DockerCLI/cli/command/trust/signer_remove_test.go

133 lines
4.4 KiB
Go
Raw Normal View History

package trust
import (
"context"
"io"
"testing"
"github.com/docker/cli/internal/test"
notaryfake "github.com/docker/cli/internal/test/notary"
"github.com/theupdateframework/notary/client"
"github.com/theupdateframework/notary/tuf/data"
"gotest.tools/v3/assert"
is "gotest.tools/v3/assert/cmp"
)
func TestTrustSignerRemoveErrors(t *testing.T) {
testCases := []struct {
name string
args []string
expectedError string
}{
{
name: "not-enough-args-0",
expectedError: "requires at least 2 arguments",
},
{
name: "not-enough-args-1",
args: []string{"user"},
expectedError: "requires at least 2 arguments",
},
}
for _, tc := range testCases {
cmd := newSignerRemoveCommand(
test.NewFakeCli(&fakeClient{}))
cmd.SetArgs(tc.args)
cmd.SetOut(io.Discard)
assert.ErrorContains(t, cmd.Execute(), tc.expectedError)
}
testCasesWithOutput := []struct {
name string
args []string
expectedError string
}{
{
name: "not-an-image",
args: []string{"user", "notanimage"},
expectedError: "error retrieving signers for notanimage",
},
{
name: "sha-reference",
args: []string{"user", "870d292919d01a0af7e7f056271dc78792c05f55f49b9b9012b6d89725bd9abd"},
expectedError: "invalid repository name",
},
{
name: "invalid-img-reference",
args: []string{"user", "ALPINE"},
expectedError: "invalid reference format",
},
}
for _, tc := range testCasesWithOutput {
cli := test.NewFakeCli(&fakeClient{})
cli.SetNotaryClient(notaryfake.GetOfflineNotaryRepository)
cmd := newSignerRemoveCommand(cli)
cmd.SetArgs(tc.args)
cmd.SetOut(io.Discard)
cmd.Execute()
assert.Check(t, is.Contains(cli.ErrBuffer().String(), tc.expectedError))
}
}
func TestRemoveSingleSigner(t *testing.T) {
cli := test.NewFakeCli(&fakeClient{})
cli.SetNotaryClient(notaryfake.GetLoadedNotaryRepository)
ctx := context.Background()
removed, err := removeSingleSigner(ctx, cli, "signed-repo", "test", true)
linting: ST1005: error strings should not be capitalized (stylecheck) While fixing, also updated errors without placeholders to `errors.New()`, and updated some code to use pkg/errors if it was already in use in the file. cli/command/config/inspect.go:59:10: ST1005: error strings should not be capitalized (stylecheck) return fmt.Errorf("Cannot supply extra formatting options to the pretty template") ^ cli/command/node/inspect.go:61:10: ST1005: error strings should not be capitalized (stylecheck) return fmt.Errorf("Cannot supply extra formatting options to the pretty template") ^ cli/command/secret/inspect.go:57:10: ST1005: error strings should not be capitalized (stylecheck) return fmt.Errorf("Cannot supply extra formatting options to the pretty template") ^ cli/command/trust/common.go:77:74: ST1005: error strings should not be capitalized (stylecheck) return []trustTagRow{}, []client.RoleWithSignatures{}, []data.Role{}, fmt.Errorf("No signatures or cannot access %s", remote) ^ cli/command/trust/common.go:85:73: ST1005: error strings should not be capitalized (stylecheck) return []trustTagRow{}, []client.RoleWithSignatures{}, []data.Role{}, fmt.Errorf("No signers for %s", remote) ^ cli/command/trust/sign.go:137:10: ST1005: error strings should not be capitalized (stylecheck) return fmt.Errorf("No tag specified for %s", imgRefAndAuth.Name()) ^ cli/command/trust/sign.go:151:19: ST1005: error strings should not be capitalized (stylecheck) return *target, fmt.Errorf("No tag specified") ^ cli/command/trust/signer_add.go:77:10: ST1005: error strings should not be capitalized (stylecheck) return fmt.Errorf("Failed to add signer to: %s", strings.Join(errRepos, ", ")) ^ cli/command/trust/signer_remove.go:52:10: ST1005: error strings should not be capitalized (stylecheck) return fmt.Errorf("Error removing signer from: %s", strings.Join(errRepos, ", ")) ^ cli/command/trust/signer_remove.go:67:17: ST1005: error strings should not be capitalized (stylecheck) return false, fmt.Errorf("All signed tags are currently revoked, use docker trust sign to fix") ^ cli/command/trust/signer_remove.go:108:17: ST1005: error strings should not be capitalized (stylecheck) return false, fmt.Errorf("No signer %s for repository %s", signerName, repoName) ^ opts/hosts.go:89:14: ST1005: error strings should not be capitalized (stylecheck) return "", fmt.Errorf("Invalid bind address format: %s", addr) ^ opts/hosts.go:100:14: ST1005: error strings should not be capitalized (stylecheck) return "", fmt.Errorf("Invalid proto, expected %s: %s", proto, addr) ^ opts/hosts.go:119:14: ST1005: error strings should not be capitalized (stylecheck) return "", fmt.Errorf("Invalid proto, expected tcp: %s", tryAddr) ^ opts/hosts.go:144:14: ST1005: error strings should not be capitalized (stylecheck) return "", fmt.Errorf("Invalid bind address format: %s", tryAddr) ^ opts/hosts.go:155:14: ST1005: error strings should not be capitalized (stylecheck) return "", fmt.Errorf("Invalid bind address format: %s", tryAddr) ^ Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2022-09-02 18:04:53 -04:00
assert.Error(t, err, "no signer test for repository signed-repo")
assert.Equal(t, removed, false, "No signer should be removed")
removed, err = removeSingleSigner(ctx, cli, "signed-repo", "releases", true)
assert.Error(t, err, "releases is a reserved keyword and cannot be removed")
assert.Equal(t, removed, false, "No signer should be removed")
}
func TestRemoveMultipleSigners(t *testing.T) {
cli := test.NewFakeCli(&fakeClient{})
cli.SetNotaryClient(notaryfake.GetLoadedNotaryRepository)
ctx := context.Background()
err := removeSigner(ctx, cli, signerRemoveOptions{signer: "test", repos: []string{"signed-repo", "signed-repo"}, forceYes: true})
linting: ST1005: error strings should not be capitalized (stylecheck) While fixing, also updated errors without placeholders to `errors.New()`, and updated some code to use pkg/errors if it was already in use in the file. cli/command/config/inspect.go:59:10: ST1005: error strings should not be capitalized (stylecheck) return fmt.Errorf("Cannot supply extra formatting options to the pretty template") ^ cli/command/node/inspect.go:61:10: ST1005: error strings should not be capitalized (stylecheck) return fmt.Errorf("Cannot supply extra formatting options to the pretty template") ^ cli/command/secret/inspect.go:57:10: ST1005: error strings should not be capitalized (stylecheck) return fmt.Errorf("Cannot supply extra formatting options to the pretty template") ^ cli/command/trust/common.go:77:74: ST1005: error strings should not be capitalized (stylecheck) return []trustTagRow{}, []client.RoleWithSignatures{}, []data.Role{}, fmt.Errorf("No signatures or cannot access %s", remote) ^ cli/command/trust/common.go:85:73: ST1005: error strings should not be capitalized (stylecheck) return []trustTagRow{}, []client.RoleWithSignatures{}, []data.Role{}, fmt.Errorf("No signers for %s", remote) ^ cli/command/trust/sign.go:137:10: ST1005: error strings should not be capitalized (stylecheck) return fmt.Errorf("No tag specified for %s", imgRefAndAuth.Name()) ^ cli/command/trust/sign.go:151:19: ST1005: error strings should not be capitalized (stylecheck) return *target, fmt.Errorf("No tag specified") ^ cli/command/trust/signer_add.go:77:10: ST1005: error strings should not be capitalized (stylecheck) return fmt.Errorf("Failed to add signer to: %s", strings.Join(errRepos, ", ")) ^ cli/command/trust/signer_remove.go:52:10: ST1005: error strings should not be capitalized (stylecheck) return fmt.Errorf("Error removing signer from: %s", strings.Join(errRepos, ", ")) ^ cli/command/trust/signer_remove.go:67:17: ST1005: error strings should not be capitalized (stylecheck) return false, fmt.Errorf("All signed tags are currently revoked, use docker trust sign to fix") ^ cli/command/trust/signer_remove.go:108:17: ST1005: error strings should not be capitalized (stylecheck) return false, fmt.Errorf("No signer %s for repository %s", signerName, repoName) ^ opts/hosts.go:89:14: ST1005: error strings should not be capitalized (stylecheck) return "", fmt.Errorf("Invalid bind address format: %s", addr) ^ opts/hosts.go:100:14: ST1005: error strings should not be capitalized (stylecheck) return "", fmt.Errorf("Invalid proto, expected %s: %s", proto, addr) ^ opts/hosts.go:119:14: ST1005: error strings should not be capitalized (stylecheck) return "", fmt.Errorf("Invalid proto, expected tcp: %s", tryAddr) ^ opts/hosts.go:144:14: ST1005: error strings should not be capitalized (stylecheck) return "", fmt.Errorf("Invalid bind address format: %s", tryAddr) ^ opts/hosts.go:155:14: ST1005: error strings should not be capitalized (stylecheck) return "", fmt.Errorf("Invalid bind address format: %s", tryAddr) ^ Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2022-09-02 18:04:53 -04:00
assert.Error(t, err, "error removing signer from: signed-repo, signed-repo")
assert.Check(t, is.Contains(cli.ErrBuffer().String(),
linting: ST1005: error strings should not be capitalized (stylecheck) While fixing, also updated errors without placeholders to `errors.New()`, and updated some code to use pkg/errors if it was already in use in the file. cli/command/config/inspect.go:59:10: ST1005: error strings should not be capitalized (stylecheck) return fmt.Errorf("Cannot supply extra formatting options to the pretty template") ^ cli/command/node/inspect.go:61:10: ST1005: error strings should not be capitalized (stylecheck) return fmt.Errorf("Cannot supply extra formatting options to the pretty template") ^ cli/command/secret/inspect.go:57:10: ST1005: error strings should not be capitalized (stylecheck) return fmt.Errorf("Cannot supply extra formatting options to the pretty template") ^ cli/command/trust/common.go:77:74: ST1005: error strings should not be capitalized (stylecheck) return []trustTagRow{}, []client.RoleWithSignatures{}, []data.Role{}, fmt.Errorf("No signatures or cannot access %s", remote) ^ cli/command/trust/common.go:85:73: ST1005: error strings should not be capitalized (stylecheck) return []trustTagRow{}, []client.RoleWithSignatures{}, []data.Role{}, fmt.Errorf("No signers for %s", remote) ^ cli/command/trust/sign.go:137:10: ST1005: error strings should not be capitalized (stylecheck) return fmt.Errorf("No tag specified for %s", imgRefAndAuth.Name()) ^ cli/command/trust/sign.go:151:19: ST1005: error strings should not be capitalized (stylecheck) return *target, fmt.Errorf("No tag specified") ^ cli/command/trust/signer_add.go:77:10: ST1005: error strings should not be capitalized (stylecheck) return fmt.Errorf("Failed to add signer to: %s", strings.Join(errRepos, ", ")) ^ cli/command/trust/signer_remove.go:52:10: ST1005: error strings should not be capitalized (stylecheck) return fmt.Errorf("Error removing signer from: %s", strings.Join(errRepos, ", ")) ^ cli/command/trust/signer_remove.go:67:17: ST1005: error strings should not be capitalized (stylecheck) return false, fmt.Errorf("All signed tags are currently revoked, use docker trust sign to fix") ^ cli/command/trust/signer_remove.go:108:17: ST1005: error strings should not be capitalized (stylecheck) return false, fmt.Errorf("No signer %s for repository %s", signerName, repoName) ^ opts/hosts.go:89:14: ST1005: error strings should not be capitalized (stylecheck) return "", fmt.Errorf("Invalid bind address format: %s", addr) ^ opts/hosts.go:100:14: ST1005: error strings should not be capitalized (stylecheck) return "", fmt.Errorf("Invalid proto, expected %s: %s", proto, addr) ^ opts/hosts.go:119:14: ST1005: error strings should not be capitalized (stylecheck) return "", fmt.Errorf("Invalid proto, expected tcp: %s", tryAddr) ^ opts/hosts.go:144:14: ST1005: error strings should not be capitalized (stylecheck) return "", fmt.Errorf("Invalid bind address format: %s", tryAddr) ^ opts/hosts.go:155:14: ST1005: error strings should not be capitalized (stylecheck) return "", fmt.Errorf("Invalid bind address format: %s", tryAddr) ^ Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2022-09-02 18:04:53 -04:00
"no signer test for repository signed-repo"))
assert.Check(t, is.Contains(cli.OutBuffer().String(), "Removing signer \"test\" from signed-repo...\n"))
}
func TestRemoveLastSignerWarning(t *testing.T) {
cli := test.NewFakeCli(&fakeClient{})
ctx := context.Background()
cli.SetNotaryClient(notaryfake.GetLoadedNotaryRepository)
err := removeSigner(ctx, cli, signerRemoveOptions{signer: "alice", repos: []string{"signed-repo"}, forceYes: false})
assert.NilError(t, err)
assert.Check(t, is.Contains(cli.OutBuffer().String(),
"The signer \"alice\" signed the last released version of signed-repo. "+
"Removing this signer will make signed-repo unpullable. "+
"Are you sure you want to continue? [y/N]"))
}
func TestIsLastSignerForReleases(t *testing.T) {
role := data.Role{}
releaserole := client.RoleWithSignatures{}
releaserole.Name = releasesRoleTUFName
releaserole.Threshold = 1
allrole := []client.RoleWithSignatures{releaserole}
lastsigner, _ := isLastSignerForReleases(role, allrole)
assert.Check(t, is.Equal(false, lastsigner))
role.KeyIDs = []string{"deadbeef"}
sig := data.Signature{}
sig.KeyID = "deadbeef"
releaserole.Signatures = []data.Signature{sig}
releaserole.Threshold = 1
allrole = []client.RoleWithSignatures{releaserole}
lastsigner, _ = isLastSignerForReleases(role, allrole)
assert.Check(t, is.Equal(true, lastsigner))
sig.KeyID = "8badf00d"
releaserole.Signatures = []data.Signature{sig}
releaserole.Threshold = 1
allrole = []client.RoleWithSignatures{releaserole}
lastsigner, _ = isLastSignerForReleases(role, allrole)
assert.Check(t, is.Equal(false, lastsigner))
}