From 3e5cfe3ae4bd0261a28eb85d4c101fec9cbdb480 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Charles-Edouard=20Br=C3=A9t=C3=A9ch=C3=A9?= Date: Wed, 29 Mar 2023 14:09:22 +0200 Subject: [PATCH] test: add kuttl test for bad manifest signatures (#6719) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Charles-Edouard Brétéché --- .../multi-signatures/02-resources.yaml | 2 ++ .../multi-signatures/resource-bad-signatures.yaml | 15 +++++++++++++++ .../single-signature/02-resources.yaml | 2 ++ .../single-signature/resource-bad-signatures.yaml | 15 +++++++++++++++ 4 files changed, 34 insertions(+) create mode 100644 test/conformance/kuttl/verify-manifests/multi-signatures/resource-bad-signatures.yaml create mode 100644 test/conformance/kuttl/verify-manifests/single-signature/resource-bad-signatures.yaml diff --git a/test/conformance/kuttl/verify-manifests/multi-signatures/02-resources.yaml b/test/conformance/kuttl/verify-manifests/multi-signatures/02-resources.yaml index 32b2f0df75..f430d948cb 100644 --- a/test/conformance/kuttl/verify-manifests/multi-signatures/02-resources.yaml +++ b/test/conformance/kuttl/verify-manifests/multi-signatures/02-resources.yaml @@ -7,3 +7,5 @@ apply: shouldFail: true - file: resource-two-signatures.yaml shouldFail: false +- file: resource-bad-signatures.yaml + shouldFail: true diff --git a/test/conformance/kuttl/verify-manifests/multi-signatures/resource-bad-signatures.yaml b/test/conformance/kuttl/verify-manifests/multi-signatures/resource-bad-signatures.yaml new file mode 100644 index 0000000000..736b82c127 --- /dev/null +++ b/test/conformance/kuttl/verify-manifests/multi-signatures/resource-bad-signatures.yaml @@ -0,0 +1,15 @@ +apiVersion: v1 +kind: Service +metadata: + annotations: + cosign.sigstore.dev/message: H4sIAAAAAAAA/ySKTarDMAwG9zrFd4HAewT6o13puhBo6V44opgmtrBEoLcvcXfDzIjlpzbPtTC2f3rnMjPu2raclFYNmSWECSiyKiPUY/BfHslN096stvAdho6M0x8BgLUaNdWF8bhO3YS0l8bUp/N4PBDgumiK2rgPYsa4fS5m9A0AAP//mX2z9ZsAAAA= + cosign.sigstore.dev/signature: MEYCIQDMIHC26nBdO/GeFZpP1CNdmGVO41w5P0PCN4DemLk/mgIhAJ04E76kz25pkUXHxrfKIWVKuD+KGw5TStPNWZPCqPLK + cosign.sigstore.dev/signature_1: MEQCIDZ7YUjwtSvjgaOLaXQiT2F7P00FUC+QZqI8DcBjMlgVAiAMojKmnl7TRkqpPMXBsz6rWIMU8VpfItcQ5QrLKLQRHg== + name: test-service3 +spec: + ports: + - port: 80 + protocol: TCP + targetPort: 9376 + selector: + app: NotMyApp diff --git a/test/conformance/kuttl/verify-manifests/single-signature/02-resources.yaml b/test/conformance/kuttl/verify-manifests/single-signature/02-resources.yaml index 09cfa6d968..5a6cb7d01d 100644 --- a/test/conformance/kuttl/verify-manifests/single-signature/02-resources.yaml +++ b/test/conformance/kuttl/verify-manifests/single-signature/02-resources.yaml @@ -7,3 +7,5 @@ apply: shouldFail: false - file: resource-two-signatures.yaml shouldFail: false +- file: resource-bad-signatures.yaml + shouldFail: true diff --git a/test/conformance/kuttl/verify-manifests/single-signature/resource-bad-signatures.yaml b/test/conformance/kuttl/verify-manifests/single-signature/resource-bad-signatures.yaml new file mode 100644 index 0000000000..736b82c127 --- /dev/null +++ b/test/conformance/kuttl/verify-manifests/single-signature/resource-bad-signatures.yaml @@ -0,0 +1,15 @@ +apiVersion: v1 +kind: Service +metadata: + annotations: + cosign.sigstore.dev/message: H4sIAAAAAAAA/ySKTarDMAwG9zrFd4HAewT6o13puhBo6V44opgmtrBEoLcvcXfDzIjlpzbPtTC2f3rnMjPu2raclFYNmSWECSiyKiPUY/BfHslN096stvAdho6M0x8BgLUaNdWF8bhO3YS0l8bUp/N4PBDgumiK2rgPYsa4fS5m9A0AAP//mX2z9ZsAAAA= + cosign.sigstore.dev/signature: MEYCIQDMIHC26nBdO/GeFZpP1CNdmGVO41w5P0PCN4DemLk/mgIhAJ04E76kz25pkUXHxrfKIWVKuD+KGw5TStPNWZPCqPLK + cosign.sigstore.dev/signature_1: MEQCIDZ7YUjwtSvjgaOLaXQiT2F7P00FUC+QZqI8DcBjMlgVAiAMojKmnl7TRkqpPMXBsz6rWIMU8VpfItcQ5QrLKLQRHg== + name: test-service3 +spec: + ports: + - port: 80 + protocol: TCP + targetPort: 9376 + selector: + app: NotMyApp