github.com/AbhinandanKurakure/podman/v3@v3.4.10/test/e2e/trust_test.go

github.com/AbhinandanKurakure/podman/v3@v3.4.10/test/e2e/trust_test.go (about)

     1  package integration
     2  
     3  import (
     4  	"encoding/json"
     5  	"io/ioutil"
     6  	"os"
     7  	"path/filepath"
     8  
     9  	. "github.com/containers/podman/v3/test/utils"
    10  	. "github.com/onsi/ginkgo"
    11  	. "github.com/onsi/gomega"
    12  	. "github.com/onsi/gomega/gexec"
    13  )
    14  
    15  var _ = Describe("Podman trust", func() {
    16  	var (
    17  		tempdir string
    18  
    19  		err        error
    20  		podmanTest *PodmanTestIntegration
    21  	)
    22  
    23  	BeforeEach(func() {
    24  		SkipIfRemote("podman-remote does not support image trust")
    25  		tempdir, err = CreateTempDirInTempDir()
    26  		if err != nil {
    27  			os.Exit(1)
    28  		}
    29  		podmanTest = PodmanTestCreate(tempdir)
    30  		podmanTest.Setup()
    31  		podmanTest.SeedImages()
    32  	})
    33  
    34  	AfterEach(func() {
    35  		podmanTest.Cleanup()
    36  		f := CurrentGinkgoTestDescription()
    37  		processTestResult(f)
    38  
    39  	})
    40  
    41  	It("podman image trust show", func() {
    42  		session := podmanTest.Podman([]string{"image", "trust", "show", "--registrypath", filepath.Join(INTEGRATION_ROOT, "test"), "--policypath", filepath.Join(INTEGRATION_ROOT, "test/policy.json")})
    43  		session.WaitWithDefaultTimeout()
    44  		Expect(session).Should(Exit(0))
    45  		outArray := session.OutputToStringArray()
    46  		Expect(len(outArray)).To(Equal(3))
    47  
    48  		// Repository order is not guaranteed. So, check that
    49  		// all expected lines appear in output; we also check total number of lines, so that handles all of them.
    50  		Expect(string(session.Out.Contents())).To(MatchRegexp(`(?m)^default\s+accept\s*$`))
    51  		Expect(string(session.Out.Contents())).To(MatchRegexp(`(?m)^docker.io/library/hello-world\s+reject\s*$`))
    52  		Expect(string(session.Out.Contents())).To(MatchRegexp(`(?m)^registry.access.redhat.com\s+signedBy\s+security@redhat.com, security@redhat.com\s+https://access.redhat.com/webassets/docker/content/sigstore\s*$`))
    53  	})
    54  
    55  	It("podman image trust set", func() {
    56  		path, err := os.Getwd()
    57  		if err != nil {
    58  			os.Exit(1)
    59  		}
    60  		session := podmanTest.Podman([]string{"image", "trust", "set", "--policypath", filepath.Join(filepath.Dir(path), "trust_set_test.json"), "-t", "accept", "default"})
    61  		session.WaitWithDefaultTimeout()
    62  		Expect(session).Should(Exit(0))
    63  		var teststruct map[string][]map[string]string
    64  		policyContent, err := ioutil.ReadFile(filepath.Join(filepath.Dir(path), "trust_set_test.json"))
    65  		if err != nil {
    66  			os.Exit(1)
    67  		}
    68  		err = json.Unmarshal(policyContent, &teststruct)
    69  		if err != nil {
    70  			os.Exit(1)
    71  		}
    72  		Expect(teststruct["default"][0]["type"]).To(Equal("insecureAcceptAnything"))
    73  	})
    74  
    75  	It("podman image trust show --json", func() {
    76  		session := podmanTest.Podman([]string{"image", "trust", "show", "--registrypath", filepath.Join(INTEGRATION_ROOT, "test"), "--policypath", filepath.Join(INTEGRATION_ROOT, "test/policy.json"), "--json"})
    77  		session.WaitWithDefaultTimeout()
    78  		Expect(session).Should(Exit(0))
    79  		Expect(session.IsJSONOutputValid()).To(BeTrue())
    80  		var teststruct []map[string]string
    81  		json.Unmarshal(session.Out.Contents(), &teststruct)
    82  		Expect(len(teststruct)).To(Equal(3))
    83  		// To ease comparison, group the unordered array of repos by repo (and we expect only one entry by repo, so order within groups doesn’t matter)
    84  		repoMap := map[string][]map[string]string{}
    85  		for _, e := range teststruct {
    86  			key := e["name"]
    87  			repoMap[key] = append(repoMap[key], e)
    88  		}
    89  		Expect(repoMap).To(Equal(map[string][]map[string]string{
    90  			"* (default)": {{
    91  				"name":      "* (default)",
    92  				"repo_name": "default",
    93  				"sigstore":  "",
    94  				"transport": "",
    95  				"type":      "accept",
    96  			}},
    97  			"docker.io/library/hello-world": {{
    98  				"name":      "docker.io/library/hello-world",
    99  				"repo_name": "docker.io/library/hello-world",
   100  				"sigstore":  "",
   101  				"transport": "",
   102  				"type":      "reject",
   103  			}},
   104  			"registry.access.redhat.com": {{
   105  				"name":      "registry.access.redhat.com",
   106  				"repo_name": "registry.access.redhat.com",
   107  				"sigstore":  "https://access.redhat.com/webassets/docker/content/sigstore",
   108  				"transport": "",
   109  				"type":      "signedBy",
   110  				"gpg_id":    "security@redhat.com, security@redhat.com",
   111  			}},
   112  		}))
   113  	})
   114  
   115  	It("podman image trust show --raw", func() {
   116  		session := podmanTest.Podman([]string{"image", "trust", "show", "--policypath", filepath.Join(INTEGRATION_ROOT, "test/policy.json"), "--raw"})
   117  		session.WaitWithDefaultTimeout()
   118  		Expect(session).Should(Exit(0))
   119  		contents, err := ioutil.ReadFile(filepath.Join(INTEGRATION_ROOT, "test/policy.json"))
   120  		Expect(err).ShouldNot(HaveOccurred())
   121  		Expect(session.IsJSONOutputValid()).To(BeTrue())
   122  		Expect(string(session.Out.Contents())).To(Equal(string(contents) + "\n"))
   123  	})
   124  })