Small refactor in acceptance test sigstore rego

This is helpful for some experiments I'm working on, and seems like a good enough tidy/refactor anyhow.
enterprise-contract · Mar 21, 2024 · fb499e9 · fb499e9
1 parent 9b97c6d
commit fb499e9
Showing 1 changed file with 12 additions and 10 deletions.
diff --git a/acceptance/examples/sigstore.rego b/acceptance/examples/sigstore.rego
@@ -16,66 +16,66 @@ _errors contains error if {
 }
 
 _errors contains error if {
-	not data.config.default_sigstore_opts
+	not _sigstore_opts
 	error := "default sigstore options not set"
 }
 
 _errors contains error if {
-	info := ec.sigstore.verify_image(_image_ref, data.config.default_sigstore_opts)
+	info := ec.sigstore.verify_image(_image_ref, _sigstore_opts)
 	some raw_error in info.errors
 	error := sprintf("image signature verification failed: %s", [raw_error])
 }
 
 _errors contains error if {
-	info := ec.sigstore.verify_image(_image_ref, data.config.default_sigstore_opts)
+	info := ec.sigstore.verify_image(_image_ref, _sigstore_opts)
 	count(info.signatures) == 0
 	error := "verification successful, but no image signatures found"
 }
 
 _errors contains error if {
-	info := ec.sigstore.verify_image(_image_ref, data.config.default_sigstore_opts)
+	info := ec.sigstore.verify_image(_image_ref, _sigstore_opts)
 	some sig in info.signatures
 	not valid_signature(sig)
 	error := sprintf("not a valid image signature: %s", [sig])
 }
 
 _errors contains error if {
-	info := ec.sigstore.verify_attestation(_image_ref, data.config.default_sigstore_opts)
+	info := ec.sigstore.verify_attestation(_image_ref, _sigstore_opts)
 	some raw_error in info.errors
 	error := sprintf("image attestation verification failed: %s", [raw_error])
 }
 
 _errors contains error if {
-	info := ec.sigstore.verify_attestation(_image_ref, data.config.default_sigstore_opts)
+	info := ec.sigstore.verify_attestation(_image_ref, _sigstore_opts)
 	count(info.attestations) == 0
 	error := "verification successful, but no attestations found"
 }
 
 _errors contains error if {
-	info := ec.sigstore.verify_attestation(_image_ref, data.config.default_sigstore_opts)
+	info := ec.sigstore.verify_attestation(_image_ref, _sigstore_opts)
 	some att in info.attestations
 	count(att.signatures) == 0
 	error := sprintf("attestation has no signatures: %s", [att])
 }
 
 _errors contains error if {
-	info := ec.sigstore.verify_attestation(_image_ref, data.config.default_sigstore_opts)
+	info := ec.sigstore.verify_attestation(_image_ref, _sigstore_opts)
 	some att in info.attestations
 	some sig in att.signatures
 	not valid_signature(sig)
 	error := sprintf("not a valid attestation signature: %s", [sig])
 }
 
 _errors contains error if {
-	info := ec.sigstore.verify_attestation(_image_ref, data.config.default_sigstore_opts)
+	info := ec.sigstore.verify_attestation(_image_ref, _sigstore_opts)
 	some att in info.attestations
 
 	att.statement.predicateType != "https://slsa.dev/provenance/v0.2"
 	error := sprintf("unexpected statement predicate: %s", [att.statement.predicateType])
 }
 
 _errors contains error if {
-	info := ec.sigstore.verify_attestation(_image_ref, data.config.default_sigstore_opts)
+	info := ec.sigstore.verify_attestation(_image_ref, _sigstore_opts)
 	some att in info.attestations
 	builder_id := _builder_id(att)
 	builder_id != "https://tekton.dev/chains/v2"
@@ -84,6 +84,8 @@ _errors contains error if {
 
 _image_ref := input.image.ref
 
+_sigstore_opts := data.config.default_sigstore_opts
+
 valid_signature(sig) if {
 	type_name(sig.keyid) == "string"
 	type_name(sig.signature) == "string"