FLEX-WP-0006: implement ops-warden signing gate policy

internal/policy/package_test.go

@@ -74,6 +74,28 @@ func TestRedactPolicyPackageMarkdownValidates(t *testing.T) {
 	}
 }
 
+func TestOpsWardenPolicyPackageMarkdownValidates(t *testing.T) {
+	pkg, err := policy.LoadAndValidateFile(context.Background(), filepath.Join("..", "..", "examples", "ops-warden", "policy_package.md"))
+	if err != nil {
+		t.Fatalf("LoadAndValidateFile: %v", err)
+	}
+
+	if !pkg.Valid {
+		t.Fatalf("pkg.Valid = false\n%s", formatValidation(pkg.Validation))
+	}
+	if pkg.Metadata.Namespace != "ops-warden:ssh-certificate" {
+		t.Fatalf("metadata.Namespace = %q; want ops-warden:ssh-certificate", pkg.Metadata.Namespace)
+	}
+	if len(pkg.Validation.Fixtures) != 8 {
+		t.Fatalf("Validation.Fixtures len = %d; want 8", len(pkg.Validation.Fixtures))
+	}
+	for _, fixture := range pkg.Validation.Fixtures {
+		if !fixture.Passed {
+			t.Fatalf("fixture %s failed: %s\nactual: %+v", fixture.ID, fixture.Error, fixture.Actual)
+		}
+	}
+}
+
 func TestCaringFindingsAreAdvisoryUntilEnforced(t *testing.T) {
 	doc := inlinePolicy(false, "allow")
 	pkg, err := policy.Load([]byte(doc), "inline-policy.md")