2017-09-26 14:43:52 -04:00
|
|
|
package trust
|
|
|
|
|
|
|
|
|
|
import (
|
|
|
|
|
"fmt"
|
2022-02-25 08:33:57 -05:00
|
|
|
"io"
|
2017-09-26 14:43:52 -04:00
|
|
|
"os"
|
2017-10-25 13:45:10 -04:00
|
|
|
"path/filepath"
|
2018-02-27 10:54:36 -05:00
|
|
|
"runtime"
|
2017-09-26 14:43:52 -04:00
|
|
|
"testing"
|
|
|
|
|
|
|
|
|
|
"github.com/docker/cli/cli/config"
|
|
|
|
|
"github.com/docker/cli/internal/test"
|
2018-03-08 08:35:17 -05:00
|
|
|
notaryfake "github.com/docker/cli/internal/test/notary"
|
2017-10-30 12:21:41 -04:00
|
|
|
"github.com/theupdateframework/notary"
|
2020-02-22 12:12:14 -05:00
|
|
|
"gotest.tools/v3/assert"
|
|
|
|
|
is "gotest.tools/v3/assert/cmp"
|
2017-09-26 14:43:52 -04:00
|
|
|
)
|
|
|
|
|
|
|
|
|
|
func TestTrustSignerAddErrors(t *testing.T) {
|
|
|
|
|
testCases := []struct {
|
|
|
|
|
name string
|
|
|
|
|
args []string
|
|
|
|
|
expectedError string
|
|
|
|
|
}{
|
|
|
|
|
{
|
|
|
|
|
name: "not-enough-args",
|
|
|
|
|
expectedError: "requires at least 2 argument",
|
|
|
|
|
},
|
|
|
|
|
{
|
|
|
|
|
name: "no-key",
|
|
|
|
|
args: []string{"foo", "bar"},
|
2017-10-25 13:45:10 -04:00
|
|
|
expectedError: "path to a public key must be provided using the `--key` flag",
|
2017-09-26 14:43:52 -04:00
|
|
|
},
|
|
|
|
|
{
|
|
|
|
|
name: "reserved-releases-signer-add",
|
2017-10-25 13:45:10 -04:00
|
|
|
args: []string{"releases", "my-image", "--key", "/path/to/key"},
|
2017-09-26 14:43:52 -04:00
|
|
|
expectedError: "releases is a reserved keyword, please use a different signer name",
|
|
|
|
|
},
|
|
|
|
|
{
|
|
|
|
|
name: "disallowed-chars",
|
2017-10-25 13:45:10 -04:00
|
|
|
args: []string{"ali/ce", "my-image", "--key", "/path/to/key"},
|
|
|
|
|
expectedError: "signer name \"ali/ce\" must start with lowercase alphanumeric characters and can include \"-\" or \"_\" after the first character",
|
2017-09-26 14:43:52 -04:00
|
|
|
},
|
|
|
|
|
{
|
|
|
|
|
name: "no-upper-case",
|
2017-10-25 13:45:10 -04:00
|
|
|
args: []string{"Alice", "my-image", "--key", "/path/to/key"},
|
|
|
|
|
expectedError: "signer name \"Alice\" must start with lowercase alphanumeric characters and can include \"-\" or \"_\" after the first character",
|
2017-09-26 14:43:52 -04:00
|
|
|
},
|
|
|
|
|
{
|
|
|
|
|
name: "start-with-letter",
|
2017-10-25 13:45:10 -04:00
|
|
|
args: []string{"_alice", "my-image", "--key", "/path/to/key"},
|
|
|
|
|
expectedError: "signer name \"_alice\" must start with lowercase alphanumeric characters and can include \"-\" or \"_\" after the first character",
|
2017-09-26 14:43:52 -04:00
|
|
|
},
|
|
|
|
|
}
|
2022-02-25 08:33:57 -05:00
|
|
|
config.SetDir(t.TempDir())
|
2017-09-26 14:43:52 -04:00
|
|
|
|
|
|
|
|
for _, tc := range testCases {
|
|
|
|
|
cli := test.NewFakeCli(&fakeClient{})
|
2018-03-08 08:35:17 -05:00
|
|
|
cli.SetNotaryClient(notaryfake.GetOfflineNotaryRepository)
|
2017-09-26 14:43:52 -04:00
|
|
|
cmd := newSignerAddCommand(cli)
|
|
|
|
|
cmd.SetArgs(tc.args)
|
2022-02-25 08:33:57 -05:00
|
|
|
cmd.SetOut(io.Discard)
|
2018-03-06 14:03:47 -05:00
|
|
|
assert.ErrorContains(t, cmd.Execute(), tc.expectedError)
|
2017-09-26 14:43:52 -04:00
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
func TestSignerAddCommandNoTargetsKey(t *testing.T) {
|
2022-02-25 08:33:57 -05:00
|
|
|
config.SetDir(t.TempDir())
|
2017-09-26 14:43:52 -04:00
|
|
|
|
2022-02-25 08:33:57 -05:00
|
|
|
tmpfile, err := os.CreateTemp("", "pemfile")
|
2018-03-06 14:44:13 -05:00
|
|
|
assert.NilError(t, err)
|
2022-02-25 08:33:57 -05:00
|
|
|
tmpfile.Close()
|
2017-09-26 14:43:52 -04:00
|
|
|
defer os.Remove(tmpfile.Name())
|
|
|
|
|
|
|
|
|
|
cli := test.NewFakeCli(&fakeClient{})
|
2018-03-08 08:35:17 -05:00
|
|
|
cli.SetNotaryClient(notaryfake.GetEmptyTargetsNotaryRepository)
|
2017-09-26 14:43:52 -04:00
|
|
|
cmd := newSignerAddCommand(cli)
|
|
|
|
|
cmd.SetArgs([]string{"--key", tmpfile.Name(), "alice", "alpine", "linuxkit/alpine"})
|
|
|
|
|
|
2022-02-25 08:33:57 -05:00
|
|
|
cmd.SetOut(io.Discard)
|
2018-03-06 15:54:24 -05:00
|
|
|
assert.Error(t, cmd.Execute(), fmt.Sprintf("could not parse public key from file: %s: no valid public key found", tmpfile.Name()))
|
2017-09-26 14:43:52 -04:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
func TestSignerAddCommandBadKeyPath(t *testing.T) {
|
2022-02-25 08:33:57 -05:00
|
|
|
config.SetDir(t.TempDir())
|
2017-09-26 14:43:52 -04:00
|
|
|
|
|
|
|
|
cli := test.NewFakeCli(&fakeClient{})
|
2018-03-08 08:35:17 -05:00
|
|
|
cli.SetNotaryClient(notaryfake.GetEmptyTargetsNotaryRepository)
|
2017-09-26 14:43:52 -04:00
|
|
|
cmd := newSignerAddCommand(cli)
|
|
|
|
|
cmd.SetArgs([]string{"--key", "/path/to/key.pem", "alice", "alpine"})
|
|
|
|
|
|
2022-02-25 08:33:57 -05:00
|
|
|
cmd.SetOut(io.Discard)
|
2018-02-27 10:54:36 -05:00
|
|
|
expectedError := "unable to read public key from file: open /path/to/key.pem: no such file or directory"
|
|
|
|
|
if runtime.GOOS == "windows" {
|
|
|
|
|
expectedError = "unable to read public key from file: open /path/to/key.pem: The system cannot find the path specified."
|
|
|
|
|
}
|
|
|
|
|
assert.Error(t, cmd.Execute(), expectedError)
|
2017-09-26 14:43:52 -04:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
func TestSignerAddCommandInvalidRepoName(t *testing.T) {
|
2022-02-25 08:33:57 -05:00
|
|
|
config.SetDir(t.TempDir())
|
2017-09-26 14:43:52 -04:00
|
|
|
|
2022-02-25 08:33:57 -05:00
|
|
|
pubKeyDir := t.TempDir()
|
2017-10-25 13:45:10 -04:00
|
|
|
pubKeyFilepath := filepath.Join(pubKeyDir, "pubkey.pem")
|
2022-02-25 08:33:57 -05:00
|
|
|
assert.NilError(t, os.WriteFile(pubKeyFilepath, pubKeyFixture, notary.PrivNoExecPerms))
|
2017-10-25 13:45:10 -04:00
|
|
|
|
2017-09-26 14:43:52 -04:00
|
|
|
cli := test.NewFakeCli(&fakeClient{})
|
2018-03-08 08:35:17 -05:00
|
|
|
cli.SetNotaryClient(notaryfake.GetUninitializedNotaryRepository)
|
2017-09-26 14:43:52 -04:00
|
|
|
cmd := newSignerAddCommand(cli)
|
|
|
|
|
imageName := "870d292919d01a0af7e7f056271dc78792c05f55f49b9b9012b6d89725bd9abd"
|
2017-10-25 13:45:10 -04:00
|
|
|
cmd.SetArgs([]string{"--key", pubKeyFilepath, "alice", imageName})
|
2017-09-26 14:43:52 -04:00
|
|
|
|
2022-02-25 08:33:57 -05:00
|
|
|
cmd.SetOut(io.Discard)
|
linting: ST1005: error strings should not be capitalized (stylecheck)
While fixing, also updated errors without placeholders to `errors.New()`, and
updated some code to use pkg/errors if it was already in use in the file.
cli/command/config/inspect.go:59:10: ST1005: error strings should not be capitalized (stylecheck)
return fmt.Errorf("Cannot supply extra formatting options to the pretty template")
^
cli/command/node/inspect.go:61:10: ST1005: error strings should not be capitalized (stylecheck)
return fmt.Errorf("Cannot supply extra formatting options to the pretty template")
^
cli/command/secret/inspect.go:57:10: ST1005: error strings should not be capitalized (stylecheck)
return fmt.Errorf("Cannot supply extra formatting options to the pretty template")
^
cli/command/trust/common.go:77:74: ST1005: error strings should not be capitalized (stylecheck)
return []trustTagRow{}, []client.RoleWithSignatures{}, []data.Role{}, fmt.Errorf("No signatures or cannot access %s", remote)
^
cli/command/trust/common.go:85:73: ST1005: error strings should not be capitalized (stylecheck)
return []trustTagRow{}, []client.RoleWithSignatures{}, []data.Role{}, fmt.Errorf("No signers for %s", remote)
^
cli/command/trust/sign.go:137:10: ST1005: error strings should not be capitalized (stylecheck)
return fmt.Errorf("No tag specified for %s", imgRefAndAuth.Name())
^
cli/command/trust/sign.go:151:19: ST1005: error strings should not be capitalized (stylecheck)
return *target, fmt.Errorf("No tag specified")
^
cli/command/trust/signer_add.go:77:10: ST1005: error strings should not be capitalized (stylecheck)
return fmt.Errorf("Failed to add signer to: %s", strings.Join(errRepos, ", "))
^
cli/command/trust/signer_remove.go:52:10: ST1005: error strings should not be capitalized (stylecheck)
return fmt.Errorf("Error removing signer from: %s", strings.Join(errRepos, ", "))
^
cli/command/trust/signer_remove.go:67:17: ST1005: error strings should not be capitalized (stylecheck)
return false, fmt.Errorf("All signed tags are currently revoked, use docker trust sign to fix")
^
cli/command/trust/signer_remove.go:108:17: ST1005: error strings should not be capitalized (stylecheck)
return false, fmt.Errorf("No signer %s for repository %s", signerName, repoName)
^
opts/hosts.go:89:14: ST1005: error strings should not be capitalized (stylecheck)
return "", fmt.Errorf("Invalid bind address format: %s", addr)
^
opts/hosts.go:100:14: ST1005: error strings should not be capitalized (stylecheck)
return "", fmt.Errorf("Invalid proto, expected %s: %s", proto, addr)
^
opts/hosts.go:119:14: ST1005: error strings should not be capitalized (stylecheck)
return "", fmt.Errorf("Invalid proto, expected tcp: %s", tryAddr)
^
opts/hosts.go:144:14: ST1005: error strings should not be capitalized (stylecheck)
return "", fmt.Errorf("Invalid bind address format: %s", tryAddr)
^
opts/hosts.go:155:14: ST1005: error strings should not be capitalized (stylecheck)
return "", fmt.Errorf("Invalid bind address format: %s", tryAddr)
^
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2022-09-02 18:04:53 -04:00
|
|
|
assert.Error(t, cmd.Execute(), "failed to add signer to: 870d292919d01a0af7e7f056271dc78792c05f55f49b9b9012b6d89725bd9abd")
|
2017-10-25 13:45:10 -04:00
|
|
|
expectedErr := fmt.Sprintf("invalid repository name (%s), cannot specify 64-byte hexadecimal strings\n\n", imageName)
|
2017-09-26 14:43:52 -04:00
|
|
|
|
2018-03-05 18:53:52 -05:00
|
|
|
assert.Check(t, is.Equal(expectedErr, cli.ErrBuffer().String()))
|
2017-09-26 14:43:52 -04:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
func TestIngestPublicKeys(t *testing.T) {
|
|
|
|
|
// Call with a bad path
|
|
|
|
|
_, err := ingestPublicKeys([]string{"foo", "bar"})
|
2018-02-27 10:54:36 -05:00
|
|
|
expectedError := "unable to read public key from file: open foo: no such file or directory"
|
|
|
|
|
if runtime.GOOS == "windows" {
|
|
|
|
|
expectedError = "unable to read public key from file: open foo: The system cannot find the file specified."
|
|
|
|
|
}
|
|
|
|
|
assert.Error(t, err, expectedError)
|
2017-09-26 14:43:52 -04:00
|
|
|
// Call with real file path
|
2022-02-25 08:33:57 -05:00
|
|
|
tmpfile, err := os.CreateTemp("", "pemfile")
|
2018-03-06 14:44:13 -05:00
|
|
|
assert.NilError(t, err)
|
2022-02-25 08:33:57 -05:00
|
|
|
tmpfile.Close()
|
2017-09-26 14:43:52 -04:00
|
|
|
defer os.Remove(tmpfile.Name())
|
|
|
|
|
_, err = ingestPublicKeys([]string{tmpfile.Name()})
|
2018-03-06 15:54:24 -05:00
|
|
|
assert.Error(t, err, fmt.Sprintf("could not parse public key from file: %s: no valid public key found", tmpfile.Name()))
|
2017-09-26 14:43:52 -04:00
|
|
|
}
|
