Skip to content

Commit

Permalink
Add tests for format conversion combined with encryption
Browse files Browse the repository at this point in the history
Signed-off-by: Miloslav Trmač <[email protected]>
  • Loading branch information
mtrmac committed Sep 6, 2023
1 parent 942cb5c commit 0227805
Show file tree
Hide file tree
Showing 4 changed files with 135 additions and 0 deletions.
11 changes: 11 additions & 0 deletions internal/image/common_test.go
Original file line number Diff line number Diff line change
Expand Up @@ -6,8 +6,10 @@ import (
"path/filepath"
"testing"

"github.com/containers/image/v5/types"
"github.com/stretchr/testify/assert"
"github.com/stretchr/testify/require"
"golang.org/x/exp/slices"
)

// assertJSONEqualsFixture tests that jsonBytes is structurally equal to fixture,
Expand All @@ -29,3 +31,12 @@ func assertJSONEqualsFixture(t *testing.T, jsonBytes []byte, fixture string, ign
}
assert.Equal(t, fixtureContents, contents)
}

// layerInfosWithCryptoOperation returns a copy of input where CryptoOperation is set to op
func layerInfosWithCryptoOperation(input []types.BlobInfo, op types.LayerCrypto) []types.BlobInfo {
res := slices.Clone(input)
for i := range res {
res[i].CryptoOperation = op
}
return res
}
57 changes: 57 additions & 0 deletions internal/image/docker_schema1_test.go
Original file line number Diff line number Diff line change
Expand Up @@ -507,6 +507,18 @@ func TestManifestSchema1ConvertToSchema2(t *testing.T) {
},
}, s2Manifest.LayerInfos())

// Conversion to schema2 with encryption fails
encryptedLayers := layerInfosWithCryptoOperation(original.LayerInfos(), types.Encrypt)
_, err = original.UpdatedImage(context.Background(), types.ManifestUpdateOptions{
LayerInfos: encryptedLayers,
ManifestMIMEType: manifest.DockerV2Schema2MediaType,
InformationOnly: types.ManifestUpdateInformation{
LayerInfos: updatedLayers,
LayerDiffIDs: schema1WithThrowawaysFixtureLayerDiffIDs,
},
})
assert.Error(t, err)

// FIXME? Test also the various failure cases, if only to see that we don't crash?
}

Expand Down Expand Up @@ -582,6 +594,51 @@ func TestManifestSchema1ConvertToManifestOCI1(t *testing.T) {
},
}, ociManifest.LayerInfos())

// Conversion to OCI with encryption is possible.
encryptedLayers := layerInfosWithCryptoOperation(schema1WithThrowawaysFixtureLayerInfos, types.Encrypt)
res, err = original.UpdatedImage(context.Background(), types.ManifestUpdateOptions{
LayerInfos: encryptedLayers,
ManifestMIMEType: imgspecv1.MediaTypeImageManifest,
InformationOnly: types.ManifestUpdateInformation{
LayerInfos: encryptedLayers,
LayerDiffIDs: schema1WithThrowawaysFixtureLayerDiffIDs,
},
})
require.NoError(t, err)
convertedJSON, mt, err = res.Manifest(context.Background())
require.NoError(t, err)
assert.Equal(t, imgspecv1.MediaTypeImageManifest, mt)
// Layers have been updated as expected
ociManifest, err = manifestOCI1FromManifest(originalSrc, convertedJSON)
require.NoError(t, err)
assert.Equal(t, []types.BlobInfo{
{
Digest: "sha256:6a5a5368e0c2d3e5909184fa28ddfd56072e7ff3ee9a945876f7eee5896ef5bb",
Size: 51354364,
MediaType: "application/vnd.oci.image.layer.v1.tar+gzip+encrypted",
},
{
Digest: "sha256:1bbf5d58d24c47512e234a5623474acf65ae00d4d1414272a893204f44cc680c",
Size: 150,
MediaType: "application/vnd.oci.image.layer.v1.tar+gzip+encrypted",
},
{
Digest: "sha256:8f5dc8a4b12c307ac84de90cdd9a7f3915d1be04c9388868ca118831099c67a9",
Size: 11739507,
MediaType: "application/vnd.oci.image.layer.v1.tar+gzip+encrypted",
},
{
Digest: "sha256:bbd6b22eb11afce63cc76f6bc41042d99f10d6024c96b655dafba930b8d25909",
Size: 8841833,
MediaType: "application/vnd.oci.image.layer.v1.tar+gzip+encrypted",
},
{
Digest: "sha256:960e52ecf8200cbd84e70eb2ad8678f4367e50d14357021872c10fa3fc5935fa",
Size: 291,
MediaType: "application/vnd.oci.image.layer.v1.tar+gzip+encrypted",
},
}, ociManifest.LayerInfos())

// FIXME? Test also the various failure cases, if only to see that we don't crash?
}

Expand Down
50 changes: 50 additions & 0 deletions internal/image/docker_schema2_test.go
Original file line number Diff line number Diff line change
Expand Up @@ -521,6 +521,46 @@ func TestConvertToManifestOCI(t *testing.T) {
convertedConfig, err := res.ConfigBlob(context.Background())
require.NoError(t, err)
assertJSONEqualsFixture(t, convertedConfig, "schema2-to-oci1-config.json")

// Conversion to OCI with encryption is possible.
res, err = original.UpdatedImage(context.Background(), types.ManifestUpdateOptions{
LayerInfos: layerInfosWithCryptoOperation(original.LayerInfos(), types.Encrypt),
ManifestMIMEType: imgspecv1.MediaTypeImageManifest,
})
require.NoError(t, err)
convertedJSON, mt, err = res.Manifest(context.Background())
require.NoError(t, err)
assert.Equal(t, imgspecv1.MediaTypeImageManifest, mt)
// Layers have been updated as expected
ociManifest, err := manifestOCI1FromManifest(originalSrc, convertedJSON)
require.NoError(t, err)
assert.Equal(t, []types.BlobInfo{
{
Digest: "sha256:6a5a5368e0c2d3e5909184fa28ddfd56072e7ff3ee9a945876f7eee5896ef5bb",
Size: 51354364,
MediaType: "application/vnd.oci.image.layer.v1.tar+gzip+encrypted",
},
{
Digest: "sha256:1bbf5d58d24c47512e234a5623474acf65ae00d4d1414272a893204f44cc680c",
Size: 150,
MediaType: "application/vnd.oci.image.layer.v1.tar+gzip+encrypted",
},
{
Digest: "sha256:8f5dc8a4b12c307ac84de90cdd9a7f3915d1be04c9388868ca118831099c67a9",
Size: 11739507,
MediaType: "application/vnd.oci.image.layer.v1.tar+gzip+encrypted",
},
{
Digest: "sha256:bbd6b22eb11afce63cc76f6bc41042d99f10d6024c96b655dafba930b8d25909",
Size: 8841833,
MediaType: "application/vnd.oci.image.layer.v1.tar+gzip+encrypted",
},
{
Digest: "sha256:960e52ecf8200cbd84e70eb2ad8678f4367e50d14357021872c10fa3fc5935fa",
Size: 291,
MediaType: "application/vnd.oci.image.layer.v1.tar+gzip+encrypted",
},
}, ociManifest.LayerInfos())
}

func TestConvertToManifestOCIAllMediaTypes(t *testing.T) {
Expand Down Expand Up @@ -604,6 +644,16 @@ func TestConvertToManifestSchema1(t *testing.T) {
{Digest: GzippedEmptyLayerDigest, Size: -1},
}, s1Manifest.LayerInfos())

// Conversion to schema1 with encryption fails
_, err = original.UpdatedImage(context.Background(), types.ManifestUpdateOptions{
LayerInfos: layerInfosWithCryptoOperation(original.LayerInfos(), types.Encrypt),
ManifestMIMEType: manifest.DockerV2Schema1SignedMediaType,
InformationOnly: types.ManifestUpdateInformation{
Destination: memoryDest,
},
})
assert.Error(t, err)

// FIXME? Test also the various failure cases, if only to see that we don't crash?
}

Expand Down
17 changes: 17 additions & 0 deletions internal/image/oci_test.go
Original file line number Diff line number Diff line change
Expand Up @@ -538,6 +538,16 @@ func TestManifestOCI1ConvertToManifestSchema1(t *testing.T) {
var expected manifest.NonImageArtifactError
assert.ErrorAs(t, err, &expected)

// Conversion to schema1 with encryption fails
_, err = original.UpdatedImage(context.Background(), types.ManifestUpdateOptions{
LayerInfos: layerInfosWithCryptoOperation(original.LayerInfos(), types.Encrypt),
ManifestMIMEType: manifest.DockerV2Schema1SignedMediaType,
InformationOnly: types.ManifestUpdateInformation{
Destination: memoryDest,
},
})
assert.Error(t, err)

// FIXME? Test also the other failure cases, if only to see that we don't crash?
}

Expand Down Expand Up @@ -566,6 +576,13 @@ func TestConvertToManifestSchema2(t *testing.T) {
var expected manifest.NonImageArtifactError
assert.ErrorAs(t, err, &expected)

// Conversion to schema2 with encryption fails
_, err = original.UpdatedImage(context.Background(), types.ManifestUpdateOptions{
LayerInfos: layerInfosWithCryptoOperation(original.LayerInfos(), types.Encrypt),
ManifestMIMEType: manifest.DockerV2Schema2MediaType,
})
assert.Error(t, err)

// FIXME? Test also the other failure cases, if only to see that we don't crash?
}

Expand Down

0 comments on commit 0227805

Please sign in to comment.