Merge pull request #1758 from zregvart/issue/EC-588

More acceptance tests for inline rule data
enterprise-contract · Jul 18, 2024 · 8f03b31 · 8f03b31
2 parents 2c791a4 + 4461812
commit 8f03b31
Show file tree

Hide file tree

Showing 3 changed files with 74 additions and 20 deletions.
diff --git a/acceptance/kubernetes/kubernetes.go b/acceptance/kubernetes/kubernetes.go
@@ -27,6 +27,7 @@ import (
 
 	"github.com/cucumber/godog"
 	clr "github.com/doiit/picocolors"
+	jsonpatch "github.com/evanphx/json-patch/v5"
 	"golang.org/x/exp/maps"
 
 	"github.com/enterprise-contract/ec-cli/acceptance/crypto"
@@ -123,7 +124,7 @@ func createNamedPolicy(ctx context.Context, name string, specification *godog.Do
 	return c.cluster.CreateNamedPolicy(ctx, name, specification.Content)
 }
 
-func createNamedPolicyWithManySources(ctx context.Context, name string, amount int, source string) error {
+func createNamedPolicyWithManySources(ctx context.Context, name string, amount int, source string, patches *godog.Table) error {
 	c := testenv.FetchState[ClusterState](ctx)
 
 	if err := mustBeUp(ctx, *c); err != nil {
@@ -135,9 +136,22 @@ func createNamedPolicyWithManySources(ctx context.Context, name string, amount i
 		sources = append(sources, fmt.Sprintf(`{"policy": ["%s"]}`, source))
 	}
 
-	policy := fmt.Sprintf(`{"sources": [%s]}`, strings.Join(sources, ", "))
+	policy := []byte(fmt.Sprintf(`{"sources": [%s]}`, strings.Join(sources, ", ")))
 
-	return c.cluster.CreateNamedPolicy(ctx, name, policy)
+	for _, patch := range patches.Rows {
+		val := patch.Cells[0].Value
+		jp, err := jsonpatch.DecodePatch([]byte(val))
+		if err != nil {
+			return err
+		}
+
+		policy, err = jp.Apply(policy)
+		if err != nil {
+			return err
+		}
+	}
+
+	return c.cluster.CreateNamedPolicy(ctx, name, string(policy))
 }
 
 func createNamedSnapshot(ctx context.Context, name string, specification *godog.DocString) error {
@@ -446,12 +460,12 @@ func AddStepsTo(sc *godog.ScenarioContext) {
 	sc.Step(`^the task should succeed$`, theTaskShouldSucceed)
 	sc.Step(`^the task should fail$`, theTaskShouldFail)
 	sc.Step(`^an Snapshot named "([^"]*)" with specification$`, createNamedSnapshot)
-	sc.Step(`^an Snapshot named "([^"]*)" with (\d+) components signed with "([^"]*)" key`, createNamedSnapshotWithManyComponents)
+	sc.Step(`^an Snapshot named "([^"]*)" with (\d+) components signed with "([^"]*)" key$`, createNamedSnapshotWithManyComponents)
 	sc.Step(`^the task logs for step "([^"]*)" should match the snapshot$`, taskLogsShouldMatchTheSnapshot)
 	sc.Step(`^the task logs for step "([^"]*)" should contain "([^"]*)"$`, taskLogsShouldContain)
 	sc.Step(`^the task env var for step "([^"]*)" named "([^"]*)" should be set to "([^"]*)"$`, stepEnvVarShouldBe)
 	sc.Step(`^the task results should match the snapshot$`, taskResultsShouldMatchTheSnapshot)
-	sc.Step(`^policy configuration named "([^"]*)" with (\d+) policy sources from "([^"]*)"$`, createNamedPolicyWithManySources)
+	sc.Step(`^policy configuration named "([^"]*)" with (\d+) policy sources from "([^"]*)"(?:, patched with)$`, createNamedPolicyWithManySources)
 	// stop usage of the cluster once a test is done, godog will call this
 	// function on failure and on the last step, so more than once if the
 	// failure is not on the last step and once if there was no failure or the

diff --git a/features/__snapshots__/validate_image.snap b/features/__snapshots__/validate_image.snap
@@ -4873,52 +4873,82 @@ Error: success criteria not met
       {
         "policy": [
           "git::https://${GITHOST}/git/multitude-policy.git"
-        ]
+        ],
+        "ruleData": {
+          "key": "value"
+        }
       },
       {
         "policy": [
           "git::https://${GITHOST}/git/multitude-policy.git"
-        ]
+        ],
+        "ruleData": {
+          "something": "here"
+        }
       },
       {
         "policy": [
           "git::https://${GITHOST}/git/multitude-policy.git"
-        ]
+        ],
+        "ruleData": {
+          "key": "different"
+        }
       },
       {
         "policy": [
           "git::https://${GITHOST}/git/multitude-policy.git"
-        ]
+        ],
+        "ruleData": {
+          "hello": "world"
+        }
       },
       {
         "policy": [
           "git::https://${GITHOST}/git/multitude-policy.git"
-        ]
+        ],
+        "ruleData": {
+          "foo": "bar"
+        }
       },
       {
         "policy": [
           "git::https://${GITHOST}/git/multitude-policy.git"
-        ]
+        ],
+        "ruleData": {
+          "peek": "poke"
+        }
       },
       {
         "policy": [
           "git::https://${GITHOST}/git/multitude-policy.git"
-        ]
+        ],
+        "ruleData": {
+          "hide": "seek"
+        }
       },
       {
         "policy": [
           "git::https://${GITHOST}/git/multitude-policy.git"
-        ]
+        ],
+        "ruleData": {
+          "hokus": "pokus"
+        }
       },
       {
         "policy": [
           "git::https://${GITHOST}/git/multitude-policy.git"
-        ]
+        ],
+        "ruleData": {
+          "mr": "mxyzptlk"
+        }
       },
       {
         "policy": [
           "git::https://${GITHOST}/git/multitude-policy.git"
-        ]
+        ],
+        "ruleData": {
+          "more": "data"
+        }
       }
     ],
     "rekorUrl": "${REKOR}",

diff --git a/features/validate_image.feature b/features/validate_image.feature
@@ -411,7 +411,7 @@ Feature: evaluate enterprise contract
     When ec command is run with "validate image --image ${REGISTRY}/acceptance/ec-happy-day --policy acceptance/ec-policy --public-key ${known_PUBLIC_KEY} --rekor-url ${REKOR}  --show-successes"
     Then the exit status should be 0
     Then the output should match the snapshot
-  
+
   Scenario: policy rule filtering on imageRef
     Given a key pair named "known"
     Given an image named "acceptance/ec-happy-day"
@@ -1103,10 +1103,20 @@ Feature: evaluate enterprise contract
 
   Scenario: many components and sources
     Given a key pair named "known"
-    Given a git repository named "multitude-policy" with
+      And a git repository named "multitude-policy" with
       | main.rego | examples/happy_day.rego |
-    Given policy configuration named "ec-policy" with 10 policy sources from "git::https://${GITHOST}/git/multitude-policy.git"
-    Given an Snapshot named "multitude" with 10 components signed with "known" key
+      And policy configuration named "ec-policy" with 10 policy sources from "git::https://${GITHOST}/git/multitude-policy.git", patched with
+      | [{"op": "add", "path": "/sources/0/ruleData", "value": {"key": "value"}}]      |
+      | [{"op": "add", "path": "/sources/1/ruleData", "value": {"something": "here"}}] |
+      | [{"op": "add", "path": "/sources/2/ruleData", "value": {"key": "different"}}]  |
+      | [{"op": "add", "path": "/sources/3/ruleData", "value": {"hello": "world"}}]    |
+      | [{"op": "add", "path": "/sources/4/ruleData", "value": {"foo": "bar"}}]        |
+      | [{"op": "add", "path": "/sources/5/ruleData", "value": {"peek": "poke"}}]      |
+      | [{"op": "add", "path": "/sources/6/ruleData", "value": {"hide": "seek"}}]      |
+      | [{"op": "add", "path": "/sources/7/ruleData", "value": {"hokus": "pokus"}}]    |
+      | [{"op": "add", "path": "/sources/8/ruleData", "value": {"mr": "mxyzptlk"}}]    |
+      | [{"op": "add", "path": "/sources/9/ruleData", "value": {"more": "data"}}]      |
+      And an Snapshot named "multitude" with 10 components signed with "known" key
     When ec command is run with "validate image --snapshot acceptance/multitude --policy acceptance/ec-policy --public-key ${known_PUBLIC_KEY} --rekor-url ${REKOR}  --show-successes"
     Then the exit status should be 0
-    Then the output should match the snapshot
+     And the output should match the snapshot