mirror of
https://github.com/moby/moby.git
synced 2022-11-09 12:21:53 -05:00
Merge pull request #15864 from dmcgowan/notary-offline
Support content trust offline
This commit is contained in:
commit
a7e23cab8d
3 changed files with 57 additions and 8 deletions
|
@ -144,15 +144,21 @@ func (cli *DockerCli) getNotaryRepository(repoInfo *registry.RepositoryInfo, aut
|
||||||
if err != nil {
|
if err != nil {
|
||||||
return nil, err
|
return nil, err
|
||||||
}
|
}
|
||||||
resp, err := pingClient.Do(req)
|
|
||||||
if err != nil {
|
|
||||||
return nil, err
|
|
||||||
}
|
|
||||||
defer resp.Body.Close()
|
|
||||||
|
|
||||||
challengeManager := auth.NewSimpleChallengeManager()
|
challengeManager := auth.NewSimpleChallengeManager()
|
||||||
if err := challengeManager.AddResponse(resp); err != nil {
|
|
||||||
return nil, err
|
resp, err := pingClient.Do(req)
|
||||||
|
if err != nil {
|
||||||
|
// Ignore error on ping to operate in offline mode
|
||||||
|
logrus.Debugf("Error pinging notary server %q: %s", endpointStr, err)
|
||||||
|
} else {
|
||||||
|
defer resp.Body.Close()
|
||||||
|
|
||||||
|
// Add response to the challenge manager to parse out
|
||||||
|
// authentication header and register authentication method
|
||||||
|
if err := challengeManager.AddResponse(resp); err != nil {
|
||||||
|
return nil, err
|
||||||
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
creds := simpleCredentialStore{auth: authConfig}
|
creds := simpleCredentialStore{auth: authConfig}
|
||||||
|
@ -248,6 +254,8 @@ func notaryError(err error) error {
|
||||||
return fmt.Errorf("remote repository out-of-date: %v", err)
|
return fmt.Errorf("remote repository out-of-date: %v", err)
|
||||||
case trustmanager.ErrKeyNotFound:
|
case trustmanager.ErrKeyNotFound:
|
||||||
return fmt.Errorf("signing keys not found: %v", err)
|
return fmt.Errorf("signing keys not found: %v", err)
|
||||||
|
case *net.OpError:
|
||||||
|
return fmt.Errorf("error contacting notary server: %v", err)
|
||||||
}
|
}
|
||||||
|
|
||||||
return err
|
return err
|
||||||
|
|
|
@ -223,3 +223,44 @@ func (s *DockerTrustSuite) TestTrustedPullWithExpiredSnapshot(c *check.C) {
|
||||||
}
|
}
|
||||||
})
|
})
|
||||||
}
|
}
|
||||||
|
|
||||||
|
func (s *DockerTrustSuite) TestTrustedOfflinePull(c *check.C) {
|
||||||
|
repoName := s.setupTrustedImage(c, "trusted-offline-pull")
|
||||||
|
|
||||||
|
pullCmd := exec.Command(dockerBinary, "pull", repoName)
|
||||||
|
s.trustedCmdWithServer(pullCmd, "https://invalidnotaryserver")
|
||||||
|
out, _, err := runCommandWithOutput(pullCmd)
|
||||||
|
if err == nil {
|
||||||
|
c.Fatalf("Expected error pulling with invalid notary server:\n%s", out)
|
||||||
|
}
|
||||||
|
|
||||||
|
if !strings.Contains(string(out), "error contacting notary server") {
|
||||||
|
c.Fatalf("Missing expected output on trusted pull:\n%s", out)
|
||||||
|
}
|
||||||
|
|
||||||
|
// Do valid trusted pull to warm cache
|
||||||
|
pullCmd = exec.Command(dockerBinary, "pull", repoName)
|
||||||
|
s.trustedCmd(pullCmd)
|
||||||
|
out, _, err = runCommandWithOutput(pullCmd)
|
||||||
|
if err != nil {
|
||||||
|
c.Fatalf("Error running trusted pull: %s\n%s", err, out)
|
||||||
|
}
|
||||||
|
|
||||||
|
if !strings.Contains(string(out), "Tagging") {
|
||||||
|
c.Fatalf("Missing expected output on trusted push:\n%s", out)
|
||||||
|
}
|
||||||
|
|
||||||
|
dockerCmd(c, "rmi", repoName)
|
||||||
|
|
||||||
|
// Try pull again with invalid notary server, should use cache
|
||||||
|
pullCmd = exec.Command(dockerBinary, "pull", repoName)
|
||||||
|
s.trustedCmdWithServer(pullCmd, "https://invalidnotaryserver")
|
||||||
|
out, _, err = runCommandWithOutput(pullCmd)
|
||||||
|
if err != nil {
|
||||||
|
c.Fatalf("Error running trusted pull: %s\n%s", err, out)
|
||||||
|
}
|
||||||
|
|
||||||
|
if !strings.Contains(string(out), "Tagging") {
|
||||||
|
c.Fatalf("Missing expected output on trusted push:\n%s", out)
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
|
@ -154,7 +154,7 @@ func (s *DockerTrustSuite) TestTrustedPushWithFaillingServer(c *check.C) {
|
||||||
c.Fatalf("Missing error while running trusted push w/ no server")
|
c.Fatalf("Missing error while running trusted push w/ no server")
|
||||||
}
|
}
|
||||||
|
|
||||||
if !strings.Contains(string(out), "Error establishing connection to notary repository") {
|
if !strings.Contains(string(out), "error contacting notary server") {
|
||||||
c.Fatalf("Missing expected output on trusted push:\n%s", out)
|
c.Fatalf("Missing expected output on trusted push:\n%s", out)
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
Loading…
Reference in a new issue