1 package fixtures
2
3 import (
4 "fmt"
5 "os"
6 "testing"
7
8 "github.com/docker/cli/cli/config"
9 "gotest.tools/v3/fs"
10 "gotest.tools/v3/icmd"
11 )
12
13 const (
14
15 NotaryURL = "https://notary-server:4443"
16
17 EvilNotaryURL = "https://evil-notary-server:4444"
18
19 AlpineImage = "registry:5000/alpine:frozen"
20
21 AlpineSha = "e2e16842c9b54d985bf1ef9242a313f36b856181f188de21313820e177002501"
22
23 BusyboxImage = "registry:5000/busybox:frozen"
24
25 BusyboxSha = "030fcb92e1487b18c974784dcc110a93147c9fc402188370fbfd17efabffc6af"
26 )
27
28
29 func SetupConfigFile(t *testing.T) fs.Dir {
30 t.Helper()
31 return SetupConfigWithNotaryURL(t, "trust_test", NotaryURL)
32 }
33
34
35
36 func SetupConfigWithNotaryURL(t *testing.T, path, notaryURL string) fs.Dir {
37 t.Helper()
38 dir := fs.NewDir(t, path, fs.WithMode(0o700), fs.WithFile("config.json", fmt.Sprintf(`
39 {
40 "auths": {
41 "registry:5000": {
42 "auth": "ZWlhaXM6cGFzc3dvcmQK"
43 },
44 "%s": {
45 "auth": "ZWlhaXM6cGFzc3dvcmQK"
46 }
47 },
48 "experimental": "enabled"
49 }
50 `, notaryURL)), fs.WithDir("trust", fs.WithDir("private")))
51 return *dir
52 }
53
54
55 func WithConfig(dir string) func(cmd *icmd.Cmd) {
56 return func(cmd *icmd.Cmd) {
57 addEnvs(cmd, config.EnvOverrideConfigDir+"="+dir)
58 }
59 }
60
61
62 func WithPassphrase(rootPwd, repositoryPwd string) func(cmd *icmd.Cmd) {
63 return func(cmd *icmd.Cmd) {
64 addEnvs(cmd,
65 "DOCKER_CONTENT_TRUST_ROOT_PASSPHRASE="+rootPwd,
66 "DOCKER_CONTENT_TRUST_REPOSITORY_PASSPHRASE="+repositoryPwd,
67 )
68 }
69 }
70
71
72 func WithTrust(cmd *icmd.Cmd) {
73 addEnvs(cmd, "DOCKER_CONTENT_TRUST=1")
74 }
75
76
77 func WithNotary(cmd *icmd.Cmd) {
78 addEnvs(cmd, "DOCKER_CONTENT_TRUST_SERVER="+NotaryURL)
79 }
80
81
82 func WithHome(path string) func(*icmd.Cmd) {
83 return func(cmd *icmd.Cmd) {
84 addEnvs(cmd, "HOME="+path)
85 }
86 }
87
88
89 func WithNotaryServer(notaryURL string) func(*icmd.Cmd) {
90 return func(cmd *icmd.Cmd) {
91 addEnvs(cmd, "DOCKER_CONTENT_TRUST_SERVER="+notaryURL)
92 }
93 }
94
95
96
97 func CreateMaskedTrustedRemoteImage(t *testing.T, registryPrefix, repo, tag string) string {
98 t.Helper()
99 image := createTrustedRemoteImage(t, registryPrefix, repo, tag)
100 createNamedUnsignedImageFromBusyBox(t, image)
101 return image
102 }
103
104 func createTrustedRemoteImage(t *testing.T, registryPrefix, repo, tag string) string {
105 t.Helper()
106 image := fmt.Sprintf("%s/%s:%s", registryPrefix, repo, tag)
107 icmd.RunCommand("docker", "image", "pull", AlpineImage).Assert(t, icmd.Success)
108 icmd.RunCommand("docker", "image", "tag", AlpineImage, image).Assert(t, icmd.Success)
109 result := icmd.RunCmd(
110 icmd.Command("docker", "image", "push", image),
111 WithPassphrase("root_password", "repo_password"), WithTrust, WithNotary)
112 result.Assert(t, icmd.Success)
113 icmd.RunCommand("docker", "image", "rm", image).Assert(t, icmd.Success)
114 return image
115 }
116
117 func createNamedUnsignedImageFromBusyBox(t *testing.T, image string) {
118 t.Helper()
119 icmd.RunCommand("docker", "image", "pull", BusyboxImage).Assert(t, icmd.Success)
120 icmd.RunCommand("docker", "image", "tag", BusyboxImage, image).Assert(t, icmd.Success)
121 icmd.RunCommand("docker", "image", "push", image).Assert(t, icmd.Success)
122 icmd.RunCommand("docker", "image", "rm", image).Assert(t, icmd.Success)
123 }
124
125
126
127 func addEnvs(cmd *icmd.Cmd, envs ...string) {
128 if len(cmd.Env) == 0 {
129 cmd.Env = os.Environ()
130 }
131 cmd.Env = append(cmd.Env, envs...)
132 }
133
View as plain text