github.com/iaintshine/docker@v1.8.2/integration-cli/trust_server.go

github.com/iaintshine/docker@v1.8.2/integration-cli/trust_server.go (about)

     1  package main
     2  
     3  import (
     4  	"fmt"
     5  	"io/ioutil"
     6  	"net"
     7  	"net/http"
     8  	"os"
     9  	"os/exec"
    10  	"path/filepath"
    11  	"strings"
    12  	"time"
    13  
    14  	"github.com/docker/docker/pkg/tlsconfig"
    15  	"github.com/go-check/check"
    16  )
    17  
    18  var notaryBinary = "notary-server"
    19  
    20  type testNotary struct {
    21  	cmd *exec.Cmd
    22  	dir string
    23  }
    24  
    25  func newTestNotary(c *check.C) (*testNotary, error) {
    26  	template := `{
    27  	"server": {
    28  		"addr": "%s",
    29  		"tls_key_file": "fixtures/notary/localhost.key",
    30  		"tls_cert_file": "fixtures/notary/localhost.cert"
    31  	},
    32  	"trust_service": {
    33  		"type": "local",
    34  		"hostname": "",
    35  		"port": "",
    36  		"key_algorithm": "ed25519"
    37  	},
    38  	"logging": {
    39  		"level": 5
    40  	}
    41  }`
    42  	tmp, err := ioutil.TempDir("", "notary-test-")
    43  	if err != nil {
    44  		return nil, err
    45  	}
    46  	confPath := filepath.Join(tmp, "config.json")
    47  	config, err := os.Create(confPath)
    48  	if err != nil {
    49  		return nil, err
    50  	}
    51  	if _, err := fmt.Fprintf(config, template, "localhost:4443"); err != nil {
    52  		os.RemoveAll(tmp)
    53  		return nil, err
    54  	}
    55  
    56  	cmd := exec.Command(notaryBinary, "-config", confPath)
    57  	if err := cmd.Start(); err != nil {
    58  		os.RemoveAll(tmp)
    59  		if os.IsNotExist(err) {
    60  			c.Skip(err.Error())
    61  		}
    62  		return nil, err
    63  	}
    64  
    65  	testNotary := &testNotary{
    66  		cmd: cmd,
    67  		dir: tmp,
    68  	}
    69  
    70  	// Wait for notary to be ready to serve requests.
    71  	for i := 1; i <= 5; i++ {
    72  		if err = testNotary.Ping(); err == nil {
    73  			break
    74  		}
    75  		time.Sleep(10 * time.Millisecond * time.Duration(i*i))
    76  	}
    77  
    78  	if err != nil {
    79  		c.Fatalf("Timeout waiting for test notary to become available: %s", err)
    80  	}
    81  
    82  	return testNotary, nil
    83  }
    84  
    85  func (t *testNotary) address() string {
    86  	return "localhost:4443"
    87  }
    88  
    89  func (t *testNotary) Ping() error {
    90  	tlsConfig := tlsconfig.ClientDefault
    91  	tlsConfig.InsecureSkipVerify = true
    92  	client := http.Client{
    93  		Transport: &http.Transport{
    94  			Proxy: http.ProxyFromEnvironment,
    95  			Dial: (&net.Dialer{
    96  				Timeout:   30 * time.Second,
    97  				KeepAlive: 30 * time.Second,
    98  			}).Dial,
    99  			TLSHandshakeTimeout: 10 * time.Second,
   100  			TLSClientConfig:     &tlsConfig,
   101  		},
   102  	}
   103  	resp, err := client.Get(fmt.Sprintf("https://%s/v2/", t.address()))
   104  	if err != nil {
   105  		return err
   106  	}
   107  	if resp.StatusCode != 200 {
   108  		return fmt.Errorf("notary ping replied with an unexpected status code %d", resp.StatusCode)
   109  	}
   110  	return nil
   111  }
   112  
   113  func (t *testNotary) Close() {
   114  	t.cmd.Process.Kill()
   115  	os.RemoveAll(t.dir)
   116  }
   117  
   118  func (s *DockerTrustSuite) trustedCmd(cmd *exec.Cmd) {
   119  	pwd := "12345678"
   120  	trustCmdEnv(cmd, s.not.address(), pwd, pwd)
   121  }
   122  
   123  func (s *DockerTrustSuite) trustedCmdWithServer(cmd *exec.Cmd, server string) {
   124  	pwd := "12345678"
   125  	trustCmdEnv(cmd, server, pwd, pwd)
   126  }
   127  
   128  func (s *DockerTrustSuite) trustedCmdWithPassphrases(cmd *exec.Cmd, offlinePwd, taggingPwd string) {
   129  	trustCmdEnv(cmd, s.not.address(), offlinePwd, taggingPwd)
   130  }
   131  
   132  func trustCmdEnv(cmd *exec.Cmd, server, offlinePwd, taggingPwd string) {
   133  	env := []string{
   134  		"DOCKER_CONTENT_TRUST=1",
   135  		fmt.Sprintf("DOCKER_CONTENT_TRUST_SERVER=%s", server),
   136  		fmt.Sprintf("DOCKER_CONTENT_TRUST_OFFLINE_PASSPHRASE=%s", offlinePwd),
   137  		fmt.Sprintf("DOCKER_CONTENT_TRUST_TAGGING_PASSPHRASE=%s", taggingPwd),
   138  	}
   139  	cmd.Env = append(os.Environ(), env...)
   140  }
   141  
   142  func (s *DockerTrustSuite) setupTrustedImage(c *check.C, name string) string {
   143  	repoName := fmt.Sprintf("%v/dockercli/%s:latest", privateRegistryURL, name)
   144  	// tag the image and upload it to the private registry
   145  	dockerCmd(c, "tag", "busybox", repoName)
   146  
   147  	pushCmd := exec.Command(dockerBinary, "push", repoName)
   148  	s.trustedCmd(pushCmd)
   149  	out, _, err := runCommandWithOutput(pushCmd)
   150  	if err != nil {
   151  		c.Fatalf("Error running trusted push: %s\n%s", err, out)
   152  	}
   153  	if !strings.Contains(string(out), "Signing and pushing trust metadata") {
   154  		c.Fatalf("Missing expected output on trusted push:\n%s", out)
   155  	}
   156  
   157  	if out, status := dockerCmd(c, "rmi", repoName); status != 0 {
   158  		c.Fatalf("Error removing image %q\n%s", repoName, out)
   159  	}
   160  
   161  	return repoName
   162  }