Skip to content

Commit

Permalink
test: use a local registry for remote scanning (aquasecurity#7607)
Browse files Browse the repository at this point in the history
Signed-off-by: knqyf263 <[email protected]>
  • Loading branch information
knqyf263 authored and fhielpos committed Dec 20, 2024
1 parent 0efa91d commit 31d8be1
Show file tree
Hide file tree
Showing 3 changed files with 47 additions and 439 deletions.
64 changes: 47 additions & 17 deletions integration/registry_test.go
Original file line number Diff line number Diff line change
Expand Up @@ -10,14 +10,15 @@ import (
"crypto/x509"
"encoding/json"
"fmt"
"github.com/aquasecurity/trivy/pkg/types"
"io"
"net/http"
"net/url"
"os"
"path/filepath"
"testing"

"github.com/aquasecurity/trivy/pkg/types"

dockercontainer "github.com/docker/docker/api/types/container"
"github.com/docker/go-connections/nat"
"github.com/google/go-containerregistry/pkg/authn"
Expand Down Expand Up @@ -152,32 +153,59 @@ func TestRegistry(t *testing.T) {
name string
imageName string
imageFile string
os string
option registryOption
golden string
wantErr string
}{
{
name: "happy path with username/password",
name: "authenticate with username/password",
imageName: "alpine:3.10",
imageFile: "testdata/fixtures/images/alpine-310.tar.gz",
os: "alpine 3.10.2",
option: registryOption{
AuthURL: authURL,
Username: authUsername,
Password: authPassword,
},
golden: "testdata/alpine-310-registry.json.golden",
golden: "testdata/alpine-310.json.golden",
},
{
name: "happy path with registry token",
name: "authenticate with registry token",
imageName: "alpine:3.10",
imageFile: "testdata/fixtures/images/alpine-310.tar.gz",
os: "alpine 3.10.2",
option: registryOption{
AuthURL: authURL,
Username: authUsername,
Password: authPassword,
RegistryToken: true,
},
golden: "testdata/alpine-310-registry.json.golden",
golden: "testdata/alpine-310.json.golden",
},
{
name: "amazonlinux 2",
imageName: "amazonlinux:2",
imageFile: "testdata/fixtures/images/amazon-2.tar.gz",
os: "amazon 2 (Karoo)",
option: registryOption{
AuthURL: authURL,
Username: authUsername,
Password: authPassword,
},
golden: "testdata/amazon-2.json.golden",
},
{
name: "debian buster",
imageName: "debian:buster",
imageFile: "testdata/fixtures/images/debian-buster.tar.gz",
os: "debian 10.1",
option: registryOption{
AuthURL: authURL,
Username: authUsername,
Password: authPassword,
},
golden: "testdata/debian-buster.json.golden",
},
{
name: "sad path",
Expand All @@ -187,33 +215,33 @@ func TestRegistry(t *testing.T) {
},
}

for _, tc := range tests {
t.Run(tc.name, func(t *testing.T) {
s := fmt.Sprintf("%s/%s", registryURL.Host, tc.imageName)
for _, tt := range tests {
t.Run(tt.name, func(t *testing.T) {
s := fmt.Sprintf("%s/%s", registryURL.Host, tt.imageName)
imageRef, err := name.ParseReference(s)
require.NoError(t, err)

// Load a test image from the tar file, tag it and push to the test registry.
err = replicateImage(imageRef, tc.imageFile, auth)
err = replicateImage(imageRef, tt.imageFile, auth)
require.NoError(t, err)

osArgs, err := scan(t, imageRef, baseDir, tc.golden, tc.option)
osArgs, err := scan(t, imageRef, baseDir, tt.option)

// Run Trivy
runTest(t, osArgs, tc.golden, "", types.FormatJSON, runOptions{
wantErr: tc.wantErr,
override: overrideFuncs(overrideUID, func(t *testing.T, _, got *types.Report) {
got.ArtifactName = tc.imageName
for i := range got.Results {
got.Results[i].Target = fmt.Sprintf("%s (alpine 3.10.2)", tc.imageName)
runTest(t, osArgs, tt.golden, "", types.FormatJSON, runOptions{
wantErr: tt.wantErr,
override: overrideFuncs(overrideUID, func(t *testing.T, want, got *types.Report) {
want.ArtifactName = s
for i := range want.Results {
want.Results[i].Target = fmt.Sprintf("%s (%s)", s, tt.os)
}
}),
})
})
}
}

func scan(t *testing.T, imageRef name.Reference, baseDir, goldenFile string, opt registryOption) ([]string, error) {
func scan(t *testing.T, imageRef name.Reference, baseDir string, opt registryOption) ([]string, error) {
// Set up testing DB
cacheDir := initDB(t)

Expand All @@ -232,6 +260,8 @@ func scan(t *testing.T, imageRef name.Reference, baseDir, goldenFile string, opt
"image",
"--format",
"json",
"--image-src",
"remote",
"--skip-update",
imageRef.Name(),
}
Expand Down
Loading

0 comments on commit 31d8be1

Please sign in to comment.