attest/attestation/layout_test.go

package attestation_test

import (
	"path/filepath"
	"strings"
	"testing"

	"github.com/docker/attest"
	"github.com/docker/attest/attestation"
	"github.com/docker/attest/internal/test"
	"github.com/docker/attest/oci"
	"github.com/docker/attest/policy"
	v1 "github.com/google/go-containerregistry/pkg/v1"
	"github.com/stretchr/testify/assert"
	"github.com/stretchr/testify/require"
)

func TestAttestationFromOCILayout(t *testing.T) {
	ctx, signer := test.Setup(t)
	outputLayout := test.CreateTempDir(t, "", "attest-oci-layout")

	invalidPlatform := &v1.Platform{
		Architecture: "invalid",
		OS:           "invalid",
	}

	opts := &attestation.SigningOptions{}
	attIdx, err := oci.IndexFromPath(test.UnsignedTestImage(".."))
	require.NoError(t, err)
	signedManifests, err := attest.SignStatements(ctx, attIdx.Index, signer, opts)
	require.NoError(t, err)
	signedIndex := attIdx.Index
	signedIndex, err = attestation.UpdateIndexImages(signedIndex, signedManifests)
	require.NoError(t, err)
	spec, err := oci.ParseImageSpec(oci.LocalPrefix + outputLayout)
	require.NoError(t, err)
	err = oci.SaveIndex(ctx, []*oci.ImageSpec{spec}, signedIndex, "docker.io/library/test-image:test")
	require.NoError(t, err)

	testCases := []struct {
		name     string
		platform *v1.Platform
		errorStr string
	}{
		{name: "nominal", platform: spec.Platform},
		{name: "invalid platform", platform: invalidPlatform, errorStr: "platform not found in index"},
	}

	for _, tc := range testCases {
		t.Run(tc.name, func(t *testing.T) {
			spec := &oci.ImageSpec{
				Type:       oci.OCI,
				Identifier: outputLayout,
				Platform:   tc.platform,
			}
			resolver, err := policy.CreateImageDetailsResolver(spec)
			if tc.errorStr != "" {
				require.Error(t, err)
				assert.Contains(t, err.Error(), tc.errorStr)
				return
			}
			require.NoError(t, err)
			desc, err := resolver.ImageDescriptor(ctx)
			require.NoError(t, err)
			digest := desc.Digest.String()
			assert.True(t, strings.Contains(digest, "sha256:"))
		})
	}
}

func TestSubjectNameAnnotations(t *testing.T) {
	testCases := []struct {
		name          string
		ociLayoutPath string
		errorStr      string
	}{
		{name: "oci annotation", ociLayoutPath: test.UnsignedTestImage("..")},
		{name: "containerd annotation", ociLayoutPath: filepath.Join("..", "test", "testdata", "containerd-subject-layout")},
		{name: "missing subject name", ociLayoutPath: filepath.Join("..", "test", "testdata", "missing-subject-layout"), errorStr: "failed to find subject name in annotations"},
	}

	for _, tc := range testCases {
		t.Run(tc.name, func(t *testing.T) {
			spec, err := oci.ParseImageSpec(oci.LocalPrefix+tc.ociLayoutPath, oci.WithPlatform("linux/arm64"))
			require.NoError(t, err)
			_, err = policy.CreateImageDetailsResolver(spec)
			if tc.errorStr != "" {
				require.Error(t, err)
				assert.Contains(t, err.Error(), tc.errorStr)
				return
			}
			require.NoError(t, err)
		})
	}
}
fix: cyclical imports 2024-08-12 14:49:52 -05:00			`package attestation_test`
feat: add oci layout test 2024-08-05 11:24:28 -05:00
			`import (`
feat: support containerd subject annotations 2024-09-19 14:59:54 -05:00			`"path/filepath"`
feat: add oci layout test 2024-08-05 11:24:28 -05:00			`"strings"`
			`"testing"`

refactor! remove pkg directory (#145) * refactor!: remove pkg directory * chore: include breaking changes in draft 2024-09-02 16:17:50 +01:00			`"github.com/docker/attest"`
			`"github.com/docker/attest/attestation"`
feat: add oci layout test 2024-08-05 11:24:28 -05:00			`"github.com/docker/attest/internal/test"`
refactor! remove pkg directory (#145) * refactor!: remove pkg directory * chore: include breaking changes in draft 2024-09-02 16:17:50 +01:00			`"github.com/docker/attest/oci"`
			`"github.com/docker/attest/policy"`
feat: add nil pointer test 2024-08-05 16:50:40 -05:00			`v1 "github.com/google/go-containerregistry/pkg/v1"`
feat: add oci layout test 2024-08-05 11:24:28 -05:00			`"github.com/stretchr/testify/assert"`
			`"github.com/stretchr/testify/require"`
			`)`

			`func TestAttestationFromOCILayout(t *testing.T) {`
			`ctx, signer := test.Setup(t)`
			`outputLayout := test.CreateTempDir(t, "", "attest-oci-layout")`

feat: add nil pointer test 2024-08-05 16:50:40 -05:00			`invalidPlatform := &v1.Platform{`
			`Architecture: "invalid",`
			`OS: "invalid",`
			`}`

feat: add oci layout test 2024-08-05 11:24:28 -05:00			`opts := &attestation.SigningOptions{}`
refactor! remove pkg directory (#145) * refactor!: remove pkg directory * chore: include breaking changes in draft 2024-09-02 16:17:50 +01:00			`attIdx, err := oci.IndexFromPath(test.UnsignedTestImage(".."))`
feat: add oci layout test 2024-08-05 11:24:28 -05:00			`require.NoError(t, err)`
			`signedManifests, err := attest.SignStatements(ctx, attIdx.Index, signer, opts)`
			`require.NoError(t, err)`
			`signedIndex := attIdx.Index`
			`signedIndex, err = attestation.UpdateIndexImages(signedIndex, signedManifests)`
			`require.NoError(t, err)`
			`spec, err := oci.ParseImageSpec(oci.LocalPrefix + outputLayout)`
			`require.NoError(t, err)`
feat: support containerd subject annotations 2024-09-19 14:59:54 -05:00			`err = oci.SaveIndex(ctx, []*oci.ImageSpec{spec}, signedIndex, "docker.io/library/test-image:test")`
feat: add oci layout test 2024-08-05 11:24:28 -05:00			`require.NoError(t, err)`

feat: add nil pointer test 2024-08-05 16:50:40 -05:00			`testCases := []struct {`
			`name string`
			`platform *v1.Platform`
			`errorStr string`
			`}{`
			`{name: "nominal", platform: spec.Platform},`
			`{name: "invalid platform", platform: invalidPlatform, errorStr: "platform not found in index"},`
			`}`

			`for _, tc := range testCases {`
			`t.Run(tc.name, func(t *testing.T) {`
			`spec := &oci.ImageSpec{`
			`Type: oci.OCI,`
			`Identifier: outputLayout,`
			`Platform: tc.platform,`
			`}`
			`resolver, err := policy.CreateImageDetailsResolver(spec)`
			`if tc.errorStr != "" {`
			`require.Error(t, err)`
			`assert.Contains(t, err.Error(), tc.errorStr)`
			`return`
			`}`
			`require.NoError(t, err)`
			`desc, err := resolver.ImageDescriptor(ctx)`
			`require.NoError(t, err)`
			`digest := desc.Digest.String()`
			`assert.True(t, strings.Contains(digest, "sha256:"))`
			`})`
			`}`
feat: add oci layout test 2024-08-05 11:24:28 -05:00			`}`
feat: support containerd subject annotations 2024-09-19 14:59:54 -05:00
			`func TestSubjectNameAnnotations(t *testing.T) {`
			`testCases := []struct {`
			`name string`
			`ociLayoutPath string`
			`errorStr string`
			`}{`
			`{name: "oci annotation", ociLayoutPath: test.UnsignedTestImage("..")},`
			`{name: "containerd annotation", ociLayoutPath: filepath.Join("..", "test", "testdata", "containerd-subject-layout")},`
test: make test layouts smaller 2024-09-19 15:31:37 -05:00			`{name: "missing subject name", ociLayoutPath: filepath.Join("..", "test", "testdata", "missing-subject-layout"), errorStr: "failed to find subject name in annotations"},`
feat: support containerd subject annotations 2024-09-19 14:59:54 -05:00			`}`

			`for _, tc := range testCases {`
			`t.Run(tc.name, func(t *testing.T) {`
test: make test layouts smaller 2024-09-19 15:31:37 -05:00			`spec, err := oci.ParseImageSpec(oci.LocalPrefix+tc.ociLayoutPath, oci.WithPlatform("linux/arm64"))`
feat: support containerd subject annotations 2024-09-19 14:59:54 -05:00			`require.NoError(t, err)`
			`_, err = policy.CreateImageDetailsResolver(spec)`
			`if tc.errorStr != "" {`
			`require.Error(t, err)`
			`assert.Contains(t, err.Error(), tc.errorStr)`
			`return`
			`}`
			`require.NoError(t, err)`
			`})`
			`}`
			`}`