From dbc06aca5be182235c6272d13a82b61f79caa649 Mon Sep 17 00:00:00 2001 From: Miguel Martinez Trivino Date: Thu, 9 Nov 2023 13:14:42 +0100 Subject: [PATCH] feat(cli): retrieve worklowRun by attestation digest Signed-off-by: Miguel Martinez Trivino --- app/cli/cmd/workflow_workflow_run_describe.go | 13 +++++++++---- app/cli/internal/action/workflow_run_describe.go | 16 +++++++++++----- 2 files changed, 20 insertions(+), 9 deletions(-) diff --git a/app/cli/cmd/workflow_workflow_run_describe.go b/app/cli/cmd/workflow_workflow_run_describe.go index c8f646277..37e4b3bea 100644 --- a/app/cli/cmd/workflow_workflow_run_describe.go +++ b/app/cli/cmd/workflow_workflow_run_describe.go @@ -16,6 +16,7 @@ package cmd import ( + "context" "errors" "fmt" "os" @@ -32,7 +33,7 @@ const formatStatement = "statement" const formatAttestation = "attestation" func newWorkflowWorkflowRunDescribeCmd() *cobra.Command { - var runID, publicKey string + var runID, attestationDigest, publicKey string var verifyAttestation bool // TODO: Replace by retrieving key from rekor const signingKeyEnvVarName = "CHAINLOOP_SIGNING_PUBLIC_KEY" @@ -44,10 +45,15 @@ func newWorkflowWorkflowRunDescribeCmd() *cobra.Command { if verifyAttestation && publicKey == "" { return errors.New("a public key needs to be provided for verification") } + + if runID == "" && attestationDigest == "" { + return errors.New("either a run ID or the attestation digest needs to be provided") + } + return nil }, RunE: func(cmd *cobra.Command, args []string) error { - res, err := action.NewWorkflowRunDescribe(actionOpts).Run(runID, verifyAttestation, publicKey) + res, err := action.NewWorkflowRunDescribe(actionOpts).Run(context.Background(), runID, attestationDigest, verifyAttestation, publicKey) if err != nil { return err } @@ -57,8 +63,7 @@ func newWorkflowWorkflowRunDescribeCmd() *cobra.Command { } cmd.Flags().StringVar(&runID, "id", "", "workflow Run ID") - err := cmd.MarkFlagRequired("id") - cobra.CheckErr(err) + cmd.Flags().StringVar(&attestationDigest, "digest", "", "content digest of the attestation") cmd.Flags().BoolVar(&verifyAttestation, "verify", false, "verify the attestation") cmd.Flags().StringVar(&publicKey, "key", "", fmt.Sprintf("public key used to verify the attestation. Note: You can also use env variable %s", signingKeyEnvVarName)) diff --git a/app/cli/internal/action/workflow_run_describe.go b/app/cli/internal/action/workflow_run_describe.go index 719130e55..b5833c282 100644 --- a/app/cli/internal/action/workflow_run_describe.go +++ b/app/cli/internal/action/workflow_run_describe.go @@ -80,11 +80,17 @@ func NewWorkflowRunDescribe(cfg *ActionsOpts) *WorkflowRunDescribe { return &WorkflowRunDescribe{cfg} } -func (action *WorkflowRunDescribe) Run(runID string, verify bool, publicKey string) (*WorkflowRunItemFull, error) { +func (action *WorkflowRunDescribe) Run(ctx context.Context, runID string, digest string, verify bool, publicKey string) (*WorkflowRunItemFull, error) { client := pb.NewWorkflowRunServiceClient(action.cfg.CPConnection) - resp, err := client.View(context.Background(), &pb.WorkflowRunServiceViewRequest{ - Ref: &pb.WorkflowRunServiceViewRequest_Id{Id: runID}, - }) + + req := &pb.WorkflowRunServiceViewRequest{} + if digest != "" { + req.Ref = &pb.WorkflowRunServiceViewRequest_Digest{Digest: digest} + } else if runID != "" { + req.Ref = &pb.WorkflowRunServiceViewRequest_Id{Id: runID} + } + + resp, err := client.View(ctx, req) if err != nil { return nil, err } @@ -113,7 +119,7 @@ func (action *WorkflowRunDescribe) Run(runID string, verify bool, publicKey stri } if verify { - if err := verifyEnvelope(context.Background(), envelope, publicKey); err != nil { + if err := verifyEnvelope(ctx, envelope, publicKey); err != nil { action.cfg.Logger.Debug().Err(err).Msg("verifying the envelope") return nil, errors.New("invalid signature, did you provide the right key?") }