github.1git.de/docker/cli@v26.1.3+incompatible/cli/command/trust/signer_remove_test.go

github.1git.de/docker/cli@v26.1.3+incompatible/cli/command/trust/signer_remove_test.go (about)

     1  package trust
     2  
     3  import (
     4  	"context"
     5  	"io"
     6  	"testing"
     7  
     8  	"github.com/docker/cli/internal/test"
     9  	notaryfake "github.com/docker/cli/internal/test/notary"
    10  	"github.com/theupdateframework/notary/client"
    11  	"github.com/theupdateframework/notary/tuf/data"
    12  	"gotest.tools/v3/assert"
    13  	is "gotest.tools/v3/assert/cmp"
    14  )
    15  
    16  func TestTrustSignerRemoveErrors(t *testing.T) {
    17  	testCases := []struct {
    18  		name          string
    19  		args          []string
    20  		expectedError string
    21  	}{
    22  		{
    23  			name:          "not-enough-args-0",
    24  			expectedError: "requires at least 2 arguments",
    25  		},
    26  		{
    27  			name:          "not-enough-args-1",
    28  			args:          []string{"user"},
    29  			expectedError: "requires at least 2 arguments",
    30  		},
    31  	}
    32  	for _, tc := range testCases {
    33  		cmd := newSignerRemoveCommand(
    34  			test.NewFakeCli(&fakeClient{}))
    35  		cmd.SetArgs(tc.args)
    36  		cmd.SetOut(io.Discard)
    37  		assert.ErrorContains(t, cmd.Execute(), tc.expectedError)
    38  	}
    39  	testCasesWithOutput := []struct {
    40  		name          string
    41  		args          []string
    42  		expectedError string
    43  	}{
    44  		{
    45  			name:          "not-an-image",
    46  			args:          []string{"user", "notanimage"},
    47  			expectedError: "error retrieving signers for notanimage",
    48  		},
    49  		{
    50  			name:          "sha-reference",
    51  			args:          []string{"user", "870d292919d01a0af7e7f056271dc78792c05f55f49b9b9012b6d89725bd9abd"},
    52  			expectedError: "invalid repository name",
    53  		},
    54  		{
    55  			name:          "invalid-img-reference",
    56  			args:          []string{"user", "ALPINE"},
    57  			expectedError: "invalid reference format",
    58  		},
    59  	}
    60  	for _, tc := range testCasesWithOutput {
    61  		cli := test.NewFakeCli(&fakeClient{})
    62  		cli.SetNotaryClient(notaryfake.GetOfflineNotaryRepository)
    63  		cmd := newSignerRemoveCommand(cli)
    64  		cmd.SetArgs(tc.args)
    65  		cmd.SetOut(io.Discard)
    66  		cmd.Execute()
    67  		assert.Check(t, is.Contains(cli.ErrBuffer().String(), tc.expectedError))
    68  	}
    69  }
    70  
    71  func TestRemoveSingleSigner(t *testing.T) {
    72  	cli := test.NewFakeCli(&fakeClient{})
    73  	cli.SetNotaryClient(notaryfake.GetLoadedNotaryRepository)
    74  	ctx := context.Background()
    75  	removed, err := removeSingleSigner(ctx, cli, "signed-repo", "test", true)
    76  	assert.Error(t, err, "no signer test for repository signed-repo")
    77  	assert.Equal(t, removed, false, "No signer should be removed")
    78  
    79  	removed, err = removeSingleSigner(ctx, cli, "signed-repo", "releases", true)
    80  	assert.Error(t, err, "releases is a reserved keyword and cannot be removed")
    81  	assert.Equal(t, removed, false, "No signer should be removed")
    82  }
    83  
    84  func TestRemoveMultipleSigners(t *testing.T) {
    85  	cli := test.NewFakeCli(&fakeClient{})
    86  	cli.SetNotaryClient(notaryfake.GetLoadedNotaryRepository)
    87  	ctx := context.Background()
    88  	err := removeSigner(ctx, cli, signerRemoveOptions{signer: "test", repos: []string{"signed-repo", "signed-repo"}, forceYes: true})
    89  	assert.Error(t, err, "error removing signer from: signed-repo, signed-repo")
    90  	assert.Check(t, is.Contains(cli.ErrBuffer().String(),
    91  		"no signer test for repository signed-repo"))
    92  	assert.Check(t, is.Contains(cli.OutBuffer().String(), "Removing signer \"test\" from signed-repo...\n"))
    93  }
    94  
    95  func TestRemoveLastSignerWarning(t *testing.T) {
    96  	cli := test.NewFakeCli(&fakeClient{})
    97  	ctx := context.Background()
    98  	cli.SetNotaryClient(notaryfake.GetLoadedNotaryRepository)
    99  
   100  	err := removeSigner(ctx, cli, signerRemoveOptions{signer: "alice", repos: []string{"signed-repo"}, forceYes: false})
   101  	assert.NilError(t, err)
   102  	assert.Check(t, is.Contains(cli.OutBuffer().String(),
   103  		"The signer \"alice\" signed the last released version of signed-repo. "+
   104  			"Removing this signer will make signed-repo unpullable. "+
   105  			"Are you sure you want to continue? [y/N]"))
   106  }
   107  
   108  func TestIsLastSignerForReleases(t *testing.T) {
   109  	role := data.Role{}
   110  	releaserole := client.RoleWithSignatures{}
   111  	releaserole.Name = releasesRoleTUFName
   112  	releaserole.Threshold = 1
   113  	allrole := []client.RoleWithSignatures{releaserole}
   114  	lastsigner, err := isLastSignerForReleases(role, allrole)
   115  	assert.Error(t, err, "all signed tags are currently revoked, use docker trust sign to fix")
   116  	assert.Check(t, is.Equal(false, lastsigner))
   117  
   118  	role.KeyIDs = []string{"deadbeef"}
   119  	sig := data.Signature{}
   120  	sig.KeyID = "deadbeef"
   121  	releaserole.Signatures = []data.Signature{sig}
   122  	releaserole.Threshold = 1
   123  	allrole = []client.RoleWithSignatures{releaserole}
   124  	lastsigner, err = isLastSignerForReleases(role, allrole)
   125  	assert.NilError(t, err)
   126  	assert.Check(t, is.Equal(true, lastsigner))
   127  
   128  	sig.KeyID = "8badf00d"
   129  	releaserole.Signatures = []data.Signature{sig}
   130  	releaserole.Threshold = 1
   131  	allrole = []client.RoleWithSignatures{releaserole}
   132  	lastsigner, err = isLastSignerForReleases(role, allrole)
   133  	assert.NilError(t, err)
   134  	assert.Check(t, is.Equal(false, lastsigner))
   135  }