1
0
Fork 0
mirror of https://github.com/moby/moby.git synced 2022-11-09 12:21:53 -05:00

Add test for targets/releases preference when pulling

Signed-off-by: Riyaz Faizullabhoy <riyaz.faizullabhoy@docker.com>
This commit is contained in:
Riyaz Faizullabhoy 2016-03-09 00:18:30 -08:00 committed by cyli
parent 497a58e6e4
commit ca57f4e6a8
4 changed files with 61 additions and 2 deletions

View file

@ -339,6 +339,7 @@ func (cli *DockerCli) trustedPull(repoInfo *registry.RepositoryInfo, ref registr
if err != nil {
return notaryError(repoInfo.FullName(), err)
}
logrus.Debugf("retrieving target for %s role\n", t.Role)
r, err := convertTarget(t.Target)
if err != nil {
return err
@ -510,7 +511,6 @@ func (cli *DockerCli) addTargetToAllSignableRoles(repo *client.NotaryRepository,
// Also don't bother checking the keys if we can't add the target
// to this role due to path restrictions
if path.Dir(delegationRole.Name) != data.CanonicalTargetsRole || !delegationRole.CheckPaths(target.Name) {
fmt.Println("skipping", delegationRole.Name)
continue
}

View file

@ -2,8 +2,11 @@ package main
import (
"fmt"
"os"
"path/filepath"
"testing"
"github.com/docker/docker/cliconfig"
"github.com/docker/docker/pkg/reexec"
"github.com/go-check/check"
)
@ -206,5 +209,8 @@ func (s *DockerTrustSuite) TearDownTest(c *check.C) {
if s.not != nil {
s.not.Close()
}
// Remove trusted keys and metadata after test
os.RemoveAll(filepath.Join(cliconfig.ConfigDir(), "trust"))
s.ds.TearDownTest(c)
}

View file

@ -254,3 +254,56 @@ func (s *DockerTrustSuite) TestTrustedPullDelete(c *check.C) {
_, err = inspectFieldWithError(imageID, "Id")
c.Assert(err, checker.NotNil, check.Commentf("image should have been deleted"))
}
func (s *DockerTrustSuite) TestTrustedPullReadsFromReleasesRole(c *check.C) {
repoName := fmt.Sprintf("%v/dockerclireleasesdelegationpulling/trusted", privateRegistryURL)
targetName := fmt.Sprintf("%s:latest", repoName)
pwd := "12345678"
// Push with targets first, initializing the repo
dockerCmd(c, "tag", "busybox", targetName)
pushCmd := exec.Command(dockerBinary, "push", targetName)
s.trustedCmdWithPassphrases(pushCmd, pwd, pwd)
out, _, err := runCommandWithOutput(pushCmd)
c.Assert(err, check.IsNil, check.Commentf(out))
// Try pull, check we retrieve from targets role
pullCmd := exec.Command(dockerBinary, "-D", "pull", repoName)
s.trustedCmd(pullCmd)
out, _, err = runCommandWithOutput(pullCmd)
c.Assert(err, check.IsNil, check.Commentf(out))
c.Assert(out, checker.Contains, "retrieving target for targets role")
// Now we'll create the releases role, and try pushing and pulling
s.notaryCreateDelegation(c, repoName, pwd, "targets/releases", s.not.keys[0].Public)
s.notaryImportKey(c, repoName, "targets/releases", s.not.keys[0].Private)
s.notaryPublish(c, repoName, pwd)
// Push, should sign with targets/releases
dockerCmd(c, "tag", "busybox", targetName)
pushCmd = exec.Command(dockerBinary, "push", targetName)
s.trustedCmdWithPassphrases(pushCmd, pwd, pwd)
out, _, err = runCommandWithOutput(pushCmd)
// Try pull, check we retrieve from targets/releases role
pullCmd = exec.Command(dockerBinary, "-D", "pull", repoName)
s.trustedCmd(pullCmd)
out, _, err = runCommandWithOutput(pullCmd)
c.Assert(out, checker.Contains, "retrieving target for targets/releases role")
// Create another delegation that we'll sign with
s.notaryCreateDelegation(c, repoName, pwd, "targets/other", s.not.keys[1].Public)
s.notaryImportKey(c, repoName, "targets/other", s.not.keys[1].Private)
s.notaryPublish(c, repoName, pwd)
dockerCmd(c, "tag", "busybox", targetName)
pushCmd = exec.Command(dockerBinary, "push", targetName)
s.trustedCmdWithPassphrases(pushCmd, pwd, pwd)
out, _, err = runCommandWithOutput(pushCmd)
// Try pull, check we retrieve from targets/releases role
pullCmd = exec.Command(dockerBinary, "-D", "pull", repoName)
s.trustedCmd(pullCmd)
out, _, err = runCommandWithOutput(pullCmd)
c.Assert(out, checker.Contains, "retrieving target for targets/releases role")
}

View file

@ -631,7 +631,7 @@ func (s *DockerTrustSuite) TestTrustedPushDoesntSignTargetsIfDelegationsExist(c
pushCmd := exec.Command(dockerBinary, "push", targetName)
s.trustedCmdWithPassphrases(pushCmd, pwd, pwd)
out, _, err := runCommandWithOutput(pushCmd)
c.Assert(err, check.Not(check.IsNil), check.Commentf("trusted push succeed but should have failed:\n%s", out))
c.Assert(err, check.Not(check.IsNil), check.Commentf("trusted push succeeded but should have failed:\n%s", out))
c.Assert(out, checker.Contains, "no valid signing keys",
check.Commentf("Missing expected output on trusted push without keys"))
}