From 8b165c020941229ff40bca53f45365dba172b18b Mon Sep 17 00:00:00 2001 From: Vishal Choudhary Date: Tue, 18 Jul 2023 11:28:47 +0530 Subject: [PATCH] bug: fix nancy by removing tekton payload from cosign test (#7841) * fix: remove tekton payload from cosign test Signed-off-by: Vishal Choudhary * fix: update image and identity to kyverno Signed-off-by: Vishal Choudhary * style: extra tab in json payload Signed-off-by: Vishal Choudhary --------- Signed-off-by: Vishal Choudhary --- go.mod | 2 +- pkg/cosign/cosign_test.go | 42 +++++++++++++++++++++++---------------- 2 files changed, 26 insertions(+), 18 deletions(-) diff --git a/go.mod b/go.mod index 487ca723a3..e3cac87f6a 100644 --- a/go.mod +++ b/go.mod @@ -80,6 +80,7 @@ require ( sigs.k8s.io/controller-runtime v0.15.0 sigs.k8s.io/kustomize/api v0.13.4 sigs.k8s.io/kustomize/kyaml v0.14.2 + sigs.k8s.io/structured-merge-diff/v4 v4.2.3 sigs.k8s.io/yaml v1.3.0 ) @@ -333,5 +334,4 @@ require ( oras.land/oras-go/v2 v2.2.0 // indirect sigs.k8s.io/json v0.0.0-20221116044647-bc3834ca7abd // indirect sigs.k8s.io/release-utils v0.7.3 // indirect - sigs.k8s.io/structured-merge-diff/v4 v4.2.3 // indirect ) diff --git a/pkg/cosign/cosign_test.go b/pkg/cosign/cosign_test.go index 85f48073c6..7dce759649 100644 --- a/pkg/cosign/cosign_test.go +++ b/pkg/cosign/cosign_test.go @@ -33,20 +33,28 @@ const cosignPayload = `{ } }` -const tektonPayload = `{ - "Critical": { - "Identity": { - "docker-reference": "gcr.io/tekton-releases/github.com/tektoncd/pipeline/cmd/nop" - }, - "Image": { - "Docker-manifest-digest": "sha256:6a037d5ba27d9c6be32a9038bfe676fb67d2e4145b4f53e9c61fb3e69f06e816" - }, - "Type": "Tekton container signature" - }, - "Optional": { - "Issuer": "https://github.com/login/oauth", - "Subject": "https://github.com/mycompany/demo/.github/workflows/ci.yml@refs/heads/main" - } +const keylessPayload = `{ + "critical": { + "identity": { + "docker-reference": "ghcr.io/kyverno/test-verify-image" + }, + "image": { + "docker-manifest-digest": "sha256:ee53528c4e3c723945cf870d73702b76135955a218dd7497bf344aa73ebb4227" + }, + "type": "cosign container image signature" + }, + "optional": { + "Bundle": { + "SignedEntryTimestamp": "--TIME-STAMP--", + "Payload": { + "integratedTime": 1689234389, + "logIndex": 27432442, + "logID": "--LOG-ID--" + } + }, + "Issuer": "https://accounts.google.com", + "Subject": "kyverno@nirmata.com" + } }` func TestCosignPayload(t *testing.T) { @@ -61,15 +69,15 @@ func TestCosignPayload(t *testing.T) { assert.NilError(t, err) assert.Equal(t, d, "sha256:4a1c4b21597c1b4415bdbecb28a3296c6b5e23ca4f9feeb599860a1dac6a0108") - image2 := "gcr.io/tekton-releases/github.com/tektoncd/pipeline/cmd/nop" - signedPayloads2 := cosign.SignedPayload{Payload: []byte(tektonPayload)} + image2 := "ghcr.io/kyverno/test-verify-image" + signedPayloads2 := cosign.SignedPayload{Payload: []byte(keylessPayload)} signatures2 := []oci.Signature{&sig{cosignPayload: signedPayloads2}} p2, err := extractPayload(signatures2) assert.NilError(t, err) d2, err := extractDigest(image2, p2) assert.NilError(t, err) - assert.Equal(t, d2, "sha256:6a037d5ba27d9c6be32a9038bfe676fb67d2e4145b4f53e9c61fb3e69f06e816") + assert.Equal(t, d2, "sha256:ee53528c4e3c723945cf870d73702b76135955a218dd7497bf344aa73ebb4227") } func TestCosignKeyless(t *testing.T) {