feat(cli): Add trivy cloud suppport (#9637)

2025-12-05 20:40:16 -08:00 · 2025-10-15 11:34:39 +01:00
parent 84a7d9a5d6
commit 8e6a7ff670
19 changed files with 1243 additions and 5 deletions
--- a/pkg/commands/cloud/run_test.go
+++ b/pkg/commands/cloud/run_test.go
@@ -0,0 +1,141 @@
+package cloud
+
+import (
+	"context"
+	"net/http"
+	"net/http/httptest"
+	"testing"
+
+	"github.com/stretchr/testify/assert"
+	"github.com/stretchr/testify/require"
+	"github.com/zalando/go-keyring"
+
+	"github.com/aquasecurity/trivy/pkg/cloud"
+	"github.com/aquasecurity/trivy/pkg/flag"
+)
+
+func TestLogout(t *testing.T) {
+	tests := []struct {
+		name             string
+		createConfigFile bool
+	}{
+		{
+			name:             "successful logout when the config file exists",
+			createConfigFile: true,
+		},
+		{
+			name:             "successful logout when the config file does not exist",
+			createConfigFile: false,
+		},
+	}
+
+	tempDir := t.TempDir()
+	t.Setenv("XDG_DATA_HOME", tempDir)
+
+	keyring.MockInit()
+	for _, tt := range tests {
+		t.Run(tt.name, func(t *testing.T) {
+
+			defer keyring.DeleteAll(cloud.ServiceName)
+			defer cloud.Clear()
+			cloud.Clear()
+
+			if tt.createConfigFile {
+				config := &cloud.Config{
+					ServerURL: "https://example.com",
+					ApiURL:    "https://api.example.com",
+				}
+				err := config.Save()
+				require.NoError(t, err)
+			}
+
+			err := Logout()
+			require.NoError(t, err)
+		})
+	}
+}
+
+func TestLogin(t *testing.T) {
+	tests := []struct {
+		name           string
+		token          string
+		serverResponse int
+		wantErr        string
+	}{
+		{
+			name:           "successful login with valid token",
+			token:          "valid-token-123",
+			serverResponse: http.StatusOK,
+		},
+		{
+			name:           "login fails with empty token",
+			token:          "",
+			serverResponse: http.StatusOK,
+			wantErr:        "token is required for Trivy Cloud login",
+		},
+		{
+			name:           "login fails with server error",
+			token:          "valid-token-123",
+			serverResponse: http.StatusUnauthorized,
+			wantErr:        "failed to verify token: received status code 401",
+		},
+		{
+			name:           "login fails with server internal error",
+			token:          "valid-token-123",
+			serverResponse: http.StatusInternalServerError,
+			wantErr:        "failed to verify token: received status code 500",
+		},
+	}
+
+	tempDir := t.TempDir()
+	t.Setenv("XDG_DATA_HOME", tempDir)
+
+	keyring.MockInit()
+	for _, tt := range tests {
+		t.Run(tt.name, func(t *testing.T) {
+			defer keyring.DeleteAll(cloud.ServiceName)
+
+			defer cloud.Clear()
+			cloud.Clear()
+
+			server := httptest.NewServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
+				assert.Equal(t, http.MethodPost, r.Method)
+				assert.Equal(t, "/verify", r.URL.Path)
+
+				if tt.token != "" {
+					expectedAuth := "Bearer " + tt.token
+					assert.Equal(t, expectedAuth, r.Header.Get("Authorization"))
+				}
+
+				w.WriteHeader(tt.serverResponse)
+			}))
+			defer server.Close()
+
+			opts := flag.Options{
+				CloudOptions: flag.CloudOptions{
+					LoginCredentials: flag.CloudLoginCredentials{
+						Token: tt.token,
+					},
+					ApiUrl:         server.URL + "/api",
+					TrivyServerUrl: server.URL,
+				},
+			}
+
+			ctx := context.Background()
+			err := Login(ctx, opts)
+
+			if tt.wantErr != "" {
+				require.ErrorContains(t, err, tt.wantErr)
+				return
+			}
+
+			require.NoError(t, err)
+
+			config, err := cloud.Load()
+			require.NoError(t, err)
+			require.Equal(t, tt.token, config.Token)
+			require.Equal(t, server.URL, config.ServerURL)
+			require.Equal(t, server.URL+"/api", config.ApiURL)
+		})
+	}
+}