diff --git a/notation_test.go b/notation_test.go index 6e31a31d..64fbe07a 100644 --- a/notation_test.go +++ b/notation_test.go @@ -490,7 +490,7 @@ func (s *verifyMetadataSigner) Sign(_ context.Context, desc ocispec.Descriptor, } type dummyVerifier struct { - TrustPolicyDoc *trustpolicy.OCIDocument + TrustPolicyDoc *trustpolicy.Document PluginManager plugin.Manager FailVerify bool VerificationLevel trustpolicy.VerificationLevel diff --git a/verifier/helpers_test.go b/verifier/helpers_test.go index fea0c65e..c1f445e6 100644 --- a/verifier/helpers_test.go +++ b/verifier/helpers_test.go @@ -60,7 +60,7 @@ func TestLoadX509TrustStore(t *testing.T) { // load "ca" and "signingAuthority" trust store caStore := "ca:valid-trust-store" signingAuthorityStore := "signingAuthority:valid-trust-store" - dummyPolicy := dummyOCIPolicyDocument().TrustPolicies[0] + dummyPolicy := dummyPolicyDocument().TrustPolicies[0] dummyPolicy.TrustStores = []string{caStore, signingAuthorityStore} dir.UserConfigDir = "testdata" x509truststore := truststore.NewX509TrustStore(dir.ConfigFS()) @@ -138,10 +138,10 @@ func getArtifactDigestFromReference(artifactReference string) (string, error) { return artifactReference[i+1:], nil } -func dummyOCIPolicyDocument() (policyDoc trustpolicy.OCIDocument) { - return trustpolicy.OCIDocument{ +func dummyPolicyDocument() (policyDoc trustpolicy.Document) { + return trustpolicy.Document{ Version: "1.0", - TrustPolicies: []trustpolicy.OCITrustPolicy{ + TrustPolicies: []trustpolicy.TrustPolicy{ { Name: "test-statement-name", RegistryScopes: []string{"registry.acme-rockets.io/software/net-monitor"}, @@ -153,9 +153,9 @@ func dummyOCIPolicyDocument() (policyDoc trustpolicy.OCIDocument) { } } -func dummyInvalidOCIPolicyDocument() (policyDoc trustpolicy.OCIDocument) { - return trustpolicy.OCIDocument{ - TrustPolicies: []trustpolicy.OCITrustPolicy{ +func dummyInvalidPolicyDocument() (policyDoc trustpolicy.Document) { + return trustpolicy.Document{ + TrustPolicies: []trustpolicy.TrustPolicy{ { Name: "invalid", }, diff --git a/verifier/trustpolicy/oci.go b/verifier/trustpolicy/oci.go index e236171a..78c846a4 100644 --- a/verifier/trustpolicy/oci.go +++ b/verifier/trustpolicy/oci.go @@ -25,17 +25,17 @@ import ( "github.com/notaryproject/notation-go/internal/trustpolicy" ) -// OCIDocument represents a trustPolicy.json document for OCI artifacts -type OCIDocument struct { +// Document represents a trustpolicy.json document +type Document struct { // Version of the policy document Version string `json:"version"` // TrustPolicies include each policy statement - TrustPolicies []OCITrustPolicy `json:"trustPolicies"` + TrustPolicies []TrustPolicy `json:"trustPolicies"` } -// OCITrustPolicy represents a policy statement in the policy document for OCI artifacts -type OCITrustPolicy struct { +// TrustPolicy represents a policy statement in the policy document +type TrustPolicy struct { // Name of the policy statement Name string `json:"name"` @@ -52,29 +52,11 @@ type OCITrustPolicy struct { RegistryScopes []string `json:"registryScopes"` } -// Document represents a trustPolicy.json document -// -// Deprecated: Document exists for historical compatibility and should not be used. -// To create OCI Document, use OCIDocument. -type Document = OCIDocument - -// TrustPolicy represents a policy statement in the policy document -// -// Deprecated: TrustPolicy exists for historical compatibility and should not be used. -// To create OCI TrustPolicy, use OCITrustPolicy. -type TrustPolicy = OCITrustPolicy - -// LoadDocument loads a trust policy document from a local file system -// -// Deprecated: LoadDocument function exists for historical compatibility and should not be used. -// To load OCI Document, use LoadOCIDocument function. -var LoadDocument = LoadOCIDocument - var supportedOCIPolicyVersions = []string{"1.0"} -// LoadOCIDocument retrieves a trust policy document from the local file system. -func LoadOCIDocument() (*OCIDocument, error) { - var doc OCIDocument +// LoadDocument retrieves a trust policy document from the local file system. +func LoadDocument() (*Document, error) { + var doc Document if err := getDocument(dir.PathTrustPolicy, &doc); err != nil { return nil, err } @@ -83,7 +65,7 @@ func LoadOCIDocument() (*OCIDocument, error) { // Validate validates a policy document according to its version's rule set. // if any rule is violated, returns an error -func (policyDoc *OCIDocument) Validate() error { +func (policyDoc *Document) Validate() error { // sanity check if policyDoc == nil { return errors.New("oci trust policy document cannot be nil") @@ -128,14 +110,14 @@ func (policyDoc *OCIDocument) Validate() error { // statement that applies to the given registry scope. If no applicable trust // policy is found, returns an error // see https://github.com/notaryproject/notaryproject/blob/v1.0.0/specs/trust-store-trust-policy.md#selecting-a-trust-policy-based-on-artifact-uri -func (policyDoc *OCIDocument) GetApplicableTrustPolicy(artifactReference string) (*OCITrustPolicy, error) { +func (policyDoc *Document) GetApplicableTrustPolicy(artifactReference string) (*TrustPolicy, error) { artifactPath, err := getArtifactPathFromReference(artifactReference) if err != nil { return nil, err } - var wildcardPolicy *OCITrustPolicy - var applicablePolicy *OCITrustPolicy + var wildcardPolicy *TrustPolicy + var applicablePolicy *TrustPolicy for _, policyStatement := range policyDoc.TrustPolicies { if slices.Contains(policyStatement.RegistryScopes, trustpolicy.Wildcard) { // we need to deep copy because we can't use the loop variable @@ -158,8 +140,8 @@ func (policyDoc *OCIDocument) GetApplicableTrustPolicy(artifactReference string) } // clone returns a pointer to the deeply copied TrustPolicy -func (t *OCITrustPolicy) clone() *OCITrustPolicy { - return &OCITrustPolicy{ +func (t *TrustPolicy) clone() *TrustPolicy { + return &TrustPolicy{ Name: t.Name, SignatureVerification: t.SignatureVerification, TrustedIdentities: append([]string(nil), t.TrustedIdentities...), @@ -170,7 +152,7 @@ func (t *OCITrustPolicy) clone() *OCITrustPolicy { // validateRegistryScopes validates if the policy document is following the // Notary Project spec rules for registry scopes -func validateRegistryScopes(policyDoc *OCIDocument) error { +func validateRegistryScopes(policyDoc *Document) error { registryScopeCount := make(map[string]int) for _, statement := range policyDoc.TrustPolicies { // Verify registry scopes are valid diff --git a/verifier/trustpolicy/oci_test.go b/verifier/trustpolicy/oci_test.go index d72ff9f7..541bb26a 100644 --- a/verifier/trustpolicy/oci_test.go +++ b/verifier/trustpolicy/oci_test.go @@ -33,7 +33,7 @@ func TestLoadOCIDocumentFromOldFileLocation(t *testing.T) { } t.Cleanup(func() { os.RemoveAll(tempRoot) }) - if _, err := LoadOCIDocument(); err != nil { + if _, err := LoadDocument(); err != nil { t.Fatalf("LoadOCIDocument() should not throw error for an existing policy file. Error: %v", err) } } @@ -48,7 +48,7 @@ func TestLoadOCIDocumentFromNewFileLocation(t *testing.T) { } t.Cleanup(func() { os.RemoveAll(tempRoot) }) - if _, err := LoadOCIDocument(); err != nil { + if _, err := LoadDocument(); err != nil { t.Fatalf("LoadOCIDocument() should not throw error for an existing policy file. Error: %v", err) } } @@ -56,7 +56,7 @@ func TestLoadOCIDocumentFromNewFileLocation(t *testing.T) { func TestLoadOCIDocumentError(t *testing.T) { tempRoot := t.TempDir() dir.UserConfigDir = tempRoot - if _, err := LoadOCIDocument(); err == nil { + if _, err := LoadDocument(); err == nil { t.Fatalf("LoadOCIDocument() should throw error if OCI trust policy is not found") } } @@ -72,7 +72,7 @@ func TestApplicableTrustPolicy(t *testing.T) { policyStatement.RegistryScopes = []string{registryScope} policyStatement.SignatureVerification = SignatureVerification{VerificationLevel: "strict"} - policyDoc.TrustPolicies = []OCITrustPolicy{ + policyDoc.TrustPolicies = []TrustPolicy{ policyStatement, } // existing Registry Scope @@ -88,7 +88,7 @@ func TestApplicableTrustPolicy(t *testing.T) { } // wildcard registry scope - wildcardStatement := OCITrustPolicy{ + wildcardStatement := TrustPolicy{ Name: "test-statement-name-2", SignatureVerification: SignatureVerification{VerificationLevel: "skip"}, TrustStores: []string{}, @@ -96,7 +96,7 @@ func TestApplicableTrustPolicy(t *testing.T) { RegistryScopes: []string{"*"}, } - policyDoc.TrustPolicies = []OCITrustPolicy{ + policyDoc.TrustPolicies = []TrustPolicy{ policyStatement, wildcardStatement, } @@ -110,7 +110,7 @@ func TestApplicableTrustPolicy(t *testing.T) { // and tests various validations on policy elements func TestValidateInvalidPolicyDocument(t *testing.T) { // Sanity check - var nilPolicyDoc *OCIDocument + var nilPolicyDoc *Document err := nilPolicyDoc.Validate() if err == nil || err.Error() != "oci trust policy document cannot be nil" { t.Fatalf("nil policyDoc should return error") @@ -153,7 +153,7 @@ func TestValidateInvalidPolicyDocument(t *testing.T) { policyStatement1 := policyDoc.TrustPolicies[0].clone() policyStatement2 := policyDoc.TrustPolicies[0].clone() policyStatement2.Name = "test-statement-name-2" - policyDoc.TrustPolicies = []OCITrustPolicy{*policyStatement1, *policyStatement2} + policyDoc.TrustPolicies = []TrustPolicy{*policyStatement1, *policyStatement2} err = policyDoc.Validate() if err == nil || err.Error() != "registry scope \"registry.acme-rockets.io/software/net-monitor\" is present in multiple oci trust policy statements, one registry scope value can only be associated with one statement" { t.Fatalf("Policy statements with same registry scope should return error %q", err) @@ -279,7 +279,7 @@ func TestValidateInvalidPolicyDocument(t *testing.T) { policyStatement1 = policyDoc.TrustPolicies[0].clone() policyStatement2 = policyDoc.TrustPolicies[0].clone() policyStatement2.RegistryScopes = []string{"registry.acme-rockets.io/software/legacy/metrics"} - policyDoc.TrustPolicies = []OCITrustPolicy{*policyStatement1, *policyStatement2} + policyDoc.TrustPolicies = []TrustPolicy{*policyStatement1, *policyStatement2} err = policyDoc.Validate() if err == nil || err.Error() != "multiple oci trust policy statements use the same name \"test-statement-name\", statement names must be unique" { t.Fatalf("policy statements with same name should return error") @@ -376,7 +376,7 @@ func TestValidateValidPolicyDocument(t *testing.T) { policyStatement8.RegistryScopes = []string{"registry.acme-rockets.io/software/net-monitor8"} policyStatement8.SignatureVerification.VerifyTimestamp = OptionAfterCertExpiry - policyDoc.TrustPolicies = []OCITrustPolicy{ + policyDoc.TrustPolicies = []TrustPolicy{ *policyStatement1, *policyStatement2, *policyStatement3, diff --git a/verifier/trustpolicy/trustpolicy_test.go b/verifier/trustpolicy/trustpolicy_test.go index 96b758e1..ff948621 100644 --- a/verifier/trustpolicy/trustpolicy_test.go +++ b/verifier/trustpolicy/trustpolicy_test.go @@ -26,10 +26,10 @@ import ( "github.com/notaryproject/notation-go/dir" ) -func dummyOCIPolicyDocument() OCIDocument { - return OCIDocument{ +func dummyOCIPolicyDocument() Document { + return Document{ Version: "1.0", - TrustPolicies: []OCITrustPolicy{ + TrustPolicies: []TrustPolicy{ { Name: "test-statement-name", RegistryScopes: []string{"registry.acme-rockets.io/software/net-monitor"}, @@ -292,7 +292,7 @@ func TestGetDocument(t *testing.T) { t.Skip("skipping test on Windows") } dir.UserConfigDir = "/" - var ociDoc OCIDocument + var ociDoc Document tests := []struct { name string expectedDocument any @@ -325,7 +325,7 @@ func TestGetDocument(t *testing.T) { func TestGetDocumentErrors(t *testing.T) { dir.UserConfigDir = "/" t.Run("non-existing policy file", func(t *testing.T) { - var doc OCIDocument + var doc Document if err := getDocument("blaah", &doc); err == nil || err.Error() != fmt.Sprintf("trust policy is not present. To create a trust policy, see: %s", trustPolicyLink) { t.Fatalf("getDocument() should throw error for non existent policy") } @@ -342,7 +342,7 @@ func TestGetDocumentErrors(t *testing.T) { } t.Cleanup(func() { os.RemoveAll(tempRoot) }) - var doc OCIDocument + var doc Document if err := getDocument(path, &doc); err == nil || err.Error() != fmt.Sprintf("malformed trust policy. To create a trust policy, see: %s", trustPolicyLink) { t.Fatalf("getDocument() should throw error for invalid policy file. Error: %v", err) } @@ -359,7 +359,7 @@ func TestGetDocumentErrors(t *testing.T) { t.Fatalf("creation of invalid permission policy file failed. Error: %v", err) } expectedErrMsg := fmt.Sprintf("unable to read trust policy due to file permissions, please verify the permissions of %s", path) - var doc OCIDocument + var doc Document if err := getDocument(path, &doc); err == nil || err.Error() != expectedErrMsg { t.Errorf("getDocument() should throw error for a policy file with bad permissions. "+ "Expected error: '%v'qq but found '%v'", expectedErrMsg, err.Error()) @@ -380,7 +380,7 @@ func TestGetDocumentErrors(t *testing.T) { if err := os.Symlink(path, symlinkPath); err != nil { t.Fatalf("creation of symlink for policy file failed. Error: %v", err) } - var doc OCIDocument + var doc Document if err := getDocument(symlinkPath, &doc); err == nil || !strings.HasPrefix(err.Error(), "trust policy is not a regular file (symlinks are not supported)") { t.Fatalf("getDocument() should throw error for a symlink policy file. Error: %v", err) } diff --git a/verifier/verifier.go b/verifier/verifier.go index 2c1e3f7d..4570bb90 100644 --- a/verifier/verifier.go +++ b/verifier/verifier.go @@ -51,7 +51,7 @@ import ( // verifier implements notation.Verifier and notation.verifySkipper type verifier struct { - trustPolicyDoc *trustpolicy.OCIDocument + trustPolicyDoc *trustpolicy.Document trustStore truststore.X509TrustStore pluginManager plugin.Manager revocationClient revocation.Revocation @@ -82,7 +82,7 @@ type VerifierOptions struct { // NewFromConfig returns a verifier based on local file system. func NewFromConfig() (notation.Verifier, error) { // load trust policy - policyDocument, err := trustpolicy.LoadOCIDocument() + policyDocument, err := trustpolicy.LoadDocument() if err != nil { return nil, err } @@ -93,13 +93,13 @@ func NewFromConfig() (notation.Verifier, error) { } // New creates a new verifier given trustPolicy, trustStore and pluginManager -func New(trustPolicy *trustpolicy.OCIDocument, trustStore truststore.X509TrustStore, pluginManager plugin.Manager) (notation.Verifier, error) { +func New(trustPolicy *trustpolicy.Document, trustStore truststore.X509TrustStore, pluginManager plugin.Manager) (notation.Verifier, error) { return NewWithOptions(trustPolicy, trustStore, pluginManager, VerifierOptions{}) } // NewWithOptions creates a new verifier given trustPolicy, trustStore, // pluginManager, and verifierOptions -func NewWithOptions(trustPolicy *trustpolicy.OCIDocument, trustStore truststore.X509TrustStore, pluginManager plugin.Manager, verifierOptions VerifierOptions) (notation.Verifier, error) { +func NewWithOptions(trustPolicy *trustpolicy.Document, trustStore truststore.X509TrustStore, pluginManager plugin.Manager, verifierOptions VerifierOptions) (notation.Verifier, error) { if trustStore == nil { return nil, errors.New("trustStore cannot be nil") } diff --git a/verifier/verifier_test.go b/verifier/verifier_test.go index 089091c3..39793c56 100644 --- a/verifier/verifier_test.go +++ b/verifier/verifier_test.go @@ -45,13 +45,13 @@ import ( ocispec "github.com/opencontainers/image-spec/specs-go/v1" ) -var ociPolicy = dummyOCIPolicyDocument() -var invalidPolicy = dummyInvalidOCIPolicyDocument() +var ociPolicy = dummyPolicyDocument() +var invalidPolicy = dummyInvalidPolicyDocument() var store = truststore.NewX509TrustStore(dir.ConfigFS()) var pm = mock.PluginManager{} func TestNewVerifier_Error(t *testing.T) { - policyDocument := dummyOCIPolicyDocument() + policyDocument := dummyPolicyDocument() _, err := New(&policyDocument, nil, nil) expectedErr := errors.New("trustStore cannot be nil") if err == nil || err.Error() != expectedErr.Error() { @@ -69,7 +69,7 @@ func TestNewFromConfig(t *testing.T) { } path := filepath.Join(tempRoot, "trustpolicy.json") - policyJson, _ := json.Marshal(dummyOCIPolicyDocument()) + policyJson, _ := json.Marshal(dummyPolicyDocument()) if err := os.WriteFile(path, policyJson, 0600); err != nil { t.Fatal(err) } @@ -157,7 +157,7 @@ func assertNotationVerification(t *testing.T, scheme signature.SigningScheme) { // Unsupported Signature Envelope for _, level := range verificationLevels { - policyDocument := dummyOCIPolicyDocument() + policyDocument := dummyPolicyDocument() expectedErr := fmt.Errorf("unable to parse the digital signature, error : signature envelope format with media type \"application/unsupported+json\" is not supported") testCases = append(testCases, testCase{ verificationType: trustpolicy.TypeIntegrity, @@ -170,7 +170,7 @@ func assertNotationVerification(t *testing.T, scheme signature.SigningScheme) { // Integrity Success for _, level := range verificationLevels { - policyDocument := dummyOCIPolicyDocument() + policyDocument := dummyPolicyDocument() testCases = append(testCases, testCase{ signatureBlob: validSigEnv, verificationType: trustpolicy.TypeIntegrity, @@ -182,7 +182,7 @@ func assertNotationVerification(t *testing.T, scheme signature.SigningScheme) { // Integrity Failure for _, level := range verificationLevels { - policyDocument := dummyOCIPolicyDocument() + policyDocument := dummyPolicyDocument() expectedErr := fmt.Errorf("signature is invalid. Error: illegal base64 data at input byte 242") testCases = append(testCases, testCase{ signatureBlob: invalidSigEnv, @@ -196,7 +196,7 @@ func assertNotationVerification(t *testing.T, scheme signature.SigningScheme) { // Authenticity Success for _, level := range verificationLevels { - policyDocument := dummyOCIPolicyDocument() // trust store is configured with the root certificate of the signature by default + policyDocument := dummyPolicyDocument() // trust store is configured with the root certificate of the signature by default testCases = append(testCases, testCase{ signatureBlob: validSigEnv, verificationType: trustpolicy.TypeAuthenticity, @@ -208,7 +208,7 @@ func assertNotationVerification(t *testing.T, scheme signature.SigningScheme) { // Authenticity Failure for _, level := range verificationLevels { - policyDocument := dummyOCIPolicyDocument() + policyDocument := dummyPolicyDocument() policyDocument.TrustPolicies[0].TrustStores = []string{"ca:valid-trust-store-2", "signingAuthority:valid-trust-store-2"} // trust store is not configured with the root certificate of the signature expectedErr := fmt.Errorf("signature is not produced by a trusted signer") testCases = append(testCases, testCase{ @@ -223,7 +223,7 @@ func assertNotationVerification(t *testing.T, scheme signature.SigningScheme) { // Authenticity Failure with trust store missing separator for _, level := range verificationLevels { - policyDocument := dummyOCIPolicyDocument() + policyDocument := dummyPolicyDocument() policyDocument.TrustPolicies[0].TrustStores = []string{"ca:valid-trust-store-2", "signingAuthority"} expectedErr := fmt.Errorf("error while loading the trust store, trust policy statement \"test-statement-name\" is missing separator in trust store value \"signingAuthority\". The required format is :") testCases = append(testCases, testCase{ @@ -238,7 +238,7 @@ func assertNotationVerification(t *testing.T, scheme signature.SigningScheme) { // TrustedIdentity Failure for _, level := range verificationLevels { - policyDocument := dummyOCIPolicyDocument() + policyDocument := dummyPolicyDocument() policyDocument.TrustPolicies[0].TrustedIdentities = []string{"x509.subject:CN=LOL,O=DummyOrg,L=Hyderabad,ST=TG,C=IN"} // configure policy to not trust "CN=Notation Test Leaf Cert,O=Notary,L=Seattle,ST=WA,C=US" which is the subject of the signature's signing certificate expectedErr := fmt.Errorf("signing certificate from the digital signature does not match the X.509 trusted identities [map[\"C\":\"IN\" \"CN\":\"LOL\" \"L\":\"Hyderabad\" \"O\":\"DummyOrg\" \"ST\":\"TG\"]] defined in the trust policy \"test-statement-name\"") testCases = append(testCases, testCase{ @@ -253,7 +253,7 @@ func assertNotationVerification(t *testing.T, scheme signature.SigningScheme) { // TrustedIdentity Failure without separator for _, level := range verificationLevels { - policyDocument := dummyOCIPolicyDocument() + policyDocument := dummyPolicyDocument() policyDocument.TrustPolicies[0].TrustedIdentities = []string{"x509.subject"} expectedErr := fmt.Errorf("trust policy statement \"test-statement-name\" has trusted identity \"x509.subject\" missing separator") testCases = append(testCases, testCase{ @@ -268,7 +268,7 @@ func assertNotationVerification(t *testing.T, scheme signature.SigningScheme) { // TrustedIdentity Failure with empty value for _, level := range verificationLevels { - policyDocument := dummyOCIPolicyDocument() + policyDocument := dummyPolicyDocument() policyDocument.TrustPolicies[0].TrustedIdentities = []string{"x509.subject:"} expectedErr := fmt.Errorf("trust policy statement \"test-statement-name\" has trusted identity \"x509.subject:\" without an identity value") testCases = append(testCases, testCase{ @@ -283,7 +283,7 @@ func assertNotationVerification(t *testing.T, scheme signature.SigningScheme) { // Expiry Success for _, level := range verificationLevels { - policyDocument := dummyOCIPolicyDocument() + policyDocument := dummyPolicyDocument() testCases = append(testCases, testCase{ signatureBlob: validSigEnv, verificationType: trustpolicy.TypeExpiry, @@ -295,7 +295,7 @@ func assertNotationVerification(t *testing.T, scheme signature.SigningScheme) { // Expiry Failure for _, level := range verificationLevels { - policyDocument := dummyOCIPolicyDocument() + policyDocument := dummyPolicyDocument() expectedErr := fmt.Errorf("digital signature has expired on \"Fri, 29 Jul 2022 23:59:00 +0000\"") testCases = append(testCases, testCase{ signatureBlob: expiredSigEnv, @@ -378,7 +378,7 @@ func TestVerifyRevocationEnvelope(t *testing.T) { t.Run("enforced revoked cert", func(t *testing.T) { testedLevel := trustpolicy.LevelStrict - policyDoc := dummyOCIPolicyDocument() + policyDoc := dummyPolicyDocument() policyDoc.TrustPolicies[0].SignatureVerification.VerificationLevel = testedLevel.Name policyDoc.TrustPolicies[0].SignatureVerification.Override = map[trustpolicy.ValidationType]trustpolicy.ValidationAction{ trustpolicy.TypeAuthenticity: trustpolicy.ActionLog, @@ -407,7 +407,7 @@ func TestVerifyRevocationEnvelope(t *testing.T) { }) t.Run("log revoked cert", func(t *testing.T) { testedLevel := trustpolicy.LevelStrict - policyDoc := dummyOCIPolicyDocument() + policyDoc := dummyPolicyDocument() policyDoc.TrustPolicies[0].SignatureVerification.VerificationLevel = testedLevel.Name policyDoc.TrustPolicies[0].SignatureVerification.Override = map[trustpolicy.ValidationType]trustpolicy.ValidationAction{ trustpolicy.TypeAuthenticity: trustpolicy.ActionLog, @@ -437,7 +437,7 @@ func TestVerifyRevocationEnvelope(t *testing.T) { }) t.Run("skip revoked cert", func(t *testing.T) { testedLevel := trustpolicy.LevelStrict - policyDoc := dummyOCIPolicyDocument() + policyDoc := dummyPolicyDocument() policyDoc.TrustPolicies[0].SignatureVerification.VerificationLevel = testedLevel.Name policyDoc.TrustPolicies[0].SignatureVerification.Override = map[trustpolicy.ValidationType]trustpolicy.ValidationAction{ trustpolicy.TypeAuthenticity: trustpolicy.ActionLog, @@ -797,7 +797,7 @@ func assertPluginVerification(scheme signature.SigningScheme, t *testing.T) { pluginSigEnv = mock.MockSaPluginSigEnv } - policyDocument := dummyOCIPolicyDocument() + policyDocument := dummyPolicyDocument() dir.UserConfigDir = "testdata" x509TrustStore := truststore.NewX509TrustStore(dir.ConfigFS()) @@ -1100,7 +1100,7 @@ func TestVerifyX509TrustedIdentities(t *testing.T) { } func TestVerifyUserMetadata(t *testing.T) { - policyDocument := dummyOCIPolicyDocument() + policyDocument := dummyPolicyDocument() policyDocument.TrustPolicies[0].SignatureVerification.VerificationLevel = trustpolicy.LevelAudit.Name pluginManager := mock.PluginManager{}