From 9b907b07218681cf2f868678611a4540bdf5c38e Mon Sep 17 00:00:00 2001
From: Denny Hoang <dhoang@vmware.com>
Date: Thu, 7 Apr 2022 13:41:35 -0400
Subject: [PATCH] Test two CIP with one authority unsigned

Signed-off-by: Denny Hoang <dhoang@vmware.com>
---
 .github/workflows/kind-cluster-image-policy.yaml | 9 ++++++++-
 test/testdata/cosigned/e2e/cip-key.yaml          | 2 +-
 test/testdata/cosigned/e2e/cip-keyless.yaml      | 2 +-
 3 files changed, 10 insertions(+), 3 deletions(-)

diff --git a/.github/workflows/kind-cluster-image-policy.yaml b/.github/workflows/kind-cluster-image-policy.yaml
index ab6634108629..f63e353677d8 100644
--- a/.github/workflows/kind-cluster-image-policy.yaml
+++ b/.github/workflows/kind-cluster-image-policy.yaml
@@ -166,7 +166,14 @@ jobs:
         yq '. | .spec.authorities[0].key.data |= load_str("cosign.pub")' ./test/testdata/cosigned/e2e/cip-key.yaml | \
           kubectl apply -f -
 
-    - name: Sign demoimage with cosign-test key
+    - name: Verify with two CIP, one not signed with public key
+      run: |
+        if kubectl create -n demo-key-signing job demo --image=${{ env.demoimage }}; then
+          echo Failed to block unsigned Job creation!
+          exit 1
+        fi
+
+    - name: Sign demoimage with cosign key
       run: |
         ./cosign sign --key cosign.key --force --allow-insecure-registry ${{ env.demoimage }}
 
diff --git a/test/testdata/cosigned/e2e/cip-key.yaml b/test/testdata/cosigned/e2e/cip-key.yaml
index 31362e495196..d4d8334905d8 100644
--- a/test/testdata/cosigned/e2e/cip-key.yaml
+++ b/test/testdata/cosigned/e2e/cip-key.yaml
@@ -15,7 +15,7 @@
 apiVersion: cosigned.sigstore.dev/v1alpha1
 kind: ClusterImagePolicy
 metadata:
-  name: image-policy
+  name: image-policy-key
 spec:
   images:
   - glob: registry.local:5000/cosigned/demo*
diff --git a/test/testdata/cosigned/e2e/cip-keyless.yaml b/test/testdata/cosigned/e2e/cip-keyless.yaml
index fffd246b8cc4..5408b8aabcbc 100644
--- a/test/testdata/cosigned/e2e/cip-keyless.yaml
+++ b/test/testdata/cosigned/e2e/cip-keyless.yaml
@@ -15,7 +15,7 @@
 apiVersion: cosigned.sigstore.dev/v1alpha1
 kind: ClusterImagePolicy
 metadata:
-  name: image-policy
+  name: image-policy-keyless
 spec:
   images:
   - glob: registry.local:5000/cosigned/demo*