clean up skipped online tests

Signed-off-by: Meredith Lancaster <malancas@github.com>

pkg/cmd/attestation/verify/verify_integration_test.go

@@ -83,6 +83,33 @@ func TestVerifyIntegration(t *testing.T) {
 		require.Error(t, err)
 		require.ErrorContains(t, err, "expected SourceRepositoryURI to be https://github.com/fakeowner/fakerepo, got https://github.com/sigstore/sigstore-js")
 	})
+
+	t.Run("with no matching OIDC issuer", func(t *testing.T) {
+		opts := publicGoodOpts
+		opts.OIDCIssuer = "some-other-issuer"
+
+		err := runVerify(&opts)
+		require.Error(t, err)
+		require.ErrorContains(t, err, "expected Issuer to be some-other-issuer, got https://token.actions.githubusercontent.com")
+	})
+
+	t.Run("with invalid SAN", func(t *testing.T) {
+		opts := publicGoodOpts
+		opts.SAN = "fake san"
+
+		err := runVerify(&opts)
+		require.Error(t, err)
+		require.ErrorContains(t, err, "verifying with issuer \"sigstore.dev\"")
+	})
+
+	t.Run("with invalid SAN regex", func(t *testing.T) {
+		opts := publicGoodOpts
+		opts.SANRegex = "^https://github.com/sigstore/not-real/"
+
+		err := runVerify(&opts)
+		require.Error(t, err)
+		require.ErrorContains(t, err, "verifying with issuer \"sigstore.dev\"")
+	})
 }
 
 func TestVerifyIntegrationCustomIssuer(t *testing.T) {

pkg/cmd/attestation/verify/verify_test.go

@@ -453,75 +453,6 @@ func TestRunVerify(t *testing.T) {
 		require.ErrorContains(t, err, "failed to fetch attestations from wrong-owner")
 	})
 
-	// TODO: this test can only be tested with a live SigstoreVerifier
-	// add integration tests or HTTP mocked sigstore verifier tests
-	// to test this case
-	t.Run("with invalid OIDC issuer", func(t *testing.T) {
-		t.Skip()
-		opts := publicGoodOpts
-		opts.OIDCIssuer = "not-a-real-issuer"
-		require.Error(t, runVerify(&opts))
-	})
-
-	// TODO: this test can only be tested with a live SigstoreVerifier
-	// add integration tests or HTTP mocked sigstore verifier tests
-	// to test this case
-	t.Run("with SAN enforcement", func(t *testing.T) {
-		t.Skip()
-		opts := Options{
-			ArtifactPath:     artifactPath,
-			BundlePath:       bundlePath,
-			APIClient:        api.NewTestClient(),
-			DigestAlgorithm:  "sha512",
-			Logger:           logger,
-			OIDCIssuer:       verification.GitHubOIDCIssuer,
-			Owner:            "sigstore",
-			SAN:              SigstoreSanValue,
-			SigstoreVerifier: verification.NewMockSigstoreVerifier(t),
-		}
-		require.Nil(t, runVerify(&opts))
-	})
-
-	// TODO: this test can only be tested with a live SigstoreVerifier
-	// add integration tests or HTTP mocked sigstore verifier tests
-	// to test this case
-	t.Run("with invalid SAN", func(t *testing.T) {
-		t.Skip()
-		opts := publicGoodOpts
-		opts.SAN = "fake san"
-		require.Error(t, runVerify(&opts))
-	})
-
-	// TODO: this test can only be tested with a live SigstoreVerifier
-	// add integration tests or HTTP mocked sigstore verifier tests
-	// to test this case
-	t.Run("with SAN regex enforcement", func(t *testing.T) {
-		t.Skip()
-		opts := publicGoodOpts
-		opts.SANRegex = SigstoreSanRegex
-		require.Nil(t, runVerify(&opts))
-	})
-
-	// TODO: this test can only be tested with a live SigstoreVerifier
-	// add integration tests or HTTP mocked sigstore verifier tests
-	// to test this case
-	t.Run("with invalid SAN regex", func(t *testing.T) {
-		t.Skip()
-		opts := publicGoodOpts
-		opts.SANRegex = "^https://github.com/sigstore/not-real/"
-		require.Error(t, runVerify(&opts))
-	})
-
-	// TODO: this test can only be tested with a live SigstoreVerifier
-	// add integration tests or HTTP mocked sigstore verifier tests
-	// to test this case
-	t.Run("with no matching OIDC issuer", func(t *testing.T) {
-		t.Skip()
-		opts := publicGoodOpts
-		opts.OIDCIssuer = "some-other-issuer"
-		require.Error(t, runVerify(&opts))
-	})
-
 	t.Run("with missing API client", func(t *testing.T) {
 		customOpts := publicGoodOpts
 		customOpts.APIClient = nil