add missing handling

Signed-off-by: Sylwester Piskozub <sylwesterpiskozub@gmail.com>

Author: Piskoo

app/controlplane/api/workflowcontract/v1/crafting_schema_validations.go

@@ -212,3 +212,44 @@ func validateIsDNS1123(name string) error {
 
 	return nil
 }
+
+// ValidateUniqueMaterialName validates that only one material definition
+// with the same ID is present in the schema
+func (contract *CraftingSchemaV2) ValidateUniqueMaterialName() error {
+	spec := contract.GetSpec()
+	if spec == nil {
+		return nil
+	}
+
+	materialNames := make(map[string]bool)
+	for _, m := range spec.GetMaterials() {
+		if _, found := materialNames[m.Name]; found {
+			return fmt.Errorf("material with name=%s is duplicated", m.Name)
+		}
+		materialNames[m.Name] = true
+	}
+
+	return nil
+}
+
+// ValidatePolicyAttachments validates policy references in the schema
+func (contract *CraftingSchemaV2) ValidatePolicyAttachments() error {
+	spec := contract.GetSpec()
+	if spec == nil || spec.GetPolicies() == nil {
+		return nil
+	}
+
+	policies := spec.GetPolicies()
+	attachments := append(policies.GetAttestation(), policies.GetMaterials()...)
+
+	for _, att := range attachments {
+		// Validate refs.
+		if att.GetRef() != "" {
+			if err := ValidatePolicyAttachmentRef(att.GetRef()); err != nil {
+				return fmt.Errorf("invalid reference %q: %w", att.GetRef(), err)
+			}
+		}
+	}
+
+	return nil
+}

app/controlplane/pkg/biz/workflowcontract.go

@@ -68,8 +68,20 @@ type Contract struct {
 	Raw []byte
 	// Detected format as provided by the user
 	Format unmarshal.RawFormat
-	// marhalled proto contract
+	// marshalled proto v1 contract
 	Schema *schemav1.CraftingSchema
+	// marshalled proto v2 contract
+	Schemav2 *schemav1.CraftingSchemaV2
+}
+
+// isV2Schema returns true if the contract uses the v2 CraftingSchema format
+func (c *Contract) isV2Schema() bool {
+	return c.Schemav2 != nil
+}
+
+// isV1Schema returns true if the contract uses the v1 CraftingSchema format
+func (c *Contract) isV1Schema() bool {
+	return c.Schema != nil
 }
 
 type WorkflowContractWithVersion struct {
@@ -388,20 +400,47 @@ func (uc *WorkflowContractUseCase) ValidateContractPolicies(rawSchema []byte, to
 		return NewErrValidation(err)
 	}
 
-	for _, att := range c.Schema.GetPolicies().GetAttestation() {
-		if _, err := uc.findAndValidatePolicy(att, token); err != nil {
-			return NewErrValidation(err)
+	switch {
+	case c.isV1Schema():
+		// Handle v1 schema
+		schema := c.Schema
+		for _, att := range schema.GetPolicies().GetAttestation() {
+			if _, err := uc.findAndValidatePolicy(att, token); err != nil {
+				return NewErrValidation(err)
+			}
 		}
-	}
-	for _, att := range c.Schema.GetPolicies().GetMaterials() {
-		if _, err := uc.findAndValidatePolicy(att, token); err != nil {
-			return NewErrValidation(err)
+		for _, att := range schema.GetPolicies().GetMaterials() {
+			if _, err := uc.findAndValidatePolicy(att, token); err != nil {
+				return NewErrValidation(err)
+			}
 		}
-	}
-	for _, gatt := range c.Schema.GetPolicyGroups() {
-		if _, err := uc.findPolicyGroup(gatt, token); err != nil {
-			return NewErrValidation(err)
+		for _, gatt := range schema.GetPolicyGroups() {
+			if _, err := uc.findPolicyGroup(gatt, token); err != nil {
+				return NewErrValidation(err)
+			}
+		}
+	case c.isV2Schema():
+		// Handle v2 schema
+		spec := c.Schemav2.GetSpec()
+		if spec.GetPolicies() != nil {
+			for _, att := range spec.GetPolicies().GetAttestation() {
+				if _, err := uc.findAndValidatePolicy(att, token); err != nil {
+					return NewErrValidation(err)
+				}
+			}
+			for _, att := range spec.GetPolicies().GetMaterials() {
+				if _, err := uc.findAndValidatePolicy(att, token); err != nil {
+					return NewErrValidation(err)
+				}
+			}
 		}
+		for _, gatt := range spec.GetPolicyGroups() {
+			if _, err := uc.findPolicyGroup(gatt, token); err != nil {
+				return NewErrValidation(err)
+			}
+		}
+	default:
+		return NewErrValidation(fmt.Errorf("invalid schema format"))
 	}
 
 	return nil
@@ -601,22 +640,36 @@ func (uc *WorkflowContractUseCase) findProvider(providerName string) (*policies.
 
 // UnmarshalAndValidateRawContract Takes the raw contract + format and will unmarshal the contract and validate it
 func UnmarshalAndValidateRawContract(raw []byte, format unmarshal.RawFormat) (*Contract, error) {
-	contract := &schemav1.CraftingSchema{}
-	err := unmarshal.FromRaw(raw, format, contract, true)
-	if err != nil {
-		return nil, NewErrValidation(err)
-	}
-
-	// Custom Validations
-	if err := contract.ValidateUniqueMaterialName(); err != nil {
-		return nil, NewErrValidation(err)
+	// Try parsing as v2 Contract format first
+	v2Contract := &schemav1.CraftingSchemaV2{}
+	v2Err := unmarshal.FromRaw(raw, format, v2Contract, true)
+	if v2Err == nil {
+		// Custom Validations
+		if err := v2Contract.ValidateUniqueMaterialName(); err != nil {
+			return nil, NewErrValidation(fmt.Errorf("unique material name validation failed: %w", err))
+		}
+		if err := v2Contract.ValidatePolicyAttachments(); err != nil {
+			return nil, NewErrValidation(fmt.Errorf("policy attachment validation failed: %w", err))
+		}
+		return &Contract{Raw: raw, Format: format, Schemav2: v2Contract}, nil
 	}
 
-	if err := contract.ValidatePolicyAttachments(); err != nil {
-		return nil, NewErrValidation(err)
+	// Fallback to v1 CraftingSchema format
+	v1Contract := &schemav1.CraftingSchema{}
+	v1Err := unmarshal.FromRaw(raw, format, v1Contract, true)
+	if v1Err == nil {
+		// Custom Validations
+		if err := v1Contract.ValidateUniqueMaterialName(); err != nil {
+			return nil, NewErrValidation(fmt.Errorf("unique material name validation failed: %w", err))
+		}
+		if err := v1Contract.ValidatePolicyAttachments(); err != nil {
+			return nil, NewErrValidation(fmt.Errorf("policy attachment validation failed: %w", err))
+		}
+		return &Contract{Raw: raw, Format: format, Schema: v1Contract}, nil
 	}
-
-	return &Contract{Raw: raw, Format: format, Schema: contract}, nil
+	// Both parsing attempts failed
+	// Best effort: provide errors for both schemas
+	return nil, NewErrValidation(fmt.Errorf("contract validation failed:\n  v2 Contract format error: %w\n  v1 CraftingSchema format error: %w", v2Err, v1Err))
 }
 
 // Will try to figure out the format of the raw contract and validate it

app/controlplane/pkg/data/workflowcontract.go

@@ -29,7 +29,6 @@ import (
 	"github.com/chainloop-dev/chainloop/app/controlplane/pkg/data/ent/workflow"
 	"github.com/chainloop-dev/chainloop/app/controlplane/pkg/data/ent/workflowcontract"
 	"github.com/chainloop-dev/chainloop/app/controlplane/pkg/data/ent/workflowcontractversion"
-	"github.com/chainloop-dev/chainloop/app/controlplane/pkg/unmarshal"
 
 	"github.com/go-kratos/kratos/v2/log"
 	"github.com/google/uuid"
@@ -358,12 +357,12 @@ func entContractVersionToBizContractVersion(w *ent.WorkflowContractVersion) (*bi
 		// Scenario 2: contracts that have been updated after the introduction of the raw_body field will have the raw_body field populated
 		// but we also want to keep the Body field populated for backward compatibility
 	} else if len(w.Body) == 0 {
-		schema := &schemav1.CraftingSchema{}
-		err := unmarshal.FromRaw(w.RawBody, w.RawBodyFormat, schema, false)
+		parsedContract, err := biz.UnmarshalAndValidateRawContract(w.RawBody, w.RawBodyFormat)
 		if err != nil {
 			return nil, fmt.Errorf("failed to unmarshal raw body: %w", err)
 		}
-		contract.Schema = schema
+		contract.Schema = parsedContract.Schema
+		contract.Schemav2 = parsedContract.Schemav2
 	}
 
 	return &biz.WorkflowContractVersion{