From a4a141328a23dd22475649e7aefe1c7765e0509f Mon Sep 17 00:00:00 2001 From: Faye Date: Tue, 11 Nov 2025 16:10:27 +0100 Subject: [PATCH] Add tests to check for error response of assert artifact command --- cmd/kosli/assertArtifact_test.go | 30 +++++++++++++++++++ cmd/kosli/getAttestation_test.go | 4 +-- cmd/kosli/testHelpers.go | 4 +-- ...ssertArtifactCommandTestSuiteArtifact3.txt | 1 + 4 files changed, 35 insertions(+), 4 deletions(-) create mode 100644 cmd/kosli/testdata/artifacts/AssertArtifactCommandTestSuiteArtifact3.txt diff --git a/cmd/kosli/assertArtifact_test.go b/cmd/kosli/assertArtifact_test.go index d3b8fbe47..74a890f5d 100644 --- a/cmd/kosli/assertArtifact_test.go +++ b/cmd/kosli/assertArtifact_test.go @@ -25,6 +25,11 @@ type AssertArtifactCommandTestSuite struct { artifactName2 string artifact2Path string fingerprint2 string + flowName3 string + trailName string + artifactName3 string + artifact3Path string + fingerprint3 string } func (suite *AssertArtifactCommandTestSuite) SetupTest() { @@ -60,6 +65,19 @@ func (suite *AssertArtifactCommandTestSuite) SetupTest() { require.NoError(suite.Suite.T(), err) CreateArtifact(suite.flowName1, suite.fingerprint2, suite.artifactName2, suite.Suite.T()) CreateArtifact(suite.flowName2, suite.fingerprint2, suite.artifactName1, suite.Suite.T()) + + // Setup for asserting non-compliant artifact to check error response + suite.flowName3 = "assert-non-compliant-artifact" + suite.trailName = "non-compliant-trail" + suite.artifactName3 = "arti-for-AssertArtifactCommandTestSuite-non-compliant" + suite.artifact3Path = "testdata/artifacts/AssertArtifactCommandTestSuiteArtifact3.txt" + suite.fingerprint3, err = GetSha256Digest(suite.artifact3Path, fingerprintOptions, logger) + CreateFlow(suite.flowName3, suite.Suite.T()) + BeginTrail(suite.trailName, suite.flowName3, "", suite.Suite.T()) + CreateArtifactOnTrail(suite.flowName3, suite.trailName, "cli", suite.fingerprint3, suite.artifactName3, suite.Suite.T()) + require.NoError(suite.Suite.T(), err) + CreateGenericArtifactAttestation(suite.flowName3, suite.trailName, suite.fingerprint3, "failing-attestation", false, suite.Suite.T()) + require.NoError(suite.Suite.T(), err) } func (suite *AssertArtifactCommandTestSuite) TestAssertArtifactCmd() { @@ -169,6 +187,18 @@ func (suite *AssertArtifactCommandTestSuite) TestAssertArtifactCmd() { cmd: fmt.Sprintf(`assert artifact --fingerprint %s --environment %s --policy %s %s`, suite.fingerprint1, suite.envName, suite.policyName1, suite.defaultKosliArguments), golden: "Error: Cannot specify both 'environment_name' and 'policy_name' at the same time\n", }, + { + wantError: true, + name: "16 asserting a single existing non-compliant artifact (using --fingerprint) results in non-zero exit", + cmd: fmt.Sprintf(`assert artifact --fingerprint %s %s`, suite.fingerprint3, suite.defaultKosliArguments), + goldenRegex: "^Error: NON-COMPLIANT\n", + }, + { + wantError: true, + name: "17 asserting a single existing non-compliant artifact (using --artifact-type) results in non-zero exit", + cmd: fmt.Sprintf(`assert artifact %s --artifact-type file %s`, suite.artifact3Path, suite.defaultKosliArguments), + goldenRegex: "^Error: NON-COMPLIANT\n", + }, } runTestCmd(suite.Suite.T(), tests) diff --git a/cmd/kosli/getAttestation_test.go b/cmd/kosli/getAttestation_test.go index 1ca189146..47254d31f 100644 --- a/cmd/kosli/getAttestation_test.go +++ b/cmd/kosli/getAttestation_test.go @@ -42,9 +42,9 @@ func (suite *GetAttestationCommandTestSuite) SetupTest() { suite.fingerprint, err = GetSha256Digest(suite.artifactPath, fingerprintOptions, logger) require.NoError(suite.Suite.T(), err) CreateArtifactOnTrail(suite.flowName, suite.trailName, "cli", suite.fingerprint, suite.artifactName, suite.Suite.T()) - CreateGenericArtifactAttestation(suite.flowName, suite.trailName, suite.fingerprint, "first-artifact-attestation", suite.Suite.T()) + CreateGenericArtifactAttestation(suite.flowName, suite.trailName, suite.fingerprint, "first-artifact-attestation", true, suite.Suite.T()) CreateGenericTrailAttestation(suite.flowName, suite.trailName, "first-trail-attestation", suite.Suite.T()) - CreateGenericArtifactAttestation(suite.flowName, suite.trailName, suite.fingerprint, "second-artifact-attestation", suite.Suite.T()) + CreateGenericArtifactAttestation(suite.flowName, suite.trailName, suite.fingerprint, "second-artifact-attestation", true, suite.Suite.T()) CreateGenericTrailAttestation(suite.flowName, suite.trailName, "second-trail-attestation", suite.Suite.T()) } diff --git a/cmd/kosli/testHelpers.go b/cmd/kosli/testHelpers.go index 4734e588d..cffce42f4 100644 --- a/cmd/kosli/testHelpers.go +++ b/cmd/kosli/testHelpers.go @@ -500,7 +500,7 @@ func CreatePolicy(org, policyName string, t *testing.T) { require.NoError(t, err, "policy should be created without error") } -func CreateGenericArtifactAttestation(flowName, trailName, fingerprint, attestationName string, t *testing.T) { +func CreateGenericArtifactAttestation(flowName, trailName, fingerprint, attestationName string, compliant bool, t *testing.T) { t.Helper() o := &attestGenericOptions{ CommonAttestationOptions: &CommonAttestationOptions{ @@ -513,7 +513,7 @@ func CreateGenericArtifactAttestation(flowName, trailName, fingerprint, attestat CommonAttestationPayload: &CommonAttestationPayload{ ArtifactFingerprint: fingerprint, }, - Compliant: true, + Compliant: compliant, }, } err := o.run([]string{}) diff --git a/cmd/kosli/testdata/artifacts/AssertArtifactCommandTestSuiteArtifact3.txt b/cmd/kosli/testdata/artifacts/AssertArtifactCommandTestSuiteArtifact3.txt new file mode 100644 index 000000000..a63c35cc8 --- /dev/null +++ b/cmd/kosli/testdata/artifacts/AssertArtifactCommandTestSuiteArtifact3.txt @@ -0,0 +1 @@ +This shall only be used by the AssertArtifactCommandTestSuite and is the third, non-compliant, artifact