From 97834446bfaaa5641ffec6523086fcc2e4834939 Mon Sep 17 00:00:00 2001 From: Derek McGowan Date: Thu, 23 Jul 2015 05:12:36 -0700 Subject: [PATCH] Add build integration cli tests Clean up tests to remove duplicate code Add tests which run pull and create in an isolated configuration directory. Add build test for untrusted tag Signed-off-by: Derek McGowan (github: dmcgowan) Upstream-commit: 871d2b96ed5cf234c41a5e731a34fc9deda4e9f1 Component: engine --- .../integration-cli/docker_cli_build_test.go | 45 +++++++++++++++ .../integration-cli/docker_cli_create_test.go | 44 ++++++--------- .../integration-cli/docker_cli_pull_test.go | 56 ++++++++----------- .../integration-cli/docker_cli_push_test.go | 2 +- .../integration-cli/docker_cli_run_test.go | 38 ++----------- .../engine/integration-cli/docker_utils.go | 18 +++--- .../engine/integration-cli/trust_server.go | 24 ++++++++ 7 files changed, 124 insertions(+), 103 deletions(-) diff --git a/components/engine/integration-cli/docker_cli_build_test.go b/components/engine/integration-cli/docker_cli_build_test.go index 91babea135..72f796ed66 100644 --- a/components/engine/integration-cli/docker_cli_build_test.go +++ b/components/engine/integration-cli/docker_cli_build_test.go @@ -5328,3 +5328,48 @@ func (s *DockerSuite) TestBuildRUNErrMsg(c *check.C) { c.Fatalf("RUN doesn't have the correct output:\nGot:%s\nExpected:%s", out, exp) } } + +func (s *DockerTrustSuite) TestTrustedBuild(c *check.C) { + repoName := s.setupTrustedImage(c, "trusted-build") + dockerFile := fmt.Sprintf(` + FROM %s + RUN [] + `, repoName) + + name := "testtrustedbuild" + + buildCmd := buildImageCmd(name, dockerFile, true) + s.trustedCmd(buildCmd) + out, _, err := runCommandWithOutput(buildCmd) + if err != nil { + c.Fatalf("Error running trusted build: %s\n%s", err, out) + } + + if !strings.Contains(out, fmt.Sprintf("FROM %s@sha", repoName[:len(repoName)-7])) { + c.Fatalf("Unexpected output on trusted build:\n%s", out) + } + + // Build command does not create untrusted tag + //dockerCmd(c, "rmi", repoName) +} + +func (s *DockerTrustSuite) TestTrustedBuildUntrustedTag(c *check.C) { + repoName := fmt.Sprintf("%v/dockercli/build-untrusted-tag:latest", privateRegistryURL) + dockerFile := fmt.Sprintf(` + FROM %s + RUN [] + `, repoName) + + name := "testtrustedbuilduntrustedtag" + + buildCmd := buildImageCmd(name, dockerFile, true) + s.trustedCmd(buildCmd) + out, _, err := runCommandWithOutput(buildCmd) + if err == nil { + c.Fatalf("Expected error on trusted build with untrusted tag: %s\n%s", err, out) + } + + if !strings.Contains(out, fmt.Sprintf("no trust data available")) { + c.Fatalf("Unexpected output on trusted build with untrusted tag:\n%s", out) + } +} diff --git a/components/engine/integration-cli/docker_cli_create_test.go b/components/engine/integration-cli/docker_cli_create_test.go index c5fcebfc45..395553f549 100644 --- a/components/engine/integration-cli/docker_cli_create_test.go +++ b/components/engine/integration-cli/docker_cli_create_test.go @@ -275,26 +275,12 @@ func (s *DockerSuite) TestCreateModeIpcContainer(c *check.C) { } func (s *DockerTrustSuite) TestTrustedCreate(c *check.C) { - repoName := fmt.Sprintf("%v/dockerclicreate/trusted:latest", privateRegistryURL) - // tag the image and upload it to the private registry - dockerCmd(c, "tag", "busybox", repoName) - - pushCmd := exec.Command(dockerBinary, "push", repoName) - s.trustedCmd(pushCmd) - out, _, err := runCommandWithOutput(pushCmd) - if err != nil { - c.Fatalf("Error running trusted push: %s\n%s", err, out) - } - if !strings.Contains(string(out), "Signing and pushing trust metadata") { - c.Fatalf("Missing expected output on trusted push:\n%s", out) - } - - dockerCmd(c, "rmi", repoName) + repoName := s.setupTrustedImage(c, "trusted-create") // Try create createCmd := exec.Command(dockerBinary, "create", repoName) s.trustedCmd(createCmd) - out, _, err = runCommandWithOutput(createCmd) + out, _, err := runCommandWithOutput(createCmd) if err != nil { c.Fatalf("Error running trusted create: %s\n%s", err, out) } @@ -338,22 +324,26 @@ func (s *DockerTrustSuite) TestUntrustedCreate(c *check.C) { } } -func (s *DockerTrustSuite) TestCreateWhenCertExpired(c *check.C) { - repoName := fmt.Sprintf("%v/dockercli/trusted:latest", privateRegistryURL) - // tag the image and upload it to the private registry - dockerCmd(c, "tag", "busybox", repoName) +func (s *DockerTrustSuite) TestTrustedIsolatedCreate(c *check.C) { + repoName := s.setupTrustedImage(c, "trusted-isolated-create") - pushCmd := exec.Command(dockerBinary, "push", repoName) - s.trustedCmd(pushCmd) - out, _, err := runCommandWithOutput(pushCmd) + // Try create + createCmd := exec.Command(dockerBinary, "--config", "/tmp/docker-isolated-create", "create", repoName) + s.trustedCmd(createCmd) + out, _, err := runCommandWithOutput(createCmd) if err != nil { - c.Fatalf("Error running trusted push: %s\n%s", err, out) + c.Fatalf("Error running trusted create: %s\n%s", err, out) } - if !strings.Contains(string(out), "Signing and pushing trust metadata") { + + if !strings.Contains(string(out), "Tagging") { c.Fatalf("Missing expected output on trusted push:\n%s", out) } dockerCmd(c, "rmi", repoName) +} + +func (s *DockerTrustSuite) TestCreateWhenCertExpired(c *check.C) { + repoName := s.setupTrustedImage(c, "trusted-create-expired") // Certificates have 10 years of expiration elevenYearsFromNow := time.Now().Add(time.Hour * 24 * 365 * 11) @@ -362,7 +352,7 @@ func (s *DockerTrustSuite) TestCreateWhenCertExpired(c *check.C) { // Try create createCmd := exec.Command(dockerBinary, "create", repoName) s.trustedCmd(createCmd) - out, _, err = runCommandWithOutput(createCmd) + out, _, err := runCommandWithOutput(createCmd) if err == nil { c.Fatalf("Error running trusted create in the distant future: %s\n%s", err, out) } @@ -376,7 +366,7 @@ func (s *DockerTrustSuite) TestCreateWhenCertExpired(c *check.C) { // Try create createCmd := exec.Command(dockerBinary, "create", "--untrusted", repoName) s.trustedCmd(createCmd) - out, _, err = runCommandWithOutput(createCmd) + out, _, err := runCommandWithOutput(createCmd) if err != nil { c.Fatalf("Error running untrusted create in the distant future: %s\n%s", err, out) } diff --git a/components/engine/integration-cli/docker_cli_pull_test.go b/components/engine/integration-cli/docker_cli_pull_test.go index 111ebfd018..e8d8bcb65d 100644 --- a/components/engine/integration-cli/docker_cli_pull_test.go +++ b/components/engine/integration-cli/docker_cli_pull_test.go @@ -155,26 +155,12 @@ func (s *DockerSuite) TestPullImageWithAllTagFromCentralRegistry(c *check.C) { } func (s *DockerTrustSuite) TestTrustedPull(c *check.C) { - repoName := fmt.Sprintf("%v/dockerclipull/trusted:latest", privateRegistryURL) - // tag the image and upload it to the private registry - dockerCmd(c, "tag", "busybox", repoName) - - pushCmd := exec.Command(dockerBinary, "push", repoName) - s.trustedCmd(pushCmd) - out, _, err := runCommandWithOutput(pushCmd) - if err != nil { - c.Fatalf("Error running trusted push: %s\n%s", err, out) - } - if !strings.Contains(string(out), "Signing and pushing trust metadata") { - c.Fatalf("Missing expected output on trusted push:\n%s", out) - } - - dockerCmd(c, "rmi", repoName) + repoName := s.setupTrustedImage(c, "trusted-pull") // Try pull pullCmd := exec.Command(dockerBinary, "pull", repoName) s.trustedCmd(pullCmd) - out, _, err = runCommandWithOutput(pullCmd) + out, _, err := runCommandWithOutput(pullCmd) if err != nil { c.Fatalf("Error running trusted pull: %s\n%s", err, out) } @@ -198,6 +184,24 @@ func (s *DockerTrustSuite) TestTrustedPull(c *check.C) { } } +func (s *DockerTrustSuite) TestTrustedIsolatedPull(c *check.C) { + repoName := s.setupTrustedImage(c, "trusted-isolatd-pull") + + // Try pull (run from isolated directory without trust information) + pullCmd := exec.Command(dockerBinary, "--config", "/tmp/docker-isolated", "pull", repoName) + s.trustedCmd(pullCmd) + out, _, err := runCommandWithOutput(pullCmd) + if err != nil { + c.Fatalf("Error running trusted pull: %s\n%s", err, out) + } + + if !strings.Contains(string(out), "Tagging") { + c.Fatalf("Missing expected output on trusted push:\n%s", out) + } + + dockerCmd(c, "rmi", repoName) +} + func (s *DockerTrustSuite) TestUntrustedPull(c *check.C) { repoName := fmt.Sprintf("%v/dockercli/trusted:latest", privateRegistryURL) // tag the image and upload it to the private registry @@ -219,21 +223,7 @@ func (s *DockerTrustSuite) TestUntrustedPull(c *check.C) { } func (s *DockerTrustSuite) TestPullWhenCertExpired(c *check.C) { - repoName := fmt.Sprintf("%v/dockercli/trusted:latest", privateRegistryURL) - // tag the image and upload it to the private registry - dockerCmd(c, "tag", "busybox", repoName) - - pushCmd := exec.Command(dockerBinary, "push", repoName) - s.trustedCmd(pushCmd) - out, _, err := runCommandWithOutput(pushCmd) - if err != nil { - c.Fatalf("Error running trusted push: %s\n%s", err, out) - } - if !strings.Contains(string(out), "Signing and pushing trust metadata") { - c.Fatalf("Missing expected output on trusted push:\n%s", out) - } - - dockerCmd(c, "rmi", repoName) + repoName := s.setupTrustedImage(c, "trusted-cert-expired") // Certificates have 10 years of expiration elevenYearsFromNow := time.Now().Add(time.Hour * 24 * 365 * 11) @@ -242,7 +232,7 @@ func (s *DockerTrustSuite) TestPullWhenCertExpired(c *check.C) { // Try pull pullCmd := exec.Command(dockerBinary, "pull", repoName) s.trustedCmd(pullCmd) - out, _, err = runCommandWithOutput(pullCmd) + out, _, err := runCommandWithOutput(pullCmd) if err == nil { c.Fatalf("Error running trusted pull in the distant future: %s\n%s", err, out) } @@ -256,7 +246,7 @@ func (s *DockerTrustSuite) TestPullWhenCertExpired(c *check.C) { // Try pull pullCmd := exec.Command(dockerBinary, "pull", "--untrusted", repoName) s.trustedCmd(pullCmd) - out, _, err = runCommandWithOutput(pullCmd) + out, _, err := runCommandWithOutput(pullCmd) if err != nil { c.Fatalf("Error running untrusted pull in the distant future: %s\n%s", err, out) } diff --git a/components/engine/integration-cli/docker_cli_push_test.go b/components/engine/integration-cli/docker_cli_push_test.go index 7c0349fb18..8d96bb0f3e 100644 --- a/components/engine/integration-cli/docker_cli_push_test.go +++ b/components/engine/integration-cli/docker_cli_push_test.go @@ -281,7 +281,7 @@ func (s *DockerTrustSuite) TestTrustedPushWithIncorrectPassphraseForNonRoot(c *c c.Fatalf("Error missing from trusted push with short targets passphrase: \n%s", out) } - if !strings.Contains(string(out), "Password Invalid, operation has failed") { + if !strings.Contains(string(out), "password invalid, operation has failed") { c.Fatalf("Missing expected output on trusted push with short targets/snapsnot passphrase:\n%s", out) } } diff --git a/components/engine/integration-cli/docker_cli_run_test.go b/components/engine/integration-cli/docker_cli_run_test.go index 1b6b3a82c8..4ae5f77728 100644 --- a/components/engine/integration-cli/docker_cli_run_test.go +++ b/components/engine/integration-cli/docker_cli_run_test.go @@ -2549,26 +2549,12 @@ func (s *DockerSuite) TestRunNetworkFilesBindMount(c *check.C) { } func (s *DockerTrustSuite) TestTrustedRun(c *check.C) { - repoName := fmt.Sprintf("%v/dockerclirun/trusted:latest", privateRegistryURL) - // tag the image and upload it to the private registry - dockerCmd(c, "tag", "busybox", repoName) - - pushCmd := exec.Command(dockerBinary, "push", repoName) - s.trustedCmd(pushCmd) - out, _, err := runCommandWithOutput(pushCmd) - if err != nil { - c.Fatalf("Error running trusted push: %s\n%s", err, out) - } - if !strings.Contains(string(out), "Signing and pushing trust metadata") { - c.Fatalf("Missing expected output on trusted push:\n%s", out) - } - - dockerCmd(c, "rmi", repoName) + repoName := s.setupTrustedImage(c, "trusted-run") // Try run runCmd := exec.Command(dockerBinary, "run", repoName) s.trustedCmd(runCmd) - out, _, err = runCommandWithOutput(runCmd) + out, _, err := runCommandWithOutput(runCmd) if err != nil { c.Fatalf("Error running trusted run: %s\n%s\n", err, out) } @@ -2613,21 +2599,7 @@ func (s *DockerTrustSuite) TestUntrustedRun(c *check.C) { } func (s *DockerTrustSuite) TestRunWhenCertExpired(c *check.C) { - repoName := fmt.Sprintf("%v/dockercli/trusted:latest", privateRegistryURL) - // tag the image and upload it to the private registry - dockerCmd(c, "tag", "busybox", repoName) - - pushCmd := exec.Command(dockerBinary, "push", repoName) - s.trustedCmd(pushCmd) - out, _, err := runCommandWithOutput(pushCmd) - if err != nil { - c.Fatalf("Error running trusted push: %s\n%s", err, out) - } - if !strings.Contains(string(out), "Signing and pushing trust metadata") { - c.Fatalf("Missing expected output on trusted push:\n%s", out) - } - - dockerCmd(c, "rmi", repoName) + repoName := s.setupTrustedImage(c, "trusted-run-expired") // Certificates have 10 years of expiration elevenYearsFromNow := time.Now().Add(time.Hour * 24 * 365 * 11) @@ -2636,7 +2608,7 @@ func (s *DockerTrustSuite) TestRunWhenCertExpired(c *check.C) { // Try run runCmd := exec.Command(dockerBinary, "run", repoName) s.trustedCmd(runCmd) - out, _, err = runCommandWithOutput(runCmd) + out, _, err := runCommandWithOutput(runCmd) if err == nil { c.Fatalf("Error running trusted run in the distant future: %s\n%s", err, out) } @@ -2650,7 +2622,7 @@ func (s *DockerTrustSuite) TestRunWhenCertExpired(c *check.C) { // Try run runCmd := exec.Command(dockerBinary, "run", "--untrusted", repoName) s.trustedCmd(runCmd) - out, _, err = runCommandWithOutput(runCmd) + out, _, err := runCommandWithOutput(runCmd) if err != nil { c.Fatalf("Error running untrusted run in the distant future: %s\n%s", err, out) } diff --git a/components/engine/integration-cli/docker_utils.go b/components/engine/integration-cli/docker_utils.go index a7576ebc65..1a74cbc691 100644 --- a/components/engine/integration-cli/docker_utils.go +++ b/components/engine/integration-cli/docker_utils.go @@ -969,14 +969,20 @@ func getContainerState(c *check.C, id string) (int, bool, error) { return exitStatus, running, nil } -func buildImageWithOut(name, dockerfile string, useCache bool) (string, string, error) { - args := []string{"build", "-t", name} +func buildImageCmd(name, dockerfile string, useCache bool) *exec.Cmd { + args := []string{"-D", "build", "-t", name} if !useCache { args = append(args, "--no-cache") } args = append(args, "-") buildCmd := exec.Command(dockerBinary, args...) buildCmd.Stdin = strings.NewReader(dockerfile) + return buildCmd + +} + +func buildImageWithOut(name, dockerfile string, useCache bool) (string, string, error) { + buildCmd := buildImageCmd(name, dockerfile, useCache) out, exitCode, err := runCommandWithOutput(buildCmd) if err != nil || exitCode != 0 { return "", out, fmt.Errorf("failed to build the image: %s", out) @@ -989,13 +995,7 @@ func buildImageWithOut(name, dockerfile string, useCache bool) (string, string, } func buildImageWithStdoutStderr(name, dockerfile string, useCache bool) (string, string, string, error) { - args := []string{"build", "-t", name} - if !useCache { - args = append(args, "--no-cache") - } - args = append(args, "-") - buildCmd := exec.Command(dockerBinary, args...) - buildCmd.Stdin = strings.NewReader(dockerfile) + buildCmd := buildImageCmd(name, dockerfile, useCache) stdout, stderr, exitCode, err := runCommandWithStdoutStderr(buildCmd) if err != nil || exitCode != 0 { return "", stdout, stderr, fmt.Errorf("failed to build the image: %s", stdout) diff --git a/components/engine/integration-cli/trust_server.go b/components/engine/integration-cli/trust_server.go index 1f68440fe7..3f3e5a9410 100644 --- a/components/engine/integration-cli/trust_server.go +++ b/components/engine/integration-cli/trust_server.go @@ -8,6 +8,7 @@ import ( "os" "os/exec" "path/filepath" + "strings" "time" "github.com/docker/docker/pkg/tlsconfig" @@ -107,6 +108,7 @@ func (s *DockerTrustSuite) trustedCmdWithServer(cmd *exec.Cmd, server string) { pwd := "12345678" trustCmdEnv(cmd, server, pwd, pwd, pwd) } + func (s *DockerTrustSuite) trustedCmdWithPassphrases(cmd *exec.Cmd, rootPwd, snapshotPwd, targetPwd string) { trustCmdEnv(cmd, s.not.address(), rootPwd, snapshotPwd, targetPwd) } @@ -121,3 +123,25 @@ func trustCmdEnv(cmd *exec.Cmd, server, rootPwd, snapshotPwd, targetPwd string) } cmd.Env = append(os.Environ(), env...) } + +func (s *DockerTrustSuite) setupTrustedImage(c *check.C, name string) string { + repoName := fmt.Sprintf("%v/dockercli/%s:latest", privateRegistryURL, name) + // tag the image and upload it to the private registry + dockerCmd(c, "tag", "busybox", repoName) + + pushCmd := exec.Command(dockerBinary, "push", repoName) + s.trustedCmd(pushCmd) + out, _, err := runCommandWithOutput(pushCmd) + if err != nil { + c.Fatalf("Error running trusted push: %s\n%s", err, out) + } + if !strings.Contains(string(out), "Signing and pushing trust metadata") { + c.Fatalf("Missing expected output on trusted push:\n%s", out) + } + + if out, status := dockerCmd(c, "rmi", repoName); status != 0 { + c.Fatalf("Error removing image %q\n%s", repoName, out) + } + + return repoName +}