From 94f0829a37771642ceda18e4615597491bd6176f Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Charles-Edouard=20Br=C3=A9t=C3=A9ch=C3=A9?= Date: Thu, 30 Mar 2023 17:31:11 +0200 Subject: [PATCH] fix: no skip result when no image match the rule (#6733) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit * fix: no skip result when no image match the rule Signed-off-by: Charles-Edouard Brétéché * fix test Signed-off-by: Charles-Edouard Brétéché --------- Signed-off-by: Charles-Edouard Brétéché --- pkg/engine/imageVerify.go | 11 +---------- pkg/engine/imageVerify_test.go | 5 ++--- 2 files changed, 3 insertions(+), 13 deletions(-) diff --git a/pkg/engine/imageVerify.go b/pkg/engine/imageVerify.go index c796b7c19d..0751ff2045 100644 --- a/pkg/engine/imageVerify.go +++ b/pkg/engine/imageVerify.go @@ -77,7 +77,7 @@ func (e *engine) doVerifyAndPatch( logger.V(3).Info("processing image verification rule") - ruleImages, imageRefs, err := engineutils.ExtractMatchingImages( + ruleImages, _, err := engineutils.ExtractMatchingImages( policyContext.NewResource(), policyContext.JSONContext(), rule, @@ -92,15 +92,6 @@ func (e *engine) doVerifyAndPatch( return } if len(ruleImages) == 0 { - internal.AddRuleResponse( - resp, - internal.RuleSkip( - rule, - engineapi.ImageVerify, - fmt.Sprintf("skip run verification as image in resource not found in imageRefs '%s'", imageRefs), - ), - startTime, - ) return } policyContext.JSONContext().Restore() diff --git a/pkg/engine/imageVerify_test.go b/pkg/engine/imageVerify_test.go index 498428003e..3ee1cfefad 100644 --- a/pkg/engine/imageVerify_test.go +++ b/pkg/engine/imageVerify_test.go @@ -446,12 +446,11 @@ var ( testOtherKey = `-----BEGIN PUBLIC KEY-----\nMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEpNlOGZ323zMlhs4bcKSpAKQvbcWi5ZLRmijm6SqXDy0Fp0z0Eal+BekFnLzs8rUXUaXlhZ3hNudlgFJH+nFNMw==\n-----END PUBLIC KEY-----\n` ) -func Test_ConfigMapMissingSuccess(t *testing.T) { +func Test_NoMatch(t *testing.T) { policyContext := buildContext(t, testConfigMapMissing, testConfigMapMissingResource, "") cosign.ClearMock() err, _ := testVerifyAndPatchImages(context.TODO(), registryclient.NewOrDie(), nil, policyContext, cfg) - assert.Equal(t, len(err.PolicyResponse.Rules), 1) - assert.Equal(t, err.PolicyResponse.Rules[0].Status, engineapi.RuleStatusSkip, err.PolicyResponse.Rules[0].Message) + assert.Equal(t, len(err.PolicyResponse.Rules), 0) } func Test_ConfigMapMissingFailure(t *testing.T) {