DockerCLI/cli/command/trust/signer_remove_test.go

package trust

import (
	"io/ioutil"
	"testing"

	"github.com/docker/cli/internal/test"
	notaryfake "github.com/docker/cli/internal/test/notary"
	"github.com/theupdateframework/notary/client"
	"github.com/theupdateframework/notary/tuf/data"
	"gotest.tools/v3/assert"
	is "gotest.tools/v3/assert/cmp"
)

func TestTrustSignerRemoveErrors(t *testing.T) {
	testCases := []struct {
		name          string
		args          []string
		expectedError string
	}{
		{
			name:          "not-enough-args-0",
			expectedError: "requires at least 2 arguments",
		},
		{
			name:          "not-enough-args-1",
			args:          []string{"user"},
			expectedError: "requires at least 2 arguments",
		},
	}
	for _, tc := range testCases {
		cmd := newSignerRemoveCommand(
			test.NewFakeCli(&fakeClient{}))
		cmd.SetArgs(tc.args)
		cmd.SetOutput(ioutil.Discard)
		assert.ErrorContains(t, cmd.Execute(), tc.expectedError)
	}
	testCasesWithOutput := []struct {
		name          string
		args          []string
		expectedError string
	}{
		{
			name:          "not-an-image",
			args:          []string{"user", "notanimage"},
			expectedError: "error retrieving signers for notanimage",
		},
		{
			name:          "sha-reference",
			args:          []string{"user", "870d292919d01a0af7e7f056271dc78792c05f55f49b9b9012b6d89725bd9abd"},
			expectedError: "invalid repository name",
		},
		{
			name:          "invalid-img-reference",
			args:          []string{"user", "ALPINE"},
			expectedError: "invalid reference format",
		},
	}
	for _, tc := range testCasesWithOutput {
		cli := test.NewFakeCli(&fakeClient{})
		cli.SetNotaryClient(notaryfake.GetOfflineNotaryRepository)
		cmd := newSignerRemoveCommand(cli)
		cmd.SetArgs(tc.args)
		cmd.SetOutput(ioutil.Discard)
		cmd.Execute()
		assert.Check(t, is.Contains(cli.ErrBuffer().String(), tc.expectedError))
	}

}

func TestRemoveSingleSigner(t *testing.T) {
	cli := test.NewFakeCli(&fakeClient{})
	cli.SetNotaryClient(notaryfake.GetLoadedNotaryRepository)
	removed, err := removeSingleSigner(cli, "signed-repo", "test", true)
	assert.Error(t, err, "No signer test for repository signed-repo")
	assert.Equal(t, removed, false, "No signer should be removed")

	removed, err = removeSingleSigner(cli, "signed-repo", "releases", true)
	assert.Error(t, err, "releases is a reserved keyword and cannot be removed")
	assert.Equal(t, removed, false, "No signer should be removed")
}

func TestRemoveMultipleSigners(t *testing.T) {
	cli := test.NewFakeCli(&fakeClient{})
	cli.SetNotaryClient(notaryfake.GetLoadedNotaryRepository)
	err := removeSigner(cli, signerRemoveOptions{signer: "test", repos: []string{"signed-repo", "signed-repo"}, forceYes: true})
	assert.Error(t, err, "Error removing signer from: signed-repo, signed-repo")
	assert.Check(t, is.Contains(cli.ErrBuffer().String(),
		"No signer test for repository signed-repo"))
	assert.Check(t, is.Contains(cli.OutBuffer().String(), "Removing signer \"test\" from signed-repo...\n"))
}
func TestRemoveLastSignerWarning(t *testing.T) {
	cli := test.NewFakeCli(&fakeClient{})
	cli.SetNotaryClient(notaryfake.GetLoadedNotaryRepository)

	err := removeSigner(cli, signerRemoveOptions{signer: "alice", repos: []string{"signed-repo"}, forceYes: false})
	assert.NilError(t, err)
	assert.Check(t, is.Contains(cli.OutBuffer().String(),
		"The signer \"alice\" signed the last released version of signed-repo. "+
			"Removing this signer will make signed-repo unpullable. "+
			"Are you sure you want to continue? [y/N]"))
}

func TestIsLastSignerForReleases(t *testing.T) {
	role := data.Role{}
	releaserole := client.RoleWithSignatures{}
	releaserole.Name = releasesRoleTUFName
	releaserole.Threshold = 1
	allrole := []client.RoleWithSignatures{releaserole}
	lastsigner, _ := isLastSignerForReleases(role, allrole)
	assert.Check(t, is.Equal(false, lastsigner))

	role.KeyIDs = []string{"deadbeef"}
	sig := data.Signature{}
	sig.KeyID = "deadbeef"
	releaserole.Signatures = []data.Signature{sig}
	releaserole.Threshold = 1
	allrole = []client.RoleWithSignatures{releaserole}
	lastsigner, _ = isLastSignerForReleases(role, allrole)
	assert.Check(t, is.Equal(true, lastsigner))

	sig.KeyID = "8badf00d"
	releaserole.Signatures = []data.Signature{sig}
	releaserole.Threshold = 1
	allrole = []client.RoleWithSignatures{releaserole}
	lastsigner, _ = isLastSignerForReleases(role, allrole)
	assert.Check(t, is.Equal(false, lastsigner))
}
trust: add signer-add and signer-remove command Signed-off-by: Riyaz Faizullabhoy <riyaz.faizullabhoy@docker.com> 2017-09-26 14:43:52 -04:00			`package trust`

			`import (`
			`"io/ioutil"`
			`"testing"`

			`"github.com/docker/cli/internal/test"`
Refactor content_trust cli/flags handling Remove the global variable used. Allows easier unit testing. Signed-off-by: Vincent Demeester <vincent@sbr.pm> 2018-03-08 08:35:17 -05:00			`notaryfake "github.com/docker/cli/internal/test/notary"`
Move notary to its new location The https://github.com/docker/notary repository has moved to https://github.com/theupdateframework/notary Signed-off-by: Sebastiaan van Stijn <github@gone.nl> 2017-10-30 12:21:41 -04:00			`"github.com/theupdateframework/notary/client"`
			`"github.com/theupdateframework/notary/tuf/data"`
bump gotest.tools v3.0.1 for compatibility with Go 1.14 full diff: https://github.com/gotestyourself/gotest.tools/compare/v2.3.0...v3.0.1 Signed-off-by: Sebastiaan van Stijn <github@gone.nl> 2020-02-22 12:12:14 -05:00			`"gotest.tools/v3/assert"`
			`is "gotest.tools/v3/assert/cmp"`
trust: add signer-add and signer-remove command Signed-off-by: Riyaz Faizullabhoy <riyaz.faizullabhoy@docker.com> 2017-09-26 14:43:52 -04:00			`)`

			`func TestTrustSignerRemoveErrors(t *testing.T) {`
			`testCases := []struct {`
			`name string`
			`args []string`
			`expectedError string`
			`}{`
			`{`
			`name: "not-enough-args-0",`
			`expectedError: "requires at least 2 arguments",`
			`},`
			`{`
			`name: "not-enough-args-1",`
			`args: []string{"user"},`
			`expectedError: "requires at least 2 arguments",`
			`},`
			`}`
			`for _, tc := range testCases {`
			`cmd := newSignerRemoveCommand(`
			`test.NewFakeCli(&fakeClient{}))`
			`cmd.SetArgs(tc.args)`
			`cmd.SetOutput(ioutil.Discard)`
Remove testutil Signed-off-by: Daniel Nephin <dnephin@docker.com> 2018-03-06 14:03:47 -05:00			`assert.ErrorContains(t, cmd.Execute(), tc.expectedError)`
trust: add signer-add and signer-remove command Signed-off-by: Riyaz Faizullabhoy <riyaz.faizullabhoy@docker.com> 2017-09-26 14:43:52 -04:00			`}`
			`testCasesWithOutput := []struct {`
			`name string`
			`args []string`
			`expectedError string`
			`}{`
			`{`
			`name: "not-an-image",`
			`args: []string{"user", "notanimage"},`
update to stderr instead of stdout, update tests Signed-off-by: Riyaz Faizullabhoy <riyaz.faizullabhoy@docker.com> 2017-10-25 13:13:24 -04:00			`expectedError: "error retrieving signers for notanimage",`
trust: add signer-add and signer-remove command Signed-off-by: Riyaz Faizullabhoy <riyaz.faizullabhoy@docker.com> 2017-09-26 14:43:52 -04:00			`},`
			`{`
			`name: "sha-reference",`
			`args: []string{"user", "870d292919d01a0af7e7f056271dc78792c05f55f49b9b9012b6d89725bd9abd"},`
			`expectedError: "invalid repository name",`
			`},`
			`{`
			`name: "invalid-img-reference",`
			`args: []string{"user", "ALPINE"},`
			`expectedError: "invalid reference format",`
			`},`
			`}`
			`for _, tc := range testCasesWithOutput {`
			`cli := test.NewFakeCli(&fakeClient{})`
Refactor content_trust cli/flags handling Remove the global variable used. Allows easier unit testing. Signed-off-by: Vincent Demeester <vincent@sbr.pm> 2018-03-08 08:35:17 -05:00			`cli.SetNotaryClient(notaryfake.GetOfflineNotaryRepository)`
trust: add signer-add and signer-remove command Signed-off-by: Riyaz Faizullabhoy <riyaz.faizullabhoy@docker.com> 2017-09-26 14:43:52 -04:00			`cmd := newSignerRemoveCommand(cli)`
			`cmd.SetArgs(tc.args)`
			`cmd.SetOutput(ioutil.Discard)`
			`cmd.Execute()`
Automated migration Signed-off-by: Daniel Nephin <dnephin@docker.com> 2018-03-05 18:53:52 -05:00			`assert.Check(t, is.Contains(cli.ErrBuffer().String(), tc.expectedError))`
trust: add signer-add and signer-remove command Signed-off-by: Riyaz Faizullabhoy <riyaz.faizullabhoy@docker.com> 2017-09-26 14:43:52 -04:00			`}`

			`}`

			`func TestRemoveSingleSigner(t *testing.T) {`
			`cli := test.NewFakeCli(&fakeClient{})`
Refactor content_trust cli/flags handling Remove the global variable used. Allows easier unit testing. Signed-off-by: Vincent Demeester <vincent@sbr.pm> 2018-03-08 08:35:17 -05:00			`cli.SetNotaryClient(notaryfake.GetLoadedNotaryRepository)`
Move the successful removal print Signed-off-by: Nassim 'Nass' Eddequiouaq <eddequiouaq.nassim@gmail.com> 2018-06-08 12:21:36 -04:00			`removed, err := removeSingleSigner(cli, "signed-repo", "test", true)`
Convert assert.Check(t, is.Error()) to assert.Error git grep -l -P '^\s+assert\.Check\(t, is\.Error\(' \| \ xargs perl -pi -e 's/^(\s+assert\.)Check\(t, is\.Error\((.*)\)$/\1Error(t, \2/' Signed-off-by: Daniel Nephin <dnephin@docker.com> 2018-03-06 15:54:24 -05:00			`assert.Error(t, err, "No signer test for repository signed-repo")`
Move the successful removal print Signed-off-by: Nassim 'Nass' Eddequiouaq <eddequiouaq.nassim@gmail.com> 2018-06-08 12:21:36 -04:00			`assert.Equal(t, removed, false, "No signer should be removed")`
Fix tests and nit Signed-off-by: Nassim 'Nass' Eddequiouaq <eddequiouaq.nassim@gmail.com> 2018-06-06 01:17:32 -04:00
Move the successful removal print Signed-off-by: Nassim 'Nass' Eddequiouaq <eddequiouaq.nassim@gmail.com> 2018-06-08 12:21:36 -04:00			`removed, err = removeSingleSigner(cli, "signed-repo", "releases", true)`
Convert assert.Check(t, is.Error()) to assert.Error git grep -l -P '^\s+assert\.Check\(t, is\.Error\(' \| \ xargs perl -pi -e 's/^(\s+assert\.)Check\(t, is\.Error\((.*)\)$/\1Error(t, \2/' Signed-off-by: Daniel Nephin <dnephin@docker.com> 2018-03-06 15:54:24 -05:00			`assert.Error(t, err, "releases is a reserved keyword and cannot be removed")`
Move the successful removal print Signed-off-by: Nassim 'Nass' Eddequiouaq <eddequiouaq.nassim@gmail.com> 2018-06-08 12:21:36 -04:00			`assert.Equal(t, removed, false, "No signer should be removed")`
trust: add signer-add and signer-remove command Signed-off-by: Riyaz Faizullabhoy <riyaz.faizullabhoy@docker.com> 2017-09-26 14:43:52 -04:00			`}`

			`func TestRemoveMultipleSigners(t *testing.T) {`
			`cli := test.NewFakeCli(&fakeClient{})`
Refactor content_trust cli/flags handling Remove the global variable used. Allows easier unit testing. Signed-off-by: Vincent Demeester <vincent@sbr.pm> 2018-03-08 08:35:17 -05:00			`cli.SetNotaryClient(notaryfake.GetLoadedNotaryRepository)`
review feedback: updating for windows, error paths Signed-off-by: Riyaz Faizullabhoy <riyaz.faizullabhoy@docker.com> 2017-10-25 13:45:10 -04:00			`err := removeSigner(cli, signerRemoveOptions{signer: "test", repos: []string{"signed-repo", "signed-repo"}, forceYes: true})`
Convert assert.Check(t, is.Error()) to assert.Error git grep -l -P '^\s+assert\.Check\(t, is\.Error\(' \| \ xargs perl -pi -e 's/^(\s+assert\.)Check\(t, is\.Error\((.*)\)$/\1Error(t, \2/' Signed-off-by: Daniel Nephin <dnephin@docker.com> 2018-03-06 15:54:24 -05:00			`assert.Error(t, err, "Error removing signer from: signed-repo, signed-repo")`
Automated migration Signed-off-by: Daniel Nephin <dnephin@docker.com> 2018-03-05 18:53:52 -05:00			`assert.Check(t, is.Contains(cli.ErrBuffer().String(),`
			`"No signer test for repository signed-repo"))`
			`assert.Check(t, is.Contains(cli.OutBuffer().String(), "Removing signer \"test\" from signed-repo...\n"))`
trust: add signer-add and signer-remove command Signed-off-by: Riyaz Faizullabhoy <riyaz.faizullabhoy@docker.com> 2017-09-26 14:43:52 -04:00			`}`
			`func TestRemoveLastSignerWarning(t *testing.T) {`
			`cli := test.NewFakeCli(&fakeClient{})`
Refactor content_trust cli/flags handling Remove the global variable used. Allows easier unit testing. Signed-off-by: Vincent Demeester <vincent@sbr.pm> 2018-03-08 08:35:17 -05:00			`cli.SetNotaryClient(notaryfake.GetLoadedNotaryRepository)`
refactoring and adding tests for EC key types Signed-off-by: Riyaz Faizullabhoy <riyaz.faizullabhoy@docker.com> 2017-10-10 13:16:01 -04:00
review feedback: updating for windows, error paths Signed-off-by: Riyaz Faizullabhoy <riyaz.faizullabhoy@docker.com> 2017-10-25 13:45:10 -04:00			`err := removeSigner(cli, signerRemoveOptions{signer: "alice", repos: []string{"signed-repo"}, forceYes: false})`
Convert to assert.NilError Using: git grep -l '^\s\+assert\.Check(t, err)$' \| \ xargs sed -i -e 's/^\(\s\+assert\)\.Check(t, err)$/\1.NilError(t, err)/' Signed-off-by: Daniel Nephin <dnephin@docker.com> 2018-03-06 14:44:13 -05:00			`assert.NilError(t, err)`
Automated migration Signed-off-by: Daniel Nephin <dnephin@docker.com> 2018-03-05 18:53:52 -05:00			`assert.Check(t, is.Contains(cli.OutBuffer().String(),`
trust: add signer-add and signer-remove command Signed-off-by: Riyaz Faizullabhoy <riyaz.faizullabhoy@docker.com> 2017-09-26 14:43:52 -04:00			`"The signer \"alice\" signed the last released version of signed-repo. "+`
			`"Removing this signer will make signed-repo unpullable. "+`
Automated migration Signed-off-by: Daniel Nephin <dnephin@docker.com> 2018-03-05 18:53:52 -05:00			`"Are you sure you want to continue? [y/N]"))`
trust: add signer-add and signer-remove command Signed-off-by: Riyaz Faizullabhoy <riyaz.faizullabhoy@docker.com> 2017-09-26 14:43:52 -04:00			`}`

			`func TestIsLastSignerForReleases(t *testing.T) {`
			`role := data.Role{}`
			`releaserole := client.RoleWithSignatures{}`
			`releaserole.Name = releasesRoleTUFName`
			`releaserole.Threshold = 1`
			`allrole := []client.RoleWithSignatures{releaserole}`
			`lastsigner, _ := isLastSignerForReleases(role, allrole)`
Automated migration Signed-off-by: Daniel Nephin <dnephin@docker.com> 2018-03-05 18:53:52 -05:00			`assert.Check(t, is.Equal(false, lastsigner))`
trust: add signer-add and signer-remove command Signed-off-by: Riyaz Faizullabhoy <riyaz.faizullabhoy@docker.com> 2017-09-26 14:43:52 -04:00
			`role.KeyIDs = []string{"deadbeef"}`
			`sig := data.Signature{}`
			`sig.KeyID = "deadbeef"`
			`releaserole.Signatures = []data.Signature{sig}`
			`releaserole.Threshold = 1`
			`allrole = []client.RoleWithSignatures{releaserole}`
			`lastsigner, _ = isLastSignerForReleases(role, allrole)`
Automated migration Signed-off-by: Daniel Nephin <dnephin@docker.com> 2018-03-05 18:53:52 -05:00			`assert.Check(t, is.Equal(true, lastsigner))`
trust: add signer-add and signer-remove command Signed-off-by: Riyaz Faizullabhoy <riyaz.faizullabhoy@docker.com> 2017-09-26 14:43:52 -04:00
			`sig.KeyID = "8badf00d"`
			`releaserole.Signatures = []data.Signature{sig}`
			`releaserole.Threshold = 1`
			`allrole = []client.RoleWithSignatures{releaserole}`
			`lastsigner, _ = isLastSignerForReleases(role, allrole)`
Automated migration Signed-off-by: Daniel Nephin <dnephin@docker.com> 2018-03-05 18:53:52 -05:00			`assert.Check(t, is.Equal(false, lastsigner))`
trust: add signer-add and signer-remove command Signed-off-by: Riyaz Faizullabhoy <riyaz.faizullabhoy@docker.com> 2017-09-26 14:43:52 -04:00			`}`