From c7375d2aaf0445855e00b3074b4b378c91e1960a Mon Sep 17 00:00:00 2001
From: Rupali Behera <rbehera@redhat.com>
Date: Mon, 27 May 2024 15:42:14 +0200
Subject: [PATCH] SRVKP-4387: Making enable-deep-inspection field as boolValue
 to support bool (true) as well string ('true')

---
 .../operator/v1alpha1/tektonchain_types.go    |  8 ++--
 .../v1alpha1/tektonchain_validation.go        | 19 +++++----
 .../v1alpha1/tektonchain_validation_test.go   | 39 +++++++++++++++++++
 .../v1alpha1/zz_generated.deepcopy.go         |  5 ---
 4 files changed, 55 insertions(+), 16 deletions(-)

diff --git a/pkg/apis/operator/v1alpha1/tektonchain_types.go b/pkg/apis/operator/v1alpha1/tektonchain_types.go
index 623066fea9..c8342afcc1 100644
--- a/pkg/apis/operator/v1alpha1/tektonchain_types.go
+++ b/pkg/apis/operator/v1alpha1/tektonchain_types.go
@@ -80,10 +80,10 @@ type ChainProperties struct {
 	ArtifactsTaskRunSigner  string  `json:"artifacts.taskrun.signer,omitempty"`
 
 	// pipelinerun artifacts config
-	ArtifactsPipelineRunFormat               string  `json:"artifacts.pipelinerun.format,omitempty"`
-	ArtifactsPipelineRunStorage              *string `json:"artifacts.pipelinerun.storage,omitempty"`
-	ArtifactsPipelineRunSigner               string  `json:"artifacts.pipelinerun.signer,omitempty"`
-	ArtifactsPipelineRunEnableDeepInspection *bool   `json:"artifacts.pipelinerun.enable-deep-inspection,omitempty"`
+	ArtifactsPipelineRunFormat               string    `json:"artifacts.pipelinerun.format,omitempty"`
+	ArtifactsPipelineRunStorage              *string   `json:"artifacts.pipelinerun.storage,omitempty"`
+	ArtifactsPipelineRunSigner               string    `json:"artifacts.pipelinerun.signer,omitempty"`
+	ArtifactsPipelineRunEnableDeepInspection BoolValue `json:"artifacts.pipelinerun.enable-deep-inspection,omitempty"`
 
 	// oci artifacts config
 	ArtifactsOCIFormat  string  `json:"artifacts.oci.format,omitempty"`
diff --git a/pkg/apis/operator/v1alpha1/tektonchain_validation.go b/pkg/apis/operator/v1alpha1/tektonchain_validation.go
index 826154b78d..820ac3d8c1 100644
--- a/pkg/apis/operator/v1alpha1/tektonchain_validation.go
+++ b/pkg/apis/operator/v1alpha1/tektonchain_validation.go
@@ -26,13 +26,14 @@ import (
 )
 
 var (
-	allowedArtifactsTaskRunFormat     = sets.NewString("", "in-toto", "slsa/v1", "slsa/v2alpha2", "slsa/v2alpha3")
-	allowedArtifactsPipelineRunFormat = sets.NewString("", "in-toto", "slsa/v1", "slsa/v2alpha2", "slsa/v2alpha3")
-	allowedX509SignerFulcioProvider   = sets.NewString("", "google", "spiffe", "github", "filesystem")
-	allowedTransparencyConfigEnabled  = sets.NewString("", "true", "false", "manual")
-	allowedArtifactsStorage           = sets.NewString("", "tekton", "oci", "gcs", "docdb", "grafeas", "kafka")
-	allowedControllerEnvs             = sets.NewString("MONGO_SERVER_URL")
-	allowedBuildDefinitionType        = sets.NewString("", "https://tekton.dev/chains/v2/slsa", "https://tekton.dev/chains/v2/slsa-tekton")
+	allowedArtifactsTaskRunFormat                   = sets.NewString("", "in-toto", "slsa/v1", "slsa/v2alpha2", "slsa/v2alpha3")
+	allowedArtifactsPipelineRunFormat               = sets.NewString("", "in-toto", "slsa/v1", "slsa/v2alpha2", "slsa/v2alpha3")
+	allowedX509SignerFulcioProvider                 = sets.NewString("", "google", "spiffe", "github", "filesystem")
+	allowedTransparencyConfigEnabled                = sets.NewString("", "true", "false", "manual")
+	allowedArtifactsPipelineRunEnableDeepInspection = sets.NewString("", "true", "false")
+	allowedArtifactsStorage                         = sets.NewString("", "tekton", "oci", "gcs", "docdb", "grafeas", "kafka")
+	allowedControllerEnvs                           = sets.NewString("MONGO_SERVER_URL")
+	allowedBuildDefinitionType                      = sets.NewString("", "https://tekton.dev/chains/v2/slsa", "https://tekton.dev/chains/v2/slsa-tekton")
 )
 
 func (tc *TektonChain) Validate(ctx context.Context) (errs *apis.FieldError) {
@@ -135,6 +136,10 @@ func (tcs *TektonChainSpec) ValidateChainConfig(path string) (errs *apis.FieldEr
 		errs = errs.Also(apis.ErrInvalidValue(tcs.TransparencyConfigEnabled, path+".transparency.enabled"))
 	}
 
+	if !allowedArtifactsPipelineRunEnableDeepInspection.Has(string(tcs.ArtifactsPipelineRunEnableDeepInspection)) {
+		errs = errs.Also(apis.ErrInvalidValue(tcs.ArtifactsPipelineRunEnableDeepInspection, path+".artifacts.pipelinerun.enable-deep-inspection"))
+	}
+
 	if !allowedBuildDefinitionType.Has(tcs.BuildDefinitionBuildType) {
 		errs = errs.Also(apis.ErrInvalidValue(tcs.BuildDefinitionBuildType, path+".builddefinition.buildtype"))
 	}
diff --git a/pkg/apis/operator/v1alpha1/tektonchain_validation_test.go b/pkg/apis/operator/v1alpha1/tektonchain_validation_test.go
index d24b317361..158907774e 100644
--- a/pkg/apis/operator/v1alpha1/tektonchain_validation_test.go
+++ b/pkg/apis/operator/v1alpha1/tektonchain_validation_test.go
@@ -214,6 +214,45 @@ func Test_ValidateTektonChain_ConfigPipelineRunStorageValid(t *testing.T) {
 	}
 }
 
+func Test_ValidateTektonChain_ConfigInvalidArtifactsPipelineRunEnableDeepInspection(t *testing.T) {
+	tc := &TektonChain{
+		ObjectMeta: metav1.ObjectMeta{
+			Name:      "chain",
+			Namespace: "namespace",
+		},
+		Spec: TektonChainSpec{
+			CommonSpec: CommonSpec{
+				TargetNamespace: "namespace",
+			},
+		},
+	}
+
+	tc.Spec.Chain.ChainProperties.ArtifactsPipelineRunEnableDeepInspection = "foo"
+	err := tc.Validate(context.TODO())
+	assert.Equal(t, "invalid value: foo: spec.artifacts.pipelinerun.enable-deep-inspection", err.Error())
+}
+
+func Test_ValidateTektonChain_ConfigArtifactsPipelineRunEnableDeepInspection(t *testing.T) {
+	tc := &TektonChain{
+		ObjectMeta: metav1.ObjectMeta{
+			Name:      "chain",
+			Namespace: "namespace",
+		},
+		Spec: TektonChainSpec{
+			CommonSpec: CommonSpec{
+				TargetNamespace: "namespace",
+			},
+		},
+	}
+
+	tc.Spec.Chain.ChainProperties.ArtifactsPipelineRunEnableDeepInspection = "true"
+	err := tc.Validate(context.TODO())
+
+	if err != nil {
+		t.Errorf("ValidateTektonChain.Validate() expected no error for the given config, but got one, ValidateTektonChain: %v", err)
+	}
+}
+
 func Test_ValidateTektonChain_ConfigInvalidX509SignerFulcioProvider(t *testing.T) {
 	tc := &TektonChain{
 		ObjectMeta: metav1.ObjectMeta{
diff --git a/pkg/apis/operator/v1alpha1/zz_generated.deepcopy.go b/pkg/apis/operator/v1alpha1/zz_generated.deepcopy.go
index c83277f77e..5f48c6cce9 100644
--- a/pkg/apis/operator/v1alpha1/zz_generated.deepcopy.go
+++ b/pkg/apis/operator/v1alpha1/zz_generated.deepcopy.go
@@ -218,11 +218,6 @@ func (in *ChainProperties) DeepCopyInto(out *ChainProperties) {
 		*out = new(string)
 		**out = **in
 	}
-	if in.ArtifactsPipelineRunEnableDeepInspection != nil {
-		in, out := &in.ArtifactsPipelineRunEnableDeepInspection, &out.ArtifactsPipelineRunEnableDeepInspection
-		*out = new(bool)
-		**out = **in
-	}
 	if in.ArtifactsOCIStorage != nil {
 		in, out := &in.ArtifactsOCIStorage, &out.ArtifactsOCIStorage
 		*out = new(string)