-
Notifications
You must be signed in to change notification settings - Fork 1.9k
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Merge pull request #693 from eiais/e2e
Add e2e testing for Trust revoke
- Loading branch information
Showing
5 changed files
with
170 additions
and
84 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,76 @@ | ||
package fixtures | ||
|
||
import ( | ||
"os" | ||
"testing" | ||
|
||
"github.com/gotestyourself/gotestyourself/fs" | ||
"github.com/gotestyourself/gotestyourself/icmd" | ||
) | ||
|
||
const ( | ||
//NotaryURL is the location of the notary server | ||
NotaryURL = "https://notary-server:4443" | ||
//AlpineImage is an image in the test registry | ||
AlpineImage = "registry:5000/alpine:3.6" | ||
//AlpineSha is the sha of the alpine image | ||
AlpineSha = "641b95ddb2ea9dc2af1a0113b6b348ebc20872ba615204fbe12148e98fd6f23d" | ||
//BusyboxImage is an image in the test registry | ||
BusyboxImage = "registry:5000/busybox:1.27.2" | ||
//BusyboxSha is the sha of the busybox image | ||
BusyboxSha = "030fcb92e1487b18c974784dcc110a93147c9fc402188370fbfd17efabffc6af" | ||
) | ||
|
||
//SetupConfigFile creates a config.json file for testing | ||
func SetupConfigFile(t *testing.T) fs.Dir { | ||
dir := fs.NewDir(t, "trust_test", fs.WithMode(0700), fs.WithFile("config.json", ` | ||
{ | ||
"auths": { | ||
"registry:5000": { | ||
"auth": "ZWlhaXM6cGFzc3dvcmQK" | ||
}, | ||
"https://notary-server:4443": { | ||
"auth": "ZWlhaXM6cGFzc3dvcmQK" | ||
} | ||
} | ||
} | ||
`)) | ||
return *dir | ||
} | ||
|
||
//WithConfig sets an environment variable for the docker config location | ||
func WithConfig(dir string) func(cmd *icmd.Cmd) { | ||
return func(cmd *icmd.Cmd) { | ||
env := append(os.Environ(), | ||
"DOCKER_CONFIG="+dir, | ||
) | ||
cmd.Env = append(cmd.Env, env...) | ||
} | ||
} | ||
|
||
//WithPassphrase sets environment variables for passphrases | ||
func WithPassphrase(rootPwd, repositoryPwd string) func(cmd *icmd.Cmd) { | ||
return func(cmd *icmd.Cmd) { | ||
env := append(os.Environ(), | ||
"DOCKER_CONTENT_TRUST_ROOT_PASSPHRASE="+rootPwd, | ||
"DOCKER_CONTENT_TRUST_REPOSITORY_PASSPHRASE="+repositoryPwd, | ||
) | ||
cmd.Env = append(cmd.Env, env...) | ||
} | ||
} | ||
|
||
//WithTrust sets DOCKER_CONTENT_TRUST to 1 | ||
func WithTrust(cmd *icmd.Cmd) { | ||
env := append(os.Environ(), | ||
"DOCKER_CONTENT_TRUST=1", | ||
) | ||
cmd.Env = append(cmd.Env, env...) | ||
} | ||
|
||
//WithNotary sets the location of the notary server | ||
func WithNotary(cmd *icmd.Cmd) { | ||
env := append(os.Environ(), | ||
"DOCKER_CONTENT_TRUST_SERVER="+NotaryURL, | ||
) | ||
cmd.Env = append(cmd.Env, env...) | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,64 @@ | ||
package trust | ||
|
||
import ( | ||
"fmt" | ||
"testing" | ||
|
||
"github.com/docker/cli/e2e/internal/fixtures" | ||
"github.com/gotestyourself/gotestyourself/fs" | ||
"github.com/gotestyourself/gotestyourself/icmd" | ||
"github.com/stretchr/testify/assert" | ||
) | ||
|
||
const ( | ||
revokeImage = "registry:5000/revoke:v1" | ||
revokeRepo = "registry:5000/revokerepo" | ||
) | ||
|
||
func TestRevokeImage(t *testing.T) { | ||
dir := fixtures.SetupConfigFile(t) | ||
defer dir.Remove() | ||
setupTrustedImagesForRevoke(t, dir) | ||
result := icmd.RunCmd( | ||
icmd.Command("docker", "trust", "revoke", revokeImage), | ||
fixtures.WithPassphrase("root_password", "repo_password"), | ||
fixtures.WithNotary, fixtures.WithConfig(dir.Path())) | ||
result.Assert(t, icmd.Success) | ||
assert.Contains(t, result.Stdout(), "Successfully deleted signature for registry:5000/revoke:v1") | ||
} | ||
|
||
func TestRevokeRepo(t *testing.T) { | ||
dir := fixtures.SetupConfigFile(t) | ||
defer dir.Remove() | ||
setupTrustedImagesForRevokeRepo(t, dir) | ||
result := icmd.RunCmd( | ||
icmd.Command("docker", "trust", "revoke", revokeRepo, "-y"), | ||
fixtures.WithPassphrase("root_password", "repo_password"), | ||
fixtures.WithNotary, fixtures.WithConfig(dir.Path())) | ||
result.Assert(t, icmd.Success) | ||
assert.Contains(t, result.Stdout(), "Successfully deleted signature for registry:5000/revoke") | ||
} | ||
|
||
func setupTrustedImagesForRevoke(t *testing.T, dir fs.Dir) { | ||
icmd.RunCmd(icmd.Command("docker", "pull", fixtures.AlpineImage)).Assert(t, icmd.Success) | ||
icmd.RunCommand("docker", "tag", fixtures.AlpineImage, revokeImage).Assert(t, icmd.Success) | ||
icmd.RunCmd( | ||
icmd.Command("docker", "-D", "trust", "sign", revokeImage), | ||
fixtures.WithPassphrase("root_password", "repo_password"), | ||
fixtures.WithConfig(dir.Path()), fixtures.WithNotary).Assert(t, icmd.Success) | ||
} | ||
|
||
func setupTrustedImagesForRevokeRepo(t *testing.T, dir fs.Dir) { | ||
icmd.RunCmd(icmd.Command("docker", "pull", fixtures.AlpineImage)).Assert(t, icmd.Success) | ||
icmd.RunCommand("docker", "tag", fixtures.AlpineImage, fmt.Sprintf("%s:v1", revokeRepo)).Assert(t, icmd.Success) | ||
icmd.RunCmd( | ||
icmd.Command("docker", "-D", "trust", "sign", fmt.Sprintf("%s:v1", revokeRepo)), | ||
fixtures.WithPassphrase("root_password", "repo_password"), | ||
fixtures.WithConfig(dir.Path()), fixtures.WithNotary).Assert(t, icmd.Success) | ||
icmd.RunCmd(icmd.Command("docker", "pull", fixtures.BusyboxImage)).Assert(t, icmd.Success) | ||
icmd.RunCommand("docker", "tag", fixtures.BusyboxImage, fmt.Sprintf("%s:v2", revokeRepo)).Assert(t, icmd.Success) | ||
icmd.RunCmd( | ||
icmd.Command("docker", "-D", "trust", "sign", fmt.Sprintf("%s:v2", revokeRepo)), | ||
fixtures.WithPassphrase("root_password", "repo_password"), | ||
fixtures.WithConfig(dir.Path()), fixtures.WithNotary).Assert(t, icmd.Success) | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters