github.com/hanks177/podman/v4@v4.1.3-0.20220613032544-16d90015bc83/test/e2e/trust_test.go (about) 1 package integration 2 3 import ( 4 "encoding/json" 5 "io/ioutil" 6 "os" 7 "path/filepath" 8 9 . "github.com/hanks177/podman/v4/test/utils" 10 . "github.com/onsi/ginkgo" 11 . "github.com/onsi/gomega" 12 . "github.com/onsi/gomega/gexec" 13 ) 14 15 var _ = Describe("Podman trust", func() { 16 var ( 17 tempdir string 18 19 err error 20 podmanTest *PodmanTestIntegration 21 ) 22 23 BeforeEach(func() { 24 SkipIfRemote("podman-remote does not support image trust") 25 tempdir, err = CreateTempDirInTempDir() 26 if err != nil { 27 os.Exit(1) 28 } 29 podmanTest = PodmanTestCreate(tempdir) 30 podmanTest.Setup() 31 }) 32 33 AfterEach(func() { 34 podmanTest.Cleanup() 35 f := CurrentGinkgoTestDescription() 36 processTestResult(f) 37 38 }) 39 40 It("podman image trust show", func() { 41 session := podmanTest.Podman([]string{"image", "trust", "show", "-n", "--registrypath", filepath.Join(INTEGRATION_ROOT, "test"), "--policypath", filepath.Join(INTEGRATION_ROOT, "test/policy.json")}) 42 session.WaitWithDefaultTimeout() 43 Expect(session).Should(Exit(0)) 44 outArray := session.OutputToStringArray() 45 Expect(outArray).To(HaveLen(3)) 46 47 // Repository order is not guaranteed. So, check that 48 // all expected lines appear in output; we also check total number of lines, so that handles all of them. 49 Expect(string(session.Out.Contents())).To(MatchRegexp(`(?m)^all\s+default\s+accept\s*$`)) 50 Expect(string(session.Out.Contents())).To(MatchRegexp(`(?m)^repository\s+docker.io/library/hello-world\s+reject\s*$`)) 51 Expect(string(session.Out.Contents())).To(MatchRegexp(`(?m)^repository\s+registry.access.redhat.com\s+signed\s+security@redhat.com, security@redhat.com\s+https://access.redhat.com/webassets/docker/content/sigstore\s*$`)) 52 }) 53 54 It("podman image trust set", func() { 55 policyJSON := filepath.Join(podmanTest.TempDir, "trust_set_test.json") 56 session := podmanTest.Podman([]string{"image", "trust", "set", "--policypath", policyJSON, "-t", "accept", "default"}) 57 session.WaitWithDefaultTimeout() 58 Expect(session).Should(Exit(0)) 59 var teststruct map[string][]map[string]string 60 policyContent, err := ioutil.ReadFile(policyJSON) 61 if err != nil { 62 os.Exit(1) 63 } 64 err = json.Unmarshal(policyContent, &teststruct) 65 if err != nil { 66 os.Exit(1) 67 } 68 Expect(teststruct["default"][0]).To(HaveKeyWithValue("type", "insecureAcceptAnything")) 69 }) 70 71 It("podman image trust show --json", func() { 72 session := podmanTest.Podman([]string{"image", "trust", "show", "--registrypath", filepath.Join(INTEGRATION_ROOT, "test"), "--policypath", filepath.Join(INTEGRATION_ROOT, "test/policy.json"), "--json"}) 73 session.WaitWithDefaultTimeout() 74 Expect(session).Should(Exit(0)) 75 Expect(session.OutputToString()).To(BeValidJSON()) 76 var teststruct []map[string]string 77 err = json.Unmarshal(session.Out.Contents(), &teststruct) 78 Expect(err).ToNot(HaveOccurred()) 79 Expect(teststruct).To(HaveLen(3)) 80 // To ease comparison, group the unordered array of repos by repo (and we expect only one entry by repo, so order within groups doesn’t matter) 81 repoMap := map[string][]map[string]string{} 82 for _, e := range teststruct { 83 key := e["name"] 84 repoMap[key] = append(repoMap[key], e) 85 } 86 Expect(repoMap).To(Equal(map[string][]map[string]string{ 87 "* (default)": {{ 88 "type": "accept", 89 "transport": "all", 90 "name": "* (default)", 91 "repo_name": "default", 92 }}, 93 "docker.io/library/hello-world": {{ 94 "transport": "repository", 95 "name": "docker.io/library/hello-world", 96 "repo_name": "docker.io/library/hello-world", 97 "type": "reject", 98 }}, 99 "registry.access.redhat.com": {{ 100 "transport": "repository", 101 "name": "registry.access.redhat.com", 102 "repo_name": "registry.access.redhat.com", 103 "sigstore": "https://access.redhat.com/webassets/docker/content/sigstore", 104 "type": "signed", 105 "gpg_id": "security@redhat.com, security@redhat.com", 106 }}, 107 })) 108 }) 109 110 It("podman image trust show --raw", func() { 111 session := podmanTest.Podman([]string{"image", "trust", "show", "--policypath", filepath.Join(INTEGRATION_ROOT, "test/policy.json"), "--raw"}) 112 session.WaitWithDefaultTimeout() 113 Expect(session).Should(Exit(0)) 114 contents, err := ioutil.ReadFile(filepath.Join(INTEGRATION_ROOT, "test/policy.json")) 115 Expect(err).ShouldNot(HaveOccurred()) 116 Expect(session.OutputToString()).To(BeValidJSON()) 117 Expect(string(session.Out.Contents())).To(Equal(string(contents) + "\n")) 118 }) 119 })