Ent - IngestSLSAs implementation with tests (#1248)

Signed-off-by: mrizzi <mrizzi@redhat.com>

pkg/assembler/backends/ent/backend/slsa.go

@@ -28,6 +28,7 @@ import (
 	"github.com/guacsec/guac/pkg/assembler/backends/ent/predicate"
 	"github.com/guacsec/guac/pkg/assembler/backends/ent/slsaattestation"
 	"github.com/guacsec/guac/pkg/assembler/graphql/model"
+	"github.com/vektah/gqlparser/v2/gqlerror"
 )
 
 func (b *EntBackend) HasSlsa(ctx context.Context, spec *model.HasSLSASpec) ([]*model.HasSlsa, error) {
@@ -78,6 +79,18 @@ func (b *EntBackend) IngestSLSA(ctx context.Context, subject model.ArtifactInput
 	return toModelHasSLSA(att), nil
 }
 
+func (b *EntBackend) IngestSLSAs(ctx context.Context, subjects []*model.ArtifactInputSpec, builtFromList [][]*model.ArtifactInputSpec, builtByList []*model.BuilderInputSpec, slsaList []*model.SLSAInputSpec) ([]*model.HasSlsa, error) {
+	var modelHasSlsas []*model.HasSlsa
+	for i, slsa := range slsaList {
+		modelHasSlsa, err := b.IngestSLSA(ctx, *subjects[i], builtFromList[i], *builtByList[i], *slsa)
+		if err != nil {
+			return nil, gqlerror.Errorf("IngestSLSAs failed with err: %v", err)
+		}
+		modelHasSlsas = append(modelHasSlsas, modelHasSlsa)
+	}
+	return modelHasSlsas, nil
+}
+
 func upsertSLSA(ctx context.Context, client *ent.Tx, subject model.ArtifactInputSpec, builtFrom []*model.ArtifactInputSpec, builtBy model.BuilderInputSpec, slsa model.SLSAInputSpec) (*ent.SLSAAttestation, error) {
 	builder, err := client.Builder.Query().Where(builderInputQueryPredicate(builtBy)).Only(ctx)
 	if err != nil {
@@ -139,15 +152,19 @@ func upsertSLSA(ctx context.Context, client *ent.Tx, subject model.ArtifactInput
 }
 
 func toSLSAInputPredicate(rows []*model.SLSAPredicateInputSpec) []*model.SLSAPredicate {
-	preds := make([]*model.SLSAPredicate, len(rows))
-	for i, row := range rows {
-		preds[i] = &model.SLSAPredicate{
-			Key:   row.Key,
-			Value: row.Value,
+	if len(rows) > 0 {
+		preds := make([]*model.SLSAPredicate, len(rows))
+		for i, row := range rows {
+			preds[i] = &model.SLSAPredicate{
+				Key:   row.Key,
+				Value: row.Value,
+			}
 		}
-	}
 
-	return preds
+		return preds
+	} else {
+		return nil
+	}
 }
 
 func toModelHasSLSA(att *ent.SLSAAttestation) *model.HasSlsa {

pkg/assembler/backends/ent/backend/slsa_test.go

@@ -555,3 +555,226 @@ func (s *Suite) TestHasSLSA() {
 		})
 	}
 }
+
+func (s *Suite) TestIngestHasSLSAs() {
+	type call struct {
+		Sub  []*model.ArtifactInputSpec
+		BF   [][]*model.ArtifactInputSpec
+		BB   []*model.BuilderInputSpec
+		SLSA []*model.SLSAInputSpec
+	}
+	tests := []struct {
+		Name         string
+		InArt        []*model.ArtifactInputSpec
+		InBld        []*model.BuilderInputSpec
+		Calls        []call
+		Query        *model.HasSLSASpec
+		ExpHS        []*model.HasSlsa
+		ExpIngestErr bool
+		ExpQueryErr  bool
+	}{
+		{
+			Name:  "HappyPath",
+			InArt: []*model.ArtifactInputSpec{a1, a2},
+			InBld: []*model.BuilderInputSpec{b1},
+			Calls: []call{
+				{
+					Sub: []*model.ArtifactInputSpec{a1},
+					BF:  [][]*model.ArtifactInputSpec{[]*model.ArtifactInputSpec{a2}},
+					BB:  []*model.BuilderInputSpec{b1},
+					SLSA: []*model.SLSAInputSpec{
+						{
+							BuildType: "test type",
+						},
+					},
+				},
+			},
+			Query: &model.HasSLSASpec{
+				BuildType: ptrfrom.String("test type"),
+			},
+			ExpHS: []*model.HasSlsa{
+				{
+					Subject: a1out,
+					Slsa: &model.Slsa{
+						BuiltBy:   b1out,
+						BuiltFrom: []*model.Artifact{a2out},
+						BuildType: "test type",
+					},
+				},
+			},
+		},
+		{
+			Name:  "Ingest twice",
+			InArt: []*model.ArtifactInputSpec{a1, a2},
+			InBld: []*model.BuilderInputSpec{b1},
+			Calls: []call{
+				{
+					Sub: []*model.ArtifactInputSpec{a1, a1},
+					BF:  [][]*model.ArtifactInputSpec{[]*model.ArtifactInputSpec{a2}, []*model.ArtifactInputSpec{a2}},
+					BB:  []*model.BuilderInputSpec{b1, b1},
+					SLSA: []*model.SLSAInputSpec{
+						{
+							BuildType: "test type",
+						},
+						{
+							BuildType: "test type",
+						},
+					},
+				},
+			},
+			Query: &model.HasSLSASpec{
+				BuildType: ptrfrom.String("test type"),
+			},
+			ExpHS: []*model.HasSlsa{
+				{
+					Subject: a1out,
+					Slsa: &model.Slsa{
+						BuiltBy:   b1out,
+						BuiltFrom: []*model.Artifact{a2out},
+						BuildType: "test type",
+					},
+				},
+			},
+		},
+		{
+			Name:  "Query on Build Type",
+			InArt: []*model.ArtifactInputSpec{a1, a2},
+			InBld: []*model.BuilderInputSpec{b1},
+			Calls: []call{
+				{
+					Sub: []*model.ArtifactInputSpec{a1, a1},
+					BF:  [][]*model.ArtifactInputSpec{[]*model.ArtifactInputSpec{a2}, []*model.ArtifactInputSpec{a2}},
+					BB:  []*model.BuilderInputSpec{b1, b1},
+					SLSA: []*model.SLSAInputSpec{
+						{
+							BuildType: "test type one",
+						},
+						{
+							BuildType: "test type two",
+						},
+					},
+				},
+			},
+			Query: &model.HasSLSASpec{
+				BuildType: ptrfrom.String("test type one"),
+			},
+			ExpHS: []*model.HasSlsa{
+				{
+					Subject: a1out,
+					Slsa: &model.Slsa{
+						BuiltBy:   b1out,
+						BuiltFrom: []*model.Artifact{a2out},
+						BuildType: "test type one",
+					},
+				},
+			},
+		},
+		{
+			Name:  "Query on Subject",
+			InArt: []*model.ArtifactInputSpec{a1, a2, a3},
+			InBld: []*model.BuilderInputSpec{b1},
+			Calls: []call{
+				{
+					Sub: []*model.ArtifactInputSpec{a1, a3},
+					BF:  [][]*model.ArtifactInputSpec{[]*model.ArtifactInputSpec{a2}, []*model.ArtifactInputSpec{a2}},
+					BB:  []*model.BuilderInputSpec{b1, b1},
+					SLSA: []*model.SLSAInputSpec{
+						{},
+						{},
+					},
+				},
+			},
+			Query: &model.HasSLSASpec{
+				Subject: &model.ArtifactSpec{
+					Algorithm: ptrfrom.String("sha256"),
+				},
+			},
+			ExpHS: []*model.HasSlsa{
+				{
+					Subject: a1out,
+					Slsa: &model.Slsa{
+						BuiltBy:   b1out,
+						BuiltFrom: []*model.Artifact{a2out},
+					},
+				},
+			},
+		},
+		{
+			Name:  "Query on Materials",
+			InArt: []*model.ArtifactInputSpec{a1, a2, a3, a4},
+			InBld: []*model.BuilderInputSpec{b1},
+			Calls: []call{
+				{
+					Sub: []*model.ArtifactInputSpec{a1, a1, a1},
+					BF:  [][]*model.ArtifactInputSpec{[]*model.ArtifactInputSpec{a2}, []*model.ArtifactInputSpec{a2, a3}, []*model.ArtifactInputSpec{a4}},
+					BB:  []*model.BuilderInputSpec{b1, b1, b1},
+					SLSA: []*model.SLSAInputSpec{
+						{},
+						{},
+						{},
+					},
+				},
+			},
+			Query: &model.HasSLSASpec{
+				BuiltFrom: []*model.ArtifactSpec{{
+					Digest: ptrfrom.String("7A8F47318E4676DACB0142AFA0B83029CD7BEFD9"),
+				}},
+			},
+			ExpHS: []*model.HasSlsa{
+				{
+					Subject: a1out,
+					Slsa: &model.Slsa{
+						BuiltBy:   b1out,
+						BuiltFrom: []*model.Artifact{a2out},
+					},
+				},
+				{
+					Subject: a1out,
+					Slsa: &model.Slsa{
+						BuiltBy:   b1out,
+						BuiltFrom: []*model.Artifact{a2out, a3out},
+					},
+				},
+			},
+		},
+	}
+	ctx := s.Ctx
+	for _, test := range tests {
+		s.Run(test.Name, func() {
+			t := s.T()
+			b, err := GetBackend(s.Client)
+			if err != nil {
+				t.Fatalf("Could not instantiate testing backend: %v", err)
+			}
+			for _, a := range test.InArt {
+				if _, err := b.IngestArtifact(ctx, a); err != nil {
+					t.Fatalf("Could not ingest artifact: %v", err)
+				}
+			}
+			for _, bld := range test.InBld {
+				if _, err := b.IngestBuilder(ctx, bld); err != nil {
+					t.Fatalf("Could not ingest builder: %v", err)
+				}
+			}
+			for _, o := range test.Calls {
+				_, err := b.IngestSLSAs(ctx, o.Sub, o.BF, o.BB, o.SLSA)
+				if (err != nil) != test.ExpIngestErr {
+					t.Fatalf("did not get expected ingest error, want: %v, got: %v", test.ExpIngestErr, err)
+				}
+				if err != nil {
+					return
+				}
+			}
+			got, err := b.HasSlsa(ctx, test.Query)
+			if (err != nil) != test.ExpQueryErr {
+				t.Fatalf("did not get expected query error, want: %v, got: %v", test.ExpQueryErr, err)
+			}
+			if err != nil {
+				return
+			}
+			if diff := cmp.Diff(test.ExpHS, got, ignoreID); diff != "" {
+				t.Errorf("Unexpected results. (-want +got):\n%s", diff)
+			}
+		})
+	}
+}