e2e: test signed provenance without rekor upload (#68)

Signed-off-by: Asra Ali <asraa@google.com>
2026-05-07 00:56:39 +00:00 · 2022-05-26 16:12:06 -05:00
parent f9e31da2a5
commit a411040704
5 changed files with 12 additions and 5 deletions
--- a/main_test.go
+++ b/main_test.go
@@ -286,6 +286,12 @@ func Test_runVerify(t *testing.T) {
 			err:         pkg.ErrorMismatchVersionedTag,
 		},
 		// TODO(laurent): add tests for special cases of buidlers' ref.
+		{
+			name:     "rekor upload bypassed",
+			artifact: "./testdata/binary-linux-amd64-no-tlog-upload",
+			source:   "github.com/asraa/slsa-on-github-test",
+			err:      pkg.ErrorRekorSearch,
+		},
 	}
 	for _, tt := range tests {
 		tt := tt // Re-initializing variable so it is not changed while executing the closure below
--- a/pkg/provenance.go
+++ b/pkg/provenance.go
@@ -64,7 +64,7 @@ var (
 	ErrorMismatchTag               = errors.New("tag used to generate the binary does not match provenance")
 	ErrorMismatchVersionedTag      = errors.New("tag used to generate the binary does not match provenance")
 	ErrorInvalidSemver             = errors.New("invalid semantic version")
-	errorRekorSearch               = errors.New("error searching rekor entries")
+	ErrorRekorSearch               = errors.New("error searching rekor entries")
 	errorMismatchHash              = errors.New("binary artifact hash does not match provenance subject")
 	errorInvalidVersion            = errors.New("invalid version")
 	errorInvalidRef                = errors.New("invalid ref")
@@ -106,11 +106,11 @@ func GetRekorEntries(rClient *client.Rekor, artifactHash string) ([]string, erro
 	params.Query = &models.SearchIndex{Hash: fmt.Sprintf("sha256:%v", artifactHash)}
 	resp, err := rClient.Index.SearchIndex(params)
 	if err != nil {
-		return nil, fmt.Errorf("%w: %s", errorRekorSearch, err.Error())
+		return nil, fmt.Errorf("%w: %s", ErrorRekorSearch, err.Error())
 	}

 	if len(resp.Payload) == 0 {
-		return nil, fmt.Errorf("%w: no matching entries found", errorRekorSearch)
+		return nil, fmt.Errorf("%w: no matching entries found", ErrorRekorSearch)
 	}

 	return resp.GetPayload(), nil
--- a/pkg/provenance_test.go
+++ b/pkg/provenance_test.go
@@ -55,7 +55,7 @@ func Test_GetRekorEntries(t *testing.T) {
 			res: searchResult{
 				err: index.NewSearchIndexDefault(500),
 			},
-			expected: errorRekorSearch,
+			expected: ErrorRekorSearch,
 		},
 		{
 			name:         "no rekor entries found",
@@ -66,7 +66,7 @@ func Test_GetRekorEntries(t *testing.T) {
 					Payload: []string{},
 				},
 			},
-			expected: errorRekorSearch,
+			expected: ErrorRekorSearch,
 		},
 		{
 			name:         "valid rekor entries found",
--- a/testdata/binary-linux-amd64-no-tlog-upload
+++ b/testdata/binary-linux-amd64-no-tlog-upload
--- a/testdata/binary-linux-amd64-no-tlog-upload.intoto.jsonl
+++ b/testdata/binary-linux-amd64-no-tlog-upload.intoto.jsonl