Add integration test

Signed-off-by: Priya Wadhwa <[email protected]>
sigstore · Jun 1, 2021 · 463516e · 463516e
1 parent 06d70e1
commit 463516e
Show file tree

Hide file tree

Showing 2 changed files with 32 additions and 0 deletions.
diff --git a/.github/workflows/tests.yaml b/.github/workflows/tests.yaml
@@ -47,6 +47,10 @@ jobs:
         run: |
           curl -L https://github.com/google/ko/releases/download/v0.8.1/ko_0.8.1_Linux_x86_64.tar.gz | tar xzf - ko && \
           chmod +x ./ko && sudo mv ko /usr/local/bin/
+      - name: setup kind cluster
+        run: |
+          go install sigs.k8s.io/[email protected]
+          kind create cluster
       # Required for `make cosign-pivkey`
       # - name: deps
       #   run: sudo apt-get update && sudo apt-get install -yq libpcsclite-dev

diff --git a/test/e2e_test.go b/test/e2e_test.go
@@ -22,6 +22,7 @@ import (
 	"context"
 	"encoding/base64"
 	"encoding/json"
+	"fmt"
 	"io/ioutil"
 	"net/http/httptest"
 	"net/url"
@@ -40,8 +41,12 @@ import (
 	"github.com/sigstore/cosign/cmd/cosign/cli"
 	sget "github.com/sigstore/cosign/cmd/sget/cli"
 	"github.com/sigstore/cosign/pkg/cosign"
+	"github.com/sigstore/cosign/pkg/cosign/kubernetes"
 	cremote "github.com/sigstore/cosign/pkg/cosign/remote"
 	"github.com/sigstore/sigstore/pkg/signature/payload"
+
+	kubernetesclient "github.com/GoogleContainerTools/skaffold/pkg/skaffold/kubernetes/client"
+	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
 )
 
 var keyPass = []byte("hello")
@@ -223,6 +228,29 @@ func TestGenerateKeyPairEnvVar(t *testing.T) {
 	}
 }
 
+func TestGenerateKeyPairK8s(t *testing.T) {
+	password := "foo"
+	defer setenv(t, "COSIGN_PASSWORD", password)()
+	ctx := context.Background()
+	name := "cosign-secret"
+	namespace := "default"
+	if err := kubernetes.KeyPairSecret(fmt.Sprintf("%s/%s", namespace, name), cli.GetPass); err != nil {
+		t.Fatal(err)
+	}
+	// make sure the secret actually exists
+	client, err := kubernetesclient.Client()
+	if err != nil {
+		t.Fatal(err)
+	}
+	s, err := client.CoreV1().Secrets(namespace).Get(ctx, name, metav1.GetOptions{})
+	if err != nil {
+		t.Fatal(err)
+	}
+	if v, ok := s.Data["cosign.password"]; !ok || string(v) != password {
+		t.Fatalf("password is incorrect, got %v expected %v", v, "foo")
+	}
+}
+
 func TestMultipleSignatures(t *testing.T) {
 	repo, stop := reg(t)
 	defer stop()