Add sigstore bundle support for creation artifact's evidences

Author: mnsboev

evidence/cli/command_build.go

@@ -21,6 +21,11 @@ func NewEvidenceBuildCommand(ctx *components.Context, execute execCommandFunc) E
 }
 
 func (ebc *evidenceBuildCommand) CreateEvidence(ctx *components.Context, serverDetails *config.ServerDetails) error {
+	// Check if sigstore-bundle is provided (currently not supported for build evidence)
+	if ebc.ctx.GetStringFlagValue(sigstoreBundle) != "" {
+		return errorutils.CheckErrorf("--sigstore-bundle is currently not supported for build evidence. This feature may be supported in future releases.")
+	}
+
 	err := ebc.validateEvidenceBuildContext(ctx)
 	if err != nil {
 		return err

evidence/cli/command_build_test.go

@@ -0,0 +1,74 @@
+package cli
+
+import (
+	"flag"
+	"testing"
+
+	"github.com/jfrog/jfrog-cli-core/v2/common/commands"
+	"github.com/jfrog/jfrog-cli-core/v2/plugins/components"
+	"github.com/jfrog/jfrog-cli-core/v2/utils/config"
+	"github.com/stretchr/testify/assert"
+	"github.com/urfave/cli"
+)
+
+func TestEvidenceBuildCommand_CreateEvidence_SigstoreBundle(t *testing.T) {
+	tests := []struct {
+		name          string
+		flags         []components.Flag
+		expectError   bool
+		errorContains string
+	}{
+		{
+			name: "Invalid_SigstoreBundle_Not_Supported",
+			flags: []components.Flag{
+				setDefaultValue(sigstoreBundle, "/path/to/bundle.json"),
+				setDefaultValue(buildName, "test-build"),
+				setDefaultValue(buildNumber, "123"),
+			},
+			expectError:   true,
+			errorContains: "--sigstore-bundle is currently not supported for build evidence. This feature may be supported in future releases.",
+		},
+		{
+			name: "Valid_Without_SigstoreBundle",
+			flags: []components.Flag{
+				setDefaultValue(buildName, "test-build"),
+				setDefaultValue(buildNumber, "123"),
+				setDefaultValue(predicate, "/path/to/predicate.json"),
+				setDefaultValue(predicateType, "test-type"),
+				setDefaultValue(key, "/path/to/key.pem"),
+			},
+			expectError: false,
+		},
+	}
+
+	for _, tt := range tests {
+		t.Run(tt.name, func(t *testing.T) {
+			app := cli.NewApp()
+			app.Commands = []cli.Command{{Name: "create"}}
+			set := flag.NewFlagSet("test", 0)
+			cliCtx := cli.NewContext(app, set, nil)
+
+			ctx, err := components.ConvertContext(cliCtx, tt.flags...)
+			assert.NoError(t, err)
+
+			mockExec := func(cmd commands.Command) error {
+				// Mock successful execution
+				return nil
+			}
+
+			cmd := NewEvidenceBuildCommand(ctx, mockExec)
+			serverDetails := &config.ServerDetails{}
+
+			err = cmd.CreateEvidence(ctx, serverDetails)
+
+			if tt.expectError {
+				assert.Error(t, err)
+				if tt.errorContains != "" {
+					assert.Contains(t, err.Error(), tt.errorContains)
+				}
+			} else {
+				assert.NoError(t, err)
+			}
+		})
+	}
+}

evidence/cli/command_cli.go

@@ -3,6 +3,9 @@ package cli
 import (
 	"errors"
 	"fmt"
+	"os"
+	"strings"
+
 	"github.com/jfrog/jfrog-cli-artifactory/evidence/cli/docs/create"
 	"github.com/jfrog/jfrog-cli-artifactory/evidence/cli/docs/verify"
 	jfrogArtClient "github.com/jfrog/jfrog-cli-artifactory/evidence/utils"
@@ -15,8 +18,6 @@ import (
 	"github.com/jfrog/jfrog-client-go/utils"
 	"github.com/jfrog/jfrog-client-go/utils/errorutils"
 	"golang.org/x/exp/slices"
-	"os"
-	"strings"
 )
 
 func GetCommands() []components.Command {
@@ -118,6 +119,15 @@ func validateCreateEvidenceCommonContext(ctx *components.Context) error {
 		return pluginsCommon.WrongNumberOfArgumentsHandler(ctx)
 	}
 
+	// If sigstore-bundle is provided, validate conflicting parameters
+	// We check both IsFlagSet and assertValueProvided to ensure the flag is both set and has a value
+	if ctx.IsFlagSet(sigstoreBundle) && assertValueProvided(ctx, sigstoreBundle) == nil {
+		if err := validateSigstoreBundleConflicts(ctx); err != nil {
+			return err
+		}
+		return nil
+	}
+
 	if (!ctx.IsFlagSet(predicate) || assertValueProvided(ctx, predicate) != nil) && !ctx.IsFlagSet(typeFlag) {
 		return errorutils.CheckErrorf("'predicate' is a mandatory field for creating evidence: --%s", predicate)
 	}
@@ -136,6 +146,34 @@ func validateCreateEvidenceCommonContext(ctx *components.Context) error {
 	return nil
 }
 
+// validateSigstoreBundleConflicts checks if conflicting parameters are provided when using sigstore-bundle.
+// When --sigstore-bundle is used, the following parameters cannot be provided:
+// --key, --key-alias, --predicate, --predicate-type
+// Returns an error if any conflicting parameters are found.
+func validateSigstoreBundleConflicts(ctx *components.Context) error {
+	var conflictingParams []string
+
+	// Check each conflicting parameter
+	if ctx.IsFlagSet(key) && ctx.GetStringFlagValue(key) != "" {
+		conflictingParams = append(conflictingParams, "--key")
+	}
+	if ctx.IsFlagSet(keyAlias) && ctx.GetStringFlagValue(keyAlias) != "" {
+		conflictingParams = append(conflictingParams, "--key-alias")
+	}
+	if ctx.IsFlagSet(predicate) && ctx.GetStringFlagValue(predicate) != "" {
+		conflictingParams = append(conflictingParams, "--predicate")
+	}
+	if ctx.IsFlagSet(predicateType) && ctx.GetStringFlagValue(predicateType) != "" {
+		conflictingParams = append(conflictingParams, "--predicate-type")
+	}
+
+	if len(conflictingParams) > 0 {
+		return errorutils.CheckErrorf("The following parameters cannot be used with --sigstore-bundle: %s. When using --sigstore-bundle, these values are extracted from the bundle itself.", strings.Join(conflictingParams, ", "))
+	}
+
+	return nil
+}
+
 func ensureKeyExists(ctx *components.Context, key string) error {
 	if ctx.IsFlagSet(key) && assertValueProvided(ctx, key) == nil {
 		return nil
@@ -165,6 +203,10 @@ func getAndValidateSubject(ctx *components.Context) ([]string, error) {
 	}
 
 	if len(foundSubjects) == 0 {
+		// If sigstore-bundle is provided, subject will be extracted from bundle
+		if ctx.IsFlagSet(sigstoreBundle) && assertValueProvided(ctx, sigstoreBundle) == nil {
+			return []string{subjectRepoPath}, nil // Return subjectRepoPath as the type for routing
+		}
 		// If we have no subject - we will try to create EVD on build
 		if !attemptSetBuildNameAndNumber(ctx) {
 			return nil, errorutils.CheckErrorf("subject must be one of the fields: [%s]", strings.Join(subjectTypes, ", "))