mirror of https://github.com/kata-containers/kata-containers.git synced 2025-05-04 14:37:25 +00:00

History

Xynnn007 c80c8d84c3 test: add cosign signature verificaton tests Close #8120 Case 1 Create a pod from an unsigned image, on an insecureAcceptAnything registry works. Image: quay.io/prometheus/busybox:latest Policy rule: ``` "default": [ { "type": "insecureAcceptAnything" } ] ``` Case 2 Create a pod from an unsigned image, on a 'restricted registry' is rejected. Image: ghcr.io/confidential-containers/test-container-image-rs:unsigned Policy rule: ``` "quay.io/confidential-containers/test-container-image-rs": [ { "type": "sigstoreSigned", "keyPath": "kbs:///default/cosign-public-key/test" } ] ``` Case 3 Create a pod from a signed image, on a 'restricted registry' is successful. Image: ghcr.io/confidential-containers/test-container-image-rs:cosign-signed Policy rule: ``` "ghcr.io/confidential-containers/test-container-image-rs": [ { "type": "sigstoreSigned", "keyPath": "kbs:///default/cosign-public-key/test" } ] ``` Case 4 Create a pod from a signed image, on a 'restricted registry', but with the wrong key is rejected Image: ghcr.io/confidential-containers/test-container-image-rs:cosign-signed-key2 Policy: ``` "ghcr.io/confidential-containers/test-container-image-rs": [ { "type": "sigstoreSigned", "keyPath": "kbs:///default/cosign-public-key/test" } ] ``` Case 5 Create a pod from an unsigned image, on a 'restricted registry' works if enable_signature_verfication is false Image: ghcr.io/kata-containers/confidential-containers:unsigned image security enable: false Signed-off-by: stevenhorsman <steven@uk.ibm.com>		2024-09-16 09:20:57 +01:00
..
cmd	docs: update for SNP attestation	2024-07-10 15:06:55 +00:00
functional	ci: Do not start CDH/attestation procs with kata-agent as local process.	2024-09-11 11:53:59 +05:30
integration	test: add cosign signature verificaton tests	2024-09-16 09:20:57 +01:00
metrics	metrics: Remove unused remove img var in common script	2024-09-11 17:45:18 +00:00
stability	tests: Decrease iterations in soak test	2024-09-11 17:39:06 +00:00
.gitignore	tests: move static checks and dependencies from tests	2023-11-28 11:13:55 -08:00
.golangci.yml	build: Update golang version to 1.22.2	2024-04-26 15:50:29 +02:00
cleanup_resources.py	ci: cleanup: Ignore nonexisting resources	2024-07-02 22:23:54 +00:00
common.bash	ci: send SIGKILL to kill kata components	2024-09-04 18:58:17 +05:30
error.sh	scripts: Add error script	2024-02-20 18:30:03 +00:00
gha-run-k8s-common.sh	ci: reinstate Mariner host	2024-08-26 21:07:25 +00:00
git-helper.sh	GHA: remove GITHUB_WORKSPACE when workflow fails due to merge conflict	2023-12-07 10:25:57 +01:00
go.mod	build(deps): bump the go_modules group across 5 directories with 8 updates	2024-04-30 09:46:13 +01:00
go.sum	build(deps): bump the go_modules group across 5 directories with 8 updates	2024-04-30 09:46:13 +01:00
install_go.sh	deps: bumping yq to v4.40.7	2024-05-31 13:28:34 -04:00
install_rust.sh	deps: bumping yq to v4.40.7	2024-05-31 13:28:34 -04:00
kata-arch.sh	ci: Do not take cross-build into consideration for kata-arch.sh	2023-07-21 16:54:27 +02:00
kata-doc-to-script.sh	tests: move static checks and dependencies from tests	2023-11-28 11:13:55 -08:00
README.md	docs: Add general tests documentation in main README	2024-03-04 21:53:01 +00:00
static-checks.sh	tests: Fix indentation in static checks script	2024-05-29 15:43:44 +00:00

README.md

Kata Containers Tests

This directory contains various types of tests for testing the Kata Containers repository.

Test Content

We provide several tests to ensure Kata-Containers run on different scenarios and with different container managers.

Integration tests to ensure compatibility with:
- Kubernetes
- Cri-Containerd
- Docker
- Nerdctl
- Nydus
- Runk
Stability tests
Metrics
Functional

GitHub Actions

Kata Containers uses GitHub Actions in the Kata Containers repository.