acceptance test fixes

enterprise-contract · Nov 6, 2023 · 70d15cb · 70d15cb
1 parent 07d97c6
commit 70d15cb
Show file tree

Hide file tree

Showing 3 changed files with 123 additions and 29 deletions.
diff --git a/acceptance/image/image.go b/acceptance/image/image.go
@@ -79,6 +79,7 @@ type Signature struct {
 	Certificate string            `json:"certificate,omitempty"`
 	Chain       []string          `json:"chain,omitempty"`
 	Metadata    map[string]string `json:"metadata,omitempty"`
+	Digest      string            `json:"digest,omitempty"`
 }
 
 // imageState holds the state of images used in acceptance tests keyed by the
@@ -209,10 +210,15 @@ func createAndPushImageSignature(ctx context.Context, imageName string, keyName
 		return ctx, err
 	}
 
+	sigDigest, err := signatureLayer.Digest()
+	if err != nil {
+		return ctx, err
+	}
 	state.Signatures[imageName] = ref.String()
 	state.ImageSignatures[imageName] = Signature{
 		KeyID:     "",
 		Signature: signatureBase64,
+		Digest:    sigDigest.String(),
 	}
 
 	return ctx, nil
@@ -270,6 +276,9 @@ func createAndPushAttestationWithPatches(ctx context.Context, imageName, keyName
 	if sig, err := unmarshallSignatures(signedAttestation); err != nil {
 		return ctx, err
 	} else {
+		if err != nil {
+			return ctx, err
+		}
 		state.AttestationSignatures[imageName] = Signature{
 			KeyID:     sig.KeyID,
 			Signature: sig.Sig,
@@ -857,6 +866,7 @@ func RawImageSignaturesFrom(ctx context.Context) map[string]string {
 	ret := map[string]string{}
 	for ref, signature := range state.ImageSignatures {
 		ret[fmt.Sprintf("IMAGE_SIGNATURE_%s", ref)] = signature.Signature
+		ret[fmt.Sprintf("SIGNATURE_DIGEST_%s", ref)] = signature.Digest
 	}
 
 	return ret

diff --git a/acceptance/kubernetes/kubernetes.go b/acceptance/kubernetes/kubernetes.go
@@ -22,12 +22,12 @@ import (
 	"encoding/json"
 	"errors"
 	"fmt"
+	"maps"
 	"strings"
 	"text/tabwriter"
 
 	"github.com/cucumber/godog"
 	clr "github.com/doiit/picocolors"
-	"golang.org/x/exp/maps"
 
 	"github.com/enterprise-contract/ec-cli/acceptance/crypto"
 	"github.com/enterprise-contract/ec-cli/acceptance/image"

diff --git a/features/__snapshots__/validate_image.snap b/features/__snapshots__/validate_image.snap
@@ -49,7 +49,10 @@
               "keyid": "",
               "sig": "${ATTESTATION_SIGNATURE_acceptance/ec-happy-day}"
             }
-          ]
+          ],
+          "digest": {
+            "sha256": "${SIGNATURE_DIGEST_acceptance/ec-happy-day}"
+          }
         }
       ]
     }
@@ -151,7 +154,10 @@ Error: success criteria not met
               "keyid": "",
               "sig": "${ATTESTATION_SIGNATURE_acceptance/ec-happy-day}"
             }
-          ]
+          ],
+          "digest": {
+            "sha256": "${SIGNATURE_DIGEST_acceptance/ec-happy-day}"
+          }
         }
       ]
     }
@@ -240,7 +246,10 @@ Error: success criteria not met
               "keyid": "",
               "sig": "${ATTESTATION_SIGNATURE_acceptance/ec-happy-day}"
             }
-          ]
+          ],
+          "digest": {
+            "sha256": "${SIGNATURE_DIGEST_acceptance/ec-happy-day}"
+          }
         }
       ]
     }
@@ -317,7 +326,10 @@ Error: success criteria not met
               "keyid": "",
               "sig": "${ATTESTATION_SIGNATURE_acceptance/ec-happy-day}"
             }
-          ]
+          ],
+          "digest": {
+            "sha256": "${SIGNATURE_DIGEST_acceptance/ec-happy-day}"
+          }
         }
       ]
     }
@@ -396,7 +408,10 @@ Error: success criteria not met
               "keyid": "",
               "sig": "${ATTESTATION_SIGNATURE_acceptance/ec-happy-day}"
             }
-          ]
+          ],
+          "digest": {
+            "sha256": "${SIGNATURE_DIGEST_acceptance/ec-happy-day}"
+          }
         }
       ]
     }
@@ -467,7 +482,10 @@ Error: success criteria not met
               "keyid": "",
               "sig": "${ATTESTATION_SIGNATURE_acceptance/image}"
             }
-          ]
+          ],
+          "digest": {
+            "sha256": "${SIGNATURE_DIGEST_acceptance/image}"
+          }
         }
       ]
     }
@@ -580,7 +598,10 @@ Error: success criteria not met
               "keyid": "",
               "sig": "${ATTESTATION_SIGNATURE_acceptance/ec-multiple-sources}"
             }
-          ]
+          ],
+          "digest": {
+            "sha256": "${SIGNATURE_DIGEST_acceptance/ec-multiple-sources}"
+          }
         }
       ]
     }
@@ -664,7 +685,10 @@ Error: success criteria not met
               "keyid": "",
               "sig": "${ATTESTATION_SIGNATURE_acceptance/bad-actor}"
             }
-          ]
+          ],
+          "digest": {
+            "sha256": "${SIGNATURE_DIGEST_acceptance/bad-actor}"
+          }
         }
       ]
     }
@@ -748,7 +772,10 @@ Error: success criteria not met
               "keyid": "",
               "sig": "${ATTESTATION_SIGNATURE_acceptance/ec-happy-day}"
             }
-          ]
+          ],
+          "digest": {
+            "sha256": "${SIGNATURE_DIGEST_acceptance/ec-happy-day}"
+          }
         }
       ]
     }
@@ -836,7 +863,10 @@ Error: success criteria not met
               "keyid": "",
               "sig": "${ATTESTATION_SIGNATURE_acceptance/ec-happy-day}"
             }
-          ]
+          ],
+          "digest": {
+            "sha256": "${SIGNATURE_DIGEST_acceptance/ec-happy-day}"
+          }
         }
       ]
     }
@@ -938,7 +968,10 @@ Error: success criteria not met
               "keyid": "",
               "sig": "${ATTESTATION_SIGNATURE_acceptance/ec-multiple-sources}"
             }
-          ]
+          ],
+          "digest": {
+            "sha256": "${SIGNATURE_DIGEST_acceptance/ec-multiple-sources}"
+          }
         }
       ]
     }
@@ -1110,7 +1143,10 @@ Error: success criteria not met
               "keyid": "",
               "sig": "${ATTESTATION_SIGNATURE_acceptance/ec-happy-day}"
             }
-          ]
+          ],
+          "digest": {
+            "sha256": "${SIGNATURE_DIGEST_acceptance/ec-happy-day}"
+          }
         }
       ]
     }
@@ -1211,7 +1247,10 @@ Error: 1 error occurred:
               "keyid": "",
               "sig": "${ATTESTATION_SIGNATURE_acceptance/ec-happy-day}"
             }
-          ]
+          ],
+          "digest": {
+            "sha256": "${SIGNATURE_DIGEST_acceptance/ec-happy-day}"
+          }
         }
       ]
     }
@@ -1289,7 +1328,10 @@ Error: success criteria not met
               "keyid": "",
               "sig": "${ATTESTATION_SIGNATURE_acceptance/ec-happy-day}"
             }
-          ]
+          ],
+          "digest": {
+            "sha256": "${SIGNATURE_DIGEST_acceptance/ec-happy-day}"
+          }
         }
       ]
     }
@@ -1544,7 +1586,10 @@ Error: success criteria not met
               "keyid": "",
               "sig": "${ATTESTATION_SIGNATURE_acceptance/source}"
             }
-          ]
+          ],
+          "digest": {
+            "sha256": "${SIGNATURE_DIGEST_acceptance/source}"
+          }
         }
       ]
     }
@@ -1671,7 +1716,10 @@ Error: success criteria not met
               "keyid": "",
               "sig": "${ATTESTATION_SIGNATURE_acceptance/image}"
             }
-          ]
+          ],
+          "digest": {
+            "sha256": "${SIGNATURE_DIGEST_acceptance/image}"
+          }
         }
       ]
     }
@@ -1751,7 +1799,10 @@ Error: success criteria not met
               "keyid": "",
               "sig": "${ATTESTATION_SIGNATURE_acceptance/ec-happy-day}"
             }
-          ]
+          ],
+          "digest": {
+            "sha256": "${SIGNATURE_DIGEST_acceptance/ec-happy-day}"
+          }
         }
       ]
     }
@@ -1829,7 +1880,10 @@ Error: success criteria not met
               "keyid": "",
               "sig": "${ATTESTATION_SIGNATURE_acceptance/my-image}"
             }
-          ]
+          ],
+          "digest": {
+            "sha256": "${SIGNATURE_DIGEST_acceptance/my-image}"
+          }
         }
       ]
     }
@@ -1922,7 +1976,10 @@ ${TEMP}/ec-work-${RANDOM}/policy/${RANDOM}/main.rego:34: rego_type_error: undefi
               "keyid": "",
               "sig": "${ATTESTATION_SIGNATURE_acceptance/ec-happy-day}"
             }
-          ]
+          ],
+          "digest": {
+            "sha256": "${SIGNATURE_DIGEST_acceptance/ec-happy-day}"
+          }
         }
       ]
     }
@@ -2009,7 +2066,10 @@ ${TEMP}/ec-work-${RANDOM}/policy/${RANDOM}/main.rego:34: rego_type_error: undefi
               "keyid": "",
               "sig": "${ATTESTATION_SIGNATURE_acceptance/image}"
             }
-          ]
+          ],
+          "digest": {
+            "sha256": "${SIGNATURE_DIGEST_acceptance/image}"
+          }
         }
       ]
     }
@@ -2101,7 +2161,10 @@ Error: success criteria not met
               "keyid": "",
               "sig": "${ATTESTATION_SIGNATURE_acceptance/unique-successes}"
             }
-          ]
+          ],
+          "digest": {
+            "sha256": "${SIGNATURE_DIGEST_acceptance/unique-successes}"
+          }
         }
       ]
     }
@@ -2216,7 +2279,10 @@ Error: success criteria not met
               "keyid": "",
               "sig": "${ATTESTATION_SIGNATURE_acceptance/image-config}"
             }
-          ]
+          ],
+          "digest": {
+            "sha256": "${SIGNATURE_DIGEST_acceptance/image-config}"
+          }
         }
       ]
     }
@@ -2267,7 +2333,10 @@ Error: success criteria not met
               "keyid": "",
               "sig": "${ATTESTATION_SIGNATURE_acceptance/image}"
             }
-          ]
+          ],
+          "digest": {
+            "sha256": "${SIGNATURE_DIGEST_acceptance/image}"
+          }
         }
       ]
     }
@@ -2432,7 +2501,10 @@ Error: success criteria not met
               "keyid": "",
               "sig": "${ATTESTATION_SIGNATURE_acceptance/ignore-rekor}"
             }
-          ]
+          ],
+          "digest": {
+            "sha256": "${SIGNATURE_DIGEST_acceptance/ignore-rekor}"
+          }
         }
       ]
     }
@@ -2839,7 +2911,10 @@ Error: success criteria not met
               "keyid": "",
               "sig": "${ATTESTATION_SIGNATURE_acceptance/image}"
             }
-          ]
+          ],
+          "digest": {
+            "sha256": "${SIGNATURE_DIGEST_acceptance/image}"
+          }
         }
       ]
     }
@@ -2911,7 +2986,10 @@ Error: success criteria not met
               "keyid": "",
               "sig": "${ATTESTATION_SIGNATURE_acceptance/image}"
             }
-          ]
+          ],
+          "digest": {
+            "sha256": "${SIGNATURE_DIGEST_acceptance/image}"
+          }
         }
       ]
     }
@@ -2993,7 +3071,10 @@ Error: success criteria not met
           "keyid": "",
           "sig": "${ATTESTATION_SIGNATURE_acceptance/image}"
         }
-      ]
+      ],
+      "digest": {
+        "sha256": "${SIGNATURE_DIGEST_acceptance/image}"
+      }
     }
   ],
   "image": {
@@ -3220,7 +3301,10 @@ Error: 1 error occurred:
               "keyid": "",
               "sig": "${ATTESTATION_SIGNATURE_acceptance/fetch-oci-blob}"
             }
-          ]
+          ],
+          "digest": {
+            "sha256": "${SIGNATURE_DIGEST_acceptance/fetch-oci-blob}"
+          }
         }
       ]
     }