Add e2e test suite to evidence

Author: dortam888

tests/e2e/local/docker-compose.yml

@@ -48,6 +48,16 @@ services:
       JF_EVIDENCE_NAVIGATION_ENABLED: "true"
       JF_EVIDENCE_ENABLED: "false"  # Evidence runs as separate service
 
+      # AppTrust integration
+      JF_ARTIFACTORY_APPTRUST_ENABLED: "true"
+      JF_APPTRUST_NAVIGATION_ENABLED: "true"
+      JF_APPTRUST_ENABLED: "false"  # AppTrust runs as separate service
+      
+      # Unified Policy integration
+      JF_ARTIFACTORY_UNIFIED_POLICY_ENABLED: "true"
+      JF_UNIFIED_POLICY_NAVIGATION_ENABLED: "true"
+      JF_UNIFIED_POLICY_ENABLED: "false"  # Unified Policy runs as separate service
+      
       # OneModel integration (Single-Tenant mode)
       JF_ONEMODEL_ENABLED: "true"
       JF_ROUTER_MULTITENANT_SERVICES_ONEMODEL_SERVICEURL: http://onemodel:8082
@@ -99,6 +109,80 @@ services:
       - postgres
       - artifactory
 
+  # AppTrust Service
+  apptrust-service:
+    image: ${APPTRUST_IMAGE}
+    container_name: evidence-e2e-apptrust
+    environment:
+      # Node configuration
+      JF_SHARED_NODE_ID: evidence-e2e-node
+      
+      # Database configuration
+      JF_SHARED_DATABASE_TYPE: postgresql
+      JF_SHARED_DATABASE_DRIVER: org.postgresql.Driver
+      JF_SHARED_DATABASE_URL: jdbc:postgresql://postgres:5432/evidence
+      JF_SHARED_DATABASE_USERNAME: evidence
+      JF_SHARED_DATABASE_PASSWORD: password
+      
+      # Security keys (must match Artifactory)
+      JF_SHARED_SECURITY_JOINKEY: cc949ef041b726994a225dc20e018f23
+      JF_SHARED_SECURITY_MASTERKEY: b055e9d06d17a293f1934109d4c4b560
+      
+      # AppTrust service configuration
+      JF_APPTRUST_HTTP_PORT: 8052
+      JF_APPTRUST_LOGGING_APPLICATION_LEVEL: ${APPTRUST_LOG_LEVEL:-INFO}
+      JF_ROUTER_ENTRYPOINTS_INTERNALPORT: 8046
+      
+      # License caching for tests
+      JF_APPTRUST_CACHING_LICENSE_EXPIRATIONSECS: 1
+      
+      # AppTrust specific configuration
+      JF_APPTRUST_ENABLED: "true"
+      JF_APPTRUST_NAVIGATION_ENABLED: "true"
+    network_mode: service:artifactory
+    restart: on-failure
+    depends_on:
+      - postgres
+      - artifactory
+      - evidence-service
+
+  # Unified Policy Service
+  unified-policy-service:
+    image: ${UNIFIED_POLICY_IMAGE}
+    container_name: evidence-e2e-unified-policy
+    environment:
+      # Node configuration
+      JF_SHARED_NODE_ID: evidence-e2e-node
+      
+      # Database configuration
+      JF_SHARED_DATABASE_TYPE: postgresql
+      JF_SHARED_DATABASE_DRIVER: org.postgresql.Driver
+      JF_SHARED_DATABASE_URL: jdbc:postgresql://postgres:5432/evidence
+      JF_SHARED_DATABASE_USERNAME: evidence
+      JF_SHARED_DATABASE_PASSWORD: password
+      
+      # Security keys (must match Artifactory)
+      JF_SHARED_SECURITY_JOINKEY: cc949ef041b726994a225dc20e018f23
+      JF_SHARED_SECURITY_MASTERKEY: b055e9d06d17a293f1934109d4c4b560
+      
+      # Unified Policy service configuration
+      JF_UNIFIED_POLICY_HTTP_PORT: 8053
+      JF_UNIFIED_POLICY_LOGGING_APPLICATION_LEVEL: ${UNIFIED_POLICY_LOG_LEVEL:-INFO}
+      JF_ROUTER_ENTRYPOINTS_INTERNALPORT: 8046
+      
+      # License caching for tests
+      JF_UNIFIED_POLICY_CACHING_LICENSE_EXPIRATIONSECS: 1
+      
+      # Unified Policy specific configuration
+      JF_UNIFIED_POLICY_ENABLED: "true"
+      JF_UNIFIED_POLICY_NAVIGATION_ENABLED: "true"
+    network_mode: service:artifactory
+    restart: on-failure
+    depends_on:
+      - postgres
+      - artifactory
+      - apptrust-service
+
   # OneModel Router (Single-Tenant mode - no etcd needed!)
   onemodel-router:
     image: ${ROUTER_IMAGE}

tests/e2e/tests/e2e_create_suite.go

@@ -33,6 +33,9 @@ func (r *EvidenceE2ETestsRunner) RunCreateEvidenceSuite(t *testing.T) {
 	t.Run("ForReleaseBundle", func(t *testing.T) {
 		r.RunCreateEvidenceForReleaseBundle(t)
 	})
+	t.Run("ForApplicationVersion", func(t *testing.T) {
+		r.RunCreateEvidenceForApplicationVersion(t)
+	})
 	t.Run("WithMarkdown", func(t *testing.T) {
 		r.RunCreateEvidenceWithMarkdown(t)
 	})
@@ -542,3 +545,94 @@ func (r *EvidenceE2ETestsRunner) RunCreateEvidenceWithSubjectSha256(t *testing.T
 
 	t.Log("=== ✅ Create Evidence with Subject SHA256 Test Completed Successfully! ===")
 }
+
+// RunCreateEvidenceForApplicationVersion tests creating evidence for an application version
+func (r *EvidenceE2ETestsRunner) RunCreateEvidenceForApplicationVersion(t *testing.T) {
+	t.Log("=== Create Evidence - Application Version Test ===")
+
+	// Verify shared key pair is available
+	if SharedPrivateKeyPath == "" || SharedPublicKeyPath == "" {
+		t.Errorf("Shared key pair not initialized. Ensure PrepareTestsData() was called.")
+		return
+	}
+	t.Logf("Using shared key pair: %s (alias: %s)", SharedPrivateKeyPath, SharedKeyAlias)
+
+	tempDir := t.TempDir()
+	projectKey := "test-project"
+
+	// Step 1: Create test application
+	t.Log("Step 1: Creating test application...")
+	applicationKey, applicationName := utils.CreateTestApplication(t, r.ServicesManager, projectKey)
+	t.Logf("✓ Application created: %s (%s)", applicationKey, applicationName)
+
+	// Register cleanup for application
+	t.Cleanup(func() {
+		utils.CleanupTestApplication(t, r.ServicesManager, applicationKey, projectKey)
+	})
+
+	// Step 2: Create test application version
+	t.Log("Step 2: Creating test application version...")
+	applicationVersion := utils.CreateTestApplicationVersion(t, r.ServicesManager, r.LifecycleManager, applicationKey, projectKey)
+	t.Logf("✓ Application version created: %s:%s", applicationKey, applicationVersion)
+
+	// Step 3: Promote application version (ensure manifest exists)
+	t.Log("Step 3: Promoting application version...")
+	err := utils.PromoteApplicationVersion(t, r.ServicesManager, applicationKey, applicationVersion, projectKey, "production")
+	require.NoError(t, err, "Failed to promote application version")
+	t.Logf("✓ Application version promoted: %s:%s", applicationKey, applicationVersion)
+
+	// Step 4: Verify application version manifest exists
+	t.Log("Step 4: Verifying application version manifest...")
+	exists := utils.ApplicationVersionExists(t, r.ServicesManager, applicationKey, applicationVersion, projectKey)
+	require.True(t, exists, "Application version manifest should exist")
+	t.Log("✓ Application version manifest verified")
+
+	// Step 5: Create predicate
+	t.Log("Step 5: Creating predicate...")
+	predicate := map[string]interface{}{
+		"buildType":          "application-version-test",
+		"timestamp":          time.Now().Unix(),
+		"environment":        "e2e-test",
+		"applicationKey":     applicationKey,
+		"applicationVersion": applicationVersion,
+		"projectKey":         projectKey,
+		"description":        "Testing evidence creation for application version",
+	}
+	predicateBytes, err := json.MarshalIndent(predicate, "", "  ")
+	require.NoError(t, err)
+	predicatePath := filepath.Join(tempDir, "predicate.json")
+	err = os.WriteFile(predicatePath, predicateBytes, 0644)
+	require.NoError(t, err)
+	t.Log("✓ Predicate created")
+
+	// Step 6: Create evidence for application version using shared key
+	t.Log("Step 6: Creating evidence for application version...")
+	createOutput := r.EvidenceUserCLI.RunCliCmdWithOutput(t,
+		"create",
+		"--predicate", predicatePath,
+		"--predicate-type", "https://slsa.dev/provenance/v1",
+		"--application-key", applicationKey,
+		"--application-version", applicationVersion,
+		"--key", SharedPrivateKeyPath,
+		"--key-alias", SharedKeyAlias,
+	)
+	t.Logf("Evidence creation output: %s", createOutput)
+	require.NotContains(t, createOutput, "Error", "Evidence creation should not error")
+	require.NotContains(t, createOutput, "Failed", "Evidence creation should not fail")
+	require.NotContains(t, createOutput, "does not exist", "Application version manifest should be found")
+	t.Log("✓ Evidence created successfully")
+
+	// Step 7: Verify evidence using admin token
+	t.Log("Step 7: Verifying evidence using admin token...")
+	verifyOutput := r.EvidenceAdminCLI.RunCliCmdWithOutput(t,
+		"verify",
+		"--application-key", applicationKey,
+		"--application-version", applicationVersion,
+		"--public-keys", SharedPublicKeyPath,
+	)
+	t.Logf("Verification output: %s", verifyOutput)
+	require.Contains(t, verifyOutput, applicationKey, "Evidence should be verified")
+	t.Log("✅ Evidence verified successfully!")
+
+	t.Log("=== ✅ Create Evidence for Application Version Test Completed Successfully! ===")
+}

tests/e2e/utils/e2e_apptrustx.go

@@ -0,0 +1,177 @@
+package utils
+
+import (
+	"encoding/json"
+	"fmt"
+	"testing"
+	"time"
+
+	"github.com/jfrog/jfrog-client-go/artifactory"
+	"github.com/jfrog/jfrog-client-go/artifactory/services"
+	"github.com/jfrog/jfrog-client-go/lifecycle"
+	"github.com/stretchr/testify/require"
+)
+
+// CreateTestApplication creates a test application in AppTrust and returns the application key
+func CreateTestApplication(t *testing.T, artifactoryManager artifactory.ArtifactoryServicesManager, projectKey string) (string, string) {
+	// Generate unique application name with timestamp
+	timestamp := time.Now().Unix()
+	applicationKey := fmt.Sprintf("test-app-%d", timestamp)
+	applicationName := fmt.Sprintf("Test Application %d", timestamp)
+
+	t.Logf("Creating test application: %s in project: %s", applicationKey, projectKey)
+
+	// Create application using Artifactory REST API
+	// Note: In a real environment, this would use AppTrust API, but for E2E tests
+	// we simulate the application creation by creating the necessary repository structure
+
+	// Create application-versions repository for the project
+	repoKey := fmt.Sprintf("%s-application-versions", projectKey)
+	if projectKey == "" || projectKey == "default" {
+		repoKey = "application-versions"
+	}
+
+	// Create the repository if it doesn't exist
+	CreateTestRepository(t, artifactoryManager, "generic", WithRepoKey(repoKey))
+
+	t.Logf("✓ Application created: %s (%s)", applicationKey, applicationName)
+	return applicationKey, applicationName
+}
+
+// CreateTestApplicationVersion creates a test application version and returns the version string
+func CreateTestApplicationVersion(t *testing.T, artifactoryManager artifactory.ArtifactoryServicesManager, lifecycleManager *lifecycle.LifecycleServicesManager, applicationKey, projectKey string) string {
+	// Generate unique version with timestamp
+	timestamp := time.Now().Unix()
+	version := fmt.Sprintf("1.0.%d", timestamp%10000) // Keep version reasonable
+
+	t.Logf("Creating test application version: %s:%s", applicationKey, version)
+
+	// Create a release bundle that represents the application version
+	// This simulates what AppTrust does internally - it creates release bundles for application versions
+	rbName := applicationKey
+	rbVersion := version
+
+	// Create the release bundle using lifecycle manager
+	actualRbName, actualRbVersion := CreateTestReleaseBundle(t, artifactoryManager, lifecycleManager, projectKey, WithReleaseBundleName(rbName), WithReleaseBundleVersion(rbVersion))
+
+	// Create the application version manifest in the application-versions repository
+	err := createApplicationVersionManifest(t, artifactoryManager, applicationKey, version, projectKey, actualRbName, actualRbVersion)
+	require.NoError(t, err, "Failed to create application version manifest")
+
+	t.Logf("✓ Application version created: %s:%s", applicationKey, version)
+	return version
+}
+
+// createApplicationVersionManifest creates the release-bundle.json.evd manifest file for an application version
+func createApplicationVersionManifest(t *testing.T, artifactoryManager artifactory.ArtifactoryServicesManager, applicationKey, version, projectKey, rbName, rbVersion string) error {
+	// Build repository key
+	repoKey := fmt.Sprintf("%s-application-versions", projectKey)
+	if projectKey == "" || projectKey == "default" {
+		repoKey = "application-versions"
+	}
+
+	// Create manifest content (simulates what AppTrust creates)
+	manifest := map[string]interface{}{
+		"application_key":        applicationKey,
+		"application_version":    version,
+		"project_key":            projectKey,
+		"release_bundle_name":    rbName,
+		"release_bundle_version": rbVersion,
+		"created_at":             time.Now().Format(time.RFC3339),
+		"type":                   "application-version",
+	}
+
+	manifestBytes, err := json.MarshalIndent(manifest, "", "  ")
+	if err != nil {
+		return fmt.Errorf("failed to marshal manifest: %w", err)
+	}
+
+	// Upload manifest to the correct path: {repo}/{app}/{version}/release-bundle.json.evd
+	manifestPath := fmt.Sprintf("%s/%s/%s/release-bundle.json.evd", repoKey, applicationKey, version)
+
+	// Create temporary file for upload
+	tempFile := CreateTestArtifact(t, string(manifestBytes))
+
+	// Upload the manifest
+	err = UploadArtifact(artifactoryManager, tempFile, manifestPath)
+	if err != nil {
+		return fmt.Errorf("failed to upload manifest to %s: %w", manifestPath, err)
+	}
+
+	t.Logf("✓ Application version manifest created at: %s", manifestPath)
+	return nil
+}
+
+// PromoteApplicationVersion simulates promoting an application version (creates the manifest)
+func PromoteApplicationVersion(t *testing.T, artifactoryManager artifactory.ArtifactoryServicesManager, applicationKey, version, projectKey, targetStage string) error {
+	t.Logf("Promoting application version %s:%s to stage: %s", applicationKey, version, targetStage)
+
+	// In a real environment, this would call AppTrust promotion API
+	// For E2E tests, we ensure the manifest exists (it should already be created by CreateTestApplicationVersion)
+
+	// Build repository key and manifest path
+	repoKey := fmt.Sprintf("%s-application-versions", projectKey)
+	if projectKey == "" || projectKey == "default" {
+		repoKey = "application-versions"
+	}
+
+	manifestPath := fmt.Sprintf("%s/%s/%s/release-bundle.json.evd", repoKey, applicationKey, version)
+
+	// Verify the manifest exists
+	_, err := artifactoryManager.FileInfo(manifestPath)
+	if err != nil {
+		return fmt.Errorf("application version manifest not found at %s: %w", manifestPath, err)
+	}
+
+	t.Logf("✓ Application version %s:%s promoted to %s", applicationKey, version, targetStage)
+	return nil
+}
+
+// CleanupTestApplication removes test application and its versions
+func CleanupTestApplication(t *testing.T, artifactoryManager artifactory.ArtifactoryServicesManager, applicationKey, projectKey string) {
+	// Build repository key
+	repoKey := fmt.Sprintf("%s-application-versions", projectKey)
+	if projectKey == "" || projectKey == "default" {
+		repoKey = "application-versions"
+	}
+
+	// Delete application folder from repository
+	applicationPath := fmt.Sprintf("%s/%s", repoKey, applicationKey)
+
+	// Delete application folder from repository using delete service
+	deleteParams := services.NewDeleteParams()
+	deleteParams.Pattern = applicationPath
+	deleteParams.Recursive = true
+
+	pathsToDelete, err := artifactoryManager.GetPathsToDelete(deleteParams)
+	if err != nil {
+		t.Logf("Warning: Failed to get paths to delete for application %s: %v", applicationKey, err)
+		return
+	}
+	defer func() {
+		if err := pathsToDelete.Close(); err != nil {
+			fmt.Printf("Error closing pathsToDelete: %v\n", err)
+		}
+	}()
+
+	deletedCount, err := artifactoryManager.DeleteFiles(pathsToDelete)
+	if err != nil {
+		t.Logf("Warning: Failed to cleanup application %s: %v", applicationKey, err)
+	} else {
+		t.Logf("✓ Cleaned up application: %s (%d items deleted)", applicationKey, deletedCount)
+	}
+}
+
+// ApplicationVersionExists checks if an application version manifest exists
+func ApplicationVersionExists(t *testing.T, artifactoryManager artifactory.ArtifactoryServicesManager, applicationKey, version, projectKey string) bool {
+	// Build repository key and manifest path
+	repoKey := fmt.Sprintf("%s-application-versions", projectKey)
+	if projectKey == "" || projectKey == "default" {
+		repoKey = "application-versions"
+	}
+
+	manifestPath := fmt.Sprintf("%s/%s/%s/release-bundle.json.evd", repoKey, applicationKey, version)
+
+	_, err := artifactoryManager.FileInfo(manifestPath)
+	return err == nil
+}