mirror of https://github.com/docker/cli.git
Merge pull request #693 from eiais/e2e
Add e2e testing for Trust revoke
This commit is contained in:
commit
9022ea549d
|
@ -4,6 +4,7 @@ import (
|
|||
"fmt"
|
||||
"testing"
|
||||
|
||||
"github.com/docker/cli/e2e/internal/fixtures"
|
||||
shlex "github.com/flynn-archive/go-shlex"
|
||||
"github.com/gotestyourself/gotestyourself/golden"
|
||||
"github.com/gotestyourself/gotestyourself/icmd"
|
||||
|
@ -11,8 +12,6 @@ import (
|
|||
"github.com/stretchr/testify/require"
|
||||
)
|
||||
|
||||
const alpineImage = "registry:5000/alpine:3.6"
|
||||
|
||||
func TestRunAttachedFromRemoteImageAndRemove(t *testing.T) {
|
||||
image := createRemoteImage(t)
|
||||
|
||||
|
@ -27,8 +26,8 @@ func TestRunAttachedFromRemoteImageAndRemove(t *testing.T) {
|
|||
// TODO: create this with registry API instead of engine API
|
||||
func createRemoteImage(t *testing.T) string {
|
||||
image := "registry:5000/alpine:test-run-pulls"
|
||||
icmd.RunCommand("docker", "pull", alpineImage).Assert(t, icmd.Success)
|
||||
icmd.RunCommand("docker", "tag", alpineImage, image).Assert(t, icmd.Success)
|
||||
icmd.RunCommand("docker", "pull", fixtures.AlpineImage).Assert(t, icmd.Success)
|
||||
icmd.RunCommand("docker", "tag", fixtures.AlpineImage, image).Assert(t, icmd.Success)
|
||||
icmd.RunCommand("docker", "push", image).Assert(t, icmd.Success)
|
||||
icmd.RunCommand("docker", "rmi", image).Assert(t, icmd.Success)
|
||||
return image
|
||||
|
|
|
@ -2,23 +2,19 @@ package image
|
|||
|
||||
import (
|
||||
"fmt"
|
||||
"os"
|
||||
"testing"
|
||||
|
||||
"github.com/docker/cli/e2e/internal/fixtures"
|
||||
"github.com/gotestyourself/gotestyourself/golden"
|
||||
"github.com/gotestyourself/gotestyourself/icmd"
|
||||
)
|
||||
|
||||
const notaryURL = "https://notary-server:4443"
|
||||
const registryPrefix = "registry:5000"
|
||||
|
||||
const alpineImage = "registry:5000/alpine:3.6"
|
||||
const busyboxImage = "registry:5000/busybox:1.27.2"
|
||||
|
||||
func TestPullWithContentTrust(t *testing.T) {
|
||||
image := createMaskedTrustedRemoteImage(t, "trust", "latest")
|
||||
|
||||
result := icmd.RunCmd(icmd.Command("docker", "pull", image), withTrustNoPassphrase)
|
||||
result := icmd.RunCmd(icmd.Command("docker", "pull", image), fixtures.WithTrust, fixtures.WithNotary)
|
||||
result.Assert(t, icmd.Success)
|
||||
golden.Assert(t, result.Stderr(), "pull-with-content-trust-err.golden")
|
||||
golden.Assert(t, result.Stdout(), "pull-with-content-trust.golden")
|
||||
|
@ -34,39 +30,19 @@ func createMaskedTrustedRemoteImage(t *testing.T, repo, tag string) string {
|
|||
|
||||
func createTrustedRemoteImage(t *testing.T, repo, tag string) string {
|
||||
image := fmt.Sprintf("%s/%s:%s", registryPrefix, repo, tag)
|
||||
icmd.RunCommand("docker", "pull", alpineImage).Assert(t, icmd.Success)
|
||||
icmd.RunCommand("docker", "tag", alpineImage, image).Assert(t, icmd.Success)
|
||||
icmd.RunCommand("docker", "pull", fixtures.AlpineImage).Assert(t, icmd.Success)
|
||||
icmd.RunCommand("docker", "tag", fixtures.AlpineImage, image).Assert(t, icmd.Success)
|
||||
result := icmd.RunCmd(
|
||||
icmd.Command("docker", "push", image),
|
||||
withTrustAndPassphrase("root_password", "repo_password"))
|
||||
fixtures.WithPassphrase("root_password", "repo_password"), fixtures.WithTrust, fixtures.WithNotary)
|
||||
result.Assert(t, icmd.Success)
|
||||
icmd.RunCommand("docker", "rmi", image).Assert(t, icmd.Success)
|
||||
return image
|
||||
}
|
||||
|
||||
func createNamedUnsignedImageFromBusyBox(t *testing.T, image string) {
|
||||
icmd.RunCommand("docker", "pull", busyboxImage).Assert(t, icmd.Success)
|
||||
icmd.RunCommand("docker", "tag", busyboxImage, image).Assert(t, icmd.Success)
|
||||
icmd.RunCommand("docker", "pull", fixtures.BusyboxImage).Assert(t, icmd.Success)
|
||||
icmd.RunCommand("docker", "tag", fixtures.BusyboxImage, image).Assert(t, icmd.Success)
|
||||
icmd.RunCommand("docker", "push", image).Assert(t, icmd.Success)
|
||||
icmd.RunCommand("docker", "rmi", image).Assert(t, icmd.Success)
|
||||
}
|
||||
|
||||
func withTrustAndPassphrase(rootPwd, repositoryPwd string) func(cmd *icmd.Cmd) {
|
||||
return func(cmd *icmd.Cmd) {
|
||||
env := append(os.Environ(),
|
||||
"DOCKER_CONTENT_TRUST=1",
|
||||
"DOCKER_CONTENT_TRUST_SERVER="+notaryURL,
|
||||
"DOCKER_CONTENT_TRUST_ROOT_PASSPHRASE="+rootPwd,
|
||||
"DOCKER_CONTENT_TRUST_REPOSITORY_PASSPHRASE="+repositoryPwd,
|
||||
)
|
||||
cmd.Env = append(cmd.Env, env...)
|
||||
}
|
||||
}
|
||||
|
||||
func withTrustNoPassphrase(cmd *icmd.Cmd) {
|
||||
env := append(os.Environ(),
|
||||
"DOCKER_CONTENT_TRUST=1",
|
||||
"DOCKER_CONTENT_TRUST_SERVER="+notaryURL,
|
||||
)
|
||||
cmd.Env = append(cmd.Env, env...)
|
||||
}
|
||||
|
|
|
@ -0,0 +1,76 @@
|
|||
package fixtures
|
||||
|
||||
import (
|
||||
"os"
|
||||
"testing"
|
||||
|
||||
"github.com/gotestyourself/gotestyourself/fs"
|
||||
"github.com/gotestyourself/gotestyourself/icmd"
|
||||
)
|
||||
|
||||
const (
|
||||
//NotaryURL is the location of the notary server
|
||||
NotaryURL = "https://notary-server:4443"
|
||||
//AlpineImage is an image in the test registry
|
||||
AlpineImage = "registry:5000/alpine:3.6"
|
||||
//AlpineSha is the sha of the alpine image
|
||||
AlpineSha = "641b95ddb2ea9dc2af1a0113b6b348ebc20872ba615204fbe12148e98fd6f23d"
|
||||
//BusyboxImage is an image in the test registry
|
||||
BusyboxImage = "registry:5000/busybox:1.27.2"
|
||||
//BusyboxSha is the sha of the busybox image
|
||||
BusyboxSha = "030fcb92e1487b18c974784dcc110a93147c9fc402188370fbfd17efabffc6af"
|
||||
)
|
||||
|
||||
//SetupConfigFile creates a config.json file for testing
|
||||
func SetupConfigFile(t *testing.T) fs.Dir {
|
||||
dir := fs.NewDir(t, "trust_test", fs.WithMode(0700), fs.WithFile("config.json", `
|
||||
{
|
||||
"auths": {
|
||||
"registry:5000": {
|
||||
"auth": "ZWlhaXM6cGFzc3dvcmQK"
|
||||
},
|
||||
"https://notary-server:4443": {
|
||||
"auth": "ZWlhaXM6cGFzc3dvcmQK"
|
||||
}
|
||||
}
|
||||
}
|
||||
`))
|
||||
return *dir
|
||||
}
|
||||
|
||||
//WithConfig sets an environment variable for the docker config location
|
||||
func WithConfig(dir string) func(cmd *icmd.Cmd) {
|
||||
return func(cmd *icmd.Cmd) {
|
||||
env := append(os.Environ(),
|
||||
"DOCKER_CONFIG="+dir,
|
||||
)
|
||||
cmd.Env = append(cmd.Env, env...)
|
||||
}
|
||||
}
|
||||
|
||||
//WithPassphrase sets environment variables for passphrases
|
||||
func WithPassphrase(rootPwd, repositoryPwd string) func(cmd *icmd.Cmd) {
|
||||
return func(cmd *icmd.Cmd) {
|
||||
env := append(os.Environ(),
|
||||
"DOCKER_CONTENT_TRUST_ROOT_PASSPHRASE="+rootPwd,
|
||||
"DOCKER_CONTENT_TRUST_REPOSITORY_PASSPHRASE="+repositoryPwd,
|
||||
)
|
||||
cmd.Env = append(cmd.Env, env...)
|
||||
}
|
||||
}
|
||||
|
||||
//WithTrust sets DOCKER_CONTENT_TRUST to 1
|
||||
func WithTrust(cmd *icmd.Cmd) {
|
||||
env := append(os.Environ(),
|
||||
"DOCKER_CONTENT_TRUST=1",
|
||||
)
|
||||
cmd.Env = append(cmd.Env, env...)
|
||||
}
|
||||
|
||||
//WithNotary sets the location of the notary server
|
||||
func WithNotary(cmd *icmd.Cmd) {
|
||||
env := append(os.Environ(),
|
||||
"DOCKER_CONTENT_TRUST_SERVER="+NotaryURL,
|
||||
)
|
||||
cmd.Env = append(cmd.Env, env...)
|
||||
}
|
|
@ -0,0 +1,64 @@
|
|||
package trust
|
||||
|
||||
import (
|
||||
"fmt"
|
||||
"testing"
|
||||
|
||||
"github.com/docker/cli/e2e/internal/fixtures"
|
||||
"github.com/gotestyourself/gotestyourself/fs"
|
||||
"github.com/gotestyourself/gotestyourself/icmd"
|
||||
"github.com/stretchr/testify/assert"
|
||||
)
|
||||
|
||||
const (
|
||||
revokeImage = "registry:5000/revoke:v1"
|
||||
revokeRepo = "registry:5000/revokerepo"
|
||||
)
|
||||
|
||||
func TestRevokeImage(t *testing.T) {
|
||||
dir := fixtures.SetupConfigFile(t)
|
||||
defer dir.Remove()
|
||||
setupTrustedImagesForRevoke(t, dir)
|
||||
result := icmd.RunCmd(
|
||||
icmd.Command("docker", "trust", "revoke", revokeImage),
|
||||
fixtures.WithPassphrase("root_password", "repo_password"),
|
||||
fixtures.WithNotary, fixtures.WithConfig(dir.Path()))
|
||||
result.Assert(t, icmd.Success)
|
||||
assert.Contains(t, result.Stdout(), "Successfully deleted signature for registry:5000/revoke:v1")
|
||||
}
|
||||
|
||||
func TestRevokeRepo(t *testing.T) {
|
||||
dir := fixtures.SetupConfigFile(t)
|
||||
defer dir.Remove()
|
||||
setupTrustedImagesForRevokeRepo(t, dir)
|
||||
result := icmd.RunCmd(
|
||||
icmd.Command("docker", "trust", "revoke", revokeRepo, "-y"),
|
||||
fixtures.WithPassphrase("root_password", "repo_password"),
|
||||
fixtures.WithNotary, fixtures.WithConfig(dir.Path()))
|
||||
result.Assert(t, icmd.Success)
|
||||
assert.Contains(t, result.Stdout(), "Successfully deleted signature for registry:5000/revoke")
|
||||
}
|
||||
|
||||
func setupTrustedImagesForRevoke(t *testing.T, dir fs.Dir) {
|
||||
icmd.RunCmd(icmd.Command("docker", "pull", fixtures.AlpineImage)).Assert(t, icmd.Success)
|
||||
icmd.RunCommand("docker", "tag", fixtures.AlpineImage, revokeImage).Assert(t, icmd.Success)
|
||||
icmd.RunCmd(
|
||||
icmd.Command("docker", "-D", "trust", "sign", revokeImage),
|
||||
fixtures.WithPassphrase("root_password", "repo_password"),
|
||||
fixtures.WithConfig(dir.Path()), fixtures.WithNotary).Assert(t, icmd.Success)
|
||||
}
|
||||
|
||||
func setupTrustedImagesForRevokeRepo(t *testing.T, dir fs.Dir) {
|
||||
icmd.RunCmd(icmd.Command("docker", "pull", fixtures.AlpineImage)).Assert(t, icmd.Success)
|
||||
icmd.RunCommand("docker", "tag", fixtures.AlpineImage, fmt.Sprintf("%s:v1", revokeRepo)).Assert(t, icmd.Success)
|
||||
icmd.RunCmd(
|
||||
icmd.Command("docker", "-D", "trust", "sign", fmt.Sprintf("%s:v1", revokeRepo)),
|
||||
fixtures.WithPassphrase("root_password", "repo_password"),
|
||||
fixtures.WithConfig(dir.Path()), fixtures.WithNotary).Assert(t, icmd.Success)
|
||||
icmd.RunCmd(icmd.Command("docker", "pull", fixtures.BusyboxImage)).Assert(t, icmd.Success)
|
||||
icmd.RunCommand("docker", "tag", fixtures.BusyboxImage, fmt.Sprintf("%s:v2", revokeRepo)).Assert(t, icmd.Success)
|
||||
icmd.RunCmd(
|
||||
icmd.Command("docker", "-D", "trust", "sign", fmt.Sprintf("%s:v2", revokeRepo)),
|
||||
fixtures.WithPassphrase("root_password", "repo_password"),
|
||||
fixtures.WithConfig(dir.Path()), fixtures.WithNotary).Assert(t, icmd.Success)
|
||||
}
|
|
@ -2,83 +2,54 @@ package trust
|
|||
|
||||
import (
|
||||
"fmt"
|
||||
"os"
|
||||
"testing"
|
||||
|
||||
"github.com/docker/cli/e2e/internal/fixtures"
|
||||
"github.com/gotestyourself/gotestyourself/fs"
|
||||
"github.com/gotestyourself/gotestyourself/icmd"
|
||||
"github.com/stretchr/testify/assert"
|
||||
)
|
||||
|
||||
const (
|
||||
notaryURL = "https://notary-server:4443"
|
||||
alpineImage = "registry:5000/alpine:3.6"
|
||||
alpineSha = "641b95ddb2ea9dc2af1a0113b6b348ebc20872ba615204fbe12148e98fd6f23d"
|
||||
busyboxImage = "registry:5000/busybox:1.27.2"
|
||||
busyboxSha = "030fcb92e1487b18c974784dcc110a93147c9fc402188370fbfd17efabffc6af"
|
||||
localImage = "registry:5000/signlocal:v1"
|
||||
signImage = "registry:5000/sign:v1"
|
||||
localImage = "registry:5000/signlocal:v1"
|
||||
signImage = "registry:5000/sign:v1"
|
||||
)
|
||||
|
||||
func TestSignLocalImage(t *testing.T) {
|
||||
dir := setupConfigFile(t)
|
||||
dir := fixtures.SetupConfigFile(t)
|
||||
defer dir.Remove()
|
||||
icmd.RunCmd(icmd.Command("docker", "pull", alpineImage)).Assert(t, icmd.Success)
|
||||
icmd.RunCommand("docker", "tag", alpineImage, signImage).Assert(t, icmd.Success)
|
||||
icmd.RunCmd(icmd.Command("docker", "pull", fixtures.AlpineImage)).Assert(t, icmd.Success)
|
||||
icmd.RunCommand("docker", "tag", fixtures.AlpineImage, signImage).Assert(t, icmd.Success)
|
||||
result := icmd.RunCmd(
|
||||
icmd.Command("docker", "trust", "sign", signImage),
|
||||
withTrustAndPassphrase("root_password", "repo_password", dir))
|
||||
fixtures.WithPassphrase("root_password", "repo_password"),
|
||||
fixtures.WithConfig(dir.Path()), fixtures.WithNotary)
|
||||
result.Assert(t, icmd.Success)
|
||||
assert.Contains(t, result.Stdout(), fmt.Sprintf("v1: digest: sha256:%s", alpineSha))
|
||||
assert.Contains(t, result.Stdout(), fmt.Sprintf("v1: digest: sha256:%s", fixtures.AlpineSha))
|
||||
|
||||
}
|
||||
|
||||
func TestSignWithLocalFlag(t *testing.T) {
|
||||
dir := setupConfigFile(t)
|
||||
dir := fixtures.SetupConfigFile(t)
|
||||
defer dir.Remove()
|
||||
setupTrustedImageForOverwrite(t, dir)
|
||||
result := icmd.RunCmd(
|
||||
icmd.Command("docker", "trust", "sign", "--local", localImage),
|
||||
withTrustAndPassphrase("root_password", "repo_password", dir))
|
||||
fixtures.WithPassphrase("root_password", "repo_password"),
|
||||
fixtures.WithConfig(dir.Path()), fixtures.WithNotary)
|
||||
result.Assert(t, icmd.Success)
|
||||
assert.Contains(t, result.Stdout(), fmt.Sprintf("v1: digest: sha256:%s", busyboxSha))
|
||||
}
|
||||
|
||||
func withTrustAndPassphrase(rootPwd, repositoryPwd string, dir fs.Dir) func(cmd *icmd.Cmd) {
|
||||
return func(cmd *icmd.Cmd) {
|
||||
env := append(os.Environ(),
|
||||
"DOCKER_CONTENT_TRUST_SERVER="+notaryURL,
|
||||
"DOCKER_CONTENT_TRUST_ROOT_PASSPHRASE="+rootPwd,
|
||||
"DOCKER_CONTENT_TRUST_REPOSITORY_PASSPHRASE="+repositoryPwd,
|
||||
"DOCKER_CONFIG="+dir.Path(),
|
||||
)
|
||||
cmd.Env = append(cmd.Env, env...)
|
||||
}
|
||||
}
|
||||
|
||||
func setupConfigFile(t *testing.T) fs.Dir {
|
||||
dir := fs.NewDir(t, "trust_test", fs.WithMode(0700), fs.WithFile("config.json", `
|
||||
{
|
||||
"auths": {
|
||||
"registry:5000": {
|
||||
"auth": "ZWlhaXM6cGFzc3dvcmQK"
|
||||
},
|
||||
"https://notary-server:4443": {
|
||||
"auth": "ZWlhaXM6cGFzc3dvcmQK"
|
||||
}
|
||||
}
|
||||
}
|
||||
`))
|
||||
return *dir
|
||||
assert.Contains(t, result.Stdout(), fmt.Sprintf("v1: digest: sha256:%s", fixtures.BusyboxSha))
|
||||
}
|
||||
|
||||
func setupTrustedImageForOverwrite(t *testing.T, dir fs.Dir) {
|
||||
icmd.RunCmd(icmd.Command("docker", "pull", alpineImage)).Assert(t, icmd.Success)
|
||||
icmd.RunCommand("docker", "tag", alpineImage, localImage).Assert(t, icmd.Success)
|
||||
icmd.RunCmd(icmd.Command("docker", "pull", fixtures.AlpineImage)).Assert(t, icmd.Success)
|
||||
icmd.RunCommand("docker", "tag", fixtures.AlpineImage, localImage).Assert(t, icmd.Success)
|
||||
result := icmd.RunCmd(
|
||||
icmd.Command("docker", "-D", "trust", "sign", localImage),
|
||||
withTrustAndPassphrase("root_password", "repo_password", dir))
|
||||
fixtures.WithPassphrase("root_password", "repo_password"),
|
||||
fixtures.WithConfig(dir.Path()), fixtures.WithNotary)
|
||||
result.Assert(t, icmd.Success)
|
||||
assert.Contains(t, result.Stdout(), fmt.Sprintf("v1: digest: sha256:%s", alpineSha))
|
||||
icmd.RunCommand("docker", "tag", busyboxImage, localImage).Assert(t, icmd.Success)
|
||||
assert.Contains(t, result.Stdout(), fmt.Sprintf("v1: digest: sha256:%s", fixtures.AlpineSha))
|
||||
icmd.RunCmd(icmd.Command("docker", "pull", fixtures.BusyboxImage)).Assert(t, icmd.Success)
|
||||
icmd.RunCommand("docker", "tag", fixtures.BusyboxImage, localImage).Assert(t, icmd.Success)
|
||||
}
|
||||
|
|
Loading…
Reference in New Issue