File: policy_eval_simple_test.go

package info (click to toggle)
golang-github-containers-image 5.28.0-4
  • links: PTS, VCS
  • area: main
  • in suites: sid
  • size: 5,104 kB
  • sloc: sh: 194; makefile: 73
file content (59 lines) | stat: -rw-r--r-- 2,051 bytes parent folder | download | duplicates (2) 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
 
//go:build debian_no_fulcio
// +build debian_no_fulcio
package signature

import (
	"context"
	"testing"

	"github.com/containers/image/v5/internal/testing/mocks"
	"github.com/containers/image/v5/types"
)

// nameOnlyImageMock is a mock of private.UnparsedImage which only allows transports.ImageName to work
type nameOnlyImageMock struct {
	mocks.ForbiddenUnparsedImage
}

func (nameOnlyImageMock) Reference() types.ImageReference {
	return nameOnlyImageReferenceMock{s: "== StringWithinTransport mock"}
}

// nameOnlyImageReferenceMock is a mock of types.ImageReference which only allows transports.ImageName to work, returning self.
type nameOnlyImageReferenceMock struct {
	mocks.ForbiddenImageReference
	s string
}

func (ref nameOnlyImageReferenceMock) Transport() types.ImageTransport {
	return mocks.NameImageTransport("== Transport mock")
}
func (ref nameOnlyImageReferenceMock) StringWithinTransport() string {
	return ref.s
}

func TestPRInsecureAcceptAnythingIsSignatureAuthorAccepted(t *testing.T) {
	pr := NewPRInsecureAcceptAnything()
	// Pass nil signature to, kind of, test that the return value does not depend on it.
	sar, parsedSig, err := pr.isSignatureAuthorAccepted(context.Background(), nameOnlyImageMock{}, nil)
	assertSARUnknown(t, sar, parsedSig, err)
}

func TestPRInsecureAcceptAnythingIsRunningImageAllowed(t *testing.T) {
	pr := NewPRInsecureAcceptAnything()
	res, err := pr.isRunningImageAllowed(context.Background(), nameOnlyImageMock{})
	assertRunningAllowed(t, res, err)
}

func TestPRRejectIsSignatureAuthorAccepted(t *testing.T) {
	pr := NewPRReject()
	// Pass nil signature to, kind of, test that the return value does not depend on it.
	sar, parsedSig, err := pr.isSignatureAuthorAccepted(context.Background(), nameOnlyImageMock{}, nil)
	assertSARRejectedPolicyRequirement(t, sar, parsedSig, err)
}

func TestPRRejectIsRunningImageAllowed(t *testing.T) {
	pr := NewPRReject()
	res, err := pr.isRunningImageAllowed(context.Background(), nameOnlyImageMock{})
	assertRunningRejectedPolicyRequirement(t, res, err)
}