2017-09-26 14:43:52 -04:00
|
|
|
package trust
|
|
|
|
|
|
|
|
import (
|
|
|
|
"io/ioutil"
|
|
|
|
"testing"
|
|
|
|
|
|
|
|
"github.com/docker/cli/internal/test"
|
2018-03-05 18:53:52 -05:00
|
|
|
"github.com/gotestyourself/gotestyourself/assert"
|
|
|
|
is "github.com/gotestyourself/gotestyourself/assert/cmp"
|
2017-10-30 12:21:41 -04:00
|
|
|
"github.com/theupdateframework/notary/client"
|
|
|
|
"github.com/theupdateframework/notary/tuf/data"
|
2017-09-26 14:43:52 -04:00
|
|
|
)
|
|
|
|
|
|
|
|
func TestTrustSignerRemoveErrors(t *testing.T) {
|
|
|
|
testCases := []struct {
|
|
|
|
name string
|
|
|
|
args []string
|
|
|
|
expectedError string
|
|
|
|
}{
|
|
|
|
{
|
|
|
|
name: "not-enough-args-0",
|
|
|
|
expectedError: "requires at least 2 arguments",
|
|
|
|
},
|
|
|
|
{
|
|
|
|
name: "not-enough-args-1",
|
|
|
|
args: []string{"user"},
|
|
|
|
expectedError: "requires at least 2 arguments",
|
|
|
|
},
|
|
|
|
}
|
|
|
|
for _, tc := range testCases {
|
|
|
|
cmd := newSignerRemoveCommand(
|
|
|
|
test.NewFakeCli(&fakeClient{}))
|
|
|
|
cmd.SetArgs(tc.args)
|
|
|
|
cmd.SetOutput(ioutil.Discard)
|
2018-03-06 14:03:47 -05:00
|
|
|
assert.ErrorContains(t, cmd.Execute(), tc.expectedError)
|
2017-09-26 14:43:52 -04:00
|
|
|
}
|
|
|
|
testCasesWithOutput := []struct {
|
|
|
|
name string
|
|
|
|
args []string
|
|
|
|
expectedError string
|
|
|
|
}{
|
|
|
|
{
|
|
|
|
name: "not-an-image",
|
|
|
|
args: []string{"user", "notanimage"},
|
2017-10-25 13:13:24 -04:00
|
|
|
expectedError: "error retrieving signers for notanimage",
|
2017-09-26 14:43:52 -04:00
|
|
|
},
|
|
|
|
{
|
|
|
|
name: "sha-reference",
|
|
|
|
args: []string{"user", "870d292919d01a0af7e7f056271dc78792c05f55f49b9b9012b6d89725bd9abd"},
|
|
|
|
expectedError: "invalid repository name",
|
|
|
|
},
|
|
|
|
{
|
|
|
|
name: "invalid-img-reference",
|
|
|
|
args: []string{"user", "ALPINE"},
|
|
|
|
expectedError: "invalid reference format",
|
|
|
|
},
|
|
|
|
}
|
|
|
|
for _, tc := range testCasesWithOutput {
|
|
|
|
cli := test.NewFakeCli(&fakeClient{})
|
|
|
|
cli.SetNotaryClient(getOfflineNotaryRepository)
|
|
|
|
cmd := newSignerRemoveCommand(cli)
|
|
|
|
cmd.SetArgs(tc.args)
|
|
|
|
cmd.SetOutput(ioutil.Discard)
|
|
|
|
cmd.Execute()
|
2018-03-05 18:53:52 -05:00
|
|
|
assert.Check(t, is.Contains(cli.ErrBuffer().String(), tc.expectedError))
|
2017-09-26 14:43:52 -04:00
|
|
|
}
|
|
|
|
|
|
|
|
}
|
|
|
|
|
|
|
|
func TestRemoveSingleSigner(t *testing.T) {
|
|
|
|
cli := test.NewFakeCli(&fakeClient{})
|
|
|
|
cli.SetNotaryClient(getLoadedNotaryRepository)
|
|
|
|
err := removeSingleSigner(cli, "signed-repo", "test", true)
|
2018-03-05 18:53:52 -05:00
|
|
|
assert.Check(t, is.Error(err, "No signer test for repository signed-repo"))
|
2017-09-26 14:43:52 -04:00
|
|
|
err = removeSingleSigner(cli, "signed-repo", "releases", true)
|
2018-03-05 18:53:52 -05:00
|
|
|
assert.Check(t, is.Error(err, "releases is a reserved keyword and cannot be removed"))
|
2017-09-26 14:43:52 -04:00
|
|
|
}
|
|
|
|
|
|
|
|
func TestRemoveMultipleSigners(t *testing.T) {
|
|
|
|
cli := test.NewFakeCli(&fakeClient{})
|
|
|
|
cli.SetNotaryClient(getLoadedNotaryRepository)
|
2017-10-25 13:45:10 -04:00
|
|
|
err := removeSigner(cli, signerRemoveOptions{signer: "test", repos: []string{"signed-repo", "signed-repo"}, forceYes: true})
|
2018-03-05 18:53:52 -05:00
|
|
|
assert.Check(t, is.Error(err, "Error removing signer from: signed-repo, signed-repo"))
|
|
|
|
assert.Check(t, is.Contains(cli.ErrBuffer().String(),
|
|
|
|
"No signer test for repository signed-repo"))
|
|
|
|
assert.Check(t, is.Contains(cli.OutBuffer().String(), "Removing signer \"test\" from signed-repo...\n"))
|
2017-09-26 14:43:52 -04:00
|
|
|
}
|
|
|
|
func TestRemoveLastSignerWarning(t *testing.T) {
|
|
|
|
cli := test.NewFakeCli(&fakeClient{})
|
|
|
|
cli.SetNotaryClient(getLoadedNotaryRepository)
|
2017-10-10 13:16:01 -04:00
|
|
|
|
2017-10-25 13:45:10 -04:00
|
|
|
err := removeSigner(cli, signerRemoveOptions{signer: "alice", repos: []string{"signed-repo"}, forceYes: false})
|
2018-03-05 18:53:52 -05:00
|
|
|
assert.Check(t, err)
|
|
|
|
assert.Check(t, is.Contains(cli.OutBuffer().String(),
|
2017-09-26 14:43:52 -04:00
|
|
|
"The signer \"alice\" signed the last released version of signed-repo. "+
|
|
|
|
"Removing this signer will make signed-repo unpullable. "+
|
2018-03-05 18:53:52 -05:00
|
|
|
"Are you sure you want to continue? [y/N]"))
|
2017-09-26 14:43:52 -04:00
|
|
|
}
|
|
|
|
|
|
|
|
func TestIsLastSignerForReleases(t *testing.T) {
|
|
|
|
role := data.Role{}
|
|
|
|
releaserole := client.RoleWithSignatures{}
|
|
|
|
releaserole.Name = releasesRoleTUFName
|
|
|
|
releaserole.Threshold = 1
|
|
|
|
allrole := []client.RoleWithSignatures{releaserole}
|
|
|
|
lastsigner, _ := isLastSignerForReleases(role, allrole)
|
2018-03-05 18:53:52 -05:00
|
|
|
assert.Check(t, is.Equal(false, lastsigner))
|
2017-09-26 14:43:52 -04:00
|
|
|
|
|
|
|
role.KeyIDs = []string{"deadbeef"}
|
|
|
|
sig := data.Signature{}
|
|
|
|
sig.KeyID = "deadbeef"
|
|
|
|
releaserole.Signatures = []data.Signature{sig}
|
|
|
|
releaserole.Threshold = 1
|
|
|
|
allrole = []client.RoleWithSignatures{releaserole}
|
|
|
|
lastsigner, _ = isLastSignerForReleases(role, allrole)
|
2018-03-05 18:53:52 -05:00
|
|
|
assert.Check(t, is.Equal(true, lastsigner))
|
2017-09-26 14:43:52 -04:00
|
|
|
|
|
|
|
sig.KeyID = "8badf00d"
|
|
|
|
releaserole.Signatures = []data.Signature{sig}
|
|
|
|
releaserole.Threshold = 1
|
|
|
|
allrole = []client.RoleWithSignatures{releaserole}
|
|
|
|
lastsigner, _ = isLastSignerForReleases(role, allrole)
|
2018-03-05 18:53:52 -05:00
|
|
|
assert.Check(t, is.Equal(false, lastsigner))
|
2017-09-26 14:43:52 -04:00
|
|
|
}
|