Skip to content
New issue

Have a question about this project? # for a free GitHub account to open an issue and contact its maintainers and the community.

#

By clicking “#”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? # to your account

Jump to bottom

Cue policy in test file for two attestations does not work. #130

Open
vaikas opened this issue Aug 4, 2022 · 3 comments
Open

Cue policy in test file for two attestations does not work. #130

vaikas opened this issue Aug 4, 2022 · 3 comments
Assignees
@hectorj2f
Labels
bug Something isn't working

Comments

@vaikas
Copy link
Collaborator

vaikas commented Aug 4, 2022

Description
The following is a CIP policy json that's being evaluated:

{
  "authorityMatches": {
    "keyatt": {
      "signatures": null,
      "attestations": {
        "custom-match-predicate": [
          {
            "subject": "",
            "issuer": ""
          }
        ]
      }
    },
    "keylesssignature": {
      "signatures": [
        {
          "subject": "https://kubernetes.io/namespaces/default/serviceaccounts/default",
          "issuer": "https://kubernetes.default.svc/"
        }
      ],
      "attestations": null
    },
    "keysignature": {
      "signatures": [
        {
          "subject": "",
          "issuer": ""
        }
      ],
      "attestations": null
    }
  }
}

It is incorrectly passing with this policy file here:
https://github.com/sigstore/policy-controller/blob/main/test/testdata/policy-controller/e2e/cip-requires-two-signatures-and-two-attestations.yaml
And in particular here:
https://github.com/sigstore/policy-controller/blob/main/test/testdata/policy-controller/e2e/cip-requires-two-signatures-and-two-attestations.yaml#L95

Version
@vaikas vaikas added the bug Something isn't working label Aug 4, 2022
vaikas referenced this issue in vaikas/policy-controller Aug 4, 2022
@vaikas
Remove test due to #130
2762d7f 
Signed-off-by: Ville Aikas <vaikas@chainguard.dev>
@vaikas vaikas mentioned this issue Aug 4, 2022
Merged
hectorj2f pushed a commit that referenced this issue Aug 4, 2022
Merge pull request #131 from vaikas/remove-incorrectly-failing-test
6e9b0b8 
Remove test due to #130
This was referenced Aug 4, 2022
Merged
Closed
@hectorj2f hectorj2f self-assigned this Sep 22, 2022
@hectorj2f
Copy link
Collaborator

I believe this has been fixed!

@vaikas
Copy link
Collaborator Author

vaikas commented Jan 30, 2023

Awesome, is this test passing if you uncomment this?
https://github.com/sigstore/policy-controller/blob/main/test/e2e_test_cluster_image_policy_with_attestations.sh#L229

@hectorj2f hectorj2f mentioned this issue Jan 30, 2023
Closed
@vaikas
Copy link
Collaborator Author

vaikas commented Apr 11, 2023

This may help here:
https://tip.cuelang.org/play/?id=--Ep9vOrwU1#cue@export@cue

# for free to join this conversation on GitHub. Already have an account? # to comment
Assignees

@hectorj2f hectorj2f

Labels
bug Something isn't working
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@hectorj2f @vaikas