From 2ace988b1c60a669703846b1c2b8615e4d365da4 Mon Sep 17 00:00:00 2001 From: James Carnegie Date: Thu, 19 Sep 2024 13:54:10 +0100 Subject: [PATCH] chore: add test for RegoFnOpts (#171) --- policy/rego_test.go | 65 +++++++++++++++++++ policy/testdata/policies/test/fetch.rego | 7 ++ policy/testdata/policies/test/fetch_test.rego | 7 ++ 3 files changed, 79 insertions(+) create mode 100644 policy/rego_test.go create mode 100644 policy/testdata/policies/test/fetch.rego create mode 100644 policy/testdata/policies/test/fetch_test.rego diff --git a/policy/rego_test.go b/policy/rego_test.go new file mode 100644 index 0000000..127154a --- /dev/null +++ b/policy/rego_test.go @@ -0,0 +1,65 @@ +package policy + +import ( + "context" + "testing" + + "github.com/docker/attest/attestation" + v1 "github.com/google/go-containerregistry/pkg/v1" + "github.com/open-policy-agent/opa/tester" + "github.com/stretchr/testify/assert" + "github.com/stretchr/testify/require" +) + +func TestPolicy(t *testing.T) { + paths := []string{"testdata/policies/test"} + modules, store, err := tester.Load(paths, nil) + require.NoError(t, err) + resolver := &NullAttestationResolver{} + + opts := NewRegoFunctionOptions(resolver, nil) + ctx := context.Background() + ch, err := tester.NewRunner(). + SetStore(store). + AddCustomBuiltins(RegoFunctions(opts)). + CapturePrintOutput(true). + RaiseBuiltinErrors(true). + EnableTracing(true). + SetModules(modules). + RunTests(ctx, nil) + require.NoError(t, err) + require.NoError(t, err) + results := buffer(ch) + assert.Equalf(t, 1, len(results), "expected 1 results, got %d", len(results)) + assert.Truef(t, results[0].Pass(), "expected result 1 to pass, got %v", results[0]) + assert.True(t, resolver.called) +} + +func buffer[T any](ch chan T) []T { + var out []T + for v := range ch { + out = append(out, v) + } + return out +} + +type NullAttestationResolver struct { + called bool +} + +func (r *NullAttestationResolver) ImageName(_ context.Context) (string, error) { + return "", nil +} + +func (r *NullAttestationResolver) ImagePlatform(_ context.Context) (*v1.Platform, error) { + return v1.ParsePlatform("") +} + +func (r *NullAttestationResolver) ImageDescriptor(_ context.Context) (*v1.Descriptor, error) { + return nil, nil +} + +func (r *NullAttestationResolver) Attestations(_ context.Context, _ string) ([]*attestation.Envelope, error) { + r.called = true + return nil, nil +} diff --git a/policy/testdata/policies/test/fetch.rego b/policy/testdata/policies/test/fetch.rego new file mode 100644 index 0000000..4220832 --- /dev/null +++ b/policy/testdata/policies/test/fetch.rego @@ -0,0 +1,7 @@ +package attest + +import rego.v1 + +success if { + some env in attest.fetch("foo") +} diff --git a/policy/testdata/policies/test/fetch_test.rego b/policy/testdata/policies/test/fetch_test.rego new file mode 100644 index 0000000..4fbe1a4 --- /dev/null +++ b/policy/testdata/policies/test/fetch_test.rego @@ -0,0 +1,7 @@ +package attest + +import rego.v1 + +test_sucess if { + success +}