From fb499e9a43da5efc530fb94a65858af5a02f0f53 Mon Sep 17 00:00:00 2001
From: Simon Baird <sbaird@redhat.com>
Date: Thu, 21 Mar 2024 17:46:08 -0400
Subject: [PATCH] Small refactor in acceptance test sigstore rego

This is helpful for some experiments I'm working on, and seems like
a good enough tidy/refactor anyhow.
---
 acceptance/examples/sigstore.rego | 22 ++++++++++++----------
 1 file changed, 12 insertions(+), 10 deletions(-)

diff --git a/acceptance/examples/sigstore.rego b/acceptance/examples/sigstore.rego
index 559bb9c02..a3c32d451 100644
--- a/acceptance/examples/sigstore.rego
+++ b/acceptance/examples/sigstore.rego
@@ -16,50 +16,50 @@ _errors contains error if {
 }
 
 _errors contains error if {
-	not data.config.default_sigstore_opts
+	not _sigstore_opts
 	error := "default sigstore options not set"
 }
 
 _errors contains error if {
-	info := ec.sigstore.verify_image(_image_ref, data.config.default_sigstore_opts)
+	info := ec.sigstore.verify_image(_image_ref, _sigstore_opts)
 	some raw_error in info.errors
 	error := sprintf("image signature verification failed: %s", [raw_error])
 }
 
 _errors contains error if {
-	info := ec.sigstore.verify_image(_image_ref, data.config.default_sigstore_opts)
+	info := ec.sigstore.verify_image(_image_ref, _sigstore_opts)
 	count(info.signatures) == 0
 	error := "verification successful, but no image signatures found"
 }
 
 _errors contains error if {
-	info := ec.sigstore.verify_image(_image_ref, data.config.default_sigstore_opts)
+	info := ec.sigstore.verify_image(_image_ref, _sigstore_opts)
 	some sig in info.signatures
 	not valid_signature(sig)
 	error := sprintf("not a valid image signature: %s", [sig])
 }
 
 _errors contains error if {
-	info := ec.sigstore.verify_attestation(_image_ref, data.config.default_sigstore_opts)
+	info := ec.sigstore.verify_attestation(_image_ref, _sigstore_opts)
 	some raw_error in info.errors
 	error := sprintf("image attestation verification failed: %s", [raw_error])
 }
 
 _errors contains error if {
-	info := ec.sigstore.verify_attestation(_image_ref, data.config.default_sigstore_opts)
+	info := ec.sigstore.verify_attestation(_image_ref, _sigstore_opts)
 	count(info.attestations) == 0
 	error := "verification successful, but no attestations found"
 }
 
 _errors contains error if {
-	info := ec.sigstore.verify_attestation(_image_ref, data.config.default_sigstore_opts)
+	info := ec.sigstore.verify_attestation(_image_ref, _sigstore_opts)
 	some att in info.attestations
 	count(att.signatures) == 0
 	error := sprintf("attestation has no signatures: %s", [att])
 }
 
 _errors contains error if {
-	info := ec.sigstore.verify_attestation(_image_ref, data.config.default_sigstore_opts)
+	info := ec.sigstore.verify_attestation(_image_ref, _sigstore_opts)
 	some att in info.attestations
 	some sig in att.signatures
 	not valid_signature(sig)
@@ -67,7 +67,7 @@ _errors contains error if {
 }
 
 _errors contains error if {
-	info := ec.sigstore.verify_attestation(_image_ref, data.config.default_sigstore_opts)
+	info := ec.sigstore.verify_attestation(_image_ref, _sigstore_opts)
 	some att in info.attestations
 
 	att.statement.predicateType != "https://slsa.dev/provenance/v0.2"
@@ -75,7 +75,7 @@ _errors contains error if {
 }
 
 _errors contains error if {
-	info := ec.sigstore.verify_attestation(_image_ref, data.config.default_sigstore_opts)
+	info := ec.sigstore.verify_attestation(_image_ref, _sigstore_opts)
 	some att in info.attestations
 	builder_id := _builder_id(att)
 	builder_id != "https://tekton.dev/chains/v2"
@@ -84,6 +84,8 @@ _errors contains error if {
 
 _image_ref := input.image.ref
 
+_sigstore_opts := data.config.default_sigstore_opts
+
 valid_signature(sig) if {
 	type_name(sig.keyid) == "string"
 	type_name(sig.signature) == "string"