2017-08-24 18:46:01 -04:00
package trust
import (
"io/ioutil"
"os"
"testing"
"github.com/docker/cli/internal/test"
2018-03-08 08:35:17 -05:00
"github.com/docker/cli/internal/test/notary"
2018-03-05 18:53:52 -05:00
"github.com/gotestyourself/gotestyourself/assert"
is "github.com/gotestyourself/gotestyourself/assert/cmp"
2017-10-30 12:21:41 -04:00
"github.com/theupdateframework/notary/client"
"github.com/theupdateframework/notary/passphrase"
"github.com/theupdateframework/notary/trustpinning"
2017-08-24 18:46:01 -04:00
)
2017-08-25 17:49:40 -04:00
func TestTrustRevokeCommandErrors ( t * testing . T ) {
2017-08-24 18:46:01 -04:00
testCases := [ ] struct {
name string
args [ ] string
expectedError string
} {
{
name : "not-enough-args" ,
expectedError : "requires exactly 1 argument" ,
} ,
{
name : "too-many-args" ,
args : [ ] string { "remote1" , "remote2" } ,
expectedError : "requires exactly 1 argument" ,
} ,
{
name : "sha-reference" ,
args : [ ] string { "870d292919d01a0af7e7f056271dc78792c05f55f49b9b9012b6d89725bd9abd" } ,
expectedError : "invalid repository name" ,
} ,
{
name : "invalid-img-reference" ,
args : [ ] string { "ALPINE" } ,
expectedError : "invalid reference format" ,
} ,
{
name : "digest-reference" ,
args : [ ] string { "ubuntu@sha256:45b23dee08af5e43a7fea6c4cf9c25ccf269ee113168c19722f87876677c5cb2" } ,
expectedError : "cannot use a digest reference for IMAGE:TAG" ,
} ,
}
for _ , tc := range testCases {
cmd := newRevokeCommand (
test . NewFakeCli ( & fakeClient { } ) )
cmd . SetArgs ( tc . args )
cmd . SetOutput ( ioutil . Discard )
2018-03-06 14:03:47 -05:00
assert . ErrorContains ( t , cmd . Execute ( ) , tc . expectedError )
2017-08-24 18:46:01 -04:00
}
}
2017-09-13 12:50:37 -04:00
func TestTrustRevokeCommandOfflineErrors ( t * testing . T ) {
2017-09-14 16:16:54 -04:00
cli := test . NewFakeCli ( & fakeClient { } )
2018-03-08 08:35:17 -05:00
cli . SetNotaryClient ( notary . GetOfflineNotaryRepository )
2017-09-13 12:50:37 -04:00
cmd := newRevokeCommand ( cli )
cmd . SetArgs ( [ ] string { "reg-name.io/image" } )
cmd . SetOutput ( ioutil . Discard )
2018-03-06 15:13:00 -05:00
assert . NilError ( t , cmd . Execute ( ) )
2018-03-05 18:53:52 -05:00
assert . Check ( t , is . Contains ( cli . OutBuffer ( ) . String ( ) , "Please confirm you would like to delete all signature data for reg-name.io/image? [y/N] \nAborting action." ) )
2017-09-13 12:50:37 -04:00
2017-09-14 16:16:54 -04:00
cli = test . NewFakeCli ( & fakeClient { } )
2018-03-08 08:35:17 -05:00
cli . SetNotaryClient ( notary . GetOfflineNotaryRepository )
2017-09-13 12:50:37 -04:00
cmd = newRevokeCommand ( cli )
cmd . SetArgs ( [ ] string { "reg-name.io/image" , "-y" } )
cmd . SetOutput ( ioutil . Discard )
2017-09-14 16:16:54 -04:00
cli = test . NewFakeCli ( & fakeClient { } )
2018-03-08 08:35:17 -05:00
cli . SetNotaryClient ( notary . GetOfflineNotaryRepository )
2017-09-13 12:50:37 -04:00
cmd = newRevokeCommand ( cli )
cmd . SetArgs ( [ ] string { "reg-name.io/image:tag" } )
cmd . SetOutput ( ioutil . Discard )
2018-03-06 14:03:47 -05:00
assert . ErrorContains ( t , cmd . Execute ( ) , "could not remove signature for reg-name.io/image:tag: client is offline" )
2017-09-13 12:50:37 -04:00
}
func TestTrustRevokeCommandUninitializedErrors ( t * testing . T ) {
2017-09-14 16:16:54 -04:00
cli := test . NewFakeCli ( & fakeClient { } )
2018-03-08 08:35:17 -05:00
cli . SetNotaryClient ( notary . GetUninitializedNotaryRepository )
2017-09-13 12:50:37 -04:00
cmd := newRevokeCommand ( cli )
cmd . SetArgs ( [ ] string { "reg-name.io/image" } )
cmd . SetOutput ( ioutil . Discard )
2018-03-06 15:13:00 -05:00
assert . NilError ( t , cmd . Execute ( ) )
2018-03-05 18:53:52 -05:00
assert . Check ( t , is . Contains ( cli . OutBuffer ( ) . String ( ) , "Please confirm you would like to delete all signature data for reg-name.io/image? [y/N] \nAborting action." ) )
2017-09-13 12:50:37 -04:00
2017-09-14 16:16:54 -04:00
cli = test . NewFakeCli ( & fakeClient { } )
2018-03-08 08:35:17 -05:00
cli . SetNotaryClient ( notary . GetUninitializedNotaryRepository )
2017-09-13 12:50:37 -04:00
cmd = newRevokeCommand ( cli )
cmd . SetArgs ( [ ] string { "reg-name.io/image" , "-y" } )
cmd . SetOutput ( ioutil . Discard )
2018-03-06 14:03:47 -05:00
assert . ErrorContains ( t , cmd . Execute ( ) , "could not remove signature for reg-name.io/image: does not have trust data for" )
2017-09-13 12:50:37 -04:00
2017-09-14 16:16:54 -04:00
cli = test . NewFakeCli ( & fakeClient { } )
2018-03-08 08:35:17 -05:00
cli . SetNotaryClient ( notary . GetUninitializedNotaryRepository )
2017-09-13 12:50:37 -04:00
cmd = newRevokeCommand ( cli )
cmd . SetArgs ( [ ] string { "reg-name.io/image:tag" } )
cmd . SetOutput ( ioutil . Discard )
2018-03-06 14:03:47 -05:00
assert . ErrorContains ( t , cmd . Execute ( ) , "could not remove signature for reg-name.io/image:tag: does not have trust data for" )
2017-09-13 12:50:37 -04:00
}
func TestTrustRevokeCommandEmptyNotaryRepo ( t * testing . T ) {
2017-09-14 16:16:54 -04:00
cli := test . NewFakeCli ( & fakeClient { } )
2018-03-08 08:35:17 -05:00
cli . SetNotaryClient ( notary . GetEmptyTargetsNotaryRepository )
2017-09-13 12:50:37 -04:00
cmd := newRevokeCommand ( cli )
cmd . SetArgs ( [ ] string { "reg-name.io/image" } )
cmd . SetOutput ( ioutil . Discard )
2018-03-06 15:13:00 -05:00
assert . NilError ( t , cmd . Execute ( ) )
2018-03-05 18:53:52 -05:00
assert . Check ( t , is . Contains ( cli . OutBuffer ( ) . String ( ) , "Please confirm you would like to delete all signature data for reg-name.io/image? [y/N] \nAborting action." ) )
2017-09-13 12:50:37 -04:00
2017-09-14 16:16:54 -04:00
cli = test . NewFakeCli ( & fakeClient { } )
2018-03-08 08:35:17 -05:00
cli . SetNotaryClient ( notary . GetEmptyTargetsNotaryRepository )
2017-09-13 12:50:37 -04:00
cmd = newRevokeCommand ( cli )
cmd . SetArgs ( [ ] string { "reg-name.io/image" , "-y" } )
cmd . SetOutput ( ioutil . Discard )
2018-03-06 14:03:47 -05:00
assert . ErrorContains ( t , cmd . Execute ( ) , "could not remove signature for reg-name.io/image: no signed tags to remove" )
2017-09-13 12:50:37 -04:00
2017-09-14 16:16:54 -04:00
cli = test . NewFakeCli ( & fakeClient { } )
2018-03-08 08:35:17 -05:00
cli . SetNotaryClient ( notary . GetEmptyTargetsNotaryRepository )
2017-09-13 12:50:37 -04:00
cmd = newRevokeCommand ( cli )
cmd . SetArgs ( [ ] string { "reg-name.io/image:tag" } )
cmd . SetOutput ( ioutil . Discard )
2018-03-06 14:03:47 -05:00
assert . ErrorContains ( t , cmd . Execute ( ) , "could not remove signature for reg-name.io/image:tag: No valid trust data for tag" )
2017-09-13 12:50:37 -04:00
}
2017-08-24 18:46:01 -04:00
func TestNewRevokeTrustAllSigConfirmation ( t * testing . T ) {
cli := test . NewFakeCli ( & fakeClient { } )
2018-03-08 08:35:17 -05:00
cli . SetNotaryClient ( notary . GetEmptyTargetsNotaryRepository )
2017-08-24 18:46:01 -04:00
cmd := newRevokeCommand ( cli )
cmd . SetArgs ( [ ] string { "alpine" } )
2018-03-06 15:13:00 -05:00
assert . NilError ( t , cmd . Execute ( ) )
2017-08-24 18:46:01 -04:00
2018-03-05 18:53:52 -05:00
assert . Check ( t , is . Contains ( cli . OutBuffer ( ) . String ( ) , "Please confirm you would like to delete all signature data for alpine? [y/N] \nAborting action." ) )
2017-08-24 18:46:01 -04:00
}
func TestGetSignableRolesForTargetAndRemoveError ( t * testing . T ) {
tmpDir , err := ioutil . TempDir ( "" , "notary-test-" )
2018-03-06 14:44:13 -05:00
assert . NilError ( t , err )
2017-08-24 18:46:01 -04:00
defer os . RemoveAll ( tmpDir )
2017-09-11 17:07:00 -04:00
notaryRepo , err := client . NewFileCachedRepository ( tmpDir , "gun" , "https://localhost" , nil , passphrase . ConstantRetriever ( "password" ) , trustpinning . TrustPinConfig { } )
2018-03-05 18:53:52 -05:00
assert . NilError ( t , err )
2017-08-24 18:46:01 -04:00
target := client . Target { }
err = getSignableRolesForTargetAndRemove ( target , notaryRepo )
2018-03-06 15:54:24 -05:00
assert . Error ( t , err , "client is offline" )
2017-08-24 18:46:01 -04:00
}
