chore(policies): show policy evaluations in wf run describe --output json (#1119)

jiparis · web-flow · commit dd766f4e3ca0 · 2024-07-22T11:31:07.000+02:00
Signed-off-by: Jose I. Paris &lt;jiparis@chainloop.dev&gt;
diff --git a/app/cli/internal/action/workflow_run_describe.go b/app/cli/internal/action/workflow_run_describe.go
@@ -55,6 +55,8 @@ type WorkflowRunAttestationItem struct {
 	Annotations []*Annotation `json:"annotations,omitempty"`
 	// Digest in CAS backend
 	Digest string `json:"digest"`
+	// Policy violations
+	PolicyEvaluations map[string]*pb.PolicyEvaluations `json:"policy_evaluations,omitempty"`
 }
 
 type Material struct {
@@ -170,12 +172,13 @@ func (action *WorkflowRunDescribe) Run(ctx context.Context, opts *WorkflowRunDes
 	}
 
 	item.Attestation = &WorkflowRunAttestationItem{
-		Envelope:    envelope,
-		statement:   statement,
-		EnvVars:     envVars,
-		Materials:   materials,
-		Annotations: annotations,
-		Digest:      attestation.DigestInCasBackend,
+		Envelope:          envelope,
+		statement:         statement,
+		EnvVars:           envVars,
+		Materials:         materials,
+		Annotations:       annotations,
+		Digest:            attestation.DigestInCasBackend,
+		PolicyEvaluations: attestation.PolicyEvaluations,
 	}
 
 	return item, nil
diff --git a/app/controlplane/api/controlplane/v1/response_messages.pb.go b/app/controlplane/api/controlplane/v1/response_messages.pb.go
diff --git a/app/controlplane/api/controlplane/v1/response_messages.proto b/app/controlplane/api/controlplane/v1/response_messages.proto
@@ -20,6 +20,7 @@ package controlplane.v1;
 import "errors/errors.proto";
 import "google/protobuf/timestamp.proto";
 import "workflowcontract/v1/crafting_schema.proto";
+import "attestation/v1/crafting_state.proto";
 
 option go_package = "github.com/chainloop-dev/chainloop/app/controlplane/api/controlplane/v1;v1";
 
@@ -82,6 +83,7 @@ message AttestationItem {
   repeated EnvVariable env_vars = 4;
   repeated Material materials = 5;
   map<string, string> annotations = 6;
+  map<string, PolicyEvaluations> policy_evaluations = 8;
 
   message EnvVariable {
     string name = 1;
@@ -107,6 +109,10 @@ message AttestationItem {
   }
 }
 
+message PolicyEvaluations {
+  repeated attestation.v1.PolicyEvaluation evaluations = 1;
+}
+
 message WorkflowContractItem {
   string id = 1;
   string name = 2;
diff --git a/app/controlplane/api/gen/frontend/controlplane/v1/response_messages.ts b/app/controlplane/api/gen/frontend/controlplane/v1/response_messages.ts
diff --git a/app/controlplane/internal/service/attestation.go b/app/controlplane/internal/service/attestation.go
@@ -28,6 +28,7 @@ import (
 	"github.com/chainloop-dev/chainloop/app/controlplane/internal/usercontext"
 	"github.com/chainloop-dev/chainloop/app/controlplane/internal/usercontext/attjwtmiddleware"
 	"github.com/chainloop-dev/chainloop/app/controlplane/pkg/biz"
+	v1 "github.com/chainloop-dev/chainloop/internal/attestation/crafter/api/attestation/v1"
 	"github.com/chainloop-dev/chainloop/internal/attestation/renderer/chainloop"
 	casJWT "github.com/chainloop-dev/chainloop/internal/robotaccount/cas"
 	"github.com/chainloop-dev/chainloop/pkg/credentials"
@@ -374,9 +375,23 @@ func bizAttestationToPb(att *biz.Attestation) (*cpAPI.AttestationItem, error) {
 		DigestInCasBackend: att.Digest,
 		Materials:          materials,
 		Annotations:        predicate.GetAnnotations(),
+		PolicyEvaluations:  extractPolicyEvaluations(predicate.GetPolicyEvaluations()),
 	}, nil
 }
 
+// extract policy evaluations in form of a Go map of arrays, into a map of protobuf messages
+// (needed to be added to the response message)
+func extractPolicyEvaluations(in map[string][]*v1.PolicyEvaluation) map[string]*cpAPI.PolicyEvaluations {
+	res := make(map[string]*cpAPI.PolicyEvaluations)
+	for k, v := range in {
+		res[k] = &cpAPI.PolicyEvaluations{
+			Evaluations: v,
+		}
+	}
+
+	return res
+}
+
 func extractEnvVariables(in map[string]string) []*cpAPI.AttestationItem_EnvVariable {
 	res := make([]*cpAPI.AttestationItem_EnvVariable, 0, len(in))
 	for k, v := range in {
diff --git a/internal/attestation/renderer/chainloop/chainloop.go b/internal/attestation/renderer/chainloop/chainloop.go
@@ -40,6 +40,7 @@ type NormalizablePredicate interface {
 	GetMaterials() []*NormalizedMaterial
 	GetRunLink() string
 	GetMetadata() *Metadata
+	GetPolicyEvaluations() map[string][]*v1.PolicyEvaluation
 }
 
 type NormalizedMaterial struct {
diff --git a/internal/attestation/renderer/chainloop/v02.go b/internal/attestation/renderer/chainloop/v02.go
@@ -274,6 +274,10 @@ func (p *ProvenancePredicateV02) GetMaterials() []*NormalizedMaterial {
 	return res
 }
 
+func (p *ProvenancePredicateV02) GetPolicyEvaluations() map[string][]*v1.PolicyEvaluation {
+	return p.PolicyEvaluations
+}
+
 // Translate a ResourceDescriptor to a NormalizedMaterial
 func normalizeMaterial(material *intoto.ResourceDescriptor) (*NormalizedMaterial, error) {
 	m := &NormalizedMaterial{}

Original file line number	Diff line number	Diff line change
`@@ -40,6 +40,7 @@ type NormalizablePredicate interface {`
`40`	`40`	`GetMaterials() []*NormalizedMaterial`
`41`	`41`	`GetRunLink() string`
`42`	`42`	`GetMetadata() *Metadata`
	`43`	`+ GetPolicyEvaluations() map[string][]*v1.PolicyEvaluation`
`43`	`44`	`}`
`44`	`45`
`45`	`46`	`type NormalizedMaterial struct {`