chore: download SBOMs using CAS (#52)

Signed-off-by: Miguel Martinez Trivino <[email protected]>

Author: migmartri

app/controlplane/cmd/wire_gen.go

@@ -29,7 +29,6 @@ import (
 	"github.com/chainloop-dev/chainloop/app/controlplane/internal/biz"
 	"github.com/chainloop-dev/chainloop/app/controlplane/internal/integrations/dependencytrack"
 	"github.com/chainloop-dev/chainloop/internal/attestation/renderer"
-	"github.com/chainloop-dev/chainloop/internal/blobmanager/oci"
 	"github.com/chainloop-dev/chainloop/internal/credentials"
 	"github.com/chainloop-dev/chainloop/internal/servicelogger"
 	"github.com/go-kratos/kratos/v2/log"
@@ -41,13 +40,14 @@ type Integration struct {
 	integrationUC       *biz.IntegrationUseCase
 	ociUC               *biz.OCIRepositoryUseCase
 	credentialsProvider credentials.ReaderWriter
+	casClient           biz.CASClient
 	log                 *log.Helper
 }
 
 const Kind = "Dependency-Track"
 
-func New(integrationUC *biz.IntegrationUseCase, ociUC *biz.OCIRepositoryUseCase, creds credentials.ReaderWriter, l log.Logger) *Integration {
-	return &Integration{integrationUC, ociUC, creds, servicelogger.ScopedHelper(l, "biz/integration/deptrack")}
+func New(integrationUC *biz.IntegrationUseCase, ociUC *biz.OCIRepositoryUseCase, creds credentials.ReaderWriter, c biz.CASClient, l log.Logger) *Integration {
+	return &Integration{integrationUC, ociUC, creds, c, servicelogger.ScopedHelper(l, "biz/integration/deptrack")}
 }
 
 func (uc *Integration) Add(ctx context.Context, orgID, host, apiKey string, enableProjectCreation bool) (*biz.Integration, error) {
@@ -105,6 +105,7 @@ func (uc *Integration) UploadSBOMs(envelope *dsse.Envelope, orgID, workflowID st
 		return nil
 	}
 
+	// There is at least one enabled integration, extract the SBOMs
 	predicate, err := renderer.ExtractPredicate(envelope)
 	if err != nil {
 		return err
@@ -117,11 +118,6 @@ func (uc *Integration) UploadSBOMs(envelope *dsse.Envelope, orgID, workflowID st
 		return errors.NotFound("not found", "main repository not found")
 	}
 
-	backend, err := oci.NewBackendProvider(uc.credentialsProvider).FromCredentials(ctx, repo.SecretName)
-	if err != nil {
-		return err
-	}
-
 	for _, m := range predicate.Materials {
 		if m.Type != contractAPI.CraftingSchema_Material_SBOM_CYCLONEDX_JSON.String() {
 			continue
@@ -133,11 +129,14 @@ func (uc *Integration) UploadSBOMs(envelope *dsse.Envelope, orgID, workflowID st
 			continue
 		}
 
+		digest = "sha256:" + digest
+
 		uc.log.Infow("msg", "SBOM present, downloading", "workflowID", workflowID, "integration", Kind, "name", m.Name)
 		// Download SBOM
-		if err := backend.Download(ctx, buf, digest); err != nil {
-			return err
+		if err := uc.casClient.Download(ctx, repo.SecretName, buf, digest); err != nil {
+			return fmt.Errorf("downloading from CAS: %w", err)
 		}
+
 		uc.log.Infow("msg", "SBOM downloaded", "digest", digest, "workflowID", workflowID, "integration", Kind, "name", m.Name)
 
 		// Run integrations with that sbom

app/controlplane/internal/biz/integration/dependencytrack/dependencytrack.go

@@ -34,7 +34,7 @@ func (s *testSuite) TestAdd() {
 	org, err := s.Organization.Create(ctx, "testing org")
 	assert.NoError(err)
 
-	i := dependencytrack.New(s.Integration, s.OCIRepo, credsReader, nil)
+	i := dependencytrack.New(s.Integration, s.OCIRepo, credsReader, nil, nil)
 
 	credsReader.On("SaveCredentials", ctx, org.ID, mock.Anything).Return("secret-key", nil)
 

app/controlplane/internal/biz/integration/dependencytrack/dependencytrack_test.go

@@ -0,0 +1,7 @@
+-----BEGIN EC PRIVATE KEY-----
+MIHcAgEBBEIAH5EPbqm6m8XzqQOao85bpZR+X+mjJNEdeC46PuW9hvJVzXxQl7hK
+O4QNGanrmKIItYklBrX7YOLqzaFYXNL/zQKgBwYFK4EEACOhgYkDgYYABAB4jcRn
+lZuECX6QvUAOCGiMVCbxYv+mOXgn2X0EDx+MEhHcSN2jjf0IinRpVMtufrFjG+A0
+dhF2wK0O9HxPvcVP9gAnjlu5gak7H4SjM9JkCTdWIMpcXrW3lzRAVbb0niYv0Wbc
+sAQhsfOVcKEo88Zaqlisw0edRb+BtZsFMWIniyzb0Q==
+-----END EC PRIVATE KEY-----

app/controlplane/internal/biz/integration/dependencytrack/testdata/test-key.ec.pem

@@ -0,0 +1,7 @@
+-----BEGIN EC PRIVATE KEY-----
+MIHcAgEBBEIAH5EPbqm6m8XzqQOao85bpZR+X+mjJNEdeC46PuW9hvJVzXxQl7hK
+O4QNGanrmKIItYklBrX7YOLqzaFYXNL/zQKgBwYFK4EEACOhgYkDgYYABAB4jcRn
+lZuECX6QvUAOCGiMVCbxYv+mOXgn2X0EDx+MEhHcSN2jjf0IinRpVMtufrFjG+A0
+dhF2wK0O9HxPvcVP9gAnjlu5gak7H4SjM9JkCTdWIMpcXrW3lzRAVbb0niYv0Wbc
+sAQhsfOVcKEo88Zaqlisw0edRb+BtZsFMWIniyzb0Q==
+-----END EC PRIVATE KEY-----

app/controlplane/internal/biz/testdata/test-key.ec.pem

@@ -84,7 +84,10 @@ func NewTestingUseCases(t *testing.T, opts ...NewTestingUCOpt) *TestingUseCases
 
 	db := NewTestDatabase(t)
 	log := log.NewStdLogger(io.Discard)
-	testData, _, err := WireTestData(db, t, log, newArgs.credsReaderWriter, &robotaccount.Builder{}, &conf.Auth{GeneratedJwsHmacSecret: "test"})
+	testData, _, err := WireTestData(db, t, log, newArgs.credsReaderWriter, &robotaccount.Builder{}, &conf.Auth{
+		GeneratedJwsHmacSecret:        "test",
+		CasRobotAccountPrivateKeyPath: "./testdata/test-key.ec.pem",
+	})
 	assert.NoError(t, err)
 	return testData
 }
@@ -140,6 +143,10 @@ func newConfData(db *TestDatabase, t *testing.T) *conf.Data {
 	return &conf.Data{Database: &conf.Data_Database{Driver: "pgx", Source: db.ConnectionString(t)}}
 }
 
+func newConfCAS() *conf.Bootstrap_CASServer {
+	return &conf.Bootstrap_CASServer{Grpc: &conf.Server_GRPC{}}
+}
+
 func (db *TestDatabase) Close(t *testing.T) {
 	ctx, cancel := context.WithTimeout(context.Background(), time.Minute)
 	defer cancel()

app/controlplane/internal/biz/testhelpers/database.go

@@ -15,7 +15,9 @@
 
 package testhelpers
 
-import "github.com/stretchr/testify/suite"
+import (
+	"github.com/stretchr/testify/suite"
+)
 
 // Suite that creates a database and sets the schema before each test
 type UseCasesEachTestSuite struct {

app/controlplane/internal/biz/testhelpers/suite.go

@@ -43,9 +43,11 @@ func WireTestData(*TestDatabase, *testing.T, log.Logger, credentials.ReaderWrite
 			integration.ProviderSet,
 			wire.Bind(new(backend.Provider), new(*oci.BackendProvider)),
 			wire.Bind(new(credentials.Reader), new(credentials.ReaderWriter)),
+			wire.Bind(new(biz.CASClient), new(*biz.CASClientUseCase)),
 			oci.NewBackendProvider,
 			wire.Struct(new(TestingUseCases), "*"),
 			newConfData,
+			newConfCAS,
 		),
 	)
 }