github.com/damirazo/docker@v1.9.0/integration-cli/trust_server.go (about)

     1  package main
     2  
     3  import (
     4  	"fmt"
     5  	"io/ioutil"
     6  	"net"
     7  	"net/http"
     8  	"os"
     9  	"os/exec"
    10  	"path/filepath"
    11  	"strings"
    12  	"time"
    13  
    14  	"github.com/docker/docker/pkg/tlsconfig"
    15  	"github.com/go-check/check"
    16  )
    17  
    18  var notaryBinary = "notary-server"
    19  
    20  type testNotary struct {
    21  	cmd *exec.Cmd
    22  	dir string
    23  }
    24  
    25  const notaryHost = "localhost:4443"
    26  const notaryURL = "https://" + notaryHost
    27  
    28  func newTestNotary(c *check.C) (*testNotary, error) {
    29  	template := `{
    30  	"server": {
    31  		"addr": "%s",
    32  		"tls_key_file": "fixtures/notary/localhost.key",
    33  		"tls_cert_file": "fixtures/notary/localhost.cert"
    34  	},
    35  	"trust_service": {
    36  		"type": "local",
    37  		"hostname": "",
    38  		"port": "",
    39  		"key_algorithm": "ed25519"
    40  	},
    41  	"logging": {
    42  		"level": 5
    43  	}
    44  }`
    45  	tmp, err := ioutil.TempDir("", "notary-test-")
    46  	if err != nil {
    47  		return nil, err
    48  	}
    49  	confPath := filepath.Join(tmp, "config.json")
    50  	config, err := os.Create(confPath)
    51  	if err != nil {
    52  		return nil, err
    53  	}
    54  	if _, err := fmt.Fprintf(config, template, notaryHost); err != nil {
    55  		os.RemoveAll(tmp)
    56  		return nil, err
    57  	}
    58  
    59  	cmd := exec.Command(notaryBinary, "-config", confPath)
    60  	if err := cmd.Start(); err != nil {
    61  		os.RemoveAll(tmp)
    62  		if os.IsNotExist(err) {
    63  			c.Skip(err.Error())
    64  		}
    65  		return nil, err
    66  	}
    67  
    68  	testNotary := &testNotary{
    69  		cmd: cmd,
    70  		dir: tmp,
    71  	}
    72  
    73  	// Wait for notary to be ready to serve requests.
    74  	for i := 1; i <= 5; i++ {
    75  		if err = testNotary.Ping(); err == nil {
    76  			break
    77  		}
    78  		time.Sleep(10 * time.Millisecond * time.Duration(i*i))
    79  	}
    80  
    81  	if err != nil {
    82  		c.Fatalf("Timeout waiting for test notary to become available: %s", err)
    83  	}
    84  
    85  	return testNotary, nil
    86  }
    87  
    88  func (t *testNotary) Ping() error {
    89  	tlsConfig := tlsconfig.ClientDefault
    90  	tlsConfig.InsecureSkipVerify = true
    91  	client := http.Client{
    92  		Transport: &http.Transport{
    93  			Proxy: http.ProxyFromEnvironment,
    94  			Dial: (&net.Dialer{
    95  				Timeout:   30 * time.Second,
    96  				KeepAlive: 30 * time.Second,
    97  			}).Dial,
    98  			TLSHandshakeTimeout: 10 * time.Second,
    99  			TLSClientConfig:     &tlsConfig,
   100  		},
   101  	}
   102  	resp, err := client.Get(fmt.Sprintf("%s/v2/", notaryURL))
   103  	if err != nil {
   104  		return err
   105  	}
   106  	if resp.StatusCode != 200 {
   107  		return fmt.Errorf("notary ping replied with an unexpected status code %d", resp.StatusCode)
   108  	}
   109  	return nil
   110  }
   111  
   112  func (t *testNotary) Close() {
   113  	t.cmd.Process.Kill()
   114  	os.RemoveAll(t.dir)
   115  }
   116  
   117  func (s *DockerTrustSuite) trustedCmd(cmd *exec.Cmd) {
   118  	pwd := "12345678"
   119  	trustCmdEnv(cmd, notaryURL, pwd, pwd)
   120  }
   121  
   122  func (s *DockerTrustSuite) trustedCmdWithServer(cmd *exec.Cmd, server string) {
   123  	pwd := "12345678"
   124  	trustCmdEnv(cmd, server, pwd, pwd)
   125  }
   126  
   127  func (s *DockerTrustSuite) trustedCmdWithPassphrases(cmd *exec.Cmd, rootPwd, repositoryPwd string) {
   128  	trustCmdEnv(cmd, notaryURL, rootPwd, repositoryPwd)
   129  }
   130  
   131  func (s *DockerTrustSuite) trustedCmdWithDeprecatedEnvPassphrases(cmd *exec.Cmd, offlinePwd, taggingPwd string) {
   132  	trustCmdDeprecatedEnv(cmd, notaryURL, offlinePwd, taggingPwd)
   133  }
   134  
   135  func trustCmdEnv(cmd *exec.Cmd, server, rootPwd, repositoryPwd string) {
   136  	env := []string{
   137  		"DOCKER_CONTENT_TRUST=1",
   138  		fmt.Sprintf("DOCKER_CONTENT_TRUST_SERVER=%s", server),
   139  		fmt.Sprintf("DOCKER_CONTENT_TRUST_ROOT_PASSPHRASE=%s", rootPwd),
   140  		fmt.Sprintf("DOCKER_CONTENT_TRUST_REPOSITORY_PASSPHRASE=%s", repositoryPwd),
   141  	}
   142  	cmd.Env = append(os.Environ(), env...)
   143  }
   144  
   145  // Helper method to test the old env variables OFFLINE and TAGGING that will
   146  // be deprecated by 1.10
   147  func trustCmdDeprecatedEnv(cmd *exec.Cmd, server, offlinePwd, taggingPwd string) {
   148  	env := []string{
   149  		"DOCKER_CONTENT_TRUST=1",
   150  		fmt.Sprintf("DOCKER_CONTENT_TRUST_SERVER=%s", server),
   151  		fmt.Sprintf("DOCKER_CONTENT_TRUST_OFFLINE_PASSPHRASE=%s", offlinePwd),
   152  		fmt.Sprintf("DOCKER_CONTENT_TRUST_TAGGING_PASSPHRASE=%s", taggingPwd),
   153  	}
   154  	cmd.Env = append(os.Environ(), env...)
   155  }
   156  
   157  func (s *DockerTrustSuite) setupTrustedImage(c *check.C, name string) string {
   158  	repoName := fmt.Sprintf("%v/dockercli/%s:latest", privateRegistryURL, name)
   159  	// tag the image and upload it to the private registry
   160  	dockerCmd(c, "tag", "busybox", repoName)
   161  
   162  	pushCmd := exec.Command(dockerBinary, "push", repoName)
   163  	s.trustedCmd(pushCmd)
   164  	out, _, err := runCommandWithOutput(pushCmd)
   165  	if err != nil {
   166  		c.Fatalf("Error running trusted push: %s\n%s", err, out)
   167  	}
   168  	if !strings.Contains(string(out), "Signing and pushing trust metadata") {
   169  		c.Fatalf("Missing expected output on trusted push:\n%s", out)
   170  	}
   171  
   172  	if out, status := dockerCmd(c, "rmi", repoName); status != 0 {
   173  		c.Fatalf("Error removing image %q\n%s", repoName, out)
   174  	}
   175  
   176  	return repoName
   177  }