Skip to content

Commit

Permalink
wip: use Passed instead of Error if policy fails
Browse files Browse the repository at this point in the history
  • Loading branch information
@mikhailswift
mikhailswift committed Nov 4, 2023
1 parent 2050622 commit ab3ab28
Show file tree
Hide file tree
Showing 2 changed files with 10 additions and 8 deletions.
2 changes: 1 addition & 1 deletion policy/policy.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -247,7 +247,7 @@ func (p Policy) Verify(ctx context.Context, opts ...VerifyOption) (PolicyResult,
resultsByStep[step] = modifiedResults
}

return PolicyResult{Passed: false, ResultsByStep: resultsByStep}, ErrPolicyDenied{Reasons: []string{"failed to find set of attestations that satisfies the policy"}}
return PolicyResult{Passed: false, ResultsByStep: resultsByStep}, nil
}

// checkFunctionaries checks to make sure the signature on each statement corresponds to a trusted functionary for
Expand Down
16 changes: 9 additions & 7 deletions policy/policy_test.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -144,7 +144,7 @@ deny[msg] {
intotoStatement, err := intoto.NewStatement(attestation.CollectionType, step1CollectionJson, map[string]cryptoutil.DigestSet{"dummy": {cryptoutil.DigestValue{Hash: crypto.SHA256}: "dummy"}})
require.NoError(t, err)

_, err = policy.Verify(
result, err := policy.Verify(
context.Background(),
WithSubjectDigests([]cryptoutil.DigestSet{{cryptoutil.DigestValue{Hash: crypto.SHA256}: "dummy"}}),
WithVerifiedSource(
Expand All @@ -161,8 +161,9 @@ deny[msg] {
),
)
assert.NoError(t, err)
assert.True(t, result.Passed)

_, err = policy.Verify(
result, err = policy.Verify(
context.Background(),
WithSubjectDigests([]cryptoutil.DigestSet{{cryptoutil.DigestValue{Hash: crypto.SHA256}: "dummy"}}),
WithVerifiedSource(
Expand All @@ -178,8 +179,9 @@ deny[msg] {
}),
),
)
assert.Error(t, err)
assert.IsType(t, ErrPolicyDenied{}, err)

assert.NoError(t, err)
assert.False(t, result.Passed)
}

func TestArtifacts(t *testing.T) {
Expand Down Expand Up @@ -299,7 +301,7 @@ func TestArtifacts(t *testing.T) {
require.NoError(t, err)
intotoStatement2, err = intoto.NewStatement(attestation.CollectionType, step2CollectionJson, map[string]cryptoutil.DigestSet{})
require.NoError(t, err)
_, err = policy.Verify(
result, err := policy.Verify(
context.Background(),
WithSubjectDigests([]cryptoutil.DigestSet{{cryptoutil.DigestValue{Hash: crypto.SHA256}: dummySha}}),
WithVerifiedSource(newDummyVerifiedSourcer([]source.VerifiedCollection{
Expand All @@ -321,8 +323,8 @@ func TestArtifacts(t *testing.T) {
},
})),
)
assert.Error(t, err)
assert.IsType(t, ErrPolicyDenied{}, err)
assert.NoError(t, err)
assert.False(t, result.Passed)
}

type DummyMaterialer struct {
Expand Down

0 comments on commit ab3ab28

Please sign in to comment.