From 70d15cb2e6df4c6b710dc63020b9f9f9f342da87 Mon Sep 17 00:00:00 2001 From: Joe Stuart Date: Mon, 6 Nov 2023 11:53:35 -0600 Subject: [PATCH] acceptance test fixes --- acceptance/image/image.go | 10 ++ acceptance/kubernetes/kubernetes.go | 2 +- features/__snapshots__/validate_image.snap | 140 ++++++++++++++++----- 3 files changed, 123 insertions(+), 29 deletions(-) diff --git a/acceptance/image/image.go b/acceptance/image/image.go index cfb446f1e..36e0c501c 100644 --- a/acceptance/image/image.go +++ b/acceptance/image/image.go @@ -79,6 +79,7 @@ type Signature struct { Certificate string `json:"certificate,omitempty"` Chain []string `json:"chain,omitempty"` Metadata map[string]string `json:"metadata,omitempty"` + Digest string `json:"digest,omitempty"` } // imageState holds the state of images used in acceptance tests keyed by the @@ -209,10 +210,15 @@ func createAndPushImageSignature(ctx context.Context, imageName string, keyName return ctx, err } + sigDigest, err := signatureLayer.Digest() + if err != nil { + return ctx, err + } state.Signatures[imageName] = ref.String() state.ImageSignatures[imageName] = Signature{ KeyID: "", Signature: signatureBase64, + Digest: sigDigest.String(), } return ctx, nil @@ -270,6 +276,9 @@ func createAndPushAttestationWithPatches(ctx context.Context, imageName, keyName if sig, err := unmarshallSignatures(signedAttestation); err != nil { return ctx, err } else { + if err != nil { + return ctx, err + } state.AttestationSignatures[imageName] = Signature{ KeyID: sig.KeyID, Signature: sig.Sig, @@ -857,6 +866,7 @@ func RawImageSignaturesFrom(ctx context.Context) map[string]string { ret := map[string]string{} for ref, signature := range state.ImageSignatures { ret[fmt.Sprintf("IMAGE_SIGNATURE_%s", ref)] = signature.Signature + ret[fmt.Sprintf("SIGNATURE_DIGEST_%s", ref)] = signature.Digest } return ret diff --git a/acceptance/kubernetes/kubernetes.go b/acceptance/kubernetes/kubernetes.go index 9b73483aa..eb714edd5 100644 --- a/acceptance/kubernetes/kubernetes.go +++ b/acceptance/kubernetes/kubernetes.go @@ -22,12 +22,12 @@ import ( "encoding/json" "errors" "fmt" + "maps" "strings" "text/tabwriter" "github.com/cucumber/godog" clr "github.com/doiit/picocolors" - "golang.org/x/exp/maps" "github.com/enterprise-contract/ec-cli/acceptance/crypto" "github.com/enterprise-contract/ec-cli/acceptance/image" diff --git a/features/__snapshots__/validate_image.snap b/features/__snapshots__/validate_image.snap index acf80a6a4..96088b325 100755 --- a/features/__snapshots__/validate_image.snap +++ b/features/__snapshots__/validate_image.snap @@ -49,7 +49,10 @@ "keyid": "", "sig": "${ATTESTATION_SIGNATURE_acceptance/ec-happy-day}" } - ] + ], + "digest": { + "sha256": "${SIGNATURE_DIGEST_acceptance/ec-happy-day}" + } } ] } @@ -151,7 +154,10 @@ Error: success criteria not met "keyid": "", "sig": "${ATTESTATION_SIGNATURE_acceptance/ec-happy-day}" } - ] + ], + "digest": { + "sha256": "${SIGNATURE_DIGEST_acceptance/ec-happy-day}" + } } ] } @@ -240,7 +246,10 @@ Error: success criteria not met "keyid": "", "sig": "${ATTESTATION_SIGNATURE_acceptance/ec-happy-day}" } - ] + ], + "digest": { + "sha256": "${SIGNATURE_DIGEST_acceptance/ec-happy-day}" + } } ] } @@ -317,7 +326,10 @@ Error: success criteria not met "keyid": "", "sig": "${ATTESTATION_SIGNATURE_acceptance/ec-happy-day}" } - ] + ], + "digest": { + "sha256": "${SIGNATURE_DIGEST_acceptance/ec-happy-day}" + } } ] } @@ -396,7 +408,10 @@ Error: success criteria not met "keyid": "", "sig": "${ATTESTATION_SIGNATURE_acceptance/ec-happy-day}" } - ] + ], + "digest": { + "sha256": "${SIGNATURE_DIGEST_acceptance/ec-happy-day}" + } } ] } @@ -467,7 +482,10 @@ Error: success criteria not met "keyid": "", "sig": "${ATTESTATION_SIGNATURE_acceptance/image}" } - ] + ], + "digest": { + "sha256": "${SIGNATURE_DIGEST_acceptance/image}" + } } ] } @@ -580,7 +598,10 @@ Error: success criteria not met "keyid": "", "sig": "${ATTESTATION_SIGNATURE_acceptance/ec-multiple-sources}" } - ] + ], + "digest": { + "sha256": "${SIGNATURE_DIGEST_acceptance/ec-multiple-sources}" + } } ] } @@ -664,7 +685,10 @@ Error: success criteria not met "keyid": "", "sig": "${ATTESTATION_SIGNATURE_acceptance/bad-actor}" } - ] + ], + "digest": { + "sha256": "${SIGNATURE_DIGEST_acceptance/bad-actor}" + } } ] } @@ -748,7 +772,10 @@ Error: success criteria not met "keyid": "", "sig": "${ATTESTATION_SIGNATURE_acceptance/ec-happy-day}" } - ] + ], + "digest": { + "sha256": "${SIGNATURE_DIGEST_acceptance/ec-happy-day}" + } } ] } @@ -836,7 +863,10 @@ Error: success criteria not met "keyid": "", "sig": "${ATTESTATION_SIGNATURE_acceptance/ec-happy-day}" } - ] + ], + "digest": { + "sha256": "${SIGNATURE_DIGEST_acceptance/ec-happy-day}" + } } ] } @@ -938,7 +968,10 @@ Error: success criteria not met "keyid": "", "sig": "${ATTESTATION_SIGNATURE_acceptance/ec-multiple-sources}" } - ] + ], + "digest": { + "sha256": "${SIGNATURE_DIGEST_acceptance/ec-multiple-sources}" + } } ] } @@ -1110,7 +1143,10 @@ Error: success criteria not met "keyid": "", "sig": "${ATTESTATION_SIGNATURE_acceptance/ec-happy-day}" } - ] + ], + "digest": { + "sha256": "${SIGNATURE_DIGEST_acceptance/ec-happy-day}" + } } ] } @@ -1211,7 +1247,10 @@ Error: 1 error occurred: "keyid": "", "sig": "${ATTESTATION_SIGNATURE_acceptance/ec-happy-day}" } - ] + ], + "digest": { + "sha256": "${SIGNATURE_DIGEST_acceptance/ec-happy-day}" + } } ] } @@ -1289,7 +1328,10 @@ Error: success criteria not met "keyid": "", "sig": "${ATTESTATION_SIGNATURE_acceptance/ec-happy-day}" } - ] + ], + "digest": { + "sha256": "${SIGNATURE_DIGEST_acceptance/ec-happy-day}" + } } ] } @@ -1544,7 +1586,10 @@ Error: success criteria not met "keyid": "", "sig": "${ATTESTATION_SIGNATURE_acceptance/source}" } - ] + ], + "digest": { + "sha256": "${SIGNATURE_DIGEST_acceptance/source}" + } } ] } @@ -1671,7 +1716,10 @@ Error: success criteria not met "keyid": "", "sig": "${ATTESTATION_SIGNATURE_acceptance/image}" } - ] + ], + "digest": { + "sha256": "${SIGNATURE_DIGEST_acceptance/image}" + } } ] } @@ -1751,7 +1799,10 @@ Error: success criteria not met "keyid": "", "sig": "${ATTESTATION_SIGNATURE_acceptance/ec-happy-day}" } - ] + ], + "digest": { + "sha256": "${SIGNATURE_DIGEST_acceptance/ec-happy-day}" + } } ] } @@ -1829,7 +1880,10 @@ Error: success criteria not met "keyid": "", "sig": "${ATTESTATION_SIGNATURE_acceptance/my-image}" } - ] + ], + "digest": { + "sha256": "${SIGNATURE_DIGEST_acceptance/my-image}" + } } ] } @@ -1922,7 +1976,10 @@ ${TEMP}/ec-work-${RANDOM}/policy/${RANDOM}/main.rego:34: rego_type_error: undefi "keyid": "", "sig": "${ATTESTATION_SIGNATURE_acceptance/ec-happy-day}" } - ] + ], + "digest": { + "sha256": "${SIGNATURE_DIGEST_acceptance/ec-happy-day}" + } } ] } @@ -2009,7 +2066,10 @@ ${TEMP}/ec-work-${RANDOM}/policy/${RANDOM}/main.rego:34: rego_type_error: undefi "keyid": "", "sig": "${ATTESTATION_SIGNATURE_acceptance/image}" } - ] + ], + "digest": { + "sha256": "${SIGNATURE_DIGEST_acceptance/image}" + } } ] } @@ -2101,7 +2161,10 @@ Error: success criteria not met "keyid": "", "sig": "${ATTESTATION_SIGNATURE_acceptance/unique-successes}" } - ] + ], + "digest": { + "sha256": "${SIGNATURE_DIGEST_acceptance/unique-successes}" + } } ] } @@ -2216,7 +2279,10 @@ Error: success criteria not met "keyid": "", "sig": "${ATTESTATION_SIGNATURE_acceptance/image-config}" } - ] + ], + "digest": { + "sha256": "${SIGNATURE_DIGEST_acceptance/image-config}" + } } ] } @@ -2267,7 +2333,10 @@ Error: success criteria not met "keyid": "", "sig": "${ATTESTATION_SIGNATURE_acceptance/image}" } - ] + ], + "digest": { + "sha256": "${SIGNATURE_DIGEST_acceptance/image}" + } } ] } @@ -2432,7 +2501,10 @@ Error: success criteria not met "keyid": "", "sig": "${ATTESTATION_SIGNATURE_acceptance/ignore-rekor}" } - ] + ], + "digest": { + "sha256": "${SIGNATURE_DIGEST_acceptance/ignore-rekor}" + } } ] } @@ -2839,7 +2911,10 @@ Error: success criteria not met "keyid": "", "sig": "${ATTESTATION_SIGNATURE_acceptance/image}" } - ] + ], + "digest": { + "sha256": "${SIGNATURE_DIGEST_acceptance/image}" + } } ] } @@ -2911,7 +2986,10 @@ Error: success criteria not met "keyid": "", "sig": "${ATTESTATION_SIGNATURE_acceptance/image}" } - ] + ], + "digest": { + "sha256": "${SIGNATURE_DIGEST_acceptance/image}" + } } ] } @@ -2993,7 +3071,10 @@ Error: success criteria not met "keyid": "", "sig": "${ATTESTATION_SIGNATURE_acceptance/image}" } - ] + ], + "digest": { + "sha256": "${SIGNATURE_DIGEST_acceptance/image}" + } } ], "image": { @@ -3220,7 +3301,10 @@ Error: 1 error occurred: "keyid": "", "sig": "${ATTESTATION_SIGNATURE_acceptance/fetch-oci-blob}" } - ] + ], + "digest": { + "sha256": "${SIGNATURE_DIGEST_acceptance/fetch-oci-blob}" + } } ] }