fixtures.go

Documentation: github.com/docker/cli/e2e/internal/fixtures

     1  package fixtures
     2  
     3  import (
     4  	"fmt"
     5  	"os"
     6  	"testing"
     7  
     8  	"github.com/docker/cli/cli/config"
     9  	"gotest.tools/v3/fs"
    10  	"gotest.tools/v3/icmd"
    11  )
    12  
    13  const (
    14  	// NotaryURL is the location of the notary server
    15  	NotaryURL = "https://notary-server:4443"
    16  	// EvilNotaryURL is the location of the evil notary server
    17  	EvilNotaryURL = "https://evil-notary-server:4444"
    18  	// AlpineImage is an image in the test registry
    19  	AlpineImage = "registry:5000/alpine:frozen"
    20  	// AlpineSha is the sha of the alpine image
    21  	AlpineSha = "e2e16842c9b54d985bf1ef9242a313f36b856181f188de21313820e177002501" // #nosec G101 -- ignoring: Potential hardcoded credentials (gosec)
    22  	// BusyboxImage is an image in the test registry
    23  	BusyboxImage = "registry:5000/busybox:frozen"
    24  	// BusyboxSha is the sha of the busybox image
    25  	BusyboxSha = "030fcb92e1487b18c974784dcc110a93147c9fc402188370fbfd17efabffc6af" // #nosec G101 -- ignoring: Potential hardcoded credentials (gosec)
    26  )
    27  
    28  // SetupConfigFile creates a config.json file for testing
    29  func SetupConfigFile(t *testing.T) fs.Dir {
    30  	t.Helper()
    31  	return SetupConfigWithNotaryURL(t, "trust_test", NotaryURL)
    32  }
    33  
    34  // SetupConfigWithNotaryURL creates a config.json file for testing in the given path
    35  // with the given notaryURL
    36  func SetupConfigWithNotaryURL(t *testing.T, path, notaryURL string) fs.Dir {
    37  	t.Helper()
    38  	dir := fs.NewDir(t, path, fs.WithMode(0o700), fs.WithFile("config.json", fmt.Sprintf(`
    39  	{
    40  		"auths": {
    41  			"registry:5000": {
    42  				"auth": "ZWlhaXM6cGFzc3dvcmQK"
    43  			},
    44  			"%s": {
    45  				"auth": "ZWlhaXM6cGFzc3dvcmQK"
    46  			}
    47  		},
    48  		"experimental": "enabled"
    49  	}
    50  	`, notaryURL)), fs.WithDir("trust", fs.WithDir("private")))
    51  	return *dir
    52  }
    53  
    54  // WithConfig sets an environment variable for the docker config location
    55  func WithConfig(dir string) func(cmd *icmd.Cmd) {
    56  	return func(cmd *icmd.Cmd) {
    57  		addEnvs(cmd, config.EnvOverrideConfigDir+"="+dir)
    58  	}
    59  }
    60  
    61  // WithPassphrase sets environment variables for passphrases
    62  func WithPassphrase(rootPwd, repositoryPwd string) func(cmd *icmd.Cmd) {
    63  	return func(cmd *icmd.Cmd) {
    64  		addEnvs(cmd,
    65  			"DOCKER_CONTENT_TRUST_ROOT_PASSPHRASE="+rootPwd,
    66  			"DOCKER_CONTENT_TRUST_REPOSITORY_PASSPHRASE="+repositoryPwd,
    67  		)
    68  	}
    69  }
    70  
    71  // WithTrust sets DOCKER_CONTENT_TRUST to 1
    72  func WithTrust(cmd *icmd.Cmd) {
    73  	addEnvs(cmd, "DOCKER_CONTENT_TRUST=1")
    74  }
    75  
    76  // WithNotary sets the location of the notary server
    77  func WithNotary(cmd *icmd.Cmd) {
    78  	addEnvs(cmd, "DOCKER_CONTENT_TRUST_SERVER="+NotaryURL)
    79  }
    80  
    81  // WithHome sets the HOME environment variable
    82  func WithHome(path string) func(*icmd.Cmd) {
    83  	return func(cmd *icmd.Cmd) {
    84  		addEnvs(cmd, "HOME="+path)
    85  	}
    86  }
    87  
    88  // WithNotaryServer sets the location of the notary server
    89  func WithNotaryServer(notaryURL string) func(*icmd.Cmd) {
    90  	return func(cmd *icmd.Cmd) {
    91  		addEnvs(cmd, "DOCKER_CONTENT_TRUST_SERVER="+notaryURL)
    92  	}
    93  }
    94  
    95  // CreateMaskedTrustedRemoteImage creates a remote image that is signed with
    96  // content trust, then pushes a different untrusted image at the same tag.
    97  func CreateMaskedTrustedRemoteImage(t *testing.T, registryPrefix, repo, tag string) string {
    98  	t.Helper()
    99  	image := createTrustedRemoteImage(t, registryPrefix, repo, tag)
   100  	createNamedUnsignedImageFromBusyBox(t, image)
   101  	return image
   102  }
   103  
   104  func createTrustedRemoteImage(t *testing.T, registryPrefix, repo, tag string) string {
   105  	t.Helper()
   106  	image := fmt.Sprintf("%s/%s:%s", registryPrefix, repo, tag)
   107  	icmd.RunCommand("docker", "image", "pull", AlpineImage).Assert(t, icmd.Success)
   108  	icmd.RunCommand("docker", "image", "tag", AlpineImage, image).Assert(t, icmd.Success)
   109  	result := icmd.RunCmd(
   110  		icmd.Command("docker", "image", "push", image),
   111  		WithPassphrase("root_password", "repo_password"), WithTrust, WithNotary)
   112  	result.Assert(t, icmd.Success)
   113  	icmd.RunCommand("docker", "image", "rm", image).Assert(t, icmd.Success)
   114  	return image
   115  }
   116  
   117  func createNamedUnsignedImageFromBusyBox(t *testing.T, image string) {
   118  	t.Helper()
   119  	icmd.RunCommand("docker", "image", "pull", BusyboxImage).Assert(t, icmd.Success)
   120  	icmd.RunCommand("docker", "image", "tag", BusyboxImage, image).Assert(t, icmd.Success)
   121  	icmd.RunCommand("docker", "image", "push", image).Assert(t, icmd.Success)
   122  	icmd.RunCommand("docker", "image", "rm", image).Assert(t, icmd.Success)
   123  }
   124  
   125  // addEnvs adds environment variables to cmd, making sure to preserve the
   126  // current os.Environ(), which would otherwise be omitted (for non-empty .Env).
   127  func addEnvs(cmd *icmd.Cmd, envs ...string) {
   128  	if len(cmd.Env) == 0 {
   129  		cmd.Env = os.Environ()
   130  	}
   131  	cmd.Env = append(cmd.Env, envs...)
   132  }
   133
View as plain text