github.com/hanks177/podman/v4@v4.1.3-0.20220613032544-16d90015bc83/test/e2e/trust_test.go

github.com/hanks177/podman/v4@v4.1.3-0.20220613032544-16d90015bc83/test/e2e/trust_test.go (about)

     1  package integration
     2  
     3  import (
     4  	"encoding/json"
     5  	"io/ioutil"
     6  	"os"
     7  	"path/filepath"
     8  
     9  	. "github.com/hanks177/podman/v4/test/utils"
    10  	. "github.com/onsi/ginkgo"
    11  	. "github.com/onsi/gomega"
    12  	. "github.com/onsi/gomega/gexec"
    13  )
    14  
    15  var _ = Describe("Podman trust", func() {
    16  	var (
    17  		tempdir string
    18  
    19  		err        error
    20  		podmanTest *PodmanTestIntegration
    21  	)
    22  
    23  	BeforeEach(func() {
    24  		SkipIfRemote("podman-remote does not support image trust")
    25  		tempdir, err = CreateTempDirInTempDir()
    26  		if err != nil {
    27  			os.Exit(1)
    28  		}
    29  		podmanTest = PodmanTestCreate(tempdir)
    30  		podmanTest.Setup()
    31  	})
    32  
    33  	AfterEach(func() {
    34  		podmanTest.Cleanup()
    35  		f := CurrentGinkgoTestDescription()
    36  		processTestResult(f)
    37  
    38  	})
    39  
    40  	It("podman image trust show", func() {
    41  		session := podmanTest.Podman([]string{"image", "trust", "show", "-n", "--registrypath", filepath.Join(INTEGRATION_ROOT, "test"), "--policypath", filepath.Join(INTEGRATION_ROOT, "test/policy.json")})
    42  		session.WaitWithDefaultTimeout()
    43  		Expect(session).Should(Exit(0))
    44  		outArray := session.OutputToStringArray()
    45  		Expect(outArray).To(HaveLen(3))
    46  
    47  		// Repository order is not guaranteed. So, check that
    48  		// all expected lines appear in output; we also check total number of lines, so that handles all of them.
    49  		Expect(string(session.Out.Contents())).To(MatchRegexp(`(?m)^all\s+default\s+accept\s*$`))
    50  		Expect(string(session.Out.Contents())).To(MatchRegexp(`(?m)^repository\s+docker.io/library/hello-world\s+reject\s*$`))
    51  		Expect(string(session.Out.Contents())).To(MatchRegexp(`(?m)^repository\s+registry.access.redhat.com\s+signed\s+security@redhat.com, security@redhat.com\s+https://access.redhat.com/webassets/docker/content/sigstore\s*$`))
    52  	})
    53  
    54  	It("podman image trust set", func() {
    55  		policyJSON := filepath.Join(podmanTest.TempDir, "trust_set_test.json")
    56  		session := podmanTest.Podman([]string{"image", "trust", "set", "--policypath", policyJSON, "-t", "accept", "default"})
    57  		session.WaitWithDefaultTimeout()
    58  		Expect(session).Should(Exit(0))
    59  		var teststruct map[string][]map[string]string
    60  		policyContent, err := ioutil.ReadFile(policyJSON)
    61  		if err != nil {
    62  			os.Exit(1)
    63  		}
    64  		err = json.Unmarshal(policyContent, &teststruct)
    65  		if err != nil {
    66  			os.Exit(1)
    67  		}
    68  		Expect(teststruct["default"][0]).To(HaveKeyWithValue("type", "insecureAcceptAnything"))
    69  	})
    70  
    71  	It("podman image trust show --json", func() {
    72  		session := podmanTest.Podman([]string{"image", "trust", "show", "--registrypath", filepath.Join(INTEGRATION_ROOT, "test"), "--policypath", filepath.Join(INTEGRATION_ROOT, "test/policy.json"), "--json"})
    73  		session.WaitWithDefaultTimeout()
    74  		Expect(session).Should(Exit(0))
    75  		Expect(session.OutputToString()).To(BeValidJSON())
    76  		var teststruct []map[string]string
    77  		err = json.Unmarshal(session.Out.Contents(), &teststruct)
    78  		Expect(err).ToNot(HaveOccurred())
    79  		Expect(teststruct).To(HaveLen(3))
    80  		// To ease comparison, group the unordered array of repos by repo (and we expect only one entry by repo, so order within groups doesn’t matter)
    81  		repoMap := map[string][]map[string]string{}
    82  		for _, e := range teststruct {
    83  			key := e["name"]
    84  			repoMap[key] = append(repoMap[key], e)
    85  		}
    86  		Expect(repoMap).To(Equal(map[string][]map[string]string{
    87  			"* (default)": {{
    88  				"type":      "accept",
    89  				"transport": "all",
    90  				"name":      "* (default)",
    91  				"repo_name": "default",
    92  			}},
    93  			"docker.io/library/hello-world": {{
    94  				"transport": "repository",
    95  				"name":      "docker.io/library/hello-world",
    96  				"repo_name": "docker.io/library/hello-world",
    97  				"type":      "reject",
    98  			}},
    99  			"registry.access.redhat.com": {{
   100  				"transport": "repository",
   101  				"name":      "registry.access.redhat.com",
   102  				"repo_name": "registry.access.redhat.com",
   103  				"sigstore":  "https://access.redhat.com/webassets/docker/content/sigstore",
   104  				"type":      "signed",
   105  				"gpg_id":    "security@redhat.com, security@redhat.com",
   106  			}},
   107  		}))
   108  	})
   109  
   110  	It("podman image trust show --raw", func() {
   111  		session := podmanTest.Podman([]string{"image", "trust", "show", "--policypath", filepath.Join(INTEGRATION_ROOT, "test/policy.json"), "--raw"})
   112  		session.WaitWithDefaultTimeout()
   113  		Expect(session).Should(Exit(0))
   114  		contents, err := ioutil.ReadFile(filepath.Join(INTEGRATION_ROOT, "test/policy.json"))
   115  		Expect(err).ShouldNot(HaveOccurred())
   116  		Expect(session.OutputToString()).To(BeValidJSON())
   117  		Expect(string(session.Out.Contents())).To(Equal(string(contents) + "\n"))
   118  	})
   119  })