Skip to content
Merged
Show file tree
Hide file tree
Changes from 9 commits
Commits
File filter

Filter by extension

Filter by extension


Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
51 changes: 37 additions & 14 deletions cmd/cli/app/artifact/artifact_get.go
Original file line number Diff line number Diff line change
Expand Up @@ -14,10 +14,10 @@ import (

"github.com/spf13/cobra"
"github.com/spf13/viper"
"google.golang.org/grpc"
"google.golang.org/protobuf/reflect/protoreflect"

"github.com/mindersec/minder/cmd/cli/app"
"github.com/mindersec/minder/cmd/cli/app/profile"
"github.com/mindersec/minder/internal/util"
"github.com/mindersec/minder/internal/util/cli"
"github.com/mindersec/minder/internal/util/cli/table"
Expand All @@ -30,12 +30,28 @@ var getCmd = &cobra.Command{
Use: "get",
Short: "Get artifact details",
Long: `The artifact get subcommand will get artifact details from an artifact, for a given ID.`,
RunE: cli.GRPCClientWrapRunE(getCommand),
RunE: getCommand,
}

// getCommand is the artifact get subcommand
func getCommand(ctx context.Context, cmd *cobra.Command, _ []string, conn *grpc.ClientConn) error {
client := minderv1.NewArtifactServiceClient(conn)
func getCommand(cmd *cobra.Command, _ []string) error {
if err := viper.BindPFlags(cmd.Flags()); err != nil {
return fmt.Errorf("error binding flags: %w", err)
}

client, cleanup, err := cli.GetCLIClient(cmd, minderv1.NewArtifactServiceClient)
if err != nil {
return err
}
defer cleanup()

profileClient, profileCleanup, err := cli.GetCLIClient(cmd, minderv1.NewProfileServiceClient)
if err != nil {
return err
}
defer profileCleanup()

ctx := cmd.Context()

provider := viper.GetString("provider")
project := viper.GetString("project")
Expand All @@ -61,7 +77,7 @@ func getCommand(ctx context.Context, cmd *cobra.Command, _ []string, conn *grpc.
return cli.MessageAndError("Error printing artifact", err)
}

evalStatus, err := artifactEvalStatus(ctx, conn, art, provider, project)
evalStatus, err := artifactEvalStatus(ctx, profileClient, art, provider, project)
if err != nil {
return cli.MessageAndError("Error getting artifact evaluation status", err)
}
Expand Down Expand Up @@ -113,12 +129,12 @@ func artifactGet(
}

func artifactEvalStatus(
ctx context.Context, conn *grpc.ClientConn,
ctx context.Context,
client minderv1.ProfileServiceClient,
artifact *minderv1.Artifact,
provider, project string,
) ([]*minderv1.RuleEvaluationStatus, error) {
profClient := minderv1.NewProfileServiceClient(conn)
profiles, err := profClient.ListProfiles(ctx, &minderv1.ListProfilesRequest{
profiles, err := client.ListProfiles(ctx, &minderv1.ListProfilesRequest{
Context: &minderv1.Context{
Provider: &provider,
Project: &project,
Expand All @@ -130,20 +146,20 @@ func artifactEvalStatus(

var respList []*minderv1.RuleEvaluationStatus

for _, profile := range profiles.Profiles {
for _, prof := range profiles.Profiles {
req := &minderv1.GetProfileStatusByNameRequest{
Context: &minderv1.Context{
Provider: &provider,
Project: &project,
},
Name: profile.GetName(),
Name: prof.GetName(),
Entity: &minderv1.EntityTypedId{
Id: artifact.ArtifactPk,
Type: minderv1.Entity_ENTITY_ARTIFACTS,
},
}

resp, err := profClient.GetProfileStatusByName(ctx, req)
resp, err := client.GetProfileStatusByName(ctx, req)
if err != nil {
return nil, cli.MessageAndError("Error getting profile status", err)
}
Expand Down Expand Up @@ -190,16 +206,23 @@ func printArtifact(
func printEvalStatus(
cmd *cobra.Command, evalStatus []*minderv1.RuleEvaluationStatus, format string,
) error {
if len(evalStatus) == 0 {
return nil
}

switch format {
case app.Table:
ta := table.New(table.Simple, layouts.Default, cmd.OutOrStdout(),
[]string{"Profile", "Rule", "Status", "Message"})
[]string{"Profile", "Rule", "Result", "Details"})
for _, status := range evalStatus {
ruleName := profile.RuleDisplayName(status)
reasoning := profile.FormatEvaluationReasoning(status)

ta.AddRow(
status.ProfileId,
status.RuleTypeName,
ruleName,
status.Status,
status.Details,
reasoning,
)
}
ta.Render()
Expand Down
111 changes: 111 additions & 0 deletions cmd/cli/app/artifact/artifact_get_test.go
Original file line number Diff line number Diff line change
@@ -0,0 +1,111 @@
// SPDX-FileCopyrightText: Copyright 2026 The Minder Authors
// SPDX-License-Identifier: Apache-2.0

package artifact

// JSON output is not tested because protojson formatting is not stable across environments.
// This can cause flaky tests due to spacing differences.
// See maintainer discussion in PR #6417.

import (
"context"
"testing"

"go.uber.org/mock/gomock"
"google.golang.org/grpc/codes"
"google.golang.org/grpc/status"

"github.com/mindersec/minder/internal/util/cli"
minderv1 "github.com/mindersec/minder/pkg/api/protobuf/go/minder/v1"
mockv1 "github.com/mindersec/minder/pkg/api/protobuf/go/minder/v1/mock"
)

//nolint:paralleltest // Cannot run in parallel because it swaps global Viper/Stdout state
func TestArtifactGetCommand(t *testing.T) {
setupSuccess := func(t *testing.T, ctrl *gomock.Controller) context.Context {
t.Helper()

artifactClient := mockv1.NewMockArtifactServiceClient(ctrl)
profileClient := mockv1.NewMockProfileServiceClient(ctrl)

artifactResp := &minderv1.GetArtifactByIdResponse{}
cli.LoadFixture(t, "mock_artifact_get.json", artifactResp)

artifactClient.EXPECT().
GetArtifactById(gomock.Any(), gomock.Any()).
Return(artifactResp, nil).
Times(1)

listProfilesResp := &minderv1.ListProfilesResponse{
Profiles: []*minderv1.Profile{
{Name: "artifact-security-baseline"},
},
}
profileClient.EXPECT().
ListProfiles(gomock.Any(), gomock.Any()).
Return(listProfilesResp, nil).
Times(1)

statusResp := &minderv1.GetProfileStatusByNameResponse{
RuleEvaluationStatus: []*minderv1.RuleEvaluationStatus{
{
ProfileId: "artifact-security-baseline",
RuleDescriptionName: "Require artifact attestation",
RuleTypeName: "artifact_attestation_slsa",
Status: "failure",
Details: "artifact attestation is disabled for this image",
Guidance: "enable artifact attestations before release",
RemediationUrl: "https://example.com/remediate/artifact-111",
EntityInfo: map[string]string{
"name": "owner-1/artifact-1",
},
Entity: "artifact",
},
},
}
profileClient.EXPECT().
GetProfileStatusByName(gomock.Any(), gomock.Any()).
Return(statusResp, nil).
Times(1)

ctx := cli.WithRPCClient[minderv1.ArtifactServiceClient](context.Background(), artifactClient)
ctx = cli.WithRPCClient[minderv1.ProfileServiceClient](ctx, profileClient)
return ctx
}

tests := []cli.CmdTestCase{
{
Name: "get artifact - table output",
Args: []string{"artifact", "get", "-i", "111", "-o", "table"},
MockSetup: setupSuccess,
GoldenFileName: "artifact_get.table",
},
{
Name: "get artifact - yaml output",
Args: []string{"artifact", "get", "-i", "111", "-o", "yaml"},
MockSetup: setupSuccess,
GoldenFileName: "artifact_get.yaml",
},
{
Name: "server error handling",
Args: []string{"artifact", "get", "-i", "111"},
MockSetup: func(t *testing.T, ctrl *gomock.Controller) context.Context {
t.Helper()
artifactClient := mockv1.NewMockArtifactServiceClient(ctrl)
profileClient := mockv1.NewMockProfileServiceClient(ctrl)

artifactClient.EXPECT().
GetArtifactById(gomock.Any(), gomock.Any()).
Return(nil, status.Error(codes.NotFound, "artifact not found")).
Times(1)

ctx := cli.WithRPCClient[minderv1.ArtifactServiceClient](context.Background(), artifactClient)
ctx = cli.WithRPCClient[minderv1.ProfileServiceClient](ctx, profileClient)
return ctx
},
ExpectedError: "artifact not found",
},
}

cli.RunCmdTests(t, tests, ArtifactCmd)
}
11 changes: 11 additions & 0 deletions cmd/cli/app/artifact/fixture/mock_artifact_get.json
Comment thread
sachin9058 marked this conversation as resolved.
Original file line number Diff line number Diff line change
@@ -0,0 +1,11 @@
{
"artifact": {
"artifactPk": "111",
"name": "artifact-1",
"type": "image",
"owner": "owner-1",
"repository": "org/repo",
"visibility": "public",
"createdAt": "2024-01-02T15:04:05Z"
}
}
7 changes: 7 additions & 0 deletions cmd/cli/app/artifact/testdata/artifact_get.table.golden
Original file line number Diff line number Diff line change
@@ -0,0 +1,7 @@
ID │ TYPE │ OWNER │ NAME │ REPOSITORY │ VISIBILITY │ CREATION DATE
───────┼────────┼──────────┼──────────────┼──────────────┼──────────────┼───────────────────────────
111 │ image │ owner-1 │ artifact-1 │ org/repo │ public │ 2024-01-02T15:04:05Z
PROFILE │ RULE │ RESULT │ DETAILS
────────────────────────────┼──────────────────────────────┼─────────┼──────────────────────────────
artifact-security-baseline │ Require artifact attestation │ failure │ - artifact attestation is
│ │ │ disabled for this image
20 changes: 20 additions & 0 deletions cmd/cli/app/artifact/testdata/artifact_get.yaml.golden
Original file line number Diff line number Diff line change
@@ -0,0 +1,20 @@
artifact:
artifactPk: "111"
createdAt: "2024-01-02T15:04:05Z"
name: artifact-1
owner: owner-1
repository: org/repo
type: image
visibility: public

- details: artifact attestation is disabled for this image
entity: artifact
entityInfo:
name: owner-1/artifact-1
guidance: enable artifact attestations before release
profileId: artifact-security-baseline
remediationUrl: https://example.com/remediate/artifact-111
ruleDescriptionName: Require artifact attestation
ruleTypeName: artifact_attestation_slsa
status: failure
Comment thread
sachin9058 marked this conversation as resolved.
Outdated

76 changes: 38 additions & 38 deletions cmd/cli/app/profile/status/testdata/status_get.json.golden
Comment thread
sachin9058 marked this conversation as resolved.
Outdated
Original file line number Diff line number Diff line change
@@ -1,48 +1,48 @@
{
"profileStatus": {
"profileId": "11111111-1111-1111-1111-111111111111",
"profileName": "mock-profile",
"profileStatus": "success",
"lastUpdated": "2024-01-01T00:00:00Z"
"profileStatus": {
"profileId": "11111111-1111-1111-1111-111111111111",
"profileName": "mock-profile",
"profileStatus": "success",
"lastUpdated": "2024-01-01T00:00:00Z"
},
"ruleEvaluationStatus": [
"ruleEvaluationStatus": [
{
"profileId": "11111111-1111-1111-1111-111111111111",
"ruleId": "mock-rule-123",
"ruleName": "secret_scanning",
"entity": "repository",
"status": "success",
"lastUpdated": "2024-01-01T00:00:00Z",
"entityInfo": {
"entity_type": "repository",
"name": "acme-corp/mock-repo",
"provider": "github-app-mock-provider",
"repo_name": "mock-repo",
"repo_owner": "acme-corp",
"repository_id": "22222222-2222-2222-2222-222222222222"
"profileId": "11111111-1111-1111-1111-111111111111",
"ruleId": "mock-rule-123",
"ruleName": "secret_scanning",
"entity": "repository",
"status": "success",
"lastUpdated": "2024-01-01T00:00:00Z",
"entityInfo": {
"entity_type": "repository",
"name": "acme-corp/mock-repo",
"provider": "github-app-mock-provider",
"repo_name": "mock-repo",
"repo_owner": "acme-corp",
"repository_id": "22222222-2222-2222-2222-222222222222"
},
"details": "Mock rule evaluation succeeded.",
"ruleTypeName": "secret_scanning",
"ruleDisplayName": "Enable secret scanning to detect hardcoded secrets"
"details": "Mock rule evaluation succeeded.",
"ruleTypeName": "secret_scanning",
"ruleDisplayName": "Enable secret scanning to detect hardcoded secrets"
},
{
"profileId": "11111111-1111-1111-1111-111111111111",
"ruleId": "mock-rule-456",
"ruleName": "codeql_enabled",
"entity": "repository",
"status": "failure",
"lastUpdated": "2024-01-01T00:00:00Z",
"entityInfo": {
"entity_type": "repository",
"name": "acme-corp/mock-repo",
"provider": "github-app-mock-provider",
"repo_name": "mock-repo",
"repo_owner": "acme-corp",
"repository_id": "22222222-2222-2222-2222-222222222222"
"profileId": "11111111-1111-1111-1111-111111111111",
"ruleId": "mock-rule-456",
"ruleName": "codeql_enabled",
"entity": "repository",
"status": "failure",
"lastUpdated": "2024-01-01T00:00:00Z",
"entityInfo": {
"entity_type": "repository",
"name": "acme-corp/mock-repo",
"provider": "github-app-mock-provider",
"repo_name": "mock-repo",
"repo_owner": "acme-corp",
"repository_id": "22222222-2222-2222-2222-222222222222"
},
"details": "Mock rule evaluation failed.",
"ruleTypeName": "codeql_enabled",
"ruleDisplayName": "Enable CodeQL for vulnerability scanning"
"details": "Mock rule evaluation failed.",
"ruleTypeName": "codeql_enabled",
"ruleDisplayName": "Enable CodeQL for vulnerability scanning"
}
]
}
Loading
Loading