kyverno/pkg/cosign/mock.go

package cosign

import (
	"context"
	"fmt"

	"github.com/google/go-containerregistry/pkg/name"
	"github.com/sigstore/cosign/pkg/cosign"
	"github.com/sigstore/cosign/pkg/oci"
)

func SetMock(image string, data [][]byte) error {
	imgRef, err := name.ParseReference(image)
	if err != nil {
		return err
	}

	payloads := make([]cosign.SignedPayload, len(data))
	for i, p := range data {
		payloads[i] = cosign.SignedPayload{
			Payload: p,
		}
	}

	client = &mock{data: map[string][]cosign.SignedPayload{
		imgRef.String(): payloads,
	}}

	return nil
}

func ClearMock() {
	client = &driver{}
}

type mock struct {
	data map[string][]cosign.SignedPayload
}

func (m *mock) VerifyImageSignatures(_ context.Context, signedImgRef name.Reference, _ *cosign.CheckOpts) ([]oci.Signature, bool, error) {
	return m.getSignatures(signedImgRef)
}

func (m *mock) VerifyImageAttestations(ctx context.Context, signedImgRef name.Reference, co *cosign.CheckOpts) (checkedAttestations []oci.Signature, bundleVerified bool, err error) {
	return m.getSignatures(signedImgRef)
}

func (m *mock) getSignatures(signedImgRef name.Reference) ([]oci.Signature, bool, error) {
	results, ok := m.data[signedImgRef.String()]
	if !ok {
		return nil, false, fmt.Errorf("failed to find mock data for %s", signedImgRef.String())
	}

	sigs := make([]oci.Signature, 0, len(results))
	for _, sp := range results {
		sigs = append(sigs, &sig{cosignPayload: sp})
	}

	return sigs, true, nil
}

type sig struct {
	oci.Signature
	cosignPayload cosign.SignedPayload
}

func (s *sig) Payload() ([]byte, error) {
	return s.cosignPayload.Payload, nil
}
merge and update Signed-off-by: Jim Bugwadia <jim@nirmata.com> 2021-10-05 22:42:42 -07:00			`package cosign`

			`import (`
			`"context"`
			`"fmt"`
Cleanup imports (#2635) Signed-off-by: Marcus Noble <github@marcusnoble.co.uk> 2021-10-29 11:24:26 +01:00
merge and update Signed-off-by: Jim Bugwadia <jim@nirmata.com> 2021-10-05 22:42:42 -07:00			`"github.com/google/go-containerregistry/pkg/name"`
			`"github.com/sigstore/cosign/pkg/cosign"`
feat: support other key methods (#2607) * feat: support other key methods Signed-off-by: Batuhan Apaydın <batuhan.apaydin@trendyol.com> Co-authored-by: Furkan Turkal <furkan.turkal@trendyol.com> Co-authored-by: Erkan Zileli <erkan.zileli@trendyol.com> * feat: support fetch attestations from repository Signed-off-by: Furkan <furkan.turkal@trendyol.com> Co-authored-by: Batuhan <batuhan.apaydin@trendyol.com> Signed-off-by: Furkan <furkan.turkal@trendyol.com> * fix: parameter type Signed-off-by: Batuhan Apaydın <batuhan.apaydin@trendyol.com> * fix error check Signed-off-by: Jim Bugwadia <jim@nirmata.com> Co-authored-by: Furkan Turkal <furkan.turkal@trendyol.com> Co-authored-by: Erkan Zileli <erkan.zileli@trendyol.com> Co-authored-by: Jim Bugwadia <jim@nirmata.com> 2021-11-03 10:45:35 +03:00			`"github.com/sigstore/cosign/pkg/oci"`
merge and update Signed-off-by: Jim Bugwadia <jim@nirmata.com> 2021-10-05 22:42:42 -07:00			`)`

			`func SetMock(image string, data [][]byte) error {`
			`imgRef, err := name.ParseReference(image)`
			`if err != nil {`
			`return err`
			`}`

			`payloads := make([]cosign.SignedPayload, len(data))`
			`for i, p := range data {`
			`payloads[i] = cosign.SignedPayload{`
fmt Signed-off-by: Jim Bugwadia <jim@nirmata.com> 2021-10-06 11:18:36 -07:00			`Payload: p,`
merge and update Signed-off-by: Jim Bugwadia <jim@nirmata.com> 2021-10-05 22:42:42 -07:00			`}`
			`}`

fmt Signed-off-by: Jim Bugwadia <jim@nirmata.com> 2021-10-06 11:18:36 -07:00			`client = &mock{data: map[string][]cosign.SignedPayload{`
merge and update Signed-off-by: Jim Bugwadia <jim@nirmata.com> 2021-10-05 22:42:42 -07:00			`imgRef.String(): payloads,`
			`}}`

			`return nil`
			`}`

Image verify attestors (#3614) * fix logs Signed-off-by: Jim Bugwadia <jim@nirmata.com> * fix logs Signed-off-by: Jim Bugwadia <jim@nirmata.com> * support multiple attestors Signed-off-by: Jim Bugwadia <jim@nirmata.com> * rm CLI tests (not currently supported) Signed-off-by: Jim Bugwadia <jim@nirmata.com> * apply attestor repo Signed-off-by: Jim Bugwadia <jim@nirmata.com> * fix linter issues Signed-off-by: Jim Bugwadia <jim@nirmata.com> * fix entryError assignment Signed-off-by: Jim Bugwadia <jim@nirmata.com> * fix tests Signed-off-by: Jim Bugwadia <jim@nirmata.com> * format Signed-off-by: Jim Bugwadia <jim@nirmata.com> * add intermediary certs Signed-off-by: Jim Bugwadia <jim@nirmata.com> 2022-04-19 08:35:12 -07:00			`func ClearMock() {`
			`client = &driver{}`
			`}`

merge and update Signed-off-by: Jim Bugwadia <jim@nirmata.com> 2021-10-05 22:42:42 -07:00			`type mock struct {`
fmt Signed-off-by: Jim Bugwadia <jim@nirmata.com> 2021-10-06 11:18:36 -07:00			`data map[string][]cosign.SignedPayload`
merge and update Signed-off-by: Jim Bugwadia <jim@nirmata.com> 2021-10-05 22:42:42 -07:00			`}`

update cosign to 1.5.0 and fix issuer and subject for keyless (#3089) * update cosign to 1.5.0 and add checks Signed-off-by: Jim Bugwadia <jim@nirmata.com> * fix subject and issuer checks Signed-off-by: Jim Bugwadia <jim@nirmata.com> * make fmt Signed-off-by: Jim Bugwadia <jim@nirmata.com> * fix tests Signed-off-by: Jim Bugwadia <jim@nirmata.com> 2022-01-27 21:13:23 -08:00			`func (m mock) VerifyImageSignatures(_ context.Context, signedImgRef name.Reference, _ cosign.CheckOpts) ([]oci.Signature, bool, error) {`
			`return m.getSignatures(signedImgRef)`
			`}`

			`func (m mock) VerifyImageAttestations(ctx context.Context, signedImgRef name.Reference, co cosign.CheckOpts) (checkedAttestations []oci.Signature, bundleVerified bool, err error) {`
			`return m.getSignatures(signedImgRef)`
			`}`

			`func (m *mock) getSignatures(signedImgRef name.Reference) ([]oci.Signature, bool, error) {`
merge and update Signed-off-by: Jim Bugwadia <jim@nirmata.com> 2021-10-05 22:42:42 -07:00			`results, ok := m.data[signedImgRef.String()]`
			`if !ok {`
feat: support other key methods (#2607) * feat: support other key methods Signed-off-by: Batuhan Apaydın <batuhan.apaydin@trendyol.com> Co-authored-by: Furkan Turkal <furkan.turkal@trendyol.com> Co-authored-by: Erkan Zileli <erkan.zileli@trendyol.com> * feat: support fetch attestations from repository Signed-off-by: Furkan <furkan.turkal@trendyol.com> Co-authored-by: Batuhan <batuhan.apaydin@trendyol.com> Signed-off-by: Furkan <furkan.turkal@trendyol.com> * fix: parameter type Signed-off-by: Batuhan Apaydın <batuhan.apaydin@trendyol.com> * fix error check Signed-off-by: Jim Bugwadia <jim@nirmata.com> Co-authored-by: Furkan Turkal <furkan.turkal@trendyol.com> Co-authored-by: Erkan Zileli <erkan.zileli@trendyol.com> Co-authored-by: Jim Bugwadia <jim@nirmata.com> 2021-11-03 10:45:35 +03:00			`return nil, false, fmt.Errorf("failed to find mock data for %s", signedImgRef.String())`
merge and update Signed-off-by: Jim Bugwadia <jim@nirmata.com> 2021-10-05 22:42:42 -07:00			`}`

feat: support other key methods (#2607) * feat: support other key methods Signed-off-by: Batuhan Apaydın <batuhan.apaydin@trendyol.com> Co-authored-by: Furkan Turkal <furkan.turkal@trendyol.com> Co-authored-by: Erkan Zileli <erkan.zileli@trendyol.com> * feat: support fetch attestations from repository Signed-off-by: Furkan <furkan.turkal@trendyol.com> Co-authored-by: Batuhan <batuhan.apaydin@trendyol.com> Signed-off-by: Furkan <furkan.turkal@trendyol.com> * fix: parameter type Signed-off-by: Batuhan Apaydın <batuhan.apaydin@trendyol.com> * fix error check Signed-off-by: Jim Bugwadia <jim@nirmata.com> Co-authored-by: Furkan Turkal <furkan.turkal@trendyol.com> Co-authored-by: Erkan Zileli <erkan.zileli@trendyol.com> Co-authored-by: Jim Bugwadia <jim@nirmata.com> 2021-11-03 10:45:35 +03:00			`sigs := make([]oci.Signature, 0, len(results))`
			`for _, sp := range results {`
			`sigs = append(sigs, &sig{cosignPayload: sp})`
			`}`

			`return sigs, true, nil`
			`}`

			`type sig struct {`
			`oci.Signature`
			`cosignPayload cosign.SignedPayload`
			`}`

			`func (s *sig) Payload() ([]byte, error) {`
			`return s.cosignPayload.Payload, nil`
merge and update Signed-off-by: Jim Bugwadia <jim@nirmata.com> 2021-10-05 22:42:42 -07:00			`}`