From 4431fa9d8fc8b5986c0ca0b4e1cde2b9b96f1004 Mon Sep 17 00:00:00 2001 From: Meredith Lancaster Date: Wed, 18 Dec 2024 06:55:00 -0700 Subject: [PATCH] add test for signerRepo and tenant Signed-off-by: Meredith Lancaster --- pkg/cmd/attestation/verify/policy_test.go | 26 ++++++++++++++++++----- 1 file changed, 21 insertions(+), 5 deletions(-) diff --git a/pkg/cmd/attestation/verify/policy_test.go b/pkg/cmd/attestation/verify/policy_test.go index 95c4095a6..774d9acaf 100644 --- a/pkg/cmd/attestation/verify/policy_test.go +++ b/pkg/cmd/attestation/verify/policy_test.go @@ -32,8 +32,8 @@ func TestNewEnforcementCriteria(t *testing.T) { t.Run("sets SANRegex using SignerRepo", func(t *testing.T) { opts := &Options{ ArtifactPath: artifactPath, - Owner: "foo", - Repo: "foo/bar", + Owner: "wrong", + Repo: "wrong/value", SignerRepo: "foo/bar", SignerWorkflow: "wrong/value/.github/workflows/attest.yml", } @@ -44,11 +44,27 @@ func TestNewEnforcementCriteria(t *testing.T) { require.Zero(t, c.SAN) }) + t.Run("sets SANRegex using SignerRepo and Tenant", func(t *testing.T) { + opts := &Options{ + ArtifactPath: artifactPath, + Owner: "wrong", + Repo: "wrong/value", + SignerRepo: "foo/bar", + SignerWorkflow: "wrong/value/.github/workflows/attest.yml", + Tenant: "baz", + } + + c, err := newEnforcementCriteria(opts) + require.NoError(t, err) + require.Equal(t, "(?i)^https://baz.ghe.com/foo/bar/", c.SANRegex) + require.Zero(t, c.SAN) + }) + t.Run("sets SANRegex using SignerWorkflow matching host regex", func(t *testing.T) { opts := &Options{ ArtifactPath: artifactPath, - Owner: "foo", - Repo: "foo/bar", + Owner: "wrong", + Repo: "wrong/value", SignerWorkflow: "foo/bar/.github/workflows/attest.yml", Hostname: "github.com", } @@ -62,7 +78,7 @@ func TestNewEnforcementCriteria(t *testing.T) { t.Run("sets SANRegex using opts.Repo", func(t *testing.T) { opts := &Options{ ArtifactPath: artifactPath, - Owner: "foo", + Owner: "wrong", Repo: "foo/bar", }