Add tests for the verify condition generation

Signed-off-by: Stefan Prodan <[email protected]>

Author: stefanprodan

controllers/ocirepository_controller_test.go

@@ -1029,6 +1029,7 @@ func TestOCIRepository_reconcileSource_verifyOCISourceSignature(t *testing.T) {
 		wantErr          bool
 		wantErrMsg       string
 		shouldSign       bool
+		beforeFunc       func(obj *sourcev1.OCIRepository)
 		assertConditions []metav1.Condition
 	}{
 		{
@@ -1060,6 +1061,49 @@ func TestOCIRepository_reconcileSource_verifyOCISourceSignature(t *testing.T) {
 				*conditions.FalseCondition(sourcev1.SourceVerifiedCondition, sourcev1.VerificationError, "failed to verify the signature using provider '<provider>': no matching signatures were found for '<url>'"),
 			},
 		},
+		{
+			name:      "verify failed before, removed from spec, remove condition",
+			reference: &sourcev1.OCIRepositoryRef{Tag: "6.1.4"},
+			digest:    img4.digest.Hex,
+			beforeFunc: func(obj *sourcev1.OCIRepository) {
+				conditions.MarkFalse(obj, sourcev1.SourceVerifiedCondition, "VerifyFailed", "fail msg")
+				obj.Spec.Verify = nil
+				obj.Status.Artifact = &sourcev1.Artifact{Revision: img4.digest.Hex}
+			},
+			want: sreconcile.ResultSuccess,
+		},
+		{
+			name:       "same artifact, verified before, change in obj gen verify again",
+			reference:  &sourcev1.OCIRepositoryRef{Tag: "6.1.4"},
+			digest:     img4.digest.Hex,
+			shouldSign: true,
+			beforeFunc: func(obj *sourcev1.OCIRepository) {
+				obj.Status.Artifact = &sourcev1.Artifact{Revision: img4.digest.Hex}
+				// Set Verified with old observed generation and different reason/message.
+				conditions.MarkTrue(obj, sourcev1.SourceVerifiedCondition, "Verified", "verified")
+				// Set new object generation.
+				obj.SetGeneration(3)
+			},
+			want: sreconcile.ResultSuccess,
+			assertConditions: []metav1.Condition{
+				*conditions.TrueCondition(sourcev1.SourceVerifiedCondition, meta.SucceededReason, "verified signature of digest <digest>"),
+			},
+		},
+		{
+			name:       "no verify for already verified, verified condition remains the same",
+			reference:  &sourcev1.OCIRepositoryRef{Tag: "6.1.4"},
+			digest:     img4.digest.Hex,
+			shouldSign: true,
+			beforeFunc: func(obj *sourcev1.OCIRepository) {
+				// Artifact present and custom verified condition reason/message.
+				obj.Status.Artifact = &sourcev1.Artifact{Revision: img4.digest.Hex}
+				conditions.MarkTrue(obj, sourcev1.SourceVerifiedCondition, "Verified", "verified")
+			},
+			want: sreconcile.ResultSuccess,
+			assertConditions: []metav1.Condition{
+				*conditions.TrueCondition(sourcev1.SourceVerifiedCondition, "Verified", "verified"),
+			},
+		},
 	}
 
 	builder := fakeclient.NewClientBuilder().WithScheme(testEnv.GetScheme())
@@ -1147,6 +1191,10 @@ func TestOCIRepository_reconcileSource_verifyOCISourceSignature(t *testing.T) {
 				assertConditions[k].Message = strings.ReplaceAll(assertConditions[k].Message, "<provider>", "cosign")
 			}
 
+			if tt.beforeFunc != nil {
+				tt.beforeFunc(obj)
+			}
+
 			artifact := &sourcev1.Artifact{}
 			got, err := r.reconcileSource(ctx, obj, artifact, tmpDir)
 			if tt.wantErr {