Merge remote-tracking branch 'origin/dev'

Author: ehl-jf

.github/workflows/tests.yml

@@ -82,6 +82,27 @@ jobs:
       - name: ${{ matrix.suite }} tests
         run: go test -v github.com/jfrog/jfrog-client-go/tests --timeout 0 --test.${{ matrix.suite }} --rt.url=${{ secrets.PLATFORM_URL }}/artifactory --ds.url=${{ secrets.PLATFORM_URL }}/distribution --xr.url=${{ secrets.PLATFORM_URL }}/xray --xsc.url=${{ secrets.PLATFORM_URL }}/xsc --access.url=${{ secrets.PLATFORM_URL }}/access --rt.user=${{ secrets.PLATFORM_USER }} --rt.password=${{ secrets.PLATFORM_PASSWORD }} --access.token=${{ secrets.PLATFORM_ADMIN_TOKEN }} --ci.runId=${{ runner.os }}-${{ matrix.suite }}
 
+  JFrog-Client-Go-Catalog-Tests:
+    name: ${{ matrix.suite }} ${{ matrix.os }}
+    needs: Pretest
+    strategy:
+      fail-fast: false
+      matrix:
+        suite: [ catalog ]
+        os: [ ubuntu, windows, macos ]
+    runs-on: ${{ matrix.os }}-latest
+    steps:
+      - name: Checkout code
+        uses: actions/checkout@v4
+        with:
+          ref: ${{ github.event.pull_request.head.sha }}
+
+      - name: Setup Go with cache
+        uses: jfrog/.github/actions/install-go-with-cache@main
+
+      - name: catalog tests
+        run: go test -v github.com/jfrog/jfrog-client-go/tests --timeout 0 --test.${{ matrix.suite }} --ci.runId=${{ runner.os }}-${{ matrix.suite }}
+
   JFrog-Client-Go-Repositories-Tests:
     needs: Pretest
     name: repositories ubuntu-latest

README.md

@@ -2850,6 +2850,92 @@ source := CreateFromReleaseBundlesSource{ReleaseBundles: []ReleaseBundleSource{
 serviceManager.CreateReleaseBundleFromBundles(rbDetails, params, signingKeyName, source)
 ```
 
+#### Creating a Release Bundle From Packages
+
+```go
+rbDetails := ReleaseBundleDetails{"rbName", "rbVersion"}
+queryParams := CommonOptionalQueryParams{}
+queryParams.ProjectKey = "project"
+queryParams.Async = true
+
+// The GPG/RSA key-pair name given in Artifactory.
+signingKeyName = "key-pair"
+
+source := CreateFromPackagesSource{Packages: []PackageSource{
+    {
+        PackageName:    "name",
+        PackageVersion: "version",
+        PackageType:    "type",
+        RepositoryKey:  "repokey",
+    },
+}}
+serviceManager.CreateReleaseBundleFromPackages(rbDetails, params, signingKeyName, source)
+```
+
+#### Creating a Release Bundle From Multiple Sources 
+
+```go
+rbDetails := ReleaseBundleDetails{"rbName", "rbVersion"}
+queryParams := CommonOptionalQueryParams{}
+queryParams.ProjectKey = "project"
+queryParams.Async = true
+
+// The GPG/RSA key-pair name given in Artifactory.
+signingKeyName = "key-pair"
+
+sources :=  [] RbSource{
+	            {
+					SourceType: "builds",
+                    Builds: []BuildSource{
+                        {
+                            BuildName:       "name",
+                            BuildNumber:     "number",
+                            // Optional:
+                            BuildRepository: "artifactory-build-info",
+                        },
+                    }
+                },
+               {
+               SourceType: "release_bundles",
+			   ReleaseBundles: []ReleaseBundleSource{
+                    {
+                        ReleaseBundleName:    "name",
+                        ReleaseBundleVersion: "version",
+                        ProjectKey:           "default",
+                    },
+			   }
+               },
+               {
+               SourceType: "artifacts",
+               Artifacts: []ArtifactSource{
+				   {
+                         Path:   "repo/path/file",
+                        Sha256: "3e3deb6628658a48cf0d280a2210211f9d977ec2e10a4619b95d5fb85cb10450",
+				   },
+               }	
+               },
+               {
+               SourceType: "packages",
+               Packages: []PackageSource{
+                    {
+						PackageName: "name",
+                        PackageVersion: "version",
+                        PackageType: "type",
+                        RepositoryKey: "repokey"
+                    },
+               }
+               },
+			   {
+               SourceType: "aql",
+               Aql: {
+                    `items.find({"repo": "my-repo","path": ".","name": "a2.in"})`
+                }
+               },
+        }
+	
+serviceManager.CreateReleaseBundlesFromMultipleSources(rbDetails, params, signingKeyName, sources)
+```
+
 #### Promoting a Release Bundle
 
 ```go
@@ -3094,6 +3180,7 @@ envelopeBytes := []byte("envelope")
 evidenceDetails := evidenceService.EvidenceDetails{
   SubjectUri:  "subjectUri",
   DSSEFileRaw: &envelopeBytes,
+  ProviderId:  "someProviderId",
 }
 body, err = evideceManager.UploadEvidence(evidenceDetails)
 ```

access/services/accesstoken.go

@@ -32,20 +32,31 @@ type CreateTokenParams struct {
 	Description           string `json:"description,omitempty"`
 }
 
+type VcsCommit struct {
+	VcsUrl   string `json:"vcs_url,omitempty"`
+	Branch   string `json:"branch,omitempty"`
+	Revision string `json:"revision,omitempty"`
+}
+
+type Context struct {
+	VcsCommit *VcsCommit `json:"vcs_commit,omitempty"`
+}
+
 type CreateOidcTokenParams struct {
-	GrantType             string `json:"grant_type,omitempty"`
-	SubjectTokenType      string `json:"subject_token_type,omitempty"`
-	OidcTokenID           string `json:"subject_token,omitempty"`
-	ProviderName          string `json:"provider_name,omitempty"`
-	ProjectKey            string `json:"project_key,omitempty"`
-	JobId                 string `json:"job_id,omitempty"`
-	RunId                 string `json:"run_id,omitempty"`
-	Repo                  string `json:"repo,omitempty"`
-	ApplicationKey        string `json:"application_key,omitempty"`
-	Audience              string `json:"audience,omitempty"`
-	ProviderType          string `json:"provider_type,omitempty"`
-	IdentityMappingName   string `json:"identity_mapping_name,omitempty"`
-	IncludeReferenceToken *bool  `json:"include_reference_token,omitempty"`
+	GrantType             string   `json:"grant_type,omitempty"`
+	SubjectTokenType      string   `json:"subject_token_type,omitempty"`
+	OidcTokenID           string   `json:"subject_token,omitempty"`
+	ProviderName          string   `json:"provider_name,omitempty"`
+	ProjectKey            string   `json:"project_key,omitempty"`
+	JobId                 string   `json:"job_id,omitempty"`
+	RunId                 string   `json:"run_id,omitempty"`
+	Repo                  string   `json:"repo,omitempty"`
+	ApplicationKey        string   `json:"application_key,omitempty"`
+	Audience              string   `json:"audience,omitempty"`
+	ProviderType          string   `json:"provider_type,omitempty"`
+	IdentityMappingName   string   `json:"identity_mapping_name,omitempty"`
+	IncludeReferenceToken *bool    `json:"include_reference_token,omitempty"`
+	Context               *Context `json:"context,omitempty"`
 }
 
 func NewCreateTokenParams(params CreateTokenParams) CreateTokenParams {

artifactory/services/promote.go

@@ -76,7 +76,7 @@ func (ps *PromoteService) BuildPromote(promotionParams PromotionParams) error {
 	if err != nil {
 		return err
 	}
-	
+
 	if err = errorutils.CheckResponseStatusWithBody(resp, body, http.StatusOK); err != nil {
 		return err
 	}

artifactory/services/utils/tests/catalog/server.go

@@ -0,0 +1,78 @@
+package catalog
+
+import (
+	"fmt"
+	"net/http"
+	"os"
+	"testing"
+
+	"github.com/CycloneDX/cyclonedx-go"
+	"github.com/jfrog/jfrog-client-go/utils/log"
+	"github.com/jfrog/jfrog-client-go/utils/tests"
+	"github.com/stretchr/testify/assert"
+)
+
+type MockServerParams struct {
+	EnrichedVuln []cyclonedx.Vulnerability
+	Alive        bool
+}
+
+func StartCatalogMockServerWithParams(t *testing.T, params MockServerParams) int {
+	handlers := tests.HttpServerHandlers{}
+
+	handlers["/"] = http.NotFound
+	// Version handlers (version is not available in Catalog, so we use ping endpoint)
+	handlers["/catalog/api/v1/system/ping"] = catalogGetVersionHandlerFunc(t, params)
+	// Enrich handlers
+	handlers["/catalog/api/v1/beta/cyclonedx/enrich"] = catalogEnrichHandler(t, params)
+
+	port, err := tests.StartHttpServer(handlers)
+	if err != nil {
+		log.Error(err)
+		os.Exit(1)
+	}
+	return port
+}
+
+func catalogGetVersionHandlerFunc(t *testing.T, params MockServerParams) func(w http.ResponseWriter, r *http.Request) {
+	version := "1.0.0"
+	return func(w http.ResponseWriter, r *http.Request) {
+		if !params.Alive {
+			http.Error(w, "Catalog service is not available", http.StatusServiceUnavailable)
+			return
+		}
+		if r.Method == http.MethodGet {
+			_, err := fmt.Fprint(w, version)
+			assert.NoError(t, err)
+			return
+		}
+		http.Error(w, "Invalid catalog request", http.StatusBadRequest)
+	}
+}
+
+func catalogEnrichHandler(t *testing.T, params MockServerParams) func(w http.ResponseWriter, r *http.Request) {
+	return func(w http.ResponseWriter, r *http.Request) {
+		if !params.Alive {
+			http.Error(w, "Catalog service is not available", http.StatusServiceUnavailable)
+			return
+		}
+		if r.Method == http.MethodPost {
+			// Read the BOM from the request body
+			bom := cyclonedx.NewBOM()
+			assert.NoError(t, cyclonedx.NewBOMDecoder(r.Body, cyclonedx.BOMFileFormatJSON).Decode(bom))
+			// Enrich the BOM with vulnerabilities
+			for _, vuln := range params.EnrichedVuln {
+				if bom.Vulnerabilities == nil {
+					bom.Vulnerabilities = &[]cyclonedx.Vulnerability{}
+				}
+				*bom.Vulnerabilities = append(*bom.Vulnerabilities, vuln)
+			}
+			// Encode the enriched BOM to JSON format and write it to the response
+			writer := cyclonedx.NewBOMEncoder(w, cyclonedx.BOMFileFormatJSON)
+			err := writer.Encode(bom)
+			assert.NoError(t, err)
+			return
+		}
+		http.Error(w, "Invalid enrich request", http.StatusBadRequest)
+	}
+}

catalog/auth/catalogdetails.go

@@ -0,0 +1,45 @@
+package auth
+
+import (
+	"github.com/jfrog/jfrog-client-go/auth"
+	"github.com/jfrog/jfrog-client-go/catalog"
+	"github.com/jfrog/jfrog-client-go/config"
+	"github.com/jfrog/jfrog-client-go/utils/log"
+)
+
+// NewCatalogDetails creates a struct of the Catalog details
+func NewCatalogDetails() *catalogDetails {
+	return &catalogDetails{}
+}
+
+type catalogDetails struct {
+	auth.CommonConfigFields
+}
+
+func (cs *catalogDetails) GetVersion() (string, error) {
+	var err error
+	if cs.Version == "" {
+		cs.Version, err = cs.getCatalogVersion()
+		if err != nil {
+			return "", err
+		}
+		log.Debug("JFrog Catalog version is:", cs.Version)
+	}
+	return cs.Version, nil
+}
+
+func (ds *catalogDetails) getCatalogVersion() (string, error) {
+	cd := auth.ServiceDetails(ds)
+	serviceConfig, err := config.NewConfigBuilder().
+		SetServiceDetails(cd).
+		SetCertificatesPath(cd.GetClientCertPath()).
+		Build()
+	if err != nil {
+		return "", err
+	}
+	cm, err := catalog.New(serviceConfig)
+	if cm != nil {
+		return "", err
+	}
+	return cm.GetVersion()
+}

catalog/manager.go

@@ -0,0 +1,61 @@
+package catalog
+
+import (
+	"github.com/CycloneDX/cyclonedx-go"
+	"github.com/jfrog/jfrog-client-go/auth"
+	"github.com/jfrog/jfrog-client-go/catalog/services"
+	"github.com/jfrog/jfrog-client-go/config"
+	"github.com/jfrog/jfrog-client-go/http/jfroghttpclient"
+)
+
+// CatalogServicesManager defines the http client and general configuration
+type CatalogServicesManager struct {
+	client *jfroghttpclient.JfrogHttpClient
+	config config.Config
+	// Global reference to the provided project key, used for API endpoints that require it for authentication
+	scopeProjectKey string
+}
+
+// New creates a service manager to interact with Catalog
+func New(config config.Config) (*CatalogServicesManager, error) {
+	details := config.GetServiceDetails()
+	var err error
+	manager := &CatalogServicesManager{config: config}
+	manager.client, err = buildJFrogHttpClient(config, details)
+	return manager, err
+}
+
+func buildJFrogHttpClient(config config.Config, authDetails auth.ServiceDetails) (*jfroghttpclient.JfrogHttpClient, error) {
+	return jfroghttpclient.JfrogClientBuilder().
+		SetCertificatesPath(config.GetCertificatesPath()).
+		SetInsecureTls(config.IsInsecureTls()).
+		SetContext(config.GetContext()).
+		SetDialTimeout(config.GetDialTimeout()).
+		SetOverallRequestTimeout(config.GetOverallRequestTimeout()).
+		SetClientCertPath(authDetails.GetClientCertPath()).
+		SetClientCertKeyPath(authDetails.GetClientCertKeyPath()).
+		AppendPreRequestInterceptor(authDetails.RunPreRequestFunctions).
+		SetRetries(config.GetHttpRetries()).
+		SetRetryWaitMilliSecs(config.GetHttpRetryWaitMilliSecs()).
+		Build()
+}
+
+func (cm *CatalogServicesManager) SetProjectKey(projectKey string) *CatalogServicesManager {
+	cm.scopeProjectKey = projectKey
+	return cm
+}
+
+// GetVersion will return the Catalog version
+func (cm *CatalogServicesManager) GetVersion() (string, error) {
+	versionService := services.NewVersionService(cm.client)
+	versionService.CatalogDetails = cm.config.GetServiceDetails()
+	return versionService.GetVersion()
+}
+
+// Enrich will enrich the CycloneDX BOM with additional security information
+func (cm *CatalogServicesManager) Enrich(bom *cyclonedx.BOM) (*cyclonedx.BOM, error) {
+	enrichService := services.NewEnrichService(cm.client)
+	enrichService.CatalogDetails = cm.config.GetServiceDetails()
+	enrichService.ScopeProjectKey = cm.scopeProjectKey
+	return enrichService.Enrich(bom)
+}