| 6db32fde |
package main
import ( |
| 576985a1 |
"archive/tar" |
| 6db32fde |
"fmt" |
| d477d42d |
"io/ioutil"
"os" |
| 6db32fde |
"os/exec" |
| dbec2317 |
"strings"
"time" |
| d477d42d |
|
| dc944ea7 |
"github.com/go-check/check" |
| 6db32fde |
)
|
| f244ed25 |
// Pushing an image to a private registry. |
| f696b107 |
func (s *DockerRegistrySuite) TestPushBusyboxImage(c *check.C) { |
| dbec2317 |
repoName := fmt.Sprintf("%v/dockercli/busybox", privateRegistryURL) |
| a2b0c977 |
// tag the image to upload it to the private registry |
| 5c295460 |
dockerCmd(c, "tag", "busybox", repoName)
// push the image to the registry
dockerCmd(c, "push", repoName) |
| 6db32fde |
}
// pushing an image without a prefix should throw an error |
| dc944ea7 |
func (s *DockerSuite) TestPushUnprefixedRepo(c *check.C) { |
| 693ba98c |
if out, _, err := dockerCmdWithError("push", "busybox"); err == nil { |
| dc944ea7 |
c.Fatalf("pushing an unprefixed repo didn't result in a non-zero exit status: %s", out) |
| 6db32fde |
} |
| dbec2317 |
}
|
| f696b107 |
func (s *DockerRegistrySuite) TestPushUntagged(c *check.C) { |
| dbec2317 |
repoName := fmt.Sprintf("%v/dockercli/busybox", privateRegistryURL)
|
| d172f125 |
expected := "Repository does not exist" |
| 693ba98c |
if out, _, err := dockerCmdWithError("push", repoName); err == nil { |
| 3941623f |
c.Fatalf("pushing the image to the private registry should have failed: output %q", out) |
| dbec2317 |
} else if !strings.Contains(out, expected) { |
| dc944ea7 |
c.Fatalf("pushing the image failed with an unexpected message: expected %q, got %q", expected, out) |
| dbec2317 |
}
}
|
| f696b107 |
func (s *DockerRegistrySuite) TestPushBadTag(c *check.C) { |
| 403d981d |
repoName := fmt.Sprintf("%v/dockercli/busybox:latest", privateRegistryURL)
expected := "does not exist" |
| 5c295460 |
|
| 693ba98c |
if out, _, err := dockerCmdWithError("push", repoName); err == nil { |
| 3941623f |
c.Fatalf("pushing the image to the private registry should have failed: output %q", out) |
| 403d981d |
} else if !strings.Contains(out, expected) { |
| dc944ea7 |
c.Fatalf("pushing the image failed with an unexpected message: expected %q, got %q", expected, out) |
| 403d981d |
}
}
|
| f696b107 |
func (s *DockerRegistrySuite) TestPushMultipleTags(c *check.C) { |
| 403d981d |
repoName := fmt.Sprintf("%v/dockercli/busybox", privateRegistryURL)
repoTag1 := fmt.Sprintf("%v/dockercli/busybox:t1", privateRegistryURL)
repoTag2 := fmt.Sprintf("%v/dockercli/busybox:t2", privateRegistryURL) |
| 62f91b1d |
// tag the image and upload it to the private registry |
| 5c295460 |
dockerCmd(c, "tag", "busybox", repoTag1) |
| 403d981d |
|
| 5c295460 |
dockerCmd(c, "tag", "busybox", repoTag2)
|
| 4f3b0d0f |
dockerCmd(c, "push", repoName) |
| 697cdb8e |
// Ensure layer list is equivalent for repoTag1 and repoTag2
out1, _ := dockerCmd(c, "pull", repoTag1)
if strings.Contains(out1, "Tag t1 not found") {
c.Fatalf("Unable to pull pushed image: %s", out1)
}
imageAlreadyExists := ": Image already exists"
var out1Lines []string
for _, outputLine := range strings.Split(out1, "\n") {
if strings.Contains(outputLine, imageAlreadyExists) {
out1Lines = append(out1Lines, outputLine)
}
}
out2, _ := dockerCmd(c, "pull", repoTag2)
if strings.Contains(out2, "Tag t2 not found") {
c.Fatalf("Unable to pull pushed image: %s", out1)
}
var out2Lines []string
for _, outputLine := range strings.Split(out2, "\n") {
if strings.Contains(outputLine, imageAlreadyExists) {
out1Lines = append(out1Lines, outputLine)
}
}
if len(out1Lines) != len(out2Lines) {
c.Fatalf("Mismatched output length:\n%s\n%s", out1, out2)
}
for i := range out1Lines {
if out1Lines[i] != out2Lines[i] {
c.Fatalf("Mismatched output line:\n%s\n%s", out1Lines[i], out2Lines[i])
}
} |
| 403d981d |
}
|
| f696b107 |
func (s *DockerRegistrySuite) TestPushEmptyLayer(c *check.C) { |
| d477d42d |
repoName := fmt.Sprintf("%v/dockercli/emptylayer", privateRegistryURL)
emptyTarball, err := ioutil.TempFile("", "empty_tarball")
if err != nil { |
| dc944ea7 |
c.Fatalf("Unable to create test file: %v", err) |
| d477d42d |
}
tw := tar.NewWriter(emptyTarball)
err = tw.Close()
if err != nil { |
| dc944ea7 |
c.Fatalf("Error creating empty tarball: %v", err) |
| d477d42d |
}
freader, err := os.Open(emptyTarball.Name())
if err != nil { |
| dc944ea7 |
c.Fatalf("Could not open test tarball: %v", err) |
| d477d42d |
}
importCmd := exec.Command(dockerBinary, "import", "-", repoName)
importCmd.Stdin = freader
out, _, err := runCommandWithOutput(importCmd)
if err != nil { |
| dc944ea7 |
c.Errorf("import failed with errors: %v, output: %q", err, out) |
| d477d42d |
}
// Now verify we can push it |
| 693ba98c |
if out, _, err := dockerCmdWithError("push", repoName); err != nil { |
| dc944ea7 |
c.Fatalf("pushing the image to the private registry has failed: %s, %v", out, err) |
| d477d42d |
}
} |
| 58a1de9b |
func (s *DockerTrustSuite) TestTrustedPush(c *check.C) {
repoName := fmt.Sprintf("%v/dockercli/trusted:latest", privateRegistryURL)
// tag the image and upload it to the private registry
dockerCmd(c, "tag", "busybox", repoName)
pushCmd := exec.Command(dockerBinary, "push", repoName)
s.trustedCmd(pushCmd)
out, _, err := runCommandWithOutput(pushCmd)
if err != nil {
c.Fatalf("Error running trusted push: %s\n%s", err, out)
}
if !strings.Contains(string(out), "Signing and pushing trust metadata") {
c.Fatalf("Missing expected output on trusted push:\n%s", out)
}
} |
| 356b07c8 |
|
| 63f8db83 |
func (s *DockerTrustSuite) TestTrustedPushWithEnvPasswords(c *check.C) {
repoName := fmt.Sprintf("%v/dockercli/trusted:latest", privateRegistryURL)
// tag the image and upload it to the private registry
dockerCmd(c, "tag", "busybox", repoName)
pushCmd := exec.Command(dockerBinary, "push", repoName)
s.trustedCmdWithPassphrases(pushCmd, "12345678", "12345678")
out, _, err := runCommandWithOutput(pushCmd)
if err != nil {
c.Fatalf("Error running trusted push: %s\n%s", err, out)
}
if !strings.Contains(string(out), "Signing and pushing trust metadata") {
c.Fatalf("Missing expected output on trusted push:\n%s", out)
}
}
// This test ensures backwards compatibility with old ENV variables. Should be
// deprecated by 1.10
func (s *DockerTrustSuite) TestTrustedPushWithDeprecatedEnvPasswords(c *check.C) {
repoName := fmt.Sprintf("%v/dockercli/trusteddeprecated:latest", privateRegistryURL)
// tag the image and upload it to the private registry
dockerCmd(c, "tag", "busybox", repoName)
pushCmd := exec.Command(dockerBinary, "push", repoName)
s.trustedCmdWithDeprecatedEnvPassphrases(pushCmd, "12345678", "12345678")
out, _, err := runCommandWithOutput(pushCmd)
if err != nil {
c.Fatalf("Error running trusted push: %s\n%s", err, out)
}
if !strings.Contains(string(out), "Signing and pushing trust metadata") {
c.Fatalf("Missing expected output on trusted push:\n%s", out)
}
}
|
| eeb6d0a7 |
func (s *DockerTrustSuite) TestTrustedPushWithFaillingServer(c *check.C) { |
| 356b07c8 |
repoName := fmt.Sprintf("%v/dockercli/trusted:latest", privateRegistryURL)
// tag the image and upload it to the private registry
dockerCmd(c, "tag", "busybox", repoName)
pushCmd := exec.Command(dockerBinary, "push", repoName) |
| a2f9fb77 |
s.trustedCmdWithServer(pushCmd, "https://example.com:81/") |
| 356b07c8 |
out, _, err := runCommandWithOutput(pushCmd)
if err == nil {
c.Fatalf("Missing error while running trusted push w/ no server")
}
|
| 5e11cd43 |
if !strings.Contains(string(out), "error contacting notary server") { |
| 356b07c8 |
c.Fatalf("Missing expected output on trusted push:\n%s", out)
}
}
func (s *DockerTrustSuite) TestTrustedPushWithoutServerAndUntrusted(c *check.C) {
repoName := fmt.Sprintf("%v/dockercli/trusted:latest", privateRegistryURL)
// tag the image and upload it to the private registry
dockerCmd(c, "tag", "busybox", repoName)
|
| 259cadb0 |
pushCmd := exec.Command(dockerBinary, "push", "--disable-content-trust", repoName) |
| a2f9fb77 |
s.trustedCmdWithServer(pushCmd, "https://example.com/") |
| 356b07c8 |
out, _, err := runCommandWithOutput(pushCmd)
if err != nil { |
| 259cadb0 |
c.Fatalf("trusted push with no server and --disable-content-trust failed: %s\n%s", err, out) |
| 356b07c8 |
}
if strings.Contains(string(out), "Error establishing connection to notary repository") { |
| 259cadb0 |
c.Fatalf("Missing expected output on trusted push with --disable-content-trust:\n%s", out) |
| 356b07c8 |
}
}
func (s *DockerTrustSuite) TestTrustedPushWithExistingTag(c *check.C) {
repoName := fmt.Sprintf("%v/dockercli/trusted:latest", privateRegistryURL)
// tag the image and upload it to the private registry
dockerCmd(c, "tag", "busybox", repoName)
dockerCmd(c, "push", repoName)
pushCmd := exec.Command(dockerBinary, "push", repoName)
s.trustedCmd(pushCmd)
out, _, err := runCommandWithOutput(pushCmd)
if err != nil {
c.Fatalf("trusted push failed: %s\n%s", err, out)
}
if !strings.Contains(string(out), "Signing and pushing trust metadata") {
c.Fatalf("Missing expected output on trusted push with existing tag:\n%s", out)
}
}
|
| eeb6d0a7 |
func (s *DockerTrustSuite) TestTrustedPushWithExistingSignedTag(c *check.C) {
repoName := fmt.Sprintf("%v/dockerclipushpush/trusted:latest", privateRegistryURL) |
| 356b07c8 |
// tag the image and upload it to the private registry
dockerCmd(c, "tag", "busybox", repoName)
|
| eeb6d0a7 |
// Do a trusted push |
| 356b07c8 |
pushCmd := exec.Command(dockerBinary, "push", repoName) |
| eeb6d0a7 |
s.trustedCmd(pushCmd) |
| 356b07c8 |
out, _, err := runCommandWithOutput(pushCmd) |
| eeb6d0a7 |
if err != nil {
c.Fatalf("trusted push failed: %s\n%s", err, out) |
| 356b07c8 |
}
|
| eeb6d0a7 |
if !strings.Contains(string(out), "Signing and pushing trust metadata") {
c.Fatalf("Missing expected output on trusted push with existing tag:\n%s", out) |
| 356b07c8 |
}
|
| eeb6d0a7 |
// Do another trusted push
pushCmd = exec.Command(dockerBinary, "push", repoName) |
| 356b07c8 |
s.trustedCmd(pushCmd) |
| eeb6d0a7 |
out, _, err = runCommandWithOutput(pushCmd)
if err != nil {
c.Fatalf("trusted push failed: %s\n%s", err, out)
} |
| 356b07c8 |
|
| eeb6d0a7 |
if !strings.Contains(string(out), "Signing and pushing trust metadata") {
c.Fatalf("Missing expected output on trusted push with existing tag:\n%s", out)
}
dockerCmd(c, "rmi", repoName)
// Try pull to ensure the double push did not break our ability to pull
pullCmd := exec.Command(dockerBinary, "pull", repoName)
s.trustedCmd(pullCmd)
out, _, err = runCommandWithOutput(pullCmd)
if err != nil {
c.Fatalf("Error running trusted pull: %s\n%s", err, out)
}
if !strings.Contains(string(out), "Status: Downloaded") { |
| 259cadb0 |
c.Fatalf("Missing expected output on trusted pull with --disable-content-trust:\n%s", out) |
| eeb6d0a7 |
} |
| 356b07c8 |
}
|
| eeb6d0a7 |
func (s *DockerTrustSuite) TestTrustedPushWithIncorrectPassphraseForNonRoot(c *check.C) {
repoName := fmt.Sprintf("%v/dockercliincorretpwd/trusted:latest", privateRegistryURL) |
| 356b07c8 |
// tag the image and upload it to the private registry
dockerCmd(c, "tag", "busybox", repoName)
|
| eeb6d0a7 |
// Push with default passphrases |
| 356b07c8 |
pushCmd := exec.Command(dockerBinary, "push", repoName) |
| eeb6d0a7 |
s.trustedCmd(pushCmd) |
| 356b07c8 |
out, _, err := runCommandWithOutput(pushCmd) |
| eeb6d0a7 |
if err != nil {
c.Fatalf("trusted push failed: %s\n%s", err, out)
}
if !strings.Contains(string(out), "Signing and pushing trust metadata") {
c.Fatalf("Missing expected output on trusted push:\n%s", out)
}
// Push with wrong passphrases
pushCmd = exec.Command(dockerBinary, "push", repoName) |
| 6ce76cd9 |
s.trustedCmdWithPassphrases(pushCmd, "12345678", "87654321") |
| eeb6d0a7 |
out, _, err = runCommandWithOutput(pushCmd) |
| 356b07c8 |
if err == nil { |
| eeb6d0a7 |
c.Fatalf("Error missing from trusted push with short targets passphrase: \n%s", out) |
| 356b07c8 |
}
|
| 871d2b96 |
if !strings.Contains(string(out), "password invalid, operation has failed") { |
| 356b07c8 |
c.Fatalf("Missing expected output on trusted push with short targets/snapsnot passphrase:\n%s", out)
}
} |
| 3e90b12d |
|
| 63f8db83 |
// This test ensures backwards compatibility with old ENV variables. Should be
// deprecated by 1.10
func (s *DockerTrustSuite) TestTrustedPushWithIncorrectDeprecatedPassphraseForNonRoot(c *check.C) {
repoName := fmt.Sprintf("%v/dockercliincorretdeprecatedpwd/trusted:latest", privateRegistryURL)
// tag the image and upload it to the private registry
dockerCmd(c, "tag", "busybox", repoName)
// Push with default passphrases
pushCmd := exec.Command(dockerBinary, "push", repoName)
s.trustedCmd(pushCmd)
out, _, err := runCommandWithOutput(pushCmd)
if err != nil {
c.Fatalf("trusted push failed: %s\n%s", err, out)
}
if !strings.Contains(string(out), "Signing and pushing trust metadata") {
c.Fatalf("Missing expected output on trusted push:\n%s", out)
}
// Push with wrong passphrases
pushCmd = exec.Command(dockerBinary, "push", repoName)
s.trustedCmdWithDeprecatedEnvPassphrases(pushCmd, "12345678", "87654321")
out, _, err = runCommandWithOutput(pushCmd)
if err == nil {
c.Fatalf("Error missing from trusted push with short targets passphrase: \n%s", out)
}
if !strings.Contains(string(out), "password invalid, operation has failed") {
c.Fatalf("Missing expected output on trusted push with short targets/snapsnot passphrase:\n%s", out)
}
}
|
| 3e90b12d |
func (s *DockerTrustSuite) TestTrustedPushWithExpiredSnapshot(c *check.C) { |
| bf3c1e6a |
c.Skip("Currently changes system time, causing instability") |
| 3e90b12d |
repoName := fmt.Sprintf("%v/dockercliexpiredsnapshot/trusted:latest", privateRegistryURL)
// tag the image and upload it to the private registry
dockerCmd(c, "tag", "busybox", repoName)
// Push with default passphrases
pushCmd := exec.Command(dockerBinary, "push", repoName)
s.trustedCmd(pushCmd)
out, _, err := runCommandWithOutput(pushCmd)
if err != nil {
c.Fatalf("trusted push failed: %s\n%s", err, out)
}
if !strings.Contains(string(out), "Signing and pushing trust metadata") {
c.Fatalf("Missing expected output on trusted push:\n%s", out)
}
// Snapshots last for three years. This should be expired
fourYearsLater := time.Now().Add(time.Hour * 24 * 365 * 4)
runAtDifferentDate(fourYearsLater, func() {
// Push with wrong passphrases
pushCmd = exec.Command(dockerBinary, "push", repoName)
s.trustedCmd(pushCmd)
out, _, err = runCommandWithOutput(pushCmd)
if err == nil {
c.Fatalf("Error missing from trusted push with expired snapshot: \n%s", out)
}
if !strings.Contains(string(out), "repository out-of-date") {
c.Fatalf("Missing expected output on trusted push with expired snapshot:\n%s", out)
}
})
}
func (s *DockerTrustSuite) TestTrustedPushWithExpiredTimestamp(c *check.C) { |
| bf3c1e6a |
c.Skip("Currently changes system time, causing instability") |
| 3e90b12d |
repoName := fmt.Sprintf("%v/dockercliexpiredtimestamppush/trusted:latest", privateRegistryURL)
// tag the image and upload it to the private registry
dockerCmd(c, "tag", "busybox", repoName)
// Push with default passphrases
pushCmd := exec.Command(dockerBinary, "push", repoName)
s.trustedCmd(pushCmd)
out, _, err := runCommandWithOutput(pushCmd)
if err != nil {
c.Fatalf("trusted push failed: %s\n%s", err, out)
}
if !strings.Contains(string(out), "Signing and pushing trust metadata") {
c.Fatalf("Missing expected output on trusted push:\n%s", out)
}
// The timestamps expire in two weeks. Lets check three
threeWeeksLater := time.Now().Add(time.Hour * 24 * 21)
// Should succeed because the server transparently re-signs one
runAtDifferentDate(threeWeeksLater, func() {
pushCmd := exec.Command(dockerBinary, "push", repoName)
s.trustedCmd(pushCmd)
out, _, err := runCommandWithOutput(pushCmd)
if err != nil {
c.Fatalf("Error running trusted push: %s\n%s", err, out)
}
if !strings.Contains(string(out), "Signing and pushing trust metadata") {
c.Fatalf("Missing expected output on trusted push with expired timestamp:\n%s", out)
}
})
} |