Test two CIP with one authority unsigned

Signed-off-by: Denny Hoang <[email protected]>

.github/workflows/kind-cluster-image-policy.yaml

@@ -166,7 +166,14 @@ jobs:
         yq '. | .spec.authorities[0].key.data |= load_str("cosign.pub")' ./test/testdata/cosigned/e2e/cip-key.yaml | \
           kubectl apply -f -
 
-    - name: Sign demoimage with cosign-test key
+    - name: Verify with two CIP, one not signed with public key
+      run: |
+        if kubectl create -n demo-key-signing job demo --image=${{ env.demoimage }}; then
+          echo Failed to block unsigned Job creation!
+          exit 1
+        fi
+
+    - name: Sign demoimage with cosign key
       run: |
         ./cosign sign --key cosign.key --force --allow-insecure-registry ${{ env.demoimage }}
 

test/testdata/cosigned/e2e/cip-key.yaml

@@ -15,7 +15,7 @@
 apiVersion: cosigned.sigstore.dev/v1alpha1
 kind: ClusterImagePolicy
 metadata:
-  name: image-policy
+  name: image-policy-key
 spec:
   images:
   - glob: registry.local:5000/cosigned/demo*

test/testdata/cosigned/e2e/cip-keyless.yaml

@@ -15,7 +15,7 @@
 apiVersion: cosigned.sigstore.dev/v1alpha1
 kind: ClusterImagePolicy
 metadata:
-  name: image-policy
+  name: image-policy-keyless
 spec:
   images:
   - glob: registry.local:5000/cosigned/demo*