Merge pull request #693 from eiais/e2e

Add e2e testing for Trust revoke

e2e/container/run_test.go

@@ -4,6 +4,7 @@ import (
 	"fmt"
 	"testing"
 
+	"github.com/docker/cli/e2e/internal/fixtures"
 	shlex "github.com/flynn-archive/go-shlex"
 	"github.com/gotestyourself/gotestyourself/golden"
 	"github.com/gotestyourself/gotestyourself/icmd"
@@ -11,8 +12,6 @@ import (
 	"github.com/stretchr/testify/require"
 )
 
-const alpineImage = "registry:5000/alpine:3.6"
-
 func TestRunAttachedFromRemoteImageAndRemove(t *testing.T) {
 	image := createRemoteImage(t)
 
@@ -27,8 +26,8 @@ func TestRunAttachedFromRemoteImageAndRemove(t *testing.T) {
 // TODO: create this with registry API instead of engine API
 func createRemoteImage(t *testing.T) string {
 	image := "registry:5000/alpine:test-run-pulls"
-	icmd.RunCommand("docker", "pull", alpineImage).Assert(t, icmd.Success)
+	icmd.RunCommand("docker", "pull", fixtures.AlpineImage).Assert(t, icmd.Success)
-	icmd.RunCommand("docker", "tag", alpineImage, image).Assert(t, icmd.Success)
+	icmd.RunCommand("docker", "tag", fixtures.AlpineImage, image).Assert(t, icmd.Success)
 	icmd.RunCommand("docker", "push", image).Assert(t, icmd.Success)
 	icmd.RunCommand("docker", "rmi", image).Assert(t, icmd.Success)
 	return image

e2e/image/pull_test.go

@@ -2,23 +2,19 @@ package image
 
 import (
 	"fmt"
-	"os"
 	"testing"
 
+	"github.com/docker/cli/e2e/internal/fixtures"
 	"github.com/gotestyourself/gotestyourself/golden"
 	"github.com/gotestyourself/gotestyourself/icmd"
 )
 
-const notaryURL = "https://notary-server:4443"
 const registryPrefix = "registry:5000"
 
-const alpineImage = "registry:5000/alpine:3.6"
-const busyboxImage = "registry:5000/busybox:1.27.2"
-
 func TestPullWithContentTrust(t *testing.T) {
 	image := createMaskedTrustedRemoteImage(t, "trust", "latest")
 
-	result := icmd.RunCmd(icmd.Command("docker", "pull", image), withTrustNoPassphrase)
+	result := icmd.RunCmd(icmd.Command("docker", "pull", image), fixtures.WithTrust, fixtures.WithNotary)
 	result.Assert(t, icmd.Success)
 	golden.Assert(t, result.Stderr(), "pull-with-content-trust-err.golden")
 	golden.Assert(t, result.Stdout(), "pull-with-content-trust.golden")
@@ -34,39 +30,19 @@ func createMaskedTrustedRemoteImage(t *testing.T, repo, tag string) string {
 
 func createTrustedRemoteImage(t *testing.T, repo, tag string) string {
 	image := fmt.Sprintf("%s/%s:%s", registryPrefix, repo, tag)
-	icmd.RunCommand("docker", "pull", alpineImage).Assert(t, icmd.Success)
+	icmd.RunCommand("docker", "pull", fixtures.AlpineImage).Assert(t, icmd.Success)
-	icmd.RunCommand("docker", "tag", alpineImage, image).Assert(t, icmd.Success)
+	icmd.RunCommand("docker", "tag", fixtures.AlpineImage, image).Assert(t, icmd.Success)
 	result := icmd.RunCmd(
 		icmd.Command("docker", "push", image),
-		withTrustAndPassphrase("root_password", "repo_password"))
+		fixtures.WithPassphrase("root_password", "repo_password"), fixtures.WithTrust, fixtures.WithNotary)
 	result.Assert(t, icmd.Success)
 	icmd.RunCommand("docker", "rmi", image).Assert(t, icmd.Success)
 	return image
 }
 
 func createNamedUnsignedImageFromBusyBox(t *testing.T, image string) {
-	icmd.RunCommand("docker", "pull", busyboxImage).Assert(t, icmd.Success)
+	icmd.RunCommand("docker", "pull", fixtures.BusyboxImage).Assert(t, icmd.Success)
-	icmd.RunCommand("docker", "tag", busyboxImage, image).Assert(t, icmd.Success)
+	icmd.RunCommand("docker", "tag", fixtures.BusyboxImage, image).Assert(t, icmd.Success)
 	icmd.RunCommand("docker", "push", image).Assert(t, icmd.Success)
 	icmd.RunCommand("docker", "rmi", image).Assert(t, icmd.Success)
 }
-
-func withTrustAndPassphrase(rootPwd, repositoryPwd string) func(cmd *icmd.Cmd) {
-	return func(cmd *icmd.Cmd) {
-		env := append(os.Environ(),
-			"DOCKER_CONTENT_TRUST=1",
-			"DOCKER_CONTENT_TRUST_SERVER="+notaryURL,
-			"DOCKER_CONTENT_TRUST_ROOT_PASSPHRASE="+rootPwd,
-			"DOCKER_CONTENT_TRUST_REPOSITORY_PASSPHRASE="+repositoryPwd,
-		)
-		cmd.Env = append(cmd.Env, env...)
-	}
-}
-
-func withTrustNoPassphrase(cmd *icmd.Cmd) {
-	env := append(os.Environ(),
-		"DOCKER_CONTENT_TRUST=1",
-		"DOCKER_CONTENT_TRUST_SERVER="+notaryURL,
-	)
-	cmd.Env = append(cmd.Env, env...)
-}

e2e/internal/fixtures/fixtures.go

@@ -0,0 +1,76 @@
+package fixtures
+
+import (
+	"os"
+	"testing"
+
+	"github.com/gotestyourself/gotestyourself/fs"
+	"github.com/gotestyourself/gotestyourself/icmd"
+)
+
+const (
+	//NotaryURL is the location of the notary server
+	NotaryURL = "https://notary-server:4443"
+	//AlpineImage is an image in the test registry
+	AlpineImage = "registry:5000/alpine:3.6"
+	//AlpineSha is the sha of the alpine image
+	AlpineSha = "641b95ddb2ea9dc2af1a0113b6b348ebc20872ba615204fbe12148e98fd6f23d"
+	//BusyboxImage is an image in the test registry
+	BusyboxImage = "registry:5000/busybox:1.27.2"
+	//BusyboxSha is the sha of the busybox image
+	BusyboxSha = "030fcb92e1487b18c974784dcc110a93147c9fc402188370fbfd17efabffc6af"
+)
+
+//SetupConfigFile creates a config.json file for testing
+func SetupConfigFile(t *testing.T) fs.Dir {
+	dir := fs.NewDir(t, "trust_test", fs.WithMode(0700), fs.WithFile("config.json", `
+	{
+		"auths": {
+			"registry:5000": {
+				"auth": "ZWlhaXM6cGFzc3dvcmQK"
+			},
+			"https://notary-server:4443": {
+				"auth": "ZWlhaXM6cGFzc3dvcmQK"
+			}
+		}
+	}
+	`))
+	return *dir
+}
+
+//WithConfig sets an environment variable for the docker config location
+func WithConfig(dir string) func(cmd *icmd.Cmd) {
+	return func(cmd *icmd.Cmd) {
+		env := append(os.Environ(),
+			"DOCKER_CONFIG="+dir,
+		)
+		cmd.Env = append(cmd.Env, env...)
+	}
+}
+
+//WithPassphrase sets environment variables for passphrases
+func WithPassphrase(rootPwd, repositoryPwd string) func(cmd *icmd.Cmd) {
+	return func(cmd *icmd.Cmd) {
+		env := append(os.Environ(),
+			"DOCKER_CONTENT_TRUST_ROOT_PASSPHRASE="+rootPwd,
+			"DOCKER_CONTENT_TRUST_REPOSITORY_PASSPHRASE="+repositoryPwd,
+		)
+		cmd.Env = append(cmd.Env, env...)
+	}
+}
+
+//WithTrust sets DOCKER_CONTENT_TRUST to 1
+func WithTrust(cmd *icmd.Cmd) {
+	env := append(os.Environ(),
+		"DOCKER_CONTENT_TRUST=1",
+	)
+	cmd.Env = append(cmd.Env, env...)
+}
+
+//WithNotary sets the location of the notary server
+func WithNotary(cmd *icmd.Cmd) {
+	env := append(os.Environ(),
+		"DOCKER_CONTENT_TRUST_SERVER="+NotaryURL,
+	)
+	cmd.Env = append(cmd.Env, env...)
+}

e2e/trust/revoke_test.go

@@ -0,0 +1,64 @@
+package trust
+
+import (
+	"fmt"
+	"testing"
+
+	"github.com/docker/cli/e2e/internal/fixtures"
+	"github.com/gotestyourself/gotestyourself/fs"
+	"github.com/gotestyourself/gotestyourself/icmd"
+	"github.com/stretchr/testify/assert"
+)
+
+const (
+	revokeImage = "registry:5000/revoke:v1"
+	revokeRepo  = "registry:5000/revokerepo"
+)
+
+func TestRevokeImage(t *testing.T) {
+	dir := fixtures.SetupConfigFile(t)
+	defer dir.Remove()
+	setupTrustedImagesForRevoke(t, dir)
+	result := icmd.RunCmd(
+		icmd.Command("docker", "trust", "revoke", revokeImage),
+		fixtures.WithPassphrase("root_password", "repo_password"),
+		fixtures.WithNotary, fixtures.WithConfig(dir.Path()))
+	result.Assert(t, icmd.Success)
+	assert.Contains(t, result.Stdout(), "Successfully deleted signature for registry:5000/revoke:v1")
+}
+
+func TestRevokeRepo(t *testing.T) {
+	dir := fixtures.SetupConfigFile(t)
+	defer dir.Remove()
+	setupTrustedImagesForRevokeRepo(t, dir)
+	result := icmd.RunCmd(
+		icmd.Command("docker", "trust", "revoke", revokeRepo, "-y"),
+		fixtures.WithPassphrase("root_password", "repo_password"),
+		fixtures.WithNotary, fixtures.WithConfig(dir.Path()))
+	result.Assert(t, icmd.Success)
+	assert.Contains(t, result.Stdout(), "Successfully deleted signature for registry:5000/revoke")
+}
+
+func setupTrustedImagesForRevoke(t *testing.T, dir fs.Dir) {
+	icmd.RunCmd(icmd.Command("docker", "pull", fixtures.AlpineImage)).Assert(t, icmd.Success)
+	icmd.RunCommand("docker", "tag", fixtures.AlpineImage, revokeImage).Assert(t, icmd.Success)
+	icmd.RunCmd(
+		icmd.Command("docker", "-D", "trust", "sign", revokeImage),
+		fixtures.WithPassphrase("root_password", "repo_password"),
+		fixtures.WithConfig(dir.Path()), fixtures.WithNotary).Assert(t, icmd.Success)
+}
+
+func setupTrustedImagesForRevokeRepo(t *testing.T, dir fs.Dir) {
+	icmd.RunCmd(icmd.Command("docker", "pull", fixtures.AlpineImage)).Assert(t, icmd.Success)
+	icmd.RunCommand("docker", "tag", fixtures.AlpineImage, fmt.Sprintf("%s:v1", revokeRepo)).Assert(t, icmd.Success)
+	icmd.RunCmd(
+		icmd.Command("docker", "-D", "trust", "sign", fmt.Sprintf("%s:v1", revokeRepo)),
+		fixtures.WithPassphrase("root_password", "repo_password"),
+		fixtures.WithConfig(dir.Path()), fixtures.WithNotary).Assert(t, icmd.Success)
+	icmd.RunCmd(icmd.Command("docker", "pull", fixtures.BusyboxImage)).Assert(t, icmd.Success)
+	icmd.RunCommand("docker", "tag", fixtures.BusyboxImage, fmt.Sprintf("%s:v2", revokeRepo)).Assert(t, icmd.Success)
+	icmd.RunCmd(
+		icmd.Command("docker", "-D", "trust", "sign", fmt.Sprintf("%s:v2", revokeRepo)),
+		fixtures.WithPassphrase("root_password", "repo_password"),
+		fixtures.WithConfig(dir.Path()), fixtures.WithNotary).Assert(t, icmd.Success)
+}

e2e/trust/sign_test.go

@@ -2,83 +2,54 @@ package trust
 
 import (
 	"fmt"
-	"os"
 	"testing"
 
+	"github.com/docker/cli/e2e/internal/fixtures"
 	"github.com/gotestyourself/gotestyourself/fs"
 	"github.com/gotestyourself/gotestyourself/icmd"
 	"github.com/stretchr/testify/assert"
 )
 
 const (
-	notaryURL    = "https://notary-server:4443"
+	localImage = "registry:5000/signlocal:v1"
-	alpineImage  = "registry:5000/alpine:3.6"
+	signImage  = "registry:5000/sign:v1"
-	alpineSha    = "641b95ddb2ea9dc2af1a0113b6b348ebc20872ba615204fbe12148e98fd6f23d"
-	busyboxImage = "registry:5000/busybox:1.27.2"
-	busyboxSha   = "030fcb92e1487b18c974784dcc110a93147c9fc402188370fbfd17efabffc6af"
-	localImage   = "registry:5000/signlocal:v1"
-	signImage    = "registry:5000/sign:v1"
 )
 
 func TestSignLocalImage(t *testing.T) {
-	dir := setupConfigFile(t)
+	dir := fixtures.SetupConfigFile(t)
 	defer dir.Remove()
-	icmd.RunCmd(icmd.Command("docker", "pull", alpineImage)).Assert(t, icmd.Success)
+	icmd.RunCmd(icmd.Command("docker", "pull", fixtures.AlpineImage)).Assert(t, icmd.Success)
-	icmd.RunCommand("docker", "tag", alpineImage, signImage).Assert(t, icmd.Success)
+	icmd.RunCommand("docker", "tag", fixtures.AlpineImage, signImage).Assert(t, icmd.Success)
 	result := icmd.RunCmd(
 		icmd.Command("docker", "trust", "sign", signImage),
-		withTrustAndPassphrase("root_password", "repo_password", dir))
+		fixtures.WithPassphrase("root_password", "repo_password"),
+		fixtures.WithConfig(dir.Path()), fixtures.WithNotary)
 	result.Assert(t, icmd.Success)
-	assert.Contains(t, result.Stdout(), fmt.Sprintf("v1: digest: sha256:%s", alpineSha))
+	assert.Contains(t, result.Stdout(), fmt.Sprintf("v1: digest: sha256:%s", fixtures.AlpineSha))
 
 }
 
 func TestSignWithLocalFlag(t *testing.T) {
-	dir := setupConfigFile(t)
+	dir := fixtures.SetupConfigFile(t)
 	defer dir.Remove()
 	setupTrustedImageForOverwrite(t, dir)
 	result := icmd.RunCmd(
 		icmd.Command("docker", "trust", "sign", "--local", localImage),
-		withTrustAndPassphrase("root_password", "repo_password", dir))
+		fixtures.WithPassphrase("root_password", "repo_password"),
+		fixtures.WithConfig(dir.Path()), fixtures.WithNotary)
 	result.Assert(t, icmd.Success)
-	assert.Contains(t, result.Stdout(), fmt.Sprintf("v1: digest: sha256:%s", busyboxSha))
+	assert.Contains(t, result.Stdout(), fmt.Sprintf("v1: digest: sha256:%s", fixtures.BusyboxSha))
-}
-
-func withTrustAndPassphrase(rootPwd, repositoryPwd string, dir fs.Dir) func(cmd *icmd.Cmd) {
-	return func(cmd *icmd.Cmd) {
-		env := append(os.Environ(),
-			"DOCKER_CONTENT_TRUST_SERVER="+notaryURL,
-			"DOCKER_CONTENT_TRUST_ROOT_PASSPHRASE="+rootPwd,
-			"DOCKER_CONTENT_TRUST_REPOSITORY_PASSPHRASE="+repositoryPwd,
-			"DOCKER_CONFIG="+dir.Path(),
-		)
-		cmd.Env = append(cmd.Env, env...)
-	}
-}
-
-func setupConfigFile(t *testing.T) fs.Dir {
-	dir := fs.NewDir(t, "trust_test", fs.WithMode(0700), fs.WithFile("config.json", `
-	{
-		"auths": {
-			"registry:5000": {
-				"auth": "ZWlhaXM6cGFzc3dvcmQK"
-			},
-			"https://notary-server:4443": {
-				"auth": "ZWlhaXM6cGFzc3dvcmQK"
-			}
-		}
-	}
-	`))
-	return *dir
 }
 
 func setupTrustedImageForOverwrite(t *testing.T, dir fs.Dir) {
-	icmd.RunCmd(icmd.Command("docker", "pull", alpineImage)).Assert(t, icmd.Success)
+	icmd.RunCmd(icmd.Command("docker", "pull", fixtures.AlpineImage)).Assert(t, icmd.Success)
-	icmd.RunCommand("docker", "tag", alpineImage, localImage).Assert(t, icmd.Success)
+	icmd.RunCommand("docker", "tag", fixtures.AlpineImage, localImage).Assert(t, icmd.Success)
 	result := icmd.RunCmd(
 		icmd.Command("docker", "-D", "trust", "sign", localImage),
-		withTrustAndPassphrase("root_password", "repo_password", dir))
+		fixtures.WithPassphrase("root_password", "repo_password"),
+		fixtures.WithConfig(dir.Path()), fixtures.WithNotary)
 	result.Assert(t, icmd.Success)
-	assert.Contains(t, result.Stdout(), fmt.Sprintf("v1: digest: sha256:%s", alpineSha))
+	assert.Contains(t, result.Stdout(), fmt.Sprintf("v1: digest: sha256:%s", fixtures.AlpineSha))
-	icmd.RunCommand("docker", "tag", busyboxImage, localImage).Assert(t, icmd.Success)
+	icmd.RunCmd(icmd.Command("docker", "pull", fixtures.BusyboxImage)).Assert(t, icmd.Success)
+	icmd.RunCommand("docker", "tag", fixtures.BusyboxImage, localImage).Assert(t, icmd.Success)
 }