loving yaml, thanks validation!

Signed-off-by: Ville Aikas <vaikas@chainguard.dev>
sigstore · Apr 21, 2022 · 654f9fe · 654f9fe
1 parent 3b87836
commit 654f9fe
Show file tree

Hide file tree

Showing 3 changed files with 45 additions and 42 deletions.
diff --git a/pkg/client/clientset/versioned/clientset.go b/pkg/client/clientset/versioned/clientset.go
diff --git a/pkg/policy/eval_test.go b/pkg/policy/eval_test.go
@@ -26,7 +26,8 @@ const (
 
 	vulnAttestation = "{\"_type\":\"https://in-toto.io/Statement/v0.1\",\"predicateType\":\"cosign.sigstore.dev/attestation/vuln/v1\",\"subject\":[{\"name\":\"registry.local:5000/cosigned/demo\",\"digest\":{\"sha256\":\"416cc82c76114b1744ea58bcbf2f411a0f2de4b0456703bf1bb83d33656951bc\"}}],\"predicate\":{\"invocation\":{\"parameters\":null,\"uri\":\"invocation.example.com/cosign-testing\",\"event_id\":\"\",\"builder.id\":\"\"},\"scanner\":{\"uri\":\"fakescanner.example.com/cosign-testing\",\"version\":\"\",\"db\":{\"uri\":\"\",\"version\":\"\"},\"result\":null},\"metadata\":{\"scanStartedOn\":\"2022-04-12T00:00:00Z\",\"scanFinishedOn\":\"2022-04-12T00:10:00Z\"}}}"
 
-	cipAttestation = "{\"authorityMatches\":{\"key-att\":{\"signatures\":null,\"attestations\":{\"vuln-key\":[{\"subject\":\"PLACEHOLDER\",\"issuer\":\"PLACEHOLDER\"}]}},\"key-signature\":{\"signatures\":[{\"subject\":\"PLACEHOLDER\",\"issuer\":\"PLACEHOLDER\"}],\"attestations\":null},\"keyless-att\":{\"signatures\":null,\"attestations\":{\"custom-keyless\":[{\"subject\":\"PLACEHOLDER\",\"issuer\":\"PLACEHOLDER\"}]}}"
+	// TODO(vaikas): Enable tests once we sort this out.
+	//	cipAttestation = "{\"authorityMatches\":{\"key-att\":{\"signatures\":null,\"attestations\":{\"vuln-key\":[{\"subject\":\"PLACEHOLDER\",\"issuer\":\"PLACEHOLDER\"}]}},\"key-signature\":{\"signatures\":[{\"subject\":\"PLACEHOLDER\",\"issuer\":\"PLACEHOLDER\"}],\"attestations\":null},\"keyless-att\":{\"signatures\":null,\"attestations\":{\"custom-keyless\":[{\"subject\":\"PLACEHOLDER\",\"issuer\":\"PLACEHOLDER\"}]}}"
 )
 
 func TestEvalPolicy(t *testing.T) {
@@ -81,10 +82,8 @@ func TestEvalPolicy(t *testing.T) {
 		if tc.wantErr {
 			if err == nil {
 				t.Errorf("Did not get an error, wanted %s", tc.wantErrSub)
-			} else {
-				if !strings.Contains(err.Error(), tc.wantErrSub) {
-					t.Errorf("Unexpected error, want: %s got: %s", tc.wantErrSub, err.Error())
-				}
+			} else if !strings.Contains(err.Error(), tc.wantErrSub) {
+				t.Errorf("Unexpected error, want: %s got: %s", tc.wantErrSub, err.Error())
 			}
 		} else {
 			if !tc.wantErr && err != nil {

diff --git a/test/testdata/cosigned/valid/valid-policy-regex.yaml b/test/testdata/cosigned/valid/valid-policy-regex.yaml
@@ -26,51 +26,51 @@ spec:
         secretRef:
           name: ca-cert-secret
           namespace: some-namespacemak
-  - keyless:
-      name: "keyless signatures"
+  - name: "keyless signatures"
+    keyless:
       identities:
       - issuer: "issue-details"
         subject: "subject-details"
-  - keyless:
-      name: "keyless attestations"
+  - name: "keyless attestations"
+    keyless:
       identities:
       - issuer: "issue-details"
         subject: "subject-details"
-      attestations:
-      - name: custom-predicate-type-validation
-        predicateType: "cosign.sigstore.dev/attestation/v1"
-        policy:
-          type: cue
-          data: |
-            import "time"
-            before: time.Parse(time.RFC3339, "2049-10-09T17:10:27Z")
-            predicateType: "cosign.sigstore.dev/attestation/v1"
-            predicate: {
-              Timestamp: <before
+    attestations:
+    - name: custom-predicate-type-validation
+      predicateType: custom
+      policy:
+        type: cue
+        data: |
+          import "time"
+          before: time.Parse(time.RFC3339, "2049-10-09T17:10:27Z")
+          predicateType: "cosign.sigstore.dev/attestation/v1"
+          predicate: {
+            Timestamp: <before
+          }
+    - name: vuln-predicate-type-validation
+      predicateType: vuln
+      policy:
+        type: cue
+        data: |
+          import "time"
+          before: time.Parse(time.RFC3339, "2022-04-15T17:10:27Z")
+          after: time.Parse(time.RFC3339, "2022-03-09T17:10:27Z")
+          predicateType: "cosign.sigstore.dev/attestation/vuln/v1"
+          predicate: {
+            invocation: {
+              uri: "invocation.example.com/cosign-testing"
+            }
+            scanner: {
+              uri: "fakescanner.example.com/cosign-testing"
             }
-      - name: vuln-predicate-type-validation
-        predicateType: vuln
-        policy:
-          type: cue
-          data: |
-            import "time"
-            before: time.Parse(time.RFC3339, "2022-04-15T17:10:27Z")
-            after: time.Parse(time.RFC3339, "2022-03-09T17:10:27Z")
-            predicateType: "cosign.sigstore.dev/attestation/vuln/v1"
-            predicate: {
-              invocation: {
-                uri: "invocation.example.com/cosign-testing"
-              }
-              scanner: {
-                uri: "fakescanner.example.com/cosign-testing"
-              }
-              metadata: {
-                scanStartedOn: <before
-                scanStartedOn: >after
-                scanFinishedOn: <before
-                scanFinishedOn: >after
-              }
+            metadata: {
+              scanStartedOn: <before
+              scanStartedOn: >after
+              scanFinishedOn: <before
+              scanFinishedOn: >after
             }
+          }
   - keyless:
       identities:
       - issuer: "issue-details1"