Merge pull request #693 from eiais/e2e

Add e2e testing for Trust revoke
This commit is contained in:
Sebastiaan van Stijn 2017-11-15 20:39:53 +01:00 committed by GitHub
commit 9022ea549d
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
5 changed files with 170 additions and 84 deletions

View File

@ -4,6 +4,7 @@ import (
"fmt" "fmt"
"testing" "testing"
"github.com/docker/cli/e2e/internal/fixtures"
shlex "github.com/flynn-archive/go-shlex" shlex "github.com/flynn-archive/go-shlex"
"github.com/gotestyourself/gotestyourself/golden" "github.com/gotestyourself/gotestyourself/golden"
"github.com/gotestyourself/gotestyourself/icmd" "github.com/gotestyourself/gotestyourself/icmd"
@ -11,8 +12,6 @@ import (
"github.com/stretchr/testify/require" "github.com/stretchr/testify/require"
) )
const alpineImage = "registry:5000/alpine:3.6"
func TestRunAttachedFromRemoteImageAndRemove(t *testing.T) { func TestRunAttachedFromRemoteImageAndRemove(t *testing.T) {
image := createRemoteImage(t) image := createRemoteImage(t)
@ -27,8 +26,8 @@ func TestRunAttachedFromRemoteImageAndRemove(t *testing.T) {
// TODO: create this with registry API instead of engine API // TODO: create this with registry API instead of engine API
func createRemoteImage(t *testing.T) string { func createRemoteImage(t *testing.T) string {
image := "registry:5000/alpine:test-run-pulls" image := "registry:5000/alpine:test-run-pulls"
icmd.RunCommand("docker", "pull", alpineImage).Assert(t, icmd.Success) icmd.RunCommand("docker", "pull", fixtures.AlpineImage).Assert(t, icmd.Success)
icmd.RunCommand("docker", "tag", alpineImage, image).Assert(t, icmd.Success) icmd.RunCommand("docker", "tag", fixtures.AlpineImage, image).Assert(t, icmd.Success)
icmd.RunCommand("docker", "push", image).Assert(t, icmd.Success) icmd.RunCommand("docker", "push", image).Assert(t, icmd.Success)
icmd.RunCommand("docker", "rmi", image).Assert(t, icmd.Success) icmd.RunCommand("docker", "rmi", image).Assert(t, icmd.Success)
return image return image

View File

@ -2,23 +2,19 @@ package image
import ( import (
"fmt" "fmt"
"os"
"testing" "testing"
"github.com/docker/cli/e2e/internal/fixtures"
"github.com/gotestyourself/gotestyourself/golden" "github.com/gotestyourself/gotestyourself/golden"
"github.com/gotestyourself/gotestyourself/icmd" "github.com/gotestyourself/gotestyourself/icmd"
) )
const notaryURL = "https://notary-server:4443"
const registryPrefix = "registry:5000" const registryPrefix = "registry:5000"
const alpineImage = "registry:5000/alpine:3.6"
const busyboxImage = "registry:5000/busybox:1.27.2"
func TestPullWithContentTrust(t *testing.T) { func TestPullWithContentTrust(t *testing.T) {
image := createMaskedTrustedRemoteImage(t, "trust", "latest") image := createMaskedTrustedRemoteImage(t, "trust", "latest")
result := icmd.RunCmd(icmd.Command("docker", "pull", image), withTrustNoPassphrase) result := icmd.RunCmd(icmd.Command("docker", "pull", image), fixtures.WithTrust, fixtures.WithNotary)
result.Assert(t, icmd.Success) result.Assert(t, icmd.Success)
golden.Assert(t, result.Stderr(), "pull-with-content-trust-err.golden") golden.Assert(t, result.Stderr(), "pull-with-content-trust-err.golden")
golden.Assert(t, result.Stdout(), "pull-with-content-trust.golden") golden.Assert(t, result.Stdout(), "pull-with-content-trust.golden")
@ -34,39 +30,19 @@ func createMaskedTrustedRemoteImage(t *testing.T, repo, tag string) string {
func createTrustedRemoteImage(t *testing.T, repo, tag string) string { func createTrustedRemoteImage(t *testing.T, repo, tag string) string {
image := fmt.Sprintf("%s/%s:%s", registryPrefix, repo, tag) image := fmt.Sprintf("%s/%s:%s", registryPrefix, repo, tag)
icmd.RunCommand("docker", "pull", alpineImage).Assert(t, icmd.Success) icmd.RunCommand("docker", "pull", fixtures.AlpineImage).Assert(t, icmd.Success)
icmd.RunCommand("docker", "tag", alpineImage, image).Assert(t, icmd.Success) icmd.RunCommand("docker", "tag", fixtures.AlpineImage, image).Assert(t, icmd.Success)
result := icmd.RunCmd( result := icmd.RunCmd(
icmd.Command("docker", "push", image), icmd.Command("docker", "push", image),
withTrustAndPassphrase("root_password", "repo_password")) fixtures.WithPassphrase("root_password", "repo_password"), fixtures.WithTrust, fixtures.WithNotary)
result.Assert(t, icmd.Success) result.Assert(t, icmd.Success)
icmd.RunCommand("docker", "rmi", image).Assert(t, icmd.Success) icmd.RunCommand("docker", "rmi", image).Assert(t, icmd.Success)
return image return image
} }
func createNamedUnsignedImageFromBusyBox(t *testing.T, image string) { func createNamedUnsignedImageFromBusyBox(t *testing.T, image string) {
icmd.RunCommand("docker", "pull", busyboxImage).Assert(t, icmd.Success) icmd.RunCommand("docker", "pull", fixtures.BusyboxImage).Assert(t, icmd.Success)
icmd.RunCommand("docker", "tag", busyboxImage, image).Assert(t, icmd.Success) icmd.RunCommand("docker", "tag", fixtures.BusyboxImage, image).Assert(t, icmd.Success)
icmd.RunCommand("docker", "push", image).Assert(t, icmd.Success) icmd.RunCommand("docker", "push", image).Assert(t, icmd.Success)
icmd.RunCommand("docker", "rmi", image).Assert(t, icmd.Success) icmd.RunCommand("docker", "rmi", image).Assert(t, icmd.Success)
} }
func withTrustAndPassphrase(rootPwd, repositoryPwd string) func(cmd *icmd.Cmd) {
return func(cmd *icmd.Cmd) {
env := append(os.Environ(),
"DOCKER_CONTENT_TRUST=1",
"DOCKER_CONTENT_TRUST_SERVER="+notaryURL,
"DOCKER_CONTENT_TRUST_ROOT_PASSPHRASE="+rootPwd,
"DOCKER_CONTENT_TRUST_REPOSITORY_PASSPHRASE="+repositoryPwd,
)
cmd.Env = append(cmd.Env, env...)
}
}
func withTrustNoPassphrase(cmd *icmd.Cmd) {
env := append(os.Environ(),
"DOCKER_CONTENT_TRUST=1",
"DOCKER_CONTENT_TRUST_SERVER="+notaryURL,
)
cmd.Env = append(cmd.Env, env...)
}

View File

@ -0,0 +1,76 @@
package fixtures
import (
"os"
"testing"
"github.com/gotestyourself/gotestyourself/fs"
"github.com/gotestyourself/gotestyourself/icmd"
)
const (
//NotaryURL is the location of the notary server
NotaryURL = "https://notary-server:4443"
//AlpineImage is an image in the test registry
AlpineImage = "registry:5000/alpine:3.6"
//AlpineSha is the sha of the alpine image
AlpineSha = "641b95ddb2ea9dc2af1a0113b6b348ebc20872ba615204fbe12148e98fd6f23d"
//BusyboxImage is an image in the test registry
BusyboxImage = "registry:5000/busybox:1.27.2"
//BusyboxSha is the sha of the busybox image
BusyboxSha = "030fcb92e1487b18c974784dcc110a93147c9fc402188370fbfd17efabffc6af"
)
//SetupConfigFile creates a config.json file for testing
func SetupConfigFile(t *testing.T) fs.Dir {
dir := fs.NewDir(t, "trust_test", fs.WithMode(0700), fs.WithFile("config.json", `
{
"auths": {
"registry:5000": {
"auth": "ZWlhaXM6cGFzc3dvcmQK"
},
"https://notary-server:4443": {
"auth": "ZWlhaXM6cGFzc3dvcmQK"
}
}
}
`))
return *dir
}
//WithConfig sets an environment variable for the docker config location
func WithConfig(dir string) func(cmd *icmd.Cmd) {
return func(cmd *icmd.Cmd) {
env := append(os.Environ(),
"DOCKER_CONFIG="+dir,
)
cmd.Env = append(cmd.Env, env...)
}
}
//WithPassphrase sets environment variables for passphrases
func WithPassphrase(rootPwd, repositoryPwd string) func(cmd *icmd.Cmd) {
return func(cmd *icmd.Cmd) {
env := append(os.Environ(),
"DOCKER_CONTENT_TRUST_ROOT_PASSPHRASE="+rootPwd,
"DOCKER_CONTENT_TRUST_REPOSITORY_PASSPHRASE="+repositoryPwd,
)
cmd.Env = append(cmd.Env, env...)
}
}
//WithTrust sets DOCKER_CONTENT_TRUST to 1
func WithTrust(cmd *icmd.Cmd) {
env := append(os.Environ(),
"DOCKER_CONTENT_TRUST=1",
)
cmd.Env = append(cmd.Env, env...)
}
//WithNotary sets the location of the notary server
func WithNotary(cmd *icmd.Cmd) {
env := append(os.Environ(),
"DOCKER_CONTENT_TRUST_SERVER="+NotaryURL,
)
cmd.Env = append(cmd.Env, env...)
}

64
e2e/trust/revoke_test.go Normal file
View File

@ -0,0 +1,64 @@
package trust
import (
"fmt"
"testing"
"github.com/docker/cli/e2e/internal/fixtures"
"github.com/gotestyourself/gotestyourself/fs"
"github.com/gotestyourself/gotestyourself/icmd"
"github.com/stretchr/testify/assert"
)
const (
revokeImage = "registry:5000/revoke:v1"
revokeRepo = "registry:5000/revokerepo"
)
func TestRevokeImage(t *testing.T) {
dir := fixtures.SetupConfigFile(t)
defer dir.Remove()
setupTrustedImagesForRevoke(t, dir)
result := icmd.RunCmd(
icmd.Command("docker", "trust", "revoke", revokeImage),
fixtures.WithPassphrase("root_password", "repo_password"),
fixtures.WithNotary, fixtures.WithConfig(dir.Path()))
result.Assert(t, icmd.Success)
assert.Contains(t, result.Stdout(), "Successfully deleted signature for registry:5000/revoke:v1")
}
func TestRevokeRepo(t *testing.T) {
dir := fixtures.SetupConfigFile(t)
defer dir.Remove()
setupTrustedImagesForRevokeRepo(t, dir)
result := icmd.RunCmd(
icmd.Command("docker", "trust", "revoke", revokeRepo, "-y"),
fixtures.WithPassphrase("root_password", "repo_password"),
fixtures.WithNotary, fixtures.WithConfig(dir.Path()))
result.Assert(t, icmd.Success)
assert.Contains(t, result.Stdout(), "Successfully deleted signature for registry:5000/revoke")
}
func setupTrustedImagesForRevoke(t *testing.T, dir fs.Dir) {
icmd.RunCmd(icmd.Command("docker", "pull", fixtures.AlpineImage)).Assert(t, icmd.Success)
icmd.RunCommand("docker", "tag", fixtures.AlpineImage, revokeImage).Assert(t, icmd.Success)
icmd.RunCmd(
icmd.Command("docker", "-D", "trust", "sign", revokeImage),
fixtures.WithPassphrase("root_password", "repo_password"),
fixtures.WithConfig(dir.Path()), fixtures.WithNotary).Assert(t, icmd.Success)
}
func setupTrustedImagesForRevokeRepo(t *testing.T, dir fs.Dir) {
icmd.RunCmd(icmd.Command("docker", "pull", fixtures.AlpineImage)).Assert(t, icmd.Success)
icmd.RunCommand("docker", "tag", fixtures.AlpineImage, fmt.Sprintf("%s:v1", revokeRepo)).Assert(t, icmd.Success)
icmd.RunCmd(
icmd.Command("docker", "-D", "trust", "sign", fmt.Sprintf("%s:v1", revokeRepo)),
fixtures.WithPassphrase("root_password", "repo_password"),
fixtures.WithConfig(dir.Path()), fixtures.WithNotary).Assert(t, icmd.Success)
icmd.RunCmd(icmd.Command("docker", "pull", fixtures.BusyboxImage)).Assert(t, icmd.Success)
icmd.RunCommand("docker", "tag", fixtures.BusyboxImage, fmt.Sprintf("%s:v2", revokeRepo)).Assert(t, icmd.Success)
icmd.RunCmd(
icmd.Command("docker", "-D", "trust", "sign", fmt.Sprintf("%s:v2", revokeRepo)),
fixtures.WithPassphrase("root_password", "repo_password"),
fixtures.WithConfig(dir.Path()), fixtures.WithNotary).Assert(t, icmd.Success)
}

View File

@ -2,83 +2,54 @@ package trust
import ( import (
"fmt" "fmt"
"os"
"testing" "testing"
"github.com/docker/cli/e2e/internal/fixtures"
"github.com/gotestyourself/gotestyourself/fs" "github.com/gotestyourself/gotestyourself/fs"
"github.com/gotestyourself/gotestyourself/icmd" "github.com/gotestyourself/gotestyourself/icmd"
"github.com/stretchr/testify/assert" "github.com/stretchr/testify/assert"
) )
const ( const (
notaryURL = "https://notary-server:4443"
alpineImage = "registry:5000/alpine:3.6"
alpineSha = "641b95ddb2ea9dc2af1a0113b6b348ebc20872ba615204fbe12148e98fd6f23d"
busyboxImage = "registry:5000/busybox:1.27.2"
busyboxSha = "030fcb92e1487b18c974784dcc110a93147c9fc402188370fbfd17efabffc6af"
localImage = "registry:5000/signlocal:v1" localImage = "registry:5000/signlocal:v1"
signImage = "registry:5000/sign:v1" signImage = "registry:5000/sign:v1"
) )
func TestSignLocalImage(t *testing.T) { func TestSignLocalImage(t *testing.T) {
dir := setupConfigFile(t) dir := fixtures.SetupConfigFile(t)
defer dir.Remove() defer dir.Remove()
icmd.RunCmd(icmd.Command("docker", "pull", alpineImage)).Assert(t, icmd.Success) icmd.RunCmd(icmd.Command("docker", "pull", fixtures.AlpineImage)).Assert(t, icmd.Success)
icmd.RunCommand("docker", "tag", alpineImage, signImage).Assert(t, icmd.Success) icmd.RunCommand("docker", "tag", fixtures.AlpineImage, signImage).Assert(t, icmd.Success)
result := icmd.RunCmd( result := icmd.RunCmd(
icmd.Command("docker", "trust", "sign", signImage), icmd.Command("docker", "trust", "sign", signImage),
withTrustAndPassphrase("root_password", "repo_password", dir)) fixtures.WithPassphrase("root_password", "repo_password"),
fixtures.WithConfig(dir.Path()), fixtures.WithNotary)
result.Assert(t, icmd.Success) result.Assert(t, icmd.Success)
assert.Contains(t, result.Stdout(), fmt.Sprintf("v1: digest: sha256:%s", alpineSha)) assert.Contains(t, result.Stdout(), fmt.Sprintf("v1: digest: sha256:%s", fixtures.AlpineSha))
} }
func TestSignWithLocalFlag(t *testing.T) { func TestSignWithLocalFlag(t *testing.T) {
dir := setupConfigFile(t) dir := fixtures.SetupConfigFile(t)
defer dir.Remove() defer dir.Remove()
setupTrustedImageForOverwrite(t, dir) setupTrustedImageForOverwrite(t, dir)
result := icmd.RunCmd( result := icmd.RunCmd(
icmd.Command("docker", "trust", "sign", "--local", localImage), icmd.Command("docker", "trust", "sign", "--local", localImage),
withTrustAndPassphrase("root_password", "repo_password", dir)) fixtures.WithPassphrase("root_password", "repo_password"),
fixtures.WithConfig(dir.Path()), fixtures.WithNotary)
result.Assert(t, icmd.Success) result.Assert(t, icmd.Success)
assert.Contains(t, result.Stdout(), fmt.Sprintf("v1: digest: sha256:%s", busyboxSha)) assert.Contains(t, result.Stdout(), fmt.Sprintf("v1: digest: sha256:%s", fixtures.BusyboxSha))
}
func withTrustAndPassphrase(rootPwd, repositoryPwd string, dir fs.Dir) func(cmd *icmd.Cmd) {
return func(cmd *icmd.Cmd) {
env := append(os.Environ(),
"DOCKER_CONTENT_TRUST_SERVER="+notaryURL,
"DOCKER_CONTENT_TRUST_ROOT_PASSPHRASE="+rootPwd,
"DOCKER_CONTENT_TRUST_REPOSITORY_PASSPHRASE="+repositoryPwd,
"DOCKER_CONFIG="+dir.Path(),
)
cmd.Env = append(cmd.Env, env...)
}
}
func setupConfigFile(t *testing.T) fs.Dir {
dir := fs.NewDir(t, "trust_test", fs.WithMode(0700), fs.WithFile("config.json", `
{
"auths": {
"registry:5000": {
"auth": "ZWlhaXM6cGFzc3dvcmQK"
},
"https://notary-server:4443": {
"auth": "ZWlhaXM6cGFzc3dvcmQK"
}
}
}
`))
return *dir
} }
func setupTrustedImageForOverwrite(t *testing.T, dir fs.Dir) { func setupTrustedImageForOverwrite(t *testing.T, dir fs.Dir) {
icmd.RunCmd(icmd.Command("docker", "pull", alpineImage)).Assert(t, icmd.Success) icmd.RunCmd(icmd.Command("docker", "pull", fixtures.AlpineImage)).Assert(t, icmd.Success)
icmd.RunCommand("docker", "tag", alpineImage, localImage).Assert(t, icmd.Success) icmd.RunCommand("docker", "tag", fixtures.AlpineImage, localImage).Assert(t, icmd.Success)
result := icmd.RunCmd( result := icmd.RunCmd(
icmd.Command("docker", "-D", "trust", "sign", localImage), icmd.Command("docker", "-D", "trust", "sign", localImage),
withTrustAndPassphrase("root_password", "repo_password", dir)) fixtures.WithPassphrase("root_password", "repo_password"),
fixtures.WithConfig(dir.Path()), fixtures.WithNotary)
result.Assert(t, icmd.Success) result.Assert(t, icmd.Success)
assert.Contains(t, result.Stdout(), fmt.Sprintf("v1: digest: sha256:%s", alpineSha)) assert.Contains(t, result.Stdout(), fmt.Sprintf("v1: digest: sha256:%s", fixtures.AlpineSha))
icmd.RunCommand("docker", "tag", busyboxImage, localImage).Assert(t, icmd.Success) icmd.RunCmd(icmd.Command("docker", "pull", fixtures.BusyboxImage)).Assert(t, icmd.Success)
icmd.RunCommand("docker", "tag", fixtures.BusyboxImage, localImage).Assert(t, icmd.Success)
} }