diff --git a/integration-cli/docker_cli_build_test.go b/integration-cli/docker_cli_build_test.go index 5dd4fc4c08..12a5ba0041 100644 --- a/integration-cli/docker_cli_build_test.go +++ b/integration-cli/docker_cli_build_test.go @@ -5433,7 +5433,7 @@ func (s *DockerTrustSuite) TestTrustedBuild(c *check.C) { name := "testtrustedbuild" buildCmd := buildImageCmd(name, dockerFile, true) - s.trustedCmd(buildCmd) + trustedExecCmd(buildCmd) out, _, err := runCommandWithOutput(buildCmd) if err != nil { c.Fatalf("Error running trusted build: %s\n%s", err, out) @@ -5464,7 +5464,7 @@ func (s *DockerTrustSuite) TestTrustedBuildUntrustedTag(c *check.C) { name := "testtrustedbuilduntrustedtag" buildCmd := buildImageCmd(name, dockerFile, true) - s.trustedCmd(buildCmd) + trustedExecCmd(buildCmd) out, _, err := runCommandWithOutput(buildCmd) if err == nil { c.Fatalf("Expected error on trusted build with untrusted tag: %s\n%s", err, out) @@ -5527,10 +5527,7 @@ func (s *DockerTrustSuite) TestTrustedBuildTagFromReleasesRole(c *check.C) { otherTag := fmt.Sprintf("%s:other", repoName) dockerCmd(c, "tag", "busybox", otherTag) - pushCmd := exec.Command(dockerBinary, "push", otherTag) - s.trustedCmd(pushCmd) - out, _, err := runCommandWithOutput(pushCmd) - c.Assert(err, check.IsNil, check.Commentf("Trusted push failed: %s", out)) + icmd.RunCmd(icmd.Command(dockerBinary, "push", otherTag), trustedCmd).Assert(c, icmd.Success) s.assertTargetInRoles(c, repoName, "other", "targets/releases") s.assertTargetNotInRoles(c, repoName, "other", "targets") @@ -5545,8 +5542,8 @@ func (s *DockerTrustSuite) TestTrustedBuildTagFromReleasesRole(c *check.C) { name := "testtrustedbuildreleasesrole" buildCmd := buildImageCmd(name, dockerFile, true) - s.trustedCmd(buildCmd) - out, _, err = runCommandWithOutput(buildCmd) + trustedExecCmd(buildCmd) + out, _, err := runCommandWithOutput(buildCmd) c.Assert(err, check.IsNil, check.Commentf("Trusted build failed: %s", out)) c.Assert(out, checker.Contains, fmt.Sprintf("FROM %s@sha", repoName)) } @@ -5566,10 +5563,7 @@ func (s *DockerTrustSuite) TestTrustedBuildTagIgnoresOtherDelegationRoles(c *che otherTag := fmt.Sprintf("%s:other", repoName) dockerCmd(c, "tag", "busybox", otherTag) - pushCmd := exec.Command(dockerBinary, "push", otherTag) - s.trustedCmd(pushCmd) - out, _, err := runCommandWithOutput(pushCmd) - c.Assert(err, check.IsNil, check.Commentf("Trusted push failed: %s", out)) + icmd.RunCmd(icmd.Command(dockerBinary, "push", otherTag), trustedCmd).Assert(c, icmd.Success) s.assertTargetInRoles(c, repoName, "other", "targets/other") s.assertTargetNotInRoles(c, repoName, "other", "targets") @@ -5584,8 +5578,8 @@ func (s *DockerTrustSuite) TestTrustedBuildTagIgnoresOtherDelegationRoles(c *che name := "testtrustedbuildotherrole" buildCmd := buildImageCmd(name, dockerFile, true) - s.trustedCmd(buildCmd) - out, _, err = runCommandWithOutput(buildCmd) + trustedExecCmd(buildCmd) + out, _, err := runCommandWithOutput(buildCmd) c.Assert(err, check.NotNil, check.Commentf("Trusted build expected to fail: %s", out)) } diff --git a/integration-cli/docker_cli_build_unix_test.go b/integration-cli/docker_cli_build_unix_test.go index d1cfd5f167..386ca40360 100644 --- a/integration-cli/docker_cli_build_unix_test.go +++ b/integration-cli/docker_cli_build_unix_test.go @@ -103,7 +103,7 @@ func (s *DockerSuite) TestBuildAddChangeOwnership(c *check.C) { icmd.RunCmd(icmd.Cmd{ Command: []string{"chown", "daemon:daemon", "foo"}, - Dir: tmpDir, + Dir: tmpDir, }).Assert(c, icmd.Success) if err := ioutil.WriteFile(filepath.Join(tmpDir, "Dockerfile"), []byte(dockerfile), 0644); err != nil { diff --git a/integration-cli/docker_cli_config_test.go b/integration-cli/docker_cli_config_test.go index 41e2d10080..efe2ea7618 100644 --- a/integration-cli/docker_cli_config_test.go +++ b/integration-cli/docker_cli_config_test.go @@ -5,15 +5,14 @@ import ( "net/http" "net/http/httptest" "os" - "os/exec" "path/filepath" "runtime" "github.com/docker/docker/api" "github.com/docker/docker/dockerversion" "github.com/docker/docker/integration-cli/checker" - icmd "github.com/docker/docker/pkg/testutil/cmd" "github.com/docker/docker/pkg/homedir" + icmd "github.com/docker/docker/pkg/testutil/cmd" "github.com/go-check/check" ) @@ -53,7 +52,10 @@ func (s *DockerSuite) TestConfigHTTPHeader(c *check.C) { c.Assert(err, checker.IsNil) result := icmd.RunCommand(dockerBinary, "-H="+server.URL[7:], "ps") - result.Assert(c, icmd.Success) + result.Assert(c, icmd.Expected{ + ExitCode: 1, + Error: "exit status 1", + }) c.Assert(headers["User-Agent"], checker.NotNil, check.Commentf("Missing User-Agent")) @@ -73,9 +75,9 @@ func (s *DockerSuite) TestConfigDir(c *check.C) { dockerCmd(c, "--config", cDir, "ps") // Test with env var too - icmd.RunCmd(icm.Cmd{ + icmd.RunCmd(icmd.Cmd{ Command: []string{dockerBinary, "ps"}, - Env: appendBaseEnv(true, "DOCKER_CONFIG="+cDir), + Env: appendBaseEnv(true, "DOCKER_CONFIG="+cDir), }).Assert(c, icmd.Success) // Start a server so we can check to see if the config file was @@ -100,36 +102,37 @@ func (s *DockerSuite) TestConfigDir(c *check.C) { env := appendBaseEnv(false) icmd.RunCmd(icmd.Cmd{ - Command: []string{dockerBinary, "--config", cDir, "-H="+server.URL[7:], "ps"}, - Env: env, - }).Assert(c, icmd.Exepected{ - Error: "exit status 1", + Command: []string{dockerBinary, "--config", cDir, "-H=" + server.URL[7:], "ps"}, + Env: env, + }).Assert(c, icmd.Expected{ + ExitCode: 1, + Error: "exit status 1", }) c.Assert(headers["Myheader"], checker.NotNil) - c.Assert(headers["Myheader"][0], checker.Equals, "MyValue", check.Commentf("ps3 - Missing header,out:%v", out)) + c.Assert(headers["Myheader"][0], checker.Equals, "MyValue", check.Commentf("ps3 - Missing header")) // Reset headers and try again using env var this time headers = map[string][]string{} icmd.RunCmd(icmd.Cmd{ - Command: []string{dockerBinary, "--config", cDir, "-H="+server.URL[7:], "ps"}, - Env: append(env, "DOCKER_CONFIG="+cDir), - }).Assert(c, icmd.Exepected{ - Error: "exit status 1", + Command: []string{dockerBinary, "--config", cDir, "-H=" + server.URL[7:], "ps"}, + Env: append(env, "DOCKER_CONFIG="+cDir), + }).Assert(c, icmd.Expected{ + ExitCode: 1, }) c.Assert(headers["Myheader"], checker.NotNil) - c.Assert(headers["Myheader"][0], checker.Equals, "MyValue", check.Commentf("ps4 - Missing header,out:%v", out)) + c.Assert(headers["Myheader"][0], checker.Equals, "MyValue", check.Commentf("ps4 - Missing header")) // FIXME(vdemeester) should be a unit test // Reset headers and make sure flag overrides the env var headers = map[string][]string{} icmd.RunCmd(icmd.Cmd{ - Command: []string{dockerBinary, "--config", cDir, "-H="+server.URL[7:], "ps"}, - Env: append(env, "DOCKER_CONFIG=MissingDir"), - }).Assert(c, icmd.Exepected{ - Error: "exit status 1", + Command: []string{dockerBinary, "--config", cDir, "-H=" + server.URL[7:], "ps"}, + Env: append(env, "DOCKER_CONFIG=MissingDir"), + }).Assert(c, icmd.Expected{ + ExitCode: 1, }) c.Assert(headers["Myheader"], checker.NotNil) - c.Assert(headers["Myheader"][0], checker.Equals, "MyValue", check.Commentf("ps5 - Missing header,out:%v", out)) + c.Assert(headers["Myheader"][0], checker.Equals, "MyValue", check.Commentf("ps5 - Missing header")) // FIXME(vdemeester) should be a unit test // Reset headers and make sure flag overrides the env var. @@ -137,11 +140,12 @@ func (s *DockerSuite) TestConfigDir(c *check.C) { // ignore - we don't want to default back to the env var. headers = map[string][]string{} icmd.RunCmd(icmd.Cmd{ - Command: []string{dockerBinary, "--config", "MissingDir", "-H="+server.URL[7:], "ps"}, - Env: append(env, "DOCKER_CONFIG="+cDir), - }).Assert(c, icmd.Exepected{ - Error: "exit status 1", + Command: []string{dockerBinary, "--config", "MissingDir", "-H=" + server.URL[7:], "ps"}, + Env: append(env, "DOCKER_CONFIG="+cDir), + }).Assert(c, icmd.Expected{ + ExitCode: 1, + Error: "exit status 1", }) - c.Assert(headers["Myheader"], checker.IsNil, check.Commentf("ps6 - Headers shouldn't be the expected value,out:%v", out)) + c.Assert(headers["Myheader"], checker.IsNil, check.Commentf("ps6 - Headers shouldn't be the expected value")) } diff --git a/integration-cli/docker_cli_create_test.go b/integration-cli/docker_cli_create_test.go index 0f7676f91e..d23d39c459 100644 --- a/integration-cli/docker_cli_create_test.go +++ b/integration-cli/docker_cli_create_test.go @@ -3,18 +3,16 @@ package main import ( "encoding/json" "fmt" + "io/ioutil" "os" "reflect" "strings" "time" - "os/exec" - - "io/ioutil" - "github.com/docker/docker/integration-cli/checker" "github.com/docker/docker/pkg/stringid" "github.com/docker/docker/pkg/testutil" + icmd "github.com/docker/docker/pkg/testutil/cmd" "github.com/docker/go-connections/nat" "github.com/go-check/check" ) @@ -302,21 +300,12 @@ func (s *DockerTrustSuite) TestTrustedCreate(c *check.C) { repoName := s.setupTrustedImage(c, "trusted-create") // Try create - createCmd := exec.Command(dockerBinary, "create", repoName) - s.trustedCmd(createCmd) - out, _, err := runCommandWithOutput(createCmd) - c.Assert(err, check.IsNil) - c.Assert(string(out), checker.Contains, "Tagging", check.Commentf("Missing expected output on trusted push:\n%s", out)) + icmd.RunCmd(icmd.Command(dockerBinary, "create", repoName), trustedCmd).Assert(c, SuccessTagging) dockerCmd(c, "rmi", repoName) // Try untrusted create to ensure we pushed the tag to the registry - createCmd = exec.Command(dockerBinary, "create", "--disable-content-trust=true", repoName) - s.trustedCmd(createCmd) - out, _, err = runCommandWithOutput(createCmd) - c.Assert(err, check.IsNil) - c.Assert(string(out), checker.Contains, "Status: Downloaded", check.Commentf("Missing expected output on trusted create with --disable-content-trust:\n%s", out)) - + icmd.RunCmd(icmd.Command(dockerBinary, "create", "--disable-content-trust=true", repoName), trustedCmd).Assert(c, SuccessDownloadedOnStderr) } func (s *DockerTrustSuite) TestUntrustedCreate(c *check.C) { @@ -328,23 +317,17 @@ func (s *DockerTrustSuite) TestUntrustedCreate(c *check.C) { dockerCmd(c, "rmi", withTagName) // Try trusted create on untrusted tag - createCmd := exec.Command(dockerBinary, "create", withTagName) - s.trustedCmd(createCmd) - out, _, err := runCommandWithOutput(createCmd) - c.Assert(err, check.Not(check.IsNil)) - c.Assert(string(out), checker.Contains, fmt.Sprintf("does not have trust data for %s", repoName), check.Commentf("Missing expected output on trusted create:\n%s", out)) - + icmd.RunCmd(icmd.Command(dockerBinary, "create", withTagName), trustedCmd).Assert(c, icmd.Expected{ + ExitCode: 1, + Err: fmt.Sprintf("does not have trust data for %s", repoName), + }) } func (s *DockerTrustSuite) TestTrustedIsolatedCreate(c *check.C) { repoName := s.setupTrustedImage(c, "trusted-isolated-create") // Try create - createCmd := exec.Command(dockerBinary, "--config", "/tmp/docker-isolated-create", "create", repoName) - s.trustedCmd(createCmd) - out, _, err := runCommandWithOutput(createCmd) - c.Assert(err, check.IsNil) - c.Assert(string(out), checker.Contains, "Tagging", check.Commentf("Missing expected output on trusted push:\n%s", out)) + icmd.RunCmd(icmd.Command(dockerBinary, "--config", "/tmp/docker-isolated-create", "create", repoName), trustedCmd).Assert(c, SuccessTagging) dockerCmd(c, "rmi", repoName) } @@ -358,20 +341,19 @@ func (s *DockerTrustSuite) TestCreateWhenCertExpired(c *check.C) { testutil.RunAtDifferentDate(elevenYearsFromNow, func() { // Try create - createCmd := exec.Command(dockerBinary, "create", repoName) - s.trustedCmd(createCmd) - out, _, err := runCommandWithOutput(createCmd) - c.Assert(err, check.Not(check.IsNil)) - c.Assert(string(out), checker.Contains, "could not validate the path to a trusted root", check.Commentf("Missing expected output on trusted create in the distant future:\n%s", out)) + icmd.RunCmd(icmd.Cmd{ + Command: []string{dockerBinary, "create", repoName}, + }, trustedCmd).Assert(c, icmd.Expected{ + ExitCode: 1, + Err: "could not validate the path to a trusted root", + }) }) testutil.RunAtDifferentDate(elevenYearsFromNow, func() { // Try create - createCmd := exec.Command(dockerBinary, "create", "--disable-content-trust", repoName) - s.trustedCmd(createCmd) - out, _, err := runCommandWithOutput(createCmd) - c.Assert(err, check.Not(check.IsNil)) - c.Assert(string(out), checker.Contains, "Status: Downloaded", check.Commentf("Missing expected output on trusted create in the distant future:\n%s", out)) + result := icmd.RunCmd(icmd.Command(dockerBinary, "create", "--disable-content-trust", repoName), trustedCmd) + c.Assert(result.Error, check.Not(check.IsNil)) + c.Assert(string(result.Combined()), checker.Contains, "Status: Downloaded", check.Commentf("Missing expected output on trusted create in the distant future:\n%s", result.Combined())) }) } @@ -384,20 +366,12 @@ func (s *DockerTrustSuite) TestTrustedCreateFromBadTrustServer(c *check.C) { // tag the image and upload it to the private registry dockerCmd(c, "tag", "busybox", repoName) - pushCmd := exec.Command(dockerBinary, "push", repoName) - s.trustedCmd(pushCmd) - out, _, err := runCommandWithOutput(pushCmd) - c.Assert(err, check.IsNil) - c.Assert(string(out), checker.Contains, "Signing and pushing trust metadata", check.Commentf("Missing expected output on trusted push:\n%s", out)) + icmd.RunCmd(icmd.Command(dockerBinary, "push", repoName), trustedCmd).Assert(c, SuccessSigningAndPushing) dockerCmd(c, "rmi", repoName) // Try create - createCmd := exec.Command(dockerBinary, "create", repoName) - s.trustedCmd(createCmd) - out, _, err = runCommandWithOutput(createCmd) - c.Assert(err, check.IsNil) - c.Assert(string(out), checker.Contains, "Tagging", check.Commentf("Missing expected output on trusted push:\n%s", out)) + icmd.RunCmd(icmd.Command(dockerBinary, "create", repoName), trustedCmd).Assert(c, SuccessTagging) dockerCmd(c, "rmi", repoName) @@ -411,23 +385,13 @@ func (s *DockerTrustSuite) TestTrustedCreateFromBadTrustServer(c *check.C) { dockerCmd(c, "--config", evilLocalConfigDir, "tag", "busybox", repoName) // Push up to the new server - pushCmd = exec.Command(dockerBinary, "--config", evilLocalConfigDir, "push", repoName) - s.trustedCmd(pushCmd) - out, _, err = runCommandWithOutput(pushCmd) - c.Assert(err, check.IsNil) - c.Assert(string(out), checker.Contains, "Signing and pushing trust metadata", check.Commentf("Missing expected output on trusted push:\n%s", out)) + icmd.RunCmd(icmd.Command(dockerBinary, "--config", evilLocalConfigDir, "push", repoName), trustedCmd).Assert(c, SuccessSigningAndPushing) // Now, try creating with the original client from this new trust server. This should fail because the new root is invalid. - createCmd = exec.Command(dockerBinary, "create", repoName) - s.trustedCmd(createCmd) - out, _, err = runCommandWithOutput(createCmd) - if err == nil { - c.Fatalf("Continuing with cached data even though it's an invalid root rotation: %s\n%s", err, out) - } - if !strings.Contains(out, "could not rotate trust to a new trusted root") { - c.Fatalf("Missing expected output on trusted create:\n%s", out) - } - + icmd.RunCmd(icmd.Command(dockerBinary, "create", repoName), trustedCmd).Assert(c, icmd.Expected{ + ExitCode: 1, + Err: "could not rotate trust to a new trusted root", + }) } func (s *DockerSuite) TestCreateStopSignal(c *check.C) { diff --git a/integration-cli/docker_cli_daemon_plugins_test.go b/integration-cli/docker_cli_daemon_plugins_test.go index e517fd4c6d..8457382c58 100644 --- a/integration-cli/docker_cli_daemon_plugins_test.go +++ b/integration-cli/docker_cli_daemon_plugins_test.go @@ -4,14 +4,13 @@ package main import ( "os" - "os/exec" "path/filepath" "strings" "syscall" - icmd "github.com/docker/docker/pkg/testutil/cmd" "github.com/docker/docker/integration-cli/checker" "github.com/docker/docker/pkg/mount" + icmd "github.com/docker/docker/pkg/testutil/cmd" "github.com/go-check/check" ) @@ -153,7 +152,7 @@ func (s *DockerDaemonSuite) TestDaemonShutdownWithPlugins(c *check.C) { icmd.RunCommand("pgrep", "-f", pluginProcessName).Assert(c, icmd.Expected{ ExitCode: 1, - Error: "exit status 1", + Error: "exit status 1", }) s.d.Start(c, "--live-restore") diff --git a/integration-cli/docker_cli_daemon_test.go b/integration-cli/docker_cli_daemon_test.go index 093e534535..a2b2d8f28b 100644 --- a/integration-cli/docker_cli_daemon_test.go +++ b/integration-cli/docker_cli_daemon_test.go @@ -1945,7 +1945,7 @@ func (s *DockerDaemonSuite) TestDaemonRestartWithKilledRunningContainer(t *check } // kill the container - icmd.RunCommand(ctrBinary, "--address", "unix:///var/run/docker/libcontainerd/docker-containerd.sock", "containers", "kill", cid).Assert(c, icmd.Success) + icmd.RunCommand(ctrBinary, "--address", "unix:///var/run/docker/libcontainerd/docker-containerd.sock", "containers", "kill", cid).Assert(t, icmd.Success) // Give time to containerd to process the command if we don't // the exit event might be received after we do the inspect diff --git a/integration-cli/docker_cli_export_import_test.go b/integration-cli/docker_cli_export_import_test.go index 56e2f52fb9..fe117b9ae0 100644 --- a/integration-cli/docker_cli_export_import_test.go +++ b/integration-cli/docker_cli_export_import_test.go @@ -19,8 +19,8 @@ func (s *DockerSuite) TestExportContainerAndImportImage(c *check.C) { out, _ := dockerCmd(c, "export", containerID) result := icmd.RunCmd(icmd.Cmd{ - Command: dockerBinary, "import", "-", "repo/testexp:v1", - Stdin: strings.NewReader(out), + Command: []string{dockerBinary, "import", "-", "repo/testexp:v1"}, + Stdin: strings.NewReader(out), }) result.Assert(c, icmd.Success) @@ -41,8 +41,8 @@ func (s *DockerSuite) TestExportContainerWithOutputAndImportImage(c *check.C) { resultCat.Assert(c, icmd.Success) result := icmd.RunCmd(icmd.Cmd{ - Command: dockerBinary, "import", "-", "repo/testexp:v1", - Stdin: strings.NewReader(resultCat.Combined()), + Command: []string{dockerBinary, "import", "-", "repo/testexp:v1"}, + Stdin: strings.NewReader(resultCat.Combined()), }) result.Assert(c, icmd.Success) diff --git a/integration-cli/docker_cli_help_test.go b/integration-cli/docker_cli_help_test.go index 7f1c8b1a7c..7c486858f6 100644 --- a/integration-cli/docker_cli_help_test.go +++ b/integration-cli/docker_cli_help_test.go @@ -2,7 +2,6 @@ package main import ( "fmt" - "os/exec" "runtime" "strings" "unicode" @@ -54,8 +53,8 @@ func (s *DockerSuite) TestHelpTextVerify(c *check.C) { // Check main help text to make sure its not over 80 chars result := icmd.RunCmd(icmd.Cmd{ - Command: []stirng{dockerBinary, "help"}, - Env: newEnvs, + Command: []string{dockerBinary, "help"}, + Env: newEnvs, }) result.Assert(c, icmd.Success) lines := strings.Split(result.Combined(), "\n") diff --git a/integration-cli/docker_cli_logs_test.go b/integration-cli/docker_cli_logs_test.go index bf2ff97459..47fb1ebc51 100644 --- a/integration-cli/docker_cli_logs_test.go +++ b/integration-cli/docker_cli_logs_test.go @@ -8,10 +8,10 @@ import ( "strings" "time" - icmd "github.com/docker/docker/pkg/testutil/cmd" "github.com/docker/docker/integration-cli/checker" "github.com/docker/docker/pkg/jsonlog" "github.com/docker/docker/pkg/testutil" + icmd "github.com/docker/docker/pkg/testutil/cmd" "github.com/go-check/check" ) @@ -190,10 +190,10 @@ func (s *DockerSuite) TestLogsSince(c *check.C) { // Test with default value specified and parameter omitted expected := []string{"log1", "log2", "log3"} for _, cmd := range [][]string{ - []string{dockerBinary, "logs", "-t", name}, - []string{dockerBinary, "logs", "-t", "--since=0", name}, + {"logs", "-t", name}, + {"logs", "-t", "--since=0", name}, } { - result := icmd.RunCommand(cmd...) + result := icmd.RunCommand(dockerBinary, cmd...) result.Assert(c, icmd.Success) for _, v := range expected { c.Assert(result.Combined(), checker.Contains, v) diff --git a/integration-cli/docker_cli_plugins_test.go b/integration-cli/docker_cli_plugins_test.go index 0593bebaa5..f5b7c9bd86 100644 --- a/integration-cli/docker_cli_plugins_test.go +++ b/integration-cli/docker_cli_plugins_test.go @@ -2,15 +2,14 @@ package main import ( "fmt" - "os/exec" - - "github.com/docker/docker/integration-cli/checker" - "github.com/go-check/check" - "io/ioutil" "os" "path/filepath" "strings" + + "github.com/docker/docker/integration-cli/checker" + icmd "github.com/docker/docker/pkg/testutil/cmd" + "github.com/go-check/check" ) var ( @@ -305,15 +304,11 @@ func (s *DockerTrustSuite) TestPluginTrustedInstall(c *check.C) { trustedName := s.setupTrustedplugin(c, pNameWithTag, "trusted-plugin-install") - installCmd := exec.Command(dockerBinary, "plugin", "install", "--grant-all-permissions", trustedName) - s.trustedCmd(installCmd) - out, _, err := runCommandWithOutput(installCmd) + icmd.RunCmd(icmd.Command(dockerBinary, "plugin", "install", "--grant-all-permissions", trustedName), trustedCmd).Assert(c, icmd.Expected{ + Out: trustedName, + }) - c.Assert(strings.TrimSpace(out), checker.Contains, trustedName) - c.Assert(err, checker.IsNil) - c.Assert(strings.TrimSpace(out), checker.Contains, trustedName) - - out, _, err = dockerCmdWithError("plugin", "ls") + out, _, err := dockerCmdWithError("plugin", "ls") c.Assert(err, checker.IsNil) c.Assert(out, checker.Contains, "true") @@ -330,11 +325,7 @@ func (s *DockerTrustSuite) TestPluginTrustedInstall(c *check.C) { c.Assert(strings.TrimSpace(out), checker.Contains, trustedName) // Try untrusted pull to ensure we pushed the tag to the registry - installCmd = exec.Command(dockerBinary, "plugin", "install", "--disable-content-trust=true", "--grant-all-permissions", trustedName) - s.trustedCmd(installCmd) - out, _, err = runCommandWithOutput(installCmd) - c.Assert(err, check.IsNil, check.Commentf(out)) - c.Assert(string(out), checker.Contains, "Status: Downloaded", check.Commentf(out)) + icmd.RunCmd(icmd.Command(dockerBinary, "plugin", "install", "--disable-content-trust=true", "--grant-all-permissions", trustedName), trustedCmd).Assert(c, SuccessDownloaded) out, _, err = dockerCmdWithError("plugin", "ls") c.Assert(err, checker.IsNil) @@ -352,12 +343,10 @@ func (s *DockerTrustSuite) TestPluginUntrustedInstall(c *check.C) { dockerCmd(c, "plugin", "rm", "-f", pluginName) // Try trusted install on untrusted plugin - installCmd := exec.Command(dockerBinary, "plugin", "install", "--grant-all-permissions", pluginName) - s.trustedCmd(installCmd) - out, _, err := runCommandWithOutput(installCmd) - - c.Assert(err, check.NotNil, check.Commentf(out)) - c.Assert(string(out), checker.Contains, "Error: remote trust data does not exist", check.Commentf(out)) + icmd.RunCmd(icmd.Command(dockerBinary, "plugin", "install", "--grant-all-permissions", pluginName), trustedCmd).Assert(c, icmd.Expected{ + ExitCode: 1, + Err: "Error: remote trust data does not exist", + }) } func (s *DockerSuite) TestPluginIDPrefix(c *check.C) { diff --git a/integration-cli/docker_cli_proxy_test.go b/integration-cli/docker_cli_proxy_test.go index 6255e9cc7f..3344985a0a 100644 --- a/integration-cli/docker_cli_proxy_test.go +++ b/integration-cli/docker_cli_proxy_test.go @@ -2,20 +2,19 @@ package main import ( "net" - "os/exec" "strings" - icmd "github.com/docker/docker/pkg/testutil/cmd" "github.com/docker/docker/integration-cli/checker" + icmd "github.com/docker/docker/pkg/testutil/cmd" "github.com/go-check/check" ) func (s *DockerSuite) TestCLIProxyDisableProxyUnixSock(c *check.C) { testRequires(c, DaemonIsLinux, SameHostDaemon) - icmd.RunCmd(icm.Cmd{ + icmd.RunCmd(icmd.Cmd{ Command: []string{dockerBinary, "info"}, - Env: appendBaseEnv(false, "HTTP_PROXY=http://127.0.0.1:9999"), + Env: appendBaseEnv(false, "HTTP_PROXY=http://127.0.0.1:9999"), }).Assert(c, icmd.Success) } @@ -42,11 +41,11 @@ func (s *DockerDaemonSuite) TestCLIProxyProxyTCPSock(c *check.C) { icmd.RunCmd(icmd.Cmd{ Command: []string{dockerBinary, "info"}, - Env: []string{"DOCKER_HOST=tcp://" + ip + ":2375", "HTTP_PROXY=127.0.0.1:9999"}, - }).Assert(c, icmd.Expected{Error:"exit status 1", ExitCode: 1}) + Env: []string{"DOCKER_HOST=tcp://" + ip + ":2375", "HTTP_PROXY=127.0.0.1:9999"}, + }).Assert(c, icmd.Expected{Error: "exit status 1", ExitCode: 1}) // Test with no_proxy - icmd.RunCommand(icmd.Cmd{ + icmd.RunCmd(icmd.Cmd{ Command: []string{dockerBinary, "info"}, - Env: []string{"DOCKER_HOST=tcp://" + ip + ":2375", "HTTP_PROXY=127.0.0.1:9999", "NO_PROXY="+ip}, + Env: []string{"DOCKER_HOST=tcp://" + ip + ":2375", "HTTP_PROXY=127.0.0.1:9999", "NO_PROXY=" + ip}, }).Assert(c, icmd.Success) } diff --git a/integration-cli/docker_cli_pull_local_test.go b/integration-cli/docker_cli_pull_local_test.go index 7dfaad003b..bba0dd8037 100644 --- a/integration-cli/docker_cli_pull_local_test.go +++ b/integration-cli/docker_cli_pull_local_test.go @@ -5,18 +5,17 @@ import ( "fmt" "io/ioutil" "os" - "os/exec" "path/filepath" "runtime" "strings" "github.com/docker/distribution" "github.com/docker/distribution/digest" - icmd "github.com/docker/docker/pkg/testutil/cmd" "github.com/docker/distribution/manifest" "github.com/docker/distribution/manifest/manifestlist" "github.com/docker/distribution/manifest/schema2" "github.com/docker/docker/integration-cli/checker" + icmd "github.com/docker/docker/pkg/testutil/cmd" "github.com/go-check/check" ) diff --git a/integration-cli/docker_cli_pull_trusted_test.go b/integration-cli/docker_cli_pull_trusted_test.go index 59ccfd0d2e..b068bb23f3 100644 --- a/integration-cli/docker_cli_pull_trusted_test.go +++ b/integration-cli/docker_cli_pull_trusted_test.go @@ -3,12 +3,11 @@ package main import ( "fmt" "io/ioutil" - "os/exec" - "strings" "time" "github.com/docker/docker/integration-cli/checker" "github.com/docker/docker/pkg/testutil" + icmd "github.com/docker/docker/pkg/testutil/cmd" "github.com/go-check/check" ) @@ -16,33 +15,18 @@ func (s *DockerTrustSuite) TestTrustedPull(c *check.C) { repoName := s.setupTrustedImage(c, "trusted-pull") // Try pull - pullCmd := exec.Command(dockerBinary, "pull", repoName) - s.trustedCmd(pullCmd) - out, _, err := runCommandWithOutput(pullCmd) - - c.Assert(err, check.IsNil, check.Commentf(out)) - c.Assert(string(out), checker.Contains, "Tagging", check.Commentf(out)) + icmd.RunCmd(icmd.Command(dockerBinary, "pull", repoName), trustedCmd).Assert(c, SuccessTagging) dockerCmd(c, "rmi", repoName) // Try untrusted pull to ensure we pushed the tag to the registry - pullCmd = exec.Command(dockerBinary, "pull", "--disable-content-trust=true", repoName) - s.trustedCmd(pullCmd) - out, _, err = runCommandWithOutput(pullCmd) - c.Assert(err, check.IsNil, check.Commentf(out)) - c.Assert(string(out), checker.Contains, "Status: Downloaded", check.Commentf(out)) - + icmd.RunCmd(icmd.Command(dockerBinary, "pull", "--disable-content-trust=true", repoName), trustedCmd).Assert(c, SuccessDownloaded) } func (s *DockerTrustSuite) TestTrustedIsolatedPull(c *check.C) { repoName := s.setupTrustedImage(c, "trusted-isolated-pull") // Try pull (run from isolated directory without trust information) - pullCmd := exec.Command(dockerBinary, "--config", "/tmp/docker-isolated", "pull", repoName) - s.trustedCmd(pullCmd) - out, _, err := runCommandWithOutput(pullCmd) - - c.Assert(err, check.IsNil, check.Commentf(out)) - c.Assert(string(out), checker.Contains, "Tagging", check.Commentf(string(out))) + icmd.RunCmd(icmd.Command(dockerBinary, "--config", "/tmp/docker-isolated", "pull", repoName), trustedCmd).Assert(c, SuccessTagging) dockerCmd(c, "rmi", repoName) } @@ -55,12 +39,10 @@ func (s *DockerTrustSuite) TestUntrustedPull(c *check.C) { dockerCmd(c, "rmi", repoName) // Try trusted pull on untrusted tag - pullCmd := exec.Command(dockerBinary, "pull", repoName) - s.trustedCmd(pullCmd) - out, _, err := runCommandWithOutput(pullCmd) - - c.Assert(err, check.NotNil, check.Commentf(out)) - c.Assert(string(out), checker.Contains, "Error: remote trust data does not exist", check.Commentf(out)) + icmd.RunCmd(icmd.Command(dockerBinary, "pull", repoName), trustedCmd).Assert(c, icmd.Expected{ + ExitCode: 1, + Err: "Error: remote trust data does not exist", + }) } func (s *DockerTrustSuite) TestPullWhenCertExpired(c *check.C) { @@ -72,22 +54,19 @@ func (s *DockerTrustSuite) TestPullWhenCertExpired(c *check.C) { testutil.RunAtDifferentDate(elevenYearsFromNow, func() { // Try pull - pullCmd := exec.Command(dockerBinary, "pull", repoName) - s.trustedCmd(pullCmd) - out, _, err := runCommandWithOutput(pullCmd) - - c.Assert(err, check.NotNil, check.Commentf(out)) - c.Assert(string(out), checker.Contains, "could not validate the path to a trusted root", check.Commentf(out)) + icmd.RunCmd(icmd.Cmd{ + Command: []string{dockerBinary, "pull", repoName}, + }, trustedCmd).Assert(c, icmd.Expected{ + ExitCode: 1, + Err: "could not validate the path to a trusted root", + }) }) testutil.RunAtDifferentDate(elevenYearsFromNow, func() { // Try pull - pullCmd := exec.Command(dockerBinary, "pull", "--disable-content-trust", repoName) - s.trustedCmd(pullCmd) - out, _, err := runCommandWithOutput(pullCmd) - - c.Assert(err, check.IsNil, check.Commentf(out)) - c.Assert(string(out), checker.Contains, "Status: Downloaded", check.Commentf(out)) + icmd.RunCmd(icmd.Cmd{ + Command: []string{dockerBinary, "pull", "--disable-content-trust", repoName}, + }, trustedCmd).Assert(c, SuccessDownloaded) }) } @@ -101,21 +80,11 @@ func (s *DockerTrustSuite) TestTrustedPullFromBadTrustServer(c *check.C) { // tag the image and upload it to the private registry dockerCmd(c, "tag", "busybox", repoName) - pushCmd := exec.Command(dockerBinary, "push", repoName) - s.trustedCmd(pushCmd) - out, _, err := runCommandWithOutput(pushCmd) - - c.Assert(err, check.IsNil, check.Commentf(out)) - c.Assert(string(out), checker.Contains, "Signing and pushing trust metadata", check.Commentf(out)) + icmd.RunCmd(icmd.Command(dockerBinary, "push", repoName), trustedCmd).Assert(c, SuccessSigningAndPushing) dockerCmd(c, "rmi", repoName) // Try pull - pullCmd := exec.Command(dockerBinary, "pull", repoName) - s.trustedCmd(pullCmd) - out, _, err = runCommandWithOutput(pullCmd) - - c.Assert(err, check.IsNil, check.Commentf(out)) - c.Assert(string(out), checker.Contains, "Tagging", check.Commentf(out)) + icmd.RunCmd(icmd.Command(dockerBinary, "pull", repoName), trustedCmd).Assert(c, SuccessTagging) dockerCmd(c, "rmi", repoName) // Kill the notary server, start a new "evil" one. @@ -129,23 +98,13 @@ func (s *DockerTrustSuite) TestTrustedPullFromBadTrustServer(c *check.C) { dockerCmd(c, "--config", evilLocalConfigDir, "tag", "busybox", repoName) // Push up to the new server - pushCmd = exec.Command(dockerBinary, "--config", evilLocalConfigDir, "push", repoName) - s.trustedCmd(pushCmd) - out, _, err = runCommandWithOutput(pushCmd) - - c.Assert(err, check.IsNil, check.Commentf(out)) - c.Assert(string(out), checker.Contains, "Signing and pushing trust metadata", check.Commentf(out)) + icmd.RunCmd(icmd.Command(dockerBinary, "--config", evilLocalConfigDir, "push", repoName), trustedCmd).Assert(c, SuccessSigningAndPushing) // Now, try pulling with the original client from this new trust server. This should fail because the new root is invalid. - pullCmd = exec.Command(dockerBinary, "pull", repoName) - s.trustedCmd(pullCmd) - out, _, err = runCommandWithOutput(pullCmd) - if err == nil { - c.Fatalf("Continuing with cached data even though it's an invalid root rotation: %s\n%s", err, out) - } - if !strings.Contains(out, "could not rotate trust to a new trusted root") { - c.Fatalf("Missing expected output on trusted pull:\n%s", out) - } + icmd.RunCmd(icmd.Command(dockerBinary, "pull", repoName), trustedCmd).Assert(c, icmd.Expected{ + ExitCode: 1, + Err: "could not rotate trust to a new trusted root", + }) } func (s *DockerTrustSuite) TestTrustedPullWithExpiredSnapshot(c *check.C) { @@ -155,13 +114,7 @@ func (s *DockerTrustSuite) TestTrustedPullWithExpiredSnapshot(c *check.C) { dockerCmd(c, "tag", "busybox", repoName) // Push with default passphrases - pushCmd := exec.Command(dockerBinary, "push", repoName) - s.trustedCmd(pushCmd) - out, _, err := runCommandWithOutput(pushCmd) - - c.Assert(err, check.IsNil, check.Commentf(out)) - c.Assert(string(out), checker.Contains, "Signing and pushing trust metadata", check.Commentf(out)) - + icmd.RunCmd(icmd.Command(dockerBinary, "push", repoName), trustedCmd).Assert(c, SuccessSigningAndPushing) dockerCmd(c, "rmi", repoName) // Snapshots last for three years. This should be expired @@ -169,41 +122,28 @@ func (s *DockerTrustSuite) TestTrustedPullWithExpiredSnapshot(c *check.C) { testutil.RunAtDifferentDate(fourYearsLater, func() { // Try pull - pullCmd := exec.Command(dockerBinary, "pull", repoName) - s.trustedCmd(pullCmd) - out, _, err = runCommandWithOutput(pullCmd) - - c.Assert(err, check.NotNil, check.Commentf("Missing expected error running trusted pull with expired snapshots")) - c.Assert(string(out), checker.Contains, "repository out-of-date", check.Commentf(out)) + icmd.RunCmd(icmd.Cmd{ + Command: []string{dockerBinary, "pull", repoName}, + }, trustedCmd).Assert(c, icmd.Expected{ + ExitCode: 1, + Err: "repository out-of-date", + }) }) } func (s *DockerTrustSuite) TestTrustedOfflinePull(c *check.C) { repoName := s.setupTrustedImage(c, "trusted-offline-pull") - pullCmd := exec.Command(dockerBinary, "pull", repoName) - s.trustedCmdWithServer(pullCmd, "https://invalidnotaryserver") - out, _, err := runCommandWithOutput(pullCmd) - - c.Assert(err, check.NotNil, check.Commentf(out)) - c.Assert(string(out), checker.Contains, "error contacting notary server", check.Commentf(out)) + icmd.RunCmd(icmd.Command(dockerBinary, "pull", repoName), trustedCmdWithServer("https://invalidnotaryserver")).Assert(c, icmd.Expected{ + ExitCode: 1, + Err: "error contacting notary server", + }) // Do valid trusted pull to warm cache - pullCmd = exec.Command(dockerBinary, "pull", repoName) - s.trustedCmd(pullCmd) - out, _, err = runCommandWithOutput(pullCmd) - - c.Assert(err, check.IsNil, check.Commentf(out)) - c.Assert(string(out), checker.Contains, "Tagging", check.Commentf(out)) - + icmd.RunCmd(icmd.Command(dockerBinary, "pull", repoName), trustedCmd).Assert(c, SuccessTagging) dockerCmd(c, "rmi", repoName) // Try pull again with invalid notary server, should use cache - pullCmd = exec.Command(dockerBinary, "pull", repoName) - s.trustedCmdWithServer(pullCmd, "https://invalidnotaryserver") - out, _, err = runCommandWithOutput(pullCmd) - - c.Assert(err, check.IsNil, check.Commentf(out)) - c.Assert(string(out), checker.Contains, "Tagging", check.Commentf(out)) + icmd.RunCmd(icmd.Command(dockerBinary, "pull", repoName), trustedCmdWithServer("https://invalidnotaryserver")).Assert(c, SuccessTagging) } func (s *DockerTrustSuite) TestTrustedPullDelete(c *check.C) { @@ -214,29 +154,16 @@ func (s *DockerTrustSuite) TestTrustedPullDelete(c *check.C) { CMD echo trustedpulldelete `, true) - pushCmd := exec.Command(dockerBinary, "push", repoName) - s.trustedCmd(pushCmd) - out, _, err := runCommandWithOutput(pushCmd) - if err != nil { - c.Fatalf("Error running trusted push: %s\n%s", err, out) - } - if !strings.Contains(string(out), "Signing and pushing trust metadata") { - c.Fatalf("Missing expected output on trusted push:\n%s", out) - } + icmd.RunCmd(icmd.Command(dockerBinary, "push", repoName), trustedCmd).Assert(c, SuccessSigningAndPushing) - if out, status := dockerCmd(c, "rmi", repoName); status != 0 { - c.Fatalf("Error removing image %q\n%s", repoName, out) - } + dockerCmd(c, "rmi", repoName) // Try pull - pullCmd := exec.Command(dockerBinary, "pull", repoName) - s.trustedCmd(pullCmd) - out, _, err = runCommandWithOutput(pullCmd) + result := icmd.RunCmd(icmd.Command(dockerBinary, "pull", repoName), trustedCmd) + result.Assert(c, icmd.Success) - c.Assert(err, check.IsNil, check.Commentf(out)) - - matches := digestRegex.FindStringSubmatch(out) - c.Assert(matches, checker.HasLen, 2, check.Commentf("unable to parse digest from pull output: %s", out)) + matches := digestRegex.FindStringSubmatch(result.Combined()) + c.Assert(matches, checker.HasLen, 2, check.Commentf("unable to parse digest from pull output: %s", result.Combined())) pullDigest := matches[1] imageID := inspectField(c, repoName, "Id") @@ -263,18 +190,13 @@ func (s *DockerTrustSuite) TestTrustedPullReadsFromReleasesRole(c *check.C) { // Push with targets first, initializing the repo dockerCmd(c, "tag", "busybox", targetName) - pushCmd := exec.Command(dockerBinary, "push", targetName) - s.trustedCmd(pushCmd) - out, _, err := runCommandWithOutput(pushCmd) - c.Assert(err, check.IsNil, check.Commentf(out)) + icmd.RunCmd(icmd.Command(dockerBinary, "push", targetName), trustedCmd).Assert(c, icmd.Success) s.assertTargetInRoles(c, repoName, "latest", "targets") // Try pull, check we retrieve from targets role - pullCmd := exec.Command(dockerBinary, "-D", "pull", repoName) - s.trustedCmd(pullCmd) - out, _, err = runCommandWithOutput(pullCmd) - c.Assert(err, check.IsNil, check.Commentf(out)) - c.Assert(out, checker.Contains, "retrieving target for targets role") + icmd.RunCmd(icmd.Command(dockerBinary, "-D", "pull", repoName), trustedCmd).Assert(c, icmd.Expected{ + Err: "retrieving target for targets role", + }) // Now we'll create the releases role, and try pushing and pulling s.notaryCreateDelegation(c, repoName, "targets/releases", s.not.keys[0].Public) @@ -283,31 +205,23 @@ func (s *DockerTrustSuite) TestTrustedPullReadsFromReleasesRole(c *check.C) { // try a pull, check that we can still pull because we can still read the // old tag in the targets role - pullCmd = exec.Command(dockerBinary, "-D", "pull", repoName) - s.trustedCmd(pullCmd) - out, _, err = runCommandWithOutput(pullCmd) - c.Assert(err, check.IsNil, check.Commentf(out)) - c.Assert(out, checker.Contains, "retrieving target for targets role") + icmd.RunCmd(icmd.Command(dockerBinary, "-D", "pull", repoName), trustedCmd).Assert(c, icmd.Expected{ + Err: "retrieving target for targets role", + }) // try a pull -a, check that it succeeds because we can still pull from the // targets role - pullCmd = exec.Command(dockerBinary, "-D", "pull", "-a", repoName) - s.trustedCmd(pullCmd) - out, _, err = runCommandWithOutput(pullCmd) - c.Assert(err, check.IsNil, check.Commentf(out)) + icmd.RunCmd(icmd.Command(dockerBinary, "-D", "pull", "-a", repoName), trustedCmd).Assert(c, icmd.Success) // Push, should sign with targets/releases dockerCmd(c, "tag", "busybox", targetName) - pushCmd = exec.Command(dockerBinary, "push", targetName) - s.trustedCmd(pushCmd) - out, _, err = runCommandWithOutput(pushCmd) + icmd.RunCmd(icmd.Command(dockerBinary, "push", targetName), trustedCmd).Assert(c, icmd.Success) s.assertTargetInRoles(c, repoName, "latest", "targets", "targets/releases") // Try pull, check we retrieve from targets/releases role - pullCmd = exec.Command(dockerBinary, "-D", "pull", repoName) - s.trustedCmd(pullCmd) - out, _, err = runCommandWithOutput(pullCmd) - c.Assert(out, checker.Contains, "retrieving target for targets/releases role") + icmd.RunCmd(icmd.Command(dockerBinary, "-D", "pull", repoName), trustedCmd).Assert(c, icmd.Expected{ + Err: "retrieving target for targets/releases role", + }) // Create another delegation that we'll sign with s.notaryCreateDelegation(c, repoName, "targets/other", s.not.keys[1].Public) @@ -315,16 +229,13 @@ func (s *DockerTrustSuite) TestTrustedPullReadsFromReleasesRole(c *check.C) { s.notaryPublish(c, repoName) dockerCmd(c, "tag", "busybox", targetName) - pushCmd = exec.Command(dockerBinary, "push", targetName) - s.trustedCmd(pushCmd) - out, _, err = runCommandWithOutput(pushCmd) + icmd.RunCmd(icmd.Command(dockerBinary, "push", targetName), trustedCmd).Assert(c, icmd.Success) s.assertTargetInRoles(c, repoName, "latest", "targets", "targets/releases", "targets/other") // Try pull, check we retrieve from targets/releases role - pullCmd = exec.Command(dockerBinary, "-D", "pull", repoName) - s.trustedCmd(pullCmd) - out, _, err = runCommandWithOutput(pullCmd) - c.Assert(out, checker.Contains, "retrieving target for targets/releases role") + icmd.RunCmd(icmd.Command(dockerBinary, "-D", "pull", repoName), trustedCmd).Assert(c, icmd.Expected{ + Err: "retrieving target for targets/releases role", + }) } func (s *DockerTrustSuite) TestTrustedPullIgnoresOtherDelegationRoles(c *check.C) { @@ -341,26 +252,22 @@ func (s *DockerTrustSuite) TestTrustedPullIgnoresOtherDelegationRoles(c *check.C // Push should write to the delegation role, not targets dockerCmd(c, "tag", "busybox", targetName) - pushCmd := exec.Command(dockerBinary, "push", targetName) - s.trustedCmd(pushCmd) - out, _, err := runCommandWithOutput(pushCmd) - c.Assert(err, check.IsNil, check.Commentf(out)) + icmd.RunCmd(icmd.Command(dockerBinary, "push", targetName), trustedCmd).Assert(c, icmd.Success) s.assertTargetInRoles(c, repoName, "latest", "targets/other") s.assertTargetNotInRoles(c, repoName, "latest", "targets") // Try pull - we should fail, since pull will only pull from the targets/releases // role or the targets role - pullCmd := exec.Command(dockerBinary, "-D", "pull", repoName) - s.trustedCmd(pullCmd) - out, _, err = runCommandWithOutput(pullCmd) - c.Assert(err, check.NotNil, check.Commentf(out)) - c.Assert(out, checker.Contains, "No trust data for") + dockerCmd(c, "tag", "busybox", targetName) + icmd.RunCmd(icmd.Command(dockerBinary, "-D", "pull", repoName), trustedCmd).Assert(c, icmd.Expected{ + ExitCode: 1, + Err: "No trust data for", + }) // try a pull -a: we should fail since pull will only pull from the targets/releases // role or the targets role - pullCmd = exec.Command(dockerBinary, "-D", "pull", "-a", repoName) - s.trustedCmd(pullCmd) - out, _, err = runCommandWithOutput(pullCmd) - c.Assert(err, check.NotNil, check.Commentf(out)) - c.Assert(out, checker.Contains, "No trusted tags for") + icmd.RunCmd(icmd.Command(dockerBinary, "-D", "pull", "-a", repoName), trustedCmd).Assert(c, icmd.Expected{ + ExitCode: 1, + Err: "No trusted tags for", + }) } diff --git a/integration-cli/docker_cli_push_test.go b/integration-cli/docker_cli_push_test.go index fb67bc997c..aa1b0bd9c0 100644 --- a/integration-cli/docker_cli_push_test.go +++ b/integration-cli/docker_cli_push_test.go @@ -7,17 +7,16 @@ import ( "net/http" "net/http/httptest" "os" - "os/exec" "path/filepath" "strings" "sync" "time" "github.com/docker/distribution/reference" - icmd "github.com/docker/docker/pkg/testutil/cmd" cliconfig "github.com/docker/docker/cli/config" "github.com/docker/docker/integration-cli/checker" "github.com/docker/docker/pkg/testutil" + icmd "github.com/docker/docker/pkg/testutil/cmd" "github.com/go-check/check" ) @@ -138,11 +137,11 @@ func testPushEmptyLayer(c *check.C) { icmd.RunCmd(icmd.Cmd{ Command: []string{dockerBinary, "import", "-", repoName}, - Stdin: freader, + Stdin: freader, }).Assert(c, icmd.Success) // Now verify we can push it - out, _, err = dockerCmdWithError("push", repoName) + out, _, err := dockerCmdWithError("push", repoName) c.Assert(err, check.IsNil, check.Commentf("pushing the image to the private registry has failed: %s", out)) } @@ -288,18 +287,12 @@ func (s *DockerTrustSuite) TestTrustedPush(c *check.C) { // tag the image and upload it to the private registry dockerCmd(c, "tag", "busybox", repoName) - pushCmd := exec.Command(dockerBinary, "push", repoName) - s.trustedCmd(pushCmd) - out, _, err := runCommandWithOutput(pushCmd) - c.Assert(err, check.IsNil, check.Commentf("Error running trusted push: %s\n%s", err, out)) - c.Assert(out, checker.Contains, "Signing and pushing trust metadata", check.Commentf("Missing expected output on trusted push")) + icmd.RunCmd(icmd.Command(dockerBinary, "push", repoName), trustedCmd).Assert(c, SuccessSigningAndPushing) // Try pull after push - pullCmd := exec.Command(dockerBinary, "pull", repoName) - s.trustedCmd(pullCmd) - out, _, err = runCommandWithOutput(pullCmd) - c.Assert(err, check.IsNil, check.Commentf(out)) - c.Assert(string(out), checker.Contains, "Status: Image is up to date", check.Commentf(out)) + icmd.RunCmd(icmd.Command(dockerBinary, "pull", repoName), trustedCmd).Assert(c, icmd.Expected{ + Out: "Status: Image is up to date", + }) // Assert that we rotated the snapshot key to the server by checking our local keystore contents, err := ioutil.ReadDir(filepath.Join(cliconfig.Dir(), "trust/private/tuf_keys", privateRegistryURL, "dockerclitrusted/pushtest")) @@ -313,18 +306,12 @@ func (s *DockerTrustSuite) TestTrustedPushWithEnvPasswords(c *check.C) { // tag the image and upload it to the private registry dockerCmd(c, "tag", "busybox", repoName) - pushCmd := exec.Command(dockerBinary, "push", repoName) - s.trustedCmdWithPassphrases(pushCmd, "12345678", "12345678") - out, _, err := runCommandWithOutput(pushCmd) - c.Assert(err, check.IsNil, check.Commentf("Error running trusted push: %s\n%s", err, out)) - c.Assert(out, checker.Contains, "Signing and pushing trust metadata", check.Commentf("Missing expected output on trusted push")) + icmd.RunCmd(icmd.Command(dockerBinary, "push", repoName), trustedCmdWithPassphrases("12345678", "12345678")).Assert(c, SuccessSigningAndPushing) // Try pull after push - pullCmd := exec.Command(dockerBinary, "pull", repoName) - s.trustedCmd(pullCmd) - out, _, err = runCommandWithOutput(pullCmd) - c.Assert(err, check.IsNil, check.Commentf(out)) - c.Assert(string(out), checker.Contains, "Status: Image is up to date", check.Commentf(out)) + icmd.RunCmd(icmd.Command(dockerBinary, "pull", repoName), trustedCmd).Assert(c, icmd.Expected{ + Out: "Status: Image is up to date", + }) } func (s *DockerTrustSuite) TestTrustedPushWithFailingServer(c *check.C) { @@ -332,12 +319,11 @@ func (s *DockerTrustSuite) TestTrustedPushWithFailingServer(c *check.C) { // tag the image and upload it to the private registry dockerCmd(c, "tag", "busybox", repoName) - pushCmd := exec.Command(dockerBinary, "push", repoName) // Using a name that doesn't resolve to an address makes this test faster - s.trustedCmdWithServer(pushCmd, "https://server.invalid:81/") - out, _, err := runCommandWithOutput(pushCmd) - c.Assert(err, check.NotNil, check.Commentf("Missing error while running trusted push w/ no server")) - c.Assert(out, checker.Contains, "error contacting notary server", check.Commentf("Missing expected output on trusted push")) + icmd.RunCmd(icmd.Command(dockerBinary, "push", repoName), trustedCmdWithServer("https://server.invalid:81/")).Assert(c, icmd.Expected{ + ExitCode: 1, + Err: "error contacting notary server", + }) } func (s *DockerTrustSuite) TestTrustedPushWithoutServerAndUntrusted(c *check.C) { @@ -345,12 +331,9 @@ func (s *DockerTrustSuite) TestTrustedPushWithoutServerAndUntrusted(c *check.C) // tag the image and upload it to the private registry dockerCmd(c, "tag", "busybox", repoName) - pushCmd := exec.Command(dockerBinary, "push", "--disable-content-trust", repoName) - // Using a name that doesn't resolve to an address makes this test faster - s.trustedCmdWithServer(pushCmd, "https://server.invalid") - out, _, err := runCommandWithOutput(pushCmd) - c.Assert(err, check.IsNil, check.Commentf("trusted push with no server and --disable-content-trust failed: %s\n%s", err, out)) - c.Assert(out, check.Not(checker.Contains), "Error establishing connection to notary repository", check.Commentf("Missing expected output on trusted push with --disable-content-trust:")) + result := icmd.RunCmd(icmd.Command(dockerBinary, "push", "--disable-content-trust", repoName), trustedCmdWithServer("https://server.invalid:81/")) + result.Assert(c, icmd.Success) + c.Assert(result.Combined(), check.Not(checker.Contains), "Error establishing connection to notary repository", check.Commentf("Missing expected output on trusted push with --disable-content-trust:")) } func (s *DockerTrustSuite) TestTrustedPushWithExistingTag(c *check.C) { @@ -359,18 +342,12 @@ func (s *DockerTrustSuite) TestTrustedPushWithExistingTag(c *check.C) { dockerCmd(c, "tag", "busybox", repoName) dockerCmd(c, "push", repoName) - pushCmd := exec.Command(dockerBinary, "push", repoName) - s.trustedCmd(pushCmd) - out, _, err := runCommandWithOutput(pushCmd) - c.Assert(err, check.IsNil, check.Commentf("trusted push failed: %s\n%s", err, out)) - c.Assert(out, checker.Contains, "Signing and pushing trust metadata", check.Commentf("Missing expected output on trusted push with existing tag")) + icmd.RunCmd(icmd.Command(dockerBinary, "push", repoName), trustedCmd).Assert(c, SuccessSigningAndPushing) // Try pull after push - pullCmd := exec.Command(dockerBinary, "pull", repoName) - s.trustedCmd(pullCmd) - out, _, err = runCommandWithOutput(pullCmd) - c.Assert(err, check.IsNil, check.Commentf(out)) - c.Assert(string(out), checker.Contains, "Status: Image is up to date", check.Commentf(out)) + icmd.RunCmd(icmd.Command(dockerBinary, "pull", repoName), trustedCmd).Assert(c, icmd.Expected{ + Out: "Status: Image is up to date", + }) } func (s *DockerTrustSuite) TestTrustedPushWithExistingSignedTag(c *check.C) { @@ -379,28 +356,14 @@ func (s *DockerTrustSuite) TestTrustedPushWithExistingSignedTag(c *check.C) { dockerCmd(c, "tag", "busybox", repoName) // Do a trusted push - pushCmd := exec.Command(dockerBinary, "push", repoName) - s.trustedCmd(pushCmd) - out, _, err := runCommandWithOutput(pushCmd) - c.Assert(err, check.IsNil, check.Commentf("trusted push failed: %s\n%s", err, out)) - c.Assert(out, checker.Contains, "Signing and pushing trust metadata", check.Commentf("Missing expected output on trusted push with existing tag")) + icmd.RunCmd(icmd.Command(dockerBinary, "push", repoName), trustedCmd).Assert(c, SuccessSigningAndPushing) // Do another trusted push - pushCmd = exec.Command(dockerBinary, "push", repoName) - s.trustedCmd(pushCmd) - out, _, err = runCommandWithOutput(pushCmd) - c.Assert(err, check.IsNil, check.Commentf("trusted push failed: %s\n%s", err, out)) - c.Assert(out, checker.Contains, "Signing and pushing trust metadata", check.Commentf("Missing expected output on trusted push with existing tag")) - + icmd.RunCmd(icmd.Command(dockerBinary, "push", repoName), trustedCmd).Assert(c, SuccessSigningAndPushing) dockerCmd(c, "rmi", repoName) // Try pull to ensure the double push did not break our ability to pull - pullCmd := exec.Command(dockerBinary, "pull", repoName) - s.trustedCmd(pullCmd) - out, _, err = runCommandWithOutput(pullCmd) - c.Assert(err, check.IsNil, check.Commentf("Error running trusted pull: %s\n%s", err, out)) - c.Assert(out, checker.Contains, "Status: Downloaded", check.Commentf("Missing expected output on trusted pull with --disable-content-trust")) - + icmd.RunCmd(icmd.Command(dockerBinary, "pull", repoName), trustedCmd).Assert(c, SuccessDownloaded) } func (s *DockerTrustSuite) TestTrustedPushWithIncorrectPassphraseForNonRoot(c *check.C) { @@ -409,18 +372,13 @@ func (s *DockerTrustSuite) TestTrustedPushWithIncorrectPassphraseForNonRoot(c *c dockerCmd(c, "tag", "busybox", repoName) // Push with default passphrases - pushCmd := exec.Command(dockerBinary, "push", repoName) - s.trustedCmd(pushCmd) - out, _, err := runCommandWithOutput(pushCmd) - c.Assert(err, check.IsNil, check.Commentf("trusted push failed: %s\n%s", err, out)) - c.Assert(out, checker.Contains, "Signing and pushing trust metadata", check.Commentf("Missing expected output on trusted push:\n%s", out)) + icmd.RunCmd(icmd.Command(dockerBinary, "push", repoName), trustedCmd).Assert(c, SuccessSigningAndPushing) // Push with wrong passphrases - pushCmd = exec.Command(dockerBinary, "push", repoName) - s.trustedCmdWithPassphrases(pushCmd, "12345678", "87654321") - out, _, err = runCommandWithOutput(pushCmd) - c.Assert(err, check.NotNil, check.Commentf("Error missing from trusted push with short targets passphrase: \n%s", out)) - c.Assert(out, checker.Contains, "could not find necessary signing keys", check.Commentf("Missing expected output on trusted push with short targets/snapsnot passphrase")) + icmd.RunCmd(icmd.Command(dockerBinary, "push", repoName), trustedCmdWithPassphrases("12345678", "87654321")).Assert(c, icmd.Expected{ + ExitCode: 1, + Err: "could not find necessary signing keys", + }) } func (s *DockerTrustSuite) TestTrustedPushWithExpiredSnapshot(c *check.C) { @@ -430,22 +388,19 @@ func (s *DockerTrustSuite) TestTrustedPushWithExpiredSnapshot(c *check.C) { dockerCmd(c, "tag", "busybox", repoName) // Push with default passphrases - pushCmd := exec.Command(dockerBinary, "push", repoName) - s.trustedCmd(pushCmd) - out, _, err := runCommandWithOutput(pushCmd) - c.Assert(err, check.IsNil, check.Commentf("trusted push failed: %s\n%s", err, out)) - c.Assert(out, checker.Contains, "Signing and pushing trust metadata", check.Commentf("Missing expected output on trusted push")) + icmd.RunCmd(icmd.Command(dockerBinary, "push", repoName), trustedCmd).Assert(c, SuccessSigningAndPushing) // Snapshots last for three years. This should be expired fourYearsLater := time.Now().Add(time.Hour * 24 * 365 * 4) testutil.RunAtDifferentDate(fourYearsLater, func() { // Push with wrong passphrases - pushCmd = exec.Command(dockerBinary, "push", repoName) - s.trustedCmd(pushCmd) - out, _, err = runCommandWithOutput(pushCmd) - c.Assert(err, check.NotNil, check.Commentf("Error missing from trusted push with expired snapshot: \n%s", out)) - c.Assert(out, checker.Contains, "repository out-of-date", check.Commentf("Missing expected output on trusted push with expired snapshot")) + icmd.RunCmd(icmd.Cmd{ + Command: []string{dockerBinary, "push", repoName}, + }, trustedCmd).Assert(c, icmd.Expected{ + ExitCode: 1, + Err: "repository out-of-date", + }) }) } @@ -456,22 +411,15 @@ func (s *DockerTrustSuite) TestTrustedPushWithExpiredTimestamp(c *check.C) { dockerCmd(c, "tag", "busybox", repoName) // Push with default passphrases - pushCmd := exec.Command(dockerBinary, "push", repoName) - s.trustedCmd(pushCmd) - out, _, err := runCommandWithOutput(pushCmd) - c.Assert(err, check.IsNil, check.Commentf("trusted push failed: %s\n%s", err, out)) - c.Assert(out, checker.Contains, "Signing and pushing trust metadata", check.Commentf("Missing expected output on trusted push")) + icmd.RunCmd(icmd.Command(dockerBinary, "push", repoName), trustedCmd).Assert(c, SuccessSigningAndPushing) // The timestamps expire in two weeks. Lets check three threeWeeksLater := time.Now().Add(time.Hour * 24 * 21) // Should succeed because the server transparently re-signs one testutil.RunAtDifferentDate(threeWeeksLater, func() { - pushCmd := exec.Command(dockerBinary, "push", repoName) - s.trustedCmd(pushCmd) - out, _, err := runCommandWithOutput(pushCmd) - c.Assert(err, check.IsNil, check.Commentf("Error running trusted push: %s\n%s", err, out)) - c.Assert(out, checker.Contains, "Signing and pushing trust metadata", check.Commentf("Missing expected output on trusted push with expired timestamp")) + icmd.RunCmd(icmd.Command(dockerBinary, "push", repoName), + trustedCmd).Assert(c, SuccessSigningAndPushing) }) } @@ -488,11 +436,7 @@ func (s *DockerTrustSuite) TestTrustedPushWithReleasesDelegationOnly(c *check.C) // tag the image and upload it to the private registry dockerCmd(c, "tag", "busybox", targetName) - pushCmd := exec.Command(dockerBinary, "push", targetName) - s.trustedCmd(pushCmd) - out, _, err := runCommandWithOutput(pushCmd) - c.Assert(err, check.IsNil, check.Commentf("trusted push failed: %s\n%s", err, out)) - c.Assert(out, checker.Contains, "Signing and pushing trust metadata", check.Commentf("Missing expected output on trusted push with existing tag")) + icmd.RunCmd(icmd.Command(dockerBinary, "push", targetName), trustedCmd).Assert(c, SuccessSigningAndPushing) // check to make sure that the target has been added to targets/releases and not targets s.assertTargetInRoles(c, repoName, "latest", "targets/releases") s.assertTargetNotInRoles(c, repoName, "latest", "targets") @@ -500,11 +444,9 @@ func (s *DockerTrustSuite) TestTrustedPushWithReleasesDelegationOnly(c *check.C) // Try pull after push os.RemoveAll(filepath.Join(cliconfig.Dir(), "trust")) - pullCmd := exec.Command(dockerBinary, "pull", targetName) - s.trustedCmd(pullCmd) - out, _, err = runCommandWithOutput(pullCmd) - c.Assert(err, check.IsNil, check.Commentf(out)) - c.Assert(string(out), checker.Contains, "Status: Image is up to date", check.Commentf(out)) + icmd.RunCmd(icmd.Command(dockerBinary, "pull", targetName), trustedCmd).Assert(c, icmd.Expected{ + Out: "Status: Image is up to date", + }) } func (s *DockerTrustSuite) TestTrustedPushSignsAllFirstLevelRolesWeHaveKeysFor(c *check.C) { @@ -528,11 +470,7 @@ func (s *DockerTrustSuite) TestTrustedPushSignsAllFirstLevelRolesWeHaveKeysFor(c // tag the image and upload it to the private registry dockerCmd(c, "tag", "busybox", targetName) - pushCmd := exec.Command(dockerBinary, "push", targetName) - s.trustedCmd(pushCmd) - out, _, err := runCommandWithOutput(pushCmd) - c.Assert(err, check.IsNil, check.Commentf("trusted push failed: %s\n%s", err, out)) - c.Assert(out, checker.Contains, "Signing and pushing trust metadata", check.Commentf("Missing expected output on trusted push with existing tag")) + icmd.RunCmd(icmd.Command(dockerBinary, "push", targetName), trustedCmd).Assert(c, SuccessSigningAndPushing) // check to make sure that the target has been added to targets/role1 and targets/role2, and // not targets (because there are delegations) or targets/role3 (due to missing key) or @@ -544,10 +482,9 @@ func (s *DockerTrustSuite) TestTrustedPushSignsAllFirstLevelRolesWeHaveKeysFor(c os.RemoveAll(filepath.Join(cliconfig.Dir(), "trust")) // pull should fail because none of these are the releases role - pullCmd := exec.Command(dockerBinary, "pull", targetName) - s.trustedCmd(pullCmd) - out, _, err = runCommandWithOutput(pullCmd) - c.Assert(err, check.NotNil, check.Commentf(out)) + icmd.RunCmd(icmd.Command(dockerBinary, "pull", targetName), trustedCmd).Assert(c, icmd.Expected{ + ExitCode: 1, + }) } func (s *DockerTrustSuite) TestTrustedPushSignsForRolesWithKeysAndValidPaths(c *check.C) { @@ -569,11 +506,7 @@ func (s *DockerTrustSuite) TestTrustedPushSignsForRolesWithKeysAndValidPaths(c * // tag the image and upload it to the private registry dockerCmd(c, "tag", "busybox", targetName) - pushCmd := exec.Command(dockerBinary, "push", targetName) - s.trustedCmd(pushCmd) - out, _, err := runCommandWithOutput(pushCmd) - c.Assert(err, check.IsNil, check.Commentf("trusted push failed: %s\n%s", err, out)) - c.Assert(out, checker.Contains, "Signing and pushing trust metadata", check.Commentf("Missing expected output on trusted push with existing tag")) + icmd.RunCmd(icmd.Command(dockerBinary, "push", targetName), trustedCmd).Assert(c, SuccessSigningAndPushing) // check to make sure that the target has been added to targets/role1 and targets/role4, and // not targets (because there are delegations) or targets/role2 (due to path restrictions) or @@ -585,10 +518,9 @@ func (s *DockerTrustSuite) TestTrustedPushSignsForRolesWithKeysAndValidPaths(c * os.RemoveAll(filepath.Join(cliconfig.Dir(), "trust")) // pull should fail because none of these are the releases role - pullCmd := exec.Command(dockerBinary, "pull", targetName) - s.trustedCmd(pullCmd) - out, _, err = runCommandWithOutput(pullCmd) - c.Assert(err, check.NotNil, check.Commentf(out)) + icmd.RunCmd(icmd.Command(dockerBinary, "pull", targetName), trustedCmd).Assert(c, icmd.Expected{ + ExitCode: 1, + }) } func (s *DockerTrustSuite) TestTrustedPushDoesntSignTargetsIfDelegationsExist(c *check.C) { @@ -604,13 +536,10 @@ func (s *DockerTrustSuite) TestTrustedPushDoesntSignTargetsIfDelegationsExist(c // tag the image and upload it to the private registry dockerCmd(c, "tag", "busybox", targetName) - pushCmd := exec.Command(dockerBinary, "push", targetName) - s.trustedCmd(pushCmd) - out, _, err := runCommandWithOutput(pushCmd) - c.Assert(err, check.NotNil, check.Commentf("trusted push succeeded but should have failed:\n%s", out)) - c.Assert(out, checker.Contains, "no valid signing keys", - check.Commentf("Missing expected output on trusted push without keys")) - + icmd.RunCmd(icmd.Command(dockerBinary, "push", targetName), trustedCmd).Assert(c, icmd.Expected{ + ExitCode: 1, + Err: "no valid signing keys", + }) s.assertTargetNotInRoles(c, repoName, "latest", "targets", "targets/role1") } diff --git a/integration-cli/docker_cli_rmi_test.go b/integration-cli/docker_cli_rmi_test.go index 02679c492d..84ec6a8b00 100644 --- a/integration-cli/docker_cli_rmi_test.go +++ b/integration-cli/docker_cli_rmi_test.go @@ -2,13 +2,12 @@ package main import ( "fmt" - "os/exec" "strings" "time" - icmd "github.com/docker/docker/pkg/testutil/cmd" "github.com/docker/docker/integration-cli/checker" "github.com/docker/docker/pkg/stringid" + icmd "github.com/docker/docker/pkg/testutil/cmd" "github.com/go-check/check" ) @@ -179,7 +178,7 @@ func (s *DockerSuite) TestRmiForceWithExistingContainers(c *check.C) { icmd.RunCmd(icmd.Cmd{ Command: []string{dockerBinary, "build", "--no-cache", "-t", image, "-"}, Stdin: strings.NewReader(`FROM busybox -MAINTAINER foo`) +MAINTAINER foo`), }).Assert(c, icmd.Success) dockerCmd(c, "run", "--name", "test-force-rmi", image, "/bin/true") diff --git a/integration-cli/docker_cli_run_test.go b/integration-cli/docker_cli_run_test.go index 363f6107a7..6f3d11b59e 100644 --- a/integration-cli/docker_cli_run_test.go +++ b/integration-cli/docker_cli_run_test.go @@ -865,7 +865,7 @@ func (s *DockerSuite) TestRunEnvironmentErase(c *check.C) { result := icmd.RunCmd(icmd.Cmd{ Command: []string{dockerBinary, "run", "-e", "FOO", "-e", "HOSTNAME", "busybox", "env"}, - Env: appendBaseEnd(true), + Env: appendBaseEnv(true), }) result.Assert(c, icmd.Success) @@ -897,7 +897,7 @@ func (s *DockerSuite) TestRunEnvironmentOverride(c *check.C) { result := icmd.RunCmd(icmd.Cmd{ Command: []string{dockerBinary, "run", "-e", "HOSTNAME", "-e", "HOME=/root2", "busybox", "env"}, - Env: appendBaseEnv(true, "HOSTNAME=bar"), + Env: appendBaseEnv(true, "HOSTNAME=bar"), }) result.Assert(c, icmd.Success) @@ -3262,30 +3262,11 @@ func (s *DockerTrustSuite) TestTrustedRun(c *check.C) { repoName := s.setupTrustedImage(c, "trusted-run") // Try run - runCmd := exec.Command(dockerBinary, "run", repoName) - s.trustedCmd(runCmd) - out, _, err := runCommandWithOutput(runCmd) - if err != nil { - c.Fatalf("Error running trusted run: %s\n%s\n", err, out) - } - - if !strings.Contains(string(out), "Tagging") { - c.Fatalf("Missing expected output on trusted push:\n%s", out) - } - + icmd.RunCmd(icmd.Command(dockerBinary, "run", repoName), trustedCmd).Assert(c, SuccessTagging) dockerCmd(c, "rmi", repoName) // Try untrusted run to ensure we pushed the tag to the registry - runCmd = exec.Command(dockerBinary, "run", "--disable-content-trust=true", repoName) - s.trustedCmd(runCmd) - out, _, err = runCommandWithOutput(runCmd) - if err != nil { - c.Fatalf("Error running trusted run: %s\n%s", err, out) - } - - if !strings.Contains(string(out), "Status: Downloaded") { - c.Fatalf("Missing expected output on trusted run with --disable-content-trust:\n%s", out) - } + icmd.RunCmd(icmd.Command(dockerBinary, "run", "--disable-content-trust=true", repoName), trustedCmd).Assert(c, SuccessDownloadedOnStderr) } func (s *DockerTrustSuite) TestUntrustedRun(c *check.C) { @@ -3298,16 +3279,10 @@ func (s *DockerTrustSuite) TestUntrustedRun(c *check.C) { dockerCmd(c, "rmi", repoName) // Try trusted run on untrusted tag - runCmd := exec.Command(dockerBinary, "run", repoName) - s.trustedCmd(runCmd) - out, _, err := runCommandWithOutput(runCmd) - if err == nil { - c.Fatalf("Error expected when running trusted run with:\n%s", out) - } - - if !strings.Contains(string(out), "does not have trust data for") { - c.Fatalf("Missing expected output on trusted run:\n%s", out) - } + icmd.RunCmd(icmd.Command(dockerBinary, "run", repoName), trustedCmd).Assert(c, icmd.Expected{ + ExitCode: 125, + Err: "does not have trust data for", + }) } func (s *DockerTrustSuite) TestRunWhenCertExpired(c *check.C) { @@ -3321,30 +3296,19 @@ func (s *DockerTrustSuite) TestRunWhenCertExpired(c *check.C) { testutil.RunAtDifferentDate(elevenYearsFromNow, func() { // Try run - runCmd := exec.Command(dockerBinary, "run", repoName) - s.trustedCmd(runCmd) - out, _, err := runCommandWithOutput(runCmd) - if err == nil { - c.Fatalf("Error running trusted run in the distant future: %s\n%s", err, out) - } - - if !strings.Contains(string(out), "could not validate the path to a trusted root") { - c.Fatalf("Missing expected output on trusted run in the distant future:\n%s", out) - } + icmd.RunCmd(icmd.Cmd{ + Command: []string{dockerBinary, "run", repoName}, + }, trustedCmd).Assert(c, icmd.Expected{ + ExitCode: 1, + Err: "could not validate the path to a trusted root", + }) }) testutil.RunAtDifferentDate(elevenYearsFromNow, func() { // Try run - runCmd := exec.Command(dockerBinary, "run", "--disable-content-trust", repoName) - s.trustedCmd(runCmd) - out, _, err := runCommandWithOutput(runCmd) - if err != nil { - c.Fatalf("Error running untrusted run in the distant future: %s\n%s", err, out) - } - - if !strings.Contains(string(out), "Status: Downloaded") { - c.Fatalf("Missing expected output on untrusted run in the distant future:\n%s", out) - } + icmd.RunCmd(icmd.Cmd{ + Command: []string{dockerBinary, "run", "--disable-content-trust", repoName}, + }, trustedCmd).Assert(c, SuccessDownloaded) }) } @@ -3360,30 +3324,11 @@ func (s *DockerTrustSuite) TestTrustedRunFromBadTrustServer(c *check.C) { // tag the image and upload it to the private registry dockerCmd(c, "tag", "busybox", repoName) - pushCmd := exec.Command(dockerBinary, "push", repoName) - s.trustedCmd(pushCmd) - out, _, err := runCommandWithOutput(pushCmd) - if err != nil { - c.Fatalf("Error running trusted push: %s\n%s", err, out) - } - if !strings.Contains(string(out), "Signing and pushing trust metadata") { - c.Fatalf("Missing expected output on trusted push:\n%s", out) - } - + icmd.RunCmd(icmd.Command(dockerBinary, "push", repoName), trustedCmd).Assert(c, SuccessSigningAndPushing) dockerCmd(c, "rmi", repoName) // Try run - runCmd := exec.Command(dockerBinary, "run", repoName) - s.trustedCmd(runCmd) - out, _, err = runCommandWithOutput(runCmd) - if err != nil { - c.Fatalf("Error running trusted run: %s\n%s", err, out) - } - - if !strings.Contains(string(out), "Tagging") { - c.Fatalf("Missing expected output on trusted push:\n%s", out) - } - + icmd.RunCmd(icmd.Command(dockerBinary, "run", repoName), trustedCmd).Assert(c, SuccessTagging) dockerCmd(c, "rmi", repoName) // Kill the notary server, start a new "evil" one. @@ -3398,27 +3343,13 @@ func (s *DockerTrustSuite) TestTrustedRunFromBadTrustServer(c *check.C) { dockerCmd(c, "--config", evilLocalConfigDir, "tag", "busybox", repoName) // Push up to the new server - pushCmd = exec.Command(dockerBinary, "--config", evilLocalConfigDir, "push", repoName) - s.trustedCmd(pushCmd) - out, _, err = runCommandWithOutput(pushCmd) - if err != nil { - c.Fatalf("Error running trusted push: %s\n%s", err, out) - } - if !strings.Contains(string(out), "Signing and pushing trust metadata") { - c.Fatalf("Missing expected output on trusted push:\n%s", out) - } + icmd.RunCmd(icmd.Command(dockerBinary, "--config", evilLocalConfigDir, "push", repoName), trustedCmd).Assert(c, SuccessSigningAndPushing) // Now, try running with the original client from this new trust server. This should fail because the new root is invalid. - runCmd = exec.Command(dockerBinary, "run", repoName) - s.trustedCmd(runCmd) - out, _, err = runCommandWithOutput(runCmd) - - if err == nil { - c.Fatalf("Continuing with cached data even though it's an invalid root rotation: %s\n%s", err, out) - } - if !strings.Contains(out, "could not rotate trust to a new trusted root") { - c.Fatalf("Missing expected output on trusted run:\n%s", out) - } + icmd.RunCmd(icmd.Command(dockerBinary, "run", repoName), trustedCmd).Assert(c, icmd.Expected{ + ExitCode: 125, + Err: "could not rotate trust to a new trusted root", + }) } func (s *DockerSuite) TestPtraceContainerProcsFromHost(c *check.C) { @@ -4007,7 +3938,7 @@ func (s *DockerSuite) TestRunNonExecutableCmd(c *check.C) { name := "testNonExecutableCmd" icmd.RunCommand(dockerBinary, "run", "--name", name, "busybox", "foo").Assert(c, icmd.Expected{ ExitCode: 127, - Error: "exit status 127", + Error: "exit status 127", }) } @@ -4016,7 +3947,7 @@ func (s *DockerSuite) TestRunNonExistingCmd(c *check.C) { name := "testNonExistingCmd" icmd.RunCommand(dockerBinary, "run", "--name", name, "busybox", "/bin/foo").Assert(c, icmd.Expected{ ExitCode: 127, - Error: "exit status 127", + Error: "exit status 127", }) } @@ -4031,7 +3962,7 @@ func (s *DockerSuite) TestCmdCannotBeInvoked(c *check.C) { name := "testCmdCannotBeInvoked" icmd.RunCommand(dockerBinary, "run", "--name", name, "busybox", "/etc").Assert(c, icmd.Expected{ ExitCode: expected, - Error: fmt.Sprintf("exit status %d", expected), + Error: fmt.Sprintf("exit status %d", expected), }) } @@ -4040,7 +3971,7 @@ func (s *DockerSuite) TestCmdCannotBeInvoked(c *check.C) { func (s *DockerSuite) TestRunNonExistingImage(c *check.C) { icmd.RunCommand(dockerBinary, "run", "foo").Assert(c, icmd.Expected{ ExitCode: 125, - Err: "Unable to find image", + Err: "Unable to find image", }) } @@ -4049,7 +3980,7 @@ func (s *DockerSuite) TestRunNonExistingImage(c *check.C) { func (s *DockerSuite) TestDockerFails(c *check.C) { icmd.RunCommand(dockerBinary, "run", "-foo", "busybox").Assert(c, icmd.Expected{ ExitCode: 125, - Error: "exit status 125", + Error: "exit status 125", }) } diff --git a/integration-cli/docker_cli_run_unix_test.go b/integration-cli/docker_cli_run_unix_test.go index a45821aeb3..172368e793 100644 --- a/integration-cli/docker_cli_run_unix_test.go +++ b/integration-cli/docker_cli_run_unix_test.go @@ -909,7 +909,7 @@ func (s *DockerSuite) TestRunSysctls(c *check.C) { icmd.RunCommand(dockerBinary, "run", "--sysctl", "kernel.foobar=1", "--name", "test2", "busybox", "cat", "/proc/sys/kernel/foobar").Assert(c, icmd.Expected{ - ExitCode: 1, + ExitCode: 125, Err: "invalid argument", }) } @@ -939,7 +939,7 @@ func (s *DockerSuite) TestRunSeccompProfileDenyUnshare(c *check.C) { "--security-opt", "seccomp="+tmpFile.Name(), "debian:jessie", "unshare", "-p", "-m", "-f", "-r", "mount", "-t", "proc", "none", "/proc").Assert(c, icmd.Expected{ ExitCode: 1, - Err: "Operation not permitted", + Err: "Operation not permitted", }) } @@ -973,7 +973,7 @@ func (s *DockerSuite) TestRunSeccompProfileDenyChmod(c *check.C) { icmd.RunCommand(dockerBinary, "run", "--security-opt", "seccomp="+tmpFile.Name(), "busybox", "chmod", "400", "/etc/hostname").Assert(c, icmd.Expected{ ExitCode: 1, - Err: "Operation not permitted", + Err: "Operation not permitted", }) } @@ -1011,7 +1011,7 @@ func (s *DockerSuite) TestRunSeccompProfileDenyUnshareUserns(c *check.C) { "--security-opt", "apparmor=unconfined", "--security-opt", "seccomp="+tmpFile.Name(), "debian:jessie", "unshare", "--map-root-user", "--user", "sh", "-c", "whoami").Assert(c, icmd.Expected{ ExitCode: 1, - Err: "Operation not permitted", + Err: "Operation not permitted", }) } @@ -1023,7 +1023,7 @@ func (s *DockerSuite) TestRunSeccompProfileDenyCloneUserns(c *check.C) { icmd.RunCommand(dockerBinary, "run", "syscall-test", "userns-test", "id").Assert(c, icmd.Expected{ ExitCode: 1, - Err: "clone failed: Operation not permitted", + Err: "clone failed: Operation not permitted", }) } @@ -1152,16 +1152,16 @@ func (s *DockerSuite) TestUserNoEffectiveCapabilitiesChown(c *check.C) { ensureSyscallTest(c) // test that a root user has default capability CAP_CHOWN - dockerCmd("run", "busybox", "chown", "100", "/tmp") + dockerCmd(c, "run", "busybox", "chown", "100", "/tmp") // test that non root user does not have default capability CAP_CHOWN icmd.RunCommand(dockerBinary, "run", "--user", "1000:1000", "busybox", "chown", "100", "/tmp").Assert(c, icmd.Expected{ ExitCode: 1, - Err: "Operation not permitted", + Err: "Operation not permitted", }) // test that root user can drop default capability CAP_CHOWN icmd.RunCommand(dockerBinary, "run", "--cap-drop", "chown", "busybox", "chown", "100", "/tmp").Assert(c, icmd.Expected{ ExitCode: 1, - Err: "Operation not permitted", + Err: "Operation not permitted", }) } @@ -1170,11 +1170,11 @@ func (s *DockerSuite) TestUserNoEffectiveCapabilitiesDacOverride(c *check.C) { ensureSyscallTest(c) // test that a root user has default capability CAP_DAC_OVERRIDE - dockerCmd("run", "busybox", "sh", "-c", "echo test > /etc/passwd") + dockerCmd(c, "run", "busybox", "sh", "-c", "echo test > /etc/passwd") // test that non root user does not have default capability CAP_DAC_OVERRIDE icmd.RunCommand(dockerBinary, "run", "--user", "1000:1000", "busybox", "sh", "-c", "echo test > /etc/passwd").Assert(c, icmd.Expected{ ExitCode: 1, - Err: "Permission denied", + Err: "Permission denied", }) } @@ -1183,11 +1183,11 @@ func (s *DockerSuite) TestUserNoEffectiveCapabilitiesFowner(c *check.C) { ensureSyscallTest(c) // test that a root user has default capability CAP_FOWNER - dockerCmd("run", "busybox", "chmod", "777", "/etc/passwd") + dockerCmd(c, "run", "busybox", "chmod", "777", "/etc/passwd") // test that non root user does not have default capability CAP_FOWNER icmd.RunCommand(dockerBinary, "run", "--user", "1000:1000", "busybox", "chmod", "777", "/etc/passwd").Assert(c, icmd.Expected{ ExitCode: 1, - Err: "Operation not permitted", + Err: "Operation not permitted", }) // TODO test that root user can drop default capability CAP_FOWNER } @@ -1199,16 +1199,16 @@ func (s *DockerSuite) TestUserNoEffectiveCapabilitiesSetuid(c *check.C) { ensureSyscallTest(c) // test that a root user has default capability CAP_SETUID - dockerCmd("run", "syscall-test", "setuid-test") + dockerCmd(c, "run", "syscall-test", "setuid-test") // test that non root user does not have default capability CAP_SETUID icmd.RunCommand(dockerBinary, "run", "--user", "1000:1000", "syscall-test", "setuid-test").Assert(c, icmd.Expected{ ExitCode: 1, - Err: "Operation not permitted", + Err: "Operation not permitted", }) // test that root user can drop default capability CAP_SETUID icmd.RunCommand(dockerBinary, "run", "--cap-drop", "setuid", "syscall-test", "setuid-test").Assert(c, icmd.Expected{ ExitCode: 1, - Err: "Operation not permitted", + Err: "Operation not permitted", }) } @@ -1217,16 +1217,16 @@ func (s *DockerSuite) TestUserNoEffectiveCapabilitiesSetgid(c *check.C) { ensureSyscallTest(c) // test that a root user has default capability CAP_SETGID - dockerCmd("run", "syscall-test", "setgid-test") + dockerCmd(c, "run", "syscall-test", "setgid-test") // test that non root user does not have default capability CAP_SETGID icmd.RunCommand(dockerBinary, "run", "--user", "1000:1000", "syscall-test", "setgid-test").Assert(c, icmd.Expected{ ExitCode: 1, - Err: "Operation not permitted", + Err: "Operation not permitted", }) // test that root user can drop default capability CAP_SETGID icmd.RunCommand(dockerBinary, "run", "--cap-drop", "setgid", "syscall-test", "setgid-test").Assert(c, icmd.Expected{ ExitCode: 1, - Err: "Operation not permitted", + Err: "Operation not permitted", }) } @@ -1237,16 +1237,16 @@ func (s *DockerSuite) TestUserNoEffectiveCapabilitiesNetBindService(c *check.C) ensureSyscallTest(c) // test that a root user has default capability CAP_NET_BIND_SERVICE - dockerCmd("run", "syscall-test", "socket-test") + dockerCmd(c, "run", "syscall-test", "socket-test") // test that non root user does not have default capability CAP_NET_BIND_SERVICE icmd.RunCommand(dockerBinary, "run", "--user", "1000:1000", "syscall-test", "socket-test").Assert(c, icmd.Expected{ ExitCode: 1, - Err: "Permission denied", + Err: "Permission denied", }) // test that root user can drop default capability CAP_NET_BIND_SERVICE icmd.RunCommand(dockerBinary, "run", "--cap-drop", "net_bind_service", "syscall-test", "socket-test").Assert(c, icmd.Expected{ ExitCode: 1, - Err: "Permission denied", + Err: "Permission denied", }) } @@ -1255,16 +1255,16 @@ func (s *DockerSuite) TestUserNoEffectiveCapabilitiesNetRaw(c *check.C) { ensureSyscallTest(c) // test that a root user has default capability CAP_NET_RAW - dockerCmd("run", "syscall-test", "raw-test") + dockerCmd(c, "run", "syscall-test", "raw-test") // test that non root user does not have default capability CAP_NET_RAW icmd.RunCommand(dockerBinary, "run", "--user", "1000:1000", "syscall-test", "raw-test").Assert(c, icmd.Expected{ ExitCode: 1, - Err: "Operation not permitted", + Err: "Operation not permitted", }) // test that root user can drop default capability CAP_NET_RAW icmd.RunCommand(dockerBinary, "run", "--cap-drop", "net_raw", "syscall-test", "raw-test").Assert(c, icmd.Expected{ ExitCode: 1, - Err: "Operation not permitted", + Err: "Operation not permitted", }) } @@ -1273,16 +1273,16 @@ func (s *DockerSuite) TestUserNoEffectiveCapabilitiesChroot(c *check.C) { ensureSyscallTest(c) // test that a root user has default capability CAP_SYS_CHROOT - dockerCmd("run", "busybox", "chroot", "/", "/bin/true") + dockerCmd(c, "run", "busybox", "chroot", "/", "/bin/true") // test that non root user does not have default capability CAP_SYS_CHROOT icmd.RunCommand(dockerBinary, "run", "--user", "1000:1000", "busybox", "chroot", "/", "/bin/true").Assert(c, icmd.Expected{ ExitCode: 1, - Err: "Operation not permitted", + Err: "Operation not permitted", }) // test that root user can drop default capability CAP_SYS_CHROOT icmd.RunCommand(dockerBinary, "run", "--cap-drop", "sys_chroot", "busybox", "chroot", "/", "/bin/true").Assert(c, icmd.Expected{ ExitCode: 1, - Err: "Operation not permitted", + Err: "Operation not permitted", }) } @@ -1291,17 +1291,17 @@ func (s *DockerSuite) TestUserNoEffectiveCapabilitiesMknod(c *check.C) { ensureSyscallTest(c) // test that a root user has default capability CAP_MKNOD - dockerCmd("run", "busybox", "mknod", "/tmp/node", "b", "1", "2") + dockerCmd(c, "run", "busybox", "mknod", "/tmp/node", "b", "1", "2") // test that non root user does not have default capability CAP_MKNOD // test that root user can drop default capability CAP_SYS_CHROOT icmd.RunCommand(dockerBinary, "run", "--user", "1000:1000", "busybox", "mknod", "/tmp/node", "b", "1", "2").Assert(c, icmd.Expected{ ExitCode: 1, - Err: "Operation not permitted", + Err: "Operation not permitted", }) // test that root user can drop default capability CAP_MKNOD icmd.RunCommand(dockerBinary, "run", "--cap-drop", "mknod", "busybox", "mknod", "/tmp/node", "b", "1", "2").Assert(c, icmd.Expected{ ExitCode: 1, - Err: "Operation not permitted", + Err: "Operation not permitted", }) } @@ -1315,13 +1315,13 @@ func (s *DockerSuite) TestRunApparmorProcDirectory(c *check.C) { result := icmd.RunCommand(dockerBinary, "run", "--security-opt", "seccomp=unconfined", "busybox", "chmod", "777", "/proc/1/cgroup") result.Assert(c, icmd.Expected{ExitCode: 1}) if !(strings.Contains(result.Combined(), "Permission denied") || strings.Contains(result.Combined(), "Operation not permitted")) { - c.Fatalf("expected chmod 777 /proc/1/cgroup to fail, got %s: %v", result.Combined(), err) + c.Fatalf("expected chmod 777 /proc/1/cgroup to fail, got %s: %v", result.Combined(), result.Error) } result = icmd.RunCommand(dockerBinary, "run", "--security-opt", "seccomp=unconfined", "busybox", "chmod", "777", "/proc/1/attr/current") result.Assert(c, icmd.Expected{ExitCode: 1}) if !(strings.Contains(result.Combined(), "Permission denied") || strings.Contains(result.Combined(), "Operation not permitted")) { - c.Fatalf("expected chmod 777 /proc/1/attr/current to fail, got %s: %v", result.Combined(), err) + c.Fatalf("expected chmod 777 /proc/1/attr/current to fail, got %s: %v", result.Combined(), result.Error) } } diff --git a/integration-cli/docker_cli_swarm_test.go b/integration-cli/docker_cli_swarm_test.go index cf49a4dd50..d3d8a7d309 100644 --- a/integration-cli/docker_cli_swarm_test.go +++ b/integration-cli/docker_cli_swarm_test.go @@ -1439,7 +1439,7 @@ func (s *DockerTrustedSwarmSuite) TestTrustedServiceCreate(c *check.C) { name := "trusted" serviceCmd := d.Command("-D", "service", "create", "--name", name, repoName, "top") - s.trustSuite.trustedCmd(serviceCmd) + trustedExecCmd(serviceCmd) out, _, err := runCommandWithOutput(serviceCmd) c.Assert(err, checker.IsNil, check.Commentf(out)) c.Assert(out, checker.Contains, "resolved image tag to", check.Commentf(out)) @@ -1458,7 +1458,7 @@ func (s *DockerTrustedSwarmSuite) TestTrustedServiceCreate(c *check.C) { name = "untrusted" serviceCmd = d.Command("service", "create", "--name", name, repoName, "top") - s.trustSuite.trustedCmd(serviceCmd) + trustedExecCmd(serviceCmd) out, _, err = runCommandWithOutput(serviceCmd) c.Assert(err, check.NotNil, check.Commentf(out)) @@ -1487,7 +1487,7 @@ func (s *DockerTrustedSwarmSuite) TestTrustedServiceUpdate(c *check.C) { c.Assert(out, check.Not(checker.Contains), repoName+"@", check.Commentf(out)) serviceCmd := d.Command("-D", "service", "update", "--image", repoName, name) - s.trustSuite.trustedCmd(serviceCmd) + trustedExecCmd(serviceCmd) out, _, err = runCommandWithOutput(serviceCmd) c.Assert(err, checker.IsNil, check.Commentf(out)) c.Assert(out, checker.Contains, "resolved image tag to", check.Commentf(out)) @@ -1505,7 +1505,7 @@ func (s *DockerTrustedSwarmSuite) TestTrustedServiceUpdate(c *check.C) { dockerCmd(c, "rmi", repoName) serviceCmd = d.Command("service", "update", "--image", repoName, name) - s.trustSuite.trustedCmd(serviceCmd) + trustedExecCmd(serviceCmd) out, _, err = runCommandWithOutput(serviceCmd) c.Assert(err, check.NotNil, check.Commentf(out)) diff --git a/integration-cli/docker_cli_volume_test.go b/integration-cli/docker_cli_volume_test.go index 04d71865c4..ab271dbb0a 100644 --- a/integration-cli/docker_cli_volume_test.go +++ b/integration-cli/docker_cli_volume_test.go @@ -229,7 +229,7 @@ func (s *DockerSuite) TestVolumeCLIRm(c *check.C) { icmd.RunCommand(dockerBinary, "volume", "rm", "testing").Assert(c, icmd.Expected{ ExitCode: 1, - Error: "exit status 1", + Error: "exit status 1", }) out, _ = dockerCmd(c, "run", "--volumes-from=test", "--name=test2", "busybox", "sh", "-c", "cat /foo/bar") diff --git a/integration-cli/docker_cli_wait_test.go b/integration-cli/docker_cli_wait_test.go index f91be8de79..6f45bf07a0 100644 --- a/integration-cli/docker_cli_wait_test.go +++ b/integration-cli/docker_cli_wait_test.go @@ -6,8 +6,8 @@ import ( "strings" "time" - icmd "github.com/docker/docker/pkg/testutil/cmd" "github.com/docker/docker/integration-cli/checker" + icmd "github.com/docker/docker/pkg/testutil/cmd" "github.com/go-check/check" ) diff --git a/integration-cli/trust_server_test.go b/integration-cli/trust_server_test.go index a11ccfbdee..947c51ce5b 100644 --- a/integration-cli/trust_server_test.go +++ b/integration-cli/trust_server_test.go @@ -13,6 +13,7 @@ import ( cliconfig "github.com/docker/docker/cli/config" "github.com/docker/docker/integration-cli/checker" + icmd "github.com/docker/docker/pkg/testutil/cmd" "github.com/docker/go-connections/tlsconfig" "github.com/go-check/check" ) @@ -34,6 +35,30 @@ type testNotary struct { const notaryHost = "localhost:4443" const notaryURL = "https://" + notaryHost +var SuccessTagging = icmd.Expected{ + Out: "Tagging", +} + +var SuccessSigningAndPushing = icmd.Expected{ + Out: "Signing and pushing trust metadata", +} + +var SuccessDownloaded = icmd.Expected{ + Out: "Status: Downloaded", +} + +var SuccessTaggingOnStderr = icmd.Expected{ + Err: "Tagging", +} + +var SuccessSigningAndPushingOnStderr = icmd.Expected{ + Err: "Signing and pushing trust metadata", +} + +var SuccessDownloadedOnStderr = icmd.Expected{ + Err: "Status: Downloaded", +} + func newTestNotary(c *check.C) (*testNotary, error) { // generate server config template := `{ @@ -164,28 +189,38 @@ func (t *testNotary) Close() { os.RemoveAll(t.dir) } -func (s *DockerTrustSuite) trustedCmd(cmd *exec.Cmd) { +// Deprecated: used trustedCmd instead +func trustedExecCmd(cmd *exec.Cmd) { pwd := "12345678" - trustCmdEnv(cmd, notaryURL, pwd, pwd) + cmd.Env = append(cmd.Env, trustEnv(notaryURL, pwd, pwd)...) } -func (s *DockerTrustSuite) trustedCmdWithServer(cmd *exec.Cmd, server string) { +func trustedCmd(cmd *icmd.Cmd) { pwd := "12345678" - trustCmdEnv(cmd, server, pwd, pwd) + cmd.Env = append(cmd.Env, trustEnv(notaryURL, pwd, pwd)...) } -func (s *DockerTrustSuite) trustedCmdWithPassphrases(cmd *exec.Cmd, rootPwd, repositoryPwd string) { - trustCmdEnv(cmd, notaryURL, rootPwd, repositoryPwd) +func trustedCmdWithServer(server string) func(*icmd.Cmd) { + return func(cmd *icmd.Cmd) { + pwd := "12345678" + cmd.Env = append(cmd.Env, trustEnv(server, pwd, pwd)...) + } } -func trustCmdEnv(cmd *exec.Cmd, server, rootPwd, repositoryPwd string) { - env := []string{ +func trustedCmdWithPassphrases(rootPwd, repositoryPwd string) func(*icmd.Cmd) { + return func(cmd *icmd.Cmd) { + cmd.Env = append(cmd.Env, trustEnv(notaryURL, rootPwd, repositoryPwd)...) + } +} + +func trustEnv(server, rootPwd, repositoryPwd string) []string { + env := append(os.Environ(), []string{ "DOCKER_CONTENT_TRUST=1", fmt.Sprintf("DOCKER_CONTENT_TRUST_SERVER=%s", server), fmt.Sprintf("DOCKER_CONTENT_TRUST_ROOT_PASSPHRASE=%s", rootPwd), fmt.Sprintf("DOCKER_CONTENT_TRUST_REPOSITORY_PASSPHRASE=%s", repositoryPwd), - } - cmd.Env = append(os.Environ(), env...) + }...) + return env } func (s *DockerTrustSuite) setupTrustedImage(c *check.C, name string) string { @@ -193,16 +228,7 @@ func (s *DockerTrustSuite) setupTrustedImage(c *check.C, name string) string { // tag the image and upload it to the private registry dockerCmd(c, "tag", "busybox", repoName) - pushCmd := exec.Command(dockerBinary, "push", repoName) - s.trustedCmd(pushCmd) - out, _, err := runCommandWithOutput(pushCmd) - - if err != nil { - c.Fatalf("Error running trusted push: %s\n%s", err, out) - } - if !strings.Contains(string(out), "Signing and pushing trust metadata") { - c.Fatalf("Missing expected output on trusted push:\n%s", out) - } + icmd.RunCmd(icmd.Command(dockerBinary, "push", repoName), trustedCmd).Assert(c, SuccessSigningAndPushing) if out, status := dockerCmd(c, "rmi", repoName); status != 0 { c.Fatalf("Error removing image %q\n%s", repoName, out) @@ -216,16 +242,7 @@ func (s *DockerTrustSuite) setupTrustedplugin(c *check.C, source, name string) s // tag the image and upload it to the private registry dockerCmd(c, "plugin", "install", "--grant-all-permissions", "--alias", repoName, source) - pushCmd := exec.Command(dockerBinary, "plugin", "push", repoName) - s.trustedCmd(pushCmd) - out, _, err := runCommandWithOutput(pushCmd) - - if err != nil { - c.Fatalf("Error running trusted plugin push: %s\n%s", err, out) - } - if !strings.Contains(string(out), "Signing and pushing trust metadata") { - c.Fatalf("Missing expected output on trusted push:\n%s", out) - } + icmd.RunCmd(icmd.Command(dockerBinary, "plugin", "push", repoName), trustedCmd).Assert(c, SuccessSigningAndPushing) if out, status := dockerCmd(c, "plugin", "rm", "-f", repoName); status != 0 { c.Fatalf("Error removing plugin %q\n%s", repoName, out) diff --git a/integration-cli/utils_test.go b/integration-cli/utils_test.go index 4e361cef5f..82d0b162ed 100644 --- a/integration-cli/utils_test.go +++ b/integration-cli/utils_test.go @@ -13,6 +13,7 @@ func getPrefixAndSlashFromDaemonPlatform() (prefix, slash string) { } // TODO: update code to call cmd.RunCmd directly, and remove this function +// Deprecated: use pkg/testutil/cmd instead func runCommandWithOutput(execCmd *exec.Cmd) (string, int, error) { result := cmd.RunCmd(transformCmd(execCmd)) return result.Combined(), result.ExitCode, result.Error diff --git a/pkg/testutil/cmd/command.go b/pkg/testutil/cmd/command.go index 2a886ab54c..3086574f4a 100644 --- a/pkg/testutil/cmd/command.go +++ b/pkg/testutil/cmd/command.go @@ -215,8 +215,16 @@ type Cmd struct { Env []string } +// Command create a simple Cmd with the specified command and arguments +func Command(command string, args ...string) Cmd { + return Cmd{Command: append([]string{command}, args...)} +} + // RunCmd runs a command and returns a Result -func RunCmd(cmd Cmd) *Result { +func RunCmd(cmd Cmd, cmdOperators ...func(*Cmd)) *Result { + for _, op := range cmdOperators { + op(&cmd) + } result := StartCmd(cmd) if result.Error != nil { return result @@ -226,7 +234,7 @@ func RunCmd(cmd Cmd) *Result { // RunCommand parses a command line and runs it, returning a result func RunCommand(command string, args ...string) *Result { - return RunCmd(Cmd{Command: append([]string{command}, args...)}) + return RunCmd(Command(command, args...)) } // StartCmd starts a command, but doesn't wait for it to finish