Skip to content

Commit

Permalink
[WIP] rewriting image tests
Browse files Browse the repository at this point in the history
Signed-off-by: apostasie <[email protected]>
  • Loading branch information
apostasie committed Sep 24, 2024
1 parent 481daf1 commit af64720
Show file tree
Hide file tree
Showing 17 changed files with 1,551 additions and 1,628 deletions.
149 changes: 103 additions & 46 deletions cmd/nerdctl/image/image_convert_linux_test.go
Original file line number Diff line number Diff line change
Expand Up @@ -20,63 +20,120 @@ import (
"fmt"
"testing"

"gotest.tools/v3/icmd"

"github.com/containerd/nerdctl/v2/pkg/rootlessutil"
"github.com/containerd/nerdctl/v2/pkg/testutil"
"github.com/containerd/nerdctl/v2/pkg/testutil/nerdtest"
"github.com/containerd/nerdctl/v2/pkg/testutil/test"
"github.com/containerd/nerdctl/v2/pkg/testutil/testregistry"
)

func TestImageConvertNydus(t *testing.T) {
testutil.RequireExecutable(t, "nydus-image")
testutil.DockerIncompatible(t)

base := testutil.NewBase(t)
t.Parallel()
func TestImageConvert(t *testing.T) {
nerdtest.Setup()

convertedImage := testutil.Identifier(t) + ":nydus"
base.Cmd("rmi", convertedImage).Run()
base.Cmd("pull", testutil.CommonImage).AssertOK()
base.Cmd("image", "convert", "--nydus", "--oci",
testutil.CommonImage, convertedImage).AssertOK()
defer base.Cmd("rmi", convertedImage).Run()
testCase := &test.Case{
Description: "Test image conversion",
Require: test.Require(
test.Not(test.Windows),
test.Not(nerdtest.Docker),
),
Setup: func(data test.Data, helpers test.Helpers) {
helpers.Ensure("pull", testutil.CommonImage)
},
SubTests: []*test.Case{
{
Description: "esgz",
Cleanup: func(data test.Data, helpers test.Helpers) {
helpers.Anyhow("rmi", data.Identifier())
},
Command: func(data test.Data, helpers test.Helpers) test.Command {
return helpers.Command("image", "convert", "--oci", "--estargz", testutil.CommonImage, data.Identifier())
},
Expected: test.Expects(0, nil, nil),
},
{
Description: "nydus",
Require: test.Require(
test.Binary("nydus-image"),
),
Cleanup: func(data test.Data, helpers test.Helpers) {
helpers.Anyhow("rmi", data.Identifier())
},
Command: func(data test.Data, helpers test.Helpers) test.Command {
return helpers.Command("image", "convert", "--oci", "--nydus", testutil.CommonImage, data.Identifier())
},
Expected: test.Expects(0, nil, nil),
},
{
Description: "zstd",
Cleanup: func(data test.Data, helpers test.Helpers) {
helpers.Anyhow("rmi", data.Identifier())
},
Command: func(data test.Data, helpers test.Helpers) test.Command {
return helpers.Command("image", "convert", "--oci", "--zstd", "--zstd-compression-level", "3", testutil.CommonImage, data.Identifier())
},
Expected: test.Expects(0, nil, nil),
},
{
Description: "zstdchunked",
Cleanup: func(data test.Data, helpers test.Helpers) {
helpers.Anyhow("rmi", data.Identifier())
},
Command: func(data test.Data, helpers test.Helpers) test.Command {
return helpers.Command("image", "convert", "--oci", "--zstdchunked", "--zstdchunked-compression-level", "3", testutil.CommonImage, data.Identifier())
},
Expected: test.Expects(0, nil, nil),
},
},
}

// use `nydusify` check whether the convertd nydus image is valid
testCase.Run(t)

// skip if rootless
if rootlessutil.IsRootless() {
t.Skip("Nydusify check is not supported rootless mode.")
}
}

// skip if nydusify and nydusd are not installed
testutil.RequireExecutable(t, "nydusify")
testutil.RequireExecutable(t, "nydusd")
func TestImageConvertNydusVerify(t *testing.T) {
nerdtest.Setup()

// setup local docker registry
registry := testregistry.NewWithNoAuth(base, 0, false)
remoteImage := fmt.Sprintf("%s:%d/nydusd-image:test", "localhost", registry.Port)
t.Cleanup(func() {
base.Cmd("rmi", remoteImage).Run()
registry.Cleanup(nil)
})
var registry *testregistry.RegistryServer

base.Cmd("tag", convertedImage, remoteImage).AssertOK()
base.Cmd("push", remoteImage).AssertOK()
nydusifyCmd := testutil.Cmd{
Cmd: icmd.Command(
"nydusify",
"check",
"--source",
testutil.CommonImage,
"--target",
remoteImage,
"--source-insecure",
"--target-insecure",
testCase := &test.Case{
Description: "TestImageConvertNydusVerify",
Require: test.Require(
test.Linux,
test.Binary("nydus-image"),
test.Binary("nydusify"),
test.Binary("nydusd"),
test.Not(nerdtest.Docker),
test.Not(nerdtest.Rootless),
),
Base: base,
Setup: func(data test.Data, helpers test.Helpers) {
helpers.Ensure("pull", testutil.CommonImage)
base := testutil.NewBase(t)
registry = testregistry.NewWithNoAuth(base, 80, false)
helpers.Ensure("image", "convert", "--nydus", "--oci",
testutil.CommonImage, data.Identifier())
data.Set("remoteImage", fmt.Sprintf("%s:%d/nydusd-image:test", "localhost", registry.Port))
helpers.Ensure("tag", data.Identifier(), data.Get("remoteImage"))
helpers.Ensure("push", data.Get("remoteImage"))
},
Cleanup: func(data test.Data, helpers test.Helpers) {
helpers.Anyhow("rmi", data.Get("remoteImage"))
helpers.Anyhow("rmi", data.Identifier())
if registry != nil {
registry.Cleanup(nil)
}
},
Command: func(data test.Data, helpers test.Helpers) test.Command {
return helpers.CustomCommand("nydusify",
"check",
"--source",
testutil.CommonImage,
"--target",
data.Get("remoteImage"),
"--source-insecure",
"--target-insecure",
)
},
Expected: test.Expects(0, nil, nil),
}

// nydus is creating temporary files - make sure we are in a proper location for that
nydusifyCmd.Cmd.Dir = base.T.TempDir()
nydusifyCmd.AssertOK()
testCase.Run(t)
}
70 changes: 0 additions & 70 deletions cmd/nerdctl/image/image_convert_test.go

This file was deleted.

81 changes: 53 additions & 28 deletions cmd/nerdctl/image/image_encrypt_linux_test.go
Original file line number Diff line number Diff line change
Expand Up @@ -18,39 +18,64 @@ package image

import (
"fmt"
"strings"
"testing"

"github.com/containerd/nerdctl/v2/cmd/nerdctl/helpers"
"gotest.tools/v3/assert"

testhelpers "github.com/containerd/nerdctl/v2/cmd/nerdctl/helpers"
"github.com/containerd/nerdctl/v2/pkg/testutil"
"github.com/containerd/nerdctl/v2/pkg/testutil/nerdtest"
"github.com/containerd/nerdctl/v2/pkg/testutil/test"
"github.com/containerd/nerdctl/v2/pkg/testutil/testregistry"
)

func TestImageEncryptJWE(t *testing.T) {
testutil.RequiresBuild(t)
testutil.DockerIncompatible(t)
keyPair := helpers.NewJWEKeyPair(t)
base := testutil.NewBase(t)
tID := testutil.Identifier(t)
reg := testregistry.NewWithNoAuth(base, 0, false)

defer keyPair.Cleanup()
defer reg.Cleanup(nil)

base.Cmd("pull", testutil.CommonImage).AssertOK()
encryptImageRef := fmt.Sprintf("127.0.0.1:%d/%s:encrypted", reg.Port, tID)
base.Cmd("image", "encrypt", "--recipient=jwe:"+keyPair.Pub, testutil.CommonImage, encryptImageRef).AssertOK()
base.Cmd("image", "inspect", "--mode=native", "--format={{len .Index.Manifests}}", encryptImageRef).AssertOutExactly("1\n")
base.Cmd("image", "inspect", "--mode=native", "--format={{json .Manifest.Layers}}", encryptImageRef).AssertOutContains("org.opencontainers.image.enc.keys.jwe")
base.Cmd("push", encryptImageRef).AssertOK()

defer base.Cmd("rmi", encryptImageRef).Run()

// remove all local images (in the nerdctl-test namespace), to ensure that we do not have blobs of the original image.
helpers.RmiAll(base)
base.Cmd("pull", encryptImageRef).AssertFail() // defaults to --unpack=true, and fails due to missing prv key
base.Cmd("pull", "--unpack=false", encryptImageRef).AssertOK()
decryptImageRef := tID + ":decrypted"
defer base.Cmd("rmi", decryptImageRef).Run()
base.Cmd("image", "decrypt", "--key="+keyPair.Pub, encryptImageRef, decryptImageRef).AssertFail() // decryption needs prv key, not pub key
base.Cmd("image", "decrypt", "--key="+keyPair.Prv, encryptImageRef, decryptImageRef).AssertOK()
nerdtest.Setup()

var registry *testregistry.RegistryServer
var keyPair *testhelpers.JweKeyPair

testCase := &test.Case{
Description: "TestImageEncryptJWE",
Require: test.Require(
test.Linux,
test.Not(nerdtest.Docker),
// This test needs to rmi the common image
nerdtest.Private,
),
Cleanup: func(data test.Data, helpers test.Helpers) {
if registry != nil {
registry.Cleanup(nil)
keyPair.Cleanup()
helpers.Anyhow("rmi", "-f", data.Get("encryptImageRef"))
}
helpers.Anyhow("rmi", "-f", data.Identifier())
},
Setup: func(data test.Data, helpers test.Helpers) {
base := testutil.NewBase(t)
registry = testregistry.NewWithNoAuth(base, 0, false)
keyPair = testhelpers.NewJWEKeyPair(t)
helpers.Ensure("pull", testutil.CommonImage)
encryptImageRef := fmt.Sprintf("127.0.0.1:%d/%s:encrypted", registry.Port, data.Identifier())
helpers.Ensure("image", "encrypt", "--recipient=jwe:"+keyPair.Pub, testutil.CommonImage, encryptImageRef)
inspector := helpers.Capture("image", "inspect", "--mode=native", "--format={{len .Index.Manifests}}", encryptImageRef)
assert.Equal(t, inspector, "1\n")
inspector = helpers.Capture("image", "inspect", "--mode=native", "--format={{json .Manifest.Layers}}", encryptImageRef)
assert.Assert(t, strings.Contains(inspector, "org.opencontainers.image.enc.keys.jwe"))
helpers.Ensure("push", encryptImageRef)
helpers.Anyhow("rmi", "-f", encryptImageRef)
helpers.Anyhow("rmi", "-f", testutil.CommonImage)
data.Set("encryptImageRef", encryptImageRef)
},
Command: func(data test.Data, helpers test.Helpers) test.Command {
helpers.Fail("pull", data.Get("encryptImageRef"))
helpers.Ensure("pull", "--unpack=false", data.Get("encryptImageRef"))
helpers.Fail("image", "decrypt", "--key="+keyPair.Pub, data.Get("encryptImageRef"), data.Identifier()) // decryption needs prv key, not pub key
return helpers.Command("image", "decrypt", "--key="+keyPair.Prv, data.Get("encryptImageRef"), data.Identifier())
},
Expected: test.Expects(0, nil, nil),
}

testCase.Run(t)
}
Loading

0 comments on commit af64720

Please sign in to comment.