chainloop-dev
diff --git a/‎app/cli/cmd/workflow_contract_describe.go‎
Lines changed: 4 additions & 4 deletions b/‎app/cli/cmd/workflow_contract_describe.go‎
Lines changed: 4 additions & 4 deletions
diff --git a/‎app/cli/internal/action/workflow_run_describe.go‎
Lines changed: 3 additions & 3 deletions b/‎app/cli/internal/action/workflow_run_describe.go‎
Lines changed: 3 additions & 3 deletions
diff --git a/‎app/controlplane/internal/biz/attestation.go‎
Lines changed: 1 addition & 1 deletion b/‎app/controlplane/internal/biz/attestation.go‎
Lines changed: 1 addition & 1 deletion
diff --git a/‎app/controlplane/internal/biz/integration.go‎
Lines changed: 13 additions & 3 deletions b/‎app/controlplane/internal/biz/integration.go‎
Lines changed: 13 additions & 3 deletions
diff --git a/‎app/controlplane/internal/biz/ocirepository.go‎
Lines changed: 8 additions & 3 deletions b/‎app/controlplane/internal/biz/ocirepository.go‎
Lines changed: 8 additions & 3 deletions
diff --git a/‎app/controlplane/internal/biz/ocirepository_test.go‎
Lines changed: 2 additions & 2 deletions b/‎app/controlplane/internal/biz/ocirepository_test.go‎
Lines changed: 2 additions & 2 deletions
diff --git a/‎app/controlplane/internal/biz/organization_integration_test.go‎
Lines changed: 4 additions & 4 deletions b/‎app/controlplane/internal/biz/organization_integration_test.go‎
Lines changed: 4 additions & 4 deletions
diff --git a/‎app/controlplane/internal/service/attestation.go‎
Lines changed: 4 additions & 4 deletions b/‎app/controlplane/internal/service/attestation.go‎
Lines changed: 4 additions & 4 deletions
diff --git a/‎internal/attestation/crafter/crafter.go‎
Lines changed: 3 additions & 3 deletions b/‎internal/attestation/crafter/crafter.go‎
Lines changed: 3 additions & 3 deletions
diff --git a/‎internal/blobmanager/oci/provider.go‎
Lines changed: 6 additions & 1 deletion b/‎internal/blobmanager/oci/provider.go‎
Lines changed: 6 additions & 1 deletion
@@ -70,8 +70,8 @@ func encodeContractOutput(run *action.WorkflowContractWithVersionItem) error {
 
 	switch flagOutputFormat {
 	case formatContract:
-		marshaller := protojson.MarshalOptions{Indent: "  "}
-		rawBody, err := marshaller.Marshal(run.Revision.BodyV1)
+		marshaler := protojson.MarshalOptions{Indent: "  "}
+		rawBody, err := marshaler.Marshal(run.Revision.BodyV1)
 		if err != nil {
 			return err
 		}
@@ -86,8 +86,8 @@ func encodeContractOutput(run *action.WorkflowContractWithVersionItem) error {
 func contractDescribeTableOutput(contractWithVersion *action.WorkflowContractWithVersionItem) error {
 	revision := contractWithVersion.Revision
 
-	marshaller := protojson.MarshalOptions{Indent: "  "}
-	rawBody, err := marshaller.Marshal(revision.BodyV1)
+	marshaler := protojson.MarshalOptions{Indent: "  "}
+	rawBody, err := marshaler.Marshal(revision.BodyV1)
 	if err != nil {
 		return err
 	}
 
@@ -122,7 +122,7 @@ func (action *WorkflowRunDescribe) Run(runID string, verify bool, publicKey stri
 	}
 
 	if err := json.Unmarshal(decodedPayload, statement); err != nil {
-		return nil, fmt.Errorf("unmarshalling predicate: %w", err)
+		return nil, fmt.Errorf("un-marshaling predicate: %w", err)
 	}
 
 	var predicate *renderer.ChainloopProvenancePredicateV1
@@ -159,12 +159,12 @@ func (action *WorkflowRunDescribe) Run(runID string, verify bool, publicKey stri
 func extractPredicateV1(statement *in_toto.Statement) (*renderer.ChainloopProvenancePredicateV1, error) {
 	jsonPredicate, err := json.Marshal(statement.Predicate)
 	if err != nil {
-		return nil, fmt.Errorf("unmarshalling predicate: %w", err)
+		return nil, fmt.Errorf("un-marshaling predicate: %w", err)
 	}
 
 	predicate := &renderer.ChainloopProvenancePredicateV1{}
 	if err := json.Unmarshal(jsonPredicate, predicate); err != nil {
-		return nil, fmt.Errorf("unmarshalling predicate: %w", err)
+		return nil, fmt.Errorf("un-marshaling predicate: %w", err)
 	}
 
 	return predicate, nil
 
@@ -85,7 +85,7 @@ func doUploadToOCI(ctx context.Context, backend backend.Uploader, runID string,
 	fileName := fmt.Sprintf("attestation-%s.json", runID)
 	jsonContent, err := json.Marshal(envelope)
 	if err != nil {
-		return "", fmt.Errorf("marshalling the envelope: %w", err)
+		return "", fmt.Errorf("marshaling the envelope: %w", err)
 	}
 
 	hash := sha256.New()
 
@@ -97,8 +97,14 @@ func (uc *IntegrationUseCase) AddDependencyTrack(ctx context.Context, orgID, hos
 		return nil, NewErrInvalidUUID(err)
 	}
 
+	// Validate Credentials before saving them
+	creds := &credentials.APICreds{Host: host, Key: apiKey}
+	if err := creds.Validate(); err != nil {
+		return nil, newErrValidation(err)
+	}
+
 	// Create the secret in the external secrets manager
-	secretID, err := uc.credsRW.SaveAPICreds(ctx, orgID, &credentials.APICreds{Host: host, Key: apiKey})
+	secretID, err := uc.credsRW.SaveCredentials(ctx, orgID, creds)
 	if err != nil {
 		return nil, fmt.Errorf("storing the credentials: %w", err)
 	}
@@ -160,7 +166,7 @@ func (uc *IntegrationUseCase) Delete(ctx context.Context, orgID, integrationID s
 
 	if integration.SecretName != "" {
 		uc.logger.Infow("msg", "deleting integration external secrets", "ID", integrationID, "secretName", integration.SecretName)
-		if err := uc.credsRW.DeleteCreds(ctx, integration.SecretName); err != nil {
+		if err := uc.credsRW.DeleteCredentials(ctx, integration.SecretName); err != nil {
 			return fmt.Errorf("deleting the credentials: %w", err)
 		}
 	}
@@ -274,10 +280,14 @@ func validateAttachment(ctx context.Context, integration *Integration, credsR cr
 
 		// Check with the actual remote data that an upload would be possible
 		creds := &credentials.APICreds{}
-		if err := credsR.ReadAPICreds(ctx, integration.SecretName, creds); err != nil {
+		if err := credsR.ReadCredentials(ctx, integration.SecretName, creds); err != nil {
 			return err
 		}
 
+		if err := creds.Validate(); err != nil {
+			return newErrValidation(err)
+		}
+
 		// Instantiate an actual uploader to see if it would work with the current configuration
 		d, err := dependencytrack.NewSBOMUploader(c.DependencyTrack.GetDomain(), creds.Key,
 			nil, ac.GetDependencyTrack().GetProjectId(), ac.GetDependencyTrack().GetProjectName())
 
@@ -113,8 +113,13 @@ func (uc *OCIRepositoryUseCase) CreateOrUpdate(ctx context.Context, orgID, repoU
 		return nil, NewErrInvalidUUID(err)
 	}
 
-	// Create the secret in the external secrets manager
-	secretName, err := uc.credsRW.SaveOCICreds(ctx, orgID, &credentials.OCIKeypair{Repo: repoURL, Username: username, Password: password})
+	// Validate and store the secret in the external secrets manager
+	creds := &credentials.OCIKeypair{Repo: repoURL, Username: username, Password: password}
+	if err := creds.Validate(); err != nil {
+		return nil, newErrValidation(err)
+	}
+
+	secretName, err := uc.credsRW.SaveCredentials(ctx, orgID, creds)
 	if err != nil {
 		return nil, fmt.Errorf("storing the credentials: %w", err)
 	}
@@ -167,7 +172,7 @@ func (uc *OCIRepositoryUseCase) Delete(ctx context.Context, id string) error {
 
 	uc.logger.Infow("msg", "deleting OCI repository external secrets", "ID", id, "secretName", repo.SecretName)
 	// Delete the secret in the external secrets manager
-	if err := uc.credsRW.DeleteCreds(ctx, repo.SecretName); err != nil {
+	if err := uc.credsRW.DeleteCredentials(ctx, repo.SecretName); err != nil {
 		return fmt.Errorf("deleting the credentials: %w", err)
 	}
 
 
@@ -85,7 +85,7 @@ func (s *ociRepositoryTestSuite) TestSaveMainRepoAlreadyExist() {
 	r := &biz.OCIRepository{ID: s.validUUID.String()}
 	ctx := context.Background()
 	s.repo.On("FindMainRepo", ctx, s.validUUID).Return(r, nil)
-	s.credsRW.On("SaveOCICreds", ctx, s.validUUID.String(), mock.Anything).Return("secret-key", nil)
+	s.credsRW.On("SaveCredentials", ctx, s.validUUID.String(), mock.Anything).Return("secret-key", nil)
 	s.repo.On("Update", ctx, &biz.OCIRepoUpdateOpts{
 		ID: s.validUUID,
 		OCIRepoOpts: &biz.OCIRepoOpts{
@@ -105,7 +105,7 @@ func (s *ociRepositoryTestSuite) TestSaveMainRepoOk() {
 	const repo, username, password = "repo", "username", "pass"
 
 	s.repo.On("FindMainRepo", ctx, s.validUUID).Return(nil, nil)
-	s.credsRW.On("SaveOCICreds", ctx, s.validUUID.String(), mock.Anything).Return("secret-key", nil)
+	s.credsRW.On("SaveCredentials", ctx, s.validUUID.String(), mock.Anything).Return("secret-key", nil)
 
 	newRepo := &biz.OCIRepository{}
 	s.repo.On("Create", ctx, &biz.OCIRepoCreateOpts{
 
@@ -53,8 +53,8 @@ func (s *OrgIntegrationTestSuite) TestDeleteOrg() {
 
 	s.T().Run("org, integrations and repositories deletion", func(t *testing.T) {
 		// Mock calls to credentials deletion for both the integration and the OCI repository
-		s.mockedCredsReaderWriter.On("DeleteCreds", ctx, "stored-integration-secret").Return(nil)
-		s.mockedCredsReaderWriter.On("DeleteCreds", ctx, "stored-OCI-secret").Return(nil)
+		s.mockedCredsReaderWriter.On("DeleteCredentials", ctx, "stored-integration-secret").Return(nil)
+		s.mockedCredsReaderWriter.On("DeleteCredentials", ctx, "stored-OCI-secret").Return(nil)
 
 		err := s.Organization.Delete(ctx, s.org.ID)
 		assert.NoError(err)
@@ -102,12 +102,12 @@ func (s *OrgIntegrationTestSuite) SetupTest() {
 
 	// Dependency-track integration credentials
 	s.mockedCredsReaderWriter.On(
-		"SaveAPICreds", ctx, mock.Anything, &credentials.APICreds{Host: "host", Key: "key"},
+		"SaveCredentials", ctx, mock.Anything, &credentials.APICreds{Host: "host", Key: "key"},
 	).Return("stored-integration-secret", nil)
 
 	// OCI repository credentials
 	s.mockedCredsReaderWriter.On(
-		"SaveOCICreds", ctx, mock.Anything, &credentials.OCIKeypair{Repo: "repo", Username: "username", Password: "pass"},
+		"SaveCredentials", ctx, mock.Anything, &credentials.OCIKeypair{Repo: "repo", Username: "username", Password: "pass"},
 	).Return("stored-OCI-secret", nil)
 
 	s.TestingUseCases = testhelpers.NewTestingUseCases(t, testhelpers.WithCredsReaderWriter(s.mockedCredsReaderWriter))
 
@@ -312,7 +312,7 @@ func extractPredicate(envelope *dsse.Envelope) (*renderer.ChainloopProvenancePre
 
 	statement := &in_toto.Statement{}
 	if err := json.Unmarshal(decodedPayload, statement); err != nil {
-		return nil, fmt.Errorf("unmarshalling predicate: %w", err)
+		return nil, fmt.Errorf("un-marshaling predicate: %w", err)
 	}
 
 	var predicate *renderer.ChainloopProvenancePredicateV1
@@ -370,12 +370,12 @@ func extractMaterials(in []*renderer.ChainloopProvenanceMaterial) []*cpAPI.Attes
 func extractPredicateV1(statement *in_toto.Statement) (*renderer.ChainloopProvenancePredicateV1, error) {
 	jsonPredicate, err := json.Marshal(statement.Predicate)
 	if err != nil {
-		return nil, fmt.Errorf("unmarshalling predicate: %w", err)
+		return nil, fmt.Errorf("un-marshaling predicate: %w", err)
 	}
 
 	predicate := &renderer.ChainloopProvenancePredicateV1{}
 	if err := json.Unmarshal(jsonPredicate, predicate); err != nil {
-		return nil, fmt.Errorf("unmarshalling predicate: %w", err)
+		return nil, fmt.Errorf("un-marshaling predicate: %w", err)
 	}
 
 	return predicate, nil
@@ -503,7 +503,7 @@ func doSendToDependencyTrack(ctx context.Context, credsReader credentials.Reader
 	attachmentConfig := i.IntegrationAttachment.Config.GetDependencyTrack()
 
 	creds := &credentials.APICreds{}
-	if err := credsReader.ReadAPICreds(ctx, i.SecretName, creds); err != nil {
+	if err := credsReader.ReadCredentials(ctx, i.SecretName, creds); err != nil {
 		return err
 	}
 
 
@@ -87,7 +87,7 @@ func NewCrafter(opts ...NewOpt) *Crafter {
 type InitOpts struct {
 	// Control plane workflow metadata
 	WfInfo *api.WorkflowMetadata
-	// already marshalled schema
+	// already marshaled schema
 	SchemaV1 *schemaapi.CraftingSchema
 	// do not record, upload or push attestation
 	DryRun bool
@@ -243,8 +243,8 @@ func initialCraftingState(schema *schemaapi.CraftingSchema, wf *api.WorkflowMeta
 }
 
 func persistCraftingState(craftState *api.CraftingState, stateFilePath string) error {
-	marshaller := protojson.MarshalOptions{Indent: "  "}
-	raw, err := marshaller.Marshal(craftState)
+	marshaler := protojson.MarshalOptions{Indent: "  "}
+	raw, err := marshaler.Marshal(craftState)
 	if err != nil {
 		return err
 	}
 
@@ -17,6 +17,7 @@ package oci
 
 import (
 	"context"
+	"fmt"
 
 	backend "github.com/chainloop-dev/chainloop/internal/blobmanager"
 	"github.com/chainloop-dev/chainloop/internal/credentials"
@@ -35,10 +36,14 @@ func NewBackendProvider(cReader credentials.Reader) *BackendProvider {
 
 func (p *BackendProvider) FromCredentials(ctx context.Context, secretName string) (backend.UploaderDownloader, error) {
 	creds := &credentials.OCIKeypair{}
-	if err := p.cReader.ReadOCICreds(ctx, secretName, creds); err != nil {
+	if err := p.cReader.ReadCredentials(ctx, secretName, creds); err != nil {
 		return nil, err
 	}
 
+	if err := creds.Validate(); err != nil {
+		return nil, fmt.Errorf("invalid credentials retrieved from storage: %w", err)
+	}
+
 	k, err := ociauth.NewCredentials(creds.Repo, creds.Username, creds.Password)
 	if err != nil {
 		return nil, err
Original file line number	Diff line number	Diff line change
`@@ -122,7 +122,7 @@ func (action *WorkflowRunDescribe) Run(runID string, verify bool, publicKey stri`
`122`	`122`	`}`
`123`	`123`
`124`	`124`	`if err := json.Unmarshal(decodedPayload, statement); err != nil {`
`125`		`- return nil, fmt.Errorf("unmarshalling predicate: %w", err)`
	`125`	`+ return nil, fmt.Errorf("un-marshaling predicate: %w", err)`
`126`	`126`	`}`
`127`	`127`
`128`	`128`	`var predicate *renderer.ChainloopProvenancePredicateV1`
`@@ -159,12 +159,12 @@ func (action *WorkflowRunDescribe) Run(runID string, verify bool, publicKey stri`
`159`	`159`	`func extractPredicateV1(statement in_toto.Statement) (renderer.ChainloopProvenancePredicateV1, error) {`
`160`	`160`	`jsonPredicate, err := json.Marshal(statement.Predicate)`
`161`	`161`	`if err != nil {`
`162`		`- return nil, fmt.Errorf("unmarshalling predicate: %w", err)`
	`162`	`+ return nil, fmt.Errorf("un-marshaling predicate: %w", err)`
`163`	`163`	`}`
`164`	`164`
`165`	`165`	`predicate := &renderer.ChainloopProvenancePredicateV1{}`
`166`	`166`	`if err := json.Unmarshal(jsonPredicate, predicate); err != nil {`
`167`		`- return nil, fmt.Errorf("unmarshalling predicate: %w", err)`
	`167`	`+ return nil, fmt.Errorf("un-marshaling predicate: %w", err)`
`168`	`168`	`}`
`169`	`169`
`170`	`170`	`return predicate, nil`
Original file line number	Diff line number	Diff line change
`@@ -85,7 +85,7 @@ func doUploadToOCI(ctx context.Context, backend backend.Uploader, runID string,`
`85`	`85`	`fileName := fmt.Sprintf("attestation-%s.json", runID)`
`86`	`86`	`jsonContent, err := json.Marshal(envelope)`
`87`	`87`	`if err != nil {`
`88`		`- return "", fmt.Errorf("marshalling the envelope: %w", err)`
	`88`	`+ return "", fmt.Errorf("marshaling the envelope: %w", err)`
`89`	`89`	`}`
`90`	`90`
`91`	`91`	`hash := sha256.New()`