From 4c070987d24b5b8e752bade7580caf6017676bcb Mon Sep 17 00:00:00 2001
From: Patrick Zheng <patrickzheng@microsoft.com>
Date: Fri, 10 Jan 2025 17:12:28 +0800
Subject: [PATCH] added more e2e tests

Signed-off-by: Patrick Zheng <patrickzheng@microsoft.com>
---
 cmd/notation/blob/verify.go           |  2 +-
 specs/commandline/blob.md             | 14 +++++++-------
 test/e2e/suite/command/blob/verify.go | 27 ++++++++++++++++++++++++++-
 3 files changed, 34 insertions(+), 9 deletions(-)

diff --git a/cmd/notation/blob/verify.go b/cmd/notation/blob/verify.go
index da9b3fc88..8509a76c1 100644
--- a/cmd/notation/blob/verify.go
+++ b/cmd/notation/blob/verify.go
@@ -60,7 +60,7 @@ Example - Verify the signature on a blob artifact using a policy statement name:
 `
 	command := &cobra.Command{
 		Use:   "verify [flags] --signature <signature_path> <blob_path>",
-		Short: "verify a signature associated with a blob",
+		Short: "Verify a signature associated with a blob",
 		Long:  longMessage,
 		Args: func(cmd *cobra.Command, args []string) error {
 			if len(args) == 0 {
diff --git a/specs/commandline/blob.md b/specs/commandline/blob.md
index c9f9e0810..a71c5ac4e 100644
--- a/specs/commandline/blob.md
+++ b/specs/commandline/blob.md
@@ -160,14 +160,14 @@ Usage:
   notation blob verify [flags] --signature <signature_path> <blob_path>
 
 Flags:
-      --signature string      filepath of the signature to be verified
-      --media-type string     optional media type of the blob to verify
-      --policy-name string    optional policy name to verify against. If not provided, the global policy is used if exists
-  -m, --user-metadata stringArray   user defined {key}={value} pairs that must be present in the signature for successful verification if provided
+  -d, --debug                       debug mode
+  -h, --help                        help for verify
+      --media-type string           media type of the blob to verify
       --plugin-config stringArray   {key}={value} pairs that are passed as it is to a plugin, if the verification is associated with a verification plugin, refer plugin documentation to set appropriate values
-  -d, --debug                 debug mode
-  -v, --verbose               verbose mode
-  -h, --help                  help for inspect
+      --policy-name string          policy name to verify against. If not provided, the global policy is used if exists
+      --signature string            filepath of the signature to be verified
+  -m, --user-metadata stringArray   user defined {key}={value} pairs that must be present in the signature for successful verification if provided
+  -v, --verbose                     verbose mode
 ```
 
 ## Usage
diff --git a/test/e2e/suite/command/blob/verify.go b/test/e2e/suite/command/blob/verify.go
index 9d8c90512..c18093716 100644
--- a/test/e2e/suite/command/blob/verify.go
+++ b/test/e2e/suite/command/blob/verify.go
@@ -86,7 +86,7 @@ var _ = Describe("notation blob verify", func() {
 				MatchKeyWords("Signature file written to")
 
 			signaturePath := signatureFilepath(workDir, blobPath, "jws")
-			notation.Exec("blob", "verify", "-d", "--media-type", "image/jpeg", "--signature", signaturePath, blobPath).
+			notation.Exec("blob", "verify", "--media-type", "image/jpeg", "--signature", signaturePath, blobPath).
 				MatchKeyWords(VerifySuccessfully)
 		})
 	})
@@ -108,7 +108,32 @@ var _ = Describe("notation blob verify", func() {
 		})
 	})
 
+	It("with user metadata", func() {
+		HostWithBlob(BaseBlobOptions(), func(notation *utils.ExecOpts, blobPath string, vhost *utils.VirtualHost) {
+			workDir := vhost.AbsolutePath()
+			notation.WithWorkDir(workDir).Exec("blob", "sign", "--user-metadata", "k1=v1", blobPath).
+				MatchKeyWords(SignSuccessfully).
+				MatchKeyWords("Signature file written to")
+
+			signaturePath := signatureFilepath(workDir, blobPath, "jws")
+			notation.Exec("blob", "verify", "--user-metadata", "k1=v1", "--signature", signaturePath, blobPath).
+				MatchKeyWords(VerifySuccessfully)
+		})
+	})
+
 	// Failure cases
+	It("with missing --signature flag", func() {
+		HostWithBlob(BaseBlobOptions(), func(notation *utils.ExecOpts, blobPath string, vhost *utils.VirtualHost) {
+			workDir := vhost.AbsolutePath()
+			notation.WithWorkDir(workDir).Exec("blob", "sign", blobPath).
+				MatchKeyWords(SignSuccessfully).
+				MatchKeyWords("Signature file written to")
+
+			notation.ExpectFailure().Exec("blob", "verify", blobPath).
+				MatchErrKeyWords("filepath of the signature cannot be empty")
+		})
+	})
+
 	It("with no permission to read blob", func() {
 		HostWithBlob(BaseBlobOptions(), func(notation *utils.ExecOpts, blobPath string, vhost *utils.VirtualHost) {
 			workDir := vhost.AbsolutePath()