fix: no skip result when no image match the rule (#6733)

* fix: no skip result when no image match the rule

Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>

* fix test

Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>

---------

Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>

pkg/engine/imageVerify.go

@@ -77,7 +77,7 @@ func (e *engine) doVerifyAndPatch(
 
 	logger.V(3).Info("processing image verification rule")
 
-	ruleImages, imageRefs, err := engineutils.ExtractMatchingImages(
+	ruleImages, _, err := engineutils.ExtractMatchingImages(
 		policyContext.NewResource(),
 		policyContext.JSONContext(),
 		rule,
@@ -92,15 +92,6 @@ func (e *engine) doVerifyAndPatch(
 		return
 	}
 	if len(ruleImages) == 0 {
-		internal.AddRuleResponse(
-			resp,
-			internal.RuleSkip(
-				rule,
-				engineapi.ImageVerify,
-				fmt.Sprintf("skip run verification as image in resource not found in imageRefs '%s'", imageRefs),
-			),
-			startTime,
-		)
 		return
 	}
 	policyContext.JSONContext().Restore()

pkg/engine/imageVerify_test.go

@@ -446,12 +446,11 @@ var (
 	testOtherKey       = `-----BEGIN PUBLIC KEY-----\nMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEpNlOGZ323zMlhs4bcKSpAKQvbcWi5ZLRmijm6SqXDy0Fp0z0Eal+BekFnLzs8rUXUaXlhZ3hNudlgFJH+nFNMw==\n-----END PUBLIC KEY-----\n`
 )
 
-func Test_ConfigMapMissingSuccess(t *testing.T) {
+func Test_NoMatch(t *testing.T) {
 	policyContext := buildContext(t, testConfigMapMissing, testConfigMapMissingResource, "")
 	cosign.ClearMock()
 	err, _ := testVerifyAndPatchImages(context.TODO(), registryclient.NewOrDie(), nil, policyContext, cfg)
-	assert.Equal(t, len(err.PolicyResponse.Rules), 1)
-	assert.Equal(t, err.PolicyResponse.Rules[0].Status, engineapi.RuleStatusSkip, err.PolicyResponse.Rules[0].Message)
+	assert.Equal(t, len(err.PolicyResponse.Rules), 0)
 }
 
 func Test_ConfigMapMissingFailure(t *testing.T) {