@@ -5916,3 +5916,228 @@ time="${TIMESTAMP}" level=warning msg="Attestation signature check skipped, fetc
59165916time = " ${TIMESTAMP}" level = warning msg = " Both --skip-image-sig-check and --skip-att-sig-check are active, all cryptographic verification is disabled"
59175917
59185918-- -
5919+
5920+ [TestFeatures / volatile config exclude matches multi - arch expanded component name :stdout - 1 ]
5921+ {
5922+ " success" : true ,
5923+ " components" : [
5924+ {
5925+ " name" : " multi-arch-test-sha256:a1b2c3d4e5f6a1b2c3d4e5f6a1b2c3d4e5f6a1b2c3d4e5f6a1b2c3d4e5f6a1b2-arm64" ,
5926+ " containerImage" : " ${REGISTRY}/acceptance/multi-arch-volatile@sha256:${REGISTRY_acceptance/multi-arch-volatile:latest_DIGEST}" ,
5927+ " source" : {},
5928+ " successes" : [
5929+ {
5930+ " msg" : " Pass" ,
5931+ " metadata" : {
5932+ " code" : " builtin.attestation.signature_check"
5933+ }
5934+ },
5935+ {
5936+ " msg" : " Pass" ,
5937+ " metadata" : {
5938+ " code" : " builtin.attestation.syntax_check"
5939+ }
5940+ },
5941+ {
5942+ " msg" : " Pass" ,
5943+ " metadata" : {
5944+ " code" : " builtin.image.signature_check"
5945+ }
5946+ },
5947+ {
5948+ " msg" : " Pass" ,
5949+ " metadata" : {
5950+ " code" : " filtering.always_pass"
5951+ }
5952+ },
5953+ {
5954+ " msg" : " Pass" ,
5955+ " metadata" : {
5956+ " code" : " filtering.always_pass_with_collection"
5957+ }
5958+ }
5959+ ],
5960+ " success" : true ,
5961+ " signatures" : [
5962+ {
5963+ " keyid" : " " ,
5964+ " sig" : " ${IMAGE_SIGNATURE_acceptance/multi-arch-volatile}"
5965+ }
5966+ ],
5967+ " attestations" : [
5968+ {
5969+ " type" : " https://in-toto.io/Statement/v0.1" ,
5970+ " predicateType" : " https://slsa.dev/provenance/v0.2" ,
5971+ " predicateBuildType" : " https://tekton.dev/attestations/chains/pipelinerun@v2" ,
5972+ " signatures" : [
5973+ {
5974+ " keyid" : " " ,
5975+ " sig" : " ${ATTESTATION_SIGNATURE_acceptance/multi-arch-volatile}"
5976+ }
5977+ ]
5978+ }
5979+ ]
5980+ }
5981+ ],
5982+ " key" : " ${known_PUBLIC_KEY_JSON}" ,
5983+ " policy" : {
5984+ " sources" : [
5985+ {
5986+ " policy" : [
5987+ " git::${GITHOST}/git/happy-day-policy.git?ref=${LATEST_COMMIT}"
5988+ ],
5989+ " config" : {
5990+ " include" : [
5991+ " @stamps" ,
5992+ " filtering.always_pass" ,
5993+ " filtering.always_fail"
5994+ ]
5995+ },
5996+ " volatileConfig" : {
5997+ " exclude" : [
5998+ {
5999+ " value" : " filtering.always_fail" ,
6000+ " componentNames" : [
6001+ " multi-arch-test"
6002+ ]
6003+ },
6004+ {
6005+ " value" : " filtering.always_fail_with_collection" ,
6006+ " componentNames" : [
6007+ " multi-arch-test"
6008+ ]
6009+ }
6010+ ]
6011+ }
6012+ }
6013+ ],
6014+ " publicKey" : " ${known_PUBLIC_KEY}"
6015+ },
6016+ " ec-version" : " ${EC_VERSION}" ,
6017+ " effective-time" : " ${TIMESTAMP}"
6018+ }
6019+ -- -
6020+
6021+ [TestFeatures / volatile config exclude matches multi - arch expanded component name :stderr - 1 ]
6022+
6023+ -- -
6024+
6025+ [TestFeatures / volatile config exclude does not match different multi - arch component :stdout - 1 ]
6026+ {
6027+ " success" : false ,
6028+ " components" : [
6029+ {
6030+ " name" : " other-component-sha256:a1b2c3d4e5f6a1b2c3d4e5f6a1b2c3d4e5f6a1b2c3d4e5f6a1b2c3d4e5f6a1b2-amd64" ,
6031+ " containerImage" : " ${REGISTRY}/acceptance/multi-arch-volatile-neg@sha256:${REGISTRY_acceptance/multi-arch-volatile-neg:latest_DIGEST}" ,
6032+ " source" : {},
6033+ " violations" : [
6034+ {
6035+ " msg" : " always fail" ,
6036+ " metadata" : {
6037+ " code" : " filtering.always_fail"
6038+ }
6039+ },
6040+ {
6041+ " msg" : " always fail with collection" ,
6042+ " metadata" : {
6043+ " code" : " filtering.always_fail_with_collection"
6044+ }
6045+ }
6046+ ],
6047+ " successes" : [
6048+ {
6049+ " msg" : " Pass" ,
6050+ " metadata" : {
6051+ " code" : " builtin.attestation.signature_check"
6052+ }
6053+ },
6054+ {
6055+ " msg" : " Pass" ,
6056+ " metadata" : {
6057+ " code" : " builtin.attestation.syntax_check"
6058+ }
6059+ },
6060+ {
6061+ " msg" : " Pass" ,
6062+ " metadata" : {
6063+ " code" : " builtin.image.signature_check"
6064+ }
6065+ },
6066+ {
6067+ " msg" : " Pass" ,
6068+ " metadata" : {
6069+ " code" : " filtering.always_pass"
6070+ }
6071+ },
6072+ {
6073+ " msg" : " Pass" ,
6074+ " metadata" : {
6075+ " code" : " filtering.always_pass_with_collection"
6076+ }
6077+ }
6078+ ],
6079+ " success" : false ,
6080+ " signatures" : [
6081+ {
6082+ " keyid" : " " ,
6083+ " sig" : " ${IMAGE_SIGNATURE_acceptance/multi-arch-volatile-neg}"
6084+ }
6085+ ],
6086+ " attestations" : [
6087+ {
6088+ " type" : " https://in-toto.io/Statement/v0.1" ,
6089+ " predicateType" : " https://slsa.dev/provenance/v0.2" ,
6090+ " predicateBuildType" : " https://tekton.dev/attestations/chains/pipelinerun@v2" ,
6091+ " signatures" : [
6092+ {
6093+ " keyid" : " " ,
6094+ " sig" : " ${ATTESTATION_SIGNATURE_acceptance/multi-arch-volatile-neg}"
6095+ }
6096+ ]
6097+ }
6098+ ]
6099+ }
6100+ ],
6101+ " key" : " ${known_PUBLIC_KEY_JSON}" ,
6102+ " policy" : {
6103+ " sources" : [
6104+ {
6105+ " policy" : [
6106+ " git::${GITHOST}/git/happy-day-policy.git?ref=${LATEST_COMMIT}"
6107+ ],
6108+ " config" : {
6109+ " include" : [
6110+ " @stamps" ,
6111+ " filtering.always_pass" ,
6112+ " filtering.always_fail"
6113+ ]
6114+ },
6115+ " volatileConfig" : {
6116+ " exclude" : [
6117+ {
6118+ " value" : " filtering.always_fail" ,
6119+ " componentNames" : [
6120+ " multi-arch-test"
6121+ ]
6122+ },
6123+ {
6124+ " value" : " filtering.always_fail_with_collection" ,
6125+ " componentNames" : [
6126+ " multi-arch-test"
6127+ ]
6128+ }
6129+ ]
6130+ }
6131+ }
6132+ ],
6133+ " publicKey" : " ${known_PUBLIC_KEY}"
6134+ },
6135+ " ec-version" : " ${EC_VERSION}" ,
6136+ " effective-time" : " ${TIMESTAMP}"
6137+ }
6138+ -- -
6139+
6140+ [TestFeatures / volatile config exclude does not match different multi - arch component :stderr - 1 ]
6141+ Error : success criteria not met
6142+
6143+ -- -
0 commit comments