Merge branch 'main' into feature/alex-containers-default-cloud

Author: cx-alex-cohen

.github/ISSUE_TEMPLATE/bug_report.md

@@ -0,0 +1,77 @@
+# Centralized GitHub Issue Templates for Bug Reports (.github/ISSUE_TEMPLATE/bug_report.yml)
+name: Bug Report
+description: File a bug report.
+title: "[Bug]: "
+labels: ["bug"]
+projects: []
+
+body:
+  - type: markdown
+    attributes:
+      value: |
+        Thanks for taking the time to fill out this bug report!
+  - type: input
+    id: contact
+    attributes:
+      label: Contact Details
+      description: How can we get in touch with you if we need more info?
+      placeholder: ex. email@example.com
+    validations:
+      required: false
+  - type: textarea
+    id: what-happened
+    attributes:
+      label: What happened?
+      description: Also tell us, what did you expect to happen?
+      placeholder: Tell us what you see!
+      value: "A bug happened!"
+    validations:
+      required: true
+  - type: input
+    id: version
+    attributes:
+      label: Version
+      description: What version of our software are you running?
+      placeholder: Enter the version number
+    validations:
+      required: true
+  - type: dropdown
+    id: os-version
+    attributes:
+      label: Operating System & Version
+      description: Select your OS and version
+      options:
+        - Windows 7
+        - Windows 8
+        - Windows 10
+        - Windows 11
+        - macOS Big Sur
+        - macOS Monterey
+        - macOS Ventura
+        - macOS Sonoma
+        - Ubuntu 18.04
+        - Ubuntu 20.04
+        - Ubuntu 22.04
+        - Debian 10
+        - Debian 11
+        - Fedora 36
+        - Fedora 37
+        - Arch Linux (Latest)
+        - Red Hat Enterprise Linux 8
+        - Red Hat Enterprise Linux 9
+        - openSUSE Leap 15
+        - Other
+    validations:
+      required: true
+  - type: input
+    id: os-other
+    attributes:
+      label: Specify Other OS Version
+      description: If you selected "Other," please specify your OS and version.
+      placeholder: Enter your OS and version
+  - type: textarea
+    id: logs
+    attributes:
+      label: Relevant log output
+      description: Please copy and paste any relevant log output. This will be automatically formatted into code, so no need for backticks.
+      render: shell

.github/ISSUE_TEMPLATE/bug_report.yml

@@ -0,0 +1 @@
+blank_issues_enabled: false

.github/ISSUE_TEMPLATE/config.yml

@@ -0,0 +1,54 @@
+# Centralized GitHub Issue Templates for Enhancement Requests (.github/ISSUE_TEMPLATE/enhancement_request.yml)
+name: Enhancement Request
+description: Suggest a new feature or improvement.
+title: "[Enhancement]: "
+labels: ["enhancement", "feature-request"]
+projects: ["octo-org/1", "octo-org/44"]
+assignees:
+  - octocat
+body:
+  - type: markdown
+    attributes:
+      value: |
+        Thanks for taking the time to suggest an enhancement!
+  - type: input
+    id: contact
+    attributes:
+      label: Contact Details
+      description: How can we get in touch with you if we need more info?
+      placeholder: ex. email@example.com
+    validations:
+      required: false
+  - type: textarea
+    id: what-problem
+    attributes:
+      label: What problem does this solve?
+      description: Explain the problem this feature would address.
+      placeholder: Tell us about the problem!
+    validations:
+      required: true
+  - type: textarea
+    id: proposed-solution
+    attributes:
+      label: Proposed Solution
+      description: How do you think this should be implemented?
+      placeholder: Describe your idea in detail.
+    validations:
+      required: true
+  - type: dropdown
+    id: importance
+    attributes:
+      label: Importance Level
+      description: How important is this enhancement to you?
+      options:
+        - Nice to have
+        - Important
+        - Critical
+      default: 0
+    validations:
+      required: true
+  - type: textarea
+    id: additional-info
+    attributes:
+      label: Additional Information
+      description: Any other context, related issues, or screenshots to support your request.

.github/ISSUE_TEMPLATE/enhancement-request.md

@@ -5,12 +5,12 @@ on:
     types: [opened]
 
 jobs:
-  issue:
+  notify_jira:
     name: Notify Jira
-    uses: CheckmarxDev/ast-cli/.github/workflows/jira_notify.yml@main
+    uses: Checkmarx/plugins-release-workflow/.github/workflows/jira_notify.yml@main
     with:
       title: ${{ github.event.issue.title }}
       body: ${{ github.event.issue.body }}
       html_url: ${{ github.event.issue.html_url }}
       repo: ${{ github.event.repository.full_name }}
-    secrets: inherit
+    secrets: inherit

.github/ISSUE_TEMPLATE/enhancement_request.yml

@@ -71,8 +71,8 @@ const baseURLKey = "ast-base-url"
 
 const audienceClaimKey = "aud"
 
-var cachedAccessToken string
-var cachedAccessTime time.Time
+var CachedAccessToken string
+var CachedAccessTime time.Time
 var Domains = make(map[string]struct{})
 
 func retryHTTPRequest(requestFunc func() (*http.Response, error), retries int, baseDelayInMilliSec time.Duration) (*http.Response, error) {
@@ -85,7 +85,12 @@ func retryHTTPRequest(requestFunc func() (*http.Response, error), retries int, b
 		if err != nil {
 			return nil, err
 		}
-		if resp.StatusCode != http.StatusBadGateway {
+		if resp.StatusCode == http.StatusBadGateway {
+			logger.PrintIfVerbose("Bad Gateway (502), retrying")
+		} else if resp.StatusCode == http.StatusUnauthorized {
+			logger.PrintIfVerbose("Unauthorized request (401), refreshing token")
+			_, _ = configureClientCredentialsAndGetNewToken()
+		} else {
 			return resp, nil
 		}
 		_ = resp.Body.Close()
@@ -398,27 +403,21 @@ func GetWithQueryParamsAndCustomRequest(client *http.Client, customReq *http.Req
 	customReq = addReqMonitor(customReq)
 	return request(client, customReq, true)
 }
+
 func GetAccessToken() (string, error) {
-	authURI, err := GetAuthURI()
-	if err != nil {
-		return "", err
-	}
+	var err error
 	tokenExpirySeconds := viper.GetInt(commonParams.TokenExpirySecondsKey)
+
 	accessToken := getClientCredentialsFromCache(tokenExpirySeconds)
-	accessKeyID := viper.GetString(commonParams.AccessKeyIDConfigKey)
-	accessKeySecret := viper.GetString(commonParams.AccessKeySecretConfigKey)
-	astAPIKey := viper.GetString(commonParams.AstAPIKey)
-	if accessKeyID == "" && astAPIKey == "" {
-		return "", errors.Errorf(fmt.Sprintf(FailedToAuth, "access key ID"))
-	} else if accessKeySecret == "" && astAPIKey == "" {
-		return "", errors.Errorf(fmt.Sprintf(FailedToAuth, "access key secret"))
-	}
+
 	if accessToken == "" {
-		accessToken, err = getClientCredentials(accessKeyID, accessKeySecret, astAPIKey, authURI)
+		logger.PrintIfVerbose("Fetching API access token.")
+		accessToken, err = configureClientCredentialsAndGetNewToken()
 		if err != nil {
 			return "", err
 		}
 	}
+
 	return accessToken, nil
 }
 
@@ -445,38 +444,45 @@ func enrichWithPasswordCredentials(
 	return nil
 }
 
-func getClientCredentials(accessKeyID, accessKeySecret, astAPKey, authURI string) (string, error) {
-	logger.PrintIfVerbose("Fetching API access token.")
-	tokenExpirySeconds := viper.GetInt(commonParams.TokenExpirySecondsKey)
+func configureClientCredentialsAndGetNewToken() (string, error) {
+	accessKeyID := viper.GetString(commonParams.AccessKeyIDConfigKey)
+	accessKeySecret := viper.GetString(commonParams.AccessKeySecretConfigKey)
+	astAPIKey := viper.GetString(commonParams.AstAPIKey)
+	var accessToken string
 
-	var err error
-	accessToken := getClientCredentialsFromCache(tokenExpirySeconds)
+	if accessKeyID == "" && astAPIKey == "" {
+		return "", errors.Errorf(fmt.Sprintf(FailedToAuth, "access key ID"))
+	} else if accessKeySecret == "" && astAPIKey == "" {
+		return "", errors.Errorf(fmt.Sprintf(FailedToAuth, "access key secret"))
+	}
 
-	if accessToken == "" {
-		// If the token is present the default to that.
-		if astAPKey != "" {
-			accessToken, err = getNewToken(getAPIKeyPayload(astAPKey), authURI)
-		} else {
-			accessToken, err = getNewToken(getCredentialsPayload(accessKeyID, accessKeySecret), authURI)
-		}
+	authURI, err := GetAuthURI()
+	if err != nil {
+		return "", err
+	}
 
-		if err != nil {
-			return "", errors.Errorf("%s", err)
-		}
+	if astAPIKey != "" {
+		accessToken, err = getNewToken(getAPIKeyPayload(astAPIKey), authURI)
+	} else {
+		accessToken, err = getNewToken(getCredentialsPayload(accessKeyID, accessKeySecret), authURI)
+	}
 
-		writeCredentialsToCache(accessToken)
+	if err != nil {
+		return "", errors.Errorf("%s", err)
 	}
 
+	writeCredentialsToCache(accessToken)
+
 	return accessToken, nil
 }
 
 func getClientCredentialsFromCache(tokenExpirySeconds int) string {
 	logger.PrintIfVerbose("Checking cache for API access token.")
 
-	expired := time.Since(cachedAccessTime) > time.Duration(tokenExpirySeconds-expiryGraceSeconds)*time.Second
+	expired := time.Since(CachedAccessTime) > time.Duration(tokenExpirySeconds-expiryGraceSeconds)*time.Second
 	if !expired {
 		logger.PrintIfVerbose("Using cached API access token!")
-		return cachedAccessToken
+		return CachedAccessToken
 	}
 	logger.PrintIfVerbose("API access token not found in cache!")
 	return ""
@@ -488,8 +494,8 @@ func writeCredentialsToCache(accessToken string) {
 
 	logger.PrintIfVerbose("Storing API access token to cache.")
 	viper.Set(commonParams.AstToken, accessToken)
-	cachedAccessToken = accessToken
-	cachedAccessTime = time.Now()
+	CachedAccessToken = accessToken
+	CachedAccessTime = time.Now()
 }
 
 func getNewToken(credentialsPayload, authServerURI string) (string, error) {
@@ -555,13 +561,13 @@ func getCredentialsPayload(accessKeyID, accessKeySecret string) string {
 
 func getAPIKeyPayload(astToken string) string {
 	logger.PrintIfVerbose("Using API key credentials.")
-	
+
 	clientID, err := extractAZPFromToken(astToken)
 	if err != nil {
 		logger.PrintIfVerbose("Failed to extract azp from token, using default client_id")
 		clientID = "ast-app"
 	}
-	
+
 	return fmt.Sprintf("grant_type=refresh_token&client_id=%s&refresh_token=%s", clientID, astToken)
 }
 

.github/workflows/issue_automation.yml

@@ -2021,6 +2021,30 @@ func TestCreateScanWithResubmitFlag_ProjectNotExist_ScanCreatedSuccessfullyWithD
 	err, _ := executeCommand(t, args...)
 	assert.NilError(t, err)
 }
+
+func TestCreateAsyncScan_ChangedCachedTokenAndPollingScanStatus_Success(t *testing.T) {
+	createASTIntegrationTestCommand(t)
+	configuration.LoadConfiguration()
+	args := []string{
+		"scan", "create",
+		flag(params.ProjectName), getProjectNameForScanTests(),
+		flag(params.SourcesFlag), "data/empty-folder.zip",
+		flag(params.ScanTypes), "sca",
+		flag(params.BranchFlag), "main",
+		flag(params.AsyncFlag),
+		flag(params.ScanInfoFormatFlag), printer.FormatJSON,
+	}
+	scanID, _ := executeCreateScan(t, args)
+	scanWrapper := wrappers.NewHTTPScansWrapper(viper.GetString(params.ScansPathKey))
+	wrappers.CachedAccessToken = "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiIxMjM0NTY3ODkwIiwibmFtZSI6IkpvaG4gRG9lIiwiYWRtaW4iOnRydWUsImlhdCI6MTUxNjIzOTAyMiwiaXNzIjoiaHR0cHM6Ly9kZXUuaWFtLmNoZWNrbWFyeC5uZXQvYXV0aC9yZWFsbXMvZ2FsYWN0aWNhIiwiYXN0LWJhc2UtdXJsIjoiaHR0cHM6Ly9kZXUuYXN0LmNoZWNrbWFyeC5uZXQifQ.j0MMhLKBkmvJ_vz5xjvvut5UfN7OJVPqV-RwJ3NdKD4"
+	wrappers.CachedAccessTime = time.Now()
+	viper.Set(params.TokenExpirySecondsKey, 300)
+	scan, _, err := scanWrapper.GetByID(scanID)
+	asserts.Nil(t, err)
+	assert.Assert(t, scan != nil, "Scan should not be nil")
+	assert.Equal(t, scan.ID, scanID, "Scan ID should be equal")
+}
+
 func TestScanCreate_WithContainerFilterFlags_CreatingScanSuccessfully(t *testing.T) {
 	bindKeysToEnvAndDefault(t)
 	var createdScan wrappers.ScanResponseModel