diff --git a/internal/test/test.go b/internal/test/test.go index 220d18b..73e26cc 100644 --- a/internal/test/test.go +++ b/internal/test/test.go @@ -10,7 +10,6 @@ import ( "testing" "github.com/docker/attest/pkg/attestation" - "github.com/docker/attest/pkg/oci" "github.com/docker/attest/pkg/policy" "github.com/docker/attest/pkg/signerverifier" "github.com/docker/attest/pkg/tlog" @@ -18,7 +17,6 @@ import ( "github.com/google/go-containerregistry/pkg/v1/layout" "github.com/google/go-containerregistry/pkg/v1/partial" intoto "github.com/in-toto/in-toto-golang/in_toto" - "github.com/open-policy-agent/opa/rego" "github.com/secure-systems-lab/go-securesystemslib/dsse" ) @@ -59,7 +57,7 @@ func Setup(t *testing.T) (context.Context, dsse.SignerVerifier) { var policyEvaluator policy.PolicyEvaluator if USE_MOCK_POLICY { - policyEvaluator = GetMockPolicy() + policyEvaluator = policy.GetMockPolicy() } else { policyEvaluator = policy.NewRegoEvaluator(true) } @@ -87,38 +85,6 @@ func GetMockSigner(ctx context.Context) (dsse.SignerVerifier, error) { return signerverifier.GenKeyPair() } -type MockPolicyEvaluator struct { - EvaluateFunc func(ctx context.Context, resolver oci.AttestationResolver, policy []*policy.PolicyFile, input *policy.PolicyInput) (*rego.ResultSet, error) -} - -func (pe *MockPolicyEvaluator) Evaluate(ctx context.Context, resolver oci.AttestationResolver, policy []*policy.PolicyFile, input *policy.PolicyInput) (*rego.ResultSet, error) { - if pe.EvaluateFunc != nil { - return pe.EvaluateFunc(ctx, resolver, policy, input) - } - return AllowedResult(), nil -} - -func GetMockPolicy() policy.PolicyEvaluator { - return &MockPolicyEvaluator{ - EvaluateFunc: func(ctx context.Context, resolver oci.AttestationResolver, pfs []*policy.PolicyFile, input *policy.PolicyInput) (*rego.ResultSet, error) { - return AllowedResult(), nil - }, - } -} - -func AllowedResult() *rego.ResultSet { - return ®o.ResultSet{ - { - Bindings: rego.Vars{}, - Expressions: []*rego.ExpressionValue{ - { - Value: true, - }, - }, - }, - } -} - type AnnotatedStatement struct { OCIDescriptor *v1.Descriptor InTotoStatement *intoto.Statement diff --git a/pkg/attest/verify_test.go b/pkg/attest/verify_test.go index 19e55ee..538081a 100644 --- a/pkg/attest/verify_test.go +++ b/pkg/attest/verify_test.go @@ -8,7 +8,6 @@ import ( "path/filepath" "testing" - "github.com/docker/attest/internal/test" "github.com/docker/attest/pkg/attestation" "github.com/docker/attest/pkg/oci" "github.com/docker/attest/pkg/policy" @@ -43,9 +42,9 @@ func TestVerifyAttestations(t *testing.T) { for _, tc := range testCases { t.Run(tc.name, func(t *testing.T) { - mockPE := test.MockPolicyEvaluator{ + mockPE := policy.MockPolicyEvaluator{ EvaluateFunc: func(ctx context.Context, resolver oci.AttestationResolver, pfs []*policy.PolicyFile, input *policy.PolicyInput) (*rego.ResultSet, error) { - return test.AllowedResult(), tc.policyEvaluationError + return policy.AllowedResult(), tc.policyEvaluationError }, } diff --git a/pkg/policy/mock.go b/pkg/policy/mock.go new file mode 100644 index 0000000..0f4e891 --- /dev/null +++ b/pkg/policy/mock.go @@ -0,0 +1,40 @@ +package policy + +import ( + "context" + + "github.com/docker/attest/pkg/oci" + "github.com/open-policy-agent/opa/rego" +) + +type MockPolicyEvaluator struct { + EvaluateFunc func(ctx context.Context, resolver oci.AttestationResolver, policy []*PolicyFile, input *PolicyInput) (*rego.ResultSet, error) +} + +func (pe *MockPolicyEvaluator) Evaluate(ctx context.Context, resolver oci.AttestationResolver, policy []*PolicyFile, input *PolicyInput) (*rego.ResultSet, error) { + if pe.EvaluateFunc != nil { + return pe.EvaluateFunc(ctx, resolver, policy, input) + } + return AllowedResult(), nil +} + +func GetMockPolicy() PolicyEvaluator { + return &MockPolicyEvaluator{ + EvaluateFunc: func(ctx context.Context, resolver oci.AttestationResolver, pfs []*PolicyFile, input *PolicyInput) (*rego.ResultSet, error) { + return AllowedResult(), nil + }, + } +} + +func AllowedResult() *rego.ResultSet { + return ®o.ResultSet{ + { + Bindings: rego.Vars{}, + Expressions: []*rego.ExpressionValue{ + { + Value: true, + }, + }, + }, + } +}