docker/attest
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

feat: add no policy file error

Browse Source
This commit is contained in:
mrjoelkamp
2024-08-14 16:25:41 -05:00
parent 5f17f97229
commit 52499053d2
2 changed files with 7 additions and 8 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
pkg/policy/policy.go
View File

@@ -42,6 +42,9 @@ func resolveLocalPolicy(opts *Options, mapping *config.PolicyMapping, imageName
digest = map[string]string{"sha256": util.SHA256Hex(fileContents)}
}
}
if URI == "" {
return nil, fmt.Errorf("no policy file found in policy mapping")
}
policy := &Policy{
InputFiles: files,
Mapping: mapping,
@@ -78,6 +81,9 @@ func resolveTUFPolicy(opts *Options, mapping *config.PolicyMapping, imageName st
digest = map[string]string{"sha256": file.Digest}
}
}
if URI == "" {
return nil, fmt.Errorf("no policy file found in policy mapping")
}
policy := &Policy{
InputFiles: files,
Mapping: mapping,

9
pkg/policy/policy_test.go
View File

@@ -33,7 +33,6 @@ func loadAttestation(t *testing.T, path string) *attestation.Envelope {
func TestRegoEvaluator_Evaluate(t *testing.T) {
ctx, _ := test.Setup(t)
resolveErrorStr := "failed to resolve policy by id: policy with id non-existent-policy-id not found"
evalErrorStr := "no policy evaluation result"
TestDataPath := filepath.Join("..", "..", "test", "testdata")
ExampleAttestation := filepath.Join(TestDataPath, "example_attestation.json")
@@ -51,7 +50,6 @@ func TestRegoEvaluator_Evaluate(t *testing.T) {
policy *policy.Options
policyID string
resolveErrorStr string
evalErrorStr string
}{
{repo: "testdata/mock-tuf-allow", expectSuccess: true, isCanonical: false, resolver: defaultResolver},
{repo: "testdata/mock-tuf-allow", expectSuccess: true, isCanonical: false, resolver: defaultResolver, policyID: "docker-official-images"},
@@ -61,7 +59,7 @@ func TestRegoEvaluator_Evaluate(t *testing.T) {
{repo: "testdata/mock-tuf-wrong-key", expectSuccess: false, isCanonical: false, resolver: defaultResolver},
{repo: "testdata/mock-tuf-allow-canonical", expectSuccess: true, isCanonical: true, resolver: defaultResolver},
{repo: "testdata/mock-tuf-allow-canonical", expectSuccess: false, isCanonical: false, resolver: defaultResolver},
{repo: "testdata/mock-tuf-no-rego", expectSuccess: false, isCanonical: false, resolver: defaultResolver, evalErrorStr: evalErrorStr},
{repo: "testdata/mock-tuf-no-rego", expectSuccess: false, isCanonical: false, resolver: defaultResolver, resolveErrorStr: "no policy file found in policy mapping"},
}
for _, tc := range testCases {
@@ -97,11 +95,6 @@ func TestRegoEvaluator_Evaluate(t *testing.T) {
require.NoErrorf(t, err, "failed to resolve policy")
require.NotNil(t, policy, "policy should not be nil")
result, err := re.Evaluate(ctx, tc.resolver, policy, input)
if tc.evalErrorStr != "" {
require.Error(t, err)
assert.Contains(t, err.Error(), tc.evalErrorStr)
return
}
require.NoErrorf(t, err, "Evaluate failed")
if tc.expectSuccess {