github.com/containers/podman/v4@v4.9.4/test/e2e/trust_test.go

github.com/containers/podman/v4@v4.9.4/test/e2e/trust_test.go (about)

     1  package integration
     2  
     3  import (
     4  	"encoding/json"
     5  	"os"
     6  	"path/filepath"
     7  
     8  	. "github.com/containers/podman/v4/test/utils"
     9  	. "github.com/onsi/ginkgo/v2"
    10  	. "github.com/onsi/gomega"
    11  )
    12  
    13  // Without Ordered, tests flake with "Getting key identity" (#18358)
    14  var _ = Describe("Podman trust", Ordered, func() {
    15  
    16  	BeforeEach(func() {
    17  		SkipIfRemote("podman-remote does not support image trust")
    18  	})
    19  
    20  	It("podman image trust show", func() {
    21  		session := podmanTest.Podman([]string{"image", "trust", "show", "-n", "--registrypath", filepath.Join(INTEGRATION_ROOT, "test"), "--policypath", filepath.Join(INTEGRATION_ROOT, "test/policy.json")})
    22  		session.WaitWithDefaultTimeout()
    23  		Expect(session).Should(ExitCleanly())
    24  		outArray := session.OutputToStringArray()
    25  		Expect(outArray).To(HaveLen(3))
    26  
    27  		// Repository order is not guaranteed. So, check that
    28  		// all expected lines appear in output; we also check total number of lines, so that handles all of them.
    29  		Expect(string(session.Out.Contents())).To(MatchRegexp(`(?m)^all\s+default\s+accept\s*$`))
    30  		Expect(string(session.Out.Contents())).To(MatchRegexp(`(?m)^repository\s+docker.io/library/hello-world\s+reject\s*$`))
    31  		Expect(string(session.Out.Contents())).To(MatchRegexp(`(?m)^repository\s+registry.access.redhat.com\s+signed\s+security@redhat.com, security@redhat.com\s+https://access.redhat.com/webassets/docker/content/sigstore\s*$`))
    32  	})
    33  
    34  	It("podman image trust set", func() {
    35  		policyJSON := filepath.Join(podmanTest.TempDir, "trust_set_test.json")
    36  		session := podmanTest.Podman([]string{"image", "trust", "set", "--policypath", policyJSON, "-t", "accept", "default"})
    37  		session.WaitWithDefaultTimeout()
    38  		Expect(session).Should(ExitCleanly())
    39  		var teststruct map[string][]map[string]string
    40  		policyContent, err := os.ReadFile(policyJSON)
    41  		if err != nil {
    42  			os.Exit(1)
    43  		}
    44  		err = json.Unmarshal(policyContent, &teststruct)
    45  		if err != nil {
    46  			os.Exit(1)
    47  		}
    48  		Expect(teststruct["default"][0]).To(HaveKeyWithValue("type", "insecureAcceptAnything"))
    49  	})
    50  
    51  	It("podman image trust show --json", func() {
    52  		session := podmanTest.Podman([]string{"image", "trust", "show", "--registrypath", filepath.Join(INTEGRATION_ROOT, "test"), "--policypath", filepath.Join(INTEGRATION_ROOT, "test/policy.json"), "--json"})
    53  		session.WaitWithDefaultTimeout()
    54  		Expect(session).Should(ExitCleanly())
    55  		Expect(session.OutputToString()).To(BeValidJSON())
    56  		var teststruct []map[string]string
    57  		err = json.Unmarshal(session.Out.Contents(), &teststruct)
    58  		Expect(err).ToNot(HaveOccurred())
    59  		Expect(teststruct).To(HaveLen(3))
    60  		// To ease comparison, group the unordered array of repos by repo (and we expect only one entry by repo, so order within groups doesn’t matter)
    61  		repoMap := map[string][]map[string]string{}
    62  		for _, e := range teststruct {
    63  			key := e["name"]
    64  			repoMap[key] = append(repoMap[key], e)
    65  		}
    66  		Expect(repoMap).To(Equal(map[string][]map[string]string{
    67  			"* (default)": {{
    68  				"type":      "accept",
    69  				"transport": "all",
    70  				"name":      "* (default)",
    71  				"repo_name": "default",
    72  			}},
    73  			"docker.io/library/hello-world": {{
    74  				"transport": "repository",
    75  				"name":      "docker.io/library/hello-world",
    76  				"repo_name": "docker.io/library/hello-world",
    77  				"type":      "reject",
    78  			}},
    79  			"registry.access.redhat.com": {{
    80  				"transport": "repository",
    81  				"name":      "registry.access.redhat.com",
    82  				"repo_name": "registry.access.redhat.com",
    83  				"sigstore":  "https://access.redhat.com/webassets/docker/content/sigstore",
    84  				"type":      "signed",
    85  				"gpg_id":    "security@redhat.com, security@redhat.com",
    86  			}},
    87  		}))
    88  	})
    89  
    90  	It("podman image trust show --raw", func() {
    91  		session := podmanTest.Podman([]string{"image", "trust", "show", "--policypath", filepath.Join(INTEGRATION_ROOT, "test/policy.json"), "--raw"})
    92  		session.WaitWithDefaultTimeout()
    93  		Expect(session).Should(ExitCleanly())
    94  		contents, err := os.ReadFile(filepath.Join(INTEGRATION_ROOT, "test/policy.json"))
    95  		Expect(err).ShouldNot(HaveOccurred())
    96  		Expect(session.OutputToString()).To(BeValidJSON())
    97  		Expect(string(session.Out.Contents())).To(Equal(string(contents) + "\n"))
    98  	})
    99  })