diff --git a/cmd/kosli/cli_utils.go b/cmd/kosli/cli_utils.go index 6e07e903..fa233f7b 100644 --- a/cmd/kosli/cli_utils.go +++ b/cmd/kosli/cli_utils.go @@ -4,7 +4,6 @@ import ( "encoding/json" "fmt" "io" - "net/http" urlPackage "net/url" "os" "path/filepath" @@ -19,7 +18,6 @@ import ( "github.com/kosli-dev/cli/internal/digest" "github.com/kosli-dev/cli/internal/gitview" log "github.com/kosli-dev/cli/internal/logger" - "github.com/kosli-dev/cli/internal/requests" "github.com/kosli-dev/cli/internal/utils" cp "github.com/otiai10/copy" "github.com/spf13/cobra" @@ -311,92 +309,6 @@ func GetFlagFromVarName(varName string) string { return result } -type registryProviderEndpoints struct { - mainApi string - authApi string - service string -} - -func getRegistryEndpointForProvider(provider string) (*registryProviderEndpoints, error) { - switch provider { - case "dockerhub": - return ®istryProviderEndpoints{ - mainApi: "https://registry-1.docker.io/v2", - authApi: "https://auth.docker.io", - service: "registry.docker.io", - }, nil - case "github": - return ®istryProviderEndpoints{ - mainApi: "https://ghcr.io/v2", - authApi: "https://ghcr.io", - service: "ghcr.io", - }, nil - - default: - return getRegistryEndpoint(provider) - } -} - -func getRegistryEndpoint(url string) (*registryProviderEndpoints, error) { - url = strings.TrimPrefix(url, "https://") - url = strings.Split(url, "/")[0] - - return ®istryProviderEndpoints{ - mainApi: "https://" + url + "/v2", - authApi: "https://" + url + "/oauth2", - service: url, - }, nil -} - -// getDockerRegistryAPIToken returns a short-lived read-only api token for a docker registry api -func getDockerRegistryAPIToken(providerInfo *registryProviderEndpoints, username, password, imageName string) (string, error) { - var res *requests.HTTPResponse - var err error - - if strings.Contains(providerInfo.service, "jfrog") { - url := "https://" + providerInfo.service + "/artifactory/api/security/token" - - form := urlPackage.Values{} - form.Add("username", username) - form.Add("scope", "member-of-groups:readers") - form.Add("expires_in", "60") - - reqParams := &requests.RequestParams{ - Method: http.MethodPost, - URL: url, - Payload: form.Encode(), - Username: username, - Password: password, - AdditionalHeaders: map[string]string{"Content-Type": "application/x-www-form-urlencoded"}, - } - res, err = kosliClient.Do(reqParams) - } else { - url := fmt.Sprintf("%s/token?scope=repository:%s:pull&service=%s", providerInfo.authApi, imageName, providerInfo.service) - reqParams := &requests.RequestParams{ - Method: http.MethodGet, - URL: url, - Username: username, - Password: password, - } - res, err = kosliClient.Do(reqParams) - } - - if err != nil { - return "", fmt.Errorf("failed to create an authentication token for the docker registry: %v %v", err, res) - } - - var responseData map[string]interface{} - err = json.Unmarshal([]byte(res.Body), &responseData) - if err != nil { - return "", err - } - token := responseData["token"] - if token == nil { - token = responseData["access_token"] - } - return token.(string), nil -} - // GetSha256Digest calculates the sha256 digest of an artifact. // Supported artifact types are: dir, file, docker func GetSha256Digest(artifactName string, o *fingerprintOptions, logger *log.Logger) (string, error) { diff --git a/cmd/kosli/cli_utils_test.go b/cmd/kosli/cli_utils_test.go index ad1d6e36..8fc5a059 100644 --- a/cmd/kosli/cli_utils_test.go +++ b/cmd/kosli/cli_utils_test.go @@ -561,45 +561,6 @@ func (suite *CliUtilsTestSuite) TestValidateArtifactArg() { } } -func (suite *CliUtilsTestSuite) TestGetRegistryEndpointForProvider() { - for _, t := range []struct { - name string - provider string - want *registryProviderEndpoints - expectError bool - }{ - { - name: "github provider returns expected endpoints", - provider: "github", - want: ®istryProviderEndpoints{ - mainApi: "https://ghcr.io/v2", - authApi: "https://ghcr.io", - service: "ghcr.io", - }, - }, - { - name: "dockerhub provider returns expected endpoints", - provider: "dockerhub", - want: ®istryProviderEndpoints{ - mainApi: "https://registry-1.docker.io/v2", - authApi: "https://auth.docker.io", - service: "registry.docker.io", - }, - }, - } { - suite.Run(t.name, func() { - endpoints, err := getRegistryEndpointForProvider(t.provider) - if t.expectError { - require.Errorf(suite.T(), err, "error was expected but got none") - } else { - require.NoErrorf(suite.T(), err, "error was NOT expected but got %v", err) - require.Equalf(suite.T(), t.want, endpoints, - "TestGetRegistryEndpointForProvider: got %v -- want %v", t.want, endpoints) - } - }) - } -} - func (suite *CliUtilsTestSuite) TestValidateRegistryFlags() { for _, t := range []struct { name string @@ -610,16 +571,14 @@ func (suite *CliUtilsTestSuite) TestValidateRegistryFlags() { name: "registry flags are valid", options: &fingerprintOptions{ artifactType: "docker", - registryProvider: "dockerhub", registryUsername: "user", registryPassword: "pass", }, }, { - name: "non-docker type with registry flags set casues an error", + name: "non-docker type with registry flags set causes an error", options: &fingerprintOptions{ artifactType: "file", - registryProvider: "dockerhub", registryUsername: "user", registryPassword: "pass", }, @@ -629,7 +588,6 @@ func (suite *CliUtilsTestSuite) TestValidateRegistryFlags() { name: "missing username causes an error", options: &fingerprintOptions{ artifactType: "docker", - registryProvider: "dockerhub", registryPassword: "pass", }, expectError: true, @@ -638,36 +596,10 @@ func (suite *CliUtilsTestSuite) TestValidateRegistryFlags() { name: "missing password causes an error", options: &fingerprintOptions{ artifactType: "docker", - registryProvider: "dockerhub", registryUsername: "user", }, expectError: true, }, - { - name: "missing provider causes an error 1", - options: &fingerprintOptions{ - artifactType: "docker", - registryUsername: "user", - registryPassword: "pass", - }, - expectError: true, - }, - { - name: "missing provider causes an error 2", - options: &fingerprintOptions{ - artifactType: "docker", - registryUsername: "user", - }, - expectError: true, - }, - { - name: "missing provider causes an error 3", - options: &fingerprintOptions{ - artifactType: "docker", - registryPassword: "pass", - }, - expectError: true, - }, } { suite.Run(t.name, func() { err := ValidateRegistryFlags(&cobra.Command{}, t.options) diff --git a/cmd/kosli/testdata/output/docs/snyk.md b/cmd/kosli/testdata/output/docs/snyk.md index e5dc43a1..bc1f614f 100644 --- a/cmd/kosli/testdata/output/docs/snyk.md +++ b/cmd/kosli/testdata/output/docs/snyk.md @@ -37,7 +37,7 @@ snyk [IMAGE-NAME | FILE-PATH | DIR-PATH] [flags] | Flag | Description | | :--- | :--- | | --annotate stringToString | [optional] Annotate the attestation with data using key=value. | -| -t, --artifact-type string | The type of the artifact to calculate its SHA256 fingerprint. One of: [docker, file, dir]. Only required if you want Kosli to calculate the fingerprint for you (i.e. when you don't specify '--fingerprint' on commands that allow it). | +| -t, --artifact-type string | The type of the artifact to calculate its SHA256 fingerprint. One of: [oci, docker, file, dir]. Only required if you want Kosli to calculate the fingerprint for you (i.e. when you don't specify '--fingerprint' on commands that allow it). | | --attachments strings | [optional] The comma-separated list of paths of attachments for the reported attestation. Attachments can be files or directories. All attachments are compressed and uploaded to Kosli's evidence vault. | | -g, --commit string | [conditional] The git commit for which the attestation is associated to. Becomes required when reporting an attestation for an artifact before reporting it to Kosli. (defaulted in some CIs: https://docs.kosli.com/ci-defaults ). | | --description string | [optional] attestation description | @@ -51,9 +51,8 @@ snyk [IMAGE-NAME | FILE-PATH | DIR-PATH] [flags] | -n, --name string | The name of the attestation as declared in the flow or trail yaml template. | | -o, --origin-url string | [optional] The url pointing to where the attestation came from or is related. (defaulted to the CI url in some CIs: https://docs.kosli.com/ci-defaults ). | | --redact-commit-info strings | [optional] The list of commit info to be redacted before sending to Kosli. Allowed values are one or more of [author, message, branch]. | -| --registry-password string | [conditional] The docker registry password or access token. Only required if you want to read docker image SHA256 digest from a remote docker registry. | -| --registry-provider string | [conditional] The docker registry provider or url. Only required if you want to read docker image SHA256 digest from a remote docker registry. | -| --registry-username string | [conditional] The docker registry username. Only required if you want to read docker image SHA256 digest from a remote docker registry. | +| --registry-password string | [conditional] The container registry password or access token. Only required if you want to read container image SHA256 digest from a remote container registry. | +| --registry-username string | [conditional] The container registry username. Only required if you want to read container image SHA256 digest from a remote container registry. | | --repo-root string | [defaulted] The directory where the source git repository is available. Only used if --commit is used. (default ".") | | -R, --scan-results string | The path to Snyk scan SARIF results file from 'snyk test' and 'snyk container test'. By default, the Snyk results will be uploaded to Kosli's evidence vault. | | -T, --trail string | The Kosli trail name. |