diff --git a/app/cli/cmd/policy_develop_eval.go b/app/cli/cmd/policy_develop_eval.go index 747709e29..0b0565939 100644 --- a/app/cli/cmd/policy_develop_eval.go +++ b/app/cli/cmd/policy_develop_eval.go @@ -33,7 +33,6 @@ func newPolicyDevelopEvalCmd() *cobra.Command { policyPath string inputs []string allowedHostnames []string - debug bool ) cmd := &cobra.Command{ @@ -53,7 +52,7 @@ evaluates the policy against the provided material or attestation.`, PolicyPath: policyPath, Inputs: parseKeyValue(inputs), AllowedHostnames: allowedHostnames, - Debug: debug, + Debug: flagDebug, } policyEval, err := action.NewPolicyEval(opts, ActionOpts) @@ -77,7 +76,6 @@ evaluates the policy against the provided material or attestation.`, cmd.Flags().StringVarP(&policyPath, "policy", "p", "policy.yaml", "Policy reference (./my-policy.yaml, https://my-domain.com/my-policy.yaml, chainloop://my-stored-policy)") cmd.Flags().StringArrayVar(&inputs, "input", []string{}, "Key-value pairs of policy inputs (key=value)") cmd.Flags().StringSliceVar(&allowedHostnames, "allowed-hostnames", []string{}, "Additional hostnames allowed for http.send requests in policies") - cmd.Flags().BoolVarP(&debug, "debug", "", false, "Include detailed evaluation inputs/outputs in JSON output and enable verbose logging") return cmd } diff --git a/app/cli/documentation/cli-reference.mdx b/app/cli/documentation/cli-reference.mdx index 356c41c72..04ad83272 100755 --- a/app/cli/documentation/cli-reference.mdx +++ b/app/cli/documentation/cli-reference.mdx @@ -2869,7 +2869,6 @@ Options ``` --allowed-hostnames strings Additional hostnames allowed for http.send requests in policies --annotation strings Key-value pairs of material annotations (key=value) ---debug Include detailed evaluation inputs/outputs in JSON output and enable verbose logging -h, --help help for eval --input stringArray Key-value pairs of policy inputs (key=value) --kind string Kind of the material: ["ARTIFACT" "ATTESTATION" "BLACKDUCK_SCA_JSON" "CHAINLOOP_RUNNER_CONTEXT" "CONTAINER_IMAGE" "CSAF_INFORMATIONAL_ADVISORY" "CSAF_SECURITY_ADVISORY" "CSAF_SECURITY_INCIDENT_RESPONSE" "CSAF_VEX" "EVIDENCE" "GHAS_CODE_SCAN" "GHAS_DEPENDENCY_SCAN" "GHAS_SECRET_SCAN" "GITLAB_SECURITY_REPORT" "HELM_CHART" "JACOCO_XML" "JUNIT_XML" "OPENVEX" "SARIF" "SBOM_CYCLONEDX_JSON" "SBOM_SPDX_JSON" "SLSA_PROVENANCE" "STRING" "TWISTCLI_SCAN_JSON" "ZAP_DAST_ZIP"] @@ -2885,6 +2884,7 @@ Options inherited from parent commands -c, --config string Path to an existing config file (default is $HOME/.config/chainloop/config.toml) --control-plane string URL for the Control Plane API ($CHAINLOOP_CONTROL_PLANE_API) (default "api.cp.chainloop.dev:443") --control-plane-ca string CUSTOM CA file for the Control Plane API (optional) ($CHAINLOOP_CONTROL_PLANE_API_CA) +--debug Enable debug/verbose logging mode -i, --insecure Skip TLS transport during connection to the control plane ($CHAINLOOP_API_INSECURE) -n, --org string organization name -o, --output string Output format, valid options are json and table (default "table") diff --git a/app/cli/internal/policydevel/eval.go b/app/cli/internal/policydevel/eval.go index 53d0dc2d7..0531d42d8 100644 --- a/app/cli/internal/policydevel/eval.go +++ b/app/cli/internal/policydevel/eval.go @@ -120,7 +120,7 @@ func verifyMaterial(pol *v1.Policies, material *v12.Attestation_Material, materi } if len(policyEvs) == 0 || policyEvs[0] == nil { - return nil, fmt.Errorf("no execution branch matched for kind %s", material.MaterialType.String()) + return nil, fmt.Errorf("no execution branch matched, or all of them were ignored, for kind %s", material.MaterialType.String()) } // Only one evaluation expected for a single policy attachment