Merge pull request #1889 from lcarva/EC-688

Use source.config instead of configuration

cmd/validate/__snapshots__/image_test.snap

@@ -13,20 +13,20 @@
  "effective-time": "1970-01-01T00:00:00Z",
  "key": "-----BEGIN PUBLIC KEY-----\nMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAECBtqKHcvxYkGx7ZXqps3nrYS+ZSA\nmh3m1MZfTGlnr2oN0z+sBWEC23s4RkVSXkEydI6SLYatUtJK8OmiBRS+Xw==\n-----END PUBLIC KEY-----\n",
  "policy": {
-  "configuration": {
-   "exclude": [
-    "not_useful",
-    "test:conftest-clair"
-   ],
-   "include": [
-    "always_checked",
-    "@salsa_one_collection"
-   ]
-  },
   "description": "My custom enterprise contract policy configuration",
   "publicKey": "-----BEGIN PUBLIC KEY-----\nMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAECBtqKHcvxYkGx7ZXqps3nrYS+ZSA\nmh3m1MZfTGlnr2oN0z+sBWEC23s4RkVSXkEydI6SLYatUtJK8OmiBRS+Xw==\n-----END PUBLIC KEY-----\n",
   "sources": [
    {
+    "config": {
+     "exclude": [
+      "not_useful",
+      "test:conftest-clair"
+     ],
+     "include": [
+      "always_checked",
+      "@salsa_one_collection"
+     ]
+    },
     "policy": [
      "quay.io/hacbs-contract/ec-release-policy:latest"
     ]
@@ -51,20 +51,20 @@
  "effective-time": "1970-01-01T00:00:00Z",
  "key": "-----BEGIN PUBLIC KEY-----\nMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAECBtqKHcvxYkGx7ZXqps3nrYS+ZSA\nmh3m1MZfTGlnr2oN0z+sBWEC23s4RkVSXkEydI6SLYatUtJK8OmiBRS+Xw==\n-----END PUBLIC KEY-----\n",
  "policy": {
-  "configuration": {
-   "exclude": [
-    "not_useful",
-    "test:conftest-clair"
-   ],
-   "include": [
-    "always_checked",
-    "@salsa_one_collection"
-   ]
-  },
   "description": "My custom enterprise contract policy configuration",
   "publicKey": "-----BEGIN PUBLIC KEY-----\nMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAECBtqKHcvxYkGx7ZXqps3nrYS+ZSA\nmh3m1MZfTGlnr2oN0z+sBWEC23s4RkVSXkEydI6SLYatUtJK8OmiBRS+Xw==\n-----END PUBLIC KEY-----\n",
   "sources": [
    {
+    "config": {
+     "exclude": [
+      "not_useful",
+      "test:conftest-clair"
+     ],
+     "include": [
+      "always_checked",
+      "@salsa_one_collection"
+     ]
+    },
     "policy": [
      "quay.io/hacbs-contract/ec-release-policy:latest"
     ]

cmd/validate/image.go

@@ -429,7 +429,7 @@ func validateImageCmd(validate imageValidationFunc) *cobra.Command {
 		  * Kubernetes reference ([<namespace>/]<name>)
 		  * file (policy.yaml)
 		  * git reference (github.com/user/repo//default?ref=main), or
-		  * inline JSON ('{sources: {...}, configuration: {...}}')")`))
+		  * inline JSON ('{sources: {...}, identity: {...}}')")`))
 
 	cmd.Flags().StringVarP(&data.imageRef, "image", "i", data.imageRef, "OCI image reference")
 

cmd/validate/image_test.go

@@ -557,13 +557,13 @@ description: My custom enterprise contract policy configuration
 sources:
   - policy:
       - quay.io/hacbs-contract/ec-release-policy:latest
-configuration:
-  exclude:
-    - not_useful
-    - test:conftest-clair
-  include:
-    - always_checked
-    - "@salsa_one_collection"
+    config:
+      exclude:
+        - not_useful
+        - test:conftest-clair
+      include:
+        - always_checked
+        - "@salsa_one_collection"
 `,
 		},
 		{
@@ -578,13 +578,13 @@ spec:
   sources:
     - policy:
         - quay.io/hacbs-contract/ec-release-policy:latest
-  configuration:
-    exclude:
-      - not_useful
-      - test:conftest-clair
-    include:
-      - always_checked
-      - "@salsa_one_collection"
+      config:
+        exclude:
+          - not_useful
+          - test:conftest-clair
+        include:
+          - always_checked
+          - "@salsa_one_collection"
 `,
 		},
 	}
@@ -669,12 +669,10 @@ func Test_ValidateImageCommandJSONPolicyFile(t *testing.T) {
       - "registry/policy:latest"
     data:
       - "registry/policy-data:latest"
-configuration:
-  collections:
-    - minimal
-  include:
-    - "*"
-  exclude: []
+    config:
+      include:
+        - '@minimal'
+      exclude: []
 `
 	err := afero.WriteFile(fs, "/policy.json", []byte(testPolicyJSON), 0644)
 	if err != nil {
@@ -754,12 +752,10 @@ func Test_ValidateImageCommandExtraData(t *testing.T) {
       custom_rule_data:
         prefix_data:
           - registry1
-configuration:
-  collections:
-    - minimal
-  include:
-    - "*"
-  exclude: []
+    config:
+      include:
+        - '@minimal'
+      exclude: []
 `
 	err := afero.WriteFile(fs, "/policy.json", []byte(testPolicyJSON), 0644)
 	if err != nil {
@@ -820,6 +816,9 @@ spec:
 			"custom_rule_data":{"prefix_data":["registry1"]},
 			"key": "---\nkind: ReleasePlanAdmission\nspec:\n  application: [some-app]\n  data:\n    mapping:\n      components:\n        - name: some-name\n          repository: quay.io/some-namespace/msd\n",
 			"key2": "value2"
+		},
+		"config": {
+		  "include": ["@minimal"]
 		}
 	  }`, string(sourceSampleMarshaled))
 }
@@ -947,12 +946,10 @@ func Test_ValidateImageErrorLog(t *testing.T) {
       - "registry/policy:latest"
     data:
       - "registry/policy-data:latest"
-configuration:
-  collections:
-    - minimal
-  include:
-    - "*"
-  exclude: []
+    config:
+      include:
+        - '@minimal'
+      exclude: []
 `
 	err := afero.WriteFile(fs, "/policy.yaml", []byte(testPolicyJSON), 0644)
 	if err != nil {

cmd/validate/input.go

@@ -198,7 +198,7 @@ func validateInputCmd(validate InputValidationFunc) *cobra.Command {
 		Policy configuration as:
 		* file (policy.yaml)
 		* git reference (github.com/user/repo//default?ref=main), or
-		* inline JSON ('{sources: {...}, configuration: {...}}')")`))
+		* inline JSON ('{sources: {...}}')")`))
 
 	validOutputFormats := applicationsnapshot.OutputFormats
 	cmd.Flags().StringSliceVarP(&data.output, "output", "o", data.output, hd.Doc(`

cmd/validate/policy.go

@@ -78,7 +78,7 @@ func ValidatePolicyCmd(validate policyValidationFunc) *cobra.Command {
 	Policy configuration as:
 	* file (policy.yaml)
 	* git reference (github.com/user/repo//default?ref=main), or
-	* inline JSON ('{sources: {...}, configuration: {...}}')")`))
+	* inline JSON ('{sources: {...}}')")`))
 
 	if err := cmd.MarkFlagRequired("policy"); err != nil {
 		panic(err)

docs/modules/ROOT/pages/configuration.adoc

@@ -352,15 +352,15 @@ YAML::
 +
 [source,yaml]
 ----
-configuration:
-  exclude:
-    - test:get-clair-scan
-    - test:clamav-scan
 sources:
   - policy:
       - oci::quay.io/enterprise-contract/ec-release-policy:latest
     data:
       - git::https://github.com/enterprise-contract/ec-policies//example/data
+    config:
+      exclude:
+        - test:get-clair-scan
+        - test:clamav-scan
 ----
 JSON::
 +

docs/modules/ROOT/pages/ec_validate_image.adoc

@@ -144,7 +144,7 @@ mark (?) sign, for example: --output text=output.txt?show-successes=false
   * Kubernetes reference ([<namespace>/]<name>)
   * file (policy.yaml)
   * git reference (github.com/user/repo//default?ref=main), or
-  * inline JSON ('{sources: {...}, configuration: {...}}')")
+  * inline JSON ('{sources: {...}, identity: {...}}')")
 -k, --public-key:: path to the public key. Overrides publicKey from EnterpriseContractPolicy
 -r, --rekor-url:: Rekor URL. Overrides rekorURL from EnterpriseContractPolicy
 --snapshot:: Provide the AppStudio Snapshot as a source of the images to validate, as inline

docs/modules/ROOT/pages/ec_validate_input.adoc

@@ -54,7 +54,7 @@ mark (?) sign, for example: --output text=output.txt?show-successes=false
 -p, --policy:: Policy configuration as:
 * file (policy.yaml)
 * git reference (github.com/user/repo//default?ref=main), or
-* inline JSON ('{sources: {...}, configuration: {...}}')")
+* inline JSON ('{sources: {...}}')")
 -s, --strict:: Return non-zero status on non-successful validation (Default: true)
 
 == Options inherited from parent commands

docs/modules/ROOT/pages/ec_validate_policy.adoc

@@ -22,7 +22,7 @@ ec validate policy --policy-configuration github.com/org/repo/policy.yaml
 -p, --policy:: Policy configuration as:
 * file (policy.yaml)
 * git reference (github.com/user/repo//default?ref=main), or
-* inline JSON ('{sources: {...}, configuration: {...}}')")
+* inline JSON ('{sources: {...}}')")
 
 == Options inherited from parent commands