github.com/slene/docker@v1.8.0-rc1/integration-cli/trust_server.go

github.com/slene/docker@v1.8.0-rc1/integration-cli/trust_server.go (about)

     1  package main
     2  
     3  import (
     4  	"fmt"
     5  	"io/ioutil"
     6  	"net"
     7  	"net/http"
     8  	"os"
     9  	"os/exec"
    10  	"path/filepath"
    11  	"strings"
    12  	"time"
    13  
    14  	"github.com/docker/docker/pkg/tlsconfig"
    15  	"github.com/go-check/check"
    16  )
    17  
    18  var notaryBinary = "notary-server"
    19  
    20  type testNotary struct {
    21  	cmd *exec.Cmd
    22  	dir string
    23  }
    24  
    25  func newTestNotary(c *check.C) (*testNotary, error) {
    26  	template := `{
    27  	"server": {
    28  		"addr": "%s",
    29  		"tls_key_file": "fixtures/notary/localhost.key",
    30  		"tls_cert_file": "fixtures/notary/localhost.cert"
    31  	},
    32  	"trust_service": {
    33  		"type": "local",
    34  		"hostname": "",
    35  		"port": ""
    36  	},
    37  	"logging": {
    38  		"level": 5
    39  	}
    40  }`
    41  	tmp, err := ioutil.TempDir("", "notary-test-")
    42  	if err != nil {
    43  		return nil, err
    44  	}
    45  	confPath := filepath.Join(tmp, "config.json")
    46  	config, err := os.Create(confPath)
    47  	if err != nil {
    48  		return nil, err
    49  	}
    50  	if _, err := fmt.Fprintf(config, template, "localhost:4443"); err != nil {
    51  		os.RemoveAll(tmp)
    52  		return nil, err
    53  	}
    54  
    55  	cmd := exec.Command(notaryBinary, "-config", confPath)
    56  	if err := cmd.Start(); err != nil {
    57  		os.RemoveAll(tmp)
    58  		if os.IsNotExist(err) {
    59  			c.Skip(err.Error())
    60  		}
    61  		return nil, err
    62  	}
    63  
    64  	testNotary := &testNotary{
    65  		cmd: cmd,
    66  		dir: tmp,
    67  	}
    68  
    69  	// Wait for notary to be ready to serve requests.
    70  	for i := 1; i <= 5; i++ {
    71  		if err = testNotary.Ping(); err == nil {
    72  			break
    73  		}
    74  		time.Sleep(10 * time.Millisecond * time.Duration(i*i))
    75  	}
    76  
    77  	if err != nil {
    78  		c.Fatalf("Timeout waiting for test notary to become available: %s", err)
    79  	}
    80  
    81  	return testNotary, nil
    82  }
    83  
    84  func (t *testNotary) address() string {
    85  	return "localhost:4443"
    86  }
    87  
    88  func (t *testNotary) Ping() error {
    89  	tlsConfig := tlsconfig.ClientDefault
    90  	tlsConfig.InsecureSkipVerify = true
    91  	client := http.Client{
    92  		Transport: &http.Transport{
    93  			Proxy: http.ProxyFromEnvironment,
    94  			Dial: (&net.Dialer{
    95  				Timeout:   30 * time.Second,
    96  				KeepAlive: 30 * time.Second,
    97  			}).Dial,
    98  			TLSHandshakeTimeout: 10 * time.Second,
    99  			TLSClientConfig:     &tlsConfig,
   100  		},
   101  	}
   102  	resp, err := client.Get(fmt.Sprintf("https://%s/v2/", t.address()))
   103  	if err != nil {
   104  		return err
   105  	}
   106  	if resp.StatusCode != 200 {
   107  		return fmt.Errorf("notary ping replied with an unexpected status code %d", resp.StatusCode)
   108  	}
   109  	return nil
   110  }
   111  
   112  func (t *testNotary) Close() {
   113  	t.cmd.Process.Kill()
   114  	os.RemoveAll(t.dir)
   115  }
   116  
   117  func (s *DockerTrustSuite) trustedCmd(cmd *exec.Cmd) {
   118  	pwd := "12345678"
   119  	trustCmdEnv(cmd, s.not.address(), pwd, pwd, pwd)
   120  }
   121  
   122  func (s *DockerTrustSuite) trustedCmdWithServer(cmd *exec.Cmd, server string) {
   123  	pwd := "12345678"
   124  	trustCmdEnv(cmd, server, pwd, pwd, pwd)
   125  }
   126  
   127  func (s *DockerTrustSuite) trustedCmdWithPassphrases(cmd *exec.Cmd, rootPwd, snapshotPwd, targetPwd string) {
   128  	trustCmdEnv(cmd, s.not.address(), rootPwd, snapshotPwd, targetPwd)
   129  }
   130  
   131  func trustCmdEnv(cmd *exec.Cmd, server, rootPwd, snapshotPwd, targetPwd string) {
   132  	env := []string{
   133  		"DOCKER_CONTENT_TRUST=1",
   134  		fmt.Sprintf("DOCKER_CONTENT_TRUST_SERVER=%s", server),
   135  		fmt.Sprintf("DOCKER_CONTENT_TRUST_ROOT_PASSPHRASE=%s", rootPwd),
   136  		fmt.Sprintf("DOCKER_CONTENT_TRUST_SNAPSHOT_PASSPHRASE=%s", snapshotPwd),
   137  		fmt.Sprintf("DOCKER_CONTENT_TRUST_TARGET_PASSPHRASE=%s", targetPwd),
   138  	}
   139  	cmd.Env = append(os.Environ(), env...)
   140  }
   141  
   142  func (s *DockerTrustSuite) setupTrustedImage(c *check.C, name string) string {
   143  	repoName := fmt.Sprintf("%v/dockercli/%s:latest", privateRegistryURL, name)
   144  	// tag the image and upload it to the private registry
   145  	dockerCmd(c, "tag", "busybox", repoName)
   146  
   147  	pushCmd := exec.Command(dockerBinary, "push", repoName)
   148  	s.trustedCmd(pushCmd)
   149  	out, _, err := runCommandWithOutput(pushCmd)
   150  	if err != nil {
   151  		c.Fatalf("Error running trusted push: %s\n%s", err, out)
   152  	}
   153  	if !strings.Contains(string(out), "Signing and pushing trust metadata") {
   154  		c.Fatalf("Missing expected output on trusted push:\n%s", out)
   155  	}
   156  
   157  	if out, status := dockerCmd(c, "rmi", repoName); status != 0 {
   158  		c.Fatalf("Error removing image %q\n%s", repoName, out)
   159  	}
   160  
   161  	return repoName
   162  }