Skip to content

Commit 5c18730

Browse files
test(integration): add integration test with verification config/verified policy
Signed-off-by: Fabrizio Sestito <fabrizio.sestito@suse.com>
1 parent a1be7ca commit 5c18730

File tree

1 file changed

+55
-0
lines changed

1 file changed

+55
-0
lines changed

tests/integration_test.rs

+55
Original file line numberDiff line numberDiff line change
@@ -275,6 +275,61 @@ async fn test_timeout_protection_reject() {
275275
);
276276
}
277277

278+
#[tokio::test]
279+
async fn test_verified_policy() {
280+
let verification_cfg_yml = r#"---
281+
allOf:
282+
- kind: pubKey
283+
owner: pubkey1.pub
284+
key: |
285+
-----BEGIN PUBLIC KEY-----
286+
MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEQiTy5S+2JFvVlhUwWPLziM7iTM2j
287+
byLgh2IjpNQN0Uio/9pZOTP/CsJmXoUNshfpTUHd3OxgHgz/6adtf2nBwQ==
288+
-----END PUBLIC KEY-----
289+
annotations:
290+
env: prod
291+
stable: "true"
292+
- kind: pubKey
293+
owner: pubkey2.pub
294+
key: |
295+
-----BEGIN PUBLIC KEY-----
296+
MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEx0HuqSss8DUIIUg3I006b1EQjj3Q
297+
igsTrvZ/Q3+h+81DkNJg4LzID1rz0UJFUcdzI5NqlFLSTDIQw0gVKOiK7g==
298+
-----END PUBLIC KEY-----
299+
annotations:
300+
env: prod
301+
"#;
302+
let verification_config = serde_yaml::from_str::<VerificationConfigV1>(verification_cfg_yml)
303+
.expect("Cannot parse verification config");
304+
305+
let mut config = default_test_config();
306+
config.policies = HashMap::from([(
307+
"pod-privileged".to_owned(),
308+
Policy {
309+
url: "ghcr.io/kubewarden/tests/pod-privileged:v0.2.1".to_owned(),
310+
policy_mode: PolicyMode::Protect,
311+
allowed_to_mutate: None,
312+
settings: None,
313+
context_aware_resources: BTreeSet::new(),
314+
},
315+
)]);
316+
config.verification_config = Some(verification_config);
317+
318+
let app = app(config).await;
319+
320+
let request = Request::builder()
321+
.method(http::Method::POST)
322+
.header(header::CONTENT_TYPE, "application/json")
323+
.uri("/validate/pod-privileged")
324+
.body(Body::from(include_str!(
325+
"data/pod_with_privileged_containers.json"
326+
)))
327+
.unwrap();
328+
329+
let response = app.oneshot(request).await.unwrap();
330+
assert_eq!(response.status(), 200);
331+
}
332+
278333
#[tokio::test]
279334
async fn test_policy_with_invalid_settings() {
280335
let mut config = default_test_config();

0 commit comments

Comments
 (0)