From 43a586f0c3a52c6ccd2a770be0767c7944ad9b74 Mon Sep 17 00:00:00 2001 From: Tom Meadows Date: Wed, 17 Jan 2024 15:44:26 +0000 Subject: [PATCH] Adding support for supplying POM on Maven Attestor (#129) adding support for supplying POM Signed-off-by: chaosinthecrd --- attestation/maven/maven.go | 27 ++++++++++++++++---- attestation/maven/maven_test.go | 45 +++++++++++++++++++++++++-------- 2 files changed, 57 insertions(+), 15 deletions(-) diff --git a/attestation/maven/maven.go b/attestation/maven/maven.go index 9e50034d..6392c35a 100644 --- a/attestation/maven/maven.go +++ b/attestation/maven/maven.go @@ -24,12 +24,14 @@ import ( "github.com/in-toto/go-witness/attestation" "github.com/in-toto/go-witness/cryptoutil" "github.com/in-toto/go-witness/log" + "github.com/in-toto/go-witness/registry" ) const ( - Name = "maven" - Type = "https://witness.dev/attestations/maven/v0.1" - RunType = attestation.PreMaterialRunType + Name = "maven" + Type = "https://witness.dev/attestations/maven/v0.1" + RunType = attestation.PreMaterialRunType + defaultPomPath = "pom.xml" ) // This is a hacky way to create a compile time error in case the attestor @@ -42,7 +44,22 @@ var ( func init() { attestation.RegisterAttestation(Name, Type, RunType, func() attestation.Attestor { return New() - }) + }, + registry.StringConfigOption( + "pom-path", + fmt.Sprintf("The path to the Project Object Model (POM) XML file used for task being attested (default \"%s\").", defaultPomPath), + defaultPomPath, + func(a attestation.Attestor, pomPath string) (attestation.Attestor, error) { + mavAttestor, ok := a.(*Attestor) + if !ok { + return a, fmt.Errorf("unexpected attestor type: %T is not a maven attestor", a) + } + + WithPom(pomPath)(mavAttestor) + return mavAttestor, nil + }, + ), + ) } type Attestor struct { @@ -73,7 +90,7 @@ func WithPom(path string) Option { func New(opts ...Option) *Attestor { attestor := &Attestor{ - pomPath: "pom.xml", + pomPath: defaultPomPath, } for _, opt := range opts { diff --git a/attestation/maven/maven_test.go b/attestation/maven/maven_test.go index 9934433e..8e67ccd8 100644 --- a/attestation/maven/maven_test.go +++ b/attestation/maven/maven_test.go @@ -20,13 +20,12 @@ import ( "testing" "github.com/in-toto/go-witness/attestation" - "github.com/stretchr/testify/assert" "github.com/stretchr/testify/require" ) -func writeTempPomXml(t *testing.T) (string, error) { +func writeTempPomXml(t *testing.T, path string) (string, error) { tmpDir := t.TempDir() - pomPath := filepath.Join(tmpDir, "pom.xml") + pomPath := filepath.Join(tmpDir, path) file, err := os.Create(pomPath) if err != nil { return "", err @@ -41,13 +40,39 @@ func writeTempPomXml(t *testing.T) (string, error) { } func TestMaven(t *testing.T) { - pomPath, err := writeTempPomXml(t) - require.NoError(t, err) - attestor := New(WithPom(pomPath)) - ctx, err := attestation.NewContext([]attestation.Attestor{attestor}) - require.NoError(t, err) - err = attestor.Attest(ctx) - assert.NoError(t, err) + workingDir := t.TempDir() + + tests := []struct { + name string + pomPath string + }{ + {"no pom specified", ""}, + {"regular pom with custom name", "custom-pom.xml"}, + {"effective pom", "effective-pom.xml"}, + } + + for _, test := range tests { + var p string + var err error + if test.pomPath != "" { + p, err = writeTempPomXml(t, test.pomPath) + if err != nil { + t.Fatal(err) + } + } else { + p, err = writeTempPomXml(t, "pom.xml") + if err != nil { + t.Fatal(err) + } + } + + t.Run(test.name, func(t *testing.T) { + ctx, err := attestation.NewContext([]attestation.Attestor{}, attestation.WithWorkingDir(workingDir)) + require.NoError(t, err) + a := New(WithPom(p)) + require.NoError(t, a.Attest(ctx)) + }) + } } const testPomXml = `