feat(attestation): Allow the auto discovery of material's kind (#820)

Signed-off-by: Javier Rodriguez <[email protected]>

Author: javirln

app/cli/cmd/attestation_add.go

@@ -52,12 +52,12 @@ func newAttestationAddCmd() *cobra.Command {
   chainloop attestation add --name <material-name> --value <material-value>
 
   # Add a material to the attestation that is not defined in the contract but you know the kind
-  chainloop attestation add --kind <material-kind> --value <material-value>`,
+  chainloop attestation add --kind <material-kind> --value <material-value>
+
+  # Add a material to the attestation without specifying neither kind nor name enables automatic detection
+  chainloop attestation add --value <material-value>`,
 		PreRunE: func(cmd *cobra.Command, args []string) error {
-			switch {
-			case name == "" && kind == "":
-				return fmt.Errorf("either --name or --kind needs to be set")
-			case name != "" && kind != "":
+			if name != "" && kind != "" {
 				return fmt.Errorf("both --name and --kind cannot be set at the same time")
 			}
 

app/cli/internal/action/attestation_add.go

@@ -21,6 +21,7 @@ import (
 	"fmt"
 
 	pb "github.com/chainloop-dev/chainloop/app/controlplane/api/controlplane/v1"
+	schemaapi "github.com/chainloop-dev/chainloop/app/controlplane/api/workflowcontract/v1"
 	"github.com/chainloop-dev/chainloop/internal/attestation/crafter"
 	"github.com/chainloop-dev/chainloop/internal/casclient"
 	"github.com/chainloop-dev/chainloop/internal/grpcconn"
@@ -110,16 +111,23 @@ func (action *AttestationAdd) Run(ctx context.Context, attestationID, materialNa
 
 		casBackend.Uploader = casclient.New(artifactCASConn, casclient.WithLogger(action.Logger))
 	}
-
-	// Add material to the attestation crafting state based on if the material is contract free or not
-	if materialName != "" {
-		if err := action.c.AddMaterialFromContract(ctx, attestationID, materialName, materialValue, casBackend, annotations); err != nil {
-			return fmt.Errorf("adding material: %w", err)
-		}
-	} else {
-		if err := action.c.AddMaterialContractFree(ctx, attestationID, materialType, materialValue, casBackend, annotations); err != nil {
+	// Add material to the attestation crafting state based on if the material is contract free or not.
+	// By default, try to detect the material kind automatically
+	switch {
+	case materialName == "" && materialType == "":
+		var kind schemaapi.CraftingSchema_Material_MaterialType
+		if kind, err = action.c.AddMaterialContactFreeAutomatic(ctx, attestationID, materialValue, casBackend, annotations); err != nil {
 			return fmt.Errorf("adding material: %w", err)
 		}
+		action.Logger.Info().Str("kind", kind.String()).Msg("material kind detected")
+	case materialName != "":
+		err = action.c.AddMaterialFromContract(ctx, attestationID, materialName, materialValue, casBackend, annotations)
+	default:
+		err = action.c.AddMaterialContractFree(ctx, attestationID, materialType, materialValue, casBackend, annotations)
+	}
+
+	if err != nil {
+		return fmt.Errorf("adding material: %w", err)
 	}
 
 	return nil

app/controlplane/api/workflowcontract/v1/crafting_schema_validations.go

@@ -20,6 +20,26 @@ import (
 	"strings"
 )
 
+// CraftingMaterialInValidationOrder all type of CraftingMaterial that are available for automatic
+// detection. The order of the list is important as it defines the order of the
+// detection process. Normally from most common one to the least common one and weaker validation method.
+var CraftingMaterialInValidationOrder = []CraftingSchema_Material_MaterialType{
+	CraftingSchema_Material_OPENVEX,
+	CraftingSchema_Material_SBOM_CYCLONEDX_JSON,
+	CraftingSchema_Material_SBOM_SPDX_JSON,
+	CraftingSchema_Material_CSAF_VEX,
+	CraftingSchema_Material_CSAF_INFORMATIONAL_ADVISORY,
+	CraftingSchema_Material_CSAF_SECURITY_ADVISORY,
+	CraftingSchema_Material_CSAF_SECURITY_INCIDENT_RESPONSE,
+	CraftingSchema_Material_JUNIT_XML,
+	CraftingSchema_Material_HELM_CHART,
+	CraftingSchema_Material_CONTAINER_IMAGE,
+	CraftingSchema_Material_SARIF,
+	CraftingSchema_Material_ATTESTATION,
+	CraftingSchema_Material_ARTIFACT,
+	CraftingSchema_Material_STRING,
+}
+
 // ListAvailableMaterialKind returns a list of available material kinds
 func ListAvailableMaterialKind() []string {
 	var res []string

internal/attestation/crafter/crafter.go

@@ -514,6 +514,31 @@ func (c *Crafter) AddMaterialFromContract(ctx context.Context, attestationID, ke
 	return c.addMaterial(ctx, m, attestationID, value, casBackend, runtimeAnnotations)
 }
 
+// AddMaterialContactFreeAutomatic adds a material to the crafting state checking the incoming material matches any of the
+// supported types in validation order. If the material is not found it will return an error.
+func (c *Crafter) AddMaterialContactFreeAutomatic(ctx context.Context, attestationID, value string, casBackend *casclient.CASBackend, runtimeAnnotations map[string]string) (schemaapi.CraftingSchema_Material_MaterialType, error) {
+	var kind schemaapi.CraftingSchema_Material_MaterialType
+	var found bool
+
+	// We want to run the material validation in a specific order
+	for _, kind = range schemaapi.CraftingMaterialInValidationOrder {
+		if err := c.AddMaterialContractFree(ctx, attestationID, kind.String(), value, casBackend, runtimeAnnotations); err != nil {
+			c.logger.Debug().Err(err).Str("kind", kind.String()).Msg("failed to add material")
+			continue
+		}
+		// If we found a match we break the loop and stop looking
+		found = true
+		break
+	}
+
+	// Return an error if the material could not be added
+	if !found {
+		return kind, fmt.Errorf("failed to add material with attestationID: %s", attestationID)
+	}
+
+	return kind, nil
+}
+
 // addMaterials adds the incoming material m to the crafting state
 func (c *Crafter) addMaterial(ctx context.Context, m *schemaapi.CraftingSchema_Material, attestationID, value string, casBackend *casclient.CASBackend, runtimeAnnotations map[string]string) error {
 	// 3- Craft resulting material

internal/attestation/crafter/crafter_test.go

@@ -28,12 +28,15 @@ import (
 	v1 "github.com/chainloop-dev/chainloop/internal/attestation/crafter/api/attestation/v1"
 	"github.com/chainloop-dev/chainloop/internal/attestation/crafter/runners"
 	"github.com/chainloop-dev/chainloop/internal/attestation/crafter/statemanager/filesystem"
+	"github.com/chainloop-dev/chainloop/internal/casclient"
+	mUploader "github.com/chainloop-dev/chainloop/internal/casclient/mocks"
+
 	"github.com/go-git/go-git/v5"
 	"github.com/go-git/go-git/v5/plumbing/object"
+	"github.com/stretchr/testify/assert"
 	"github.com/stretchr/testify/require"
-	"google.golang.org/protobuf/proto"
-
 	"github.com/stretchr/testify/suite"
+	"google.golang.org/protobuf/proto"
 )
 
 type crafterSuite struct {
@@ -417,3 +420,79 @@ func (s *crafterSuite) SetupTest() {
 func TestSuite(t *testing.T) {
 	suite.Run(t, new(crafterSuite))
 }
+
+func (s *crafterSuite) TestAddMaterialsAutomatic() {
+	testCases := []struct {
+		name         string
+		materialPath string
+		expectedType schemaapi.CraftingSchema_Material_MaterialType
+		wantErr      bool
+	}{
+		{
+			name:         "sarif",
+			materialPath: "./materials/testdata/report.sarif",
+			expectedType: schemaapi.CraftingSchema_Material_SARIF,
+		},
+		{
+			name:         "openvex",
+			materialPath: "./materials/testdata/openvex_v0.2.0.json",
+			expectedType: schemaapi.CraftingSchema_Material_OPENVEX,
+		},
+		{
+			name:         "HELM CHART",
+			materialPath: "./materials/testdata/valid-chart.tgz",
+			expectedType: schemaapi.CraftingSchema_Material_HELM_CHART,
+		},
+		{
+			name:         "junit",
+			materialPath: "./materials/testdata/junit.xml",
+			expectedType: schemaapi.CraftingSchema_Material_JUNIT_XML,
+		},
+		{
+			name:         "artifact",
+			materialPath: "./materials/testdata/missing-empty.tgz",
+			expectedType: schemaapi.CraftingSchema_Material_ARTIFACT,
+		},
+		{
+			name:         "artifact - invalid junit",
+			materialPath: "./materials/testdata/junit-invalid.xml",
+			expectedType: schemaapi.CraftingSchema_Material_ARTIFACT,
+		},
+		{
+			name:         "artifact - random file",
+			materialPath: "./materials/testdata/random.json",
+			expectedType: schemaapi.CraftingSchema_Material_ARTIFACT,
+		},
+		{
+			name:         "random string",
+			materialPath: "random-string",
+			expectedType: schemaapi.CraftingSchema_Material_STRING,
+			wantErr:      true,
+		},
+	}
+
+	for _, tc := range testCases {
+		s.Run(tc.name, func() {
+			var runner crafter.SupportedRunner = runners.NewGeneric()
+			contract := "testdata/contracts/empty_generic.yaml"
+			uploader := mUploader.NewUploader(s.T())
+
+			if !tc.wantErr {
+				uploader.On("UploadFile", context.Background(), tc.materialPath).
+					Return(&casclient.UpDownStatus{
+						Digest:   "deadbeef",
+						Filename: "simple.txt",
+					}, nil)
+			}
+
+			backend := &casclient.CASBackend{Uploader: uploader}
+
+			c, err := newInitializedCrafter(s.T(), contract, &v1.WorkflowMetadata{}, false, "", runner)
+			require.NoError(s.T(), err)
+
+			kind, err := c.AddMaterialContactFreeAutomatic(context.Background(), "random-id", tc.materialPath, backend, nil)
+			require.NoError(s.T(), err)
+			assert.Equal(s.T(), tc.expectedType.String(), kind.String())
+		})
+	}
+}