From e8770ecb4d057e664421dd2d5c220670fbc91900 Mon Sep 17 00:00:00 2001 From: junczhu Date: Sun, 25 Aug 2024 17:23:39 +0000 Subject: [PATCH] test: add k8s e2e scenarios --- test/bats/base-test.bats | 24 +++++++++++++++++++ .../config_v1beta1_verifier_notation_tsa.yaml | 24 +++++++++++++++++++ 2 files changed, 48 insertions(+) create mode 100644 test/bats/tests/config/config_v1beta1_verifier_notation_tsa.yaml diff --git a/test/bats/base-test.bats b/test/bats/base-test.bats index ca54ef361d..512b26dffe 100644 --- a/test/bats/base-test.bats +++ b/test/bats/base-test.bats @@ -96,6 +96,30 @@ RATIFY_NAMESPACE=gatekeeper-system assert_failure } +@test "notation test timestamping" { + teardown() { + echo "cleaning up" + wait_for_process ${WAIT_TIME} ${SLEEP_TIME} 'kubectl delete pod demo-tsa --namespace default --force --ignore-not-found=true' + + sed -i '10,$d' ./test/bats/tests/config/config_v1beta1_keymanagementprovider_inline.yaml + run kubectl apply -f ./test/bats/tests/config/config_v1beta1_verifier_notation_kmprovider.yaml + } + + # add the tsaroot certificate as an inline key management provider + cat ~/.ratify/ratify-certs/notation/tsarootca.cer | sed 's/^/ /g' >>./test/bats/tests/config/config_v1beta1_keymanagementprovider_inline.yaml + run kubectl apply -f ./test/bats/tests/config/config_v1beta1_keymanagementprovider_inline.yaml --namespace ${RATIFY_NAMESPACE} + assert_success + + # configure the notation verifier to use the inline key management provider + run kubectl apply -f ./test/bats/tests/config/config_v1beta1_verifier_notation_tsa.yaml + assert_success + sleep 10 + + # verify that the image can now be run + run kubectl run demo-tsa --namespace default --image=registry:5000/notation:tsa + assert_success +} + @test "notation test with certs across namespace" { teardown() { echo "cleaning up" diff --git a/test/bats/tests/config/config_v1beta1_verifier_notation_tsa.yaml b/test/bats/tests/config/config_v1beta1_verifier_notation_tsa.yaml new file mode 100644 index 0000000000..3310abca5f --- /dev/null +++ b/test/bats/tests/config/config_v1beta1_verifier_notation_tsa.yaml @@ -0,0 +1,24 @@ +apiVersion: config.ratify.deislabs.io/v1beta1 +kind: Verifier +metadata: + name: verifier-notation +spec: + name: notation + artifactTypes: application/vnd.cncf.notary.signature + parameters: + verificationCertStores: + tsa: + tsa-certs: + - keymanagementprovider-inline + trustPolicyDoc: + version: "1.0" + trustPolicies: + - name: default + registryScopes: + - "*" + signatureVerification: + level: strict + trustStores: + - tsa:tsa-certs + trustedIdentities: + - "*"