DockerCLI/e2e/container/create_test.go

package container

import (
	"fmt"
	"testing"

	"github.com/docker/cli/e2e/internal/fixtures"
	"github.com/docker/cli/internal/test/environment"
	"gotest.tools/v3/icmd"
	"gotest.tools/v3/skip"
)

func TestCreateWithContentTrust(t *testing.T) {
	skip.If(t, environment.RemoteDaemon())

	dir := fixtures.SetupConfigFile(t)
	defer dir.Remove()
	image := fixtures.CreateMaskedTrustedRemoteImage(t, registryPrefix, "trust-create", "latest")

	defer func() {
		icmd.RunCommand("docker", "image", "rm", image).Assert(t, icmd.Success)
	}()

	result := icmd.RunCmd(
		icmd.Command("docker", "create", image),
		fixtures.WithConfig(dir.Path()),
		fixtures.WithTrust,
		fixtures.WithNotary,
	)
	result.Assert(t, icmd.Expected{
		Err: fmt.Sprintf("Tagging %s@sha", image[:len(image)-7]),
	})
}

func TestTrustedCreateFromUnreachableTrustServer(t *testing.T) {
	dir := fixtures.SetupConfigFile(t)
	defer dir.Remove()
	image := fixtures.CreateMaskedTrustedRemoteImage(t, registryPrefix, "trust-create", "latest")

	result := icmd.RunCmd(
		icmd.Command("docker", "create", image),
		fixtures.WithConfig(dir.Path()),
		fixtures.WithTrust,
		fixtures.WithNotaryServer("https://notary.invalid"),
	)
	result.Assert(t, icmd.Expected{
		ExitCode: 1,
		Err:      "error contacting notary server",
	})
}

func TestTrustedCreateFromBadTrustServer(t *testing.T) {
	evilImageName := "registry:5000/evil-alpine:latest"
	dir := fixtures.SetupConfigFile(t)
	defer dir.Remove()

	// tag the image and upload it to the private registry
	icmd.RunCmd(icmd.Command("docker", "tag", fixtures.AlpineImage, evilImageName),
		fixtures.WithConfig(dir.Path()),
	).Assert(t, icmd.Success)
	icmd.RunCmd(icmd.Command("docker", "image", "push", evilImageName),
		fixtures.WithConfig(dir.Path()),
		fixtures.WithPassphrase("root_password", "repo_password"),
		fixtures.WithTrust,
		fixtures.WithNotary,
	).Assert(t, icmd.Success)
	icmd.RunCmd(icmd.Command("docker", "image", "rm", evilImageName)).Assert(t, icmd.Success)

	// try create
	icmd.RunCmd(icmd.Command("docker", "create", evilImageName),
		fixtures.WithConfig(dir.Path()),
		fixtures.WithTrust,
		fixtures.WithNotary,
	).Assert(t, icmd.Success)
	icmd.RunCmd(icmd.Command("docker", "image", "rm", evilImageName)).Assert(t, icmd.Success)

	// init a client with the evil-server and a new trust dir
	evilNotaryDir := fixtures.SetupConfigWithNotaryURL(t, "evil-test", fixtures.EvilNotaryURL)
	defer evilNotaryDir.Remove()

	// tag the same image and upload it to the private registry but signed with evil notary server
	icmd.RunCmd(icmd.Command("docker", "tag", fixtures.AlpineImage, evilImageName),
		fixtures.WithConfig(evilNotaryDir.Path()),
	).Assert(t, icmd.Success)
	icmd.RunCmd(icmd.Command("docker", "image", "push", evilImageName),
		fixtures.WithConfig(evilNotaryDir.Path()),
		fixtures.WithPassphrase("root_password", "repo_password"),
		fixtures.WithTrust,
		fixtures.WithNotaryServer(fixtures.EvilNotaryURL),
	).Assert(t, icmd.Success)
	icmd.RunCmd(icmd.Command("docker", "image", "rm", evilImageName)).Assert(t, icmd.Success)

	// try creating with the original client from the evil notary server. This should failed
	// because the new root is invalid
	icmd.RunCmd(icmd.Command("docker", "create", evilImageName),
		fixtures.WithConfig(dir.Path()),
		fixtures.WithTrust,
		fixtures.WithNotaryServer(fixtures.EvilNotaryURL),
	).Assert(t, icmd.Expected{
		ExitCode: 1,
		Err:      "could not rotate trust to a new trusted root",
	})
}

func TestCreateWithEmptySourceVolume(t *testing.T) {
	icmd.RunCmd(icmd.Command("docker", "create", "-v", ":/volume", fixtures.AlpineImage)).
		Assert(t, icmd.Expected{
			ExitCode: 125,
			Err:      "empty section between colons",
		})
}

func TestCreateWithEmptyVolumeSpec(t *testing.T) {
	icmd.RunCmd(icmd.Command("docker", "create", "-v", "", fixtures.AlpineImage)).
		Assert(t, icmd.Expected{
			ExitCode: 125,
			Err:      "invalid empty volume spec",
		})
}
Add more content trust tests Importing from moby's DockerTrustSuite tests. Signed-off-by: Vincent Demeester <vincent@sbr.pm> 2018-03-06 05:15:18 -05:00			`package container`

			`import (`
			`"fmt"`
			`"testing"`

			`"github.com/docker/cli/e2e/internal/fixtures"`
Make e2e test image - Build image that contains everything needed to run e2e tests - Add ability to run e2e tests against an endpoint Signed-off-by: Christopher Crone <christopher.crone@docker.com> 2018-05-17 07:11:59 -04:00			`"github.com/docker/cli/internal/test/environment"`
bump gotest.tools v3.0.1 for compatibility with Go 1.14 full diff: https://github.com/gotestyourself/gotest.tools/compare/v2.3.0...v3.0.1 Signed-off-by: Sebastiaan van Stijn <github@gone.nl> 2020-02-22 12:12:14 -05:00			`"gotest.tools/v3/icmd"`
			`"gotest.tools/v3/skip"`
Add more content trust tests Importing from moby's DockerTrustSuite tests. Signed-off-by: Vincent Demeester <vincent@sbr.pm> 2018-03-06 05:15:18 -05:00			`)`

			`func TestCreateWithContentTrust(t *testing.T) {`
Make e2e test image - Build image that contains everything needed to run e2e tests - Add ability to run e2e tests against an endpoint Signed-off-by: Christopher Crone <christopher.crone@docker.com> 2018-05-17 07:11:59 -04:00			`skip.If(t, environment.RemoteDaemon())`

Add more content trust tests Importing from moby's DockerTrustSuite tests. Signed-off-by: Vincent Demeester <vincent@sbr.pm> 2018-03-06 05:15:18 -05:00			`dir := fixtures.SetupConfigFile(t)`
			`defer dir.Remove()`
			`image := fixtures.CreateMaskedTrustedRemoteImage(t, registryPrefix, "trust-create", "latest")`

			`defer func() {`
			`icmd.RunCommand("docker", "image", "rm", image).Assert(t, icmd.Success)`
			`}()`

			`result := icmd.RunCmd(`
			`icmd.Command("docker", "create", image),`
			`fixtures.WithConfig(dir.Path()),`
			`fixtures.WithTrust,`
			`fixtures.WithNotary,`
			`)`
			`result.Assert(t, icmd.Expected{`
			`Err: fmt.Sprintf("Tagging %s@sha", image[:len(image)-7]),`
			`})`
			`}`

Add missing test Signed-off-by: glefloch <glfloch@gmail.com> 2018-11-07 07:42:43 -05:00			`func TestTrustedCreateFromUnreachableTrustServer(t *testing.T) {`
			`dir := fixtures.SetupConfigFile(t)`
			`defer dir.Remove()`
			`image := fixtures.CreateMaskedTrustedRemoteImage(t, registryPrefix, "trust-create", "latest")`

			`result := icmd.RunCmd(`
			`icmd.Command("docker", "create", image),`
			`fixtures.WithConfig(dir.Path()),`
			`fixtures.WithTrust,`
			`fixtures.WithNotaryServer("https://notary.invalid"),`
			`)`
			`result.Assert(t, icmd.Expected{`
			`ExitCode: 1,`
			`Err: "error contacting notary server",`
			`})`
			`}`

			`func TestTrustedCreateFromBadTrustServer(t *testing.T) {`
			`evilImageName := "registry:5000/evil-alpine:latest"`
			`dir := fixtures.SetupConfigFile(t)`
			`defer dir.Remove()`

			`// tag the image and upload it to the private registry`
			`icmd.RunCmd(icmd.Command("docker", "tag", fixtures.AlpineImage, evilImageName),`
			`fixtures.WithConfig(dir.Path()),`
			`).Assert(t, icmd.Success)`
			`icmd.RunCmd(icmd.Command("docker", "image", "push", evilImageName),`
			`fixtures.WithConfig(dir.Path()),`
			`fixtures.WithPassphrase("root_password", "repo_password"),`
			`fixtures.WithTrust,`
			`fixtures.WithNotary,`
			`).Assert(t, icmd.Success)`
			`icmd.RunCmd(icmd.Command("docker", "image", "rm", evilImageName)).Assert(t, icmd.Success)`

			`// try create`
			`icmd.RunCmd(icmd.Command("docker", "create", evilImageName),`
			`fixtures.WithConfig(dir.Path()),`
			`fixtures.WithTrust,`
			`fixtures.WithNotary,`
			`).Assert(t, icmd.Success)`
			`icmd.RunCmd(icmd.Command("docker", "image", "rm", evilImageName)).Assert(t, icmd.Success)`

			`// init a client with the evil-server and a new trust dir`
			`evilNotaryDir := fixtures.SetupConfigWithNotaryURL(t, "evil-test", fixtures.EvilNotaryURL)`
			`defer evilNotaryDir.Remove()`

			`// tag the same image and upload it to the private registry but signed with evil notary server`
			`icmd.RunCmd(icmd.Command("docker", "tag", fixtures.AlpineImage, evilImageName),`
			`fixtures.WithConfig(evilNotaryDir.Path()),`
			`).Assert(t, icmd.Success)`
			`icmd.RunCmd(icmd.Command("docker", "image", "push", evilImageName),`
			`fixtures.WithConfig(evilNotaryDir.Path()),`
			`fixtures.WithPassphrase("root_password", "repo_password"),`
			`fixtures.WithTrust,`
			`fixtures.WithNotaryServer(fixtures.EvilNotaryURL),`
			`).Assert(t, icmd.Success)`
			`icmd.RunCmd(icmd.Command("docker", "image", "rm", evilImageName)).Assert(t, icmd.Success)`

			`// try creating with the original client from the evil notary server. This should failed`
			`// because the new root is invalid`
			`icmd.RunCmd(icmd.Command("docker", "create", evilImageName),`
			`fixtures.WithConfig(dir.Path()),`
			`fixtures.WithTrust,`
			`fixtures.WithNotaryServer(fixtures.EvilNotaryURL),`
			`).Assert(t, icmd.Expected{`
			`ExitCode: 1,`
			`Err: "could not rotate trust to a new trusted root",`
			`})`
			`}`
cli/container: Don't ignore error when parsing volume spec Signed-off-by: Paweł Gronowski <pawel.gronowski@docker.com> 2023-07-11 11:48:35 -04:00
			`func TestCreateWithEmptySourceVolume(t *testing.T) {`
			`icmd.RunCmd(icmd.Command("docker", "create", "-v", ":/volume", fixtures.AlpineImage)).`
			`Assert(t, icmd.Expected{`
			`ExitCode: 125,`
			`Err: "empty section between colons",`
			`})`
			`}`

			`func TestCreateWithEmptyVolumeSpec(t *testing.T) {`
			`icmd.RunCmd(icmd.Command("docker", "create", "-v", "", fixtures.AlpineImage)).`
			`Assert(t, icmd.Expected{`
			`ExitCode: 125,`
			`Err: "invalid empty volume spec",`
			`})`
			`}`