github.com/pwn-term/docker@v0.0.0-20210616085119-6e977cce2565/cli/e2e/container/create_test.go (about)

     1  package container
     2  
     3  import (
     4  	"fmt"
     5  	"testing"
     6  
     7  	"github.com/docker/cli/e2e/internal/fixtures"
     8  	"github.com/docker/cli/internal/test/environment"
     9  	"gotest.tools/v3/icmd"
    10  	"gotest.tools/v3/skip"
    11  )
    12  
    13  func TestCreateWithContentTrust(t *testing.T) {
    14  	skip.If(t, environment.RemoteDaemon())
    15  
    16  	dir := fixtures.SetupConfigFile(t)
    17  	defer dir.Remove()
    18  	image := fixtures.CreateMaskedTrustedRemoteImage(t, registryPrefix, "trust-create", "latest")
    19  
    20  	defer func() {
    21  		icmd.RunCommand("docker", "image", "rm", image).Assert(t, icmd.Success)
    22  	}()
    23  
    24  	result := icmd.RunCmd(
    25  		icmd.Command("docker", "create", image),
    26  		fixtures.WithConfig(dir.Path()),
    27  		fixtures.WithTrust,
    28  		fixtures.WithNotary,
    29  	)
    30  	result.Assert(t, icmd.Expected{
    31  		Err: fmt.Sprintf("Tagging %s@sha", image[:len(image)-7]),
    32  	})
    33  }
    34  
    35  func TestTrustedCreateFromUnreachableTrustServer(t *testing.T) {
    36  	dir := fixtures.SetupConfigFile(t)
    37  	defer dir.Remove()
    38  	image := fixtures.CreateMaskedTrustedRemoteImage(t, registryPrefix, "trust-create", "latest")
    39  
    40  	result := icmd.RunCmd(
    41  		icmd.Command("docker", "create", image),
    42  		fixtures.WithConfig(dir.Path()),
    43  		fixtures.WithTrust,
    44  		fixtures.WithNotaryServer("https://notary.invalid"),
    45  	)
    46  	result.Assert(t, icmd.Expected{
    47  		ExitCode: 1,
    48  		Err:      "error contacting notary server",
    49  	})
    50  }
    51  
    52  func TestTrustedCreateFromBadTrustServer(t *testing.T) {
    53  	evilImageName := "registry:5000/evil-alpine:latest"
    54  	dir := fixtures.SetupConfigFile(t)
    55  	defer dir.Remove()
    56  
    57  	// tag the image and upload it to the private registry
    58  	icmd.RunCmd(icmd.Command("docker", "tag", fixtures.AlpineImage, evilImageName),
    59  		fixtures.WithConfig(dir.Path()),
    60  	).Assert(t, icmd.Success)
    61  	icmd.RunCmd(icmd.Command("docker", "image", "push", evilImageName),
    62  		fixtures.WithConfig(dir.Path()),
    63  		fixtures.WithPassphrase("root_password", "repo_password"),
    64  		fixtures.WithTrust,
    65  		fixtures.WithNotary,
    66  	).Assert(t, icmd.Success)
    67  	icmd.RunCmd(icmd.Command("docker", "image", "rm", evilImageName)).Assert(t, icmd.Success)
    68  
    69  	// try create
    70  	icmd.RunCmd(icmd.Command("docker", "create", evilImageName),
    71  		fixtures.WithConfig(dir.Path()),
    72  		fixtures.WithTrust,
    73  		fixtures.WithNotary,
    74  	).Assert(t, icmd.Success)
    75  	icmd.RunCmd(icmd.Command("docker", "image", "rm", evilImageName)).Assert(t, icmd.Success)
    76  
    77  	// init a client with the evil-server and a new trust dir
    78  	evilNotaryDir := fixtures.SetupConfigWithNotaryURL(t, "evil-test", fixtures.EvilNotaryURL)
    79  	defer evilNotaryDir.Remove()
    80  
    81  	// tag the same image and upload it to the private registry but signed with evil notary server
    82  	icmd.RunCmd(icmd.Command("docker", "tag", fixtures.AlpineImage, evilImageName),
    83  		fixtures.WithConfig(evilNotaryDir.Path()),
    84  	).Assert(t, icmd.Success)
    85  	icmd.RunCmd(icmd.Command("docker", "image", "push", evilImageName),
    86  		fixtures.WithConfig(evilNotaryDir.Path()),
    87  		fixtures.WithPassphrase("root_password", "repo_password"),
    88  		fixtures.WithTrust,
    89  		fixtures.WithNotaryServer(fixtures.EvilNotaryURL),
    90  	).Assert(t, icmd.Success)
    91  	icmd.RunCmd(icmd.Command("docker", "image", "rm", evilImageName)).Assert(t, icmd.Success)
    92  
    93  	// try creating with the original client from the evil notary server. This should failed
    94  	// because the new root is invalid
    95  	icmd.RunCmd(icmd.Command("docker", "create", evilImageName),
    96  		fixtures.WithConfig(dir.Path()),
    97  		fixtures.WithTrust,
    98  		fixtures.WithNotaryServer(fixtures.EvilNotaryURL),
    99  	).Assert(t, icmd.Expected{
   100  		ExitCode: 1,
   101  		Err:      "could not rotate trust to a new trusted root",
   102  	})
   103  }