github.com/kaisenlinux/docker.io@v0.0.0-20230510090727-ea55db55fac7/cli/e2e/plugin/trust_test.go (about) 1 package plugin 2 3 import ( 4 "encoding/json" 5 "fmt" 6 "os" 7 "os/exec" 8 "path/filepath" 9 "testing" 10 11 "github.com/docker/cli/e2e/internal/fixtures" 12 "github.com/docker/cli/internal/test/environment" 13 "github.com/docker/docker/api/types" 14 "github.com/pkg/errors" 15 "gotest.tools/v3/assert" 16 "gotest.tools/v3/fs" 17 "gotest.tools/v3/icmd" 18 "gotest.tools/v3/skip" 19 ) 20 21 const registryPrefix = "registry:5000" 22 23 func TestInstallWithContentTrust(t *testing.T) { 24 skip.If(t, environment.SkipPluginTests()) 25 26 pluginName := fmt.Sprintf("%s/plugin-content-trust", registryPrefix) 27 28 dir := fixtures.SetupConfigFile(t) 29 defer dir.Remove() 30 31 pluginDir := preparePluginDir(t) 32 defer pluginDir.Remove() 33 34 icmd.RunCommand("docker", "plugin", "create", pluginName, pluginDir.Path()).Assert(t, icmd.Success) 35 result := icmd.RunCmd(icmd.Command("docker", "plugin", "push", pluginName), 36 fixtures.WithConfig(dir.Path()), 37 fixtures.WithTrust, 38 fixtures.WithNotary, 39 fixtures.WithPassphrase("foo", "bar"), 40 ) 41 result.Assert(t, icmd.Expected{ 42 Out: "Signing and pushing trust metadata", 43 }) 44 45 icmd.RunCommand("docker", "plugin", "rm", "-f", pluginName).Assert(t, icmd.Success) 46 47 result = icmd.RunCmd(icmd.Command("docker", "plugin", "install", "--grant-all-permissions", pluginName), 48 fixtures.WithConfig(dir.Path()), 49 fixtures.WithTrust, 50 fixtures.WithNotary, 51 ) 52 result.Assert(t, icmd.Expected{ 53 Out: fmt.Sprintf("Status: Downloaded newer image for %s@sha", pluginName), 54 }) 55 } 56 57 func TestInstallWithContentTrustUntrusted(t *testing.T) { 58 skip.If(t, environment.SkipPluginTests()) 59 60 dir := fixtures.SetupConfigFile(t) 61 defer dir.Remove() 62 63 result := icmd.RunCmd(icmd.Command("docker", "plugin", "install", "--grant-all-permissions", "tiborvass/sample-volume-plugin:latest"), 64 fixtures.WithConfig(dir.Path()), 65 fixtures.WithTrust, 66 fixtures.WithNotary, 67 ) 68 result.Assert(t, icmd.Expected{ 69 ExitCode: 1, 70 Err: "Error: remote trust data does not exist", 71 }) 72 } 73 74 func preparePluginDir(t *testing.T) *fs.Dir { 75 p := &types.PluginConfig{ 76 Interface: types.PluginConfigInterface{ 77 Socket: "basic.sock", 78 Types: []types.PluginInterfaceType{{Capability: "docker.dummy/1.0"}}, 79 }, 80 Entrypoint: []string{"/basic"}, 81 } 82 configJSON, err := json.Marshal(p) 83 assert.NilError(t, err) 84 85 binPath, err := ensureBasicPluginBin() 86 assert.NilError(t, err) 87 88 dir := fs.NewDir(t, "plugin_test", 89 fs.WithFile("config.json", string(configJSON), fs.WithMode(0644)), 90 fs.WithDir("rootfs", fs.WithMode(0755)), 91 ) 92 icmd.RunCommand("/bin/cp", binPath, dir.Join("rootfs", p.Entrypoint[0])).Assert(t, icmd.Success) 93 return dir 94 } 95 96 func ensureBasicPluginBin() (string, error) { 97 name := "docker-basic-plugin" 98 p, err := exec.LookPath(name) 99 if err == nil { 100 return p, nil 101 } 102 103 goBin, err := exec.LookPath("/usr/local/go/bin/go") 104 if err != nil { 105 return "", err 106 } 107 installPath := filepath.Join(os.Getenv("GOPATH"), "bin", name) 108 cmd := exec.Command(goBin, "build", "-o", installPath, "./basic") 109 cmd.Env = append(os.Environ(), "CGO_ENABLED=0") 110 if out, err := cmd.CombinedOutput(); err != nil { 111 return "", errors.Wrapf(err, "error building basic plugin bin: %s", string(out)) 112 } 113 return installPath, nil 114 }