mirror of
https://github.com/kyverno/kyverno.git
synced 2024-12-14 11:57:48 +00:00
4eab46fb7d
* feat: support other key methods Signed-off-by: Batuhan Apaydın <batuhan.apaydin@trendyol.com> Co-authored-by: Furkan Turkal <furkan.turkal@trendyol.com> Co-authored-by: Erkan Zileli <erkan.zileli@trendyol.com> * feat: support fetch attestations from repository Signed-off-by: Furkan <furkan.turkal@trendyol.com> Co-authored-by: Batuhan <batuhan.apaydin@trendyol.com> Signed-off-by: Furkan <furkan.turkal@trendyol.com> * fix: parameter type Signed-off-by: Batuhan Apaydın <batuhan.apaydin@trendyol.com> * fix error check Signed-off-by: Jim Bugwadia <jim@nirmata.com> Co-authored-by: Furkan Turkal <furkan.turkal@trendyol.com> Co-authored-by: Erkan Zileli <erkan.zileli@trendyol.com> Co-authored-by: Jim Bugwadia <jim@nirmata.com>
52 lines
1.6 KiB
Go
52 lines
1.6 KiB
Go
package cosign
|
|
|
|
import (
|
|
"testing"
|
|
|
|
"github.com/sigstore/cosign/pkg/oci"
|
|
|
|
"github.com/go-logr/logr"
|
|
"github.com/sigstore/cosign/pkg/cosign"
|
|
"gotest.tools/assert"
|
|
)
|
|
|
|
const cosignPayload = `{
|
|
"critical": {
|
|
"identity": {
|
|
"docker-reference": "registry-v2.nirmata.io/pause"
|
|
},
|
|
"image": {
|
|
"docker-manifest-digest": "sha256:4a1c4b21597c1b4415bdbecb28a3296c6b5e23ca4f9feeb599860a1dac6a0108"
|
|
},
|
|
"type": "cosign container image signature"
|
|
},
|
|
"optional": null
|
|
}`
|
|
|
|
const tektonPayload = `{
|
|
"Critical": {
|
|
"Identity": {
|
|
"docker-reference": "gcr.io/tekton-releases/github.com/tektoncd/pipeline/cmd/nop"
|
|
},
|
|
"Image": {
|
|
"Docker-manifest-digest": "sha256:6a037d5ba27d9c6be32a9038bfe676fb67d2e4145b4f53e9c61fb3e69f06e816"
|
|
},
|
|
"Type": "Tekton container signature"
|
|
},
|
|
"Optional": {}
|
|
}`
|
|
|
|
func TestCosignPayload(t *testing.T) {
|
|
var log logr.Logger = logr.DiscardLogger{}
|
|
image := "registry-v2.nirmata.io/pause"
|
|
signedPayloads := cosign.SignedPayload{Payload: []byte(cosignPayload)}
|
|
d, err := extractDigest(image, []oci.Signature{&sig{cosignPayload: signedPayloads}}, log)
|
|
assert.NilError(t, err)
|
|
assert.Equal(t, d, "sha256:4a1c4b21597c1b4415bdbecb28a3296c6b5e23ca4f9feeb599860a1dac6a0108")
|
|
|
|
image2 := "gcr.io/tekton-releases/github.com/tektoncd/pipeline/cmd/nop"
|
|
signedPayloads2 := cosign.SignedPayload{Payload: []byte(tektonPayload)}
|
|
d2, err := extractDigest(image2, []oci.Signature{&sig{cosignPayload: signedPayloads2}}, log)
|
|
assert.NilError(t, err)
|
|
assert.Equal(t, d2, "sha256:6a037d5ba27d9c6be32a9038bfe676fb67d2e4145b4f53e9c61fb3e69f06e816")
|
|
}
|