feat: secure build phase 2 — enforce image verification by default

All store images are now digest-pinned and cosign-signed by the publish pipeline, so the warn-by-default training-wheels period is over: an unsigned or undigested image must not install unless the admin explicitly opts out. The service_composer fallback used when the config manager is unavailable or corrupt also flips to enforce — config corruption must fail closed rather than silently weaken verification. Co-Authored-By: Claude Fable 5 <noreply@anthropic.com>
2026-06-11 14:12:58 -04:00
parent c430a392b8
commit 2ab3d2d5ac
5 changed files with 66 additions and 13 deletions
@@ -874,6 +874,46 @@ class TestImageVerification(unittest.TestCase):
        self.assertTrue(result['ok'])
        c.up.assert_called_once()

+    def test_default_mode_is_enforce(self):
+        """get_image_verification_mode default is 'enforce' (P3 flip)."""
+        from config_manager import ConfigManager as RealCM
+        import tempfile, shutil
+        tmpdir = tempfile.mkdtemp()
+        try:
+            cm = RealCM(os.path.join(tmpdir, 'cell_config.json'),
+                        os.path.join(tmpdir, 'data'))
+            c = ServiceComposer(config_manager=cm, data_dir=tmpdir)
+            self.assertEqual(c._verification_mode(), 'enforce')
+        finally:
+            shutil.rmtree(tmpdir)
+
+    def test_enforce_default_rejects_unsigned_image(self):
+        """Under the default enforce mode, an undigested image aborts install."""
+        c = _verify_composer('enforce')
+        c._cosign_verify = MagicMock()
+        manifest = {'image': 'git.pic.ngo/roof/unsigned:latest'}
+        result = c.install('svc', manifest, 'tpl')
+        self.assertFalse(result['ok'])
+        self.assertIn('digest', result['error'])
+        c._cosign_verify.assert_not_called()
+        c.up.assert_not_called()
+
+    def test_mode_read_failure_falls_back_to_enforce(self):
+        """Config corruption must fail closed, not weaken verification."""
+        c = _verify_composer('enforce')
+        c.cm.get_image_verification_mode.side_effect = RuntimeError('corrupt config')
+        self.assertEqual(c._verification_mode(), 'enforce')
+
+    def test_enforce_default_proceeds_with_signed_digested_image(self):
+        """Under the default enforce mode, a digest-pinned signed image proceeds."""
+        c = _verify_composer('enforce')
+        c._cosign_verify = MagicMock(return_value={'ok': True, 'stdout': '[]', 'stderr': ''})
+        manifest = {'image': _SIGNED_IMAGE}
+        result = c.install('svc', manifest, 'tpl')
+        self.assertTrue(result['ok'])
+        c._cosign_verify.assert_called_once()
+        c.up.assert_called_once()
+

 if __name__ == '__main__':
    unittest.main()