validate image: Allow custom Rego variables with new --extra flag

[mbestavros]

This PR adds a new option, --extra, to the ec validate image command. This argument allows users to inject additional variables into the Rego rule data per source. Syntax is simple: --extra key=value. The flag can also be used multiple times.

This is an evolution of the idea that @lcarva proposed in #1277.

Here's an example output from ec validate image with --extra var=value:

policy:
  description: Includes rules for levels 1, 2 & 3 of SLSA v0.1. This is the default
    config used for new Konflux applications. Available collections are defined in
    https://redhat-appstudio.github.io/docs.stonesoup.io/ec-policies/release_policy.html#_available_rule_collections.
    If a different policy configuration is desired, this resource can serve as a starting
    point. See the docs on how to include and exclude rules https://redhat-appstudio.github.io/docs.stonesoup.io/ec-policies/policy_configuration.html#_including_and_excluding_rules.
  name: Default
  publicKey: /dev/fd/63
  sources:
  - config:
      include:
      - '@slsa3'
    data:
    - oci::quay.io/redhat-appstudio-tekton-catalog/data-acceptable-bundles:latest
    - github.com/release-engineering/rhtap-ec-policy//data
    name: Default
    policy:
    - github.com/enterprise-contract/ec-policies//policy/lib
    - github.com/enterprise-contract/ec-policies//policy/release
    ruleData:
      var: value
success: true

This still needs tests added, but it appears to be functional, as seen above.

[codecov]

Codecov Report

Attention: Patch coverage is 86.66667% with 4 lines in your changes are missing coverage. Please review.

Project coverage is 80.59%. Comparing base (934c6e6) to head (61499d0).
Report is 19 commits behind head on main.

Additional details and impacted files

@@            Coverage Diff             @@
##             main    #1474      +/-   ##
==========================================
+ Coverage   80.46%   80.59%   +0.12%     
==========================================
  Files          67       66       -1     
  Lines        4782     4761      -21     
==========================================
- Hits         3848     3837      -11     
+ Misses        934      924      -10     

Flag	Coverage Δ
generative	80.59% <86.66%> (+0.12%)	⬆️
integration	80.59% <86.66%> (+0.12%)	⬆️
unit	80.59% <86.66%> (+0.12%)	⬆️

Flags with carried forward coverage won't be shown. Click here to find out more.

Files	Coverage Δ
cmd/validate/image.go	96.26% <86.66%> (ø)

... and 1 file with indirect coverage changes

[simonbaird]

The name "extra" feels not quite specific enough. Something like this perhaps:

Suggested change

	cmd.Flags().StringSliceVar(&data.extra, "extra", data.extra, hd.Doc(`
	cmd.Flags().StringSliceVarP(&data.extraRuleData, "extra-rule-data", "e", data.extraRuleData, hd.Doc(`

[mbestavros]

Changed it to your suggestion, but open to other ideas as well. I know we floated override or override-rule-data as well.

[simonbaird]

Let's get some test coverage.

[simonbaird]

(Wrong button sorry..)

[mbestavros]

@simonbaird I added a unit and acceptance test for the positive case. Had to get a bit hacky for the unit test to work correctly.

[zregvart]

There is a compile error on this line:

Suggested change

	validate := func(_ context.Context, component app.SnapshotComponent, _ policy.Policy, _ bool) (*output.Output, error) {
	validate := func(_ context.Context, component app.SnapshotComponent, _ policy.Policy, _ []evaluator.Evaluator, _ bool) (*output.Output, error) {

[lcarva]

It looks like @mbestavros did a rebase that brought in the change in the signature for the validate function. I have questions...

• The only CI check failing right now is the linter. How did "Checks / Test" pass?!
• Why was the linter complaining about this line before when it was obviously correct at the time?