latest", false).Return(&ociMetadata.OCIMetadata{Digest: "sha256:da54bca5477bf4e3449bc37de1822888fa0fbb8d89c640218cb31b987374d357"}, nil) + mdl.On("Download", mock.Anything, "oci://registry/policy-data:latest", false).Return(&ociMetadata.OCIMetadata{Digest: "sha256:da54bca5477bf4e3449bc37de1822888fa0fbb8d89c640218cb31b987374d357"}, nil) ctx = context.WithValue(ctx, source.DownloaderFuncKey, &mdl) cmd.SetContext(ctx) testPolicyJSON := `sources: - policy: - - "oci::registry/policy:latest" + - "oci://registry/policy:latest" data: - - "oci::registry/policy-data:latest" + - "oci://registry/policy-data:latest" config: include: - '@minimal' diff --git a/features/__snapshots__/inspect_policy.snap b/features/__snapshots__/inspect_policy.snap index 9dcbb08e8..7afd95553 100755 --- a/features/__snapshots__/inspect_policy.snap +++ b/features/__snapshots__/inspect_policy.snap @@ -10,7 +10,7 @@ Error: Merge error. The 'rule_data' key was found more than once! [json output:stdout - 1] { - "git::https://${GITHOST}/git/policy.git?ref=${LATEST_COMMIT}": [ + "git::${GITHOST}/git/policy.git?ref=${LATEST_COMMIT}": [ { "annotations": { "custom": { @@ -57,7 +57,7 @@ Error: Merge error. The 'rule_data' key was found more than once! --- [default output:stdout - 1] -# Source: git::https://${GITHOST}/git/policy.git?ref=${LATEST_COMMIT} +# Source: git::${GITHOST}/git/policy.git?ref=${LATEST_COMMIT} policy.release.kitty.purr (deny) https://enterprisecontract.dev/docs/ec-policies/release_policy.html#kitty__purr @@ -94,14 +94,14 @@ kitty.purr --- [sources from ECP:stdout - 1] -# Source: git::https://${GITHOST}/git/policy1.git?ref=8288b21ca5e7d8863efffb47c2bc3eac1274d1ff +# Source: git::${GITHOST}/git/policy1.git?ref=8288b21ca5e7d8863efffb47c2bc3eac1274d1ff policy.release.kitty.purr (deny) https://enterprisecontract.dev/docs/ec-policies/release_policy.html#kitty__purr Kittens Fluffy -- -# Source: git::https://${GITHOST}/git/policy2.git?ref=${LATEST_COMMIT} +# Source: git::${GITHOST}/git/policy2.git?ref=${LATEST_COMMIT} main.rejector (deny) Reject rule diff --git a/features/__snapshots__/validate_image.snap b/features/__snapshots__/validate_image.snap index 185daf225..8754400e4 100755 --- a/features/__snapshots__/validate_image.snap +++ b/features/__snapshots__/validate_image.snap @@ -59,7 +59,7 @@ "sources": [ { "policy": [ - "git::https://${GITHOST}/git/happy-day-policy.git?ref=95175b6ea9bb28c645186c6624ff904812ebbca7" + "git::${GITHOST}/git/happy-day-policy.git?ref=95175b6ea9bb28c645186c6624ff904812ebbca7" ] } ], @@ -161,18 +161,18 @@ Error: success criteria not met "sources": [ { "policy": [ - "git::https://${GITHOST}/git/banana_check.git?ref=c6cafb797f5afa8b9c7b1c54ea7bf0ca35368e21" + "git::${GITHOST}/git/banana_check.git?ref=c6cafb797f5afa8b9c7b1c54ea7bf0ca35368e21" ], "data": [ - "git::https://${GITHOST}/git/banana_data_1.git?ref=62e50acbb1a230a3f11ca1858fc053b21fe5cc82" + "git::${GITHOST}/git/banana_data_1.git?ref=62e50acbb1a230a3f11ca1858fc053b21fe5cc82" ] }, { "policy": [ - "git::https://${GITHOST}/git/banana_check.git?ref=c6cafb797f5afa8b9c7b1c54ea7bf0ca35368e21" + "git::${GITHOST}/git/banana_check.git?ref=c6cafb797f5afa8b9c7b1c54ea7bf0ca35368e21" ], "data": [ - "git::https://${GITHOST}/git/banana_data_2.git?ref=${LATEST_COMMIT}" + "git::${GITHOST}/git/banana_data_2.git?ref=${LATEST_COMMIT}" ] } ], @@ -250,7 +250,7 @@ Error: success criteria not met "sources": [ { "policy": [ - "git::https://${GITHOST}/git/happy-day-policy.git?ref=${LATEST_COMMIT}" + "git::${GITHOST}/git/happy-day-policy.git?ref=${LATEST_COMMIT}" ] } ], @@ -327,7 +327,7 @@ Error: success criteria not met "sources": [ { "policy": [ - "git::https://${GITHOST}/git/happy-day-policy.git?ref=95175b6ea9bb28c645186c6624ff904812ebbca7" + "git::${GITHOST}/git/happy-day-policy.git?ref=95175b6ea9bb28c645186c6624ff904812ebbca7" ] } ], @@ -406,7 +406,7 @@ Error: success criteria not met "sources": [ { "policy": [ - "git::https://${GITHOST}/git/future-deny-policy.git?ref=${LATEST_COMMIT}" + "git::${GITHOST}/git/future-deny-policy.git?ref=${LATEST_COMMIT}" ] } ], @@ -501,7 +501,7 @@ Error: success criteria not met "sources": [ { "policy": [ - "git::https://${GITHOST}/git/my-policy1.git?ref=${LATEST_COMMIT}" + "git::${GITHOST}/git/my-policy1.git?ref=${LATEST_COMMIT}" ], "ruleData": { "custom": "data1" @@ -509,7 +509,7 @@ Error: success criteria not met }, { "policy": [ - "git::https://${GITHOST}/git/my-policy2.git?ref=${LATEST_COMMIT}" + "git::${GITHOST}/git/my-policy2.git?ref=${LATEST_COMMIT}" ], "ruleData": { "other": "data2" @@ -614,17 +614,17 @@ Error: success criteria not met "sources": [ { "policy": [ - "git::https://${GITHOST}/git/repository1.git?ref=95175b6ea9bb28c645186c6624ff904812ebbca7" + "git::${GITHOST}/git/repository1.git?ref=95175b6ea9bb28c645186c6624ff904812ebbca7" ] }, { "policy": [ - "git::https://${GITHOST}/git/repository2.git?ref=9998384962ba66481defc409b0f821d222ba3366" + "git::${GITHOST}/git/repository2.git?ref=9998384962ba66481defc409b0f821d222ba3366" ] }, { "policy": [ - "git::https://${GITHOST}/git/repository3.git?ref=${LATEST_COMMIT}" + "git::${GITHOST}/git/repository3.git?ref=${LATEST_COMMIT}" ] } ], @@ -698,7 +698,7 @@ Error: success criteria not met "sources": [ { "policy": [ - "git::https://${GITHOST}/git/mismatched-image-digest.git?ref=${LATEST_COMMIT}" + "git::${GITHOST}/git/mismatched-image-digest.git?ref=${LATEST_COMMIT}" ] } ], @@ -782,7 +782,7 @@ Error: success criteria not met "sources": [ { "policy": [ - "git::https://${GITHOST}/git/happy-day-policy.git?ref=${LATEST_COMMIT}" + "git::${GITHOST}/git/happy-day-policy.git?ref=${LATEST_COMMIT}" ], "config": { "exclude": [ @@ -875,7 +875,7 @@ Error: success criteria not met "sources": [ { "policy": [ - "git::https://${GITHOST}/git/happy-day-policy.git?ref=${LATEST_COMMIT}" + "git::${GITHOST}/git/happy-day-policy.git?ref=${LATEST_COMMIT}" ], "config": { "include": [ @@ -971,7 +971,7 @@ Error: success criteria not met "sources": [ { "policy": [ - "git::https://${GITHOST}/git/happy-day-policy.git?ref=${LATEST_COMMIT}" + "git::${GITHOST}/git/happy-day-policy.git?ref=${LATEST_COMMIT}" ] } ], @@ -1073,9 +1073,9 @@ Error: success criteria not met "sources": [ { "policy": [ - "git::https://${GITHOST}/git/repository1.git?ref=95175b6ea9bb28c645186c6624ff904812ebbca7", - "git::https://${GITHOST}/git/repository2.git?ref=9998384962ba66481defc409b0f821d222ba3366", - "git::https://${GITHOST}/git/repository3.git?ref=${LATEST_COMMIT}" + "git::${GITHOST}/git/repository1.git?ref=95175b6ea9bb28c645186c6624ff904812ebbca7", + "git::${GITHOST}/git/repository2.git?ref=9998384962ba66481defc409b0f821d222ba3366", + "git::${GITHOST}/git/repository3.git?ref=${LATEST_COMMIT}" ] } ], @@ -1122,7 +1122,7 @@ Error: success criteria not met "sources": [ { "policy": [ - "git::https://${GITHOST}/git/unexpected-keyless-cert.git?ref=${LATEST_COMMIT}" + "git::${GITHOST}/git/unexpected-keyless-cert.git?ref=${LATEST_COMMIT}" ] } ] @@ -1167,7 +1167,7 @@ Error: success criteria not met "sources": [ { "policy": [ - "git::https://${GITHOST}/git/invalid-image-signature.git?ref=${LATEST_COMMIT}" + "git::${GITHOST}/git/invalid-image-signature.git?ref=${LATEST_COMMIT}" ] } ], @@ -1245,7 +1245,7 @@ Error: success criteria not met "sources": [ { "policy": [ - "git::https://${GITHOST}/git/happy-day-policy.git?ref=${LATEST_COMMIT}" + "git::${GITHOST}/git/happy-day-policy.git?ref=${LATEST_COMMIT}" ], "config": { "exclude": [ @@ -1276,7 +1276,7 @@ Error: success criteria not met --- [happy day with missing git config:stderr - 1] -Error: no suitable config file found at git::https://${GITHOST}/git/happy-config.git?ref=${LATEST_COMMIT} +Error: no suitable config file found at git::${GITHOST}/git/happy-config.git?ref=${LATEST_COMMIT} --- @@ -1343,7 +1343,7 @@ Error: no suitable config file found at git::https://${GITHOST}/git/happy-config "sources": [ { "policy": [ - "git::https://${GITHOST}/git/future-deny-policy.git?ref=${LATEST_COMMIT}" + "git::${GITHOST}/git/future-deny-policy.git?ref=${LATEST_COMMIT}" ] } ], @@ -1421,7 +1421,7 @@ Error: success criteria not met "sources": [ { "policy": [ - "git::https://${GITHOST}/git/happy-day-policy.git?ref=${LATEST_COMMIT}" + "git::${GITHOST}/git/happy-day-policy.git?ref=${LATEST_COMMIT}" ] } ], @@ -1552,7 +1552,7 @@ Error: success criteria not met "sources": [ { "policy": [ - "git::https://${GITHOST}/git/happy-day-policy.git?ref=${LATEST_COMMIT}" + "git::${GITHOST}/git/happy-day-policy.git?ref=${LATEST_COMMIT}" ] } ] @@ -1598,7 +1598,7 @@ Error: success criteria not met "sources": [ { "policy": [ - "git::https://${GITHOST}/git/mismatched-image-digest.git?ref=${LATEST_COMMIT}" + "git::${GITHOST}/git/mismatched-image-digest.git?ref=${LATEST_COMMIT}" ] } ], @@ -1676,7 +1676,7 @@ Error: success criteria not met "sources": [ { "policy": [ - "git::https://${GITHOST}/git/happy-day-policy.git?ref=${LATEST_COMMIT}" + "git::${GITHOST}/git/happy-day-policy.git?ref=${LATEST_COMMIT}" ] } ], @@ -1806,7 +1806,7 @@ Error: success criteria not met "sources": [ { "policy": [ - "git::https://${GITHOST}/git/happy-day-policy.git?ref=${LATEST_COMMIT}" + "git::${GITHOST}/git/happy-day-policy.git?ref=${LATEST_COMMIT}" ] } ], @@ -1939,7 +1939,7 @@ Results: "sources": [ { "policy": [ - "git::https://${GITHOST}/git/future-deny-policy.git?ref=${LATEST_COMMIT}" + "git::${GITHOST}/git/future-deny-policy.git?ref=${LATEST_COMMIT}" ] } ], @@ -2017,8 +2017,8 @@ Error: success criteria not met "sources": [ { "policy": [ - "oci://${REGISTRY}/acceptance/happy-day-policy:tag@sha256:${REGISTRY_acceptance/happy-day-policy:tag_DIGEST}", - "oci://${REGISTRY}/acceptance/allow-all:latest@sha256:${REGISTRY_acceptance/allow-all:latest_DIGEST}" + "oci::${REGISTRY}/acceptance/happy-day-policy:tag@sha256:${REGISTRY_acceptance/happy-day-policy:tag_DIGEST}", + "oci::${REGISTRY}/acceptance/allow-all:latest@sha256:${REGISTRY_acceptance/allow-all:latest_DIGEST}" ] } ], @@ -2107,7 +2107,7 @@ ${TEMP}/ec-work-${RANDOM}/policy/${RANDOM}/main.rego:34: rego_type_error: undefi "sources": [ { "policy": [ - "git::https://${GITHOST}/git/happy-day-policy.git?ref=${LATEST_COMMIT}" + "git::${GITHOST}/git/happy-day-policy.git?ref=${LATEST_COMMIT}" ] } ], @@ -2184,7 +2184,7 @@ ${TEMP}/ec-work-${RANDOM}/policy/${RANDOM}/main.rego:34: rego_type_error: undefi "sources": [ { "policy": [ - "git::https://${GITHOST}/git/happy-day-policy.git?ref=${LATEST_COMMIT}" + "git::${GITHOST}/git/happy-day-policy.git?ref=${LATEST_COMMIT}" ], "ruleData": { "key": "value" @@ -2274,7 +2274,7 @@ ${TEMP}/ec-work-${RANDOM}/policy/${RANDOM}/main.rego:34: rego_type_error: undefi "sources": [ { "policy": [ - "git::https://${GITHOST}/git/with-dependencies.git?ref=${LATEST_COMMIT}" + "git::${GITHOST}/git/with-dependencies.git?ref=${LATEST_COMMIT}" ] } ], @@ -2366,7 +2366,7 @@ Error: success criteria not met "sources": [ { "policy": [ - "git::https://${GITHOST}/git/unique-successes.git?ref=${LATEST_COMMIT}" + "git::${GITHOST}/git/unique-successes.git?ref=${LATEST_COMMIT}" ] } ], @@ -2499,7 +2499,7 @@ ${__________known_PUBLIC_KEY} "sources": [ { "policy": [ - "git::https://${GITHOST}/git/image-config-policy.git?ref=${LATEST_COMMIT}" + "git::${GITHOST}/git/image-config-policy.git?ref=${LATEST_COMMIT}" ] } ], @@ -2550,7 +2550,7 @@ ${__________known_PUBLIC_KEY} "sources": [ { "policy": [ - "git::https://${GITHOST}/git/my-policy.git?ref=${LATEST_COMMIT}" + "git::${GITHOST}/git/my-policy.git?ref=${LATEST_COMMIT}" ] } ], @@ -2699,7 +2699,7 @@ ${__________known_PUBLIC_KEY} "sources": [ { "policy": [ - "git::https://${GITHOST}/git/ignore-rekor.git?ref=${LATEST_COMMIT}" + "git::${GITHOST}/git/ignore-rekor.git?ref=${LATEST_COMMIT}" ] } ], @@ -2744,7 +2744,7 @@ ${__________known_PUBLIC_KEY} "sources": [ { "policy": [ - "git::https://${GITHOST}/git/rekor-by-default.git?ref=${LATEST_COMMIT}" + "git::${GITHOST}/git/rekor-by-default.git?ref=${LATEST_COMMIT}" ] } ], @@ -3090,7 +3090,7 @@ Error: success criteria not met "sources": [ { "policy": [ - "git::https://${GITHOST}/git/olm-manifests.git?ref=${LATEST_COMMIT}" + "git::${GITHOST}/git/olm-manifests.git?ref=${LATEST_COMMIT}" ] } ], @@ -3177,7 +3177,7 @@ Error: error validating image ${REGISTRY}/acceptance/image of component Unnamed: "sources": [ { "policy": [ - "git::https://${GITHOST}/git/fetch-oci-blob-policy.git?ref=${LATEST_COMMIT}" + "git::${GITHOST}/git/fetch-oci-blob-policy.git?ref=${LATEST_COMMIT}" ] } ], @@ -3254,7 +3254,7 @@ Error: error validating image ${REGISTRY}/acceptance/image of component Unnamed: "sources": [ { "policy": [ - "git::https://${GITHOST}/git/happy-day-policy.git?ref=${LATEST_COMMIT}" + "git::${GITHOST}/git/happy-day-policy.git?ref=${LATEST_COMMIT}" ], "config": { "exclude": [ @@ -3361,7 +3361,7 @@ Error: error validating image ${REGISTRY}/acceptance/image of component Unnamed: "sources": [ { "policy": [ - "git::https://${GITHOST}/git/purl-policy.git?ref=${LATEST_COMMIT}" + "git::${GITHOST}/git/purl-policy.git?ref=${LATEST_COMMIT}" ] } ], @@ -3440,7 +3440,7 @@ Error: success criteria not met "sources": [ { "policy": [ - "git::https://${GITHOST}/git/oci-image-manifest-policy?ref=${LATEST_COMMIT}" + "git::${GITHOST}/git/oci-image-manifest-policy?ref=${LATEST_COMMIT}" ] } ], @@ -3517,7 +3517,7 @@ Error: success criteria not met "sources": [ { "policy": [ - "git::https://${GITHOST}/git/sigstore.git?ref=${LATEST_COMMIT}" + "git::${GITHOST}/git/sigstore.git?ref=${LATEST_COMMIT}" ] } ], @@ -4594,7 +4594,7 @@ Error: success criteria not met "sources": [ { "policy": [ - "git::https://${GITHOST}/git/multitude-policy.git?ref=${LATEST_COMMIT}" + "git::${GITHOST}/git/multitude-policy.git?ref=${LATEST_COMMIT}" ], "ruleData": { "key": "value" @@ -4602,7 +4602,7 @@ Error: success criteria not met }, { "policy": [ - "git::https://${GITHOST}/git/multitude-policy.git?ref=${LATEST_COMMIT}" + "git::${GITHOST}/git/multitude-policy.git?ref=${LATEST_COMMIT}" ], "ruleData": { "something": "here" @@ -4610,7 +4610,7 @@ Error: success criteria not met }, { "policy": [ - "git::https://${GITHOST}/git/multitude-policy.git?ref=${LATEST_COMMIT}" + "git::${GITHOST}/git/multitude-policy.git?ref=${LATEST_COMMIT}" ], "ruleData": { "key": "different" @@ -4618,7 +4618,7 @@ Error: success criteria not met }, { "policy": [ - "git::https://${GITHOST}/git/multitude-policy.git?ref=${LATEST_COMMIT}" + "git::${GITHOST}/git/multitude-policy.git?ref=${LATEST_COMMIT}" ], "ruleData": { "hello": "world" @@ -4626,7 +4626,7 @@ Error: success criteria not met }, { "policy": [ - "git::https://${GITHOST}/git/multitude-policy.git?ref=${LATEST_COMMIT}" + "git::${GITHOST}/git/multitude-policy.git?ref=${LATEST_COMMIT}" ], "ruleData": { "foo": "bar" @@ -4634,7 +4634,7 @@ Error: success criteria not met }, { "policy": [ - "git::https://${GITHOST}/git/multitude-policy.git?ref=${LATEST_COMMIT}" + "git::${GITHOST}/git/multitude-policy.git?ref=${LATEST_COMMIT}" ], "ruleData": { "peek": "poke" @@ -4642,7 +4642,7 @@ Error: success criteria not met }, { "policy": [ - "git::https://${GITHOST}/git/multitude-policy.git?ref=${LATEST_COMMIT}" + "git::${GITHOST}/git/multitude-policy.git?ref=${LATEST_COMMIT}" ], "ruleData": { "hide": "seek" @@ -4650,7 +4650,7 @@ Error: success criteria not met }, { "policy": [ - "git::https://${GITHOST}/git/multitude-policy.git?ref=${LATEST_COMMIT}" + "git::${GITHOST}/git/multitude-policy.git?ref=${LATEST_COMMIT}" ], "ruleData": { "hokus": "pokus" @@ -4658,7 +4658,7 @@ Error: success criteria not met }, { "policy": [ - "git::https://${GITHOST}/git/multitude-policy.git?ref=${LATEST_COMMIT}" + "git::${GITHOST}/git/multitude-policy.git?ref=${LATEST_COMMIT}" ], "ruleData": { "mr": "mxyzptlk" @@ -4666,7 +4666,7 @@ Error: success criteria not met }, { "policy": [ - "git::https://${GITHOST}/git/multitude-policy.git?ref=${LATEST_COMMIT}" + "git::${GITHOST}/git/multitude-policy.git?ref=${LATEST_COMMIT}" ], "ruleData": { "more": "data" @@ -4794,7 +4794,7 @@ Error: success criteria not met "sources": [ { "policy": [ - "git::https://${GITHOST}/git/my-policy.git?ref=${LATEST_COMMIT}" + "git::${GITHOST}/git/my-policy.git?ref=${LATEST_COMMIT}" ] } ], @@ -4867,7 +4867,7 @@ Error: success criteria not met "sources": [ { "policy": [ - "git::https://${GITHOST}/git/oci-image-files-policy?ref=${LATEST_COMMIT}" + "git::${GITHOST}/git/oci-image-files-policy?ref=${LATEST_COMMIT}" ] } ], @@ -4972,7 +4972,7 @@ Error: success criteria not met "sources": [ { "policy": [ - "git::https://${GITHOST}/git/dynamic-severity-policy.git?ref=${LATEST_COMMIT}" + "git::${GITHOST}/git/dynamic-severity-policy.git?ref=${LATEST_COMMIT}" ] } ], diff --git a/go.mod b/go.mod index f0490f6c4..db7a34ceb 100644 --- a/go.mod +++ b/go.mod @@ -7,14 +7,13 @@ require ( github.com/MakeNowJust/heredoc v1.0.0 github.com/Maldris/go-billy-afero v0.0.0-20200815120323-e9d3de59c99a github.com/enterprise-contract/enterprise-contract-controller/api v0.1.60 - github.com/enterprise-contract/go-gather/gather v0.0.3 - github.com/enterprise-contract/go-gather/gather/http v0.0.3-0.20240923130737-4120ba0d92bf + github.com/enterprise-contract/go-gather/gather v0.0.4-0.20241009163919-f9697d385bbb + github.com/enterprise-contract/go-gather/gather/http v0.0.3-0.20241009005203-1e339603d9c3 github.com/enterprise-contract/go-gather/gather/oci v0.0.5-0.20240923101526-bbc07b341aed - github.com/enterprise-contract/go-gather/metadata v0.0.2 - github.com/enterprise-contract/go-gather/metadata/file v0.0.1 - github.com/enterprise-contract/go-gather/metadata/git v0.0.2 - github.com/enterprise-contract/go-gather/metadata/http v0.0.1 - github.com/enterprise-contract/go-gather/metadata/oci v0.0.3 + github.com/enterprise-contract/go-gather/metadata v0.0.3-0.20241009163919-f9697d385bbb + github.com/enterprise-contract/go-gather/metadata/file v0.0.2-0.20241009163919-f9697d385bbb + github.com/enterprise-contract/go-gather/metadata/git v0.0.3-0.20241009163919-f9697d385bbb + github.com/enterprise-contract/go-gather/metadata/oci v0.0.4-0.20241009163919-f9697d385bbb github.com/evanphx/json-patch v5.9.0+incompatible github.com/gkampitakis/go-snaps v0.5.7 github.com/go-git/go-git/v5 v5.12.0 @@ -152,7 +151,7 @@ require ( github.com/coreos/go-oidc/v3 v3.11.0 // indirect github.com/cpuguy83/go-md2man/v2 v2.0.4 // indirect github.com/cyberphone/json-canonicalization v0.0.0-20231217050601-ba74d44ecf5f // indirect - github.com/cyphar/filepath-securejoin v0.3.2 // indirect + github.com/cyphar/filepath-securejoin v0.3.4 // indirect github.com/davecgh/go-spew v1.1.2-0.20180830191138-d8f796af33cc // indirect github.com/dgraph-io/badger/v3 v3.2103.5 // indirect github.com/dgraph-io/ristretto v0.1.1 // indirect @@ -166,10 +165,11 @@ require ( github.com/dustin/go-humanize v1.0.1 // indirect github.com/emicklei/go-restful/v3 v3.12.1 // indirect github.com/emirpasic/gods v1.18.1 // indirect - github.com/enterprise-contract/go-gather v0.0.3 // indirect + github.com/enterprise-contract/go-gather v0.0.4-0.20241009163919-f9697d385bbb // indirect github.com/enterprise-contract/go-gather/expander v0.0.1 // indirect - github.com/enterprise-contract/go-gather/gather/file v0.0.2-0.20240906185922-e8ebd246dc19 // indirect - github.com/enterprise-contract/go-gather/gather/git v0.0.6-0.20240919182827-191282dff6cc // indirect + github.com/enterprise-contract/go-gather/gather/file v0.0.2-0.20241009005203-1e339603d9c3 // indirect + github.com/enterprise-contract/go-gather/gather/git v0.0.6-0.20241009163919-f9697d385bbb // indirect + github.com/enterprise-contract/go-gather/metadata/http v0.0.2-0.20241009163919-f9697d385bbb // indirect github.com/enterprise-contract/go-gather/saver v0.0.2 // indirect github.com/enterprise-contract/go-gather/saver/file v0.0.1 // indirect github.com/evanphx/json-patch/v5 v5.9.0 // indirect diff --git a/go.sum b/go.sum index 47b02fbf8..dfca6b9bf 100644 --- a/go.sum +++ b/go.sum @@ -498,8 +498,8 @@ github.com/cpuguy83/go-md2man/v2 v2.0.4/go.mod h1:tgQtvFlXSQOSOSIRvRPT7W67SCa46t github.com/creack/pty v1.1.9/go.mod h1:oKZEueFk5CKHvIhNR5MUki03XCEU+Q6VDXinZuGJ33E= github.com/cyberphone/json-canonicalization v0.0.0-20231217050601-ba74d44ecf5f h1:eHnXnuK47UlSTOQexbzxAZfekVz6i+LKRdj1CU5DPaM= github.com/cyberphone/json-canonicalization v0.0.0-20231217050601-ba74d44ecf5f/go.mod h1:uzvlm1mxhHkdfqitSA92i7Se+S9ksOn3a3qmv/kyOCw= -github.com/cyphar/filepath-securejoin v0.3.2 h1:QhZu5AxQ+o1XZH0Ye05YzvJ0kAdK6VQc0z9NNMek7gc= -github.com/cyphar/filepath-securejoin v0.3.2/go.mod h1:F7i41x/9cBF7lzCrVsYs9fuzwRZm4NQsGTBdpp6mETc= +github.com/cyphar/filepath-securejoin v0.3.4 h1:VBWugsJh2ZxJmLFSM06/0qzQyiQX2Qs0ViKrUAcqdZ8= +github.com/cyphar/filepath-securejoin v0.3.4/go.mod h1:8s/MCNJREmFK0H02MF6Ihv1nakJe4L/w3WZLHNkvlYM= github.com/danieljoos/wincred v1.2.1 h1:dl9cBrupW8+r5250DYkYxocLeZ1Y4vB1kxgtjxw8GQs= github.com/danieljoos/wincred v1.2.1/go.mod h1:uGaFL9fDn3OLTvzCGulzE+SzjEe5NGlh5FdCcyfPwps= github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38= @@ -547,30 +547,30 @@ github.com/enterprise-contract/enterprise-contract-controller/api v0.1.60 h1:5gf github.com/enterprise-contract/enterprise-contract-controller/api v0.1.60/go.mod h1:R1eRwHUjcYWg4gJnv/zpEDog60J9wBqe2TIjlYFRUe8= github.com/enterprise-contract/go-containerregistry v0.20.3-0.20240923173413-d38c14c16b71 h1:twnh5eqgei+wBKtH5OgAG/oNykryn1jx4Bc85nDEAUk= github.com/enterprise-contract/go-containerregistry v0.20.3-0.20240923173413-d38c14c16b71/go.mod h1:z38EKdKh4h7IP2gSfUUqEvalZBqs6AoLeWfUy34nQC8= -github.com/enterprise-contract/go-gather v0.0.3 h1:Qh4CJhOPdMit4Z/BK3rv7S3GkZ5XLzAlAus1eMKLDA4= -github.com/enterprise-contract/go-gather v0.0.3/go.mod h1:gXqnYRW9uTD06xli3pE+9cwtPVcIdqyPIqBcKQ+kK8I= +github.com/enterprise-contract/go-gather v0.0.4-0.20241009163919-f9697d385bbb h1:xEAfm//zUlKMV33K2hzWTUAN0qBFaQ5h/UXZfYVe7/o= +github.com/enterprise-contract/go-gather v0.0.4-0.20241009163919-f9697d385bbb/go.mod h1:CCVO9+s9CM1varvgiIS2l4Scgo6x/XQVzWCVN0lWl0U= github.com/enterprise-contract/go-gather/expander v0.0.1 h1:CRJX7crqNyuuo82DtFbyIpJB/2hV62zWof4t1dOmCC0= github.com/enterprise-contract/go-gather/expander v0.0.1/go.mod h1:bZ7oijDzlpY3gGc+H48YSsxbCEGxmsqQj+PxnYjtrjg= -github.com/enterprise-contract/go-gather/gather v0.0.3 h1:rSOLqY+ydsqMtqx4IZ+jQKZjmaQuU/ZbrTJCiceoutA= -github.com/enterprise-contract/go-gather/gather v0.0.3/go.mod h1:chij1Nq6vbJP/2sii0sxCuwvrJCJV3hEbH1PpJ/DhwQ= -github.com/enterprise-contract/go-gather/gather/file v0.0.2-0.20240906185922-e8ebd246dc19 h1:RJuPPINRrFoo8VQxJgmCeCp+JeH0058vfUOmSvZwj7k= -github.com/enterprise-contract/go-gather/gather/file v0.0.2-0.20240906185922-e8ebd246dc19/go.mod h1:xQ3WyIZBpJ00WMo49WWL6kQ0zSj/NZ20lB3rM1sLGoU= -github.com/enterprise-contract/go-gather/gather/git v0.0.6-0.20240919182827-191282dff6cc h1:lIdxj8bJbpzc0yxCQm0QPwVYgky9P687ky1thet0ZaM= -github.com/enterprise-contract/go-gather/gather/git v0.0.6-0.20240919182827-191282dff6cc/go.mod h1:8dLd8gobw9VTlBveuK/smLXdNmNYQKmbLSzNjjTpm64= -github.com/enterprise-contract/go-gather/gather/http v0.0.3-0.20240923130737-4120ba0d92bf h1:yaNndl55uPdyj7KBizBnrEP/WOO4cxU49OAOTfbhRH0= -github.com/enterprise-contract/go-gather/gather/http v0.0.3-0.20240923130737-4120ba0d92bf/go.mod h1:qb/kIRJXDmasYGXCFfNjLa/rkSzUpIdplCAqt8zfllw= +github.com/enterprise-contract/go-gather/gather v0.0.4-0.20241009163919-f9697d385bbb h1:z4frhJQBIAqpLrMrJV09uLm9irUcIgRa0FCuNxdPe7M= +github.com/enterprise-contract/go-gather/gather v0.0.4-0.20241009163919-f9697d385bbb/go.mod h1:RjOVe9IcbHLn2EOK6Ac/sU+ZjJX01wQPsdq2j4MktE8= +github.com/enterprise-contract/go-gather/gather/file v0.0.2-0.20241009005203-1e339603d9c3 h1:43C7o7kcif+ScsL5KENall+MKuss/MTpsc4cGYGdKSU= +github.com/enterprise-contract/go-gather/gather/file v0.0.2-0.20241009005203-1e339603d9c3/go.mod h1:f/sSub01eVEuQd1NFWYb8ZJ58toWTFU1AdVypVuTUSo= +github.com/enterprise-contract/go-gather/gather/git v0.0.6-0.20241009163919-f9697d385bbb h1:zwO26wPvMc+0x4Y81DNoWGS+xHIK2AeMWPYx02swiaM= +github.com/enterprise-contract/go-gather/gather/git v0.0.6-0.20241009163919-f9697d385bbb/go.mod h1:8dLd8gobw9VTlBveuK/smLXdNmNYQKmbLSzNjjTpm64= +github.com/enterprise-contract/go-gather/gather/http v0.0.3-0.20241009005203-1e339603d9c3 h1:+QM4E5xgzLrq4ET6DIeWtDfUBIoCXIw8tTF29QVmkTg= +github.com/enterprise-contract/go-gather/gather/http v0.0.3-0.20241009005203-1e339603d9c3/go.mod h1:qb/kIRJXDmasYGXCFfNjLa/rkSzUpIdplCAqt8zfllw= github.com/enterprise-contract/go-gather/gather/oci v0.0.5-0.20240923101526-bbc07b341aed h1:hEesi1UVFG8DPhOO7MDSwzABxYqR0S++wPxSmcLu42c= github.com/enterprise-contract/go-gather/gather/oci v0.0.5-0.20240923101526-bbc07b341aed/go.mod h1:KpHOXO2fkYXxKPyxUPGunFBeTuwy7aZ9TJ9mVvfOmiQ= -github.com/enterprise-contract/go-gather/metadata v0.0.2 h1:BxPXXZFjX7lrYnlJosPmvISgjF13HpawEtZTDxjnjcQ= -github.com/enterprise-contract/go-gather/metadata v0.0.2/go.mod h1:m2HxByQBWZyc99HDs/Lqy7QzU9+XQ2tU0X/mzkCPgPw= -github.com/enterprise-contract/go-gather/metadata/file v0.0.1 h1:DRhTGKRXFRh/FVn2LNX8yIJZHHYKc5x5260hnYxQ4DY= -github.com/enterprise-contract/go-gather/metadata/file v0.0.1/go.mod h1:4PckwLejZstUEBp2QUAdQYQ0O+h5tijrs48j+7OY4OY= -github.com/enterprise-contract/go-gather/metadata/git v0.0.2 h1:dsIFe2uxbSzO2wRM+MPjL6cjcJxvG00zrXUUoWj4vg8= -github.com/enterprise-contract/go-gather/metadata/git v0.0.2/go.mod h1:lSI/5buGHKqQk+AZGOSRejk5tuC76XCvV1Zv/JZUEbE= -github.com/enterprise-contract/go-gather/metadata/http v0.0.1 h1:ebhT9h93v/Et+5c1t5PJzGj6V2g18elm1VDrQg6y63A= -github.com/enterprise-contract/go-gather/metadata/http v0.0.1/go.mod h1:VjjTqsJ+sM7MVsVkEFgpcJzY9hur9pIBEMptrVvAwoI= -github.com/enterprise-contract/go-gather/metadata/oci v0.0.3 h1:J/HoOAusiVxiedO93jdT4QsKkfRCbNqgCPd95U8Ohvk= -github.com/enterprise-contract/go-gather/metadata/oci v0.0.3/go.mod h1:qa2BXIR4M85SjfVVDaqqMVksSmvK4JlfsR89tadqobg= +github.com/enterprise-contract/go-gather/metadata v0.0.3-0.20241009163919-f9697d385bbb h1:tas5MWGFLy78XteiKHDBlNsXKVDBY13PW+eAO5s4jfM= +github.com/enterprise-contract/go-gather/metadata v0.0.3-0.20241009163919-f9697d385bbb/go.mod h1:61zwrsbS85d0fEUtM34Rfdz07KhDSBfwnqxTLqzjoy4= +github.com/enterprise-contract/go-gather/metadata/file v0.0.2-0.20241009163919-f9697d385bbb h1:1kdYoGzoBtAzBqu8GB7A5oDA0Q62eOpH/zVXc219tgU= +github.com/enterprise-contract/go-gather/metadata/file v0.0.2-0.20241009163919-f9697d385bbb/go.mod h1:PwGPhiuskbcewgVtxIh/Anv8RGgaON/WTWQFRM+Pw4E= +github.com/enterprise-contract/go-gather/metadata/git v0.0.3-0.20241009163919-f9697d385bbb h1:2k93ZA9qikRzBnKix4UE88LEiMDtrHpezQ7c2zqvbnA= +github.com/enterprise-contract/go-gather/metadata/git v0.0.3-0.20241009163919-f9697d385bbb/go.mod h1:gRUp8C+9YdCUl5lU+QjzFVlsih7XhDqNgxroOJynIRI= +github.com/enterprise-contract/go-gather/metadata/http v0.0.2-0.20241009163919-f9697d385bbb h1:Om2b5SvIaeOOvIkC5XaQa/yz7nA08sM9nlBkMvTimtg= +github.com/enterprise-contract/go-gather/metadata/http v0.0.2-0.20241009163919-f9697d385bbb/go.mod h1:p1Meh709ZkGA1SwBKUkPGWBsKDlXamlvWTCY2suPrjU= +github.com/enterprise-contract/go-gather/metadata/oci v0.0.4-0.20241009163919-f9697d385bbb h1:kPwfLAJnm7db4ajiph0gTHB72mELUfaaQiRlrBwoOkQ= +github.com/enterprise-contract/go-gather/metadata/oci v0.0.4-0.20241009163919-f9697d385bbb/go.mod h1:4sgFUcsIHizoYy35eoSS0v5u7qEY+r4QFL//jxGbbX8= github.com/enterprise-contract/go-gather/saver v0.0.2 h1:+XeeuEzglzBxlTRD0boIqac7v4zI7g2g2es74iVTXgM= github.com/enterprise-contract/go-gather/saver v0.0.2/go.mod h1:3f37v+I/EY8me7gaopGly107R7gqibR8UyBA3NgzMbo= github.com/enterprise-contract/go-gather/saver/file v0.0.1 h1:rLDMb7AW5kJLqRaKXazZroT8wfqy43tth6O6XLKY0MY= diff --git a/internal/policy/source/source.go b/internal/policy/source/source.go index bab1810c9..13a01af93 100644 --- a/internal/policy/source/source.go +++ b/internal/policy/source/source.go @@ -29,7 +29,6 @@ import ( "path" "path/filepath" "runtime/trace" - "strings" "sync" "time" @@ -37,7 +36,6 @@ import ( "github.com/enterprise-contract/go-gather/metadata" fileMetadata "github.com/enterprise-contract/go-gather/metadata/file" gitMetadata "github.com/enterprise-contract/go-gather/metadata/git" - httpMetadata "github.com/enterprise-contract/go-gather/metadata/http" ociMetadata "github.com/enterprise-contract/go-gather/metadata/oci" log "github.com/sirupsen/logrus" "github.com/spf13/afero" @@ -159,7 +157,8 @@ func (p *PolicyUrl) GetPolicy(ctx context.Context, workDir string, showMsg bool) return "", err } - p.Url, err = getPinnedUrl(p.Url, metadata) + p.Url, err = metadata.GetPinnedURL(p.Url) + log.Debug("Pinned URL: ", p.Url) if err != nil { return "", err } @@ -180,43 +179,6 @@ func (p PolicyUrl) Type() PolicyType { return p.Kind } -// getPinnedUrl returns the URL with the pinned commit or digest. -// TODO: Move this to the go-gather library. -func getPinnedUrl(u string, m metadata.Metadata) (string, error) { - if m == nil { - return "", fmt.Errorf("metadata is nil") - } - - if len(u) == 0 { - return "", fmt.Errorf("url is empty") - } - - switch t := m.(type) { - case *gitMetadata.GitMetadata: - - return strings.SplitN(u, "?ref=", 2)[0] + "?ref=" + t.LatestCommit, nil - - case *ociMetadata.OCIMetadata: - for _, scheme := range []string{"oci::", "oci://", "https://"} { - u = strings.TrimPrefix(u, scheme) - } - parts := strings.Split(u, "@") - if len(parts) > 1 { - u = parts[0] - } - return fmt.Sprintf("oci://%s@%s", u, t.Digest), nil - - case *httpMetadata.HTTPMetadata: - return u, nil - case *fileMetadata.FileMetadata: - return u, nil - case *fileMetadata.DirectoryMetadata: - return u, nil - default: - return "", fmt.Errorf("unknown metadata type") - } -} - func logMetadata(m metadata.Metadata) { if m != nil { switch v := m.(type) { diff --git a/internal/policy/source/source_test.go b/internal/policy/source/source_test.go index 4fd132648..b18ca6778 100644 --- a/internal/policy/source/source_test.go +++ b/internal/policy/source/source_test.go @@ -30,9 +30,6 @@ import ( ecc "github.com/enterprise-contract/enterprise-contract-controller/api/v1alpha1" "github.com/enterprise-contract/go-gather/metadata" fileMetadata "github.com/enterprise-contract/go-gather/metadata/file" - gitMetadata "github.com/enterprise-contract/go-gather/metadata/git" - httpMetadata "github.com/enterprise-contract/go-gather/metadata/http" - ociMetadata "github.com/enterprise-contract/go-gather/metadata/oci" "github.com/spf13/afero" "github.com/stretchr/testify/assert" "github.com/stretchr/testify/mock" @@ -266,242 +263,3 @@ func TestGetPolicyThroughCache(t *testing.T) { test(t, afero.NewMemMapFs(), 2) }) } - -// TestGetPinnedURL tests the GetPinnedURL function with various inputs and metadata types. -func TestGetPinnedURL(t *testing.T) { - testCases := []struct { - name string - url string - metadata metadata.Metadata - expected string - hasError bool - }{ - // Git Metadata Tests - { - name: "Git URL with git:: prefix and ref", - url: "git::https://test-url.git?ref=abc1234", - metadata: &gitMetadata.GitMetadata{ - LatestCommit: "def456", - }, - expected: "git::https://test-url.git?ref=def456", - hasError: false, - }, - { - name: "Git URL without git:: prefix", - url: "https://test-url.git?ref=abc1234", - metadata: &gitMetadata.GitMetadata{ - LatestCommit: "def456", - }, - expected: "https://test-url.git?ref=def456", - hasError: false, - }, - { - name: "Git URL with git:: prefix and path suffix", - url: "git::https://test-url.git//path/to/file?ref=abc1234", - metadata: &gitMetadata.GitMetadata{ - LatestCommit: "ghi789", - }, - expected: "git::https://test-url.git//path/to/file?ref=ghi789", - hasError: false, - }, - { - name: "Git URL with git:: prefix, path suffix, and existing SHA (should ignore SHA)", - url: "git::https://test-url.git//path/to/file?ref=abc1234@sha256:xyz", - metadata: &gitMetadata.GitMetadata{ - LatestCommit: "ghi789", - }, - expected: "git::https://test-url.git//path/to/file?ref=ghi789", - hasError: false, - }, - - // OCI Metadata Tests - { - name: "OCI URL with oci:: prefix and repo tag", - url: "oci::registry/policy:latest", - metadata: &ociMetadata.OCIMetadata{ - Digest: "sha256:c04c1f5ea75e869e2da7150c927d0c8649790b2e3c82e6ff317d4cfa068c1649", - }, - expected: "oci://registry/policy:latest@sha256:c04c1f5ea75e869e2da7150c927d0c8649790b2e3c82e6ff317d4cfa068c1649", - hasError: false, - }, - { - name: "OCI URL with oci:// prefix and repo tag", - url: "oci://registry/org/policy:dev", - metadata: &ociMetadata.OCIMetadata{ - Digest: "sha256:c04c1f5ea75e869e2da7150c927d0c8649790b2e3c82e6ff317d4cfa068c1649", - }, - expected: "oci://registry/org/policy:dev@sha256:c04c1f5ea75e869e2da7150c927d0c8649790b2e3c82e6ff317d4cfa068c1649", - hasError: false, - }, - { - name: "OCI URL with oci:: prefix, path suffix, and repo tag", - url: "oci::registry/policy:main", - metadata: &ociMetadata.OCIMetadata{ - Digest: "sha256:c04c1f5ea75e869e2da7150c927d0c8649790b2e3c82e6ff317d4cfa068c1649", - }, - expected: "oci://registry/policy:main@sha256:c04c1f5ea75e869e2da7150c927d0c8649790b2e3c82e6ff317d4cfa068c1649", - hasError: false, - }, - { - name: "OCI URL with oci:: prefix and path suffix without repo tag", - url: "oci::registry/policy", - metadata: &ociMetadata.OCIMetadata{ - Digest: "sha256:c04c1f5ea75e869e2da7150c927d0c8649790b2e3c82e6ff317d4cfa068c1649", - }, - expected: "oci://registry/policy@sha256:c04c1f5ea75e869e2da7150c927d0c8649790b2e3c82e6ff317d4cfa068c1649", - hasError: false, - }, - { - name: "OCI URL without prefix and with repo tag", - url: "registry/policy:latest", - metadata: &ociMetadata.OCIMetadata{ - Digest: "sha256:c04c1f5ea75e869e2da7150c927d0c8649790b2e3c82e6ff317d4cfa068c1649", - }, - expected: "oci://registry/policy:latest@sha256:c04c1f5ea75e869e2da7150c927d0c8649790b2e3c82e6ff317d4cfa068c1649", - hasError: false, - }, - { - name: "OCI URL without prefix and without repo tag", - url: "registry/policy", - metadata: &ociMetadata.OCIMetadata{ - Digest: "sha256:c04c1f5ea75e869e2da7150c927d0c8649790b2e3c82e6ff317d4cfa068c1649", - }, - expected: "oci://registry/policy@sha256:c04c1f5ea75e869e2da7150c927d0c8649790b2e3c82e6ff317d4cfa068c1649", - hasError: false, - }, - { - name: "OCI URL with oci:: prefix and path suffix without tag", - url: "oci://registry/policy", - metadata: &ociMetadata.OCIMetadata{ - Digest: "sha256:c04c1f5ea75e869e2da7150c927d0c8649790b2e3c82e6ff317d4cfa068c1649", - }, - expected: "oci://registry/policy@sha256:c04c1f5ea75e869e2da7150c927d0c8649790b2e3c82e6ff317d4cfa068c1649", - hasError: false, - }, - { - name: "OCI URL with oci:// prefix and repo tag with existing digest", - url: "oci://registry/policy:bar@sha256:e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855", - metadata: &ociMetadata.OCIMetadata{ - Digest: "sha256:c04c1f5ea75e869e2da7150c927d0c8649790b2e3c82e6ff317d4cfa068c1649", - }, - expected: "oci://registry/policy:bar@sha256:c04c1f5ea75e869e2da7150c927d0c8649790b2e3c82e6ff317d4cfa068c1649", - hasError: false, - }, - { - name: "OCI URL with oci:: prefix and path suffix with existing digest", - url: "oci::registry/policy:baz@sha256:e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855", - metadata: &ociMetadata.OCIMetadata{ - Digest: "sha256:c04c1f5ea75e869e2da7150c927d0c8649790b2e3c82e6ff317d4cfa068c1649", - }, - expected: "oci://registry/policy:baz@sha256:c04c1f5ea75e869e2da7150c927d0c8649790b2e3c82e6ff317d4cfa068c1649", - hasError: false, - }, - { - name: "OCI URL with oci:: prefix and path suffix without tag", - url: "oci::registry/policy", - metadata: &ociMetadata.OCIMetadata{ - Digest: "sha256:c04c1f5ea75e869e2da7150c927d0c8649790b2e3c82e6ff317d4cfa068c1649", - }, - expected: "oci://registry/policy@sha256:c04c1f5ea75e869e2da7150c927d0c8649790b2e3c82e6ff317d4cfa068c1649", - hasError: false, - }, - { - name: "OCI URL with multiple path suffixes and repo tag", - url: "oci://registry/policy:beta", - metadata: &ociMetadata.OCIMetadata{ - Digest: "sha256:c04c1f5ea75e869e2da7150c927d0c8649790b2e3c82e6ff317d4cfa068c1649", - }, - expected: "oci://registry/policy:beta@sha256:c04c1f5ea75e869e2da7150c927d0c8649790b2e3c82e6ff317d4cfa068c1649", - hasError: false, - }, - - // HTTP and File Metadata Tests - { - name: "HTTP URL", - url: "https://example.org/policy.yaml", - metadata: &httpMetadata.HTTPMetadata{}, - expected: "https://example.org/policy.yaml", - hasError: false, - }, - { - name: "HTTP Metadata with query", - url: "https://example.org/policy.yaml?version=1.0", - metadata: &httpMetadata.HTTPMetadata{}, - expected: "https://example.org/policy.yaml?version=1.0", - hasError: false, - }, - { - name: "File Metadata with regular URL without tag", - url: "/path/to/policy.yaml", - metadata: &fileMetadata.FileMetadata{}, - expected: "/path/to/policy.yaml", - hasError: false, - }, - - // Error Cases - { - name: "Nil Metadata", - url: "oci::registry/policy:latest", - metadata: nil, - expected: "", - hasError: true, - }, - { - name: "Empty URL", - url: "", - metadata: &ociMetadata.OCIMetadata{Digest: "sha256:abc1234"}, - expected: "", - hasError: true, - }, - { - name: "Unknown Metadata Type", - url: "oci::registry/policy:latest", - metadata: nil, - expected: "", - hasError: true, - }, - { - name: "OCI URL with oci:: prefix but missing repository", - url: "oci:://path/to/file:dev@sha256:abc1234", - metadata: &ociMetadata.OCIMetadata{ - Digest: "sha256:uvw789", - }, - expected: "oci:////path/to/file:dev@sha256:uvw789", - hasError: false, // Depending on implementation, may or may not error - }, - { - name: "OCI URL with multiple colons in path tag", - url: "oci://registry/policy//path:to:file:dev@sha256:abc1234", - metadata: &ociMetadata.OCIMetadata{ - Digest: "sha256:xyz123", - }, - expected: "oci://registry/policy//path:to:file:dev@sha256:xyz123", - hasError: false, - }, - { - name: "OCI URL without digest but metadata provides digest", - url: "oci::registry/policy:latest", - metadata: &ociMetadata.OCIMetadata{ - Digest: "sha256:missingdigest", - }, - expected: "oci://registry/policy:latest@sha256:missingdigest", - hasError: false, - }, - } - - for _, tc := range testCases { - tc := tc // Capture range variable - t.Run(tc.name, func(t *testing.T) { - t.Parallel() // Run tests in parallel where possible - - got, err := getPinnedUrl(tc.url, tc.metadata) - if (err != nil) != tc.hasError { - t.Errorf("GetPinnedURL() \nerror = %v, \nexpected error = %v", err, tc.hasError) - t.Fatalf("GetPinnedURL() \nerror = %v, \nexpected error = %v", err, tc.hasError) - } - if got != tc.expected { - t.Errorf("GetPinnedURL() = %q\ninput = %q\nexpected = %q\ngot = %q", got, tc.url, tc.expected, got) - } - }) - } -}