From 0a22ddaec09c4bc4a8b987a6538cc7849667ef24 Mon Sep 17 00:00:00 2001
From: Luiz Carvalho <lucarval@redhat.com>
Date: Tue, 17 May 2022 11:48:43 -0400
Subject: [PATCH] Use marshalled data for params in invocation

This is needed to take into account the two parameter types allowed by
Tekton Pipelines, string and array of strings.

Signed-off-by: Luiz Carvalho <lucarval@redhat.com>
---
 .../formats/intotoite6/intotoite6_test.go     |  8 +++---
 .../intotoite6/pipelinerun/pipelinerun.go     | 12 ++++----
 .../intotoite6/taskrun/provenance_test.go     |  6 ++--
 .../formats/intotoite6/taskrun/taskrun.go     |  6 ++--
 pkg/chains/formats/intotoite6/util/utils.go   | 28 ++++++++-----------
 5 files changed, 27 insertions(+), 33 deletions(-)

diff --git a/pkg/chains/formats/intotoite6/intotoite6_test.go b/pkg/chains/formats/intotoite6/intotoite6_test.go
index 209d729ce4..f253bd091f 100644
--- a/pkg/chains/formats/intotoite6/intotoite6_test.go
+++ b/pkg/chains/formats/intotoite6/intotoite6_test.go
@@ -68,10 +68,10 @@ func TestCreatePayload1(t *testing.T) {
 			},
 			Invocation: slsa.ProvenanceInvocation{
 				Parameters: map[string]string{
-					"IMAGE":             "test.io/test/image",
-					"CHAINS-GIT_COMMIT": "abcd",
-					"CHAINS-GIT_URL":    "https://git.test.com",
-					"filename":          "/bin/ls",
+					"IMAGE":             `"test.io/test/image"`,
+					"CHAINS-GIT_COMMIT": `"abcd"`,
+					"CHAINS-GIT_URL":    `"https://git.test.com"`,
+					"filename":          `"/bin/ls"`,
 				},
 			},
 			Builder: slsa.ProvenanceBuilder{
diff --git a/pkg/chains/formats/intotoite6/pipelinerun/pipelinerun.go b/pkg/chains/formats/intotoite6/pipelinerun/pipelinerun.go
index b033dbeb0f..454066ff00 100644
--- a/pkg/chains/formats/intotoite6/pipelinerun/pipelinerun.go
+++ b/pkg/chains/formats/intotoite6/pipelinerun/pipelinerun.go
@@ -46,8 +46,8 @@ func GenerateAttestation(builderID string, pr *v1beta1.PipelineRun, logger *zap.
 				ID: builderID,
 			},
 			BuildType:   util.TektonPipelineRunID,
-			Invocation:  invocation(pr),
-			BuildConfig: buildConfig(pr),
+			Invocation:  invocation(pr, logger),
+			BuildConfig: buildConfig(pr, logger),
 			Metadata:    metadata(pr),
 			Materials:   materials(pr),
 		},
@@ -55,15 +55,15 @@ func GenerateAttestation(builderID string, pr *v1beta1.PipelineRun, logger *zap.
 	return att, nil
 }
 
-func invocation(pr *v1beta1.PipelineRun) slsa.ProvenanceInvocation {
+func invocation(pr *v1beta1.PipelineRun, logger *zap.SugaredLogger) slsa.ProvenanceInvocation {
 	var paramSpecs []v1beta1.ParamSpec
 	if ps := pr.Status.PipelineSpec; ps != nil {
 		paramSpecs = ps.Params
 	}
-	return util.AttestInvocation(pr.Spec.Params, paramSpecs)
+	return util.AttestInvocation(pr.Spec.Params, paramSpecs, logger)
 }
 
-func buildConfig(pr *v1beta1.PipelineRun) BuildConfig {
+func buildConfig(pr *v1beta1.PipelineRun, logger *zap.SugaredLogger) BuildConfig {
 	tasks := []TaskAttestation{}
 
 	// pipelineRun.status.taskRuns doesn't maintain order,
@@ -104,7 +104,7 @@ func buildConfig(pr *v1beta1.PipelineRun) BuildConfig {
 			FinishedOn: trStatus.Status.CompletionTime.Time,
 			Status:     getStatus(trStatus.Status.Conditions),
 			Steps:      steps,
-			Invocation: util.AttestInvocation(params, paramSpecs),
+			Invocation: util.AttestInvocation(params, paramSpecs, logger),
 		}
 
 		tasks = append(tasks, task)
diff --git a/pkg/chains/formats/intotoite6/taskrun/provenance_test.go b/pkg/chains/formats/intotoite6/taskrun/provenance_test.go
index ac4affc53f..d6d927cbd3 100644
--- a/pkg/chains/formats/intotoite6/taskrun/provenance_test.go
+++ b/pkg/chains/formats/intotoite6/taskrun/provenance_test.go
@@ -206,12 +206,12 @@ spec:
 
 	expected := slsa.ProvenanceInvocation{
 		Parameters: map[string]string{
-			"my-param":       "string-param",
-			"my-array-param": "[my array]",
+			"my-param":       `"string-param"`,
+			"my-array-param": `["my","array"]`,
 		},
 	}
 
-	got := invocation(taskRun)
+	got := invocation(taskRun, logtesting.TestLogger(t))
 	if !reflect.DeepEqual(expected, got) {
 		if d := cmp.Diff(expected, got); d != "" {
 			t.Log(d)
diff --git a/pkg/chains/formats/intotoite6/taskrun/taskrun.go b/pkg/chains/formats/intotoite6/taskrun/taskrun.go
index e5fd02feb2..49749046f4 100644
--- a/pkg/chains/formats/intotoite6/taskrun/taskrun.go
+++ b/pkg/chains/formats/intotoite6/taskrun/taskrun.go
@@ -25,7 +25,7 @@ func GenerateAttestation(builderID string, tr *v1beta1.TaskRun, logger *zap.Suga
 				ID: builderID,
 			},
 			BuildType:   util.TektonID,
-			Invocation:  invocation(tr),
+			Invocation:  invocation(tr, logger),
 			BuildConfig: buildConfig(tr),
 			Metadata:    metadata(tr),
 			Materials:   materials(tr),
@@ -37,12 +37,12 @@ func GenerateAttestation(builderID string, tr *v1beta1.TaskRun, logger *zap.Suga
 // invocation describes the event that kicked off the build
 // we currently don't set ConfigSource because we don't know
 // which material the Task definition came from
-func invocation(tr *v1beta1.TaskRun) slsa.ProvenanceInvocation {
+func invocation(tr *v1beta1.TaskRun, logger *zap.SugaredLogger) slsa.ProvenanceInvocation {
 	var paramSpecs []v1beta1.ParamSpec
 	if ts := tr.Status.TaskSpec; ts != nil {
 		paramSpecs = ts.Params
 	}
-	return util.AttestInvocation(tr.Spec.Params, paramSpecs)
+	return util.AttestInvocation(tr.Spec.Params, paramSpecs, logger)
 }
 
 func metadata(tr *v1beta1.TaskRun) *slsa.ProvenanceMetadata {
diff --git a/pkg/chains/formats/intotoite6/util/utils.go b/pkg/chains/formats/intotoite6/util/utils.go
index f834760a86..4170920c8c 100644
--- a/pkg/chains/formats/intotoite6/util/utils.go
+++ b/pkg/chains/formats/intotoite6/util/utils.go
@@ -120,36 +120,30 @@ func AttestStep(step *v1beta1.Step, stepState *v1beta1.StepState) StepAttestatio
 	return attestation
 }
 
-func AttestInvocation(params []v1beta1.Param, paramSpecs []v1beta1.ParamSpec) slsa.ProvenanceInvocation {
+func AttestInvocation(params []v1beta1.Param, paramSpecs []v1beta1.ParamSpec, logger *zap.SugaredLogger) slsa.ProvenanceInvocation {
 	i := slsa.ProvenanceInvocation{}
 	iParams := make(map[string]string)
 
 	// get implicit parameters from defaults
 	for _, p := range paramSpecs {
 		if p.Default != nil {
-			// TODO: Consider using p.Default.MarshalJSON()
-			var v string
-			switch p.Default.Type {
-			case v1beta1.ParamTypeString:
-				v = p.Default.StringVal
-			case v1beta1.ParamTypeArray:
-				v = fmt.Sprintf("%v", p.Default.ArrayVal)
+			v, err := p.Default.MarshalJSON()
+			if err != nil {
+				logger.Errorf("Unable to marshall %q default parameter: %s", p, err)
+				continue
 			}
-			iParams[p.Name] = v
+			iParams[p.Name] = string(v)
 		}
 	}
 
 	// get explicit parameters
 	for _, p := range params {
-		// TODO: Consider using p.Value.MarshalJSON()
-		var v string
-		switch p.Value.Type {
-		case v1beta1.ParamTypeString:
-			v = p.Value.StringVal
-		case v1beta1.ParamTypeArray:
-			v = fmt.Sprintf("%v", p.Value.ArrayVal)
+		v, err := p.Value.MarshalJSON()
+		if err != nil {
+			logger.Errorf("Unable to marshall %q parameter: %s", p, err)
+			continue
 		}
-		iParams[p.Name] = v
+		iParams[p.Name] = string(v)
 	}
 
 	i.Parameters = iParams