STACKITGit/cli
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

pr feedback

Browse source 
Signed-off-by: Meredith Lancaster <malancas@github.com>
This commit is contained in:
Meredith Lancaster 2024-11-21 15:40:15 -07:00
parent 0fd09eb5ff
commit f92d703554
4 changed files with 32 additions and 31 deletions
Download patch file Download diff file Expand all files Collapse all files

14
pkg/cmd/attestation/inspect/inspect_test.go
View file

@ -58,7 +58,7 @@ func TestNewInspectCmd(t *testing.T) {
BundlePath: bundlePath,
DigestAlgorithm: "sha384",
OCIClient: oci.MockClient{},
SigstoreVerifier: verification.NewDefaultMockSigstoreVerifier(t),
SigstoreVerifier: verification.NewMockSigstoreVerifier(t),
},
wantsErr: true,
},
@ -70,7 +70,7 @@ func TestNewInspectCmd(t *testing.T) {
BundlePath: bundlePath,
DigestAlgorithm: "sha256",
OCIClient: oci.MockClient{},
SigstoreVerifier: verification.NewDefaultMockSigstoreVerifier(t),
SigstoreVerifier: verification.NewMockSigstoreVerifier(t),
},
wantsErr: false,
},
@ -82,7 +82,7 @@ func TestNewInspectCmd(t *testing.T) {
BundlePath: bundlePath,
DigestAlgorithm: "sha512",
OCIClient: oci.MockClient{},
SigstoreVerifier: verification.NewDefaultMockSigstoreVerifier(t),
SigstoreVerifier: verification.NewMockSigstoreVerifier(t),
},
wantsErr: false,
},
@ -93,7 +93,7 @@ func TestNewInspectCmd(t *testing.T) {
ArtifactPath: artifactPath,
DigestAlgorithm: "sha256",
OCIClient: oci.MockClient{},
SigstoreVerifier: verification.NewDefaultMockSigstoreVerifier(t),
SigstoreVerifier: verification.NewMockSigstoreVerifier(t),
},
wantsErr: true,
},
@ -105,7 +105,7 @@ func TestNewInspectCmd(t *testing.T) {
BundlePath: bundlePath,
DigestAlgorithm: "sha256",
OCIClient: oci.MockClient{},
SigstoreVerifier: verification.NewDefaultMockSigstoreVerifier(t),
SigstoreVerifier: verification.NewMockSigstoreVerifier(t),
},
wantsExporter: true,
},
@ -148,7 +148,7 @@ func TestRunInspect(t *testing.T) {
DigestAlgorithm: "sha512",
Logger: io.NewTestHandler(),
OCIClient: oci.MockClient{},
SigstoreVerifier: verification.NewDefaultMockSigstoreVerifier(t),
SigstoreVerifier: verification.NewMockSigstoreVerifier(t),
}
t.Run("with valid artifact and bundle", func(t *testing.T) {
@ -176,7 +176,7 @@ func TestJSONOutput(t *testing.T) {
DigestAlgorithm: "sha512",
Logger: io.NewHandler(testIO),
OCIClient: oci.MockClient{},
SigstoreVerifier: verification.NewDefaultMockSigstoreVerifier(t),
SigstoreVerifier: verification.NewMockSigstoreVerifier(t),
exporter: cmdutil.NewJSONExporter(),
}
require.Nil(t, runInspect(&opts))

15
pkg/cmd/attestation/verification/mock_verifier.go
View file

@ -50,14 +50,15 @@ func (v *MockSigstoreVerifier) Verify([]*api.Attestation, verify.PolicyBuilder)
return results, nil
}
func NewMockSigstoreVerifier(t *testing.T, mockResults []*AttestationProcessingResult) *MockSigstoreVerifier {
return &MockSigstoreVerifier{t, mockResults}
func NewMockSigstoreVerifier(t *testing.T) *MockSigstoreVerifier {
result := BuildSigstoreJsMockResult(t)
results := []*AttestationProcessingResult{&result}
return &MockSigstoreVerifier{t, results}
}
func NewDefaultMockSigstoreVerifier(t *testing.T) *MockSigstoreVerifier {
result := BuildDefaultMockResult(t)
results := []*AttestationProcessingResult{&result}
return &MockSigstoreVerifier{t, results}
func NewMockSigstoreVerifierWithMockResults(t *testing.T, mockResults []*AttestationProcessingResult) *MockSigstoreVerifier {
return &MockSigstoreVerifier{t, mockResults}
}
type FailSigstoreVerifier struct{}
@ -90,7 +91,7 @@ func BuildMockResult(b *bundle.Bundle, buildSignerURI, sourceRepoOwnerURI, sourc
}
}
func BuildDefaultMockResult(t *testing.T) AttestationProcessingResult {
func BuildSigstoreJsMockResult(t *testing.T) AttestationProcessingResult {
bundle := data.SigstoreBundle(t)
buildSignerURI := "https://github.com/github/example/.github/workflows/release.yml@refs/heads/main"
sourceRepoOwnerURI := "https://github.com/sigstore"

4
pkg/cmd/attestation/verify/attestation_integration_test.go
View file

@ -84,9 +84,9 @@ func TestVerifyAttestations(t *testing.T) {
require.Len(t, attestations, 3)
rwfResult := verification.BuildMockResult(reusableWorkflowAttestations[0].Bundle, "", "https://github.com/malancas", "", verification.GitHubOIDCIssuer)
sgjResult := verification.BuildDefaultMockResult(t)
sgjResult := verification.BuildSigstoreJsMockResult(t)
mockResults := []*verification.AttestationProcessingResult{&sgjResult, &rwfResult, &sgjResult}
mockSgVerifier := verification.NewMockSigstoreVerifier(t, mockResults)
mockSgVerifier := verification.NewMockSigstoreVerifierWithMockResults(t, mockResults)
// we want to test that attestations that pass Sigstore verification but fail
// cert extension verification are filtered out properly in the second step

30
pkg/cmd/attestation/verify/verify_test.go
View file

@ -75,7 +75,7 @@ func TestNewVerifyCmd(t *testing.T) {
OIDCIssuer: verification.GitHubOIDCIssuer,
Owner: "sigstore",
PredicateType: verification.SLSAPredicateV1,
SigstoreVerifier: verification.NewDefaultMockSigstoreVerifier(t),
SigstoreVerifier: verification.NewMockSigstoreVerifier(t),
},
wantsErr: true,
},
@ -92,7 +92,7 @@ func TestNewVerifyCmd(t *testing.T) {
Owner: "sigstore",
PredicateType: verification.SLSAPredicateV1,
SANRegex: "(?i)^https://github.com/sigstore/",
SigstoreVerifier: verification.NewDefaultMockSigstoreVerifier(t),
SigstoreVerifier: verification.NewMockSigstoreVerifier(t),
},
wantsErr: false,
},
@ -109,7 +109,7 @@ func TestNewVerifyCmd(t *testing.T) {
Owner: "sigstore",
PredicateType: verification.SLSAPredicateV1,
SANRegex: "(?i)^https://foo.ghe.com/sigstore/",
SigstoreVerifier: verification.NewDefaultMockSigstoreVerifier(t),
SigstoreVerifier: verification.NewMockSigstoreVerifier(t),
},
wantsErr: false,
},
@ -126,7 +126,7 @@ func TestNewVerifyCmd(t *testing.T) {
Owner: "sigstore",
PredicateType: verification.SLSAPredicateV1,
SANRegex: "(?i)^https://github.com/sigstore/",
SigstoreVerifier: verification.NewDefaultMockSigstoreVerifier(t),
SigstoreVerifier: verification.NewMockSigstoreVerifier(t),
},
wantsErr: true,
},
@ -143,7 +143,7 @@ func TestNewVerifyCmd(t *testing.T) {
Owner: "sigstore",
PredicateType: verification.SLSAPredicateV1,
SANRegex: "(?i)^https://github.com/sigstore/",
SigstoreVerifier: verification.NewDefaultMockSigstoreVerifier(t),
SigstoreVerifier: verification.NewMockSigstoreVerifier(t),
},
wantsErr: false,
},
@ -159,7 +159,7 @@ func TestNewVerifyCmd(t *testing.T) {
Owner: "sigstore",
PredicateType: verification.SLSAPredicateV1,
SANRegex: "(?i)^https://github.com/sigstore/",
SigstoreVerifier: verification.NewDefaultMockSigstoreVerifier(t),
SigstoreVerifier: verification.NewMockSigstoreVerifier(t),
},
wantsErr: true,
},
@ -175,7 +175,7 @@ func TestNewVerifyCmd(t *testing.T) {
Owner: "sigstore",
PredicateType: verification.SLSAPredicateV1,
Repo: "sigstore/sigstore-js",
SigstoreVerifier: verification.NewDefaultMockSigstoreVerifier(t),
SigstoreVerifier: verification.NewMockSigstoreVerifier(t),
},
wantsErr: true,
},
@ -191,7 +191,7 @@ func TestNewVerifyCmd(t *testing.T) {
Owner: "sigstore",
PredicateType: verification.SLSAPredicateV1,
SANRegex: "(?i)^https://github.com/sigstore/",
SigstoreVerifier: verification.NewDefaultMockSigstoreVerifier(t),
SigstoreVerifier: verification.NewMockSigstoreVerifier(t),
},
wantsErr: false,
},
@ -207,7 +207,7 @@ func TestNewVerifyCmd(t *testing.T) {
Owner: "sigstore",
PredicateType: verification.SLSAPredicateV1,
SANRegex: "(?i)^https://github.com/sigstore/",
SigstoreVerifier: verification.NewDefaultMockSigstoreVerifier(t),
SigstoreVerifier: verification.NewMockSigstoreVerifier(t),
},
wantsErr: false,
},
@ -223,7 +223,7 @@ func TestNewVerifyCmd(t *testing.T) {
Owner: "sigstore",
PredicateType: verification.SLSAPredicateV1,
SANRegex: "(?i)^https://github.com/sigstore/",
SigstoreVerifier: verification.NewDefaultMockSigstoreVerifier(t),
SigstoreVerifier: verification.NewMockSigstoreVerifier(t),
},
wantsErr: true,
},
@ -240,7 +240,7 @@ func TestNewVerifyCmd(t *testing.T) {
PredicateType: verification.SLSAPredicateV1,
SAN: "https://github.com/sigstore/",
SANRegex: "(?i)^https://github.com/sigstore/",
SigstoreVerifier: verification.NewDefaultMockSigstoreVerifier(t),
SigstoreVerifier: verification.NewMockSigstoreVerifier(t),
},
wantsErr: true,
},
@ -257,7 +257,7 @@ func TestNewVerifyCmd(t *testing.T) {
Owner: "sigstore",
PredicateType: verification.SLSAPredicateV1,
SANRegex: "(?i)^https://github.com/sigstore/",
SigstoreVerifier: verification.NewDefaultMockSigstoreVerifier(t),
SigstoreVerifier: verification.NewMockSigstoreVerifier(t),
},
wantsExporter: true,
},
@ -274,7 +274,7 @@ func TestNewVerifyCmd(t *testing.T) {
Owner: "sigstore",
PredicateType: "https://spdx.dev/Document/v2.3",
SANRegex: "(?i)^https://github.com/sigstore/",
SigstoreVerifier: verification.NewDefaultMockSigstoreVerifier(t),
SigstoreVerifier: verification.NewMockSigstoreVerifier(t),
},
wantsExporter: true,
},
@ -365,7 +365,7 @@ func TestJSONOutput(t *testing.T) {
Owner: "sigstore",
PredicateType: verification.SLSAPredicateV1,
SANRegex: "^https://github.com/sigstore/",
SigstoreVerifier: verification.NewDefaultMockSigstoreVerifier(t),
SigstoreVerifier: verification.NewMockSigstoreVerifier(t),
exporter: cmdutil.NewJSONExporter(),
}
require.NoError(t, runVerify(&opts))
@ -389,7 +389,7 @@ func TestRunVerify(t *testing.T) {
Owner: "sigstore",
PredicateType: verification.SLSAPredicateV1,
SANRegex: "^https://github.com/sigstore/",
SigstoreVerifier: verification.NewDefaultMockSigstoreVerifier(t),
SigstoreVerifier: verification.NewMockSigstoreVerifier(t),
}
t.Run("with valid artifact and bundle", func(t *testing.T) {