diff --git a/e2e/container/run_test.go b/e2e/container/run_test.go index fa5f28b4fa..d0902b152a 100644 --- a/e2e/container/run_test.go +++ b/e2e/container/run_test.go @@ -4,6 +4,7 @@ import ( "fmt" "testing" + "github.com/docker/cli/e2e/internal/fixtures" shlex "github.com/flynn-archive/go-shlex" "github.com/gotestyourself/gotestyourself/golden" "github.com/gotestyourself/gotestyourself/icmd" @@ -11,8 +12,6 @@ import ( "github.com/stretchr/testify/require" ) -const alpineImage = "registry:5000/alpine:3.6" - func TestRunAttachedFromRemoteImageAndRemove(t *testing.T) { image := createRemoteImage(t) @@ -27,8 +26,8 @@ func TestRunAttachedFromRemoteImageAndRemove(t *testing.T) { // TODO: create this with registry API instead of engine API func createRemoteImage(t *testing.T) string { image := "registry:5000/alpine:test-run-pulls" - icmd.RunCommand("docker", "pull", alpineImage).Assert(t, icmd.Success) - icmd.RunCommand("docker", "tag", alpineImage, image).Assert(t, icmd.Success) + icmd.RunCommand("docker", "pull", fixtures.AlpineImage).Assert(t, icmd.Success) + icmd.RunCommand("docker", "tag", fixtures.AlpineImage, image).Assert(t, icmd.Success) icmd.RunCommand("docker", "push", image).Assert(t, icmd.Success) icmd.RunCommand("docker", "rmi", image).Assert(t, icmd.Success) return image diff --git a/e2e/image/pull_test.go b/e2e/image/pull_test.go index f63631898c..6316a939e5 100644 --- a/e2e/image/pull_test.go +++ b/e2e/image/pull_test.go @@ -2,23 +2,19 @@ package image import ( "fmt" - "os" "testing" + "github.com/docker/cli/e2e/internal/fixtures" "github.com/gotestyourself/gotestyourself/golden" "github.com/gotestyourself/gotestyourself/icmd" ) -const notaryURL = "https://notary-server:4443" const registryPrefix = "registry:5000" -const alpineImage = "registry:5000/alpine:3.6" -const busyboxImage = "registry:5000/busybox:1.27.2" - func TestPullWithContentTrust(t *testing.T) { image := createMaskedTrustedRemoteImage(t, "trust", "latest") - result := icmd.RunCmd(icmd.Command("docker", "pull", image), withTrustNoPassphrase) + result := icmd.RunCmd(icmd.Command("docker", "pull", image), fixtures.WithTrust, fixtures.WithNotary) result.Assert(t, icmd.Success) golden.Assert(t, result.Stderr(), "pull-with-content-trust-err.golden") golden.Assert(t, result.Stdout(), "pull-with-content-trust.golden") @@ -34,39 +30,19 @@ func createMaskedTrustedRemoteImage(t *testing.T, repo, tag string) string { func createTrustedRemoteImage(t *testing.T, repo, tag string) string { image := fmt.Sprintf("%s/%s:%s", registryPrefix, repo, tag) - icmd.RunCommand("docker", "pull", alpineImage).Assert(t, icmd.Success) - icmd.RunCommand("docker", "tag", alpineImage, image).Assert(t, icmd.Success) + icmd.RunCommand("docker", "pull", fixtures.AlpineImage).Assert(t, icmd.Success) + icmd.RunCommand("docker", "tag", fixtures.AlpineImage, image).Assert(t, icmd.Success) result := icmd.RunCmd( icmd.Command("docker", "push", image), - withTrustAndPassphrase("root_password", "repo_password")) + fixtures.WithPassphrase("root_password", "repo_password"), fixtures.WithTrust, fixtures.WithNotary) result.Assert(t, icmd.Success) icmd.RunCommand("docker", "rmi", image).Assert(t, icmd.Success) return image } func createNamedUnsignedImageFromBusyBox(t *testing.T, image string) { - icmd.RunCommand("docker", "pull", busyboxImage).Assert(t, icmd.Success) - icmd.RunCommand("docker", "tag", busyboxImage, image).Assert(t, icmd.Success) + icmd.RunCommand("docker", "pull", fixtures.BusyboxImage).Assert(t, icmd.Success) + icmd.RunCommand("docker", "tag", fixtures.BusyboxImage, image).Assert(t, icmd.Success) icmd.RunCommand("docker", "push", image).Assert(t, icmd.Success) icmd.RunCommand("docker", "rmi", image).Assert(t, icmd.Success) } - -func withTrustAndPassphrase(rootPwd, repositoryPwd string) func(cmd *icmd.Cmd) { - return func(cmd *icmd.Cmd) { - env := append(os.Environ(), - "DOCKER_CONTENT_TRUST=1", - "DOCKER_CONTENT_TRUST_SERVER="+notaryURL, - "DOCKER_CONTENT_TRUST_ROOT_PASSPHRASE="+rootPwd, - "DOCKER_CONTENT_TRUST_REPOSITORY_PASSPHRASE="+repositoryPwd, - ) - cmd.Env = append(cmd.Env, env...) - } -} - -func withTrustNoPassphrase(cmd *icmd.Cmd) { - env := append(os.Environ(), - "DOCKER_CONTENT_TRUST=1", - "DOCKER_CONTENT_TRUST_SERVER="+notaryURL, - ) - cmd.Env = append(cmd.Env, env...) -} diff --git a/e2e/internal/fixtures/fixtures.go b/e2e/internal/fixtures/fixtures.go new file mode 100644 index 0000000000..e9a56da823 --- /dev/null +++ b/e2e/internal/fixtures/fixtures.go @@ -0,0 +1,76 @@ +package fixtures + +import ( + "os" + "testing" + + "github.com/gotestyourself/gotestyourself/fs" + "github.com/gotestyourself/gotestyourself/icmd" +) + +const ( + //NotaryURL is the location of the notary server + NotaryURL = "https://notary-server:4443" + //AlpineImage is an image in the test registry + AlpineImage = "registry:5000/alpine:3.6" + //AlpineSha is the sha of the alpine image + AlpineSha = "641b95ddb2ea9dc2af1a0113b6b348ebc20872ba615204fbe12148e98fd6f23d" + //BusyboxImage is an image in the test registry + BusyboxImage = "registry:5000/busybox:1.27.2" + //BusyboxSha is the sha of the busybox image + BusyboxSha = "030fcb92e1487b18c974784dcc110a93147c9fc402188370fbfd17efabffc6af" +) + +//SetupConfigFile creates a config.json file for testing +func SetupConfigFile(t *testing.T) fs.Dir { + dir := fs.NewDir(t, "trust_test", fs.WithMode(0700), fs.WithFile("config.json", ` + { + "auths": { + "registry:5000": { + "auth": "ZWlhaXM6cGFzc3dvcmQK" + }, + "https://notary-server:4443": { + "auth": "ZWlhaXM6cGFzc3dvcmQK" + } + } + } + `)) + return *dir +} + +//WithConfig sets an environment variable for the docker config location +func WithConfig(dir string) func(cmd *icmd.Cmd) { + return func(cmd *icmd.Cmd) { + env := append(os.Environ(), + "DOCKER_CONFIG="+dir, + ) + cmd.Env = append(cmd.Env, env...) + } +} + +//WithPassphrase sets environment variables for passphrases +func WithPassphrase(rootPwd, repositoryPwd string) func(cmd *icmd.Cmd) { + return func(cmd *icmd.Cmd) { + env := append(os.Environ(), + "DOCKER_CONTENT_TRUST_ROOT_PASSPHRASE="+rootPwd, + "DOCKER_CONTENT_TRUST_REPOSITORY_PASSPHRASE="+repositoryPwd, + ) + cmd.Env = append(cmd.Env, env...) + } +} + +//WithTrust sets DOCKER_CONTENT_TRUST to 1 +func WithTrust(cmd *icmd.Cmd) { + env := append(os.Environ(), + "DOCKER_CONTENT_TRUST=1", + ) + cmd.Env = append(cmd.Env, env...) +} + +//WithNotary sets the location of the notary server +func WithNotary(cmd *icmd.Cmd) { + env := append(os.Environ(), + "DOCKER_CONTENT_TRUST_SERVER="+NotaryURL, + ) + cmd.Env = append(cmd.Env, env...) +} diff --git a/e2e/trust/revoke_test.go b/e2e/trust/revoke_test.go new file mode 100644 index 0000000000..e576bbc08f --- /dev/null +++ b/e2e/trust/revoke_test.go @@ -0,0 +1,64 @@ +package trust + +import ( + "fmt" + "testing" + + "github.com/docker/cli/e2e/internal/fixtures" + "github.com/gotestyourself/gotestyourself/fs" + "github.com/gotestyourself/gotestyourself/icmd" + "github.com/stretchr/testify/assert" +) + +const ( + revokeImage = "registry:5000/revoke:v1" + revokeRepo = "registry:5000/revokerepo" +) + +func TestRevokeImage(t *testing.T) { + dir := fixtures.SetupConfigFile(t) + defer dir.Remove() + setupTrustedImagesForRevoke(t, dir) + result := icmd.RunCmd( + icmd.Command("docker", "trust", "revoke", revokeImage), + fixtures.WithPassphrase("root_password", "repo_password"), + fixtures.WithNotary, fixtures.WithConfig(dir.Path())) + result.Assert(t, icmd.Success) + assert.Contains(t, result.Stdout(), "Successfully deleted signature for registry:5000/revoke:v1") +} + +func TestRevokeRepo(t *testing.T) { + dir := fixtures.SetupConfigFile(t) + defer dir.Remove() + setupTrustedImagesForRevokeRepo(t, dir) + result := icmd.RunCmd( + icmd.Command("docker", "trust", "revoke", revokeRepo, "-y"), + fixtures.WithPassphrase("root_password", "repo_password"), + fixtures.WithNotary, fixtures.WithConfig(dir.Path())) + result.Assert(t, icmd.Success) + assert.Contains(t, result.Stdout(), "Successfully deleted signature for registry:5000/revoke") +} + +func setupTrustedImagesForRevoke(t *testing.T, dir fs.Dir) { + icmd.RunCmd(icmd.Command("docker", "pull", fixtures.AlpineImage)).Assert(t, icmd.Success) + icmd.RunCommand("docker", "tag", fixtures.AlpineImage, revokeImage).Assert(t, icmd.Success) + icmd.RunCmd( + icmd.Command("docker", "-D", "trust", "sign", revokeImage), + fixtures.WithPassphrase("root_password", "repo_password"), + fixtures.WithConfig(dir.Path()), fixtures.WithNotary).Assert(t, icmd.Success) +} + +func setupTrustedImagesForRevokeRepo(t *testing.T, dir fs.Dir) { + icmd.RunCmd(icmd.Command("docker", "pull", fixtures.AlpineImage)).Assert(t, icmd.Success) + icmd.RunCommand("docker", "tag", fixtures.AlpineImage, fmt.Sprintf("%s:v1", revokeRepo)).Assert(t, icmd.Success) + icmd.RunCmd( + icmd.Command("docker", "-D", "trust", "sign", fmt.Sprintf("%s:v1", revokeRepo)), + fixtures.WithPassphrase("root_password", "repo_password"), + fixtures.WithConfig(dir.Path()), fixtures.WithNotary).Assert(t, icmd.Success) + icmd.RunCmd(icmd.Command("docker", "pull", fixtures.BusyboxImage)).Assert(t, icmd.Success) + icmd.RunCommand("docker", "tag", fixtures.BusyboxImage, fmt.Sprintf("%s:v2", revokeRepo)).Assert(t, icmd.Success) + icmd.RunCmd( + icmd.Command("docker", "-D", "trust", "sign", fmt.Sprintf("%s:v2", revokeRepo)), + fixtures.WithPassphrase("root_password", "repo_password"), + fixtures.WithConfig(dir.Path()), fixtures.WithNotary).Assert(t, icmd.Success) +} diff --git a/e2e/trust/sign_test.go b/e2e/trust/sign_test.go index 06910147b3..37d9817917 100644 --- a/e2e/trust/sign_test.go +++ b/e2e/trust/sign_test.go @@ -2,83 +2,54 @@ package trust import ( "fmt" - "os" "testing" + "github.com/docker/cli/e2e/internal/fixtures" "github.com/gotestyourself/gotestyourself/fs" "github.com/gotestyourself/gotestyourself/icmd" "github.com/stretchr/testify/assert" ) const ( - notaryURL = "https://notary-server:4443" - alpineImage = "registry:5000/alpine:3.6" - alpineSha = "641b95ddb2ea9dc2af1a0113b6b348ebc20872ba615204fbe12148e98fd6f23d" - busyboxImage = "registry:5000/busybox:1.27.2" - busyboxSha = "030fcb92e1487b18c974784dcc110a93147c9fc402188370fbfd17efabffc6af" - localImage = "registry:5000/signlocal:v1" - signImage = "registry:5000/sign:v1" + localImage = "registry:5000/signlocal:v1" + signImage = "registry:5000/sign:v1" ) func TestSignLocalImage(t *testing.T) { - dir := setupConfigFile(t) + dir := fixtures.SetupConfigFile(t) defer dir.Remove() - icmd.RunCmd(icmd.Command("docker", "pull", alpineImage)).Assert(t, icmd.Success) - icmd.RunCommand("docker", "tag", alpineImage, signImage).Assert(t, icmd.Success) + icmd.RunCmd(icmd.Command("docker", "pull", fixtures.AlpineImage)).Assert(t, icmd.Success) + icmd.RunCommand("docker", "tag", fixtures.AlpineImage, signImage).Assert(t, icmd.Success) result := icmd.RunCmd( icmd.Command("docker", "trust", "sign", signImage), - withTrustAndPassphrase("root_password", "repo_password", dir)) + fixtures.WithPassphrase("root_password", "repo_password"), + fixtures.WithConfig(dir.Path()), fixtures.WithNotary) result.Assert(t, icmd.Success) - assert.Contains(t, result.Stdout(), fmt.Sprintf("v1: digest: sha256:%s", alpineSha)) + assert.Contains(t, result.Stdout(), fmt.Sprintf("v1: digest: sha256:%s", fixtures.AlpineSha)) } func TestSignWithLocalFlag(t *testing.T) { - dir := setupConfigFile(t) + dir := fixtures.SetupConfigFile(t) defer dir.Remove() setupTrustedImageForOverwrite(t, dir) result := icmd.RunCmd( icmd.Command("docker", "trust", "sign", "--local", localImage), - withTrustAndPassphrase("root_password", "repo_password", dir)) + fixtures.WithPassphrase("root_password", "repo_password"), + fixtures.WithConfig(dir.Path()), fixtures.WithNotary) result.Assert(t, icmd.Success) - assert.Contains(t, result.Stdout(), fmt.Sprintf("v1: digest: sha256:%s", busyboxSha)) -} - -func withTrustAndPassphrase(rootPwd, repositoryPwd string, dir fs.Dir) func(cmd *icmd.Cmd) { - return func(cmd *icmd.Cmd) { - env := append(os.Environ(), - "DOCKER_CONTENT_TRUST_SERVER="+notaryURL, - "DOCKER_CONTENT_TRUST_ROOT_PASSPHRASE="+rootPwd, - "DOCKER_CONTENT_TRUST_REPOSITORY_PASSPHRASE="+repositoryPwd, - "DOCKER_CONFIG="+dir.Path(), - ) - cmd.Env = append(cmd.Env, env...) - } -} - -func setupConfigFile(t *testing.T) fs.Dir { - dir := fs.NewDir(t, "trust_test", fs.WithMode(0700), fs.WithFile("config.json", ` - { - "auths": { - "registry:5000": { - "auth": "ZWlhaXM6cGFzc3dvcmQK" - }, - "https://notary-server:4443": { - "auth": "ZWlhaXM6cGFzc3dvcmQK" - } - } - } - `)) - return *dir + assert.Contains(t, result.Stdout(), fmt.Sprintf("v1: digest: sha256:%s", fixtures.BusyboxSha)) } func setupTrustedImageForOverwrite(t *testing.T, dir fs.Dir) { - icmd.RunCmd(icmd.Command("docker", "pull", alpineImage)).Assert(t, icmd.Success) - icmd.RunCommand("docker", "tag", alpineImage, localImage).Assert(t, icmd.Success) + icmd.RunCmd(icmd.Command("docker", "pull", fixtures.AlpineImage)).Assert(t, icmd.Success) + icmd.RunCommand("docker", "tag", fixtures.AlpineImage, localImage).Assert(t, icmd.Success) result := icmd.RunCmd( icmd.Command("docker", "-D", "trust", "sign", localImage), - withTrustAndPassphrase("root_password", "repo_password", dir)) + fixtures.WithPassphrase("root_password", "repo_password"), + fixtures.WithConfig(dir.Path()), fixtures.WithNotary) result.Assert(t, icmd.Success) - assert.Contains(t, result.Stdout(), fmt.Sprintf("v1: digest: sha256:%s", alpineSha)) - icmd.RunCommand("docker", "tag", busyboxImage, localImage).Assert(t, icmd.Success) + assert.Contains(t, result.Stdout(), fmt.Sprintf("v1: digest: sha256:%s", fixtures.AlpineSha)) + icmd.RunCmd(icmd.Command("docker", "pull", fixtures.BusyboxImage)).Assert(t, icmd.Success) + icmd.RunCommand("docker", "tag", fixtures.BusyboxImage, localImage).Assert(t, icmd.Success) }