mirror of https://github.com/docker/cli.git
Update e2e test for image pull to check stdout
Also add TEST_DEBUG env variable for debugging E2E tests. And change icmd environment helpers to fit the CmdOp interface os they can be passed to 'icmd.RunCmd()' Signed-off-by: Daniel Nephin <dnephin@docker.com>
This commit is contained in:
parent
e548861481
commit
b11c11ea74
|
@ -3,11 +3,10 @@ package image
|
|||
import (
|
||||
"fmt"
|
||||
"os"
|
||||
"strings"
|
||||
"testing"
|
||||
|
||||
"github.com/gotestyourself/gotestyourself/golden"
|
||||
"github.com/gotestyourself/gotestyourself/icmd"
|
||||
"github.com/stretchr/testify/require"
|
||||
)
|
||||
|
||||
const notaryURL = "https://notary-server:4443"
|
||||
|
@ -17,36 +16,29 @@ const alpineImage = "registry:5000/alpine:3.6"
|
|||
const busyboxImage = "registry:5000/busybox:1.27.2"
|
||||
|
||||
func TestPullWithContentTrust(t *testing.T) {
|
||||
image := createTrustedRemoteImage(t, "trust", "latest")
|
||||
image := createMaskedTrustedRemoteImage(t, "trust", "latest")
|
||||
|
||||
// test that pulling without the tag defaults to latest
|
||||
imageWithoutTag := strings.TrimSuffix(image, ":latest")
|
||||
icmd.RunCmd(trustedCmdNoPassphrases(icmd.Command("docker", "pull", imageWithoutTag))).Assert(t, icmd.Success)
|
||||
icmd.RunCommand("docker", "rmi", image).Assert(t, icmd.Success)
|
||||
result := icmd.RunCmd(icmd.Command("docker", "pull", image), withTrustNoPassphrase)
|
||||
result.Assert(t, icmd.Expected{Err: icmd.None})
|
||||
golden.Assert(t, result.Stdout(), "pull-with-content-trust.golden")
|
||||
}
|
||||
|
||||
// try pulling with the tag, record output for comparison later
|
||||
result := icmd.RunCmd(trustedCmdNoPassphrases(icmd.Command("docker", "pull", image)))
|
||||
result.Assert(t, icmd.Success)
|
||||
firstPullOutput := result.String()
|
||||
icmd.RunCommand("docker", "rmi", image).Assert(t, icmd.Success)
|
||||
|
||||
// push an unsigned image on the same reference name, but with different content (busybox)
|
||||
// createMaskedTrustedRemoteImage creates a remote image that is signed with
|
||||
// content trust, then pushes a different untrusted image at the same tag.
|
||||
func createMaskedTrustedRemoteImage(t *testing.T, repo, tag string) string {
|
||||
image := createTrustedRemoteImage(t, repo, tag)
|
||||
createNamedUnsignedImageFromBusyBox(t, image)
|
||||
|
||||
// now pull with content trust
|
||||
result = icmd.RunCmd(trustedCmdNoPassphrases(icmd.Command("docker", "pull", image)))
|
||||
result.Assert(t, icmd.Success)
|
||||
secondPullOutput := result.String()
|
||||
|
||||
// assert that the digest and other output is the same since we ignore the unsigned image
|
||||
require.Equal(t, firstPullOutput, secondPullOutput)
|
||||
return image
|
||||
}
|
||||
|
||||
func createTrustedRemoteImage(t *testing.T, repo, tag string) string {
|
||||
image := fmt.Sprintf("%s/%s:%s", registryPrefix, repo, tag)
|
||||
icmd.RunCommand("docker", "pull", alpineImage).Assert(t, icmd.Success)
|
||||
icmd.RunCommand("docker", "tag", alpineImage, image).Assert(t, icmd.Success)
|
||||
icmd.RunCmd(trustedCmdWithPassphrases(icmd.Command("docker", "push", image), "root_password", "repo_password")).Assert(t, icmd.Success)
|
||||
result := icmd.RunCmd(
|
||||
icmd.Command("docker", "push", image),
|
||||
withTrustAndPassphrase("root_password", "repo_password"))
|
||||
result.Assert(t, icmd.Success)
|
||||
icmd.RunCommand("docker", "rmi", image).Assert(t, icmd.Success)
|
||||
return image
|
||||
}
|
||||
|
@ -58,22 +50,22 @@ func createNamedUnsignedImageFromBusyBox(t *testing.T, image string) {
|
|||
icmd.RunCommand("docker", "rmi", image).Assert(t, icmd.Success)
|
||||
}
|
||||
|
||||
func trustedCmdWithPassphrases(cmd icmd.Cmd, rootPwd, repositoryPwd string) icmd.Cmd {
|
||||
env := append(os.Environ(), []string{
|
||||
func withTrustAndPassphrase(rootPwd, repositoryPwd string) func(cmd *icmd.Cmd) {
|
||||
return func(cmd *icmd.Cmd) {
|
||||
env := append(os.Environ(),
|
||||
"DOCKER_CONTENT_TRUST=1",
|
||||
"DOCKER_CONTENT_TRUST_SERVER="+notaryURL,
|
||||
"DOCKER_CONTENT_TRUST_ROOT_PASSPHRASE="+rootPwd,
|
||||
"DOCKER_CONTENT_TRUST_REPOSITORY_PASSPHRASE="+repositoryPwd,
|
||||
}...)
|
||||
)
|
||||
cmd.Env = append(cmd.Env, env...)
|
||||
return cmd
|
||||
}
|
||||
}
|
||||
|
||||
func trustedCmdNoPassphrases(cmd icmd.Cmd) icmd.Cmd {
|
||||
env := append(os.Environ(), []string{
|
||||
func withTrustNoPassphrase(cmd *icmd.Cmd) {
|
||||
env := append(os.Environ(),
|
||||
"DOCKER_CONTENT_TRUST=1",
|
||||
"DOCKER_CONTENT_TRUST_SERVER="+notaryURL,
|
||||
}...)
|
||||
)
|
||||
cmd.Env = append(cmd.Env, env...)
|
||||
return cmd
|
||||
}
|
||||
|
|
|
@ -0,0 +1,5 @@
|
|||
Pull (1 of 1): registry:5000/trust:latest@sha256:641b95ddb2ea9dc2af1a0113b6b348ebc20872ba615204fbe12148e98fd6f23d
|
||||
sha256:641b95ddb2ea9dc2af1a0113b6b348ebc20872ba615204fbe12148e98fd6f23d: Pulling from trust
|
||||
Digest: sha256:641b95ddb2ea9dc2af1a0113b6b348ebc20872ba615204fbe12148e98fd6f23d
|
||||
Status: Downloaded newer image for registry:5000/trust@sha256:641b95ddb2ea9dc2af1a0113b6b348ebc20872ba615204fbe12148e98fd6f23d
|
||||
Tagging registry:5000/trust@sha256:641b95ddb2ea9dc2af1a0113b6b348ebc20872ba615204fbe12148e98fd6f23d as registry:5000/trust:latest
|
|
@ -80,6 +80,9 @@ case "$cmd" in
|
|||
cleanup "$unique_id" "$compose_env_file"
|
||||
exit $testexit
|
||||
;;
|
||||
shell)
|
||||
$SHELL
|
||||
;;
|
||||
*)
|
||||
echo "Unknown command: $cmd"
|
||||
echo "Usage: "
|
||||
|
|
|
@ -32,13 +32,21 @@ docker run --rm \
|
|||
|
||||
engine_host=$(run_in_env setup)
|
||||
testexit=0
|
||||
|
||||
|
||||
test_cmd="test"
|
||||
if [[ -n "${TEST_DEBUG-}" ]]; then
|
||||
test_cmd="shell"
|
||||
fi
|
||||
|
||||
docker run -i --rm \
|
||||
-v "$PWD:/go/src/github.com/docker/cli" \
|
||||
-v "$PWD/e2e/testdata/notary/root-ca.cert:/usr/local/share/ca-certificates/notary.cert" \
|
||||
--network "${unique_id}_default" \
|
||||
-e TESTFLAGS \
|
||||
-e ENGINE_HOST="$engine_host" \
|
||||
"$dev_image" \
|
||||
./scripts/test/e2e/run test "$engine_host" || testexit="$?"
|
||||
./scripts/test/e2e/run "$test_cmd" "$engine_host" || testexit="$?"
|
||||
|
||||
run_in_env cleanup
|
||||
exit "$testexit"
|
||||
|
|
Loading…
Reference in New Issue