Merge pull request #2314 from cuipinghuo/ec-1061

dropping the data output target

Author: simonbaird

cmd/validate/common_test.go

@@ -41,10 +41,10 @@ type mockEvaluator struct {
 	mock.Mock
 }
 
-func (e *mockEvaluator) Evaluate(ctx context.Context, target evaluator.EvaluationTarget) ([]evaluator.Outcome, evaluator.Data, error) {
+func (e *mockEvaluator) Evaluate(ctx context.Context, target evaluator.EvaluationTarget) ([]evaluator.Outcome, error) {
 	args := e.Called(ctx, target.Inputs)
 
-	return args.Get(0).([]evaluator.Outcome), args.Get(1).(evaluator.Data), args.Error(2)
+	return args.Get(0).([]evaluator.Outcome), args.Error(1)
 }
 
 func (e *mockEvaluator) Destroy() {

cmd/validate/image.go

@@ -170,9 +170,6 @@ func validateImageCmd(validate imageValidationFunc) *cobra.Command {
 
 			  ec validate image --image registry/name:tag --output yaml --output appstudio=<path>
 
-			Write the data used in the policy evaluation to a file in YAML format
-
-			  ec validate image --image registry/name:tag --output data=<path>
 
 			Validate a single image with keyless workflow.
 
@@ -302,7 +299,6 @@ func validateImageCmd(validate imageValidationFunc) *cobra.Command {
 			type result struct {
 				err         error
 				component   applicationsnapshot.Component
-				data        []evaluator.Data
 				policyInput []byte
 			}
 
@@ -382,7 +378,6 @@ func validateImageCmd(validate imageValidationFunc) *cobra.Command {
 							res.component.Attestations = append(res.component.Attestations, attResult)
 						}
 						res.component.ContainerImage = out.ImageURL
-						res.data = out.Data
 						res.policyInput = out.PolicyInput
 					}
 					res.component.Success = err == nil && len(res.component.Violations) == 0
@@ -415,7 +410,6 @@ func validateImageCmd(validate imageValidationFunc) *cobra.Command {
 			close(jobs)
 
 			var components []applicationsnapshot.Component
-			var evaluatorData [][]evaluator.Data
 			var manyPolicyInput [][]byte
 			var allErrors error = nil
 			for i := 0; i < numComponents; i++ {
@@ -425,10 +419,6 @@ func validateImageCmd(validate imageValidationFunc) *cobra.Command {
 					allErrors = errors.Join(allErrors, e)
 				} else {
 					components = append(components, r.component)
-					// evaluator data is duplicated per component, so only collect it once.
-					if len(evaluatorData) == 0 && containsOutput(data.output, "data") {
-						evaluatorData = append(evaluatorData, r.data)
-					}
 					manyPolicyInput = append(manyPolicyInput, r.policyInput)
 				}
 			}
@@ -446,7 +436,7 @@ func validateImageCmd(validate imageValidationFunc) *cobra.Command {
 				data.output = append(data.output, fmt.Sprintf("%s=%s", applicationsnapshot.JSON, data.outputFile))
 			}
 
-			report, err := applicationsnapshot.NewReport(data.snapshot, components, data.policy, evaluatorData, manyPolicyInput, showSuccesses)
+			report, err := applicationsnapshot.NewReport(data.snapshot, components, data.policy, manyPolicyInput, showSuccesses)
 			if err != nil {
 				return err
 			}

cmd/validate/image_integration_test.go

@@ -61,7 +61,7 @@ func TestEvaluatorLifecycle(t *testing.T) {
 
 	for i := 0; i < noEvaluators; i++ {
 		e := mockEvaluator{}
-		call := e.On("Evaluate", ctx, mock.Anything).Return([]evaluator.Outcome{}, evaluator.Data{}, nil)
+		call := e.On("Evaluate", ctx, mock.Anything).Return([]evaluator.Outcome{}, nil)
 
 		evaluators = append(evaluators, &e)
 		expectations = append(expectations, call)
@@ -84,7 +84,7 @@ func TestEvaluatorLifecycle(t *testing.T) {
 
 	validate := func(_ context.Context, component app.SnapshotComponent, _ *app.SnapshotSpec, _ policy.Policy, evaluators []evaluator.Evaluator, _ bool) (*output.Output, error) {
 		for _, e := range evaluators {
-			_, _, err := e.Evaluate(ctx, evaluator.EvaluationTarget{Inputs: []string{}})
+			_, err := e.Evaluate(ctx, evaluator.EvaluationTarget{Inputs: []string{}})
 			require.NoError(t, err)
 		}
 

cmd/validate/input.go

@@ -29,7 +29,6 @@ import (
 	"github.com/spf13/cobra"
 
 	"github.com/enterprise-contract/ec-cli/internal/applicationsnapshot"
-	"github.com/enterprise-contract/ec-cli/internal/evaluator"
 	"github.com/enterprise-contract/ec-cli/internal/format"
 	"github.com/enterprise-contract/ec-cli/internal/input"
 	"github.com/enterprise-contract/ec-cli/internal/output"
@@ -114,7 +113,6 @@ func validateInputCmd(validate InputValidationFunc) *cobra.Command {
 			type result struct {
 				err         error
 				input       input.Input
-				data        []evaluator.Data
 				policyInput []byte
 			}
 
@@ -155,9 +153,6 @@ func validateInputCmd(validate InputValidationFunc) *cobra.Command {
 						if showSuccesses {
 							res.input.Successes = successes
 						}
-						if containsOutput(data.output, "data") {
-							res.data = out.Data
-						}
 						res.input.Success = (len(res.input.Violations) == 0)
 						res.policyInput = out.PolicyInput
 					}
@@ -182,7 +177,6 @@ func validateInputCmd(validate InputValidationFunc) *cobra.Command {
 			close(jobs)
 
 			var inputs []input.Input
-			var evaluatorData [][]evaluator.Data
 			var manyPolicyInput [][]byte
 			var allErrors error = nil
 
@@ -194,10 +188,6 @@ func validateInputCmd(validate InputValidationFunc) *cobra.Command {
 					allErrors = errors.Join(allErrors, e)
 				} else {
 					inputs = append(inputs, r.input)
-					// evaluator data is duplicated per input, so only collect it once.
-					if len(evaluatorData) == 0 && containsOutput(data.output, "data") {
-						evaluatorData = append(evaluatorData, r.data)
-					}
 					manyPolicyInput = append(manyPolicyInput, r.policyInput)
 				}
 			}
@@ -212,7 +202,7 @@ func validateInputCmd(validate InputValidationFunc) *cobra.Command {
 				return inputs[i].FilePath > inputs[j].FilePath
 			})
 
-			report, err := input.NewReport(inputs, data.policy, evaluatorData, manyPolicyInput)
+			report, err := input.NewReport(inputs, data.policy, manyPolicyInput)
 			if err != nil {
 				return err
 			}

docs/modules/ROOT/pages/ec_validate_image.adoc

@@ -93,9 +93,6 @@ Write output in YAML format to stdout and in appstudio format to a file
 
   ec validate image --image registry/name:tag --output yaml --output appstudio=<path>
 
-Write the data used in the policy evaluation to a file in YAML format
-
-  ec validate image --image registry/name:tag --output data=<path>
 
 Validate a single image with keyless workflow.
 
@@ -137,7 +134,7 @@ rule. (Default: false)
 --no-color:: Disable color when using text output even when the current terminal supports it (Default: false)
 --output:: write output to a file in a specific format. Use empty string path for stdout.
 May be used multiple times. Possible formats are:
-json, yaml, text, appstudio, summary, summary-markdown, junit, data, attestation, policy-input, vsa. In following format and file path
+json, yaml, text, appstudio, summary, summary-markdown, junit, attestation, policy-input, vsa. In following format and file path
 additional options can be provided in key=value form following the question
 mark (?) sign, for example: --output text=output.txt?show-successes=false
  (Default: [])

docs/modules/ROOT/pages/ec_validate_input.adoc

@@ -49,7 +49,7 @@ violations, include the title and the description of the failed policy
 rule. (Default: false)
 -o, --output:: Write output to a file in a specific format, e.g. yaml=/tmp/output.yaml. Use empty string
 path for stdout, e.g. yaml. May be used multiple times. Possible formats are:
-json, yaml, text, appstudio, summary, summary-markdown, junit, data, attestation, policy-input, vsa. In following format and file path
+json, yaml, text, appstudio, summary, summary-markdown, junit, attestation, policy-input, vsa. In following format and file path
 additional options can be provided in key=value form following the question
 mark (?) sign, for example: --output text=output.txt?show-successes=false
  (Default: [])

features/validate_image.feature

@@ -700,10 +700,9 @@ Feature: evaluate enterprise contract
       ]
     }
     """
-    When ec command is run with "validate image --image ${REGISTRY}/acceptance/image --policy acceptance/ec-policy --rekor-url ${REKOR} --public-key ${known_PUBLIC_KEY} --output=json --output data=${TMPDIR}/custom-rule-data.yaml --effective-time 2014-05-31 --show-successes"
+    When ec command is run with "validate image --image ${REGISTRY}/acceptance/image --policy acceptance/ec-policy --rekor-url ${REKOR} --public-key ${known_PUBLIC_KEY} --output=json --effective-time 2014-05-31 --show-successes"
     Then the exit status should be 0
     And the output should match the snapshot
-    And the "${TMPDIR}/custom-rule-data.yaml" file should match the snapshot
 
   Scenario: mismatched image digest in signature
     Given a key pair named "known"

internal/applicationsnapshot/report.go

@@ -103,7 +103,6 @@ const (
 	Summary         = "summary"
 	SummaryMarkdown = "summary-markdown"
 	JUnit           = "junit"
-	Data            = "data"
 	Attestation     = "attestation"
 	PolicyInput     = "policy-input"
 	VSA             = "vsa"
@@ -119,15 +118,14 @@ var OutputFormats = []string{
 	Summary,
 	SummaryMarkdown,
 	JUnit,
-	Data,
 	Attestation,
 	PolicyInput,
 	VSA,
 }
 
 // WriteReport returns a new instance of Report representing the state of
 // components from the snapshot.
-func NewReport(snapshot string, components []Component, policy policy.Policy, data any, policyInput [][]byte, showSuccesses bool) (Report, error) {
+func NewReport(snapshot string, components []Component, policy policy.Policy, policyInput [][]byte, showSuccesses bool) (Report, error) {
 	success := true
 
 	// Set the report success, remains true if all components are successful
@@ -155,7 +153,6 @@ func NewReport(snapshot string, components []Component, policy policy.Policy, da
 		Key:           string(key),
 		Policy:        policy.Spec(),
 		EcVersion:     info.Version,
-		Data:          data,
 		PolicyInput:   policyInput,
 		EffectiveTime: policy.EffectiveTime().UTC(),
 		ShowSuccesses: showSuccesses,
@@ -209,8 +206,6 @@ func (r *Report) toFormat(format string) (data []byte, err error) {
 		data, err = generateMarkdownSummary(r)
 	case JUnit:
 		data, err = xml.Marshal(r.toJUnit())
-	case Data:
-		data, err = yaml.Marshal(r.Data)
 	case Attestation:
 		data, err = r.renderAttestations()
 	case PolicyInput:

internal/applicationsnapshot/report_test.go

@@ -51,7 +51,7 @@ func Test_ReportJson(t *testing.T) {
 
 	ctx := context.Background()
 	testPolicy := createTestPolicy(t, ctx)
-	report, err := NewReport("snappy", components, testPolicy, "data here", nil, true)
+	report, err := NewReport("snappy", components, testPolicy, nil, true)
 	assert.NoError(t, err)
 
 	testEffectiveTime := testPolicy.EffectiveTime().UTC().Format(time.RFC3339Nano)
@@ -109,7 +109,7 @@ func Test_ReportYaml(t *testing.T) {
 
 	ctx := context.Background()
 	testPolicy := createTestPolicy(t, ctx)
-	report, err := NewReport("snappy", components, testPolicy, "data here", nil, true)
+	report, err := NewReport("snappy", components, testPolicy, nil, true)
 	assert.NoError(t, err)
 
 	testEffectiveTime := testPolicy.EffectiveTime().UTC().Format(time.RFC3339Nano)
@@ -256,7 +256,7 @@ func Test_GenerateMarkdownSummary(t *testing.T) {
 	for _, c := range cases {
 		t.Run(c.name, func(t *testing.T) {
 			ctx := context.Background()
-			report, err := NewReport(c.snapshot, c.components, createTestPolicy(t, ctx), nil, nil, true)
+			report, err := NewReport(c.snapshot, c.components, createTestPolicy(t, ctx), nil, true)
 			assert.NoError(t, err)
 			report.created = time.Unix(0, 0).UTC()
 
@@ -503,7 +503,7 @@ func Test_ReportSummary(t *testing.T) {
 	for _, tc := range tests {
 		t.Run(fmt.Sprintf("NewReport=%s", tc.name), func(t *testing.T) {
 			ctx := context.Background()
-			report, err := NewReport(tc.snapshot, []Component{tc.input}, createTestPolicy(t, ctx), "data here", nil, true)
+			report, err := NewReport(tc.snapshot, []Component{tc.input}, createTestPolicy(t, ctx), nil, true)
 			assert.NoError(t, err)
 			assert.Equal(t, tc.want, report.toSummary())
 		})
@@ -640,7 +640,7 @@ func Test_ReportAppstudio(t *testing.T) {
 			assert.NoError(t, err)
 
 			ctx := context.Background()
-			report, err := NewReport(c.snapshot, c.components, createTestPolicy(t, ctx), nil, nil, true)
+			report, err := NewReport(c.snapshot, c.components, createTestPolicy(t, ctx), nil, true)
 			assert.NoError(t, err)
 			assert.False(t, report.created.IsZero())
 			assert.Equal(t, c.success, report.Success)
@@ -788,7 +788,7 @@ func Test_ReportHACBS(t *testing.T) {
 			assert.NoError(t, err)
 
 			ctx := context.Background()
-			report, err := NewReport(c.snapshot, c.components, createTestPolicy(t, ctx), "data here", nil, true)
+			report, err := NewReport(c.snapshot, c.components, createTestPolicy(t, ctx), nil, true)
 			assert.NoError(t, err)
 			assert.False(t, report.created.IsZero())
 			assert.Equal(t, c.success, report.Success)
@@ -820,7 +820,7 @@ func Test_ReportPolicyInput(t *testing.T) {
 	}
 
 	ctx := context.Background()
-	report, err := NewReport("snapshot", nil, createTestPolicy(t, ctx), "data", policyInput, true)
+	report, err := NewReport("snapshot", nil, createTestPolicy(t, ctx), policyInput, true)
 	require.NoError(t, err)
 
 	p := format.NewTargetParser(JSON, format.Options{}, defaultWriter, fs)

internal/applicationsnapshot/vsa_test.go

@@ -60,7 +60,7 @@ func TestNewVSA(t *testing.T) {
 	})
 	assert.NoError(t, err)
 
-	report, err := NewReport("snappy", components, testPolicy, "data here", nil, true)
+	report, err := NewReport("snappy", components, testPolicy, nil, true)
 	assert.NoError(t, err)
 
 	expected := ProvenanceStatementVSA{

internal/evaluator/__snapshots__/conftest_evaluator_test.snap

@@ -78,20 +78,4 @@
         },
     },
 }
-evaluator.Data{
-    "config": map[string]interface {}{
-        "default_sigstore_opts": map[string]interface {}{
-            "certificate_identity":           "cert-identity",
-            "certificate_identity_regexp":    "cert-identity-regexp",
-            "certificate_oidc_issuer":        "cert-oidc-issuer",
-            "certificate_oidc_issuer_regexp": "cert-oidc-issuer-regexp",
-            "ignore_rekor":                   bool(true),
-            "public_key":                     "-----BEGIN PUBLIC KEY-----\nMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAECBtqKHcvxYkGx7ZXqps3nrYS+ZSA\nmh3m1MZfTGlnr2oN0z+sBWEC23s4RkVSXkEydI6SLYatUtJK8OmiBRS+Xw==\n-----END PUBLIC KEY-----\n",
-            "rekor_url":                      "https://rekor.local/",
-        },
-        "policy": map[string]interface {}{
-            "when_ns": "1401494400000000000",
-        },
-    },
-}
 ---