Add apiVersion to trustedResources helper

This commit adds the apiVersion to the trustedResources helper which
now allows the getSignedTask and etc helpers to return verified CRDs
with the accepted apiVersions. This could help avoid confusions when we
are adding v1 CRDs to be verified in the test cases.

pkg/reconciler/pipelinerun/pipelinerun_test.go

@@ -11628,7 +11628,7 @@ spec:
 `)
 
 	signer, _, vps := test.SetupMatchAllVerificationPolicies(t, ts.Namespace)
-	signedTask, err := test.GetSignedV1beta1Task(ts, signer, "test-task")
+	signedTask, err := test.GetSignedTask(ts, signer, "test-task", "v1beta1")
 	if err != nil {
 		t.Fatal("fail to sign task", err)
 	}
@@ -11648,7 +11648,7 @@ spec:
         resolver: %s
 `, resolverName))
 
-	signedPipeline, err := test.GetSignedV1beta1Pipeline(ps, signer, "test-pipeline")
+	signedPipeline, err := test.GetSignedPipeline(ps, signer, "test-pipeline", "v1beta1")
 	if err != nil {
 		t.Fatal("fail to sign pipeline", err)
 	}
@@ -11765,7 +11765,7 @@ func TestReconcile_verifyResolved_V1beta1Pipeline_Error(t *testing.T) {
 	resolverName := "foobar"
 
 	// Case1: unsigned Pipeline refers to unsigned Task
-	unsignedTask := parse.MustParseV1beta1Task(t, `
+	unsignedV1beta1Task := parse.MustParseV1beta1Task(t, `
 metadata:
   name: test-task
   namespace: foo
@@ -11778,12 +11778,12 @@ spec:
        - name: foo
          value: bar
 `)
-	unsignedTaskBytes, err := yaml.Marshal(unsignedTask)
+	unsignedV1beta1TaskBytes, err := yaml.Marshal(unsignedV1beta1Task)
 	if err != nil {
 		t.Fatal("fail to marshal task", err)
 	}
 
-	unsignedPipeline := parse.MustParseV1beta1Pipeline(t, fmt.Sprintf(`
+	unsignedV1beta1Pipeline := parse.MustParseV1beta1Pipeline(t, fmt.Sprintf(`
 metadata:
   name: test-pipeline
   namespace: foo
@@ -11793,32 +11793,32 @@ spec:
       taskRef:
         resolver: %s
 `, resolverName))
-	unsignedPipelineBytes, err := yaml.Marshal(unsignedPipeline)
+	unsignedPipelineBytes, err := yaml.Marshal(unsignedV1beta1Pipeline)
 	if err != nil {
 		t.Fatal("fail to marshal task", err)
 	}
 
 	// Case2: signed Pipeline refers to unsigned Task
-	signer, _, vps := test.SetupMatchAllVerificationPolicies(t, unsignedTask.Namespace)
-	signedPipelineWithUnsignedTask, err := test.GetSignedV1beta1Pipeline(unsignedPipeline, signer, "test-pipeline")
+	signer, _, vps := test.SetupMatchAllVerificationPolicies(t, unsignedV1beta1Task.Namespace)
+	signedV1beta1PipelineWithUnsignedTask, err := test.GetSignedPipeline(unsignedV1beta1Pipeline, signer, "test-pipeline", "v1beta1")
 	if err != nil {
 		t.Fatal("fail to sign pipeline", err)
 	}
-	signedPipelineWithUnsignedTaskBytes, err := yaml.Marshal(signedPipelineWithUnsignedTask)
+	signedPipelineWithUnsignedTaskBytes, err := yaml.Marshal(signedV1beta1PipelineWithUnsignedTask)
 	if err != nil {
 		t.Fatal("fail to marshal task", err)
 	}
 
 	// Case3: signed Pipeline refers to modified Task
-	signedTask, err := test.GetSignedV1beta1Task(unsignedTask, signer, "test-task")
+	signedTask, err := test.GetSignedTask(unsignedV1beta1Task, signer, "test-task", "v1beta1")
 	if err != nil {
 		t.Fatal("fail to sign task", err)
 	}
 	signedTaskBytes, err := yaml.Marshal(signedTask)
 	if err != nil {
 		t.Fatal("fail to marshal task", err)
 	}
-	modifiedTask := signedTask.DeepCopy()
+	modifiedTask := signedTask.(*v1beta1.Task).DeepCopy()
 	if modifiedTask.Annotations == nil {
 		modifiedTask.Annotations = make(map[string]string)
 	}
@@ -11838,11 +11838,11 @@ spec:
       taskRef:
         resolver: %s
 `, resolverName))
-	signedPipelineWithModifiedTask, err := test.GetSignedV1beta1Pipeline(ps, signer, "test-pipeline")
+	signedV1beta1PipelineWithModifiedTask, err := test.GetSignedPipeline(ps, signer, "test-pipeline", "v1beta1")
 	if err != nil {
 		t.Fatal("fail to sign pipeline", err)
 	}
-	signedPipelineWithModifiedTaskBytes, err := yaml.Marshal(signedPipelineWithModifiedTask)
+	signedPipelineWithModifiedTaskBytes, err := yaml.Marshal(signedV1beta1PipelineWithModifiedTask)
 	if err != nil {
 		t.Fatal("fail to marshal task", err)
 	}
@@ -11858,11 +11858,11 @@ spec:
       taskRef:
         resolver: %s
 `, resolverName))
-	signedPipeline, err := test.GetSignedV1beta1Pipeline(ps, signer, "test-pipeline")
+	signedPipeline, err := test.GetSignedPipeline(ps, signer, "test-pipeline", "v1beta1")
 	if err != nil {
 		t.Fatal("fail to sign pipeline", err)
 	}
-	modifiedPipeline := signedPipeline.DeepCopy()
+	modifiedPipeline := signedPipeline.(*v1beta1.Pipeline).DeepCopy()
 	if modifiedPipeline.Annotations == nil {
 		modifiedPipeline.Annotations = make(map[string]string)
 	}
@@ -11902,12 +11902,12 @@ spec:
 		{
 			name:          "unsigned pipeline fails verification",
 			pipelineBytes: unsignedPipelineBytes,
-			taskBytes:     unsignedTaskBytes,
+			taskBytes:     unsignedV1beta1TaskBytes,
 		},
 		{
 			name:          "signed pipeline with unsigned task fails verification",
 			pipelineBytes: signedPipelineWithUnsignedTaskBytes,
-			taskBytes:     unsignedTaskBytes,
+			taskBytes:     unsignedV1beta1TaskBytes,
 		},
 		{
 			name:          "signed pipeline with modified task fails verification",
@@ -12100,7 +12100,7 @@ func TestReconcile_verifyResolved_V1Pipeline_Error(t *testing.T) {
 	resolverName := "foobar"
 
 	// Case1: unsigned Pipeline refers to unsigned Task
-	unsignedTask := parse.MustParseV1beta1Task(t, `
+	unsignedV1beta1Task := parse.MustParseV1beta1Task(t, `
 metadata:
   name: test-task
   namespace: foo
@@ -12113,12 +12113,12 @@ spec:
        - name: foo
          value: bar
 `)
-	unsignedTaskBytes, err := yaml.Marshal(unsignedTask)
+	unsignedV1beta1TaskBytes, err := yaml.Marshal(unsignedV1beta1Task)
 	if err != nil {
 		t.Fatal("fail to marshal task", err)
 	}
 
-	unsignedPipeline := parse.MustParseV1beta1Pipeline(t, fmt.Sprintf(`
+	unsignedV1beta1Pipeline := parse.MustParseV1beta1Pipeline(t, fmt.Sprintf(`
 metadata:
   name: test-pipeline
   namespace: foo
@@ -12128,32 +12128,32 @@ spec:
       taskRef:
         resolver: %s
 `, resolverName))
-	unsignedPipelineBytes, err := yaml.Marshal(unsignedPipeline)
+	unsignedPipelineBytes, err := yaml.Marshal(unsignedV1beta1Pipeline)
 	if err != nil {
 		t.Fatal("fail to marshal task", err)
 	}
 
 	// Case2: signed Pipeline refers to unsigned Task
-	signer, _, vps := test.SetupMatchAllVerificationPolicies(t, unsignedTask.Namespace)
-	signedPipelineWithUnsignedTask, err := test.GetSignedV1beta1Pipeline(unsignedPipeline, signer, "test-pipeline")
+	signer, _, vps := test.SetupMatchAllVerificationPolicies(t, unsignedV1beta1Task.Namespace)
+	signedV1beta1PipelineWithUnsignedTask, err := test.GetSignedPipeline(unsignedV1beta1Pipeline, signer, "test-pipeline", "v1beta1")
 	if err != nil {
 		t.Fatal("fail to sign pipeline", err)
 	}
-	signedPipelineWithUnsignedTaskBytes, err := yaml.Marshal(signedPipelineWithUnsignedTask)
+	signedPipelineWithUnsignedTaskBytes, err := yaml.Marshal(signedV1beta1PipelineWithUnsignedTask)
 	if err != nil {
 		t.Fatal("fail to marshal task", err)
 	}
 
 	// Case3: signed Pipeline refers to modified Task
-	signedTask, err := test.GetSignedV1beta1Task(unsignedTask, signer, "test-task")
+	signedTask, err := test.GetSignedTask(unsignedV1beta1Task, signer, "test-task", "v1beta1")
 	if err != nil {
 		t.Fatal("fail to sign task", err)
 	}
 	signedTaskBytes, err := yaml.Marshal(signedTask)
 	if err != nil {
 		t.Fatal("fail to marshal task", err)
 	}
-	modifiedTask := signedTask.DeepCopy()
+	modifiedTask := signedTask.(*v1beta1.Task).DeepCopy()
 	if modifiedTask.Annotations == nil {
 		modifiedTask.Annotations = make(map[string]string)
 	}
@@ -12173,11 +12173,11 @@ spec:
       taskRef:
         resolver: %s
 `, resolverName))
-	signedPipelineWithModifiedTask, err := test.GetSignedV1beta1Pipeline(ps, signer, "test-pipeline")
+	signedV1beta1PipelineWithModifiedTask, err := test.GetSignedPipeline(ps, signer, "test-pipeline", "v1beta1")
 	if err != nil {
 		t.Fatal("fail to sign pipeline", err)
 	}
-	signedPipelineWithModifiedTaskBytes, err := yaml.Marshal(signedPipelineWithModifiedTask)
+	signedPipelineWithModifiedTaskBytes, err := yaml.Marshal(signedV1beta1PipelineWithModifiedTask)
 	if err != nil {
 		t.Fatal("fail to marshal task", err)
 	}
@@ -12193,11 +12193,11 @@ spec:
       taskRef:
         resolver: %s
 `, resolverName))
-	signedPipeline, err := test.GetSignedV1beta1Pipeline(ps, signer, "test-pipeline")
+	signedPipeline, err := test.GetSignedPipeline(ps, signer, "test-pipeline", "v1beta1")
 	if err != nil {
 		t.Fatal("fail to sign pipeline", err)
 	}
-	modifiedPipeline := signedPipeline.DeepCopy()
+	modifiedPipeline := signedPipeline.(*v1beta1.Pipeline).DeepCopy()
 	if modifiedPipeline.Annotations == nil {
 		modifiedPipeline.Annotations = make(map[string]string)
 	}
@@ -12237,12 +12237,12 @@ spec:
 		{
 			name:          "unsigned pipeline fails verification",
 			pipelineBytes: unsignedPipelineBytes,
-			taskBytes:     unsignedTaskBytes,
+			taskBytes:     unsignedV1beta1TaskBytes,
 		},
 		{
 			name:          "signed pipeline with unsigned task fails verification",
 			pipelineBytes: signedPipelineWithUnsignedTaskBytes,
-			taskBytes:     unsignedTaskBytes,
+			taskBytes:     unsignedV1beta1TaskBytes,
 		},
 		{
 			name:          "signed pipeline with modified task fails verification",