2017-11-13 20:18:04 -05:00
|
|
|
package fixtures
|
|
|
|
|
|
|
|
import (
|
2018-03-06 05:15:18 -05:00
|
|
|
"fmt"
|
2017-11-13 20:18:04 -05:00
|
|
|
"os"
|
|
|
|
"testing"
|
|
|
|
|
2020-02-22 12:12:14 -05:00
|
|
|
"gotest.tools/v3/fs"
|
|
|
|
"gotest.tools/v3/icmd"
|
2017-11-13 20:18:04 -05:00
|
|
|
)
|
|
|
|
|
|
|
|
const (
|
2020-01-16 06:46:07 -05:00
|
|
|
// NotaryURL is the location of the notary server
|
2017-11-13 20:18:04 -05:00
|
|
|
NotaryURL = "https://notary-server:4443"
|
2020-01-16 06:46:07 -05:00
|
|
|
// EvilNotaryURL is the location of the evil notary server
|
2018-11-07 07:42:43 -05:00
|
|
|
EvilNotaryURL = "https://evil-notary-server:4444"
|
2020-01-16 06:46:07 -05:00
|
|
|
// AlpineImage is an image in the test registry
|
2023-02-23 09:00:59 -05:00
|
|
|
AlpineImage = "registry:5000/alpine:frozen"
|
2020-01-16 06:46:07 -05:00
|
|
|
// AlpineSha is the sha of the alpine image
|
2023-08-28 17:21:03 -04:00
|
|
|
AlpineSha = "e2e16842c9b54d985bf1ef9242a313f36b856181f188de21313820e177002501" // #nosec G101 -- ignoring: Potential hardcoded credentials (gosec)
|
2020-01-16 06:46:07 -05:00
|
|
|
// BusyboxImage is an image in the test registry
|
2023-02-23 09:00:59 -05:00
|
|
|
BusyboxImage = "registry:5000/busybox:frozen"
|
2020-01-16 06:46:07 -05:00
|
|
|
// BusyboxSha is the sha of the busybox image
|
2023-08-28 17:21:03 -04:00
|
|
|
BusyboxSha = "030fcb92e1487b18c974784dcc110a93147c9fc402188370fbfd17efabffc6af" // #nosec G101 -- ignoring: Potential hardcoded credentials (gosec)
|
2017-11-13 20:18:04 -05:00
|
|
|
)
|
|
|
|
|
2020-01-16 06:46:07 -05:00
|
|
|
// SetupConfigFile creates a config.json file for testing
|
2017-11-13 20:18:04 -05:00
|
|
|
func SetupConfigFile(t *testing.T) fs.Dir {
|
2018-04-18 11:02:21 -04:00
|
|
|
t.Helper()
|
2018-11-07 07:42:43 -05:00
|
|
|
return SetupConfigWithNotaryURL(t, "trust_test", NotaryURL)
|
|
|
|
}
|
|
|
|
|
2020-01-16 06:46:07 -05:00
|
|
|
// SetupConfigWithNotaryURL creates a config.json file for testing in the given path
|
|
|
|
// with the given notaryURL
|
2018-11-07 07:42:43 -05:00
|
|
|
func SetupConfigWithNotaryURL(t *testing.T, path, notaryURL string) fs.Dir {
|
|
|
|
t.Helper()
|
2022-09-30 13:13:22 -04:00
|
|
|
dir := fs.NewDir(t, path, fs.WithMode(0o700), fs.WithFile("config.json", fmt.Sprintf(`
|
2017-11-13 20:18:04 -05:00
|
|
|
{
|
|
|
|
"auths": {
|
|
|
|
"registry:5000": {
|
|
|
|
"auth": "ZWlhaXM6cGFzc3dvcmQK"
|
|
|
|
},
|
2018-11-07 07:42:43 -05:00
|
|
|
"%s": {
|
2017-11-13 20:18:04 -05:00
|
|
|
"auth": "ZWlhaXM6cGFzc3dvcmQK"
|
|
|
|
}
|
2017-12-20 09:04:41 -05:00
|
|
|
},
|
|
|
|
"experimental": "enabled"
|
2017-11-13 20:18:04 -05:00
|
|
|
}
|
2018-11-07 07:42:43 -05:00
|
|
|
`, notaryURL)), fs.WithDir("trust", fs.WithDir("private")))
|
2017-11-13 20:18:04 -05:00
|
|
|
return *dir
|
|
|
|
}
|
|
|
|
|
2020-01-16 06:46:07 -05:00
|
|
|
// WithConfig sets an environment variable for the docker config location
|
2017-11-13 20:18:04 -05:00
|
|
|
func WithConfig(dir string) func(cmd *icmd.Cmd) {
|
|
|
|
return func(cmd *icmd.Cmd) {
|
2021-06-11 11:46:30 -04:00
|
|
|
addEnvs(cmd, "DOCKER_CONFIG="+dir)
|
2017-11-13 20:18:04 -05:00
|
|
|
}
|
|
|
|
}
|
|
|
|
|
2020-01-16 06:46:07 -05:00
|
|
|
// WithPassphrase sets environment variables for passphrases
|
2017-11-13 20:18:04 -05:00
|
|
|
func WithPassphrase(rootPwd, repositoryPwd string) func(cmd *icmd.Cmd) {
|
|
|
|
return func(cmd *icmd.Cmd) {
|
2021-06-11 11:46:30 -04:00
|
|
|
addEnvs(cmd,
|
2017-11-13 20:18:04 -05:00
|
|
|
"DOCKER_CONTENT_TRUST_ROOT_PASSPHRASE="+rootPwd,
|
|
|
|
"DOCKER_CONTENT_TRUST_REPOSITORY_PASSPHRASE="+repositoryPwd,
|
|
|
|
)
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
2020-01-16 06:46:07 -05:00
|
|
|
// WithTrust sets DOCKER_CONTENT_TRUST to 1
|
2017-11-13 20:18:04 -05:00
|
|
|
func WithTrust(cmd *icmd.Cmd) {
|
2021-06-11 11:46:30 -04:00
|
|
|
addEnvs(cmd, "DOCKER_CONTENT_TRUST=1")
|
2017-11-13 20:18:04 -05:00
|
|
|
}
|
|
|
|
|
2020-01-16 06:46:07 -05:00
|
|
|
// WithNotary sets the location of the notary server
|
2017-11-13 20:18:04 -05:00
|
|
|
func WithNotary(cmd *icmd.Cmd) {
|
2021-06-11 11:46:30 -04:00
|
|
|
addEnvs(cmd, "DOCKER_CONTENT_TRUST_SERVER="+NotaryURL)
|
2017-11-13 20:18:04 -05:00
|
|
|
}
|
2018-03-06 05:15:18 -05:00
|
|
|
|
2020-01-16 06:46:07 -05:00
|
|
|
// WithHome sets the HOME environment variable
|
2018-03-06 05:15:18 -05:00
|
|
|
func WithHome(path string) func(*icmd.Cmd) {
|
|
|
|
return func(cmd *icmd.Cmd) {
|
2021-06-11 11:46:30 -04:00
|
|
|
addEnvs(cmd, "HOME="+path)
|
2018-03-06 05:15:18 -05:00
|
|
|
}
|
|
|
|
}
|
|
|
|
|
2020-01-16 06:46:07 -05:00
|
|
|
// WithNotaryServer sets the location of the notary server
|
2018-03-06 05:15:18 -05:00
|
|
|
func WithNotaryServer(notaryURL string) func(*icmd.Cmd) {
|
|
|
|
return func(cmd *icmd.Cmd) {
|
2021-06-11 11:46:30 -04:00
|
|
|
addEnvs(cmd, "DOCKER_CONTENT_TRUST_SERVER="+notaryURL)
|
2018-03-06 05:15:18 -05:00
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
// CreateMaskedTrustedRemoteImage creates a remote image that is signed with
|
|
|
|
// content trust, then pushes a different untrusted image at the same tag.
|
|
|
|
func CreateMaskedTrustedRemoteImage(t *testing.T, registryPrefix, repo, tag string) string {
|
2018-04-18 11:02:21 -04:00
|
|
|
t.Helper()
|
2018-03-06 05:15:18 -05:00
|
|
|
image := createTrustedRemoteImage(t, registryPrefix, repo, tag)
|
|
|
|
createNamedUnsignedImageFromBusyBox(t, image)
|
|
|
|
return image
|
|
|
|
}
|
|
|
|
|
|
|
|
func createTrustedRemoteImage(t *testing.T, registryPrefix, repo, tag string) string {
|
2018-04-18 11:02:21 -04:00
|
|
|
t.Helper()
|
2018-03-06 05:15:18 -05:00
|
|
|
image := fmt.Sprintf("%s/%s:%s", registryPrefix, repo, tag)
|
|
|
|
icmd.RunCommand("docker", "image", "pull", AlpineImage).Assert(t, icmd.Success)
|
|
|
|
icmd.RunCommand("docker", "image", "tag", AlpineImage, image).Assert(t, icmd.Success)
|
|
|
|
result := icmd.RunCmd(
|
|
|
|
icmd.Command("docker", "image", "push", image),
|
|
|
|
WithPassphrase("root_password", "repo_password"), WithTrust, WithNotary)
|
|
|
|
result.Assert(t, icmd.Success)
|
|
|
|
icmd.RunCommand("docker", "image", "rm", image).Assert(t, icmd.Success)
|
|
|
|
return image
|
|
|
|
}
|
|
|
|
|
|
|
|
func createNamedUnsignedImageFromBusyBox(t *testing.T, image string) {
|
2018-04-18 11:02:21 -04:00
|
|
|
t.Helper()
|
2018-03-06 05:15:18 -05:00
|
|
|
icmd.RunCommand("docker", "image", "pull", BusyboxImage).Assert(t, icmd.Success)
|
|
|
|
icmd.RunCommand("docker", "image", "tag", BusyboxImage, image).Assert(t, icmd.Success)
|
|
|
|
icmd.RunCommand("docker", "image", "push", image).Assert(t, icmd.Success)
|
|
|
|
icmd.RunCommand("docker", "image", "rm", image).Assert(t, icmd.Success)
|
|
|
|
}
|
2021-06-11 11:46:30 -04:00
|
|
|
|
|
|
|
// addEnvs adds environment variables to cmd, making sure to preserve the
|
|
|
|
// current os.Environ(), which would otherwise be omitted (for non-empty .Env).
|
|
|
|
func addEnvs(cmd *icmd.Cmd, envs ...string) {
|
|
|
|
if len(cmd.Env) == 0 {
|
|
|
|
cmd.Env = os.Environ()
|
|
|
|
}
|
|
|
|
cmd.Env = append(cmd.Env, envs...)
|
|
|
|
}
|