Add e2e testing for docker trust sign

Signed-off-by: Kyle Spiers <kyle@spiers.me>
2017-11-10 11:34:23 -08:00 · 2017-11-10 11:34:23 -08:00 · eb025800bd
parent a570e9b355
commit eb025800bd
2 changed files with 101 additions and 0 deletions
--- a/e2e/trust/main_test.go
+++ b/e2e/trust/main_test.go
@ -0,0 +1,17 @@
+package trust
+
+import (
+	"fmt"
+	"os"
+	"testing"
+
+	"github.com/docker/cli/internal/test/environment"
+)
+
+func TestMain(m *testing.M) {
+	if err := environment.Setup(); err != nil {
+		fmt.Println(err.Error())
+		os.Exit(3)
+	}
+	os.Exit(m.Run())
+}
--- a/e2e/trust/sign_test.go
+++ b/e2e/trust/sign_test.go
@ -0,0 +1,84 @@
+package trust
+
+import (
+	"fmt"
+	"os"
+	"testing"
+
+	"github.com/gotestyourself/gotestyourself/fs"
+	"github.com/gotestyourself/gotestyourself/icmd"
+	"github.com/stretchr/testify/assert"
+)
+
+const (
+	notaryURL    = "https://notary-server:4443"
+	alpineImage  = "registry:5000/alpine:3.6"
+	alpineSha    = "641b95ddb2ea9dc2af1a0113b6b348ebc20872ba615204fbe12148e98fd6f23d"
+	busyboxImage = "registry:5000/busybox:1.27.2"
+	busyboxSha   = "030fcb92e1487b18c974784dcc110a93147c9fc402188370fbfd17efabffc6af"
+	localImage   = "registry:5000/signlocal:v1"
+	signImage    = "registry:5000/sign:v1"
+)
+
+func TestSignLocalImage(t *testing.T) {
+	dir := setupConfigFile(t)
+	defer dir.Remove()
+	icmd.RunCmd(icmd.Command("docker", "pull", alpineImage)).Assert(t, icmd.Success)
+	icmd.RunCommand("docker", "tag", alpineImage, signImage).Assert(t, icmd.Success)
+	result := icmd.RunCmd(
+		icmd.Command("docker", "trust", "sign", signImage),
+		withTrustAndPassphrase("root_password", "repo_password", dir))
+	result.Assert(t, icmd.Success)
+	assert.Contains(t, result.Stdout(), fmt.Sprintf("v1: digest: sha256:%s", alpineSha))
+
+}
+
+func TestSignWithLocalFlag(t *testing.T) {
+	dir := setupConfigFile(t)
+	defer dir.Remove()
+	setupTrustedImageForOverwrite(t, dir)
+	result := icmd.RunCmd(
+		icmd.Command("docker", "trust", "sign", "--local", localImage),
+		withTrustAndPassphrase("root_password", "repo_password", dir))
+	result.Assert(t, icmd.Success)
+	assert.Contains(t, result.Stdout(), fmt.Sprintf("v1: digest: sha256:%s", busyboxSha))
+}
+
+func withTrustAndPassphrase(rootPwd, repositoryPwd string, dir fs.Dir) func(cmd *icmd.Cmd) {
+	return func(cmd *icmd.Cmd) {
+		env := append(os.Environ(),
+			"DOCKER_CONTENT_TRUST_SERVER="+notaryURL,
+			"DOCKER_CONTENT_TRUST_ROOT_PASSPHRASE="+rootPwd,
+			"DOCKER_CONTENT_TRUST_REPOSITORY_PASSPHRASE="+repositoryPwd,
+			"DOCKER_CONFIG="+dir.Path(),
+		)
+		cmd.Env = append(cmd.Env, env...)
+	}
+}
+
+func setupConfigFile(t *testing.T) fs.Dir {
+	dir := fs.NewDir(t, "trust_test", fs.WithMode(0700), fs.WithFile("config.json", `
+	{
+		"auths": {
+			"registry:5000": {
+				"auth": "ZWlhaXM6cGFzc3dvcmQK"
+			},
+			"https://notary-server:4443": {
+				"auth": "ZWlhaXM6cGFzc3dvcmQK"
+			}
+		}
+	}
+	`))
+	return *dir
+}
+
+func setupTrustedImageForOverwrite(t *testing.T, dir fs.Dir) {
+	icmd.RunCmd(icmd.Command("docker", "pull", alpineImage)).Assert(t, icmd.Success)
+	icmd.RunCommand("docker", "tag", alpineImage, localImage).Assert(t, icmd.Success)
+	result := icmd.RunCmd(
+		icmd.Command("docker", "-D", "trust", "sign", localImage),
+		withTrustAndPassphrase("root_password", "repo_password", dir))
+	result.Assert(t, icmd.Success)
+	assert.Contains(t, result.Stdout(), fmt.Sprintf("v1: digest: sha256:%s", alpineSha))
+	icmd.RunCommand("docker", "tag", busyboxImage, localImage).Assert(t, icmd.Success)
+}