-
Story
-
Resolution: Done
-
Undefined
-
None
-
None
-
None
-
None
-
Product / Portfolio Work
-
False
-
-
False
-
3
-
None
-
None
-
OCP Node Sprint 275 (green)
Check the following:
- ClusterImagePolicy - https://issues.redhat.com/browse/OCPNODE-3116
- ImagePolicy - https://issues.redhat.com/browse/OCPNODE-3115
- FulcioCAWithRekor - https://issues.redhat.com/browse/OCPNODE-3495
- Disconnected environment - https://issues.redhat.com/browse/OCPNODE-3511
TESTS
ClusterImagePolicy:
| Test Number | Title | Result |
|---|---|---|
| 1 | OCP-83533 - Check if API Version for ClusterImagePolicy is V1 | PASSED |
| 2 | OCP-83534 - ClusterImagePolicy CR pulls image successfully after Cosign validation | FAILED: using default policy - PASSED: using custom policy "log1.txt" |
| 3 | OCP-83537 - ClusterImagePolicy CR fails to pull image after Cosign validation | PASSED: using custom policy "log2.txt" |
| 4 | OCP-83538 - ClusterImagePolicy CR should allow to pull images not defined in the Scope | PASSED: using custom policy "log3.txt" |
| 5 | OCP-83539 - After deleting a ClusterImagePolicy CR the restriction to pull from a scope should be removed | PASSED |
ImagePolicy:
| Test Number | Title | Result |
|---|---|---|
| 1 | OCP-83540 - Check if API Version for ImagePolicy is V1 | PASSED |
| 2 | OCP-83541 - ImagePolicy CR pulls image successfully after Cosign validation | PASSED "image_log1.txt" |
| 3 | OCP-83542 - ImagePolicy CR fails to pull image after Cosign validation | PASSED "image_log2.txt" |
| 4 | OCP-83543 - ImagePolicy CR should allow to pull images not defined in the Scope | PASSED "image_log3.txt" |
| 5 | OCP-83544 - ClusterImagePolicy should work in a namespace that has an ImagePolicy defined | PASSED "image_log4.txt" |
| 6 | OCP-83545 - After deleting a ImagePolicy CR the restriction to pull from a scope should be removed | PASSED "image_log5.txt" |
| 7 | More than one policy applied to the same namespace | PASSED |
FulcioCAWithRekor:
| Test Number | Title | Result |
|---|---|---|
| 1 | OCP-83666 - ClusterImagePolicy CR pulls image successfully after FulcioCAWithRekor validation | PASSED "fulcio_log1.txt" |
| 2 | OCP-83710 - ClusterImagePolicy CR fails to pull image after FulcioCAWithRekor validation | PASSED "fulcio_log2.txt" (invalid email) |
| 3 | Invalid Fulcio Certificate | PASSED Failed to pull image "quay.io/rh-ee-anahas/fulcio3:latest": Source image rejected: error loading Fulcio CA certificates "fulcio_log3.txt" |
Disconnected environment:
| Test Number | Title | Result |
|---|---|---|
| 1 | Check if the cluster is able to pull the image from the mirror: anahasdisv2.mirror-registry.qe.gcp.devcluster.openshift.com:5000 |
PASSED "disco_log1.txt" |
| 2 | Check if the cluster is able to pull the image from original repo: quay.io/rh-ee-anahas/testsignedimage:latest |
PASSED "disco_log2.txt" |
| 3 | Check that the cluster is not able to pull an image from any other | PASSED "disco_log3.txt" |
| 4 | Implement a ClusterImagePolicy and check if policy is used to verify the correct signature | FAILED: It is possible to verify signature from main/original repo "d_log2.txt" It is not possible to verify signature from mirror repo - |
| 5 | Implement a ClusterImagePolicy and check if policy is used to verify the incorrect signature | PASSED "disco_log4.txt" |
- is related to
-
OCPBUGS-60419 Image fails to be pulled using default ClusterImagePolicy
-
- Closed
-
-
-
- Closed
-
