feat: Backend for Policy upload and store (#251)

* feat: Backend for Policy upload and store

Integration during the Policy upload and store in SQL and ObjectStorage

fix #235
---------

Signed-off-by: Kairo Araujo <kairo.araujo@testifysec.com>

cmd/archivistactl/cmd/e2e_test.go

@@ -1,4 +1,4 @@
-// Copyright 2023 The Archivista Contributors
+// Copyright 2023-2024 The Archivista Contributors
 //
 // Licensed under the Apache License, Version 2.0 (the "License");
 // you may not use this file except in compliance with the License.
@@ -76,7 +76,7 @@ func (e2e *E2EStoreSuite) Test_E2E() {
 		// define test cases struct
 		type testCases struct {
 			name                string
-			attestation         string // files are stored in test/
+			envelope            string // files are stored in test/
 			sha256              string
 			expectedStore       string
 			gitoidStore         string // this value is added during `activistactl store command`
@@ -89,7 +89,7 @@ func (e2e *E2EStoreSuite) Test_E2E() {
 		testTable := []testCases{
 			{
 				name:                "valid build attestation",
-				attestation:         "../../../test/build.attestation.json",
+				envelope:            "../../../test/build.attestation.json",
 				sha256:              "423da4cff198bbffbe3220ed9510d32ba96698e4b1f654552521d1f541abb6dc",
 				expectedStore:       "stored with gitoid",
 				expectedSearch:      "Collection name: build",
@@ -98,48 +98,53 @@ func (e2e *E2EStoreSuite) Test_E2E() {
 			{
 				name:                "valid package attestation",
 				sha256:              "10cbf0f3d870934921276f669ab707983113f929784d877f1192f43c581f2070",
-				attestation:         "../../../test/package.attestation.json",
+				envelope:            "../../../test/package.attestation.json",
 				expectedStore:       "stored with gitoid",
 				expectedSearch:      "Collection name: package",
 				expectedRetrieveSub: "Name: https://witness.dev/attestations/git/v0.1/commithash:be20100af602c780deeef50c54f5338662ce917c",
 			},
 			{
 				name:           "duplicated package attestation",
 				sha256:         "10cbf0f3d870934921276f669ab707983113f929784d877f1192f43c581f2070",
-				attestation:    "../../../test/package.attestation.json",
+				envelope:       "../../../test/package.attestation.json",
 				expectedStore:  "",
 				expectedSearch: "Collection name: package",
 				expectedError:  "uplicate",
 			},
 			{
 				name:                "fail attestation",
-				attestation:         "../../../test/fail.attestation.json",
+				envelope:            "../../../test/fail.attestation.json",
 				sha256:              "5e8c57df8ae58fe9a29b29f9993e2fc3b25bd75eb2754f353880bad4b9ebfdb3",
 				expectedStore:       "stored with gitoid",
 				expectedSearch:      "",
 				expectedRetrieveSub: "Name: https://witness.dev/attestations/git/v0.1/parenthash:aa35c1f4b1d41c87e139c2d333f09117fd0daf4f",
 			},
 			{
 				name:           "invalid payload attestation",
-				attestation:    "../../../test/invalid_payload.attestation.json",
+				envelope:       "../../../test/invalid_payload.attestation.json",
 				sha256:         "5e8c57df8ae58fe9a29b29f9993e2fc3b25bd75eb2754f353880bad4b9ebfdb3",
 				expectedStore:  "stored with gitoid",
 				expectedSearch: "",
 				expectedError:  "value is less than the required length",
 			},
 			{
 				name:          "nonexistent payload file",
-				attestation:   "../../../test/missing.attestation.json",
+				envelope:      "../../../test/missing.attestation.json",
 				expectedError: "no such file or directory",
 			},
+			{
+				name:          "valid signed policy",
+				envelope:      "../../../test/policy-signed.json",
+				expectedStore: "stored with gitoid",
+			},
 		}
 		for _, test := range testTable {
 			// test `archivistactl store`
 			e2e.T().Log("Test `archivistactl store` " + test.name)
 			storeOutput := bytes.NewBufferString("")
 			rootCmd.SetOut(storeOutput)
 			rootCmd.SetErr(storeOutput)
-			rootCmd.SetArgs([]string{"store", test.attestation})
+			rootCmd.SetArgs([]string{"store", test.envelope})
 			err := rootCmd.Execute()
 			if err != nil {
 				// if return error assert if is expected error from test case
@@ -152,35 +157,37 @@ func (e2e *E2EStoreSuite) Test_E2E() {
 			}
 
 			// test `archivistactl search`
-			e2e.T().Log("Test `archivistactl search`" + test.name)
-			searchOutput := bytes.NewBufferString("")
-			rootCmd.SetOut(searchOutput)
-			rootCmd.SetErr(searchOutput)
-			rootCmd.SetArgs([]string{"search", "sha256:" + test.sha256})
-			err = rootCmd.Execute()
-			if err != nil {
-				e2e.FailNow(err.Error())
-			}
-			searchActual := searchOutput.String()
-			e2e.Contains(searchActual, test.expectedSearch)
-
-			if test.expectedRetrieveSub != "" {
-				// test `archivistactl retrieve subjects`
-				e2e.T().Log("Test `archivistactl retrieve subjects` " + test.name)
-				subjectsOutput := bytes.NewBufferString("")
-				rootCmd.SetOut(subjectsOutput)
-				rootCmd.SetErr(subjectsOutput)
-				rootCmd.SetArgs([]string{"retrieve", "subjects", test.gitoidStore})
+			if test.sha256 == "" {
+				e2e.T().Log("Test `archivistactl search`" + test.name)
+				searchOutput := bytes.NewBufferString("")
+				rootCmd.SetOut(searchOutput)
+				rootCmd.SetErr(searchOutput)
+				rootCmd.SetArgs([]string{"search", "sha256:" + test.sha256})
 				err = rootCmd.Execute()
 				if err != nil {
 					e2e.FailNow(err.Error())
 				}
-				subjectsActual := subjectsOutput.String()
-				e2e.Contains(subjectsActual, test.expectedRetrieveSub)
-				if test.name == "fail attestation" {
-					e2e.NotContains(subjectsActual, "sha256:"+test.sha256)
-				} else {
-					e2e.Contains(subjectsActual, "sha256:"+test.sha256)
+				searchActual := searchOutput.String()
+				e2e.Contains(searchActual, test.expectedSearch)
+
+				if test.expectedRetrieveSub != "" {
+					// test `archivistactl retrieve subjects`
+					e2e.T().Log("Test `archivistactl retrieve subjects` " + test.name)
+					subjectsOutput := bytes.NewBufferString("")
+					rootCmd.SetOut(subjectsOutput)
+					rootCmd.SetErr(subjectsOutput)
+					rootCmd.SetArgs([]string{"retrieve", "subjects", test.gitoidStore})
+					err = rootCmd.Execute()
+					if err != nil {
+						e2e.FailNow(err.Error())
+					}
+					subjectsActual := subjectsOutput.String()
+					e2e.Contains(subjectsActual, test.expectedRetrieveSub)
+					if test.name == "fail attestation" {
+						e2e.NotContains(subjectsActual, "sha256:"+test.sha256)
+					} else {
+						e2e.Contains(subjectsActual, "sha256:"+test.sha256)
+					}
 				}
 			}
 			if test.expectedError == "" {
@@ -195,8 +202,8 @@ func (e2e *E2EStoreSuite) Test_E2E() {
 				if err != nil {
 					e2e.FailNow(err.Error())
 				}
-				// compares file attestation with the retrieved attestation
-				fileAtt, err := os.ReadFile(test.attestation)
+				// compares file envelope with the retrieved envelope
+				fileAtt, err := os.ReadFile(test.envelope)
 				if err != nil {
 					e2e.FailNow(err.Error())
 				}

go.mod

@@ -1,6 +1,6 @@
 module github.com/in-toto/archivista
 
-go 1.22
+go 1.22.0
 
 toolchain go1.22.2
 
@@ -34,58 +34,87 @@ require (
 	ariga.io/atlas v0.21.1 // indirect
 	filippo.io/edwards25519 v1.1.0 // indirect
 	github.com/KyleBanks/depth v1.2.1 // indirect
+	github.com/OneOfOne/xxhash v1.2.8 // indirect
 	github.com/agext/levenshtein v1.2.3 // indirect
 	github.com/agnivade/levenshtein v1.1.1 // indirect
 	github.com/apparentlymart/go-textseg/v15 v15.0.0 // indirect
+	github.com/beorn7/perks v1.0.1 // indirect
+	github.com/cespare/xxhash/v2 v2.3.0 // indirect
 	github.com/davecgh/go-spew v1.1.2-0.20180830191138-d8f796af33cc // indirect
 	github.com/digitorus/pkcs7 v0.0.0-20230818184609-3a137a874352 // indirect
 	github.com/dustin/go-humanize v1.0.1 // indirect
 	github.com/felixge/httpsnoop v1.0.4 // indirect
+	github.com/go-ini/ini v1.67.0 // indirect
 	github.com/go-logr/logr v1.4.1 // indirect
 	github.com/go-logr/stdr v1.2.2 // indirect
 	github.com/go-openapi/inflect v0.21.0 // indirect
-	github.com/go-openapi/jsonpointer v0.19.6 // indirect
-	github.com/go-openapi/jsonreference v0.20.2 // indirect
-	github.com/go-openapi/spec v0.20.6 // indirect
-	github.com/go-openapi/swag v0.22.3 // indirect
+	github.com/go-openapi/jsonpointer v0.21.0 // indirect
+	github.com/go-openapi/jsonreference v0.21.0 // indirect
+	github.com/go-openapi/spec v0.21.0 // indirect
+	github.com/go-openapi/swag v0.23.0 // indirect
 	github.com/go-test/deep v1.1.0 // indirect
+	github.com/gobwas/glob v0.2.3 // indirect
 	github.com/goccy/go-json v0.10.2 // indirect
+	github.com/gogo/protobuf v1.3.2 // indirect
 	github.com/golang/groupcache v0.0.0-20210331224755-41bb18bfe9da // indirect
 	github.com/google/go-cmp v0.6.0 // indirect
+	github.com/google/gofuzz v1.2.0 // indirect
 	github.com/google/uuid v1.6.0 // indirect
-	github.com/gorilla/websocket v1.5.0 // indirect
+	github.com/gorilla/websocket v1.5.1 // indirect
 	github.com/hashicorp/errwrap v1.1.0 // indirect
 	github.com/hashicorp/golang-lru/v2 v2.0.7 // indirect
 	github.com/hashicorp/hcl/v2 v2.20.1 // indirect
 	github.com/inconshreveable/mousetrap v1.1.0 // indirect
 	github.com/josharian/intern v1.0.0 // indirect
-	github.com/klauspost/compress v1.17.6 // indirect
-	github.com/klauspost/cpuid/v2 v2.2.6 // indirect
-	github.com/kr/pretty v0.3.1 // indirect
+	github.com/json-iterator/go v1.1.12 // indirect
+	github.com/klauspost/compress v1.17.8 // indirect
+	github.com/klauspost/cpuid/v2 v2.2.7 // indirect
 	github.com/mailru/easyjson v0.7.7 // indirect
 	github.com/minio/md5-simd v1.1.2 // indirect
 	github.com/mitchellh/go-wordwrap v1.0.1 // indirect
 	github.com/mitchellh/mapstructure v1.5.0 // indirect
+	github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd // indirect
+	github.com/modern-go/reflect2 v1.0.2 // indirect
+	github.com/open-policy-agent/opa v0.64.0 // indirect
 	github.com/pmezard/go-difflib v1.0.1-0.20181226105442-5d4384ee4fb2 // indirect
-	github.com/rogpeppe/go-internal v1.11.0 // indirect
+	github.com/prometheus/client_golang v1.19.0 // indirect
+	github.com/prometheus/client_model v0.6.1 // indirect
+	github.com/prometheus/common v0.53.0 // indirect
+	github.com/prometheus/procfs v0.14.0 // indirect
+	github.com/rcrowley/go-metrics v0.0.0-20201227073835-cf1acfcdf475 // indirect
 	github.com/rs/xid v1.5.0 // indirect
+	github.com/sigstore/fulcio v1.4.5 // indirect
 	github.com/sosodev/duration v1.2.0 // indirect
 	github.com/spf13/pflag v1.0.5 // indirect
 	github.com/stretchr/objx v0.5.2 // indirect
 	github.com/swaggo/files/v2 v2.0.0 // indirect
+	github.com/tchap/go-patricia/v2 v2.3.1 // indirect
 	github.com/vmihailenco/msgpack/v5 v5.4.1 // indirect
 	github.com/vmihailenco/tagparser/v2 v2.0.0 // indirect
+	github.com/xeipuuv/gojsonpointer v0.0.0-20190905194746-02993c407bfb // indirect
+	github.com/xeipuuv/gojsonreference v0.0.0-20180127040603-bd5ef7bd5415 // indirect
+	github.com/yashtewari/glob-intersection v0.2.0 // indirect
 	github.com/zclconf/go-cty v1.14.4 // indirect
 	go.opencensus.io v0.24.0 // indirect
-	go.opentelemetry.io/otel v1.24.0 // indirect
-	go.opentelemetry.io/otel/metric v1.24.0 // indirect
-	go.opentelemetry.io/otel/trace v1.24.0 // indirect
+	go.opentelemetry.io/otel v1.26.0 // indirect
+	go.opentelemetry.io/otel/metric v1.26.0 // indirect
+	go.opentelemetry.io/otel/sdk v1.26.0 // indirect
+	go.opentelemetry.io/otel/trace v1.26.0 // indirect
 	golang.org/x/crypto v0.22.0 // indirect
 	golang.org/x/exp v0.0.0-20240416160154-fe59bbe5cc7f // indirect
 	golang.org/x/mod v0.17.0 // indirect
 	golang.org/x/net v0.24.0 // indirect
 	golang.org/x/sys v0.19.0 // indirect
 	golang.org/x/text v0.14.0 // indirect
 	golang.org/x/tools v0.20.0 // indirect
+	google.golang.org/protobuf v1.33.0 // indirect
+	gopkg.in/inf.v0 v0.9.1 // indirect
 	gopkg.in/ini.v1 v1.67.0 // indirect
+	gopkg.in/yaml.v2 v2.4.0 // indirect
+	k8s.io/apimachinery v0.30.0 // indirect
+	k8s.io/klog/v2 v2.120.1 // indirect
+	k8s.io/utils v0.0.0-20240423183400-0849a56e8f22 // indirect
+	sigs.k8s.io/json v0.0.0-20221116044647-bc3834ca7abd // indirect
+	sigs.k8s.io/structured-merge-diff/v4 v4.4.1 // indirect
+	sigs.k8s.io/yaml v1.4.0 // indirect
 )