test: add missing fields to e2e fixtures

Signed-off-by: Flavio Castelli <[email protected]>

e2e.bats

@@ -2,131 +2,177 @@
 
 @test "Accept a valid signature" {
   run kwctl run  --request-path test_data/pod_creation_signed.json --settings-path test_data/settings-mutation-enabled.yaml annotated-policy.wasm
+
+  # this prints the output when one the checks below fails
+  echo "output = ${output}"
+
   [ "$status" -eq 0 ]
-  echo "$output"
   [ $(expr "$output" : '.*"allowed":true.*') -ne 0 ]
 }
 
 @test "Reject invalid signature" {
   run kwctl run  --request-path test_data/pod_creation_unsigned.json --settings-path test_data/settings-mutation-enabled.yaml annotated-policy.wasm
+
+  # this prints the output when one the checks below fails
+  echo "output = ${output}"
+
   [ "$status" -eq 0 ]
-  echo "$output"
   [ $(expr "$output" : '.*"allowed":false.*') -ne 0 ]
   [ $(expr "$output" : '.*"message":"Pod invalid-pod-name is not accepted: verification of image ghcr.io/kubewarden/test-verify-image-signatures:unsigned failed.*') -ne 0 ]
 }
 
 @test "Mutate Pod definition" {
   # Need to run the command inside of `bash -c` because of a bats
   # limitation: https://bats-core.readthedocs.io/en/stable/gotchas.html?highlight=pipe#my-piped-command-does-not-work-under-run
-
   run bash -c 'kwctl run \
     --request-path test_data/pod_creation_signed.json \
     --settings-path test_data/settings-mutation-enabled.yaml \
     annotated-policy.wasm 2>/dev/null | jq -er ".patch | @base64d"'
+
+  # this prints the output when one the checks below fails
+  echo "output = ${output}"
+
   [ "$status" -eq 0 ]
-  echo "$output"
   [ $(expr "$output" : '.*ghcr.io/kubewarden/test-verify-image-signatures:signed@sha256:1d9d3da4c60d27b77bb96bba738319c1c4424853fdd10f65982f9f2ca2422a72.*') -ne 0 ]
 }
 
 @test "Do not mutate Pod definition" {
   # Need to run the command inside of `bash -c` because of a bats
   # limitation: https://bats-core.readthedocs.io/en/stable/gotchas.html?highlight=pipe#my-piped-command-does-not-work-under-run
-
   run bash -c 'kwctl run \
     --request-path test_data/pod_creation_signed.json \
     --settings-path test_data/settings-mutation-disabled.yaml \
     annotated-policy.wasm 2>/dev/null | jq -er ".patch"'
+
+  # this prints the output when one the checks below fails
+  echo "output = ${output}"
+
   [ "$status" -eq 1 ]
-  echo "$output"
   [ $(expr "$output" : 'null') -ne 0 ]
 }
 
 @test "Accept a valid signature in a Deployment" {
   run kwctl run  --request-path test_data/deployment_creation_signed.json --settings-path test_data/settings-mutation-enabled.yaml annotated-policy.wasm
+
+  # this prints the output when one the checks below fails
+  echo "output = ${output}"
+
   [ "$status" -eq 0 ]
-  echo "$output"
   [ $(expr "$output" : '.*"allowed":true.*') -ne 0 ]
 }
 
 @test "Reject invalid signature in a Deployment" {
   run kwctl run  --request-path test_data/deployment_creation_unsigned.json --settings-path test_data/settings-mutation-enabled.yaml annotated-policy.wasm
+
+  # this prints the output when one the checks below fails
+  echo "output = ${output}"
+
   [ "$status" -eq 0 ]
-  echo "$output"
   [ $(expr "$output" : '.*"allowed":false.*') -ne 0 ]
   [ $(expr "$output" : '.*is not accepted: verification of image ghcr.io/kubewarden/test-verify-image-signatures:unsigned failed.*') -ne 0 ]
 }
 
 @test "Accept a valid signature in a StatefulSet" {
   run kwctl run  --request-path test_data/statefulset_creation_signed.json --settings-path test_data/settings-mutation-enabled.yaml annotated-policy.wasm
+
+  # this prints the output when one the checks below fails
+  echo "output = ${output}"
+
   [ "$status" -eq 0 ]
-  echo "$output"
   [ $(expr "$output" : '.*"allowed":true.*') -ne 0 ]
 }
 
 @test "Reject invalid signature in a StatefulSet" {
   run kwctl run  --request-path test_data/statefulset_creation_unsigned.json --settings-path test_data/settings-mutation-enabled.yaml annotated-policy.wasm
+
+  # this prints the output when one the checks below fails
+  echo "output = ${output}"
+
   [ "$status" -eq 0 ]
-  echo "$output"
   [ $(expr "$output" : '.*"allowed":false.*') -ne 0 ]
   [ $(expr "$output" : '.*is not accepted: verification of image ghcr.io/kubewarden/test-verify-image-signatures:unsigned failed.*') -ne 0 ]
 }
 
 @test "Accept a valid signature in a ReplicaSet" {
   run kwctl run  --request-path test_data/replicaset_creation_signed.json --settings-path test_data/settings-mutation-enabled.yaml annotated-policy.wasm
+
+  # this prints the output when one the checks below fails
+  echo "output = ${output}"
+
   [ "$status" -eq 0 ]
-  echo "$output"
   [ $(expr "$output" : '.*"allowed":true.*') -ne 0 ]
 }
 
 @test "Reject invalid signature in a ReplicaSet" {
   run kwctl run  --request-path test_data/replicaset_creation_unsigned.json --settings-path test_data/settings-mutation-enabled.yaml annotated-policy.wasm
+
+  # this prints the output when one the checks below fails
+  echo "output = ${output}"
+
   [ "$status" -eq 0 ]
-  echo "$output"
   [ $(expr "$output" : '.*"allowed":false.*') -ne 0 ]
   [ $(expr "$output" : '.*is not accepted: verification of image ghcr.io/kubewarden/test-verify-image-signatures:unsigned failed.*') -ne 0 ]
 }
 
 @test "Accept a valid signature in a ReplicationController" {
   run kwctl run  --request-path test_data/replicationcontroller_creation_signed.json --settings-path test_data/settings-mutation-enabled.yaml annotated-policy.wasm
+
+  # this prints the output when one the checks below fails
+  echo "output = ${output}"
+
   [ "$status" -eq 0 ]
-  echo "$output"
   [ $(expr "$output" : '.*"allowed":true.*') -ne 0 ]
 }
 
 @test "Reject invalid signature in a ReplicationController" {
   run kwctl run  --request-path test_data/replicationcontroller_creation_unsigned.json --settings-path test_data/settings-mutation-enabled.yaml annotated-policy.wasm
+
+  # this prints the output when one the checks below fails
+  echo "output = ${output}"
+
   [ "$status" -eq 0 ]
-  echo "$output"
   [ $(expr "$output" : '.*"allowed":false.*') -ne 0 ]
   [ $(expr "$output" : '.*is not accepted: verification of image ghcr.io/kubewarden/test-verify-image-signatures:unsigned failed.*') -ne 0 ]
 }
 
 @test "Accept a valid signature in a Job" {
   run kwctl run  --request-path test_data/job_creation_signed.json --settings-path test_data/settings-mutation-enabled.yaml annotated-policy.wasm
+
+  # this prints the output when one the checks below fails
+  echo "output = ${output}"
+
   [ "$status" -eq 0 ]
-  echo "$output"
   [ $(expr "$output" : '.*"allowed":true.*') -ne 0 ]
 }
 
 @test "Reject invalid signature in a Job" {
   run kwctl run  --request-path test_data/job_creation_unsigned.json --settings-path test_data/settings-mutation-enabled.yaml annotated-policy.wasm
+
+  # this prints the output when one the checks below fails
+  echo "output = ${output}"
+
   [ "$status" -eq 0 ]
-  echo "$output"
   [ $(expr "$output" : '.*"allowed":false.*') -ne 0 ]
   [ $(expr "$output" : '.*is not accepted: verification of image ghcr.io/kubewarden/test-verify-image-signatures:unsigned failed.*') -ne 0 ]
 }
 
 @test "Accept a valid signature in a CronJob" {
   run kwctl run  --request-path test_data/cronjob_creation_signed.json --settings-path test_data/settings-mutation-enabled.yaml annotated-policy.wasm
+
+  # this prints the output when one the checks below fails
+  echo "output = ${output}"
+
   [ "$status" -eq 0 ]
-  echo "$output"
   [ $(expr "$output" : '.*"allowed":true.*') -ne 0 ]
 }
 
 @test "Reject invalid signature in a CronJob" {
   run kwctl run  --request-path test_data/cronjob_creation_unsigned.json --settings-path test_data/settings-mutation-enabled.yaml annotated-policy.wasm
+
+  # this prints the output when one the checks below fails
+  echo "output = ${output}"
+
   [ "$status" -eq 0 ]
-  echo "$output"
   [ $(expr "$output" : '.*"allowed":false.*') -ne 0 ]
   [ $(expr "$output" : '.*is not accepted: verification of image ghcr.io/kubewarden/test-verify-image-signatures:unsigned failed.*') -ne 0 ]
 }
@@ -139,8 +185,11 @@
     --request-path test_data/pod_creation_signed_with_certificate.json \
     --settings-path test_data/settings-pod_signed_with_cert_and_rekor.yaml \
     annotated-policy.wasm | jq -r ".patch | @base64d"'
+
+  # this prints the output when one the checks below fails
+  echo "output = ${output}"
+
   [ "$status" -eq 0 ]
-  echo "$output"
   [ $(expr "$output" : '.*ghcr.io/kubewarden/tests/pod-privileged:v0.2.1@sha256:db48aecd83c2826eba154a84c4fbabe0977f96b3360b4c6098578eae5c2d2882.*') -ne 0 ]
 }
 
@@ -149,8 +198,11 @@
     --request-path test_data/pod_creation_signed_with_certificate.json \
     --settings-path test_data/settings-cert-verification-wrong-cert-chain.yaml \
     annotated-policy.wasm
+
+  # this prints the output when one the checks below fails
+  echo "output = ${output}"
+
   [ "$status" -eq 1 ]
-  echo "$output"
   [ $(expr "$output" : '.*Provided settings are not valid.*') -ne 0 ]
   [ $(expr "$output" : '.*Certificate not trusted: Certificate is not trusted by the provided cert chain.*') -ne 0 ]
 }

test_data/cronjob_creation_signed.json

@@ -1,9 +1,28 @@
 {
   "uid": "1299d386-525b-4032-98ae-1949f69f9cfc",
   "kind": {
+    "group": "batch",
     "kind": "CronJob",
     "version": "v1"
   },
+  "resource": {
+    "group": "batch",
+    "version": "v1",
+    "resource": "cronjobs"
+  },
+  "requestKind": {
+    "group": "batch",
+    "version": "v1",
+    "kind": "CronJob"
+  },
+  "userInfo": {
+    "username": "alice",
+    "uid": "alice-uid",
+    "groups": [
+      "system:authenticated"
+    ]
+  },
+  "operation": "CREATE",
   "object": {
     "metadata": {
       "name": "nginx"
@@ -25,17 +44,5 @@
         }
       }
     }
-  },
-  "operation": "CREATE",
-  "requestKind": {
-    "version": "v1",
-    "kind": "Job"
-  },
-  "userInfo": {
-    "username": "alice",
-    "uid": "alice-uid",
-    "groups": [
-      "system:authenticated"
-    ]
   }
-}
+}

test_data/cronjob_creation_unsigned.json

@@ -1,9 +1,28 @@
 {
   "uid": "1299d386-525b-4032-98ae-1949f69f9cfc",
   "kind": {
+    "group": "batch",
     "kind": "CronJob",
     "version": "v1"
   },
+  "resource": {
+    "group": "batch",
+    "version": "v1",
+    "resource": "cronjobs"
+  },
+  "operation": "CREATE",
+  "requestKind": {
+    "group": "batch",
+    "version": "v1",
+    "kind": "CronJob"
+  },
+  "userInfo": {
+    "username": "alice",
+    "uid": "alice-uid",
+    "groups": [
+      "system:authenticated"
+    ]
+  },
   "object": {
     "metadata": {
       "name": "nginx"
@@ -25,17 +44,5 @@
         }
       }
     }
-  },
-  "operation": "CREATE",
-  "requestKind": {
-    "version": "v1",
-    "kind": "Job"
-  },
-  "userInfo": {
-    "username": "alice",
-    "uid": "alice-uid",
-    "groups": [
-      "system:authenticated"
-    ]
   }
-}
+}

test_data/daemonset_creation_signed.json

@@ -1,9 +1,28 @@
 {
   "uid": "1299d386-525b-4032-98ae-1949f69f9cfc",
   "kind": {
+    "group": "apps",
     "kind": "DaemonSet",
     "version": "v1"
   },
+  "resource": {
+    "group": "apps",
+    "version": "v1",
+    "resource": "daemonsets"
+  },
+  "operation": "CREATE",
+  "requestKind": {
+    "group": "apps",
+    "version": "v1",
+    "kind": "DaemonSet"
+  },
+  "userInfo": {
+    "username": "alice",
+    "uid": "alice-uid",
+    "groups": [
+      "system:authenticated"
+    ]
+  },
   "object": {
     "metadata": {
       "name": "nginx"
@@ -20,17 +39,5 @@
         }
       }
     }
-  },
-  "operation": "CREATE",
-  "requestKind": {
-    "version": "v1",
-    "kind": "DaemonSet"
-  },
-  "userInfo": {
-    "username": "alice",
-    "uid": "alice-uid",
-    "groups": [
-      "system:authenticated"
-    ]
   }
-}
+}