add unit test for HandleKeylessVerification

Signed-off-by: Dmitry S <dsavints@gmail.com>
sigstore · Jul 3, 2024 · 04e6465 · 04e6465
1 parent e8d2128
commit 04e6465
Showing 1 changed file with 40 additions and 0 deletions.
diff --git a/cmd/cosign/cli/verify/verify_test.go b/cmd/cosign/cli/verify/verify_test.go
@@ -35,7 +35,9 @@ import (
 
 	"github.com/google/go-containerregistry/pkg/name"
 	"github.com/sigstore/cosign/v2/cmd/cosign/cli/options"
+	"github.com/sigstore/cosign/v2/internal/pkg/cosign/fulcio/fulcioroots"
 	"github.com/sigstore/cosign/v2/internal/ui"
+	"github.com/sigstore/cosign/v2/pkg/cosign"
 	"github.com/sigstore/cosign/v2/pkg/oci"
 	"github.com/sigstore/cosign/v2/pkg/oci/static"
 	"github.com/sigstore/cosign/v2/test"
@@ -198,3 +200,41 @@ func TestVerifyCertMissingIssuer(t *testing.T) {
 		t.Fatal("verify expected 'need --certificate-oidc-issuer'")
 	}
 }
+
+func TestHandleKeylessVerification(t *testing.T) {
+	tests := []struct {
+		name             string
+		certChain        string
+		caRoots          string
+		caIntermediates  string
+		co               *cosign.CheckOpts
+		sigstoreRootFile string
+		wantErr          bool
+	}{
+		{
+			name:    "default fulcio",
+			wantErr: false,
+		},
+		{
+			name:             "non-existent SIGSTORE_ROOT_FILE",
+			sigstoreRootFile: "no-such-file.pem",
+		},
+	}
+	for _, tt := range tests {
+		t.Run(tt.name, func(t *testing.T) {
+			fulcioroots.ReInit()
+			if tt.sigstoreRootFile != "" {
+				os.Setenv("SIGSTORE_ROOT_FILE", tt.sigstoreRootFile)
+			}
+			if tt.co == nil {
+				tt.co = &cosign.CheckOpts{}
+			}
+			err := handleKeylessVerification("", "", "", tt.co)
+			if err == nil && tt.wantErr {
+				t.Fatalf("expected error but got none")
+			} else if err != nil && !tt.wantErr {
+				t.Fatalf("unexpected error: %v", err)
+			}
+		})
+	}
+}