Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Fix Podman image trust tests #12060

Merged
merged 3 commits into from
Nov 3, 2021
Merged

Fix Podman image trust tests #12060

Changes from all commits
Commits
Show all changes
3 commits
Select commit Hold shift + click to select a range
c872788
Use INTEGRATION_ROOT instead of current directory
mtrmac Oct 21, 2021
53ff492
Tighten the expected output of the "podman image trust show" test
mtrmac Oct 21, 2021
adee084
Fix tests of podman image trust --raw and --json
mtrmac Oct 21, 2021
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
63 changes: 44 additions & 19 deletions test/e2e/trust_test.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -14,7 +14,8 @@ import (

var _ = Describe("Podman trust", func() {
var (
tempdir string
tempdir string

err error
podmanTest *PodmanTestIntegration
)
Expand All @@ -38,21 +39,17 @@ var _ = Describe("Podman trust", func() {
})

It("podman image trust show", func() {
path, err := os.Getwd()
if err != nil {
os.Exit(1)
}
session := podmanTest.Podman([]string{"image", "trust", "show", "--registrypath", filepath.Dir(path), "--policypath", filepath.Join(filepath.Dir(path), "policy.json")})
session := podmanTest.Podman([]string{"image", "trust", "show", "--registrypath", filepath.Join(INTEGRATION_ROOT, "test"), "--policypath", filepath.Join(INTEGRATION_ROOT, "test/policy.json")})
session.WaitWithDefaultTimeout()
Expect(session).Should(Exit(0))
outArray := session.OutputToStringArray()
Expect(len(outArray)).To(Equal(3))

// image order is not guaranteed. All we can do is check that
// these strings appear in output, we can't cross-check them.
Expect(session.OutputToString()).To(ContainSubstring("accept"))
Expect(session.OutputToString()).To(ContainSubstring("reject"))
Expect(session.OutputToString()).To(ContainSubstring("signed"))
// Repository order is not guaranteed. So, check that
// all expected lines appear in output; we also check total number of lines, so that handles all of them.
Expect(string(session.Out.Contents())).To(MatchRegexp(`(?m)^default\s+accept\s*$`))
Expect(string(session.Out.Contents())).To(MatchRegexp(`(?m)^docker.io/library/hello-world\s+reject\s*$`))
Expect(string(session.Out.Contents())).To(MatchRegexp(`(?m)^registry.access.redhat.com\s+signedBy\[email protected], [email protected]\s+https://access.redhat.com/webassets/docker/content/sigstore\s*$`))
})

It("podman image trust set", func() {
Expand All @@ -76,24 +73,52 @@ var _ = Describe("Podman trust", func() {
})

It("podman image trust show --json", func() {
session := podmanTest.Podman([]string{"image", "trust", "show", "--json"})
session := podmanTest.Podman([]string{"image", "trust", "show", "--registrypath", filepath.Join(INTEGRATION_ROOT, "test"), "--policypath", filepath.Join(INTEGRATION_ROOT, "test/policy.json"), "--json"})
session.WaitWithDefaultTimeout()
Expect(session).Should(Exit(0))
Expect(session.IsJSONOutputValid()).To(BeTrue())
var teststruct []map[string]string
json.Unmarshal(session.Out.Contents(), &teststruct)
Expect(teststruct[0]["name"]).To(Equal("* (default)"))
Expect(teststruct[0]["repo_name"]).To(Equal("default"))
Expect(teststruct[0]["type"]).To(Equal("accept"))
Expect(teststruct[1]["type"]).To(Equal("insecureAcceptAnything"))
Expect(len(teststruct)).To(Equal(3))
// To ease comparison, group the unordered array of repos by repo (and we expect only one entry by repo, so order within groups doesn’t matter)
repoMap := map[string][]map[string]string{}
for _, e := range teststruct {
key := e["name"]
repoMap[key] = append(repoMap[key], e)
}
Expect(repoMap).To(Equal(map[string][]map[string]string{
"* (default)": {{
"name": "* (default)",
"repo_name": "default",
"sigstore": "",
"transport": "",
"type": "accept",
}},
"docker.io/library/hello-world": {{
"name": "docker.io/library/hello-world",
"repo_name": "docker.io/library/hello-world",
"sigstore": "",
"transport": "",
Copy link
Collaborator Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Note that transport is always empty.

"type": "reject",
}},
"registry.access.redhat.com": {{
"name": "registry.access.redhat.com",
"repo_name": "registry.access.redhat.com",
"sigstore": "https://access.redhat.com/webassets/docker/content/sigstore",
"transport": "",
"type": "signedBy",
"gpg_id": "[email protected], [email protected]",
}},
}))
})

It("podman image trust show --raw", func() {
session := podmanTest.Podman([]string{"image", "trust", "show", "--raw"})
session := podmanTest.Podman([]string{"image", "trust", "show", "--policypath", filepath.Join(INTEGRATION_ROOT, "test/policy.json"), "--raw"})
Copy link
Collaborator Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

podman image trust show $path/test.policy.json --raw (missing the --policypath option, i.e. with an extra argument) does not fail.

session.WaitWithDefaultTimeout()
Expect(session).Should(Exit(0))
contents, err := ioutil.ReadFile(filepath.Join(INTEGRATION_ROOT, "test/policy.json"))
Expect(err).ShouldNot(HaveOccurred())
Expect(session.IsJSONOutputValid()).To(BeTrue())
Expect(session.OutputToString()).To(ContainSubstring("default"))
Expect(session.OutputToString()).To(ContainSubstring("insecureAcceptAnything"))
Expect(string(session.Out.Contents())).To(Equal(string(contents) + "\n"))
})
})