diff --git a/integration-cli/docker_cli_build_test.go b/integration-cli/docker_cli_build_test.go index b1d7c8eba1..6df4f3b3b1 100644 --- a/integration-cli/docker_cli_build_test.go +++ b/integration-cli/docker_cli_build_test.go @@ -4199,21 +4199,20 @@ func (s *DockerTrustSuite) TestTrustedBuildTagFromReleasesRole(c *check.C) { // push a different tag to the releases role otherTag := fmt.Sprintf("%s:other", repoName) - dockerCmd(c, "tag", "busybox", otherTag) + cli.DockerCmd(c, "tag", "busybox", otherTag) - icmd.RunCmd(icmd.Command(dockerBinary, "push", otherTag), trustedCmd).Assert(c, icmd.Success) + cli.Docker(cli.Args("push", otherTag), trustedCmd).Assert(c, icmd.Success) s.assertTargetInRoles(c, repoName, "other", "targets/releases") s.assertTargetNotInRoles(c, repoName, "other", "targets") - out, status := dockerCmd(c, "rmi", otherTag) - c.Assert(status, check.Equals, 0, check.Commentf("docker rmi failed: %s", out)) + cli.DockerCmd(c, "rmi", otherTag) dockerFile := fmt.Sprintf(` FROM %s RUN [] `, otherTag) name := "testtrustedbuildreleasesrole" - buildImage(name, trustedBuild, build.WithDockerfile(dockerFile)).Assert(c, icmd.Expected{ + cli.BuildCmd(c, name, trustedCmd, build.WithDockerfile(dockerFile)).Assert(c, icmd.Expected{ Out: fmt.Sprintf("FROM %s@sha", repoName), }) } @@ -4231,14 +4230,13 @@ func (s *DockerTrustSuite) TestTrustedBuildTagIgnoresOtherDelegationRoles(c *che // push a different tag to the other role otherTag := fmt.Sprintf("%s:other", repoName) - dockerCmd(c, "tag", "busybox", otherTag) + cli.DockerCmd(c, "tag", "busybox", otherTag) - icmd.RunCmd(icmd.Command(dockerBinary, "push", otherTag), trustedCmd).Assert(c, icmd.Success) + cli.Docker(cli.Args("push", otherTag), trustedCmd).Assert(c, icmd.Success) s.assertTargetInRoles(c, repoName, "other", "targets/other") s.assertTargetNotInRoles(c, repoName, "other", "targets") - out, status := dockerCmd(c, "rmi", otherTag) - c.Assert(status, check.Equals, 0, check.Commentf("docker rmi failed: %s", out)) + cli.DockerCmd(c, "rmi", otherTag) dockerFile := fmt.Sprintf(` FROM %s @@ -4246,7 +4244,7 @@ func (s *DockerTrustSuite) TestTrustedBuildTagIgnoresOtherDelegationRoles(c *che `, otherTag) name := "testtrustedbuildotherrole" - buildImage(name, trustedBuild, build.WithDockerfile(dockerFile)).Assert(c, icmd.Expected{ + cli.Docker(cli.Build(name), trustedCmd, build.WithDockerfile(dockerFile)).Assert(c, icmd.Expected{ ExitCode: 1, }) } diff --git a/integration-cli/docker_cli_create_test.go b/integration-cli/docker_cli_create_test.go index dc5fd14085..d4eb985a31 100644 --- a/integration-cli/docker_cli_create_test.go +++ b/integration-cli/docker_cli_create_test.go @@ -14,7 +14,6 @@ import ( "github.com/docker/docker/integration-cli/cli/build" "github.com/docker/docker/integration-cli/cli/build/fakecontext" "github.com/docker/docker/pkg/stringid" - "github.com/docker/docker/pkg/testutil" icmd "github.com/docker/docker/pkg/testutil/cmd" "github.com/docker/go-connections/nat" "github.com/go-check/check" @@ -295,24 +294,23 @@ func (s *DockerTrustSuite) TestTrustedCreate(c *check.C) { repoName := s.setupTrustedImage(c, "trusted-create") // Try create - icmd.RunCmd(icmd.Command(dockerBinary, "create", repoName), trustedCmd).Assert(c, SuccessTagging) - - dockerCmd(c, "rmi", repoName) + cli.Docker(cli.Args("create", repoName), trustedCmd).Assert(c, SuccessTagging) + cli.DockerCmd(c, "rmi", repoName) // Try untrusted create to ensure we pushed the tag to the registry - icmd.RunCmd(icmd.Command(dockerBinary, "create", "--disable-content-trust=true", repoName), trustedCmd).Assert(c, SuccessDownloadedOnStderr) + cli.Docker(cli.Args("create", "--disable-content-trust=true", repoName)).Assert(c, SuccessDownloadedOnStderr) } func (s *DockerTrustSuite) TestUntrustedCreate(c *check.C) { repoName := fmt.Sprintf("%v/dockercliuntrusted/createtest", privateRegistryURL) withTagName := fmt.Sprintf("%s:latest", repoName) // tag the image and upload it to the private registry - dockerCmd(c, "tag", "busybox", withTagName) - dockerCmd(c, "push", withTagName) - dockerCmd(c, "rmi", withTagName) + cli.DockerCmd(c, "tag", "busybox", withTagName) + cli.DockerCmd(c, "push", withTagName) + cli.DockerCmd(c, "rmi", withTagName) // Try trusted create on untrusted tag - icmd.RunCmd(icmd.Command(dockerBinary, "create", withTagName), trustedCmd).Assert(c, icmd.Expected{ + cli.Docker(cli.Args("create", withTagName), trustedCmd).Assert(c, icmd.Expected{ ExitCode: 1, Err: fmt.Sprintf("does not have trust data for %s", repoName), }) @@ -322,36 +320,10 @@ func (s *DockerTrustSuite) TestTrustedIsolatedCreate(c *check.C) { repoName := s.setupTrustedImage(c, "trusted-isolated-create") // Try create - icmd.RunCmd(icmd.Command(dockerBinary, "--config", "/tmp/docker-isolated-create", "create", repoName), trustedCmd).Assert(c, SuccessTagging) + cli.Docker(cli.Args("--config", "/tmp/docker-isolated-create", "create", repoName), trustedCmd).Assert(c, SuccessTagging) defer os.RemoveAll("/tmp/docker-isolated-create") - dockerCmd(c, "rmi", repoName) -} - -func (s *DockerTrustSuite) TestCreateWhenCertExpired(c *check.C) { - c.Skip("Currently changes system time, causing instability") - repoName := s.setupTrustedImage(c, "trusted-create-expired") - - // Certificates have 10 years of expiration - elevenYearsFromNow := time.Now().Add(time.Hour * 24 * 365 * 11) - - testutil.RunAtDifferentDate(elevenYearsFromNow, func() { - // Try create - icmd.RunCmd(icmd.Cmd{ - Command: []string{dockerBinary, "create", repoName}, - }, trustedCmd).Assert(c, icmd.Expected{ - ExitCode: 1, - Err: "could not validate the path to a trusted root", - }) - }) - - testutil.RunAtDifferentDate(elevenYearsFromNow, func() { - // Try create - result := icmd.RunCmd(icmd.Command(dockerBinary, "create", "--disable-content-trust", repoName), trustedCmd) - c.Assert(result.Error, check.Not(check.IsNil)) - c.Assert(string(result.Combined()), checker.Contains, "Status: Downloaded", check.Commentf("Missing expected output on trusted create in the distant future:\n%s", result.Combined())) - - }) + cli.DockerCmd(c, "rmi", repoName) } func (s *DockerTrustSuite) TestTrustedCreateFromBadTrustServer(c *check.C) { @@ -360,16 +332,13 @@ func (s *DockerTrustSuite) TestTrustedCreateFromBadTrustServer(c *check.C) { c.Assert(err, check.IsNil) // tag the image and upload it to the private registry - dockerCmd(c, "tag", "busybox", repoName) - - icmd.RunCmd(icmd.Command(dockerBinary, "push", repoName), trustedCmd).Assert(c, SuccessSigningAndPushing) - - dockerCmd(c, "rmi", repoName) + cli.DockerCmd(c, "tag", "busybox", repoName) + cli.Docker(cli.Args("push", repoName), trustedCmd).Assert(c, SuccessSigningAndPushing) + cli.DockerCmd(c, "rmi", repoName) // Try create - icmd.RunCmd(icmd.Command(dockerBinary, "create", repoName), trustedCmd).Assert(c, SuccessTagging) - - dockerCmd(c, "rmi", repoName) + cli.Docker(cli.Args("create", repoName), trustedCmd).Assert(c, SuccessTagging) + cli.DockerCmd(c, "rmi", repoName) // Kill the notary server, start a new "evil" one. s.not.Close() @@ -378,13 +347,13 @@ func (s *DockerTrustSuite) TestTrustedCreateFromBadTrustServer(c *check.C) { // In order to make an evil server, lets re-init a client (with a different trust dir) and push new data. // tag an image and upload it to the private registry - dockerCmd(c, "--config", evilLocalConfigDir, "tag", "busybox", repoName) + cli.DockerCmd(c, "--config", evilLocalConfigDir, "tag", "busybox", repoName) // Push up to the new server - icmd.RunCmd(icmd.Command(dockerBinary, "--config", evilLocalConfigDir, "push", repoName), trustedCmd).Assert(c, SuccessSigningAndPushing) + cli.Docker(cli.Args("--config", evilLocalConfigDir, "push", repoName), trustedCmd).Assert(c, SuccessSigningAndPushing) // Now, try creating with the original client from this new trust server. This should fail because the new root is invalid. - icmd.RunCmd(icmd.Command(dockerBinary, "create", repoName), trustedCmd).Assert(c, icmd.Expected{ + cli.Docker(cli.Args("create", repoName), trustedCmd).Assert(c, icmd.Expected{ ExitCode: 1, Err: "could not rotate trust to a new trusted root", }) diff --git a/integration-cli/docker_cli_plugins_test.go b/integration-cli/docker_cli_plugins_test.go index 0daa490c97..6644c6a809 100644 --- a/integration-cli/docker_cli_plugins_test.go +++ b/integration-cli/docker_cli_plugins_test.go @@ -8,6 +8,7 @@ import ( "strings" "github.com/docker/docker/integration-cli/checker" + "github.com/docker/docker/integration-cli/cli" icmd "github.com/docker/docker/pkg/testutil/cmd" "github.com/go-check/check" ) @@ -304,31 +305,26 @@ func (s *DockerTrustSuite) TestPluginTrustedInstall(c *check.C) { trustedName := s.setupTrustedplugin(c, pNameWithTag, "trusted-plugin-install") - icmd.RunCmd(icmd.Command(dockerBinary, "plugin", "install", "--grant-all-permissions", trustedName), trustedCmd).Assert(c, icmd.Expected{ + cli.Docker(cli.Args("plugin", "install", "--grant-all-permissions", trustedName), trustedCmd).Assert(c, icmd.Expected{ Out: trustedName, }) - out, _, err := dockerCmdWithError("plugin", "ls") - c.Assert(err, checker.IsNil) + out := cli.DockerCmd(c, "plugin", "ls").Combined() c.Assert(out, checker.Contains, "true") - out, _, err = dockerCmdWithError("plugin", "disable", trustedName) - c.Assert(err, checker.IsNil) + out = cli.DockerCmd(c, "plugin", "disable", trustedName).Combined() c.Assert(strings.TrimSpace(out), checker.Contains, trustedName) - out, _, err = dockerCmdWithError("plugin", "enable", trustedName) - c.Assert(err, checker.IsNil) + out = cli.DockerCmd(c, "plugin", "enable", trustedName).Combined() c.Assert(strings.TrimSpace(out), checker.Contains, trustedName) - out, _, err = dockerCmdWithError("plugin", "rm", "-f", trustedName) - c.Assert(err, checker.IsNil) + out = cli.DockerCmd(c, "plugin", "rm", "-f", trustedName).Combined() c.Assert(strings.TrimSpace(out), checker.Contains, trustedName) // Try untrusted pull to ensure we pushed the tag to the registry - icmd.RunCmd(icmd.Command(dockerBinary, "plugin", "install", "--disable-content-trust=true", "--grant-all-permissions", trustedName), trustedCmd).Assert(c, SuccessDownloaded) + cli.Docker(cli.Args("plugin", "install", "--disable-content-trust=true", "--grant-all-permissions", trustedName), trustedCmd).Assert(c, SuccessDownloaded) - out, _, err = dockerCmdWithError("plugin", "ls") - c.Assert(err, checker.IsNil) + out = cli.DockerCmd(c, "plugin", "ls").Combined() c.Assert(out, checker.Contains, "true") } @@ -338,12 +334,12 @@ func (s *DockerTrustSuite) TestPluginUntrustedInstall(c *check.C) { pluginName := fmt.Sprintf("%v/dockercliuntrusted/plugintest:latest", privateRegistryURL) // install locally and push to private registry - dockerCmd(c, "plugin", "install", "--grant-all-permissions", "--alias", pluginName, pNameWithTag) - dockerCmd(c, "plugin", "push", pluginName) - dockerCmd(c, "plugin", "rm", "-f", pluginName) + cli.DockerCmd(c, "plugin", "install", "--grant-all-permissions", "--alias", pluginName, pNameWithTag) + cli.DockerCmd(c, "plugin", "push", pluginName) + cli.DockerCmd(c, "plugin", "rm", "-f", pluginName) // Try trusted install on untrusted plugin - icmd.RunCmd(icmd.Command(dockerBinary, "plugin", "install", "--grant-all-permissions", pluginName), trustedCmd).Assert(c, icmd.Expected{ + cli.Docker(cli.Args("plugin", "install", "--grant-all-permissions", pluginName), trustedCmd).Assert(c, icmd.Expected{ ExitCode: 1, Err: "Error: remote trust data does not exist", }) diff --git a/integration-cli/docker_cli_pull_trusted_test.go b/integration-cli/docker_cli_pull_trusted_test.go index 59674852bc..d9628d9710 100644 --- a/integration-cli/docker_cli_pull_trusted_test.go +++ b/integration-cli/docker_cli_pull_trusted_test.go @@ -3,11 +3,10 @@ package main import ( "fmt" "io/ioutil" - "time" "github.com/docker/docker/integration-cli/checker" + "github.com/docker/docker/integration-cli/cli" "github.com/docker/docker/integration-cli/cli/build" - "github.com/docker/docker/pkg/testutil" icmd "github.com/docker/docker/pkg/testutil/cmd" "github.com/go-check/check" ) @@ -16,61 +15,36 @@ func (s *DockerTrustSuite) TestTrustedPull(c *check.C) { repoName := s.setupTrustedImage(c, "trusted-pull") // Try pull - icmd.RunCmd(icmd.Command(dockerBinary, "pull", repoName), trustedCmd).Assert(c, SuccessTagging) + cli.Docker(cli.Args("pull", repoName), trustedCmd).Assert(c, SuccessTagging) - dockerCmd(c, "rmi", repoName) + cli.DockerCmd(c, "rmi", repoName) // Try untrusted pull to ensure we pushed the tag to the registry - icmd.RunCmd(icmd.Command(dockerBinary, "pull", "--disable-content-trust=true", repoName), trustedCmd).Assert(c, SuccessDownloaded) + cli.Docker(cli.Args("pull", "--disable-content-trust=true", repoName), trustedCmd).Assert(c, SuccessDownloaded) } func (s *DockerTrustSuite) TestTrustedIsolatedPull(c *check.C) { repoName := s.setupTrustedImage(c, "trusted-isolated-pull") // Try pull (run from isolated directory without trust information) - icmd.RunCmd(icmd.Command(dockerBinary, "--config", "/tmp/docker-isolated", "pull", repoName), trustedCmd).Assert(c, SuccessTagging) + cli.Docker(cli.Args("--config", "/tmp/docker-isolated", "pull", repoName), trustedCmd).Assert(c, SuccessTagging) - dockerCmd(c, "rmi", repoName) + cli.DockerCmd(c, "rmi", repoName) } func (s *DockerTrustSuite) TestUntrustedPull(c *check.C) { repoName := fmt.Sprintf("%v/dockercliuntrusted/pulltest:latest", privateRegistryURL) // tag the image and upload it to the private registry - dockerCmd(c, "tag", "busybox", repoName) - dockerCmd(c, "push", repoName) - dockerCmd(c, "rmi", repoName) + cli.DockerCmd(c, "tag", "busybox", repoName) + cli.DockerCmd(c, "push", repoName) + cli.DockerCmd(c, "rmi", repoName) // Try trusted pull on untrusted tag - icmd.RunCmd(icmd.Command(dockerBinary, "pull", repoName), trustedCmd).Assert(c, icmd.Expected{ + cli.Docker(cli.Args("pull", repoName), trustedCmd).Assert(c, icmd.Expected{ ExitCode: 1, Err: "Error: remote trust data does not exist", }) } -func (s *DockerTrustSuite) TestPullWhenCertExpired(c *check.C) { - c.Skip("Currently changes system time, causing instability") - repoName := s.setupTrustedImage(c, "trusted-cert-expired") - - // Certificates have 10 years of expiration - elevenYearsFromNow := time.Now().Add(time.Hour * 24 * 365 * 11) - - testutil.RunAtDifferentDate(elevenYearsFromNow, func() { - // Try pull - icmd.RunCmd(icmd.Cmd{ - Command: []string{dockerBinary, "pull", repoName}, - }, trustedCmd).Assert(c, icmd.Expected{ - ExitCode: 1, - Err: "could not validate the path to a trusted root", - }) - }) - - testutil.RunAtDifferentDate(elevenYearsFromNow, func() { - // Try pull - icmd.RunCmd(icmd.Cmd{ - Command: []string{dockerBinary, "pull", "--disable-content-trust", repoName}, - }, trustedCmd).Assert(c, SuccessDownloaded) - }) -} - func (s *DockerTrustSuite) TestTrustedPullFromBadTrustServer(c *check.C) { repoName := fmt.Sprintf("%v/dockerclievilpull/trusted:latest", privateRegistryURL) evilLocalConfigDir, err := ioutil.TempDir("", "evil-local-config-dir") @@ -79,14 +53,14 @@ func (s *DockerTrustSuite) TestTrustedPullFromBadTrustServer(c *check.C) { } // tag the image and upload it to the private registry - dockerCmd(c, "tag", "busybox", repoName) + cli.DockerCmd(c, "tag", "busybox", repoName) - icmd.RunCmd(icmd.Command(dockerBinary, "push", repoName), trustedCmd).Assert(c, SuccessSigningAndPushing) - dockerCmd(c, "rmi", repoName) + cli.Docker(cli.Args("push", repoName), trustedCmd).Assert(c, SuccessSigningAndPushing) + cli.DockerCmd(c, "rmi", repoName) // Try pull - icmd.RunCmd(icmd.Command(dockerBinary, "pull", repoName), trustedCmd).Assert(c, SuccessTagging) - dockerCmd(c, "rmi", repoName) + cli.Docker(cli.Args("pull", repoName), trustedCmd).Assert(c, SuccessTagging) + cli.DockerCmd(c, "rmi", repoName) // Kill the notary server, start a new "evil" one. s.not.Close() @@ -96,71 +70,46 @@ func (s *DockerTrustSuite) TestTrustedPullFromBadTrustServer(c *check.C) { // In order to make an evil server, lets re-init a client (with a different trust dir) and push new data. // tag an image and upload it to the private registry - dockerCmd(c, "--config", evilLocalConfigDir, "tag", "busybox", repoName) + cli.DockerCmd(c, "--config", evilLocalConfigDir, "tag", "busybox", repoName) // Push up to the new server - icmd.RunCmd(icmd.Command(dockerBinary, "--config", evilLocalConfigDir, "push", repoName), trustedCmd).Assert(c, SuccessSigningAndPushing) + cli.Docker(cli.Args("--config", evilLocalConfigDir, "push", repoName), trustedCmd).Assert(c, SuccessSigningAndPushing) // Now, try pulling with the original client from this new trust server. This should fail because the new root is invalid. - icmd.RunCmd(icmd.Command(dockerBinary, "pull", repoName), trustedCmd).Assert(c, icmd.Expected{ + cli.Docker(cli.Args("pull", repoName), trustedCmd).Assert(c, icmd.Expected{ ExitCode: 1, Err: "could not rotate trust to a new trusted root", }) } -func (s *DockerTrustSuite) TestTrustedPullWithExpiredSnapshot(c *check.C) { - c.Skip("Currently changes system time, causing instability") - repoName := fmt.Sprintf("%v/dockercliexpiredtimestamppull/trusted:latest", privateRegistryURL) - // tag the image and upload it to the private registry - dockerCmd(c, "tag", "busybox", repoName) - - // Push with default passphrases - icmd.RunCmd(icmd.Command(dockerBinary, "push", repoName), trustedCmd).Assert(c, SuccessSigningAndPushing) - dockerCmd(c, "rmi", repoName) - - // Snapshots last for three years. This should be expired - fourYearsLater := time.Now().Add(time.Hour * 24 * 365 * 4) - - testutil.RunAtDifferentDate(fourYearsLater, func() { - // Try pull - icmd.RunCmd(icmd.Cmd{ - Command: []string{dockerBinary, "pull", repoName}, - }, trustedCmd).Assert(c, icmd.Expected{ - ExitCode: 1, - Err: "repository out-of-date", - }) - }) -} - func (s *DockerTrustSuite) TestTrustedOfflinePull(c *check.C) { repoName := s.setupTrustedImage(c, "trusted-offline-pull") - icmd.RunCmd(icmd.Command(dockerBinary, "pull", repoName), trustedCmdWithServer("https://invalidnotaryserver")).Assert(c, icmd.Expected{ + cli.Docker(cli.Args("pull", repoName), trustedCmdWithServer("https://invalidnotaryserver")).Assert(c, icmd.Expected{ ExitCode: 1, Err: "error contacting notary server", }) // Do valid trusted pull to warm cache - icmd.RunCmd(icmd.Command(dockerBinary, "pull", repoName), trustedCmd).Assert(c, SuccessTagging) - dockerCmd(c, "rmi", repoName) + cli.Docker(cli.Args("pull", repoName), trustedCmd).Assert(c, SuccessTagging) + cli.DockerCmd(c, "rmi", repoName) // Try pull again with invalid notary server, should use cache - icmd.RunCmd(icmd.Command(dockerBinary, "pull", repoName), trustedCmdWithServer("https://invalidnotaryserver")).Assert(c, SuccessTagging) + cli.Docker(cli.Args("pull", repoName), trustedCmdWithServer("https://invalidnotaryserver")).Assert(c, SuccessTagging) } func (s *DockerTrustSuite) TestTrustedPullDelete(c *check.C) { repoName := fmt.Sprintf("%v/dockercli/%s:latest", privateRegistryURL, "trusted-pull-delete") // tag the image and upload it to the private registry - buildImageSuccessfully(c, repoName, build.WithDockerfile(` + cli.BuildCmd(c, repoName, build.WithDockerfile(` FROM busybox CMD echo trustedpulldelete `)) - icmd.RunCmd(icmd.Command(dockerBinary, "push", repoName), trustedCmd).Assert(c, SuccessSigningAndPushing) + cli.Docker(cli.Args("push", repoName), trustedCmd).Assert(c, SuccessSigningAndPushing) - dockerCmd(c, "rmi", repoName) + cli.DockerCmd(c, "rmi", repoName) // Try pull - result := icmd.RunCmd(icmd.Command(dockerBinary, "pull", repoName), trustedCmd) - result.Assert(c, icmd.Success) + result := cli.Docker(cli.Args("pull", repoName), trustedCmd).Assert(c, icmd.Success) matches := digestRegex.FindStringSubmatch(result.Combined()) c.Assert(matches, checker.HasLen, 2, check.Commentf("unable to parse digest from pull output: %s", result.Combined())) @@ -174,7 +123,7 @@ func (s *DockerTrustSuite) TestTrustedPullDelete(c *check.C) { c.Assert(byDigestID, checker.Equals, imageID) // rmi of tag should also remove the digest reference - dockerCmd(c, "rmi", repoName) + cli.DockerCmd(c, "rmi", repoName) _, err := inspectFieldWithError(imageByDigest, "Id") c.Assert(err, checker.NotNil, check.Commentf("digest reference should have been removed")) @@ -189,12 +138,12 @@ func (s *DockerTrustSuite) TestTrustedPullReadsFromReleasesRole(c *check.C) { targetName := fmt.Sprintf("%s:latest", repoName) // Push with targets first, initializing the repo - dockerCmd(c, "tag", "busybox", targetName) - icmd.RunCmd(icmd.Command(dockerBinary, "push", targetName), trustedCmd).Assert(c, icmd.Success) + cli.DockerCmd(c, "tag", "busybox", targetName) + cli.Docker(cli.Args("push", targetName), trustedCmd).Assert(c, icmd.Success) s.assertTargetInRoles(c, repoName, "latest", "targets") // Try pull, check we retrieve from targets role - icmd.RunCmd(icmd.Command(dockerBinary, "-D", "pull", repoName), trustedCmd).Assert(c, icmd.Expected{ + cli.Docker(cli.Args("-D", "pull", repoName), trustedCmd).Assert(c, icmd.Expected{ Err: "retrieving target for targets role", }) @@ -205,21 +154,21 @@ func (s *DockerTrustSuite) TestTrustedPullReadsFromReleasesRole(c *check.C) { // try a pull, check that we can still pull because we can still read the // old tag in the targets role - icmd.RunCmd(icmd.Command(dockerBinary, "-D", "pull", repoName), trustedCmd).Assert(c, icmd.Expected{ + cli.Docker(cli.Args("-D", "pull", repoName), trustedCmd).Assert(c, icmd.Expected{ Err: "retrieving target for targets role", }) // try a pull -a, check that it succeeds because we can still pull from the // targets role - icmd.RunCmd(icmd.Command(dockerBinary, "-D", "pull", "-a", repoName), trustedCmd).Assert(c, icmd.Success) + cli.Docker(cli.Args("-D", "pull", "-a", repoName), trustedCmd).Assert(c, icmd.Success) // Push, should sign with targets/releases - dockerCmd(c, "tag", "busybox", targetName) - icmd.RunCmd(icmd.Command(dockerBinary, "push", targetName), trustedCmd).Assert(c, icmd.Success) + cli.DockerCmd(c, "tag", "busybox", targetName) + cli.Docker(cli.Args("push", targetName), trustedCmd).Assert(c, icmd.Success) s.assertTargetInRoles(c, repoName, "latest", "targets", "targets/releases") // Try pull, check we retrieve from targets/releases role - icmd.RunCmd(icmd.Command(dockerBinary, "-D", "pull", repoName), trustedCmd).Assert(c, icmd.Expected{ + cli.Docker(cli.Args("-D", "pull", repoName), trustedCmd).Assert(c, icmd.Expected{ Err: "retrieving target for targets/releases role", }) @@ -228,12 +177,12 @@ func (s *DockerTrustSuite) TestTrustedPullReadsFromReleasesRole(c *check.C) { s.notaryImportKey(c, repoName, "targets/other", s.not.keys[1].Private) s.notaryPublish(c, repoName) - dockerCmd(c, "tag", "busybox", targetName) - icmd.RunCmd(icmd.Command(dockerBinary, "push", targetName), trustedCmd).Assert(c, icmd.Success) + cli.DockerCmd(c, "tag", "busybox", targetName) + cli.Docker(cli.Args("push", targetName), trustedCmd).Assert(c, icmd.Success) s.assertTargetInRoles(c, repoName, "latest", "targets", "targets/releases", "targets/other") // Try pull, check we retrieve from targets/releases role - icmd.RunCmd(icmd.Command(dockerBinary, "-D", "pull", repoName), trustedCmd).Assert(c, icmd.Expected{ + cli.Docker(cli.Args("-D", "pull", repoName), trustedCmd).Assert(c, icmd.Expected{ Err: "retrieving target for targets/releases role", }) } @@ -251,22 +200,22 @@ func (s *DockerTrustSuite) TestTrustedPullIgnoresOtherDelegationRoles(c *check.C s.notaryPublish(c, repoName) // Push should write to the delegation role, not targets - dockerCmd(c, "tag", "busybox", targetName) - icmd.RunCmd(icmd.Command(dockerBinary, "push", targetName), trustedCmd).Assert(c, icmd.Success) + cli.DockerCmd(c, "tag", "busybox", targetName) + cli.Docker(cli.Args("push", targetName), trustedCmd).Assert(c, icmd.Success) s.assertTargetInRoles(c, repoName, "latest", "targets/other") s.assertTargetNotInRoles(c, repoName, "latest", "targets") // Try pull - we should fail, since pull will only pull from the targets/releases // role or the targets role - dockerCmd(c, "tag", "busybox", targetName) - icmd.RunCmd(icmd.Command(dockerBinary, "-D", "pull", repoName), trustedCmd).Assert(c, icmd.Expected{ + cli.DockerCmd(c, "tag", "busybox", targetName) + cli.Docker(cli.Args("-D", "pull", repoName), trustedCmd).Assert(c, icmd.Expected{ ExitCode: 1, Err: "No trust data for", }) // try a pull -a: we should fail since pull will only pull from the targets/releases // role or the targets role - icmd.RunCmd(icmd.Command(dockerBinary, "-D", "pull", "-a", repoName), trustedCmd).Assert(c, icmd.Expected{ + cli.Docker(cli.Args("-D", "pull", "-a", repoName), trustedCmd).Assert(c, icmd.Expected{ ExitCode: 1, Err: "No trusted tags for", }) diff --git a/integration-cli/docker_cli_push_test.go b/integration-cli/docker_cli_push_test.go index 9fae636dfc..5b5b5003dc 100644 --- a/integration-cli/docker_cli_push_test.go +++ b/integration-cli/docker_cli_push_test.go @@ -3,6 +3,13 @@ package main import ( "archive/tar" "fmt" + "github.com/docker/distribution/reference" + cliconfig "github.com/docker/docker/cli/config" + "github.com/docker/docker/integration-cli/checker" + "github.com/docker/docker/integration-cli/cli" + "github.com/docker/docker/integration-cli/cli/build" + icmd "github.com/docker/docker/pkg/testutil/cmd" + "github.com/go-check/check" "io/ioutil" "net/http" "net/http/httptest" @@ -10,15 +17,6 @@ import ( "path/filepath" "strings" "sync" - "time" - - "github.com/docker/distribution/reference" - cliconfig "github.com/docker/docker/cli/config" - "github.com/docker/docker/integration-cli/checker" - "github.com/docker/docker/integration-cli/cli/build" - "github.com/docker/docker/pkg/testutil" - icmd "github.com/docker/docker/pkg/testutil/cmd" - "github.com/go-check/check" ) // Pushing an image to a private registry. @@ -285,12 +283,12 @@ func (s *DockerSchema1RegistrySuite) TestCrossRepositoryLayerPushNotSupported(c func (s *DockerTrustSuite) TestTrustedPush(c *check.C) { repoName := fmt.Sprintf("%v/dockerclitrusted/pushtest:latest", privateRegistryURL) // tag the image and upload it to the private registry - dockerCmd(c, "tag", "busybox", repoName) + cli.DockerCmd(c, "tag", "busybox", repoName) - icmd.RunCmd(icmd.Command(dockerBinary, "push", repoName), trustedCmd).Assert(c, SuccessSigningAndPushing) + cli.Docker(cli.Args("push", repoName), trustedCmd).Assert(c, SuccessSigningAndPushing) // Try pull after push - icmd.RunCmd(icmd.Command(dockerBinary, "pull", repoName), trustedCmd).Assert(c, icmd.Expected{ + cli.Docker(cli.Args("pull", repoName), trustedCmd).Assert(c, icmd.Expected{ Out: "Status: Image is up to date", }) @@ -304,12 +302,12 @@ func (s *DockerTrustSuite) TestTrustedPush(c *check.C) { func (s *DockerTrustSuite) TestTrustedPushWithEnvPasswords(c *check.C) { repoName := fmt.Sprintf("%v/dockerclienv/trusted:latest", privateRegistryURL) // tag the image and upload it to the private registry - dockerCmd(c, "tag", "busybox", repoName) + cli.DockerCmd(c, "tag", "busybox", repoName) - icmd.RunCmd(icmd.Command(dockerBinary, "push", repoName), trustedCmdWithPassphrases("12345678", "12345678")).Assert(c, SuccessSigningAndPushing) + cli.Docker(cli.Args("push", repoName), trustedCmdWithPassphrases("12345678", "12345678")).Assert(c, SuccessSigningAndPushing) // Try pull after push - icmd.RunCmd(icmd.Command(dockerBinary, "pull", repoName), trustedCmd).Assert(c, icmd.Expected{ + cli.Docker(cli.Args("pull", repoName), trustedCmd).Assert(c, icmd.Expected{ Out: "Status: Image is up to date", }) } @@ -317,10 +315,10 @@ func (s *DockerTrustSuite) TestTrustedPushWithEnvPasswords(c *check.C) { func (s *DockerTrustSuite) TestTrustedPushWithFailingServer(c *check.C) { repoName := fmt.Sprintf("%v/dockerclitrusted/failingserver:latest", privateRegistryURL) // tag the image and upload it to the private registry - dockerCmd(c, "tag", "busybox", repoName) + cli.DockerCmd(c, "tag", "busybox", repoName) // Using a name that doesn't resolve to an address makes this test faster - icmd.RunCmd(icmd.Command(dockerBinary, "push", repoName), trustedCmdWithServer("https://server.invalid:81/")).Assert(c, icmd.Expected{ + cli.Docker(cli.Args("push", repoName), trustedCmdWithServer("https://server.invalid:81/")).Assert(c, icmd.Expected{ ExitCode: 1, Err: "error contacting notary server", }) @@ -329,9 +327,9 @@ func (s *DockerTrustSuite) TestTrustedPushWithFailingServer(c *check.C) { func (s *DockerTrustSuite) TestTrustedPushWithoutServerAndUntrusted(c *check.C) { repoName := fmt.Sprintf("%v/dockerclitrusted/trustedandnot:latest", privateRegistryURL) // tag the image and upload it to the private registry - dockerCmd(c, "tag", "busybox", repoName) + cli.DockerCmd(c, "tag", "busybox", repoName) - result := icmd.RunCmd(icmd.Command(dockerBinary, "push", "--disable-content-trust", repoName), trustedCmdWithServer("https://server.invalid:81/")) + result := cli.Docker(cli.Args("push", "--disable-content-trust", repoName), trustedCmdWithServer("https://server.invalid:81/")) result.Assert(c, icmd.Success) c.Assert(result.Combined(), check.Not(checker.Contains), "Error establishing connection to notary repository", check.Commentf("Missing expected output on trusted push with --disable-content-trust:")) } @@ -339,13 +337,13 @@ func (s *DockerTrustSuite) TestTrustedPushWithoutServerAndUntrusted(c *check.C) func (s *DockerTrustSuite) TestTrustedPushWithExistingTag(c *check.C) { repoName := fmt.Sprintf("%v/dockerclitag/trusted:latest", privateRegistryURL) // tag the image and upload it to the private registry - dockerCmd(c, "tag", "busybox", repoName) - dockerCmd(c, "push", repoName) + cli.DockerCmd(c, "tag", "busybox", repoName) + cli.DockerCmd(c, "push", repoName) - icmd.RunCmd(icmd.Command(dockerBinary, "push", repoName), trustedCmd).Assert(c, SuccessSigningAndPushing) + cli.Docker(cli.Args("push", repoName), trustedCmd).Assert(c, SuccessSigningAndPushing) // Try pull after push - icmd.RunCmd(icmd.Command(dockerBinary, "pull", repoName), trustedCmd).Assert(c, icmd.Expected{ + cli.Docker(cli.Args("pull", repoName), trustedCmd).Assert(c, icmd.Expected{ Out: "Status: Image is up to date", }) } @@ -353,76 +351,34 @@ func (s *DockerTrustSuite) TestTrustedPushWithExistingTag(c *check.C) { func (s *DockerTrustSuite) TestTrustedPushWithExistingSignedTag(c *check.C) { repoName := fmt.Sprintf("%v/dockerclipushpush/trusted:latest", privateRegistryURL) // tag the image and upload it to the private registry - dockerCmd(c, "tag", "busybox", repoName) + cli.DockerCmd(c, "tag", "busybox", repoName) // Do a trusted push - icmd.RunCmd(icmd.Command(dockerBinary, "push", repoName), trustedCmd).Assert(c, SuccessSigningAndPushing) + cli.Docker(cli.Args("push", repoName), trustedCmd).Assert(c, SuccessSigningAndPushing) // Do another trusted push - icmd.RunCmd(icmd.Command(dockerBinary, "push", repoName), trustedCmd).Assert(c, SuccessSigningAndPushing) - dockerCmd(c, "rmi", repoName) + cli.Docker(cli.Args("push", repoName), trustedCmd).Assert(c, SuccessSigningAndPushing) + cli.DockerCmd(c, "rmi", repoName) // Try pull to ensure the double push did not break our ability to pull - icmd.RunCmd(icmd.Command(dockerBinary, "pull", repoName), trustedCmd).Assert(c, SuccessDownloaded) + cli.Docker(cli.Args("pull", repoName), trustedCmd).Assert(c, SuccessDownloaded) } func (s *DockerTrustSuite) TestTrustedPushWithIncorrectPassphraseForNonRoot(c *check.C) { repoName := fmt.Sprintf("%v/dockercliincorretpwd/trusted:latest", privateRegistryURL) // tag the image and upload it to the private registry - dockerCmd(c, "tag", "busybox", repoName) + cli.DockerCmd(c, "tag", "busybox", repoName) // Push with default passphrases - icmd.RunCmd(icmd.Command(dockerBinary, "push", repoName), trustedCmd).Assert(c, SuccessSigningAndPushing) + cli.Docker(cli.Args("push", repoName), trustedCmd).Assert(c, SuccessSigningAndPushing) // Push with wrong passphrases - icmd.RunCmd(icmd.Command(dockerBinary, "push", repoName), trustedCmdWithPassphrases("12345678", "87654321")).Assert(c, icmd.Expected{ + cli.Docker(cli.Args("push", repoName), trustedCmdWithPassphrases("12345678", "87654321")).Assert(c, icmd.Expected{ ExitCode: 1, Err: "could not find necessary signing keys", }) } -func (s *DockerTrustSuite) TestTrustedPushWithExpiredSnapshot(c *check.C) { - c.Skip("Currently changes system time, causing instability") - repoName := fmt.Sprintf("%v/dockercliexpiredsnapshot/trusted:latest", privateRegistryURL) - // tag the image and upload it to the private registry - dockerCmd(c, "tag", "busybox", repoName) - - // Push with default passphrases - icmd.RunCmd(icmd.Command(dockerBinary, "push", repoName), trustedCmd).Assert(c, SuccessSigningAndPushing) - - // Snapshots last for three years. This should be expired - fourYearsLater := time.Now().Add(time.Hour * 24 * 365 * 4) - - testutil.RunAtDifferentDate(fourYearsLater, func() { - // Push with wrong passphrases - icmd.RunCmd(icmd.Cmd{ - Command: []string{dockerBinary, "push", repoName}, - }, trustedCmd).Assert(c, icmd.Expected{ - ExitCode: 1, - Err: "repository out-of-date", - }) - }) -} - -func (s *DockerTrustSuite) TestTrustedPushWithExpiredTimestamp(c *check.C) { - c.Skip("Currently changes system time, causing instability") - repoName := fmt.Sprintf("%v/dockercliexpiredtimestamppush/trusted:latest", privateRegistryURL) - // tag the image and upload it to the private registry - dockerCmd(c, "tag", "busybox", repoName) - - // Push with default passphrases - icmd.RunCmd(icmd.Command(dockerBinary, "push", repoName), trustedCmd).Assert(c, SuccessSigningAndPushing) - - // The timestamps expire in two weeks. Lets check three - threeWeeksLater := time.Now().Add(time.Hour * 24 * 21) - - // Should succeed because the server transparently re-signs one - testutil.RunAtDifferentDate(threeWeeksLater, func() { - icmd.RunCmd(icmd.Command(dockerBinary, "push", repoName), - trustedCmd).Assert(c, SuccessSigningAndPushing) - }) -} - func (s *DockerTrustSuite) TestTrustedPushWithReleasesDelegationOnly(c *check.C) { testRequires(c, NotaryHosting) repoName := fmt.Sprintf("%v/dockerclireleasedelegationinitfirst/trusted", privateRegistryURL) @@ -434,9 +390,9 @@ func (s *DockerTrustSuite) TestTrustedPushWithReleasesDelegationOnly(c *check.C) s.notaryImportKey(c, repoName, "targets/releases", s.not.keys[0].Private) // tag the image and upload it to the private registry - dockerCmd(c, "tag", "busybox", targetName) + cli.DockerCmd(c, "tag", "busybox", targetName) - icmd.RunCmd(icmd.Command(dockerBinary, "push", targetName), trustedCmd).Assert(c, SuccessSigningAndPushing) + cli.Docker(cli.Args("push", targetName), trustedCmd).Assert(c, SuccessSigningAndPushing) // check to make sure that the target has been added to targets/releases and not targets s.assertTargetInRoles(c, repoName, "latest", "targets/releases") s.assertTargetNotInRoles(c, repoName, "latest", "targets") @@ -444,7 +400,7 @@ func (s *DockerTrustSuite) TestTrustedPushWithReleasesDelegationOnly(c *check.C) // Try pull after push os.RemoveAll(filepath.Join(cliconfig.Dir(), "trust")) - icmd.RunCmd(icmd.Command(dockerBinary, "pull", targetName), trustedCmd).Assert(c, icmd.Expected{ + cli.Docker(cli.Args("pull", targetName), trustedCmd).Assert(c, icmd.Expected{ Out: "Status: Image is up to date", }) } @@ -468,9 +424,9 @@ func (s *DockerTrustSuite) TestTrustedPushSignsAllFirstLevelRolesWeHaveKeysFor(c s.notaryPublish(c, repoName) // tag the image and upload it to the private registry - dockerCmd(c, "tag", "busybox", targetName) + cli.DockerCmd(c, "tag", "busybox", targetName) - icmd.RunCmd(icmd.Command(dockerBinary, "push", targetName), trustedCmd).Assert(c, SuccessSigningAndPushing) + cli.Docker(cli.Args("push", targetName), trustedCmd).Assert(c, SuccessSigningAndPushing) // check to make sure that the target has been added to targets/role1 and targets/role2, and // not targets (because there are delegations) or targets/role3 (due to missing key) or @@ -482,7 +438,7 @@ func (s *DockerTrustSuite) TestTrustedPushSignsAllFirstLevelRolesWeHaveKeysFor(c os.RemoveAll(filepath.Join(cliconfig.Dir(), "trust")) // pull should fail because none of these are the releases role - icmd.RunCmd(icmd.Command(dockerBinary, "pull", targetName), trustedCmd).Assert(c, icmd.Expected{ + cli.Docker(cli.Args("pull", targetName), trustedCmd).Assert(c, icmd.Expected{ ExitCode: 1, }) } @@ -504,9 +460,9 @@ func (s *DockerTrustSuite) TestTrustedPushSignsForRolesWithKeysAndValidPaths(c * s.notaryPublish(c, repoName) // tag the image and upload it to the private registry - dockerCmd(c, "tag", "busybox", targetName) + cli.DockerCmd(c, "tag", "busybox", targetName) - icmd.RunCmd(icmd.Command(dockerBinary, "push", targetName), trustedCmd).Assert(c, SuccessSigningAndPushing) + cli.Docker(cli.Args("push", targetName), trustedCmd).Assert(c, SuccessSigningAndPushing) // check to make sure that the target has been added to targets/role1 and targets/role4, and // not targets (because there are delegations) or targets/role2 (due to path restrictions) or @@ -518,7 +474,7 @@ func (s *DockerTrustSuite) TestTrustedPushSignsForRolesWithKeysAndValidPaths(c * os.RemoveAll(filepath.Join(cliconfig.Dir(), "trust")) // pull should fail because none of these are the releases role - icmd.RunCmd(icmd.Command(dockerBinary, "pull", targetName), trustedCmd).Assert(c, icmd.Expected{ + cli.Docker(cli.Args("pull", targetName), trustedCmd).Assert(c, icmd.Expected{ ExitCode: 1, }) } @@ -534,9 +490,9 @@ func (s *DockerTrustSuite) TestTrustedPushDoesntSignTargetsIfDelegationsExist(c // do not import any delegations key // tag the image and upload it to the private registry - dockerCmd(c, "tag", "busybox", targetName) + cli.DockerCmd(c, "tag", "busybox", targetName) - icmd.RunCmd(icmd.Command(dockerBinary, "push", targetName), trustedCmd).Assert(c, icmd.Expected{ + cli.Docker(cli.Args("push", targetName), trustedCmd).Assert(c, icmd.Expected{ ExitCode: 1, Err: "no valid signing keys", }) diff --git a/integration-cli/docker_cli_run_test.go b/integration-cli/docker_cli_run_test.go index ecd15b6583..544cfdf9a8 100644 --- a/integration-cli/docker_cli_run_test.go +++ b/integration-cli/docker_cli_run_test.go @@ -3165,11 +3165,11 @@ func (s *DockerTrustSuite) TestTrustedRun(c *check.C) { repoName := s.setupTrustedImage(c, "trusted-run") // Try run - icmd.RunCmd(icmd.Command(dockerBinary, "run", repoName), trustedCmd).Assert(c, SuccessTagging) - dockerCmd(c, "rmi", repoName) + cli.Docker(cli.Args("run", repoName), trustedCmd).Assert(c, SuccessTagging) + cli.DockerCmd(c, "rmi", repoName) // Try untrusted run to ensure we pushed the tag to the registry - icmd.RunCmd(icmd.Command(dockerBinary, "run", "--disable-content-trust=true", repoName), trustedCmd).Assert(c, SuccessDownloadedOnStderr) + cli.Docker(cli.Args("run", "--disable-content-trust=true", repoName), trustedCmd).Assert(c, SuccessDownloadedOnStderr) } func (s *DockerTrustSuite) TestUntrustedRun(c *check.C) { @@ -3177,44 +3177,17 @@ func (s *DockerTrustSuite) TestUntrustedRun(c *check.C) { testRequires(c, DaemonIsLinux) repoName := fmt.Sprintf("%v/dockercliuntrusted/runtest:latest", privateRegistryURL) // tag the image and upload it to the private registry - dockerCmd(c, "tag", "busybox", repoName) - dockerCmd(c, "push", repoName) - dockerCmd(c, "rmi", repoName) + cli.DockerCmd(c, "tag", "busybox", repoName) + cli.DockerCmd(c, "push", repoName) + cli.DockerCmd(c, "rmi", repoName) // Try trusted run on untrusted tag - icmd.RunCmd(icmd.Command(dockerBinary, "run", repoName), trustedCmd).Assert(c, icmd.Expected{ + cli.Docker(cli.Args("run", repoName), trustedCmd).Assert(c, icmd.Expected{ ExitCode: 125, Err: "does not have trust data for", }) } -func (s *DockerTrustSuite) TestRunWhenCertExpired(c *check.C) { - // Windows does not support this functionality - testRequires(c, DaemonIsLinux) - c.Skip("Currently changes system time, causing instability") - repoName := s.setupTrustedImage(c, "trusted-run-expired") - - // Certificates have 10 years of expiration - elevenYearsFromNow := time.Now().Add(time.Hour * 24 * 365 * 11) - - testutil.RunAtDifferentDate(elevenYearsFromNow, func() { - // Try run - icmd.RunCmd(icmd.Cmd{ - Command: []string{dockerBinary, "run", repoName}, - }, trustedCmd).Assert(c, icmd.Expected{ - ExitCode: 1, - Err: "could not validate the path to a trusted root", - }) - }) - - testutil.RunAtDifferentDate(elevenYearsFromNow, func() { - // Try run - icmd.RunCmd(icmd.Cmd{ - Command: []string{dockerBinary, "run", "--disable-content-trust", repoName}, - }, trustedCmd).Assert(c, SuccessDownloaded) - }) -} - func (s *DockerTrustSuite) TestTrustedRunFromBadTrustServer(c *check.C) { // Windows does not support this functionality testRequires(c, DaemonIsLinux) @@ -3225,14 +3198,14 @@ func (s *DockerTrustSuite) TestTrustedRunFromBadTrustServer(c *check.C) { } // tag the image and upload it to the private registry - dockerCmd(c, "tag", "busybox", repoName) + cli.DockerCmd(c, "tag", "busybox", repoName) - icmd.RunCmd(icmd.Command(dockerBinary, "push", repoName), trustedCmd).Assert(c, SuccessSigningAndPushing) - dockerCmd(c, "rmi", repoName) + cli.Docker(cli.Args("push", repoName), trustedCmd).Assert(c, SuccessSigningAndPushing) + cli.DockerCmd(c, "rmi", repoName) // Try run - icmd.RunCmd(icmd.Command(dockerBinary, "run", repoName), trustedCmd).Assert(c, SuccessTagging) - dockerCmd(c, "rmi", repoName) + cli.Docker(cli.Args("run", repoName), trustedCmd).Assert(c, SuccessTagging) + cli.DockerCmd(c, "rmi", repoName) // Kill the notary server, start a new "evil" one. s.not.Close() @@ -3243,13 +3216,13 @@ func (s *DockerTrustSuite) TestTrustedRunFromBadTrustServer(c *check.C) { // In order to make an evil server, lets re-init a client (with a different trust dir) and push new data. // tag an image and upload it to the private registry - dockerCmd(c, "--config", evilLocalConfigDir, "tag", "busybox", repoName) + cli.DockerCmd(c, "--config", evilLocalConfigDir, "tag", "busybox", repoName) // Push up to the new server - icmd.RunCmd(icmd.Command(dockerBinary, "--config", evilLocalConfigDir, "push", repoName), trustedCmd).Assert(c, SuccessSigningAndPushing) + cli.Docker(cli.Args("--config", evilLocalConfigDir, "push", repoName), trustedCmd).Assert(c, SuccessSigningAndPushing) // Now, try running with the original client from this new trust server. This should fail because the new root is invalid. - icmd.RunCmd(icmd.Command(dockerBinary, "run", repoName), trustedCmd).Assert(c, icmd.Expected{ + cli.Docker(cli.Args("run", repoName), trustedCmd).Assert(c, icmd.Expected{ ExitCode: 125, Err: "could not rotate trust to a new trusted root", }) diff --git a/integration-cli/docker_cli_swarm_test.go b/integration-cli/docker_cli_swarm_test.go index f6b26ab5fd..5d79ee9176 100644 --- a/integration-cli/docker_cli_swarm_test.go +++ b/integration-cli/docker_cli_swarm_test.go @@ -1539,8 +1539,7 @@ func (s *DockerTrustedSwarmSuite) TestTrustedServiceCreate(c *check.C) { repoName := s.trustSuite.setupTrustedImage(c, "trusted-pull") name := "trusted" - serviceCmd := d.Command("-D", "service", "create", "--name", name, repoName, "top") - icmd.RunCmd(serviceCmd, trustedCmd).Assert(c, icmd.Expected{ + cli.Docker(cli.Args("-D", "service", "create", "--name", name, repoName, "top"), trustedCmd, cli.Daemon(d.Daemon)).Assert(c, icmd.Expected{ Err: "resolved image tag to", }) @@ -1552,13 +1551,12 @@ func (s *DockerTrustedSwarmSuite) TestTrustedServiceCreate(c *check.C) { repoName = fmt.Sprintf("%v/untrustedservicecreate/createtest:latest", privateRegistryURL) // tag the image and upload it to the private registry - dockerCmd(c, "tag", "busybox", repoName) - dockerCmd(c, "push", repoName) - dockerCmd(c, "rmi", repoName) + cli.DockerCmd(c, "tag", "busybox", repoName) + cli.DockerCmd(c, "push", repoName) + cli.DockerCmd(c, "rmi", repoName) name = "untrusted" - serviceCmd = d.Command("service", "create", "--name", name, repoName, "top") - icmd.RunCmd(serviceCmd, trustedCmd).Assert(c, icmd.Expected{ + cli.Docker(cli.Args("service", "create", "--name", name, repoName, "top"), trustedCmd, cli.Daemon(d.Daemon)).Assert(c, icmd.Expected{ ExitCode: 1, Err: "Error: remote trust data does not exist", }) @@ -1576,34 +1574,31 @@ func (s *DockerTrustedSwarmSuite) TestTrustedServiceUpdate(c *check.C) { name := "myservice" // Create a service without content trust - _, err := d.Cmd("service", "create", "--name", name, repoName, "top") - c.Assert(err, checker.IsNil) + cli.Docker(cli.Args("service", "create", "--name", name, repoName, "top"), cli.Daemon(d.Daemon)).Assert(c, icmd.Success) - out, err := d.Cmd("service", "inspect", "--pretty", name) - c.Assert(err, checker.IsNil, check.Commentf(out)) + result := cli.Docker(cli.Args("service", "inspect", "--pretty", name), cli.Daemon(d.Daemon)) + c.Assert(result.Error, checker.IsNil, check.Commentf(result.Combined())) // Daemon won't insert the digest because this is disabled by // DOCKER_SERVICE_PREFER_OFFLINE_IMAGE. - c.Assert(out, check.Not(checker.Contains), repoName+"@", check.Commentf(out)) + c.Assert(result.Combined(), check.Not(checker.Contains), repoName+"@", check.Commentf(result.Combined())) - serviceCmd := d.Command("-D", "service", "update", "--image", repoName, name) - icmd.RunCmd(serviceCmd, trustedCmd).Assert(c, icmd.Expected{ + cli.Docker(cli.Args("-D", "service", "update", "--image", repoName, name), trustedCmd, cli.Daemon(d.Daemon)).Assert(c, icmd.Expected{ Err: "resolved image tag to", }) - out, err = d.Cmd("service", "inspect", "--pretty", name) - c.Assert(err, checker.IsNil, check.Commentf(out)) - c.Assert(out, checker.Contains, repoName+"@", check.Commentf(out)) + cli.Docker(cli.Args("service", "inspect", "--pretty", name), cli.Daemon(d.Daemon)).Assert(c, icmd.Expected{ + Out: repoName + "@", + }) // Try trusted service update on an untrusted tag. repoName = fmt.Sprintf("%v/untrustedservicecreate/createtest:latest", privateRegistryURL) // tag the image and upload it to the private registry - dockerCmd(c, "tag", "busybox", repoName) - dockerCmd(c, "push", repoName) - dockerCmd(c, "rmi", repoName) + cli.DockerCmd(c, "tag", "busybox", repoName) + cli.DockerCmd(c, "push", repoName) + cli.DockerCmd(c, "rmi", repoName) - serviceCmd = d.Command("service", "update", "--image", repoName, name) - icmd.RunCmd(serviceCmd, trustedCmd).Assert(c, icmd.Expected{ + cli.Docker(cli.Args("service", "update", "--image", repoName, name), trustedCmd, cli.Daemon(d.Daemon)).Assert(c, icmd.Expected{ ExitCode: 1, Err: "Error: remote trust data does not exist", }) diff --git a/integration-cli/trust_server_test.go b/integration-cli/trust_server_test.go index ddfbefc61d..e3f0674cf3 100644 --- a/integration-cli/trust_server_test.go +++ b/integration-cli/trust_server_test.go @@ -13,6 +13,7 @@ import ( cliconfig "github.com/docker/docker/cli/config" "github.com/docker/docker/integration-cli/checker" + "github.com/docker/docker/integration-cli/cli" icmd "github.com/docker/docker/pkg/testutil/cmd" "github.com/docker/go-connections/tlsconfig" "github.com/go-check/check" @@ -47,14 +48,6 @@ var SuccessDownloaded = icmd.Expected{ Out: "Status: Downloaded", } -var SuccessTaggingOnStderr = icmd.Expected{ - Err: "Tagging", -} - -var SuccessSigningAndPushingOnStderr = icmd.Expected{ - Err: "Signing and pushing trust metadata", -} - var SuccessDownloadedOnStderr = icmd.Expected{ Err: "Status: Downloaded", } @@ -190,21 +183,24 @@ func (t *testNotary) Close() { os.RemoveAll(t.dir) } -func trustedCmd(cmd *icmd.Cmd) { +func trustedCmd(cmd *icmd.Cmd) func() { pwd := "12345678" cmd.Env = append(cmd.Env, trustEnv(notaryURL, pwd, pwd)...) + return nil } -func trustedCmdWithServer(server string) func(*icmd.Cmd) { - return func(cmd *icmd.Cmd) { +func trustedCmdWithServer(server string) func(*icmd.Cmd) func() { + return func(cmd *icmd.Cmd) func() { pwd := "12345678" cmd.Env = append(cmd.Env, trustEnv(server, pwd, pwd)...) + return nil } } -func trustedCmdWithPassphrases(rootPwd, repositoryPwd string) func(*icmd.Cmd) { - return func(cmd *icmd.Cmd) { +func trustedCmdWithPassphrases(rootPwd, repositoryPwd string) func(*icmd.Cmd) func() { + return func(cmd *icmd.Cmd) func() { cmd.Env = append(cmd.Env, trustEnv(notaryURL, rootPwd, repositoryPwd)...) + return nil } } @@ -221,28 +217,18 @@ func trustEnv(server, rootPwd, repositoryPwd string) []string { func (s *DockerTrustSuite) setupTrustedImage(c *check.C, name string) string { repoName := fmt.Sprintf("%v/dockercli/%s:latest", privateRegistryURL, name) // tag the image and upload it to the private registry - dockerCmd(c, "tag", "busybox", repoName) - - icmd.RunCmd(icmd.Command(dockerBinary, "push", repoName), trustedCmd).Assert(c, SuccessSigningAndPushing) - - if out, status := dockerCmd(c, "rmi", repoName); status != 0 { - c.Fatalf("Error removing image %q\n%s", repoName, out) - } - + cli.DockerCmd(c, "tag", "busybox", repoName) + cli.Docker(cli.Args("push", repoName), trustedCmd).Assert(c, SuccessSigningAndPushing) + cli.DockerCmd(c, "rmi", repoName) return repoName } func (s *DockerTrustSuite) setupTrustedplugin(c *check.C, source, name string) string { repoName := fmt.Sprintf("%v/dockercli/%s:latest", privateRegistryURL, name) // tag the image and upload it to the private registry - dockerCmd(c, "plugin", "install", "--grant-all-permissions", "--alias", repoName, source) - - icmd.RunCmd(icmd.Command(dockerBinary, "plugin", "push", repoName), trustedCmd).Assert(c, SuccessSigningAndPushing) - - if out, status := dockerCmd(c, "plugin", "rm", "-f", repoName); status != 0 { - c.Fatalf("Error removing plugin %q\n%s", repoName, out) - } - + cli.DockerCmd(c, "plugin", "install", "--grant-all-permissions", "--alias", repoName, source) + cli.Docker(cli.Args("plugin", "push", repoName), trustedCmd).Assert(c, SuccessSigningAndPushing) + cli.DockerCmd(c, "plugin", "rm", "-f", repoName) return repoName } diff --git a/pkg/testutil/utils.go b/pkg/testutil/utils.go index 194675385f..0522dde2b1 100644 --- a/pkg/testutil/utils.go +++ b/pkg/testutil/utils.go @@ -16,7 +16,6 @@ import ( "github.com/docker/docker/pkg/stringutils" "github.com/docker/docker/pkg/system" - icmd "github.com/docker/docker/pkg/testutil/cmd" ) // IsKilled process the specified error and returns whether the process was killed or not. @@ -212,20 +211,6 @@ func (c *ChannelBuffer) ReadTimeout(p []byte, n time.Duration) (int, error) { } } -// RunAtDifferentDate runs the specified function with the given time. -// It changes the date of the system, which can led to weird behaviors. -func RunAtDifferentDate(date time.Time, block func()) { - // Layout for date. MMDDhhmmYYYY - const timeLayout = "010203042006" - // Ensure we bring time back to now - now := time.Now().Format(timeLayout) - defer icmd.RunCommand("date", now) - - icmd.RunCommand("date", date.Format(timeLayout)) - block() - return -} - // ReadBody read the specified ReadCloser content and returns it func ReadBody(b io.ReadCloser) ([]byte, error) { defer b.Close() diff --git a/pkg/testutil/utils_test.go b/pkg/testutil/utils_test.go index d1dddaffa9..d37f3f4f83 100644 --- a/pkg/testutil/utils_test.go +++ b/pkg/testutil/utils_test.go @@ -339,25 +339,3 @@ func TestChannelBuffer(t *testing.T) { t.Fatalf("Expected '%s', got '%s'", expected, string(b)) } } - -// FIXME doesn't work -// func TestRunAtDifferentDate(t *testing.T) { -// var date string - -// // Layout for date. MMDDhhmmYYYY -// const timeLayout = "20060102" -// expectedDate := "20100201" -// theDate, err := time.Parse(timeLayout, expectedDate) -// if err != nil { -// t.Fatal(err) -// } - -// RunAtDifferentDate(theDate, func() { -// cmd := exec.Command("date", "+%Y%M%d") -// out, err := cmd.Output() -// if err != nil { -// t.Fatal(err) -// } -// date = string(out) -// }) -// }