github.com/panekj/cli@v0.0.0-20230304125325-467dd2f3797e/e2e/internal/fixtures/fixtures.go

github.com/panekj/cli@v0.0.0-20230304125325-467dd2f3797e/e2e/internal/fixtures/fixtures.go (about)

     1  package fixtures
     2  
     3  import (
     4  	"fmt"
     5  	"os"
     6  	"testing"
     7  
     8  	"gotest.tools/v3/fs"
     9  	"gotest.tools/v3/icmd"
    10  )
    11  
    12  const (
    13  	// NotaryURL is the location of the notary server
    14  	NotaryURL = "https://notary-server:4443"
    15  	// EvilNotaryURL is the location of the evil notary server
    16  	EvilNotaryURL = "https://evil-notary-server:4444"
    17  	// AlpineImage is an image in the test registry
    18  	AlpineImage = "registry:5000/alpine:3.6"
    19  	// AlpineSha is the sha of the alpine image
    20  	AlpineSha = "641b95ddb2ea9dc2af1a0113b6b348ebc20872ba615204fbe12148e98fd6f23d"
    21  	// BusyboxImage is an image in the test registry
    22  	BusyboxImage = "registry:5000/busybox:1.27.2"
    23  	// BusyboxSha is the sha of the busybox image
    24  	BusyboxSha = "030fcb92e1487b18c974784dcc110a93147c9fc402188370fbfd17efabffc6af"
    25  )
    26  
    27  // SetupConfigFile creates a config.json file for testing
    28  func SetupConfigFile(t *testing.T) fs.Dir {
    29  	t.Helper()
    30  	return SetupConfigWithNotaryURL(t, "trust_test", NotaryURL)
    31  }
    32  
    33  // SetupConfigWithNotaryURL creates a config.json file for testing in the given path
    34  // with the given notaryURL
    35  func SetupConfigWithNotaryURL(t *testing.T, path, notaryURL string) fs.Dir {
    36  	t.Helper()
    37  	dir := fs.NewDir(t, path, fs.WithMode(0o700), fs.WithFile("config.json", fmt.Sprintf(`
    38  	{
    39  		"auths": {
    40  			"registry:5000": {
    41  				"auth": "ZWlhaXM6cGFzc3dvcmQK"
    42  			},
    43  			"%s": {
    44  				"auth": "ZWlhaXM6cGFzc3dvcmQK"
    45  			}
    46  		},
    47  		"experimental": "enabled"
    48  	}
    49  	`, notaryURL)), fs.WithDir("trust", fs.WithDir("private")))
    50  	return *dir
    51  }
    52  
    53  // WithConfig sets an environment variable for the docker config location
    54  func WithConfig(dir string) func(cmd *icmd.Cmd) {
    55  	return func(cmd *icmd.Cmd) {
    56  		addEnvs(cmd, "DOCKER_CONFIG="+dir)
    57  	}
    58  }
    59  
    60  // WithPassphrase sets environment variables for passphrases
    61  func WithPassphrase(rootPwd, repositoryPwd string) func(cmd *icmd.Cmd) {
    62  	return func(cmd *icmd.Cmd) {
    63  		addEnvs(cmd,
    64  			"DOCKER_CONTENT_TRUST_ROOT_PASSPHRASE="+rootPwd,
    65  			"DOCKER_CONTENT_TRUST_REPOSITORY_PASSPHRASE="+repositoryPwd,
    66  		)
    67  	}
    68  }
    69  
    70  // WithTrust sets DOCKER_CONTENT_TRUST to 1
    71  func WithTrust(cmd *icmd.Cmd) {
    72  	addEnvs(cmd, "DOCKER_CONTENT_TRUST=1")
    73  }
    74  
    75  // WithNotary sets the location of the notary server
    76  func WithNotary(cmd *icmd.Cmd) {
    77  	addEnvs(cmd, "DOCKER_CONTENT_TRUST_SERVER="+NotaryURL)
    78  }
    79  
    80  // WithHome sets the HOME environment variable
    81  func WithHome(path string) func(*icmd.Cmd) {
    82  	return func(cmd *icmd.Cmd) {
    83  		addEnvs(cmd, "HOME="+path)
    84  	}
    85  }
    86  
    87  // WithNotaryServer sets the location of the notary server
    88  func WithNotaryServer(notaryURL string) func(*icmd.Cmd) {
    89  	return func(cmd *icmd.Cmd) {
    90  		addEnvs(cmd, "DOCKER_CONTENT_TRUST_SERVER="+notaryURL)
    91  	}
    92  }
    93  
    94  // CreateMaskedTrustedRemoteImage creates a remote image that is signed with
    95  // content trust, then pushes a different untrusted image at the same tag.
    96  func CreateMaskedTrustedRemoteImage(t *testing.T, registryPrefix, repo, tag string) string {
    97  	t.Helper()
    98  	image := createTrustedRemoteImage(t, registryPrefix, repo, tag)
    99  	createNamedUnsignedImageFromBusyBox(t, image)
   100  	return image
   101  }
   102  
   103  func createTrustedRemoteImage(t *testing.T, registryPrefix, repo, tag string) string {
   104  	t.Helper()
   105  	image := fmt.Sprintf("%s/%s:%s", registryPrefix, repo, tag)
   106  	icmd.RunCommand("docker", "image", "pull", AlpineImage).Assert(t, icmd.Success)
   107  	icmd.RunCommand("docker", "image", "tag", AlpineImage, image).Assert(t, icmd.Success)
   108  	result := icmd.RunCmd(
   109  		icmd.Command("docker", "image", "push", image),
   110  		WithPassphrase("root_password", "repo_password"), WithTrust, WithNotary)
   111  	result.Assert(t, icmd.Success)
   112  	icmd.RunCommand("docker", "image", "rm", image).Assert(t, icmd.Success)
   113  	return image
   114  }
   115  
   116  func createNamedUnsignedImageFromBusyBox(t *testing.T, image string) {
   117  	t.Helper()
   118  	icmd.RunCommand("docker", "image", "pull", BusyboxImage).Assert(t, icmd.Success)
   119  	icmd.RunCommand("docker", "image", "tag", BusyboxImage, image).Assert(t, icmd.Success)
   120  	icmd.RunCommand("docker", "image", "push", image).Assert(t, icmd.Success)
   121  	icmd.RunCommand("docker", "image", "rm", image).Assert(t, icmd.Success)
   122  }
   123  
   124  // addEnvs adds environment variables to cmd, making sure to preserve the
   125  // current os.Environ(), which would otherwise be omitted (for non-empty .Env).
   126  func addEnvs(cmd *icmd.Cmd, envs ...string) {
   127  	if len(cmd.Env) == 0 {
   128  		cmd.Env = os.Environ()
   129  	}
   130  	cmd.Env = append(cmd.Env, envs...)
   131  }