def test_verify_docker_image_sha_missing(chain, build_link, decision_link, docker_image_link): chain.links = [build_link, decision_link, docker_image_link] # missing built sha docker_image_link.cot['artifacts']['path/image']['sha256'] = None with pytest.raises(CoTError): cotverify.verify_docker_image_sha(chain, build_link)
def test_verify_docker_image_sha_wrong_built_sha(chain, build_link, decision_link, docker_image_link): chain.links = [build_link, decision_link, docker_image_link] docker_image_link.cot['artifacts']['path/image']['sha256'] = "wrong_sha" with pytest.raises(CoTError): cotverify.verify_docker_image_sha(chain, build_link)
def test_verify_docker_image_sha_bad_allowlist(chain, build_link, decision_link, docker_image_link): chain.links = [build_link, decision_link, docker_image_link] # wrong docker hub sha decision_link.cot['environment']['imageHash'] = "sha256:not_allowlisted" with pytest.raises(CoTError): cotverify.verify_docker_image_sha(chain, decision_link)
def test_verify_docker_image_sha(chain, build_link, decision_link, docker_image_link): chain.links = [build_link, decision_link, docker_image_link] for link in chain.links: cotverify.verify_docker_image_sha(chain, link) # cover action == decision case decision_link.task_type = 'action' cotverify.verify_docker_image_sha(chain, decision_link)
def test_verify_docker_image_sha_wrong_task_id(chain, build_link, decision_link, docker_image_link): chain.links = [build_link, decision_link, docker_image_link] # wrong task id build_link.task['extra']['chainOfTrust']['inputs'][ 'docker-image'] = "wrong_task_id" with pytest.raises(CoTError): cotverify.verify_docker_image_sha(chain, build_link)
def test_verify_docker_image_sha(chain, build_link, decision_link, docker_image_link): chain.links = [build_link, decision_link, docker_image_link] for link in chain.links: cotverify.verify_docker_image_sha(chain, link)