diff --git a/cmd/kosli/assertSnapshot_test.go b/cmd/kosli/assertSnapshot_test.go index 08f7a7df..20e8ed34 100644 --- a/cmd/kosli/assertSnapshot_test.go +++ b/cmd/kosli/assertSnapshot_test.go @@ -69,12 +69,13 @@ func (suite *AssertSnapshotCommandTestSuite) TestAssertSnapshotCmd() { golden: "Error: Environment named 'non-existing' does not exist for organization 'docs-cmd-test-user'\n", }, { - name: "asserting a compliant env results in COMPLIANT and zero exit", - cmd: fmt.Sprintf(`assert snapshot %s %s`, suite.envName, suite.defaultKosliArguments), + wantError: true, + name: "asserting a non compliant env results in INCOMPLIANT and zero exit", + cmd: fmt.Sprintf(`assert snapshot %s %s`, suite.envName, suite.defaultKosliArguments), additionalConfig: assertSnapshotTestConfig{ reportToEnv: true, }, - golden: "COMPLIANT\n", + golden: "Error: INCOMPLIANT\n", }, } diff --git a/cmd/kosli/attestGeneric_test.go b/cmd/kosli/attestGeneric_test.go index 67d9f089..b9bdc118 100644 --- a/cmd/kosli/attestGeneric_test.go +++ b/cmd/kosli/attestGeneric_test.go @@ -80,25 +80,25 @@ func (suite *AttestGenericCommandTestSuite) TestAttestGenericCmd() { { wantError: true, name: "fails when both --fingerprint and --artifact-type", - cmd: fmt.Sprintf("attest generic testdata/file1 --fingerprint xxxx --artifact-type file --name bar --commit HEAD --origin-url example.com %s", suite.defaultKosliArguments), + cmd: fmt.Sprintf("attest generic testdata/file1 --fingerprint xxxx --artifact-type file --name bar --commit HEAD --origin-url http://example.com %s", suite.defaultKosliArguments), golden: "Error: only one of --fingerprint, --artifact-type is allowed\n", }, { wantError: true, name: "fails when --fingerprint is not valid", - cmd: fmt.Sprintf("attest generic --name foo --fingerprint xxxx --commit HEAD --origin-url example.com %s", suite.defaultKosliArguments), + cmd: fmt.Sprintf("attest generic --name foo --fingerprint xxxx --commit HEAD --origin-url http://example.com %s", suite.defaultKosliArguments), golden: "Error: xxxx is not a valid SHA256 fingerprint. It should match the pattern ^([a-f0-9]{64})$\nUsage: kosli attest generic [IMAGE-NAME | FILE-PATH | DIR-PATH] [flags]\n", }, { wantError: true, name: "attesting against an artifact that does not exist fails", - cmd: fmt.Sprintf("attest generic --fingerprint 1234e5bda0c762d2bac7f90d758b5b2263fa01ccbc542ab5e3df163be08e6ca9 --name foo --commit HEAD --origin-url example.com %s", suite.defaultKosliArguments), + cmd: fmt.Sprintf("attest generic --fingerprint 1234e5bda0c762d2bac7f90d758b5b2263fa01ccbc542ab5e3df163be08e6ca9 --name foo --commit HEAD --origin-url http://example.com %s", suite.defaultKosliArguments), golden: "Error: Artifact with fingerprint 1234e5bda0c762d2bac7f90d758b5b2263fa01ccbc542ab5e3df163be08e6ca9 does not exist in trail \"test-123\" of flow \"attest-generic\" belonging to organization \"docs-cmd-test-user\"\n", }, { wantError: true, name: "fails when --name is passed as empty string", - cmd: fmt.Sprintf("attest generic --name \"\" --commit HEAD --origin-url example.com %s", suite.defaultKosliArguments), + cmd: fmt.Sprintf("attest generic --name \"\" --commit HEAD --origin-url http://example.com %s", suite.defaultKosliArguments), golden: "Error: flag '--name' is required, but empty string was provided\n", }, { @@ -108,32 +108,32 @@ func (suite *AttestGenericCommandTestSuite) TestAttestGenericCmd() { }, { name: "can attest generic against an artifact using artifact name and --artifact-type", - cmd: fmt.Sprintf("attest generic testdata/file1 --artifact-type file --name foo --commit HEAD --origin-url example.com %s", suite.defaultKosliArguments), + cmd: fmt.Sprintf("attest generic testdata/file1 --artifact-type file --name foo --commit HEAD --origin-url http://example.com %s", suite.defaultKosliArguments), golden: "generic attestation 'foo' is reported to trail: test-123\n", }, { name: "can attest generic against an artifact using artifact name and --artifact-type when --name does not exist in the trail template", - cmd: fmt.Sprintf("attest generic testdata/file1 --artifact-type file --name bar --commit HEAD --origin-url example.com %s", suite.defaultKosliArguments), + cmd: fmt.Sprintf("attest generic testdata/file1 --artifact-type file --name bar --commit HEAD --origin-url http://example.com %s", suite.defaultKosliArguments), golden: "generic attestation 'bar' is reported to trail: test-123\n", }, { name: "can attest generic against an artifact using --fingerprint and no artifact-name", - cmd: fmt.Sprintf("attest generic --fingerprint 7509e5bda0c762d2bac7f90d758b5b2263fa01ccbc542ab5e3df163be08e6ca9 --name foo --commit HEAD --origin-url example.com %s", suite.defaultKosliArguments), + cmd: fmt.Sprintf("attest generic --fingerprint 7509e5bda0c762d2bac7f90d758b5b2263fa01ccbc542ab5e3df163be08e6ca9 --name foo --commit HEAD --origin-url http://example.com %s", suite.defaultKosliArguments), golden: "generic attestation 'foo' is reported to trail: test-123\n", }, { name: "can attest generic against a trail", - cmd: fmt.Sprintf("attest generic --name bar --commit HEAD --origin-url example.com %s", suite.defaultKosliArguments), + cmd: fmt.Sprintf("attest generic --name bar --commit HEAD --origin-url http://example.com %s", suite.defaultKosliArguments), golden: "generic attestation 'bar' is reported to trail: test-123\n", }, { name: "can attest generic against a trail when name is not found in the trail template", - cmd: fmt.Sprintf("attest generic --name additional --commit HEAD --origin-url example.com %s", suite.defaultKosliArguments), + cmd: fmt.Sprintf("attest generic --name additional --commit HEAD --origin-url http://example.com %s", suite.defaultKosliArguments), golden: "generic attestation 'additional' is reported to trail: test-123\n", }, { name: "can attest generic against an artifact it is created using dot syntax in --name", - cmd: fmt.Sprintf("attest generic --name cli.foo --commit HEAD --origin-url example.com %s", suite.defaultKosliArguments), + cmd: fmt.Sprintf("attest generic --name cli.foo --commit HEAD --origin-url http://example.com %s", suite.defaultKosliArguments), golden: "generic attestation 'foo' is reported to trail: test-123\n", }, { diff --git a/cmd/kosli/attestJunit_test.go b/cmd/kosli/attestJunit_test.go index f20c3cec..561c6082 100644 --- a/cmd/kosli/attestJunit_test.go +++ b/cmd/kosli/attestJunit_test.go @@ -50,54 +50,54 @@ func (suite *AttestJunitCommandTestSuite) TestAttestJunitCmd() { { wantError: true, name: "fails when both --fingerprint and --artifact-type", - cmd: fmt.Sprintf("attest junit testdata/file1 --fingerprint xxxx --artifact-type file --name bar --commit HEAD --origin-url example.com %s", suite.defaultKosliArguments), + cmd: fmt.Sprintf("attest junit testdata/file1 --fingerprint xxxx --artifact-type file --name bar --commit HEAD --origin-url http://example.com %s", suite.defaultKosliArguments), golden: "Error: only one of --fingerprint, --artifact-type is allowed\n", }, { wantError: true, name: "fails when --fingerprint is not valid", - cmd: fmt.Sprintf("attest junit --name foo --fingerprint xxxx --commit HEAD --origin-url example.com %s", suite.defaultKosliArguments), + cmd: fmt.Sprintf("attest junit --name foo --fingerprint xxxx --commit HEAD --origin-url http://example.com %s", suite.defaultKosliArguments), golden: "Error: xxxx is not a valid SHA256 fingerprint. It should match the pattern ^([a-f0-9]{64})$\nUsage: kosli attest junit [IMAGE-NAME | FILE-PATH | DIR-PATH] [flags]\n", }, { wantError: true, name: "attesting against an artifact that does not exist fails", - cmd: fmt.Sprintf("attest junit --fingerprint 1234e5bda0c762d2bac7f90d758b5b2263fa01ccbc542ab5e3df163be08e6ca9 --name foo --commit HEAD --origin-url example.com --results-dir testdata %s", suite.defaultKosliArguments), + cmd: fmt.Sprintf("attest junit --fingerprint 1234e5bda0c762d2bac7f90d758b5b2263fa01ccbc542ab5e3df163be08e6ca9 --name foo --commit HEAD --origin-url http://example.com --results-dir testdata %s", suite.defaultKosliArguments), golden: "Error: Artifact with fingerprint 1234e5bda0c762d2bac7f90d758b5b2263fa01ccbc542ab5e3df163be08e6ca9 does not exist in trail \"test-123\" of flow \"attest-junit\" belonging to organization \"docs-cmd-test-user\"\n", }, { name: "can attest junit against an artifact using artifact name and --artifact-type", - cmd: fmt.Sprintf("attest junit testdata/file1 --artifact-type file --name foo --commit HEAD --origin-url example.com --results-dir testdata %s", suite.defaultKosliArguments), + cmd: fmt.Sprintf("attest junit testdata/file1 --artifact-type file --name foo --commit HEAD --origin-url http://example.com --results-dir testdata %s", suite.defaultKosliArguments), golden: "junit attestation 'foo' is reported to trail: test-123\n", }, { name: "can attest junit against an artifact using artifact name and --artifact-type when --name does not exist in the trail template", - cmd: fmt.Sprintf("attest junit testdata/file1 --artifact-type file --name bar --commit HEAD --origin-url example.com --results-dir testdata %s", suite.defaultKosliArguments), + cmd: fmt.Sprintf("attest junit testdata/file1 --artifact-type file --name bar --commit HEAD --origin-url http://example.com --results-dir testdata %s", suite.defaultKosliArguments), golden: "junit attestation 'bar' is reported to trail: test-123\n", }, { name: "can attest junit against an artifact using --fingerprint", - cmd: fmt.Sprintf("attest junit --fingerprint 7509e5bda0c762d2bac7f90d758b5b2263fa01ccbc542ab5e3df163be08e6ca9 --name foo --commit HEAD --origin-url example.com --results-dir testdata %s", suite.defaultKosliArguments), + cmd: fmt.Sprintf("attest junit --fingerprint 7509e5bda0c762d2bac7f90d758b5b2263fa01ccbc542ab5e3df163be08e6ca9 --name foo --commit HEAD --origin-url http://example.com --results-dir testdata %s", suite.defaultKosliArguments), golden: "junit attestation 'foo' is reported to trail: test-123\n", }, { name: "can attest junit against a trail", - cmd: fmt.Sprintf("attest junit --name bar --commit HEAD --origin-url example.com --results-dir testdata %s", suite.defaultKosliArguments), + cmd: fmt.Sprintf("attest junit --name bar --commit HEAD --origin-url http://example.com --results-dir testdata %s", suite.defaultKosliArguments), golden: "junit attestation 'bar' is reported to trail: test-123\n", }, { name: "can attest junit against a trail when name is not found in the trail template", - cmd: fmt.Sprintf("attest junit --name additional --commit HEAD --origin-url example.com --results-dir testdata %s", suite.defaultKosliArguments), + cmd: fmt.Sprintf("attest junit --name additional --commit HEAD --origin-url http://example.com --results-dir testdata %s", suite.defaultKosliArguments), golden: "junit attestation 'additional' is reported to trail: test-123\n", }, { name: "can attest junit against an artifact it is created using dot syntax in --name", - cmd: fmt.Sprintf("attest junit --name cli.foo --commit HEAD --origin-url example.com --results-dir testdata %s", suite.defaultKosliArguments), + cmd: fmt.Sprintf("attest junit --name cli.foo --commit HEAD --origin-url http://example.com --results-dir testdata %s", suite.defaultKosliArguments), golden: "junit attestation 'foo' is reported to trail: test-123\n", }, { name: "can attest junit with external-url and external-fingerprint against a trail", - cmd: fmt.Sprintf(`attest junit --name bar --commit HEAD --origin-url example.com --results-dir testdata + cmd: fmt.Sprintf(`attest junit --name bar --commit HEAD --origin-url http://example.com --results-dir testdata --external-url file=https://foo.com/file --external-fingerprint file=7509e5bda0c762d2bac7f90d758b5b2263fa01ccbc542ab5e3df163be08e6ca9 %s`, suite.defaultKosliArguments), golden: "junit attestation 'bar' is reported to trail: test-123\n", @@ -105,20 +105,20 @@ func (suite *AttestJunitCommandTestSuite) TestAttestJunitCmd() { { wantError: true, name: "fails when external-fingerprint has more items than external-url", - cmd: fmt.Sprintf(`attest junit --name bar --commit HEAD --origin-url example.com --results-dir testdata + cmd: fmt.Sprintf(`attest junit --name bar --commit HEAD --origin-url http://example.com --results-dir testdata --external-fingerprint file=7509e5bda0c762d2bac7f90d758b5b2263fa01ccbc542ab5e3df163be08e6ca9 %s`, suite.defaultKosliArguments), golden: "Error: --external-fingerprints have labels that don't have a URL in --external-url\n", }, { name: "can attest with annotations against a trail", - cmd: fmt.Sprintf(`attest junit --name bar --commit HEAD --origin-url example.com --results-dir testdata + cmd: fmt.Sprintf(`attest junit --name bar --commit HEAD --origin-url http://example.com --results-dir testdata --annotate foo=bar --annotate baz=qux %s`, suite.defaultKosliArguments), golden: "junit attestation 'bar' is reported to trail: test-123\n", }, { wantError: true, name: "fails when annotation is not valid", - cmd: fmt.Sprintf(`attest junit --name bar --commit HEAD --origin-url example.com --results-dir testdata + cmd: fmt.Sprintf(`attest junit --name bar --commit HEAD --origin-url http://example.com --results-dir testdata --annotate foo.bar=bar %s`, suite.defaultKosliArguments), golden: "Error: --annotate flag should be in the format key=value. Invalid key: 'foo.bar'. Key can only contain [A-Za-z0-9_].\n", }, diff --git a/cmd/kosli/attestSnyk_test.go b/cmd/kosli/attestSnyk_test.go index c0b1ea50..9bf84850 100644 --- a/cmd/kosli/attestSnyk_test.go +++ b/cmd/kosli/attestSnyk_test.go @@ -50,60 +50,60 @@ func (suite *AttestSnykCommandTestSuite) TestAttestSnykCmd() { { wantError: true, name: "fails when both --fingerprint and --artifact-type", - cmd: fmt.Sprintf("attest snyk testdata/file1 --fingerprint xxxx --artifact-type file --name bar --commit HEAD --origin-url example.com %s", suite.defaultKosliArguments), + cmd: fmt.Sprintf("attest snyk testdata/file1 --fingerprint xxxx --artifact-type file --name bar --commit HEAD --origin-url https://example.com %s", suite.defaultKosliArguments), golden: "Error: only one of --fingerprint, --artifact-type is allowed\n", }, { wantError: true, name: "fails when --fingerprint is not valid", - cmd: fmt.Sprintf("attest snyk --name foo --fingerprint xxxx --commit HEAD --origin-url example.com %s", suite.defaultKosliArguments), + cmd: fmt.Sprintf("attest snyk --name foo --fingerprint xxxx --commit HEAD --origin-url https://example.com %s", suite.defaultKosliArguments), golden: "Error: xxxx is not a valid SHA256 fingerprint. It should match the pattern ^([a-f0-9]{64})$\nUsage: kosli attest snyk [IMAGE-NAME | FILE-PATH | DIR-PATH] [flags]\n", }, { wantError: true, name: "attesting against an artifact that does not exist fails", - cmd: fmt.Sprintf("attest snyk --fingerprint 1234e5bda0c762d2bac7f90d758b5b2263fa01ccbc542ab5e3df163be08e6ca9 --name foo --commit HEAD --origin-url example.com --scan-results testdata/snyk_sarif.json %s", suite.defaultKosliArguments), + cmd: fmt.Sprintf("attest snyk --fingerprint 1234e5bda0c762d2bac7f90d758b5b2263fa01ccbc542ab5e3df163be08e6ca9 --name foo --commit HEAD --origin-url https://example.com --scan-results testdata/snyk_sarif.json %s", suite.defaultKosliArguments), golden: "Error: Artifact with fingerprint 1234e5bda0c762d2bac7f90d758b5b2263fa01ccbc542ab5e3df163be08e6ca9 does not exist in trail \"test-123\" of flow \"attest-snyk\" belonging to organization \"docs-cmd-test-user\"\n", }, { wantError: true, name: "fails when --snyk-results is missing", - cmd: fmt.Sprintf("attest snyk testdata/file1 --artifact-type file --name foo --commit HEAD --origin-url example.com %s", suite.defaultKosliArguments), + cmd: fmt.Sprintf("attest snyk testdata/file1 --artifact-type file --name foo --commit HEAD --origin-url https://example.com %s", suite.defaultKosliArguments), golden: "Error: required flag(s) \"scan-results\" not set\n", }, { name: "can attest snyk against an artifact using artifact name and --artifact-type", - cmd: fmt.Sprintf("attest snyk testdata/file1 --artifact-type file --name foo --commit HEAD --origin-url example.com --scan-results testdata/snyk_sarif.json %s", suite.defaultKosliArguments), + cmd: fmt.Sprintf("attest snyk testdata/file1 --artifact-type file --name foo --commit HEAD --origin-url https://example.com --scan-results testdata/snyk_sarif.json %s", suite.defaultKosliArguments), golden: "snyk attestation 'foo' is reported to trail: test-123\n", }, { name: "can attest snyk against an artifact using artifact name and --artifact-type when --name does not exist in the trail template", - cmd: fmt.Sprintf("attest snyk testdata/file1 --artifact-type file --name bar --commit HEAD --origin-url example.com --scan-results testdata/snyk_sarif.json %s", suite.defaultKosliArguments), + cmd: fmt.Sprintf("attest snyk testdata/file1 --artifact-type file --name bar --commit HEAD --origin-url https://example.com --scan-results testdata/snyk_sarif.json %s", suite.defaultKosliArguments), golden: "snyk attestation 'bar' is reported to trail: test-123\n", }, { name: "can attest snyk against an artifact using --fingerprint", - cmd: fmt.Sprintf("attest snyk --fingerprint 7509e5bda0c762d2bac7f90d758b5b2263fa01ccbc542ab5e3df163be08e6ca9 --name foo --commit HEAD --origin-url example.com --scan-results testdata/snyk_sarif.json %s", suite.defaultKosliArguments), + cmd: fmt.Sprintf("attest snyk --fingerprint 7509e5bda0c762d2bac7f90d758b5b2263fa01ccbc542ab5e3df163be08e6ca9 --name foo --commit HEAD --origin-url https://example.com --scan-results testdata/snyk_sarif.json %s", suite.defaultKosliArguments), golden: "snyk attestation 'foo' is reported to trail: test-123\n", }, { name: "can attest snyk against a trail", - cmd: fmt.Sprintf("attest snyk --name bar --commit HEAD --origin-url example.com --scan-results testdata/snyk_sarif.json %s", suite.defaultKosliArguments), + cmd: fmt.Sprintf("attest snyk --name bar --commit HEAD --origin-url https://example.com --scan-results testdata/snyk_sarif.json %s", suite.defaultKosliArguments), golden: "snyk attestation 'bar' is reported to trail: test-123\n", }, { name: "can attest snyk against a trail when name is not found in the trail template", - cmd: fmt.Sprintf("attest snyk --name additional --commit HEAD --origin-url example.com --scan-results testdata/snyk_sarif.json %s", suite.defaultKosliArguments), + cmd: fmt.Sprintf("attest snyk --name additional --commit HEAD --origin-url https://example.com --scan-results testdata/snyk_sarif.json %s", suite.defaultKosliArguments), golden: "snyk attestation 'additional' is reported to trail: test-123\n", }, { name: "can attest snyk against an artifact it is created using dot syntax in --name", - cmd: fmt.Sprintf("attest snyk --name cli.foo --commit HEAD --origin-url example.com --scan-results testdata/snyk_sarif.json %s", suite.defaultKosliArguments), + cmd: fmt.Sprintf("attest snyk --name cli.foo --commit HEAD --origin-url https://example.com --scan-results testdata/snyk_sarif.json %s", suite.defaultKosliArguments), golden: "snyk attestation 'foo' is reported to trail: test-123\n", }, { name: "can attest snyk against with external-url and external-fingerprint a trail", - cmd: fmt.Sprintf(`attest snyk --name bar --commit HEAD --origin-url example.com + cmd: fmt.Sprintf(`attest snyk --name bar --commit HEAD --origin-url https://example.com --external-url file=https://example.com/file --external-url other=https://other.com --external-fingerprint file=7509e5bda0c762d2bac7f90d758b5b2263fa01ccbc542ab5e3df163be08e6ca9 --scan-results testdata/snyk_sarif.json %s`, suite.defaultKosliArguments), @@ -111,7 +111,7 @@ func (suite *AttestSnykCommandTestSuite) TestAttestSnykCmd() { }, { name: "can attest with annotations against a trail", - cmd: fmt.Sprintf(`attest snyk --name bar --commit HEAD --origin-url example.com + cmd: fmt.Sprintf(`attest snyk --name bar --commit HEAD --origin-url https://example.com --annotate foo=bar --annotate baz=qux --scan-results testdata/snyk_sarif.json %s`, suite.defaultKosliArguments), golden: "snyk attestation 'bar' is reported to trail: test-123\n", @@ -119,7 +119,7 @@ func (suite *AttestSnykCommandTestSuite) TestAttestSnykCmd() { { wantError: true, name: "fails when annotation is not valid", - cmd: fmt.Sprintf(`attest snyk --name bar --commit HEAD --origin-url example.com + cmd: fmt.Sprintf(`attest snyk --name bar --commit HEAD --origin-url https://example.com --annotate foo.baz=bar --scan-results testdata/snyk_sarif.json %s`, suite.defaultKosliArguments), golden: "Error: --annotate flag should be in the format key=value. Invalid key: 'foo.baz'. Key can only contain [A-Za-z0-9_].\n",