diff --git a/agent/integration/job_verification_integration_test.go b/agent/integration/job_verification_integration_test.go index 2616c44f03..87643c1fb8 100644 --- a/agent/integration/job_verification_integration_test.go +++ b/agent/integration/job_verification_integration_test.go @@ -423,17 +423,32 @@ func TestJobVerification(t *testing.T) { }, { name: "when the step has a signature, but the JobRunner doesn't have a verification key, it fails signature verification", - agentConf: agent.AgentConfiguration{}, + agentConf: agent.AgentConfiguration{VerificationFailureBehaviour: agent.VerificationBehaviourBlock}, job: job, repositoryURL: defaultRepositoryURL, signingKey: symmetricJWKFor(t, signingKeyLlamas), verificationJWKS: nil, mockBootstrapExpectation: func(bt *bintest.Mock) { bt.Expect().NotCalled() }, expectedExitStatus: "-1", - expectedSignalReason: agent.SignalReasonSignatureRejected, + expectedSignalReason: agent.SignalReasonUnableToVerifySignature, + expectLogsContain: []string{ + "+++ ⛔", + "cannot verify signature. JWK for pipeline verification is not configured", + }, + }, + { + name: "when the step has a signature, but the JobRunner doesn't have a verification key, and JobVerificationFailureBehaviour is warn, it warns and runs the job", + agentConf: agent.AgentConfiguration{VerificationFailureBehaviour: agent.VerificationBehaviourWarn}, + job: job, + repositoryURL: defaultRepositoryURL, + signingKey: symmetricJWKFor(t, signingKeyLlamas), + verificationJWKS: nil, + mockBootstrapExpectation: func(bt *bintest.Mock) { bt.Expect().Once().AndExitWith(0) }, + expectedExitStatus: "0", + expectedSignalReason: "", expectLogsContain: []string{ "+++ ⛔", - "but no verification key was provided", + "cannot verify signature. JWK for pipeline verification is not configured", }, }, {