Browse code
Update trustedCmd to be compatible with testutil/cmd
Signed-off-by: Vincent Demeester <vincent@sbr.pm>
Vincent Demeester authored on 2017/01/06 03:08:24Showing 23 changed files
- integration-cli/docker_cli_build_test.go
- integration-cli/docker_cli_build_unix_test.go
- integration-cli/docker_cli_config_test.go
- integration-cli/docker_cli_create_test.go
- integration-cli/docker_cli_daemon_plugins_test.go
- integration-cli/docker_cli_daemon_test.go
- integration-cli/docker_cli_export_import_test.go
- integration-cli/docker_cli_help_test.go
- integration-cli/docker_cli_logs_test.go
- integration-cli/docker_cli_plugins_test.go
- integration-cli/docker_cli_proxy_test.go
- integration-cli/docker_cli_pull_local_test.go
- integration-cli/docker_cli_pull_trusted_test.go
- integration-cli/docker_cli_push_test.go
- integration-cli/docker_cli_rmi_test.go
- integration-cli/docker_cli_run_test.go
- integration-cli/docker_cli_run_unix_test.go
- integration-cli/docker_cli_swarm_test.go
- integration-cli/docker_cli_volume_test.go
- integration-cli/docker_cli_wait_test.go
- integration-cli/trust_server_test.go
- integration-cli/utils_test.go
- pkg/testutil/cmd/command.go
| ... | ... |
@@ -5433,7 +5433,7 @@ func (s *DockerTrustSuite) TestTrustedBuild(c *check.C) {
|
| 5433 | 5433 |
name := "testtrustedbuild" |
| 5434 | 5434 |
|
| 5435 | 5435 |
buildCmd := buildImageCmd(name, dockerFile, true) |
| 5436 |
- s.trustedCmd(buildCmd) |
|
| 5436 |
+ trustedExecCmd(buildCmd) |
|
| 5437 | 5437 |
out, _, err := runCommandWithOutput(buildCmd) |
| 5438 | 5438 |
if err != nil {
|
| 5439 | 5439 |
c.Fatalf("Error running trusted build: %s\n%s", err, out)
|
| ... | ... |
@@ -5464,7 +5464,7 @@ func (s *DockerTrustSuite) TestTrustedBuildUntrustedTag(c *check.C) {
|
| 5464 | 5464 |
name := "testtrustedbuilduntrustedtag" |
| 5465 | 5465 |
|
| 5466 | 5466 |
buildCmd := buildImageCmd(name, dockerFile, true) |
| 5467 |
- s.trustedCmd(buildCmd) |
|
| 5467 |
+ trustedExecCmd(buildCmd) |
|
| 5468 | 5468 |
out, _, err := runCommandWithOutput(buildCmd) |
| 5469 | 5469 |
if err == nil {
|
| 5470 | 5470 |
c.Fatalf("Expected error on trusted build with untrusted tag: %s\n%s", err, out)
|
| ... | ... |
@@ -5527,10 +5527,7 @@ func (s *DockerTrustSuite) TestTrustedBuildTagFromReleasesRole(c *check.C) {
|
| 5527 | 5527 |
otherTag := fmt.Sprintf("%s:other", repoName)
|
| 5528 | 5528 |
dockerCmd(c, "tag", "busybox", otherTag) |
| 5529 | 5529 |
|
| 5530 |
- pushCmd := exec.Command(dockerBinary, "push", otherTag) |
|
| 5531 |
- s.trustedCmd(pushCmd) |
|
| 5532 |
- out, _, err := runCommandWithOutput(pushCmd) |
|
| 5533 |
- c.Assert(err, check.IsNil, check.Commentf("Trusted push failed: %s", out))
|
|
| 5530 |
+ icmd.RunCmd(icmd.Command(dockerBinary, "push", otherTag), trustedCmd).Assert(c, icmd.Success) |
|
| 5534 | 5531 |
s.assertTargetInRoles(c, repoName, "other", "targets/releases") |
| 5535 | 5532 |
s.assertTargetNotInRoles(c, repoName, "other", "targets") |
| 5536 | 5533 |
|
| ... | ... |
@@ -5545,8 +5542,8 @@ func (s *DockerTrustSuite) TestTrustedBuildTagFromReleasesRole(c *check.C) {
|
| 5545 | 5545 |
name := "testtrustedbuildreleasesrole" |
| 5546 | 5546 |
|
| 5547 | 5547 |
buildCmd := buildImageCmd(name, dockerFile, true) |
| 5548 |
- s.trustedCmd(buildCmd) |
|
| 5549 |
- out, _, err = runCommandWithOutput(buildCmd) |
|
| 5548 |
+ trustedExecCmd(buildCmd) |
|
| 5549 |
+ out, _, err := runCommandWithOutput(buildCmd) |
|
| 5550 | 5550 |
c.Assert(err, check.IsNil, check.Commentf("Trusted build failed: %s", out))
|
| 5551 | 5551 |
c.Assert(out, checker.Contains, fmt.Sprintf("FROM %s@sha", repoName))
|
| 5552 | 5552 |
} |
| ... | ... |
@@ -5566,10 +5563,7 @@ func (s *DockerTrustSuite) TestTrustedBuildTagIgnoresOtherDelegationRoles(c *che |
| 5566 | 5566 |
otherTag := fmt.Sprintf("%s:other", repoName)
|
| 5567 | 5567 |
dockerCmd(c, "tag", "busybox", otherTag) |
| 5568 | 5568 |
|
| 5569 |
- pushCmd := exec.Command(dockerBinary, "push", otherTag) |
|
| 5570 |
- s.trustedCmd(pushCmd) |
|
| 5571 |
- out, _, err := runCommandWithOutput(pushCmd) |
|
| 5572 |
- c.Assert(err, check.IsNil, check.Commentf("Trusted push failed: %s", out))
|
|
| 5569 |
+ icmd.RunCmd(icmd.Command(dockerBinary, "push", otherTag), trustedCmd).Assert(c, icmd.Success) |
|
| 5573 | 5570 |
s.assertTargetInRoles(c, repoName, "other", "targets/other") |
| 5574 | 5571 |
s.assertTargetNotInRoles(c, repoName, "other", "targets") |
| 5575 | 5572 |
|
| ... | ... |
@@ -5584,8 +5578,8 @@ func (s *DockerTrustSuite) TestTrustedBuildTagIgnoresOtherDelegationRoles(c *che |
| 5584 | 5584 |
name := "testtrustedbuildotherrole" |
| 5585 | 5585 |
|
| 5586 | 5586 |
buildCmd := buildImageCmd(name, dockerFile, true) |
| 5587 |
- s.trustedCmd(buildCmd) |
|
| 5588 |
- out, _, err = runCommandWithOutput(buildCmd) |
|
| 5587 |
+ trustedExecCmd(buildCmd) |
|
| 5588 |
+ out, _, err := runCommandWithOutput(buildCmd) |
|
| 5589 | 5589 |
c.Assert(err, check.NotNil, check.Commentf("Trusted build expected to fail: %s", out))
|
| 5590 | 5590 |
} |
| 5591 | 5591 |
|
| ... | ... |
@@ -103,7 +103,7 @@ func (s *DockerSuite) TestBuildAddChangeOwnership(c *check.C) {
|
| 103 | 103 |
|
| 104 | 104 |
icmd.RunCmd(icmd.Cmd{
|
| 105 | 105 |
Command: []string{"chown", "daemon:daemon", "foo"},
|
| 106 |
- Dir: tmpDir, |
|
| 106 |
+ Dir: tmpDir, |
|
| 107 | 107 |
}).Assert(c, icmd.Success) |
| 108 | 108 |
|
| 109 | 109 |
if err := ioutil.WriteFile(filepath.Join(tmpDir, "Dockerfile"), []byte(dockerfile), 0644); err != nil {
|
| ... | ... |
@@ -5,15 +5,14 @@ import ( |
| 5 | 5 |
"net/http" |
| 6 | 6 |
"net/http/httptest" |
| 7 | 7 |
"os" |
| 8 |
- "os/exec" |
|
| 9 | 8 |
"path/filepath" |
| 10 | 9 |
"runtime" |
| 11 | 10 |
|
| 12 | 11 |
"github.com/docker/docker/api" |
| 13 | 12 |
"github.com/docker/docker/dockerversion" |
| 14 | 13 |
"github.com/docker/docker/integration-cli/checker" |
| 15 |
- icmd "github.com/docker/docker/pkg/testutil/cmd" |
|
| 16 | 14 |
"github.com/docker/docker/pkg/homedir" |
| 15 |
+ icmd "github.com/docker/docker/pkg/testutil/cmd" |
|
| 17 | 16 |
"github.com/go-check/check" |
| 18 | 17 |
) |
| 19 | 18 |
|
| ... | ... |
@@ -53,7 +52,10 @@ func (s *DockerSuite) TestConfigHTTPHeader(c *check.C) {
|
| 53 | 53 |
c.Assert(err, checker.IsNil) |
| 54 | 54 |
|
| 55 | 55 |
result := icmd.RunCommand(dockerBinary, "-H="+server.URL[7:], "ps") |
| 56 |
- result.Assert(c, icmd.Success) |
|
| 56 |
+ result.Assert(c, icmd.Expected{
|
|
| 57 |
+ ExitCode: 1, |
|
| 58 |
+ Error: "exit status 1", |
|
| 59 |
+ }) |
|
| 57 | 60 |
|
| 58 | 61 |
c.Assert(headers["User-Agent"], checker.NotNil, check.Commentf("Missing User-Agent"))
|
| 59 | 62 |
|
| ... | ... |
@@ -73,9 +75,9 @@ func (s *DockerSuite) TestConfigDir(c *check.C) {
|
| 73 | 73 |
dockerCmd(c, "--config", cDir, "ps") |
| 74 | 74 |
|
| 75 | 75 |
// Test with env var too |
| 76 |
- icmd.RunCmd(icm.Cmd{
|
|
| 76 |
+ icmd.RunCmd(icmd.Cmd{
|
|
| 77 | 77 |
Command: []string{dockerBinary, "ps"},
|
| 78 |
- Env: appendBaseEnv(true, "DOCKER_CONFIG="+cDir), |
|
| 78 |
+ Env: appendBaseEnv(true, "DOCKER_CONFIG="+cDir), |
|
| 79 | 79 |
}).Assert(c, icmd.Success) |
| 80 | 80 |
|
| 81 | 81 |
// Start a server so we can check to see if the config file was |
| ... | ... |
@@ -100,36 +102,37 @@ func (s *DockerSuite) TestConfigDir(c *check.C) {
|
| 100 | 100 |
env := appendBaseEnv(false) |
| 101 | 101 |
|
| 102 | 102 |
icmd.RunCmd(icmd.Cmd{
|
| 103 |
- Command: []string{dockerBinary, "--config", cDir, "-H="+server.URL[7:], "ps"},
|
|
| 104 |
- Env: env, |
|
| 105 |
- }).Assert(c, icmd.Exepected{
|
|
| 106 |
- Error: "exit status 1", |
|
| 103 |
+ Command: []string{dockerBinary, "--config", cDir, "-H=" + server.URL[7:], "ps"},
|
|
| 104 |
+ Env: env, |
|
| 105 |
+ }).Assert(c, icmd.Expected{
|
|
| 106 |
+ ExitCode: 1, |
|
| 107 |
+ Error: "exit status 1", |
|
| 107 | 108 |
}) |
| 108 | 109 |
c.Assert(headers["Myheader"], checker.NotNil) |
| 109 |
- c.Assert(headers["Myheader"][0], checker.Equals, "MyValue", check.Commentf("ps3 - Missing header,out:%v", out))
|
|
| 110 |
+ c.Assert(headers["Myheader"][0], checker.Equals, "MyValue", check.Commentf("ps3 - Missing header"))
|
|
| 110 | 111 |
|
| 111 | 112 |
// Reset headers and try again using env var this time |
| 112 | 113 |
headers = map[string][]string{}
|
| 113 | 114 |
icmd.RunCmd(icmd.Cmd{
|
| 114 |
- Command: []string{dockerBinary, "--config", cDir, "-H="+server.URL[7:], "ps"},
|
|
| 115 |
- Env: append(env, "DOCKER_CONFIG="+cDir), |
|
| 116 |
- }).Assert(c, icmd.Exepected{
|
|
| 117 |
- Error: "exit status 1", |
|
| 115 |
+ Command: []string{dockerBinary, "--config", cDir, "-H=" + server.URL[7:], "ps"},
|
|
| 116 |
+ Env: append(env, "DOCKER_CONFIG="+cDir), |
|
| 117 |
+ }).Assert(c, icmd.Expected{
|
|
| 118 |
+ ExitCode: 1, |
|
| 118 | 119 |
}) |
| 119 | 120 |
c.Assert(headers["Myheader"], checker.NotNil) |
| 120 |
- c.Assert(headers["Myheader"][0], checker.Equals, "MyValue", check.Commentf("ps4 - Missing header,out:%v", out))
|
|
| 121 |
+ c.Assert(headers["Myheader"][0], checker.Equals, "MyValue", check.Commentf("ps4 - Missing header"))
|
|
| 121 | 122 |
|
| 122 | 123 |
// FIXME(vdemeester) should be a unit test |
| 123 | 124 |
// Reset headers and make sure flag overrides the env var |
| 124 | 125 |
headers = map[string][]string{}
|
| 125 | 126 |
icmd.RunCmd(icmd.Cmd{
|
| 126 |
- Command: []string{dockerBinary, "--config", cDir, "-H="+server.URL[7:], "ps"},
|
|
| 127 |
- Env: append(env, "DOCKER_CONFIG=MissingDir"), |
|
| 128 |
- }).Assert(c, icmd.Exepected{
|
|
| 129 |
- Error: "exit status 1", |
|
| 127 |
+ Command: []string{dockerBinary, "--config", cDir, "-H=" + server.URL[7:], "ps"},
|
|
| 128 |
+ Env: append(env, "DOCKER_CONFIG=MissingDir"), |
|
| 129 |
+ }).Assert(c, icmd.Expected{
|
|
| 130 |
+ ExitCode: 1, |
|
| 130 | 131 |
}) |
| 131 | 132 |
c.Assert(headers["Myheader"], checker.NotNil) |
| 132 |
- c.Assert(headers["Myheader"][0], checker.Equals, "MyValue", check.Commentf("ps5 - Missing header,out:%v", out))
|
|
| 133 |
+ c.Assert(headers["Myheader"][0], checker.Equals, "MyValue", check.Commentf("ps5 - Missing header"))
|
|
| 133 | 134 |
|
| 134 | 135 |
// FIXME(vdemeester) should be a unit test |
| 135 | 136 |
// Reset headers and make sure flag overrides the env var. |
| ... | ... |
@@ -137,11 +140,12 @@ func (s *DockerSuite) TestConfigDir(c *check.C) {
|
| 137 | 137 |
// ignore - we don't want to default back to the env var. |
| 138 | 138 |
headers = map[string][]string{}
|
| 139 | 139 |
icmd.RunCmd(icmd.Cmd{
|
| 140 |
- Command: []string{dockerBinary, "--config", "MissingDir", "-H="+server.URL[7:], "ps"},
|
|
| 141 |
- Env: append(env, "DOCKER_CONFIG="+cDir), |
|
| 142 |
- }).Assert(c, icmd.Exepected{
|
|
| 143 |
- Error: "exit status 1", |
|
| 140 |
+ Command: []string{dockerBinary, "--config", "MissingDir", "-H=" + server.URL[7:], "ps"},
|
|
| 141 |
+ Env: append(env, "DOCKER_CONFIG="+cDir), |
|
| 142 |
+ }).Assert(c, icmd.Expected{
|
|
| 143 |
+ ExitCode: 1, |
|
| 144 |
+ Error: "exit status 1", |
|
| 144 | 145 |
}) |
| 145 | 146 |
|
| 146 |
- c.Assert(headers["Myheader"], checker.IsNil, check.Commentf("ps6 - Headers shouldn't be the expected value,out:%v", out))
|
|
| 147 |
+ c.Assert(headers["Myheader"], checker.IsNil, check.Commentf("ps6 - Headers shouldn't be the expected value"))
|
|
| 147 | 148 |
} |
| ... | ... |
@@ -3,18 +3,16 @@ package main |
| 3 | 3 |
import ( |
| 4 | 4 |
"encoding/json" |
| 5 | 5 |
"fmt" |
| 6 |
+ "io/ioutil" |
|
| 6 | 7 |
"os" |
| 7 | 8 |
"reflect" |
| 8 | 9 |
"strings" |
| 9 | 10 |
"time" |
| 10 | 11 |
|
| 11 |
- "os/exec" |
|
| 12 |
- |
|
| 13 |
- "io/ioutil" |
|
| 14 |
- |
|
| 15 | 12 |
"github.com/docker/docker/integration-cli/checker" |
| 16 | 13 |
"github.com/docker/docker/pkg/stringid" |
| 17 | 14 |
"github.com/docker/docker/pkg/testutil" |
| 15 |
+ icmd "github.com/docker/docker/pkg/testutil/cmd" |
|
| 18 | 16 |
"github.com/docker/go-connections/nat" |
| 19 | 17 |
"github.com/go-check/check" |
| 20 | 18 |
) |
| ... | ... |
@@ -302,21 +300,12 @@ func (s *DockerTrustSuite) TestTrustedCreate(c *check.C) {
|
| 302 | 302 |
repoName := s.setupTrustedImage(c, "trusted-create") |
| 303 | 303 |
|
| 304 | 304 |
// Try create |
| 305 |
- createCmd := exec.Command(dockerBinary, "create", repoName) |
|
| 306 |
- s.trustedCmd(createCmd) |
|
| 307 |
- out, _, err := runCommandWithOutput(createCmd) |
|
| 308 |
- c.Assert(err, check.IsNil) |
|
| 309 |
- c.Assert(string(out), checker.Contains, "Tagging", check.Commentf("Missing expected output on trusted push:\n%s", out))
|
|
| 305 |
+ icmd.RunCmd(icmd.Command(dockerBinary, "create", repoName), trustedCmd).Assert(c, SuccessTagging) |
|
| 310 | 306 |
|
| 311 | 307 |
dockerCmd(c, "rmi", repoName) |
| 312 | 308 |
|
| 313 | 309 |
// Try untrusted create to ensure we pushed the tag to the registry |
| 314 |
- createCmd = exec.Command(dockerBinary, "create", "--disable-content-trust=true", repoName) |
|
| 315 |
- s.trustedCmd(createCmd) |
|
| 316 |
- out, _, err = runCommandWithOutput(createCmd) |
|
| 317 |
- c.Assert(err, check.IsNil) |
|
| 318 |
- c.Assert(string(out), checker.Contains, "Status: Downloaded", check.Commentf("Missing expected output on trusted create with --disable-content-trust:\n%s", out))
|
|
| 319 |
- |
|
| 310 |
+ icmd.RunCmd(icmd.Command(dockerBinary, "create", "--disable-content-trust=true", repoName), trustedCmd).Assert(c, SuccessDownloadedOnStderr) |
|
| 320 | 311 |
} |
| 321 | 312 |
|
| 322 | 313 |
func (s *DockerTrustSuite) TestUntrustedCreate(c *check.C) {
|
| ... | ... |
@@ -328,23 +317,17 @@ func (s *DockerTrustSuite) TestUntrustedCreate(c *check.C) {
|
| 328 | 328 |
dockerCmd(c, "rmi", withTagName) |
| 329 | 329 |
|
| 330 | 330 |
// Try trusted create on untrusted tag |
| 331 |
- createCmd := exec.Command(dockerBinary, "create", withTagName) |
|
| 332 |
- s.trustedCmd(createCmd) |
|
| 333 |
- out, _, err := runCommandWithOutput(createCmd) |
|
| 334 |
- c.Assert(err, check.Not(check.IsNil)) |
|
| 335 |
- c.Assert(string(out), checker.Contains, fmt.Sprintf("does not have trust data for %s", repoName), check.Commentf("Missing expected output on trusted create:\n%s", out))
|
|
| 336 |
- |
|
| 331 |
+ icmd.RunCmd(icmd.Command(dockerBinary, "create", withTagName), trustedCmd).Assert(c, icmd.Expected{
|
|
| 332 |
+ ExitCode: 1, |
|
| 333 |
+ Err: fmt.Sprintf("does not have trust data for %s", repoName),
|
|
| 334 |
+ }) |
|
| 337 | 335 |
} |
| 338 | 336 |
|
| 339 | 337 |
func (s *DockerTrustSuite) TestTrustedIsolatedCreate(c *check.C) {
|
| 340 | 338 |
repoName := s.setupTrustedImage(c, "trusted-isolated-create") |
| 341 | 339 |
|
| 342 | 340 |
// Try create |
| 343 |
- createCmd := exec.Command(dockerBinary, "--config", "/tmp/docker-isolated-create", "create", repoName) |
|
| 344 |
- s.trustedCmd(createCmd) |
|
| 345 |
- out, _, err := runCommandWithOutput(createCmd) |
|
| 346 |
- c.Assert(err, check.IsNil) |
|
| 347 |
- c.Assert(string(out), checker.Contains, "Tagging", check.Commentf("Missing expected output on trusted push:\n%s", out))
|
|
| 341 |
+ icmd.RunCmd(icmd.Command(dockerBinary, "--config", "/tmp/docker-isolated-create", "create", repoName), trustedCmd).Assert(c, SuccessTagging) |
|
| 348 | 342 |
|
| 349 | 343 |
dockerCmd(c, "rmi", repoName) |
| 350 | 344 |
} |
| ... | ... |
@@ -358,20 +341,19 @@ func (s *DockerTrustSuite) TestCreateWhenCertExpired(c *check.C) {
|
| 358 | 358 |
|
| 359 | 359 |
testutil.RunAtDifferentDate(elevenYearsFromNow, func() {
|
| 360 | 360 |
// Try create |
| 361 |
- createCmd := exec.Command(dockerBinary, "create", repoName) |
|
| 362 |
- s.trustedCmd(createCmd) |
|
| 363 |
- out, _, err := runCommandWithOutput(createCmd) |
|
| 364 |
- c.Assert(err, check.Not(check.IsNil)) |
|
| 365 |
- c.Assert(string(out), checker.Contains, "could not validate the path to a trusted root", check.Commentf("Missing expected output on trusted create in the distant future:\n%s", out))
|
|
| 361 |
+ icmd.RunCmd(icmd.Cmd{
|
|
| 362 |
+ Command: []string{dockerBinary, "create", repoName},
|
|
| 363 |
+ }, trustedCmd).Assert(c, icmd.Expected{
|
|
| 364 |
+ ExitCode: 1, |
|
| 365 |
+ Err: "could not validate the path to a trusted root", |
|
| 366 |
+ }) |
|
| 366 | 367 |
}) |
| 367 | 368 |
|
| 368 | 369 |
testutil.RunAtDifferentDate(elevenYearsFromNow, func() {
|
| 369 | 370 |
// Try create |
| 370 |
- createCmd := exec.Command(dockerBinary, "create", "--disable-content-trust", repoName) |
|
| 371 |
- s.trustedCmd(createCmd) |
|
| 372 |
- out, _, err := runCommandWithOutput(createCmd) |
|
| 373 |
- c.Assert(err, check.Not(check.IsNil)) |
|
| 374 |
- c.Assert(string(out), checker.Contains, "Status: Downloaded", check.Commentf("Missing expected output on trusted create in the distant future:\n%s", out))
|
|
| 371 |
+ result := icmd.RunCmd(icmd.Command(dockerBinary, "create", "--disable-content-trust", repoName), trustedCmd) |
|
| 372 |
+ c.Assert(result.Error, check.Not(check.IsNil)) |
|
| 373 |
+ c.Assert(string(result.Combined()), checker.Contains, "Status: Downloaded", check.Commentf("Missing expected output on trusted create in the distant future:\n%s", result.Combined()))
|
|
| 375 | 374 |
|
| 376 | 375 |
}) |
| 377 | 376 |
} |
| ... | ... |
@@ -384,20 +366,12 @@ func (s *DockerTrustSuite) TestTrustedCreateFromBadTrustServer(c *check.C) {
|
| 384 | 384 |
// tag the image and upload it to the private registry |
| 385 | 385 |
dockerCmd(c, "tag", "busybox", repoName) |
| 386 | 386 |
|
| 387 |
- pushCmd := exec.Command(dockerBinary, "push", repoName) |
|
| 388 |
- s.trustedCmd(pushCmd) |
|
| 389 |
- out, _, err := runCommandWithOutput(pushCmd) |
|
| 390 |
- c.Assert(err, check.IsNil) |
|
| 391 |
- c.Assert(string(out), checker.Contains, "Signing and pushing trust metadata", check.Commentf("Missing expected output on trusted push:\n%s", out))
|
|
| 387 |
+ icmd.RunCmd(icmd.Command(dockerBinary, "push", repoName), trustedCmd).Assert(c, SuccessSigningAndPushing) |
|
| 392 | 388 |
|
| 393 | 389 |
dockerCmd(c, "rmi", repoName) |
| 394 | 390 |
|
| 395 | 391 |
// Try create |
| 396 |
- createCmd := exec.Command(dockerBinary, "create", repoName) |
|
| 397 |
- s.trustedCmd(createCmd) |
|
| 398 |
- out, _, err = runCommandWithOutput(createCmd) |
|
| 399 |
- c.Assert(err, check.IsNil) |
|
| 400 |
- c.Assert(string(out), checker.Contains, "Tagging", check.Commentf("Missing expected output on trusted push:\n%s", out))
|
|
| 392 |
+ icmd.RunCmd(icmd.Command(dockerBinary, "create", repoName), trustedCmd).Assert(c, SuccessTagging) |
|
| 401 | 393 |
|
| 402 | 394 |
dockerCmd(c, "rmi", repoName) |
| 403 | 395 |
|
| ... | ... |
@@ -411,23 +385,13 @@ func (s *DockerTrustSuite) TestTrustedCreateFromBadTrustServer(c *check.C) {
|
| 411 | 411 |
dockerCmd(c, "--config", evilLocalConfigDir, "tag", "busybox", repoName) |
| 412 | 412 |
|
| 413 | 413 |
// Push up to the new server |
| 414 |
- pushCmd = exec.Command(dockerBinary, "--config", evilLocalConfigDir, "push", repoName) |
|
| 415 |
- s.trustedCmd(pushCmd) |
|
| 416 |
- out, _, err = runCommandWithOutput(pushCmd) |
|
| 417 |
- c.Assert(err, check.IsNil) |
|
| 418 |
- c.Assert(string(out), checker.Contains, "Signing and pushing trust metadata", check.Commentf("Missing expected output on trusted push:\n%s", out))
|
|
| 414 |
+ icmd.RunCmd(icmd.Command(dockerBinary, "--config", evilLocalConfigDir, "push", repoName), trustedCmd).Assert(c, SuccessSigningAndPushing) |
|
| 419 | 415 |
|
| 420 | 416 |
// Now, try creating with the original client from this new trust server. This should fail because the new root is invalid. |
| 421 |
- createCmd = exec.Command(dockerBinary, "create", repoName) |
|
| 422 |
- s.trustedCmd(createCmd) |
|
| 423 |
- out, _, err = runCommandWithOutput(createCmd) |
|
| 424 |
- if err == nil {
|
|
| 425 |
- c.Fatalf("Continuing with cached data even though it's an invalid root rotation: %s\n%s", err, out)
|
|
| 426 |
- } |
|
| 427 |
- if !strings.Contains(out, "could not rotate trust to a new trusted root") {
|
|
| 428 |
- c.Fatalf("Missing expected output on trusted create:\n%s", out)
|
|
| 429 |
- } |
|
| 430 |
- |
|
| 417 |
+ icmd.RunCmd(icmd.Command(dockerBinary, "create", repoName), trustedCmd).Assert(c, icmd.Expected{
|
|
| 418 |
+ ExitCode: 1, |
|
| 419 |
+ Err: "could not rotate trust to a new trusted root", |
|
| 420 |
+ }) |
|
| 431 | 421 |
} |
| 432 | 422 |
|
| 433 | 423 |
func (s *DockerSuite) TestCreateStopSignal(c *check.C) {
|
| ... | ... |
@@ -4,14 +4,13 @@ package main |
| 4 | 4 |
|
| 5 | 5 |
import ( |
| 6 | 6 |
"os" |
| 7 |
- "os/exec" |
|
| 8 | 7 |
"path/filepath" |
| 9 | 8 |
"strings" |
| 10 | 9 |
"syscall" |
| 11 | 10 |
|
| 12 |
- icmd "github.com/docker/docker/pkg/testutil/cmd" |
|
| 13 | 11 |
"github.com/docker/docker/integration-cli/checker" |
| 14 | 12 |
"github.com/docker/docker/pkg/mount" |
| 13 |
+ icmd "github.com/docker/docker/pkg/testutil/cmd" |
|
| 15 | 14 |
"github.com/go-check/check" |
| 16 | 15 |
) |
| 17 | 16 |
|
| ... | ... |
@@ -153,7 +152,7 @@ func (s *DockerDaemonSuite) TestDaemonShutdownWithPlugins(c *check.C) {
|
| 153 | 153 |
|
| 154 | 154 |
icmd.RunCommand("pgrep", "-f", pluginProcessName).Assert(c, icmd.Expected{
|
| 155 | 155 |
ExitCode: 1, |
| 156 |
- Error: "exit status 1", |
|
| 156 |
+ Error: "exit status 1", |
|
| 157 | 157 |
}) |
| 158 | 158 |
|
| 159 | 159 |
s.d.Start(c, "--live-restore") |
| ... | ... |
@@ -1945,7 +1945,7 @@ func (s *DockerDaemonSuite) TestDaemonRestartWithKilledRunningContainer(t *check |
| 1945 | 1945 |
} |
| 1946 | 1946 |
|
| 1947 | 1947 |
// kill the container |
| 1948 |
- icmd.RunCommand(ctrBinary, "--address", "unix:///var/run/docker/libcontainerd/docker-containerd.sock", "containers", "kill", cid).Assert(c, icmd.Success) |
|
| 1948 |
+ icmd.RunCommand(ctrBinary, "--address", "unix:///var/run/docker/libcontainerd/docker-containerd.sock", "containers", "kill", cid).Assert(t, icmd.Success) |
|
| 1949 | 1949 |
|
| 1950 | 1950 |
// Give time to containerd to process the command if we don't |
| 1951 | 1951 |
// the exit event might be received after we do the inspect |
| ... | ... |
@@ -19,8 +19,8 @@ func (s *DockerSuite) TestExportContainerAndImportImage(c *check.C) {
|
| 19 | 19 |
out, _ := dockerCmd(c, "export", containerID) |
| 20 | 20 |
|
| 21 | 21 |
result := icmd.RunCmd(icmd.Cmd{
|
| 22 |
- Command: dockerBinary, "import", "-", "repo/testexp:v1", |
|
| 23 |
- Stdin: strings.NewReader(out), |
|
| 22 |
+ Command: []string{dockerBinary, "import", "-", "repo/testexp:v1"},
|
|
| 23 |
+ Stdin: strings.NewReader(out), |
|
| 24 | 24 |
}) |
| 25 | 25 |
result.Assert(c, icmd.Success) |
| 26 | 26 |
|
| ... | ... |
@@ -41,8 +41,8 @@ func (s *DockerSuite) TestExportContainerWithOutputAndImportImage(c *check.C) {
|
| 41 | 41 |
resultCat.Assert(c, icmd.Success) |
| 42 | 42 |
|
| 43 | 43 |
result := icmd.RunCmd(icmd.Cmd{
|
| 44 |
- Command: dockerBinary, "import", "-", "repo/testexp:v1", |
|
| 45 |
- Stdin: strings.NewReader(resultCat.Combined()), |
|
| 44 |
+ Command: []string{dockerBinary, "import", "-", "repo/testexp:v1"},
|
|
| 45 |
+ Stdin: strings.NewReader(resultCat.Combined()), |
|
| 46 | 46 |
}) |
| 47 | 47 |
result.Assert(c, icmd.Success) |
| 48 | 48 |
|
| ... | ... |
@@ -2,7 +2,6 @@ package main |
| 2 | 2 |
|
| 3 | 3 |
import ( |
| 4 | 4 |
"fmt" |
| 5 |
- "os/exec" |
|
| 6 | 5 |
"runtime" |
| 7 | 6 |
"strings" |
| 8 | 7 |
"unicode" |
| ... | ... |
@@ -54,8 +53,8 @@ func (s *DockerSuite) TestHelpTextVerify(c *check.C) {
|
| 54 | 54 |
|
| 55 | 55 |
// Check main help text to make sure its not over 80 chars |
| 56 | 56 |
result := icmd.RunCmd(icmd.Cmd{
|
| 57 |
- Command: []stirng{dockerBinary, "help"},
|
|
| 58 |
- Env: newEnvs, |
|
| 57 |
+ Command: []string{dockerBinary, "help"},
|
|
| 58 |
+ Env: newEnvs, |
|
| 59 | 59 |
}) |
| 60 | 60 |
result.Assert(c, icmd.Success) |
| 61 | 61 |
lines := strings.Split(result.Combined(), "\n") |
| ... | ... |
@@ -8,10 +8,10 @@ import ( |
| 8 | 8 |
"strings" |
| 9 | 9 |
"time" |
| 10 | 10 |
|
| 11 |
- icmd "github.com/docker/docker/pkg/testutil/cmd" |
|
| 12 | 11 |
"github.com/docker/docker/integration-cli/checker" |
| 13 | 12 |
"github.com/docker/docker/pkg/jsonlog" |
| 14 | 13 |
"github.com/docker/docker/pkg/testutil" |
| 14 |
+ icmd "github.com/docker/docker/pkg/testutil/cmd" |
|
| 15 | 15 |
"github.com/go-check/check" |
| 16 | 16 |
) |
| 17 | 17 |
|
| ... | ... |
@@ -190,10 +190,10 @@ func (s *DockerSuite) TestLogsSince(c *check.C) {
|
| 190 | 190 |
// Test with default value specified and parameter omitted |
| 191 | 191 |
expected := []string{"log1", "log2", "log3"}
|
| 192 | 192 |
for _, cmd := range [][]string{
|
| 193 |
- []string{dockerBinary, "logs", "-t", name},
|
|
| 194 |
- []string{dockerBinary, "logs", "-t", "--since=0", name},
|
|
| 193 |
+ {"logs", "-t", name},
|
|
| 194 |
+ {"logs", "-t", "--since=0", name},
|
|
| 195 | 195 |
} {
|
| 196 |
- result := icmd.RunCommand(cmd...) |
|
| 196 |
+ result := icmd.RunCommand(dockerBinary, cmd...) |
|
| 197 | 197 |
result.Assert(c, icmd.Success) |
| 198 | 198 |
for _, v := range expected {
|
| 199 | 199 |
c.Assert(result.Combined(), checker.Contains, v) |
| ... | ... |
@@ -2,15 +2,14 @@ package main |
| 2 | 2 |
|
| 3 | 3 |
import ( |
| 4 | 4 |
"fmt" |
| 5 |
- "os/exec" |
|
| 6 |
- |
|
| 7 |
- "github.com/docker/docker/integration-cli/checker" |
|
| 8 |
- "github.com/go-check/check" |
|
| 9 |
- |
|
| 10 | 5 |
"io/ioutil" |
| 11 | 6 |
"os" |
| 12 | 7 |
"path/filepath" |
| 13 | 8 |
"strings" |
| 9 |
+ |
|
| 10 |
+ "github.com/docker/docker/integration-cli/checker" |
|
| 11 |
+ icmd "github.com/docker/docker/pkg/testutil/cmd" |
|
| 12 |
+ "github.com/go-check/check" |
|
| 14 | 13 |
) |
| 15 | 14 |
|
| 16 | 15 |
var ( |
| ... | ... |
@@ -305,15 +304,11 @@ func (s *DockerTrustSuite) TestPluginTrustedInstall(c *check.C) {
|
| 305 | 305 |
|
| 306 | 306 |
trustedName := s.setupTrustedplugin(c, pNameWithTag, "trusted-plugin-install") |
| 307 | 307 |
|
| 308 |
- installCmd := exec.Command(dockerBinary, "plugin", "install", "--grant-all-permissions", trustedName) |
|
| 309 |
- s.trustedCmd(installCmd) |
|
| 310 |
- out, _, err := runCommandWithOutput(installCmd) |
|
| 308 |
+ icmd.RunCmd(icmd.Command(dockerBinary, "plugin", "install", "--grant-all-permissions", trustedName), trustedCmd).Assert(c, icmd.Expected{
|
|
| 309 |
+ Out: trustedName, |
|
| 310 |
+ }) |
|
| 311 | 311 |
|
| 312 |
- c.Assert(strings.TrimSpace(out), checker.Contains, trustedName) |
|
| 313 |
- c.Assert(err, checker.IsNil) |
|
| 314 |
- c.Assert(strings.TrimSpace(out), checker.Contains, trustedName) |
|
| 315 |
- |
|
| 316 |
- out, _, err = dockerCmdWithError("plugin", "ls")
|
|
| 312 |
+ out, _, err := dockerCmdWithError("plugin", "ls")
|
|
| 317 | 313 |
c.Assert(err, checker.IsNil) |
| 318 | 314 |
c.Assert(out, checker.Contains, "true") |
| 319 | 315 |
|
| ... | ... |
@@ -330,11 +325,7 @@ func (s *DockerTrustSuite) TestPluginTrustedInstall(c *check.C) {
|
| 330 | 330 |
c.Assert(strings.TrimSpace(out), checker.Contains, trustedName) |
| 331 | 331 |
|
| 332 | 332 |
// Try untrusted pull to ensure we pushed the tag to the registry |
| 333 |
- installCmd = exec.Command(dockerBinary, "plugin", "install", "--disable-content-trust=true", "--grant-all-permissions", trustedName) |
|
| 334 |
- s.trustedCmd(installCmd) |
|
| 335 |
- out, _, err = runCommandWithOutput(installCmd) |
|
| 336 |
- c.Assert(err, check.IsNil, check.Commentf(out)) |
|
| 337 |
- c.Assert(string(out), checker.Contains, "Status: Downloaded", check.Commentf(out)) |
|
| 333 |
+ icmd.RunCmd(icmd.Command(dockerBinary, "plugin", "install", "--disable-content-trust=true", "--grant-all-permissions", trustedName), trustedCmd).Assert(c, SuccessDownloaded) |
|
| 338 | 334 |
|
| 339 | 335 |
out, _, err = dockerCmdWithError("plugin", "ls")
|
| 340 | 336 |
c.Assert(err, checker.IsNil) |
| ... | ... |
@@ -352,12 +343,10 @@ func (s *DockerTrustSuite) TestPluginUntrustedInstall(c *check.C) {
|
| 352 | 352 |
dockerCmd(c, "plugin", "rm", "-f", pluginName) |
| 353 | 353 |
|
| 354 | 354 |
// Try trusted install on untrusted plugin |
| 355 |
- installCmd := exec.Command(dockerBinary, "plugin", "install", "--grant-all-permissions", pluginName) |
|
| 356 |
- s.trustedCmd(installCmd) |
|
| 357 |
- out, _, err := runCommandWithOutput(installCmd) |
|
| 358 |
- |
|
| 359 |
- c.Assert(err, check.NotNil, check.Commentf(out)) |
|
| 360 |
- c.Assert(string(out), checker.Contains, "Error: remote trust data does not exist", check.Commentf(out)) |
|
| 355 |
+ icmd.RunCmd(icmd.Command(dockerBinary, "plugin", "install", "--grant-all-permissions", pluginName), trustedCmd).Assert(c, icmd.Expected{
|
|
| 356 |
+ ExitCode: 1, |
|
| 357 |
+ Err: "Error: remote trust data does not exist", |
|
| 358 |
+ }) |
|
| 361 | 359 |
} |
| 362 | 360 |
|
| 363 | 361 |
func (s *DockerSuite) TestPluginIDPrefix(c *check.C) {
|
| ... | ... |
@@ -2,20 +2,19 @@ package main |
| 2 | 2 |
|
| 3 | 3 |
import ( |
| 4 | 4 |
"net" |
| 5 |
- "os/exec" |
|
| 6 | 5 |
"strings" |
| 7 | 6 |
|
| 8 |
- icmd "github.com/docker/docker/pkg/testutil/cmd" |
|
| 9 | 7 |
"github.com/docker/docker/integration-cli/checker" |
| 8 |
+ icmd "github.com/docker/docker/pkg/testutil/cmd" |
|
| 10 | 9 |
"github.com/go-check/check" |
| 11 | 10 |
) |
| 12 | 11 |
|
| 13 | 12 |
func (s *DockerSuite) TestCLIProxyDisableProxyUnixSock(c *check.C) {
|
| 14 | 13 |
testRequires(c, DaemonIsLinux, SameHostDaemon) |
| 15 | 14 |
|
| 16 |
- icmd.RunCmd(icm.Cmd{
|
|
| 15 |
+ icmd.RunCmd(icmd.Cmd{
|
|
| 17 | 16 |
Command: []string{dockerBinary, "info"},
|
| 18 |
- Env: appendBaseEnv(false, "HTTP_PROXY=http://127.0.0.1:9999"), |
|
| 17 |
+ Env: appendBaseEnv(false, "HTTP_PROXY=http://127.0.0.1:9999"), |
|
| 19 | 18 |
}).Assert(c, icmd.Success) |
| 20 | 19 |
} |
| 21 | 20 |
|
| ... | ... |
@@ -42,11 +41,11 @@ func (s *DockerDaemonSuite) TestCLIProxyProxyTCPSock(c *check.C) {
|
| 42 | 42 |
|
| 43 | 43 |
icmd.RunCmd(icmd.Cmd{
|
| 44 | 44 |
Command: []string{dockerBinary, "info"},
|
| 45 |
- Env: []string{"DOCKER_HOST=tcp://" + ip + ":2375", "HTTP_PROXY=127.0.0.1:9999"},
|
|
| 46 |
- }).Assert(c, icmd.Expected{Error:"exit status 1", ExitCode: 1})
|
|
| 45 |
+ Env: []string{"DOCKER_HOST=tcp://" + ip + ":2375", "HTTP_PROXY=127.0.0.1:9999"},
|
|
| 46 |
+ }).Assert(c, icmd.Expected{Error: "exit status 1", ExitCode: 1})
|
|
| 47 | 47 |
// Test with no_proxy |
| 48 |
- icmd.RunCommand(icmd.Cmd{
|
|
| 48 |
+ icmd.RunCmd(icmd.Cmd{
|
|
| 49 | 49 |
Command: []string{dockerBinary, "info"},
|
| 50 |
- Env: []string{"DOCKER_HOST=tcp://" + ip + ":2375", "HTTP_PROXY=127.0.0.1:9999", "NO_PROXY="+ip},
|
|
| 50 |
+ Env: []string{"DOCKER_HOST=tcp://" + ip + ":2375", "HTTP_PROXY=127.0.0.1:9999", "NO_PROXY=" + ip},
|
|
| 51 | 51 |
}).Assert(c, icmd.Success) |
| 52 | 52 |
} |
| ... | ... |
@@ -5,18 +5,17 @@ import ( |
| 5 | 5 |
"fmt" |
| 6 | 6 |
"io/ioutil" |
| 7 | 7 |
"os" |
| 8 |
- "os/exec" |
|
| 9 | 8 |
"path/filepath" |
| 10 | 9 |
"runtime" |
| 11 | 10 |
"strings" |
| 12 | 11 |
|
| 13 | 12 |
"github.com/docker/distribution" |
| 14 | 13 |
"github.com/docker/distribution/digest" |
| 15 |
- icmd "github.com/docker/docker/pkg/testutil/cmd" |
|
| 16 | 14 |
"github.com/docker/distribution/manifest" |
| 17 | 15 |
"github.com/docker/distribution/manifest/manifestlist" |
| 18 | 16 |
"github.com/docker/distribution/manifest/schema2" |
| 19 | 17 |
"github.com/docker/docker/integration-cli/checker" |
| 18 |
+ icmd "github.com/docker/docker/pkg/testutil/cmd" |
|
| 20 | 19 |
"github.com/go-check/check" |
| 21 | 20 |
) |
| 22 | 21 |
|
| ... | ... |
@@ -3,12 +3,11 @@ package main |
| 3 | 3 |
import ( |
| 4 | 4 |
"fmt" |
| 5 | 5 |
"io/ioutil" |
| 6 |
- "os/exec" |
|
| 7 |
- "strings" |
|
| 8 | 6 |
"time" |
| 9 | 7 |
|
| 10 | 8 |
"github.com/docker/docker/integration-cli/checker" |
| 11 | 9 |
"github.com/docker/docker/pkg/testutil" |
| 10 |
+ icmd "github.com/docker/docker/pkg/testutil/cmd" |
|
| 12 | 11 |
"github.com/go-check/check" |
| 13 | 12 |
) |
| 14 | 13 |
|
| ... | ... |
@@ -16,33 +15,18 @@ func (s *DockerTrustSuite) TestTrustedPull(c *check.C) {
|
| 16 | 16 |
repoName := s.setupTrustedImage(c, "trusted-pull") |
| 17 | 17 |
|
| 18 | 18 |
// Try pull |
| 19 |
- pullCmd := exec.Command(dockerBinary, "pull", repoName) |
|
| 20 |
- s.trustedCmd(pullCmd) |
|
| 21 |
- out, _, err := runCommandWithOutput(pullCmd) |
|
| 22 |
- |
|
| 23 |
- c.Assert(err, check.IsNil, check.Commentf(out)) |
|
| 24 |
- c.Assert(string(out), checker.Contains, "Tagging", check.Commentf(out)) |
|
| 19 |
+ icmd.RunCmd(icmd.Command(dockerBinary, "pull", repoName), trustedCmd).Assert(c, SuccessTagging) |
|
| 25 | 20 |
|
| 26 | 21 |
dockerCmd(c, "rmi", repoName) |
| 27 | 22 |
// Try untrusted pull to ensure we pushed the tag to the registry |
| 28 |
- pullCmd = exec.Command(dockerBinary, "pull", "--disable-content-trust=true", repoName) |
|
| 29 |
- s.trustedCmd(pullCmd) |
|
| 30 |
- out, _, err = runCommandWithOutput(pullCmd) |
|
| 31 |
- c.Assert(err, check.IsNil, check.Commentf(out)) |
|
| 32 |
- c.Assert(string(out), checker.Contains, "Status: Downloaded", check.Commentf(out)) |
|
| 33 |
- |
|
| 23 |
+ icmd.RunCmd(icmd.Command(dockerBinary, "pull", "--disable-content-trust=true", repoName), trustedCmd).Assert(c, SuccessDownloaded) |
|
| 34 | 24 |
} |
| 35 | 25 |
|
| 36 | 26 |
func (s *DockerTrustSuite) TestTrustedIsolatedPull(c *check.C) {
|
| 37 | 27 |
repoName := s.setupTrustedImage(c, "trusted-isolated-pull") |
| 38 | 28 |
|
| 39 | 29 |
// Try pull (run from isolated directory without trust information) |
| 40 |
- pullCmd := exec.Command(dockerBinary, "--config", "/tmp/docker-isolated", "pull", repoName) |
|
| 41 |
- s.trustedCmd(pullCmd) |
|
| 42 |
- out, _, err := runCommandWithOutput(pullCmd) |
|
| 43 |
- |
|
| 44 |
- c.Assert(err, check.IsNil, check.Commentf(out)) |
|
| 45 |
- c.Assert(string(out), checker.Contains, "Tagging", check.Commentf(string(out))) |
|
| 30 |
+ icmd.RunCmd(icmd.Command(dockerBinary, "--config", "/tmp/docker-isolated", "pull", repoName), trustedCmd).Assert(c, SuccessTagging) |
|
| 46 | 31 |
|
| 47 | 32 |
dockerCmd(c, "rmi", repoName) |
| 48 | 33 |
} |
| ... | ... |
@@ -55,12 +39,10 @@ func (s *DockerTrustSuite) TestUntrustedPull(c *check.C) {
|
| 55 | 55 |
dockerCmd(c, "rmi", repoName) |
| 56 | 56 |
|
| 57 | 57 |
// Try trusted pull on untrusted tag |
| 58 |
- pullCmd := exec.Command(dockerBinary, "pull", repoName) |
|
| 59 |
- s.trustedCmd(pullCmd) |
|
| 60 |
- out, _, err := runCommandWithOutput(pullCmd) |
|
| 61 |
- |
|
| 62 |
- c.Assert(err, check.NotNil, check.Commentf(out)) |
|
| 63 |
- c.Assert(string(out), checker.Contains, "Error: remote trust data does not exist", check.Commentf(out)) |
|
| 58 |
+ icmd.RunCmd(icmd.Command(dockerBinary, "pull", repoName), trustedCmd).Assert(c, icmd.Expected{
|
|
| 59 |
+ ExitCode: 1, |
|
| 60 |
+ Err: "Error: remote trust data does not exist", |
|
| 61 |
+ }) |
|
| 64 | 62 |
} |
| 65 | 63 |
|
| 66 | 64 |
func (s *DockerTrustSuite) TestPullWhenCertExpired(c *check.C) {
|
| ... | ... |
@@ -72,22 +54,19 @@ func (s *DockerTrustSuite) TestPullWhenCertExpired(c *check.C) {
|
| 72 | 72 |
|
| 73 | 73 |
testutil.RunAtDifferentDate(elevenYearsFromNow, func() {
|
| 74 | 74 |
// Try pull |
| 75 |
- pullCmd := exec.Command(dockerBinary, "pull", repoName) |
|
| 76 |
- s.trustedCmd(pullCmd) |
|
| 77 |
- out, _, err := runCommandWithOutput(pullCmd) |
|
| 78 |
- |
|
| 79 |
- c.Assert(err, check.NotNil, check.Commentf(out)) |
|
| 80 |
- c.Assert(string(out), checker.Contains, "could not validate the path to a trusted root", check.Commentf(out)) |
|
| 75 |
+ icmd.RunCmd(icmd.Cmd{
|
|
| 76 |
+ Command: []string{dockerBinary, "pull", repoName},
|
|
| 77 |
+ }, trustedCmd).Assert(c, icmd.Expected{
|
|
| 78 |
+ ExitCode: 1, |
|
| 79 |
+ Err: "could not validate the path to a trusted root", |
|
| 80 |
+ }) |
|
| 81 | 81 |
}) |
| 82 | 82 |
|
| 83 | 83 |
testutil.RunAtDifferentDate(elevenYearsFromNow, func() {
|
| 84 | 84 |
// Try pull |
| 85 |
- pullCmd := exec.Command(dockerBinary, "pull", "--disable-content-trust", repoName) |
|
| 86 |
- s.trustedCmd(pullCmd) |
|
| 87 |
- out, _, err := runCommandWithOutput(pullCmd) |
|
| 88 |
- |
|
| 89 |
- c.Assert(err, check.IsNil, check.Commentf(out)) |
|
| 90 |
- c.Assert(string(out), checker.Contains, "Status: Downloaded", check.Commentf(out)) |
|
| 85 |
+ icmd.RunCmd(icmd.Cmd{
|
|
| 86 |
+ Command: []string{dockerBinary, "pull", "--disable-content-trust", repoName},
|
|
| 87 |
+ }, trustedCmd).Assert(c, SuccessDownloaded) |
|
| 91 | 88 |
}) |
| 92 | 89 |
} |
| 93 | 90 |
|
| ... | ... |
@@ -101,21 +80,11 @@ func (s *DockerTrustSuite) TestTrustedPullFromBadTrustServer(c *check.C) {
|
| 101 | 101 |
// tag the image and upload it to the private registry |
| 102 | 102 |
dockerCmd(c, "tag", "busybox", repoName) |
| 103 | 103 |
|
| 104 |
- pushCmd := exec.Command(dockerBinary, "push", repoName) |
|
| 105 |
- s.trustedCmd(pushCmd) |
|
| 106 |
- out, _, err := runCommandWithOutput(pushCmd) |
|
| 107 |
- |
|
| 108 |
- c.Assert(err, check.IsNil, check.Commentf(out)) |
|
| 109 |
- c.Assert(string(out), checker.Contains, "Signing and pushing trust metadata", check.Commentf(out)) |
|
| 104 |
+ icmd.RunCmd(icmd.Command(dockerBinary, "push", repoName), trustedCmd).Assert(c, SuccessSigningAndPushing) |
|
| 110 | 105 |
dockerCmd(c, "rmi", repoName) |
| 111 | 106 |
|
| 112 | 107 |
// Try pull |
| 113 |
- pullCmd := exec.Command(dockerBinary, "pull", repoName) |
|
| 114 |
- s.trustedCmd(pullCmd) |
|
| 115 |
- out, _, err = runCommandWithOutput(pullCmd) |
|
| 116 |
- |
|
| 117 |
- c.Assert(err, check.IsNil, check.Commentf(out)) |
|
| 118 |
- c.Assert(string(out), checker.Contains, "Tagging", check.Commentf(out)) |
|
| 108 |
+ icmd.RunCmd(icmd.Command(dockerBinary, "pull", repoName), trustedCmd).Assert(c, SuccessTagging) |
|
| 119 | 109 |
dockerCmd(c, "rmi", repoName) |
| 120 | 110 |
|
| 121 | 111 |
// Kill the notary server, start a new "evil" one. |
| ... | ... |
@@ -129,23 +98,13 @@ func (s *DockerTrustSuite) TestTrustedPullFromBadTrustServer(c *check.C) {
|
| 129 | 129 |
dockerCmd(c, "--config", evilLocalConfigDir, "tag", "busybox", repoName) |
| 130 | 130 |
|
| 131 | 131 |
// Push up to the new server |
| 132 |
- pushCmd = exec.Command(dockerBinary, "--config", evilLocalConfigDir, "push", repoName) |
|
| 133 |
- s.trustedCmd(pushCmd) |
|
| 134 |
- out, _, err = runCommandWithOutput(pushCmd) |
|
| 135 |
- |
|
| 136 |
- c.Assert(err, check.IsNil, check.Commentf(out)) |
|
| 137 |
- c.Assert(string(out), checker.Contains, "Signing and pushing trust metadata", check.Commentf(out)) |
|
| 132 |
+ icmd.RunCmd(icmd.Command(dockerBinary, "--config", evilLocalConfigDir, "push", repoName), trustedCmd).Assert(c, SuccessSigningAndPushing) |
|
| 138 | 133 |
|
| 139 | 134 |
// Now, try pulling with the original client from this new trust server. This should fail because the new root is invalid. |
| 140 |
- pullCmd = exec.Command(dockerBinary, "pull", repoName) |
|
| 141 |
- s.trustedCmd(pullCmd) |
|
| 142 |
- out, _, err = runCommandWithOutput(pullCmd) |
|
| 143 |
- if err == nil {
|
|
| 144 |
- c.Fatalf("Continuing with cached data even though it's an invalid root rotation: %s\n%s", err, out)
|
|
| 145 |
- } |
|
| 146 |
- if !strings.Contains(out, "could not rotate trust to a new trusted root") {
|
|
| 147 |
- c.Fatalf("Missing expected output on trusted pull:\n%s", out)
|
|
| 148 |
- } |
|
| 135 |
+ icmd.RunCmd(icmd.Command(dockerBinary, "pull", repoName), trustedCmd).Assert(c, icmd.Expected{
|
|
| 136 |
+ ExitCode: 1, |
|
| 137 |
+ Err: "could not rotate trust to a new trusted root", |
|
| 138 |
+ }) |
|
| 149 | 139 |
} |
| 150 | 140 |
|
| 151 | 141 |
func (s *DockerTrustSuite) TestTrustedPullWithExpiredSnapshot(c *check.C) {
|
| ... | ... |
@@ -155,13 +114,7 @@ func (s *DockerTrustSuite) TestTrustedPullWithExpiredSnapshot(c *check.C) {
|
| 155 | 155 |
dockerCmd(c, "tag", "busybox", repoName) |
| 156 | 156 |
|
| 157 | 157 |
// Push with default passphrases |
| 158 |
- pushCmd := exec.Command(dockerBinary, "push", repoName) |
|
| 159 |
- s.trustedCmd(pushCmd) |
|
| 160 |
- out, _, err := runCommandWithOutput(pushCmd) |
|
| 161 |
- |
|
| 162 |
- c.Assert(err, check.IsNil, check.Commentf(out)) |
|
| 163 |
- c.Assert(string(out), checker.Contains, "Signing and pushing trust metadata", check.Commentf(out)) |
|
| 164 |
- |
|
| 158 |
+ icmd.RunCmd(icmd.Command(dockerBinary, "push", repoName), trustedCmd).Assert(c, SuccessSigningAndPushing) |
|
| 165 | 159 |
dockerCmd(c, "rmi", repoName) |
| 166 | 160 |
|
| 167 | 161 |
// Snapshots last for three years. This should be expired |
| ... | ... |
@@ -169,41 +122,28 @@ func (s *DockerTrustSuite) TestTrustedPullWithExpiredSnapshot(c *check.C) {
|
| 169 | 169 |
|
| 170 | 170 |
testutil.RunAtDifferentDate(fourYearsLater, func() {
|
| 171 | 171 |
// Try pull |
| 172 |
- pullCmd := exec.Command(dockerBinary, "pull", repoName) |
|
| 173 |
- s.trustedCmd(pullCmd) |
|
| 174 |
- out, _, err = runCommandWithOutput(pullCmd) |
|
| 175 |
- |
|
| 176 |
- c.Assert(err, check.NotNil, check.Commentf("Missing expected error running trusted pull with expired snapshots"))
|
|
| 177 |
- c.Assert(string(out), checker.Contains, "repository out-of-date", check.Commentf(out)) |
|
| 172 |
+ icmd.RunCmd(icmd.Cmd{
|
|
| 173 |
+ Command: []string{dockerBinary, "pull", repoName},
|
|
| 174 |
+ }, trustedCmd).Assert(c, icmd.Expected{
|
|
| 175 |
+ ExitCode: 1, |
|
| 176 |
+ Err: "repository out-of-date", |
|
| 177 |
+ }) |
|
| 178 | 178 |
}) |
| 179 | 179 |
} |
| 180 | 180 |
|
| 181 | 181 |
func (s *DockerTrustSuite) TestTrustedOfflinePull(c *check.C) {
|
| 182 | 182 |
repoName := s.setupTrustedImage(c, "trusted-offline-pull") |
| 183 | 183 |
|
| 184 |
- pullCmd := exec.Command(dockerBinary, "pull", repoName) |
|
| 185 |
- s.trustedCmdWithServer(pullCmd, "https://invalidnotaryserver") |
|
| 186 |
- out, _, err := runCommandWithOutput(pullCmd) |
|
| 187 |
- |
|
| 188 |
- c.Assert(err, check.NotNil, check.Commentf(out)) |
|
| 189 |
- c.Assert(string(out), checker.Contains, "error contacting notary server", check.Commentf(out)) |
|
| 184 |
+ icmd.RunCmd(icmd.Command(dockerBinary, "pull", repoName), trustedCmdWithServer("https://invalidnotaryserver")).Assert(c, icmd.Expected{
|
|
| 185 |
+ ExitCode: 1, |
|
| 186 |
+ Err: "error contacting notary server", |
|
| 187 |
+ }) |
|
| 190 | 188 |
// Do valid trusted pull to warm cache |
| 191 |
- pullCmd = exec.Command(dockerBinary, "pull", repoName) |
|
| 192 |
- s.trustedCmd(pullCmd) |
|
| 193 |
- out, _, err = runCommandWithOutput(pullCmd) |
|
| 194 |
- |
|
| 195 |
- c.Assert(err, check.IsNil, check.Commentf(out)) |
|
| 196 |
- c.Assert(string(out), checker.Contains, "Tagging", check.Commentf(out)) |
|
| 197 |
- |
|
| 189 |
+ icmd.RunCmd(icmd.Command(dockerBinary, "pull", repoName), trustedCmd).Assert(c, SuccessTagging) |
|
| 198 | 190 |
dockerCmd(c, "rmi", repoName) |
| 199 | 191 |
|
| 200 | 192 |
// Try pull again with invalid notary server, should use cache |
| 201 |
- pullCmd = exec.Command(dockerBinary, "pull", repoName) |
|
| 202 |
- s.trustedCmdWithServer(pullCmd, "https://invalidnotaryserver") |
|
| 203 |
- out, _, err = runCommandWithOutput(pullCmd) |
|
| 204 |
- |
|
| 205 |
- c.Assert(err, check.IsNil, check.Commentf(out)) |
|
| 206 |
- c.Assert(string(out), checker.Contains, "Tagging", check.Commentf(out)) |
|
| 193 |
+ icmd.RunCmd(icmd.Command(dockerBinary, "pull", repoName), trustedCmdWithServer("https://invalidnotaryserver")).Assert(c, SuccessTagging)
|
|
| 207 | 194 |
} |
| 208 | 195 |
|
| 209 | 196 |
func (s *DockerTrustSuite) TestTrustedPullDelete(c *check.C) {
|
| ... | ... |
@@ -214,29 +154,16 @@ func (s *DockerTrustSuite) TestTrustedPullDelete(c *check.C) {
|
| 214 | 214 |
CMD echo trustedpulldelete |
| 215 | 215 |
`, true) |
| 216 | 216 |
|
| 217 |
- pushCmd := exec.Command(dockerBinary, "push", repoName) |
|
| 218 |
- s.trustedCmd(pushCmd) |
|
| 219 |
- out, _, err := runCommandWithOutput(pushCmd) |
|
| 220 |
- if err != nil {
|
|
| 221 |
- c.Fatalf("Error running trusted push: %s\n%s", err, out)
|
|
| 222 |
- } |
|
| 223 |
- if !strings.Contains(string(out), "Signing and pushing trust metadata") {
|
|
| 224 |
- c.Fatalf("Missing expected output on trusted push:\n%s", out)
|
|
| 225 |
- } |
|
| 217 |
+ icmd.RunCmd(icmd.Command(dockerBinary, "push", repoName), trustedCmd).Assert(c, SuccessSigningAndPushing) |
|
| 226 | 218 |
|
| 227 |
- if out, status := dockerCmd(c, "rmi", repoName); status != 0 {
|
|
| 228 |
- c.Fatalf("Error removing image %q\n%s", repoName, out)
|
|
| 229 |
- } |
|
| 219 |
+ dockerCmd(c, "rmi", repoName) |
|
| 230 | 220 |
|
| 231 | 221 |
// Try pull |
| 232 |
- pullCmd := exec.Command(dockerBinary, "pull", repoName) |
|
| 233 |
- s.trustedCmd(pullCmd) |
|
| 234 |
- out, _, err = runCommandWithOutput(pullCmd) |
|
| 222 |
+ result := icmd.RunCmd(icmd.Command(dockerBinary, "pull", repoName), trustedCmd) |
|
| 223 |
+ result.Assert(c, icmd.Success) |
|
| 235 | 224 |
|
| 236 |
- c.Assert(err, check.IsNil, check.Commentf(out)) |
|
| 237 |
- |
|
| 238 |
- matches := digestRegex.FindStringSubmatch(out) |
|
| 239 |
- c.Assert(matches, checker.HasLen, 2, check.Commentf("unable to parse digest from pull output: %s", out))
|
|
| 225 |
+ matches := digestRegex.FindStringSubmatch(result.Combined()) |
|
| 226 |
+ c.Assert(matches, checker.HasLen, 2, check.Commentf("unable to parse digest from pull output: %s", result.Combined()))
|
|
| 240 | 227 |
pullDigest := matches[1] |
| 241 | 228 |
|
| 242 | 229 |
imageID := inspectField(c, repoName, "Id") |
| ... | ... |
@@ -263,18 +190,13 @@ func (s *DockerTrustSuite) TestTrustedPullReadsFromReleasesRole(c *check.C) {
|
| 263 | 263 |
|
| 264 | 264 |
// Push with targets first, initializing the repo |
| 265 | 265 |
dockerCmd(c, "tag", "busybox", targetName) |
| 266 |
- pushCmd := exec.Command(dockerBinary, "push", targetName) |
|
| 267 |
- s.trustedCmd(pushCmd) |
|
| 268 |
- out, _, err := runCommandWithOutput(pushCmd) |
|
| 269 |
- c.Assert(err, check.IsNil, check.Commentf(out)) |
|
| 266 |
+ icmd.RunCmd(icmd.Command(dockerBinary, "push", targetName), trustedCmd).Assert(c, icmd.Success) |
|
| 270 | 267 |
s.assertTargetInRoles(c, repoName, "latest", "targets") |
| 271 | 268 |
|
| 272 | 269 |
// Try pull, check we retrieve from targets role |
| 273 |
- pullCmd := exec.Command(dockerBinary, "-D", "pull", repoName) |
|
| 274 |
- s.trustedCmd(pullCmd) |
|
| 275 |
- out, _, err = runCommandWithOutput(pullCmd) |
|
| 276 |
- c.Assert(err, check.IsNil, check.Commentf(out)) |
|
| 277 |
- c.Assert(out, checker.Contains, "retrieving target for targets role") |
|
| 270 |
+ icmd.RunCmd(icmd.Command(dockerBinary, "-D", "pull", repoName), trustedCmd).Assert(c, icmd.Expected{
|
|
| 271 |
+ Err: "retrieving target for targets role", |
|
| 272 |
+ }) |
|
| 278 | 273 |
|
| 279 | 274 |
// Now we'll create the releases role, and try pushing and pulling |
| 280 | 275 |
s.notaryCreateDelegation(c, repoName, "targets/releases", s.not.keys[0].Public) |
| ... | ... |
@@ -283,31 +205,23 @@ func (s *DockerTrustSuite) TestTrustedPullReadsFromReleasesRole(c *check.C) {
|
| 283 | 283 |
|
| 284 | 284 |
// try a pull, check that we can still pull because we can still read the |
| 285 | 285 |
// old tag in the targets role |
| 286 |
- pullCmd = exec.Command(dockerBinary, "-D", "pull", repoName) |
|
| 287 |
- s.trustedCmd(pullCmd) |
|
| 288 |
- out, _, err = runCommandWithOutput(pullCmd) |
|
| 289 |
- c.Assert(err, check.IsNil, check.Commentf(out)) |
|
| 290 |
- c.Assert(out, checker.Contains, "retrieving target for targets role") |
|
| 286 |
+ icmd.RunCmd(icmd.Command(dockerBinary, "-D", "pull", repoName), trustedCmd).Assert(c, icmd.Expected{
|
|
| 287 |
+ Err: "retrieving target for targets role", |
|
| 288 |
+ }) |
|
| 291 | 289 |
|
| 292 | 290 |
// try a pull -a, check that it succeeds because we can still pull from the |
| 293 | 291 |
// targets role |
| 294 |
- pullCmd = exec.Command(dockerBinary, "-D", "pull", "-a", repoName) |
|
| 295 |
- s.trustedCmd(pullCmd) |
|
| 296 |
- out, _, err = runCommandWithOutput(pullCmd) |
|
| 297 |
- c.Assert(err, check.IsNil, check.Commentf(out)) |
|
| 292 |
+ icmd.RunCmd(icmd.Command(dockerBinary, "-D", "pull", "-a", repoName), trustedCmd).Assert(c, icmd.Success) |
|
| 298 | 293 |
|
| 299 | 294 |
// Push, should sign with targets/releases |
| 300 | 295 |
dockerCmd(c, "tag", "busybox", targetName) |
| 301 |
- pushCmd = exec.Command(dockerBinary, "push", targetName) |
|
| 302 |
- s.trustedCmd(pushCmd) |
|
| 303 |
- out, _, err = runCommandWithOutput(pushCmd) |
|
| 296 |
+ icmd.RunCmd(icmd.Command(dockerBinary, "push", targetName), trustedCmd).Assert(c, icmd.Success) |
|
| 304 | 297 |
s.assertTargetInRoles(c, repoName, "latest", "targets", "targets/releases") |
| 305 | 298 |
|
| 306 | 299 |
// Try pull, check we retrieve from targets/releases role |
| 307 |
- pullCmd = exec.Command(dockerBinary, "-D", "pull", repoName) |
|
| 308 |
- s.trustedCmd(pullCmd) |
|
| 309 |
- out, _, err = runCommandWithOutput(pullCmd) |
|
| 310 |
- c.Assert(out, checker.Contains, "retrieving target for targets/releases role") |
|
| 300 |
+ icmd.RunCmd(icmd.Command(dockerBinary, "-D", "pull", repoName), trustedCmd).Assert(c, icmd.Expected{
|
|
| 301 |
+ Err: "retrieving target for targets/releases role", |
|
| 302 |
+ }) |
|
| 311 | 303 |
|
| 312 | 304 |
// Create another delegation that we'll sign with |
| 313 | 305 |
s.notaryCreateDelegation(c, repoName, "targets/other", s.not.keys[1].Public) |
| ... | ... |
@@ -315,16 +229,13 @@ func (s *DockerTrustSuite) TestTrustedPullReadsFromReleasesRole(c *check.C) {
|
| 315 | 315 |
s.notaryPublish(c, repoName) |
| 316 | 316 |
|
| 317 | 317 |
dockerCmd(c, "tag", "busybox", targetName) |
| 318 |
- pushCmd = exec.Command(dockerBinary, "push", targetName) |
|
| 319 |
- s.trustedCmd(pushCmd) |
|
| 320 |
- out, _, err = runCommandWithOutput(pushCmd) |
|
| 318 |
+ icmd.RunCmd(icmd.Command(dockerBinary, "push", targetName), trustedCmd).Assert(c, icmd.Success) |
|
| 321 | 319 |
s.assertTargetInRoles(c, repoName, "latest", "targets", "targets/releases", "targets/other") |
| 322 | 320 |
|
| 323 | 321 |
// Try pull, check we retrieve from targets/releases role |
| 324 |
- pullCmd = exec.Command(dockerBinary, "-D", "pull", repoName) |
|
| 325 |
- s.trustedCmd(pullCmd) |
|
| 326 |
- out, _, err = runCommandWithOutput(pullCmd) |
|
| 327 |
- c.Assert(out, checker.Contains, "retrieving target for targets/releases role") |
|
| 322 |
+ icmd.RunCmd(icmd.Command(dockerBinary, "-D", "pull", repoName), trustedCmd).Assert(c, icmd.Expected{
|
|
| 323 |
+ Err: "retrieving target for targets/releases role", |
|
| 324 |
+ }) |
|
| 328 | 325 |
} |
| 329 | 326 |
|
| 330 | 327 |
func (s *DockerTrustSuite) TestTrustedPullIgnoresOtherDelegationRoles(c *check.C) {
|
| ... | ... |
@@ -341,26 +252,22 @@ func (s *DockerTrustSuite) TestTrustedPullIgnoresOtherDelegationRoles(c *check.C |
| 341 | 341 |
|
| 342 | 342 |
// Push should write to the delegation role, not targets |
| 343 | 343 |
dockerCmd(c, "tag", "busybox", targetName) |
| 344 |
- pushCmd := exec.Command(dockerBinary, "push", targetName) |
|
| 345 |
- s.trustedCmd(pushCmd) |
|
| 346 |
- out, _, err := runCommandWithOutput(pushCmd) |
|
| 347 |
- c.Assert(err, check.IsNil, check.Commentf(out)) |
|
| 344 |
+ icmd.RunCmd(icmd.Command(dockerBinary, "push", targetName), trustedCmd).Assert(c, icmd.Success) |
|
| 348 | 345 |
s.assertTargetInRoles(c, repoName, "latest", "targets/other") |
| 349 | 346 |
s.assertTargetNotInRoles(c, repoName, "latest", "targets") |
| 350 | 347 |
|
| 351 | 348 |
// Try pull - we should fail, since pull will only pull from the targets/releases |
| 352 | 349 |
// role or the targets role |
| 353 |
- pullCmd := exec.Command(dockerBinary, "-D", "pull", repoName) |
|
| 354 |
- s.trustedCmd(pullCmd) |
|
| 355 |
- out, _, err = runCommandWithOutput(pullCmd) |
|
| 356 |
- c.Assert(err, check.NotNil, check.Commentf(out)) |
|
| 357 |
- c.Assert(out, checker.Contains, "No trust data for") |
|
| 350 |
+ dockerCmd(c, "tag", "busybox", targetName) |
|
| 351 |
+ icmd.RunCmd(icmd.Command(dockerBinary, "-D", "pull", repoName), trustedCmd).Assert(c, icmd.Expected{
|
|
| 352 |
+ ExitCode: 1, |
|
| 353 |
+ Err: "No trust data for", |
|
| 354 |
+ }) |
|
| 358 | 355 |
|
| 359 | 356 |
// try a pull -a: we should fail since pull will only pull from the targets/releases |
| 360 | 357 |
// role or the targets role |
| 361 |
- pullCmd = exec.Command(dockerBinary, "-D", "pull", "-a", repoName) |
|
| 362 |
- s.trustedCmd(pullCmd) |
|
| 363 |
- out, _, err = runCommandWithOutput(pullCmd) |
|
| 364 |
- c.Assert(err, check.NotNil, check.Commentf(out)) |
|
| 365 |
- c.Assert(out, checker.Contains, "No trusted tags for") |
|
| 358 |
+ icmd.RunCmd(icmd.Command(dockerBinary, "-D", "pull", "-a", repoName), trustedCmd).Assert(c, icmd.Expected{
|
|
| 359 |
+ ExitCode: 1, |
|
| 360 |
+ Err: "No trusted tags for", |
|
| 361 |
+ }) |
|
| 366 | 362 |
} |
| ... | ... |
@@ -7,17 +7,16 @@ import ( |
| 7 | 7 |
"net/http" |
| 8 | 8 |
"net/http/httptest" |
| 9 | 9 |
"os" |
| 10 |
- "os/exec" |
|
| 11 | 10 |
"path/filepath" |
| 12 | 11 |
"strings" |
| 13 | 12 |
"sync" |
| 14 | 13 |
"time" |
| 15 | 14 |
|
| 16 | 15 |
"github.com/docker/distribution/reference" |
| 17 |
- icmd "github.com/docker/docker/pkg/testutil/cmd" |
|
| 18 | 16 |
cliconfig "github.com/docker/docker/cli/config" |
| 19 | 17 |
"github.com/docker/docker/integration-cli/checker" |
| 20 | 18 |
"github.com/docker/docker/pkg/testutil" |
| 19 |
+ icmd "github.com/docker/docker/pkg/testutil/cmd" |
|
| 21 | 20 |
"github.com/go-check/check" |
| 22 | 21 |
) |
| 23 | 22 |
|
| ... | ... |
@@ -138,11 +137,11 @@ func testPushEmptyLayer(c *check.C) {
|
| 138 | 138 |
|
| 139 | 139 |
icmd.RunCmd(icmd.Cmd{
|
| 140 | 140 |
Command: []string{dockerBinary, "import", "-", repoName},
|
| 141 |
- Stdin: freader, |
|
| 141 |
+ Stdin: freader, |
|
| 142 | 142 |
}).Assert(c, icmd.Success) |
| 143 | 143 |
|
| 144 | 144 |
// Now verify we can push it |
| 145 |
- out, _, err = dockerCmdWithError("push", repoName)
|
|
| 145 |
+ out, _, err := dockerCmdWithError("push", repoName)
|
|
| 146 | 146 |
c.Assert(err, check.IsNil, check.Commentf("pushing the image to the private registry has failed: %s", out))
|
| 147 | 147 |
} |
| 148 | 148 |
|
| ... | ... |
@@ -288,18 +287,12 @@ func (s *DockerTrustSuite) TestTrustedPush(c *check.C) {
|
| 288 | 288 |
// tag the image and upload it to the private registry |
| 289 | 289 |
dockerCmd(c, "tag", "busybox", repoName) |
| 290 | 290 |
|
| 291 |
- pushCmd := exec.Command(dockerBinary, "push", repoName) |
|
| 292 |
- s.trustedCmd(pushCmd) |
|
| 293 |
- out, _, err := runCommandWithOutput(pushCmd) |
|
| 294 |
- c.Assert(err, check.IsNil, check.Commentf("Error running trusted push: %s\n%s", err, out))
|
|
| 295 |
- c.Assert(out, checker.Contains, "Signing and pushing trust metadata", check.Commentf("Missing expected output on trusted push"))
|
|
| 291 |
+ icmd.RunCmd(icmd.Command(dockerBinary, "push", repoName), trustedCmd).Assert(c, SuccessSigningAndPushing) |
|
| 296 | 292 |
|
| 297 | 293 |
// Try pull after push |
| 298 |
- pullCmd := exec.Command(dockerBinary, "pull", repoName) |
|
| 299 |
- s.trustedCmd(pullCmd) |
|
| 300 |
- out, _, err = runCommandWithOutput(pullCmd) |
|
| 301 |
- c.Assert(err, check.IsNil, check.Commentf(out)) |
|
| 302 |
- c.Assert(string(out), checker.Contains, "Status: Image is up to date", check.Commentf(out)) |
|
| 294 |
+ icmd.RunCmd(icmd.Command(dockerBinary, "pull", repoName), trustedCmd).Assert(c, icmd.Expected{
|
|
| 295 |
+ Out: "Status: Image is up to date", |
|
| 296 |
+ }) |
|
| 303 | 297 |
|
| 304 | 298 |
// Assert that we rotated the snapshot key to the server by checking our local keystore |
| 305 | 299 |
contents, err := ioutil.ReadDir(filepath.Join(cliconfig.Dir(), "trust/private/tuf_keys", privateRegistryURL, "dockerclitrusted/pushtest")) |
| ... | ... |
@@ -313,18 +306,12 @@ func (s *DockerTrustSuite) TestTrustedPushWithEnvPasswords(c *check.C) {
|
| 313 | 313 |
// tag the image and upload it to the private registry |
| 314 | 314 |
dockerCmd(c, "tag", "busybox", repoName) |
| 315 | 315 |
|
| 316 |
- pushCmd := exec.Command(dockerBinary, "push", repoName) |
|
| 317 |
- s.trustedCmdWithPassphrases(pushCmd, "12345678", "12345678") |
|
| 318 |
- out, _, err := runCommandWithOutput(pushCmd) |
|
| 319 |
- c.Assert(err, check.IsNil, check.Commentf("Error running trusted push: %s\n%s", err, out))
|
|
| 320 |
- c.Assert(out, checker.Contains, "Signing and pushing trust metadata", check.Commentf("Missing expected output on trusted push"))
|
|
| 316 |
+ icmd.RunCmd(icmd.Command(dockerBinary, "push", repoName), trustedCmdWithPassphrases("12345678", "12345678")).Assert(c, SuccessSigningAndPushing)
|
|
| 321 | 317 |
|
| 322 | 318 |
// Try pull after push |
| 323 |
- pullCmd := exec.Command(dockerBinary, "pull", repoName) |
|
| 324 |
- s.trustedCmd(pullCmd) |
|
| 325 |
- out, _, err = runCommandWithOutput(pullCmd) |
|
| 326 |
- c.Assert(err, check.IsNil, check.Commentf(out)) |
|
| 327 |
- c.Assert(string(out), checker.Contains, "Status: Image is up to date", check.Commentf(out)) |
|
| 319 |
+ icmd.RunCmd(icmd.Command(dockerBinary, "pull", repoName), trustedCmd).Assert(c, icmd.Expected{
|
|
| 320 |
+ Out: "Status: Image is up to date", |
|
| 321 |
+ }) |
|
| 328 | 322 |
} |
| 329 | 323 |
|
| 330 | 324 |
func (s *DockerTrustSuite) TestTrustedPushWithFailingServer(c *check.C) {
|
| ... | ... |
@@ -332,12 +319,11 @@ func (s *DockerTrustSuite) TestTrustedPushWithFailingServer(c *check.C) {
|
| 332 | 332 |
// tag the image and upload it to the private registry |
| 333 | 333 |
dockerCmd(c, "tag", "busybox", repoName) |
| 334 | 334 |
|
| 335 |
- pushCmd := exec.Command(dockerBinary, "push", repoName) |
|
| 336 | 335 |
// Using a name that doesn't resolve to an address makes this test faster |
| 337 |
- s.trustedCmdWithServer(pushCmd, "https://server.invalid:81/") |
|
| 338 |
- out, _, err := runCommandWithOutput(pushCmd) |
|
| 339 |
- c.Assert(err, check.NotNil, check.Commentf("Missing error while running trusted push w/ no server"))
|
|
| 340 |
- c.Assert(out, checker.Contains, "error contacting notary server", check.Commentf("Missing expected output on trusted push"))
|
|
| 336 |
+ icmd.RunCmd(icmd.Command(dockerBinary, "push", repoName), trustedCmdWithServer("https://server.invalid:81/")).Assert(c, icmd.Expected{
|
|
| 337 |
+ ExitCode: 1, |
|
| 338 |
+ Err: "error contacting notary server", |
|
| 339 |
+ }) |
|
| 341 | 340 |
} |
| 342 | 341 |
|
| 343 | 342 |
func (s *DockerTrustSuite) TestTrustedPushWithoutServerAndUntrusted(c *check.C) {
|
| ... | ... |
@@ -345,12 +331,9 @@ func (s *DockerTrustSuite) TestTrustedPushWithoutServerAndUntrusted(c *check.C) |
| 345 | 345 |
// tag the image and upload it to the private registry |
| 346 | 346 |
dockerCmd(c, "tag", "busybox", repoName) |
| 347 | 347 |
|
| 348 |
- pushCmd := exec.Command(dockerBinary, "push", "--disable-content-trust", repoName) |
|
| 349 |
- // Using a name that doesn't resolve to an address makes this test faster |
|
| 350 |
- s.trustedCmdWithServer(pushCmd, "https://server.invalid") |
|
| 351 |
- out, _, err := runCommandWithOutput(pushCmd) |
|
| 352 |
- c.Assert(err, check.IsNil, check.Commentf("trusted push with no server and --disable-content-trust failed: %s\n%s", err, out))
|
|
| 353 |
- c.Assert(out, check.Not(checker.Contains), "Error establishing connection to notary repository", check.Commentf("Missing expected output on trusted push with --disable-content-trust:"))
|
|
| 348 |
+ result := icmd.RunCmd(icmd.Command(dockerBinary, "push", "--disable-content-trust", repoName), trustedCmdWithServer("https://server.invalid:81/"))
|
|
| 349 |
+ result.Assert(c, icmd.Success) |
|
| 350 |
+ c.Assert(result.Combined(), check.Not(checker.Contains), "Error establishing connection to notary repository", check.Commentf("Missing expected output on trusted push with --disable-content-trust:"))
|
|
| 354 | 351 |
} |
| 355 | 352 |
|
| 356 | 353 |
func (s *DockerTrustSuite) TestTrustedPushWithExistingTag(c *check.C) {
|
| ... | ... |
@@ -359,18 +342,12 @@ func (s *DockerTrustSuite) TestTrustedPushWithExistingTag(c *check.C) {
|
| 359 | 359 |
dockerCmd(c, "tag", "busybox", repoName) |
| 360 | 360 |
dockerCmd(c, "push", repoName) |
| 361 | 361 |
|
| 362 |
- pushCmd := exec.Command(dockerBinary, "push", repoName) |
|
| 363 |
- s.trustedCmd(pushCmd) |
|
| 364 |
- out, _, err := runCommandWithOutput(pushCmd) |
|
| 365 |
- c.Assert(err, check.IsNil, check.Commentf("trusted push failed: %s\n%s", err, out))
|
|
| 366 |
- c.Assert(out, checker.Contains, "Signing and pushing trust metadata", check.Commentf("Missing expected output on trusted push with existing tag"))
|
|
| 362 |
+ icmd.RunCmd(icmd.Command(dockerBinary, "push", repoName), trustedCmd).Assert(c, SuccessSigningAndPushing) |
|
| 367 | 363 |
|
| 368 | 364 |
// Try pull after push |
| 369 |
- pullCmd := exec.Command(dockerBinary, "pull", repoName) |
|
| 370 |
- s.trustedCmd(pullCmd) |
|
| 371 |
- out, _, err = runCommandWithOutput(pullCmd) |
|
| 372 |
- c.Assert(err, check.IsNil, check.Commentf(out)) |
|
| 373 |
- c.Assert(string(out), checker.Contains, "Status: Image is up to date", check.Commentf(out)) |
|
| 365 |
+ icmd.RunCmd(icmd.Command(dockerBinary, "pull", repoName), trustedCmd).Assert(c, icmd.Expected{
|
|
| 366 |
+ Out: "Status: Image is up to date", |
|
| 367 |
+ }) |
|
| 374 | 368 |
} |
| 375 | 369 |
|
| 376 | 370 |
func (s *DockerTrustSuite) TestTrustedPushWithExistingSignedTag(c *check.C) {
|
| ... | ... |
@@ -379,28 +356,14 @@ func (s *DockerTrustSuite) TestTrustedPushWithExistingSignedTag(c *check.C) {
|
| 379 | 379 |
dockerCmd(c, "tag", "busybox", repoName) |
| 380 | 380 |
|
| 381 | 381 |
// Do a trusted push |
| 382 |
- pushCmd := exec.Command(dockerBinary, "push", repoName) |
|
| 383 |
- s.trustedCmd(pushCmd) |
|
| 384 |
- out, _, err := runCommandWithOutput(pushCmd) |
|
| 385 |
- c.Assert(err, check.IsNil, check.Commentf("trusted push failed: %s\n%s", err, out))
|
|
| 386 |
- c.Assert(out, checker.Contains, "Signing and pushing trust metadata", check.Commentf("Missing expected output on trusted push with existing tag"))
|
|
| 382 |
+ icmd.RunCmd(icmd.Command(dockerBinary, "push", repoName), trustedCmd).Assert(c, SuccessSigningAndPushing) |
|
| 387 | 383 |
|
| 388 | 384 |
// Do another trusted push |
| 389 |
- pushCmd = exec.Command(dockerBinary, "push", repoName) |
|
| 390 |
- s.trustedCmd(pushCmd) |
|
| 391 |
- out, _, err = runCommandWithOutput(pushCmd) |
|
| 392 |
- c.Assert(err, check.IsNil, check.Commentf("trusted push failed: %s\n%s", err, out))
|
|
| 393 |
- c.Assert(out, checker.Contains, "Signing and pushing trust metadata", check.Commentf("Missing expected output on trusted push with existing tag"))
|
|
| 394 |
- |
|
| 385 |
+ icmd.RunCmd(icmd.Command(dockerBinary, "push", repoName), trustedCmd).Assert(c, SuccessSigningAndPushing) |
|
| 395 | 386 |
dockerCmd(c, "rmi", repoName) |
| 396 | 387 |
|
| 397 | 388 |
// Try pull to ensure the double push did not break our ability to pull |
| 398 |
- pullCmd := exec.Command(dockerBinary, "pull", repoName) |
|
| 399 |
- s.trustedCmd(pullCmd) |
|
| 400 |
- out, _, err = runCommandWithOutput(pullCmd) |
|
| 401 |
- c.Assert(err, check.IsNil, check.Commentf("Error running trusted pull: %s\n%s", err, out))
|
|
| 402 |
- c.Assert(out, checker.Contains, "Status: Downloaded", check.Commentf("Missing expected output on trusted pull with --disable-content-trust"))
|
|
| 403 |
- |
|
| 389 |
+ icmd.RunCmd(icmd.Command(dockerBinary, "pull", repoName), trustedCmd).Assert(c, SuccessDownloaded) |
|
| 404 | 390 |
} |
| 405 | 391 |
|
| 406 | 392 |
func (s *DockerTrustSuite) TestTrustedPushWithIncorrectPassphraseForNonRoot(c *check.C) {
|
| ... | ... |
@@ -409,18 +372,13 @@ func (s *DockerTrustSuite) TestTrustedPushWithIncorrectPassphraseForNonRoot(c *c |
| 409 | 409 |
dockerCmd(c, "tag", "busybox", repoName) |
| 410 | 410 |
|
| 411 | 411 |
// Push with default passphrases |
| 412 |
- pushCmd := exec.Command(dockerBinary, "push", repoName) |
|
| 413 |
- s.trustedCmd(pushCmd) |
|
| 414 |
- out, _, err := runCommandWithOutput(pushCmd) |
|
| 415 |
- c.Assert(err, check.IsNil, check.Commentf("trusted push failed: %s\n%s", err, out))
|
|
| 416 |
- c.Assert(out, checker.Contains, "Signing and pushing trust metadata", check.Commentf("Missing expected output on trusted push:\n%s", out))
|
|
| 412 |
+ icmd.RunCmd(icmd.Command(dockerBinary, "push", repoName), trustedCmd).Assert(c, SuccessSigningAndPushing) |
|
| 417 | 413 |
|
| 418 | 414 |
// Push with wrong passphrases |
| 419 |
- pushCmd = exec.Command(dockerBinary, "push", repoName) |
|
| 420 |
- s.trustedCmdWithPassphrases(pushCmd, "12345678", "87654321") |
|
| 421 |
- out, _, err = runCommandWithOutput(pushCmd) |
|
| 422 |
- c.Assert(err, check.NotNil, check.Commentf("Error missing from trusted push with short targets passphrase: \n%s", out))
|
|
| 423 |
- c.Assert(out, checker.Contains, "could not find necessary signing keys", check.Commentf("Missing expected output on trusted push with short targets/snapsnot passphrase"))
|
|
| 415 |
+ icmd.RunCmd(icmd.Command(dockerBinary, "push", repoName), trustedCmdWithPassphrases("12345678", "87654321")).Assert(c, icmd.Expected{
|
|
| 416 |
+ ExitCode: 1, |
|
| 417 |
+ Err: "could not find necessary signing keys", |
|
| 418 |
+ }) |
|
| 424 | 419 |
} |
| 425 | 420 |
|
| 426 | 421 |
func (s *DockerTrustSuite) TestTrustedPushWithExpiredSnapshot(c *check.C) {
|
| ... | ... |
@@ -430,22 +388,19 @@ func (s *DockerTrustSuite) TestTrustedPushWithExpiredSnapshot(c *check.C) {
|
| 430 | 430 |
dockerCmd(c, "tag", "busybox", repoName) |
| 431 | 431 |
|
| 432 | 432 |
// Push with default passphrases |
| 433 |
- pushCmd := exec.Command(dockerBinary, "push", repoName) |
|
| 434 |
- s.trustedCmd(pushCmd) |
|
| 435 |
- out, _, err := runCommandWithOutput(pushCmd) |
|
| 436 |
- c.Assert(err, check.IsNil, check.Commentf("trusted push failed: %s\n%s", err, out))
|
|
| 437 |
- c.Assert(out, checker.Contains, "Signing and pushing trust metadata", check.Commentf("Missing expected output on trusted push"))
|
|
| 433 |
+ icmd.RunCmd(icmd.Command(dockerBinary, "push", repoName), trustedCmd).Assert(c, SuccessSigningAndPushing) |
|
| 438 | 434 |
|
| 439 | 435 |
// Snapshots last for three years. This should be expired |
| 440 | 436 |
fourYearsLater := time.Now().Add(time.Hour * 24 * 365 * 4) |
| 441 | 437 |
|
| 442 | 438 |
testutil.RunAtDifferentDate(fourYearsLater, func() {
|
| 443 | 439 |
// Push with wrong passphrases |
| 444 |
- pushCmd = exec.Command(dockerBinary, "push", repoName) |
|
| 445 |
- s.trustedCmd(pushCmd) |
|
| 446 |
- out, _, err = runCommandWithOutput(pushCmd) |
|
| 447 |
- c.Assert(err, check.NotNil, check.Commentf("Error missing from trusted push with expired snapshot: \n%s", out))
|
|
| 448 |
- c.Assert(out, checker.Contains, "repository out-of-date", check.Commentf("Missing expected output on trusted push with expired snapshot"))
|
|
| 440 |
+ icmd.RunCmd(icmd.Cmd{
|
|
| 441 |
+ Command: []string{dockerBinary, "push", repoName},
|
|
| 442 |
+ }, trustedCmd).Assert(c, icmd.Expected{
|
|
| 443 |
+ ExitCode: 1, |
|
| 444 |
+ Err: "repository out-of-date", |
|
| 445 |
+ }) |
|
| 449 | 446 |
}) |
| 450 | 447 |
} |
| 451 | 448 |
|
| ... | ... |
@@ -456,22 +411,15 @@ func (s *DockerTrustSuite) TestTrustedPushWithExpiredTimestamp(c *check.C) {
|
| 456 | 456 |
dockerCmd(c, "tag", "busybox", repoName) |
| 457 | 457 |
|
| 458 | 458 |
// Push with default passphrases |
| 459 |
- pushCmd := exec.Command(dockerBinary, "push", repoName) |
|
| 460 |
- s.trustedCmd(pushCmd) |
|
| 461 |
- out, _, err := runCommandWithOutput(pushCmd) |
|
| 462 |
- c.Assert(err, check.IsNil, check.Commentf("trusted push failed: %s\n%s", err, out))
|
|
| 463 |
- c.Assert(out, checker.Contains, "Signing and pushing trust metadata", check.Commentf("Missing expected output on trusted push"))
|
|
| 459 |
+ icmd.RunCmd(icmd.Command(dockerBinary, "push", repoName), trustedCmd).Assert(c, SuccessSigningAndPushing) |
|
| 464 | 460 |
|
| 465 | 461 |
// The timestamps expire in two weeks. Lets check three |
| 466 | 462 |
threeWeeksLater := time.Now().Add(time.Hour * 24 * 21) |
| 467 | 463 |
|
| 468 | 464 |
// Should succeed because the server transparently re-signs one |
| 469 | 465 |
testutil.RunAtDifferentDate(threeWeeksLater, func() {
|
| 470 |
- pushCmd := exec.Command(dockerBinary, "push", repoName) |
|
| 471 |
- s.trustedCmd(pushCmd) |
|
| 472 |
- out, _, err := runCommandWithOutput(pushCmd) |
|
| 473 |
- c.Assert(err, check.IsNil, check.Commentf("Error running trusted push: %s\n%s", err, out))
|
|
| 474 |
- c.Assert(out, checker.Contains, "Signing and pushing trust metadata", check.Commentf("Missing expected output on trusted push with expired timestamp"))
|
|
| 466 |
+ icmd.RunCmd(icmd.Command(dockerBinary, "push", repoName), |
|
| 467 |
+ trustedCmd).Assert(c, SuccessSigningAndPushing) |
|
| 475 | 468 |
}) |
| 476 | 469 |
} |
| 477 | 470 |
|
| ... | ... |
@@ -488,11 +436,7 @@ func (s *DockerTrustSuite) TestTrustedPushWithReleasesDelegationOnly(c *check.C) |
| 488 | 488 |
// tag the image and upload it to the private registry |
| 489 | 489 |
dockerCmd(c, "tag", "busybox", targetName) |
| 490 | 490 |
|
| 491 |
- pushCmd := exec.Command(dockerBinary, "push", targetName) |
|
| 492 |
- s.trustedCmd(pushCmd) |
|
| 493 |
- out, _, err := runCommandWithOutput(pushCmd) |
|
| 494 |
- c.Assert(err, check.IsNil, check.Commentf("trusted push failed: %s\n%s", err, out))
|
|
| 495 |
- c.Assert(out, checker.Contains, "Signing and pushing trust metadata", check.Commentf("Missing expected output on trusted push with existing tag"))
|
|
| 491 |
+ icmd.RunCmd(icmd.Command(dockerBinary, "push", targetName), trustedCmd).Assert(c, SuccessSigningAndPushing) |
|
| 496 | 492 |
// check to make sure that the target has been added to targets/releases and not targets |
| 497 | 493 |
s.assertTargetInRoles(c, repoName, "latest", "targets/releases") |
| 498 | 494 |
s.assertTargetNotInRoles(c, repoName, "latest", "targets") |
| ... | ... |
@@ -500,11 +444,9 @@ func (s *DockerTrustSuite) TestTrustedPushWithReleasesDelegationOnly(c *check.C) |
| 500 | 500 |
// Try pull after push |
| 501 | 501 |
os.RemoveAll(filepath.Join(cliconfig.Dir(), "trust")) |
| 502 | 502 |
|
| 503 |
- pullCmd := exec.Command(dockerBinary, "pull", targetName) |
|
| 504 |
- s.trustedCmd(pullCmd) |
|
| 505 |
- out, _, err = runCommandWithOutput(pullCmd) |
|
| 506 |
- c.Assert(err, check.IsNil, check.Commentf(out)) |
|
| 507 |
- c.Assert(string(out), checker.Contains, "Status: Image is up to date", check.Commentf(out)) |
|
| 503 |
+ icmd.RunCmd(icmd.Command(dockerBinary, "pull", targetName), trustedCmd).Assert(c, icmd.Expected{
|
|
| 504 |
+ Out: "Status: Image is up to date", |
|
| 505 |
+ }) |
|
| 508 | 506 |
} |
| 509 | 507 |
|
| 510 | 508 |
func (s *DockerTrustSuite) TestTrustedPushSignsAllFirstLevelRolesWeHaveKeysFor(c *check.C) {
|
| ... | ... |
@@ -528,11 +470,7 @@ func (s *DockerTrustSuite) TestTrustedPushSignsAllFirstLevelRolesWeHaveKeysFor(c |
| 528 | 528 |
// tag the image and upload it to the private registry |
| 529 | 529 |
dockerCmd(c, "tag", "busybox", targetName) |
| 530 | 530 |
|
| 531 |
- pushCmd := exec.Command(dockerBinary, "push", targetName) |
|
| 532 |
- s.trustedCmd(pushCmd) |
|
| 533 |
- out, _, err := runCommandWithOutput(pushCmd) |
|
| 534 |
- c.Assert(err, check.IsNil, check.Commentf("trusted push failed: %s\n%s", err, out))
|
|
| 535 |
- c.Assert(out, checker.Contains, "Signing and pushing trust metadata", check.Commentf("Missing expected output on trusted push with existing tag"))
|
|
| 531 |
+ icmd.RunCmd(icmd.Command(dockerBinary, "push", targetName), trustedCmd).Assert(c, SuccessSigningAndPushing) |
|
| 536 | 532 |
|
| 537 | 533 |
// check to make sure that the target has been added to targets/role1 and targets/role2, and |
| 538 | 534 |
// not targets (because there are delegations) or targets/role3 (due to missing key) or |
| ... | ... |
@@ -544,10 +482,9 @@ func (s *DockerTrustSuite) TestTrustedPushSignsAllFirstLevelRolesWeHaveKeysFor(c |
| 544 | 544 |
os.RemoveAll(filepath.Join(cliconfig.Dir(), "trust")) |
| 545 | 545 |
|
| 546 | 546 |
// pull should fail because none of these are the releases role |
| 547 |
- pullCmd := exec.Command(dockerBinary, "pull", targetName) |
|
| 548 |
- s.trustedCmd(pullCmd) |
|
| 549 |
- out, _, err = runCommandWithOutput(pullCmd) |
|
| 550 |
- c.Assert(err, check.NotNil, check.Commentf(out)) |
|
| 547 |
+ icmd.RunCmd(icmd.Command(dockerBinary, "pull", targetName), trustedCmd).Assert(c, icmd.Expected{
|
|
| 548 |
+ ExitCode: 1, |
|
| 549 |
+ }) |
|
| 551 | 550 |
} |
| 552 | 551 |
|
| 553 | 552 |
func (s *DockerTrustSuite) TestTrustedPushSignsForRolesWithKeysAndValidPaths(c *check.C) {
|
| ... | ... |
@@ -569,11 +506,7 @@ func (s *DockerTrustSuite) TestTrustedPushSignsForRolesWithKeysAndValidPaths(c * |
| 569 | 569 |
// tag the image and upload it to the private registry |
| 570 | 570 |
dockerCmd(c, "tag", "busybox", targetName) |
| 571 | 571 |
|
| 572 |
- pushCmd := exec.Command(dockerBinary, "push", targetName) |
|
| 573 |
- s.trustedCmd(pushCmd) |
|
| 574 |
- out, _, err := runCommandWithOutput(pushCmd) |
|
| 575 |
- c.Assert(err, check.IsNil, check.Commentf("trusted push failed: %s\n%s", err, out))
|
|
| 576 |
- c.Assert(out, checker.Contains, "Signing and pushing trust metadata", check.Commentf("Missing expected output on trusted push with existing tag"))
|
|
| 572 |
+ icmd.RunCmd(icmd.Command(dockerBinary, "push", targetName), trustedCmd).Assert(c, SuccessSigningAndPushing) |
|
| 577 | 573 |
|
| 578 | 574 |
// check to make sure that the target has been added to targets/role1 and targets/role4, and |
| 579 | 575 |
// not targets (because there are delegations) or targets/role2 (due to path restrictions) or |
| ... | ... |
@@ -585,10 +518,9 @@ func (s *DockerTrustSuite) TestTrustedPushSignsForRolesWithKeysAndValidPaths(c * |
| 585 | 585 |
os.RemoveAll(filepath.Join(cliconfig.Dir(), "trust")) |
| 586 | 586 |
|
| 587 | 587 |
// pull should fail because none of these are the releases role |
| 588 |
- pullCmd := exec.Command(dockerBinary, "pull", targetName) |
|
| 589 |
- s.trustedCmd(pullCmd) |
|
| 590 |
- out, _, err = runCommandWithOutput(pullCmd) |
|
| 591 |
- c.Assert(err, check.NotNil, check.Commentf(out)) |
|
| 588 |
+ icmd.RunCmd(icmd.Command(dockerBinary, "pull", targetName), trustedCmd).Assert(c, icmd.Expected{
|
|
| 589 |
+ ExitCode: 1, |
|
| 590 |
+ }) |
|
| 592 | 591 |
} |
| 593 | 592 |
|
| 594 | 593 |
func (s *DockerTrustSuite) TestTrustedPushDoesntSignTargetsIfDelegationsExist(c *check.C) {
|
| ... | ... |
@@ -604,13 +536,10 @@ func (s *DockerTrustSuite) TestTrustedPushDoesntSignTargetsIfDelegationsExist(c |
| 604 | 604 |
// tag the image and upload it to the private registry |
| 605 | 605 |
dockerCmd(c, "tag", "busybox", targetName) |
| 606 | 606 |
|
| 607 |
- pushCmd := exec.Command(dockerBinary, "push", targetName) |
|
| 608 |
- s.trustedCmd(pushCmd) |
|
| 609 |
- out, _, err := runCommandWithOutput(pushCmd) |
|
| 610 |
- c.Assert(err, check.NotNil, check.Commentf("trusted push succeeded but should have failed:\n%s", out))
|
|
| 611 |
- c.Assert(out, checker.Contains, "no valid signing keys", |
|
| 612 |
- check.Commentf("Missing expected output on trusted push without keys"))
|
|
| 613 |
- |
|
| 607 |
+ icmd.RunCmd(icmd.Command(dockerBinary, "push", targetName), trustedCmd).Assert(c, icmd.Expected{
|
|
| 608 |
+ ExitCode: 1, |
|
| 609 |
+ Err: "no valid signing keys", |
|
| 610 |
+ }) |
|
| 614 | 611 |
s.assertTargetNotInRoles(c, repoName, "latest", "targets", "targets/role1") |
| 615 | 612 |
} |
| 616 | 613 |
|
| ... | ... |
@@ -2,13 +2,12 @@ package main |
| 2 | 2 |
|
| 3 | 3 |
import ( |
| 4 | 4 |
"fmt" |
| 5 |
- "os/exec" |
|
| 6 | 5 |
"strings" |
| 7 | 6 |
"time" |
| 8 | 7 |
|
| 9 |
- icmd "github.com/docker/docker/pkg/testutil/cmd" |
|
| 10 | 8 |
"github.com/docker/docker/integration-cli/checker" |
| 11 | 9 |
"github.com/docker/docker/pkg/stringid" |
| 10 |
+ icmd "github.com/docker/docker/pkg/testutil/cmd" |
|
| 12 | 11 |
"github.com/go-check/check" |
| 13 | 12 |
) |
| 14 | 13 |
|
| ... | ... |
@@ -179,7 +178,7 @@ func (s *DockerSuite) TestRmiForceWithExistingContainers(c *check.C) {
|
| 179 | 179 |
icmd.RunCmd(icmd.Cmd{
|
| 180 | 180 |
Command: []string{dockerBinary, "build", "--no-cache", "-t", image, "-"},
|
| 181 | 181 |
Stdin: strings.NewReader(`FROM busybox |
| 182 |
-MAINTAINER foo`) |
|
| 182 |
+MAINTAINER foo`), |
|
| 183 | 183 |
}).Assert(c, icmd.Success) |
| 184 | 184 |
|
| 185 | 185 |
dockerCmd(c, "run", "--name", "test-force-rmi", image, "/bin/true") |
| ... | ... |
@@ -865,7 +865,7 @@ func (s *DockerSuite) TestRunEnvironmentErase(c *check.C) {
|
| 865 | 865 |
|
| 866 | 866 |
result := icmd.RunCmd(icmd.Cmd{
|
| 867 | 867 |
Command: []string{dockerBinary, "run", "-e", "FOO", "-e", "HOSTNAME", "busybox", "env"},
|
| 868 |
- Env: appendBaseEnd(true), |
|
| 868 |
+ Env: appendBaseEnv(true), |
|
| 869 | 869 |
}) |
| 870 | 870 |
result.Assert(c, icmd.Success) |
| 871 | 871 |
|
| ... | ... |
@@ -897,7 +897,7 @@ func (s *DockerSuite) TestRunEnvironmentOverride(c *check.C) {
|
| 897 | 897 |
|
| 898 | 898 |
result := icmd.RunCmd(icmd.Cmd{
|
| 899 | 899 |
Command: []string{dockerBinary, "run", "-e", "HOSTNAME", "-e", "HOME=/root2", "busybox", "env"},
|
| 900 |
- Env: appendBaseEnv(true, "HOSTNAME=bar"), |
|
| 900 |
+ Env: appendBaseEnv(true, "HOSTNAME=bar"), |
|
| 901 | 901 |
}) |
| 902 | 902 |
result.Assert(c, icmd.Success) |
| 903 | 903 |
|
| ... | ... |
@@ -3262,30 +3262,11 @@ func (s *DockerTrustSuite) TestTrustedRun(c *check.C) {
|
| 3262 | 3262 |
repoName := s.setupTrustedImage(c, "trusted-run") |
| 3263 | 3263 |
|
| 3264 | 3264 |
// Try run |
| 3265 |
- runCmd := exec.Command(dockerBinary, "run", repoName) |
|
| 3266 |
- s.trustedCmd(runCmd) |
|
| 3267 |
- out, _, err := runCommandWithOutput(runCmd) |
|
| 3268 |
- if err != nil {
|
|
| 3269 |
- c.Fatalf("Error running trusted run: %s\n%s\n", err, out)
|
|
| 3270 |
- } |
|
| 3271 |
- |
|
| 3272 |
- if !strings.Contains(string(out), "Tagging") {
|
|
| 3273 |
- c.Fatalf("Missing expected output on trusted push:\n%s", out)
|
|
| 3274 |
- } |
|
| 3275 |
- |
|
| 3265 |
+ icmd.RunCmd(icmd.Command(dockerBinary, "run", repoName), trustedCmd).Assert(c, SuccessTagging) |
|
| 3276 | 3266 |
dockerCmd(c, "rmi", repoName) |
| 3277 | 3267 |
|
| 3278 | 3268 |
// Try untrusted run to ensure we pushed the tag to the registry |
| 3279 |
- runCmd = exec.Command(dockerBinary, "run", "--disable-content-trust=true", repoName) |
|
| 3280 |
- s.trustedCmd(runCmd) |
|
| 3281 |
- out, _, err = runCommandWithOutput(runCmd) |
|
| 3282 |
- if err != nil {
|
|
| 3283 |
- c.Fatalf("Error running trusted run: %s\n%s", err, out)
|
|
| 3284 |
- } |
|
| 3285 |
- |
|
| 3286 |
- if !strings.Contains(string(out), "Status: Downloaded") {
|
|
| 3287 |
- c.Fatalf("Missing expected output on trusted run with --disable-content-trust:\n%s", out)
|
|
| 3288 |
- } |
|
| 3269 |
+ icmd.RunCmd(icmd.Command(dockerBinary, "run", "--disable-content-trust=true", repoName), trustedCmd).Assert(c, SuccessDownloadedOnStderr) |
|
| 3289 | 3270 |
} |
| 3290 | 3271 |
|
| 3291 | 3272 |
func (s *DockerTrustSuite) TestUntrustedRun(c *check.C) {
|
| ... | ... |
@@ -3298,16 +3279,10 @@ func (s *DockerTrustSuite) TestUntrustedRun(c *check.C) {
|
| 3298 | 3298 |
dockerCmd(c, "rmi", repoName) |
| 3299 | 3299 |
|
| 3300 | 3300 |
// Try trusted run on untrusted tag |
| 3301 |
- runCmd := exec.Command(dockerBinary, "run", repoName) |
|
| 3302 |
- s.trustedCmd(runCmd) |
|
| 3303 |
- out, _, err := runCommandWithOutput(runCmd) |
|
| 3304 |
- if err == nil {
|
|
| 3305 |
- c.Fatalf("Error expected when running trusted run with:\n%s", out)
|
|
| 3306 |
- } |
|
| 3307 |
- |
|
| 3308 |
- if !strings.Contains(string(out), "does not have trust data for") {
|
|
| 3309 |
- c.Fatalf("Missing expected output on trusted run:\n%s", out)
|
|
| 3310 |
- } |
|
| 3301 |
+ icmd.RunCmd(icmd.Command(dockerBinary, "run", repoName), trustedCmd).Assert(c, icmd.Expected{
|
|
| 3302 |
+ ExitCode: 125, |
|
| 3303 |
+ Err: "does not have trust data for", |
|
| 3304 |
+ }) |
|
| 3311 | 3305 |
} |
| 3312 | 3306 |
|
| 3313 | 3307 |
func (s *DockerTrustSuite) TestRunWhenCertExpired(c *check.C) {
|
| ... | ... |
@@ -3321,30 +3296,19 @@ func (s *DockerTrustSuite) TestRunWhenCertExpired(c *check.C) {
|
| 3321 | 3321 |
|
| 3322 | 3322 |
testutil.RunAtDifferentDate(elevenYearsFromNow, func() {
|
| 3323 | 3323 |
// Try run |
| 3324 |
- runCmd := exec.Command(dockerBinary, "run", repoName) |
|
| 3325 |
- s.trustedCmd(runCmd) |
|
| 3326 |
- out, _, err := runCommandWithOutput(runCmd) |
|
| 3327 |
- if err == nil {
|
|
| 3328 |
- c.Fatalf("Error running trusted run in the distant future: %s\n%s", err, out)
|
|
| 3329 |
- } |
|
| 3330 |
- |
|
| 3331 |
- if !strings.Contains(string(out), "could not validate the path to a trusted root") {
|
|
| 3332 |
- c.Fatalf("Missing expected output on trusted run in the distant future:\n%s", out)
|
|
| 3333 |
- } |
|
| 3324 |
+ icmd.RunCmd(icmd.Cmd{
|
|
| 3325 |
+ Command: []string{dockerBinary, "run", repoName},
|
|
| 3326 |
+ }, trustedCmd).Assert(c, icmd.Expected{
|
|
| 3327 |
+ ExitCode: 1, |
|
| 3328 |
+ Err: "could not validate the path to a trusted root", |
|
| 3329 |
+ }) |
|
| 3334 | 3330 |
}) |
| 3335 | 3331 |
|
| 3336 | 3332 |
testutil.RunAtDifferentDate(elevenYearsFromNow, func() {
|
| 3337 | 3333 |
// Try run |
| 3338 |
- runCmd := exec.Command(dockerBinary, "run", "--disable-content-trust", repoName) |
|
| 3339 |
- s.trustedCmd(runCmd) |
|
| 3340 |
- out, _, err := runCommandWithOutput(runCmd) |
|
| 3341 |
- if err != nil {
|
|
| 3342 |
- c.Fatalf("Error running untrusted run in the distant future: %s\n%s", err, out)
|
|
| 3343 |
- } |
|
| 3344 |
- |
|
| 3345 |
- if !strings.Contains(string(out), "Status: Downloaded") {
|
|
| 3346 |
- c.Fatalf("Missing expected output on untrusted run in the distant future:\n%s", out)
|
|
| 3347 |
- } |
|
| 3334 |
+ icmd.RunCmd(icmd.Cmd{
|
|
| 3335 |
+ Command: []string{dockerBinary, "run", "--disable-content-trust", repoName},
|
|
| 3336 |
+ }, trustedCmd).Assert(c, SuccessDownloaded) |
|
| 3348 | 3337 |
}) |
| 3349 | 3338 |
} |
| 3350 | 3339 |
|
| ... | ... |
@@ -3360,30 +3324,11 @@ func (s *DockerTrustSuite) TestTrustedRunFromBadTrustServer(c *check.C) {
|
| 3360 | 3360 |
// tag the image and upload it to the private registry |
| 3361 | 3361 |
dockerCmd(c, "tag", "busybox", repoName) |
| 3362 | 3362 |
|
| 3363 |
- pushCmd := exec.Command(dockerBinary, "push", repoName) |
|
| 3364 |
- s.trustedCmd(pushCmd) |
|
| 3365 |
- out, _, err := runCommandWithOutput(pushCmd) |
|
| 3366 |
- if err != nil {
|
|
| 3367 |
- c.Fatalf("Error running trusted push: %s\n%s", err, out)
|
|
| 3368 |
- } |
|
| 3369 |
- if !strings.Contains(string(out), "Signing and pushing trust metadata") {
|
|
| 3370 |
- c.Fatalf("Missing expected output on trusted push:\n%s", out)
|
|
| 3371 |
- } |
|
| 3372 |
- |
|
| 3363 |
+ icmd.RunCmd(icmd.Command(dockerBinary, "push", repoName), trustedCmd).Assert(c, SuccessSigningAndPushing) |
|
| 3373 | 3364 |
dockerCmd(c, "rmi", repoName) |
| 3374 | 3365 |
|
| 3375 | 3366 |
// Try run |
| 3376 |
- runCmd := exec.Command(dockerBinary, "run", repoName) |
|
| 3377 |
- s.trustedCmd(runCmd) |
|
| 3378 |
- out, _, err = runCommandWithOutput(runCmd) |
|
| 3379 |
- if err != nil {
|
|
| 3380 |
- c.Fatalf("Error running trusted run: %s\n%s", err, out)
|
|
| 3381 |
- } |
|
| 3382 |
- |
|
| 3383 |
- if !strings.Contains(string(out), "Tagging") {
|
|
| 3384 |
- c.Fatalf("Missing expected output on trusted push:\n%s", out)
|
|
| 3385 |
- } |
|
| 3386 |
- |
|
| 3367 |
+ icmd.RunCmd(icmd.Command(dockerBinary, "run", repoName), trustedCmd).Assert(c, SuccessTagging) |
|
| 3387 | 3368 |
dockerCmd(c, "rmi", repoName) |
| 3388 | 3369 |
|
| 3389 | 3370 |
// Kill the notary server, start a new "evil" one. |
| ... | ... |
@@ -3398,27 +3343,13 @@ func (s *DockerTrustSuite) TestTrustedRunFromBadTrustServer(c *check.C) {
|
| 3398 | 3398 |
dockerCmd(c, "--config", evilLocalConfigDir, "tag", "busybox", repoName) |
| 3399 | 3399 |
|
| 3400 | 3400 |
// Push up to the new server |
| 3401 |
- pushCmd = exec.Command(dockerBinary, "--config", evilLocalConfigDir, "push", repoName) |
|
| 3402 |
- s.trustedCmd(pushCmd) |
|
| 3403 |
- out, _, err = runCommandWithOutput(pushCmd) |
|
| 3404 |
- if err != nil {
|
|
| 3405 |
- c.Fatalf("Error running trusted push: %s\n%s", err, out)
|
|
| 3406 |
- } |
|
| 3407 |
- if !strings.Contains(string(out), "Signing and pushing trust metadata") {
|
|
| 3408 |
- c.Fatalf("Missing expected output on trusted push:\n%s", out)
|
|
| 3409 |
- } |
|
| 3401 |
+ icmd.RunCmd(icmd.Command(dockerBinary, "--config", evilLocalConfigDir, "push", repoName), trustedCmd).Assert(c, SuccessSigningAndPushing) |
|
| 3410 | 3402 |
|
| 3411 | 3403 |
// Now, try running with the original client from this new trust server. This should fail because the new root is invalid. |
| 3412 |
- runCmd = exec.Command(dockerBinary, "run", repoName) |
|
| 3413 |
- s.trustedCmd(runCmd) |
|
| 3414 |
- out, _, err = runCommandWithOutput(runCmd) |
|
| 3415 |
- |
|
| 3416 |
- if err == nil {
|
|
| 3417 |
- c.Fatalf("Continuing with cached data even though it's an invalid root rotation: %s\n%s", err, out)
|
|
| 3418 |
- } |
|
| 3419 |
- if !strings.Contains(out, "could not rotate trust to a new trusted root") {
|
|
| 3420 |
- c.Fatalf("Missing expected output on trusted run:\n%s", out)
|
|
| 3421 |
- } |
|
| 3404 |
+ icmd.RunCmd(icmd.Command(dockerBinary, "run", repoName), trustedCmd).Assert(c, icmd.Expected{
|
|
| 3405 |
+ ExitCode: 125, |
|
| 3406 |
+ Err: "could not rotate trust to a new trusted root", |
|
| 3407 |
+ }) |
|
| 3422 | 3408 |
} |
| 3423 | 3409 |
|
| 3424 | 3410 |
func (s *DockerSuite) TestPtraceContainerProcsFromHost(c *check.C) {
|
| ... | ... |
@@ -4007,7 +3938,7 @@ func (s *DockerSuite) TestRunNonExecutableCmd(c *check.C) {
|
| 4007 | 4007 |
name := "testNonExecutableCmd" |
| 4008 | 4008 |
icmd.RunCommand(dockerBinary, "run", "--name", name, "busybox", "foo").Assert(c, icmd.Expected{
|
| 4009 | 4009 |
ExitCode: 127, |
| 4010 |
- Error: "exit status 127", |
|
| 4010 |
+ Error: "exit status 127", |
|
| 4011 | 4011 |
}) |
| 4012 | 4012 |
} |
| 4013 | 4013 |
|
| ... | ... |
@@ -4016,7 +3947,7 @@ func (s *DockerSuite) TestRunNonExistingCmd(c *check.C) {
|
| 4016 | 4016 |
name := "testNonExistingCmd" |
| 4017 | 4017 |
icmd.RunCommand(dockerBinary, "run", "--name", name, "busybox", "/bin/foo").Assert(c, icmd.Expected{
|
| 4018 | 4018 |
ExitCode: 127, |
| 4019 |
- Error: "exit status 127", |
|
| 4019 |
+ Error: "exit status 127", |
|
| 4020 | 4020 |
}) |
| 4021 | 4021 |
} |
| 4022 | 4022 |
|
| ... | ... |
@@ -4031,7 +3962,7 @@ func (s *DockerSuite) TestCmdCannotBeInvoked(c *check.C) {
|
| 4031 | 4031 |
name := "testCmdCannotBeInvoked" |
| 4032 | 4032 |
icmd.RunCommand(dockerBinary, "run", "--name", name, "busybox", "/etc").Assert(c, icmd.Expected{
|
| 4033 | 4033 |
ExitCode: expected, |
| 4034 |
- Error: fmt.Sprintf("exit status %d", expected),
|
|
| 4034 |
+ Error: fmt.Sprintf("exit status %d", expected),
|
|
| 4035 | 4035 |
}) |
| 4036 | 4036 |
} |
| 4037 | 4037 |
|
| ... | ... |
@@ -4040,7 +3971,7 @@ func (s *DockerSuite) TestCmdCannotBeInvoked(c *check.C) {
|
| 4040 | 4040 |
func (s *DockerSuite) TestRunNonExistingImage(c *check.C) {
|
| 4041 | 4041 |
icmd.RunCommand(dockerBinary, "run", "foo").Assert(c, icmd.Expected{
|
| 4042 | 4042 |
ExitCode: 125, |
| 4043 |
- Err: "Unable to find image", |
|
| 4043 |
+ Err: "Unable to find image", |
|
| 4044 | 4044 |
}) |
| 4045 | 4045 |
} |
| 4046 | 4046 |
|
| ... | ... |
@@ -4049,7 +3980,7 @@ func (s *DockerSuite) TestRunNonExistingImage(c *check.C) {
|
| 4049 | 4049 |
func (s *DockerSuite) TestDockerFails(c *check.C) {
|
| 4050 | 4050 |
icmd.RunCommand(dockerBinary, "run", "-foo", "busybox").Assert(c, icmd.Expected{
|
| 4051 | 4051 |
ExitCode: 125, |
| 4052 |
- Error: "exit status 125", |
|
| 4052 |
+ Error: "exit status 125", |
|
| 4053 | 4053 |
}) |
| 4054 | 4054 |
} |
| 4055 | 4055 |
|
| ... | ... |
@@ -909,7 +909,7 @@ func (s *DockerSuite) TestRunSysctls(c *check.C) {
|
| 909 | 909 |
|
| 910 | 910 |
icmd.RunCommand(dockerBinary, "run", "--sysctl", "kernel.foobar=1", "--name", "test2", |
| 911 | 911 |
"busybox", "cat", "/proc/sys/kernel/foobar").Assert(c, icmd.Expected{
|
| 912 |
- ExitCode: 1, |
|
| 912 |
+ ExitCode: 125, |
|
| 913 | 913 |
Err: "invalid argument", |
| 914 | 914 |
}) |
| 915 | 915 |
} |
| ... | ... |
@@ -939,7 +939,7 @@ func (s *DockerSuite) TestRunSeccompProfileDenyUnshare(c *check.C) {
|
| 939 | 939 |
"--security-opt", "seccomp="+tmpFile.Name(), |
| 940 | 940 |
"debian:jessie", "unshare", "-p", "-m", "-f", "-r", "mount", "-t", "proc", "none", "/proc").Assert(c, icmd.Expected{
|
| 941 | 941 |
ExitCode: 1, |
| 942 |
- Err: "Operation not permitted", |
|
| 942 |
+ Err: "Operation not permitted", |
|
| 943 | 943 |
}) |
| 944 | 944 |
} |
| 945 | 945 |
|
| ... | ... |
@@ -973,7 +973,7 @@ func (s *DockerSuite) TestRunSeccompProfileDenyChmod(c *check.C) {
|
| 973 | 973 |
icmd.RunCommand(dockerBinary, "run", "--security-opt", "seccomp="+tmpFile.Name(), |
| 974 | 974 |
"busybox", "chmod", "400", "/etc/hostname").Assert(c, icmd.Expected{
|
| 975 | 975 |
ExitCode: 1, |
| 976 |
- Err: "Operation not permitted", |
|
| 976 |
+ Err: "Operation not permitted", |
|
| 977 | 977 |
}) |
| 978 | 978 |
} |
| 979 | 979 |
|
| ... | ... |
@@ -1011,7 +1011,7 @@ func (s *DockerSuite) TestRunSeccompProfileDenyUnshareUserns(c *check.C) {
|
| 1011 | 1011 |
"--security-opt", "apparmor=unconfined", "--security-opt", "seccomp="+tmpFile.Name(), |
| 1012 | 1012 |
"debian:jessie", "unshare", "--map-root-user", "--user", "sh", "-c", "whoami").Assert(c, icmd.Expected{
|
| 1013 | 1013 |
ExitCode: 1, |
| 1014 |
- Err: "Operation not permitted", |
|
| 1014 |
+ Err: "Operation not permitted", |
|
| 1015 | 1015 |
}) |
| 1016 | 1016 |
} |
| 1017 | 1017 |
|
| ... | ... |
@@ -1023,7 +1023,7 @@ func (s *DockerSuite) TestRunSeccompProfileDenyCloneUserns(c *check.C) {
|
| 1023 | 1023 |
|
| 1024 | 1024 |
icmd.RunCommand(dockerBinary, "run", "syscall-test", "userns-test", "id").Assert(c, icmd.Expected{
|
| 1025 | 1025 |
ExitCode: 1, |
| 1026 |
- Err: "clone failed: Operation not permitted", |
|
| 1026 |
+ Err: "clone failed: Operation not permitted", |
|
| 1027 | 1027 |
}) |
| 1028 | 1028 |
} |
| 1029 | 1029 |
|
| ... | ... |
@@ -1152,16 +1152,16 @@ func (s *DockerSuite) TestUserNoEffectiveCapabilitiesChown(c *check.C) {
|
| 1152 | 1152 |
ensureSyscallTest(c) |
| 1153 | 1153 |
|
| 1154 | 1154 |
// test that a root user has default capability CAP_CHOWN |
| 1155 |
- dockerCmd("run", "busybox", "chown", "100", "/tmp")
|
|
| 1155 |
+ dockerCmd(c, "run", "busybox", "chown", "100", "/tmp") |
|
| 1156 | 1156 |
// test that non root user does not have default capability CAP_CHOWN |
| 1157 | 1157 |
icmd.RunCommand(dockerBinary, "run", "--user", "1000:1000", "busybox", "chown", "100", "/tmp").Assert(c, icmd.Expected{
|
| 1158 | 1158 |
ExitCode: 1, |
| 1159 |
- Err: "Operation not permitted", |
|
| 1159 |
+ Err: "Operation not permitted", |
|
| 1160 | 1160 |
}) |
| 1161 | 1161 |
// test that root user can drop default capability CAP_CHOWN |
| 1162 | 1162 |
icmd.RunCommand(dockerBinary, "run", "--cap-drop", "chown", "busybox", "chown", "100", "/tmp").Assert(c, icmd.Expected{
|
| 1163 | 1163 |
ExitCode: 1, |
| 1164 |
- Err: "Operation not permitted", |
|
| 1164 |
+ Err: "Operation not permitted", |
|
| 1165 | 1165 |
}) |
| 1166 | 1166 |
} |
| 1167 | 1167 |
|
| ... | ... |
@@ -1170,11 +1170,11 @@ func (s *DockerSuite) TestUserNoEffectiveCapabilitiesDacOverride(c *check.C) {
|
| 1170 | 1170 |
ensureSyscallTest(c) |
| 1171 | 1171 |
|
| 1172 | 1172 |
// test that a root user has default capability CAP_DAC_OVERRIDE |
| 1173 |
- dockerCmd("run", "busybox", "sh", "-c", "echo test > /etc/passwd")
|
|
| 1173 |
+ dockerCmd(c, "run", "busybox", "sh", "-c", "echo test > /etc/passwd") |
|
| 1174 | 1174 |
// test that non root user does not have default capability CAP_DAC_OVERRIDE |
| 1175 | 1175 |
icmd.RunCommand(dockerBinary, "run", "--user", "1000:1000", "busybox", "sh", "-c", "echo test > /etc/passwd").Assert(c, icmd.Expected{
|
| 1176 | 1176 |
ExitCode: 1, |
| 1177 |
- Err: "Permission denied", |
|
| 1177 |
+ Err: "Permission denied", |
|
| 1178 | 1178 |
}) |
| 1179 | 1179 |
} |
| 1180 | 1180 |
|
| ... | ... |
@@ -1183,11 +1183,11 @@ func (s *DockerSuite) TestUserNoEffectiveCapabilitiesFowner(c *check.C) {
|
| 1183 | 1183 |
ensureSyscallTest(c) |
| 1184 | 1184 |
|
| 1185 | 1185 |
// test that a root user has default capability CAP_FOWNER |
| 1186 |
- dockerCmd("run", "busybox", "chmod", "777", "/etc/passwd")
|
|
| 1186 |
+ dockerCmd(c, "run", "busybox", "chmod", "777", "/etc/passwd") |
|
| 1187 | 1187 |
// test that non root user does not have default capability CAP_FOWNER |
| 1188 | 1188 |
icmd.RunCommand(dockerBinary, "run", "--user", "1000:1000", "busybox", "chmod", "777", "/etc/passwd").Assert(c, icmd.Expected{
|
| 1189 | 1189 |
ExitCode: 1, |
| 1190 |
- Err: "Operation not permitted", |
|
| 1190 |
+ Err: "Operation not permitted", |
|
| 1191 | 1191 |
}) |
| 1192 | 1192 |
// TODO test that root user can drop default capability CAP_FOWNER |
| 1193 | 1193 |
} |
| ... | ... |
@@ -1199,16 +1199,16 @@ func (s *DockerSuite) TestUserNoEffectiveCapabilitiesSetuid(c *check.C) {
|
| 1199 | 1199 |
ensureSyscallTest(c) |
| 1200 | 1200 |
|
| 1201 | 1201 |
// test that a root user has default capability CAP_SETUID |
| 1202 |
- dockerCmd("run", "syscall-test", "setuid-test")
|
|
| 1202 |
+ dockerCmd(c, "run", "syscall-test", "setuid-test") |
|
| 1203 | 1203 |
// test that non root user does not have default capability CAP_SETUID |
| 1204 | 1204 |
icmd.RunCommand(dockerBinary, "run", "--user", "1000:1000", "syscall-test", "setuid-test").Assert(c, icmd.Expected{
|
| 1205 | 1205 |
ExitCode: 1, |
| 1206 |
- Err: "Operation not permitted", |
|
| 1206 |
+ Err: "Operation not permitted", |
|
| 1207 | 1207 |
}) |
| 1208 | 1208 |
// test that root user can drop default capability CAP_SETUID |
| 1209 | 1209 |
icmd.RunCommand(dockerBinary, "run", "--cap-drop", "setuid", "syscall-test", "setuid-test").Assert(c, icmd.Expected{
|
| 1210 | 1210 |
ExitCode: 1, |
| 1211 |
- Err: "Operation not permitted", |
|
| 1211 |
+ Err: "Operation not permitted", |
|
| 1212 | 1212 |
}) |
| 1213 | 1213 |
} |
| 1214 | 1214 |
|
| ... | ... |
@@ -1217,16 +1217,16 @@ func (s *DockerSuite) TestUserNoEffectiveCapabilitiesSetgid(c *check.C) {
|
| 1217 | 1217 |
ensureSyscallTest(c) |
| 1218 | 1218 |
|
| 1219 | 1219 |
// test that a root user has default capability CAP_SETGID |
| 1220 |
- dockerCmd("run", "syscall-test", "setgid-test")
|
|
| 1220 |
+ dockerCmd(c, "run", "syscall-test", "setgid-test") |
|
| 1221 | 1221 |
// test that non root user does not have default capability CAP_SETGID |
| 1222 | 1222 |
icmd.RunCommand(dockerBinary, "run", "--user", "1000:1000", "syscall-test", "setgid-test").Assert(c, icmd.Expected{
|
| 1223 | 1223 |
ExitCode: 1, |
| 1224 |
- Err: "Operation not permitted", |
|
| 1224 |
+ Err: "Operation not permitted", |
|
| 1225 | 1225 |
}) |
| 1226 | 1226 |
// test that root user can drop default capability CAP_SETGID |
| 1227 | 1227 |
icmd.RunCommand(dockerBinary, "run", "--cap-drop", "setgid", "syscall-test", "setgid-test").Assert(c, icmd.Expected{
|
| 1228 | 1228 |
ExitCode: 1, |
| 1229 |
- Err: "Operation not permitted", |
|
| 1229 |
+ Err: "Operation not permitted", |
|
| 1230 | 1230 |
}) |
| 1231 | 1231 |
} |
| 1232 | 1232 |
|
| ... | ... |
@@ -1237,16 +1237,16 @@ func (s *DockerSuite) TestUserNoEffectiveCapabilitiesNetBindService(c *check.C) |
| 1237 | 1237 |
ensureSyscallTest(c) |
| 1238 | 1238 |
|
| 1239 | 1239 |
// test that a root user has default capability CAP_NET_BIND_SERVICE |
| 1240 |
- dockerCmd("run", "syscall-test", "socket-test")
|
|
| 1240 |
+ dockerCmd(c, "run", "syscall-test", "socket-test") |
|
| 1241 | 1241 |
// test that non root user does not have default capability CAP_NET_BIND_SERVICE |
| 1242 | 1242 |
icmd.RunCommand(dockerBinary, "run", "--user", "1000:1000", "syscall-test", "socket-test").Assert(c, icmd.Expected{
|
| 1243 | 1243 |
ExitCode: 1, |
| 1244 |
- Err: "Permission denied", |
|
| 1244 |
+ Err: "Permission denied", |
|
| 1245 | 1245 |
}) |
| 1246 | 1246 |
// test that root user can drop default capability CAP_NET_BIND_SERVICE |
| 1247 | 1247 |
icmd.RunCommand(dockerBinary, "run", "--cap-drop", "net_bind_service", "syscall-test", "socket-test").Assert(c, icmd.Expected{
|
| 1248 | 1248 |
ExitCode: 1, |
| 1249 |
- Err: "Permission denied", |
|
| 1249 |
+ Err: "Permission denied", |
|
| 1250 | 1250 |
}) |
| 1251 | 1251 |
} |
| 1252 | 1252 |
|
| ... | ... |
@@ -1255,16 +1255,16 @@ func (s *DockerSuite) TestUserNoEffectiveCapabilitiesNetRaw(c *check.C) {
|
| 1255 | 1255 |
ensureSyscallTest(c) |
| 1256 | 1256 |
|
| 1257 | 1257 |
// test that a root user has default capability CAP_NET_RAW |
| 1258 |
- dockerCmd("run", "syscall-test", "raw-test")
|
|
| 1258 |
+ dockerCmd(c, "run", "syscall-test", "raw-test") |
|
| 1259 | 1259 |
// test that non root user does not have default capability CAP_NET_RAW |
| 1260 | 1260 |
icmd.RunCommand(dockerBinary, "run", "--user", "1000:1000", "syscall-test", "raw-test").Assert(c, icmd.Expected{
|
| 1261 | 1261 |
ExitCode: 1, |
| 1262 |
- Err: "Operation not permitted", |
|
| 1262 |
+ Err: "Operation not permitted", |
|
| 1263 | 1263 |
}) |
| 1264 | 1264 |
// test that root user can drop default capability CAP_NET_RAW |
| 1265 | 1265 |
icmd.RunCommand(dockerBinary, "run", "--cap-drop", "net_raw", "syscall-test", "raw-test").Assert(c, icmd.Expected{
|
| 1266 | 1266 |
ExitCode: 1, |
| 1267 |
- Err: "Operation not permitted", |
|
| 1267 |
+ Err: "Operation not permitted", |
|
| 1268 | 1268 |
}) |
| 1269 | 1269 |
} |
| 1270 | 1270 |
|
| ... | ... |
@@ -1273,16 +1273,16 @@ func (s *DockerSuite) TestUserNoEffectiveCapabilitiesChroot(c *check.C) {
|
| 1273 | 1273 |
ensureSyscallTest(c) |
| 1274 | 1274 |
|
| 1275 | 1275 |
// test that a root user has default capability CAP_SYS_CHROOT |
| 1276 |
- dockerCmd("run", "busybox", "chroot", "/", "/bin/true")
|
|
| 1276 |
+ dockerCmd(c, "run", "busybox", "chroot", "/", "/bin/true") |
|
| 1277 | 1277 |
// test that non root user does not have default capability CAP_SYS_CHROOT |
| 1278 | 1278 |
icmd.RunCommand(dockerBinary, "run", "--user", "1000:1000", "busybox", "chroot", "/", "/bin/true").Assert(c, icmd.Expected{
|
| 1279 | 1279 |
ExitCode: 1, |
| 1280 |
- Err: "Operation not permitted", |
|
| 1280 |
+ Err: "Operation not permitted", |
|
| 1281 | 1281 |
}) |
| 1282 | 1282 |
// test that root user can drop default capability CAP_SYS_CHROOT |
| 1283 | 1283 |
icmd.RunCommand(dockerBinary, "run", "--cap-drop", "sys_chroot", "busybox", "chroot", "/", "/bin/true").Assert(c, icmd.Expected{
|
| 1284 | 1284 |
ExitCode: 1, |
| 1285 |
- Err: "Operation not permitted", |
|
| 1285 |
+ Err: "Operation not permitted", |
|
| 1286 | 1286 |
}) |
| 1287 | 1287 |
} |
| 1288 | 1288 |
|
| ... | ... |
@@ -1291,17 +1291,17 @@ func (s *DockerSuite) TestUserNoEffectiveCapabilitiesMknod(c *check.C) {
|
| 1291 | 1291 |
ensureSyscallTest(c) |
| 1292 | 1292 |
|
| 1293 | 1293 |
// test that a root user has default capability CAP_MKNOD |
| 1294 |
- dockerCmd("run", "busybox", "mknod", "/tmp/node", "b", "1", "2")
|
|
| 1294 |
+ dockerCmd(c, "run", "busybox", "mknod", "/tmp/node", "b", "1", "2") |
|
| 1295 | 1295 |
// test that non root user does not have default capability CAP_MKNOD |
| 1296 | 1296 |
// test that root user can drop default capability CAP_SYS_CHROOT |
| 1297 | 1297 |
icmd.RunCommand(dockerBinary, "run", "--user", "1000:1000", "busybox", "mknod", "/tmp/node", "b", "1", "2").Assert(c, icmd.Expected{
|
| 1298 | 1298 |
ExitCode: 1, |
| 1299 |
- Err: "Operation not permitted", |
|
| 1299 |
+ Err: "Operation not permitted", |
|
| 1300 | 1300 |
}) |
| 1301 | 1301 |
// test that root user can drop default capability CAP_MKNOD |
| 1302 | 1302 |
icmd.RunCommand(dockerBinary, "run", "--cap-drop", "mknod", "busybox", "mknod", "/tmp/node", "b", "1", "2").Assert(c, icmd.Expected{
|
| 1303 | 1303 |
ExitCode: 1, |
| 1304 |
- Err: "Operation not permitted", |
|
| 1304 |
+ Err: "Operation not permitted", |
|
| 1305 | 1305 |
}) |
| 1306 | 1306 |
} |
| 1307 | 1307 |
|
| ... | ... |
@@ -1315,13 +1315,13 @@ func (s *DockerSuite) TestRunApparmorProcDirectory(c *check.C) {
|
| 1315 | 1315 |
result := icmd.RunCommand(dockerBinary, "run", "--security-opt", "seccomp=unconfined", "busybox", "chmod", "777", "/proc/1/cgroup") |
| 1316 | 1316 |
result.Assert(c, icmd.Expected{ExitCode: 1})
|
| 1317 | 1317 |
if !(strings.Contains(result.Combined(), "Permission denied") || strings.Contains(result.Combined(), "Operation not permitted")) {
|
| 1318 |
- c.Fatalf("expected chmod 777 /proc/1/cgroup to fail, got %s: %v", result.Combined(), err)
|
|
| 1318 |
+ c.Fatalf("expected chmod 777 /proc/1/cgroup to fail, got %s: %v", result.Combined(), result.Error)
|
|
| 1319 | 1319 |
} |
| 1320 | 1320 |
|
| 1321 | 1321 |
result = icmd.RunCommand(dockerBinary, "run", "--security-opt", "seccomp=unconfined", "busybox", "chmod", "777", "/proc/1/attr/current") |
| 1322 | 1322 |
result.Assert(c, icmd.Expected{ExitCode: 1})
|
| 1323 | 1323 |
if !(strings.Contains(result.Combined(), "Permission denied") || strings.Contains(result.Combined(), "Operation not permitted")) {
|
| 1324 |
- c.Fatalf("expected chmod 777 /proc/1/attr/current to fail, got %s: %v", result.Combined(), err)
|
|
| 1324 |
+ c.Fatalf("expected chmod 777 /proc/1/attr/current to fail, got %s: %v", result.Combined(), result.Error)
|
|
| 1325 | 1325 |
} |
| 1326 | 1326 |
} |
| 1327 | 1327 |
|
| ... | ... |
@@ -1439,7 +1439,7 @@ func (s *DockerTrustedSwarmSuite) TestTrustedServiceCreate(c *check.C) {
|
| 1439 | 1439 |
|
| 1440 | 1440 |
name := "trusted" |
| 1441 | 1441 |
serviceCmd := d.Command("-D", "service", "create", "--name", name, repoName, "top")
|
| 1442 |
- s.trustSuite.trustedCmd(serviceCmd) |
|
| 1442 |
+ trustedExecCmd(serviceCmd) |
|
| 1443 | 1443 |
out, _, err := runCommandWithOutput(serviceCmd) |
| 1444 | 1444 |
c.Assert(err, checker.IsNil, check.Commentf(out)) |
| 1445 | 1445 |
c.Assert(out, checker.Contains, "resolved image tag to", check.Commentf(out)) |
| ... | ... |
@@ -1458,7 +1458,7 @@ func (s *DockerTrustedSwarmSuite) TestTrustedServiceCreate(c *check.C) {
|
| 1458 | 1458 |
|
| 1459 | 1459 |
name = "untrusted" |
| 1460 | 1460 |
serviceCmd = d.Command("service", "create", "--name", name, repoName, "top")
|
| 1461 |
- s.trustSuite.trustedCmd(serviceCmd) |
|
| 1461 |
+ trustedExecCmd(serviceCmd) |
|
| 1462 | 1462 |
out, _, err = runCommandWithOutput(serviceCmd) |
| 1463 | 1463 |
|
| 1464 | 1464 |
c.Assert(err, check.NotNil, check.Commentf(out)) |
| ... | ... |
@@ -1487,7 +1487,7 @@ func (s *DockerTrustedSwarmSuite) TestTrustedServiceUpdate(c *check.C) {
|
| 1487 | 1487 |
c.Assert(out, check.Not(checker.Contains), repoName+"@", check.Commentf(out)) |
| 1488 | 1488 |
|
| 1489 | 1489 |
serviceCmd := d.Command("-D", "service", "update", "--image", repoName, name)
|
| 1490 |
- s.trustSuite.trustedCmd(serviceCmd) |
|
| 1490 |
+ trustedExecCmd(serviceCmd) |
|
| 1491 | 1491 |
out, _, err = runCommandWithOutput(serviceCmd) |
| 1492 | 1492 |
c.Assert(err, checker.IsNil, check.Commentf(out)) |
| 1493 | 1493 |
c.Assert(out, checker.Contains, "resolved image tag to", check.Commentf(out)) |
| ... | ... |
@@ -1505,7 +1505,7 @@ func (s *DockerTrustedSwarmSuite) TestTrustedServiceUpdate(c *check.C) {
|
| 1505 | 1505 |
dockerCmd(c, "rmi", repoName) |
| 1506 | 1506 |
|
| 1507 | 1507 |
serviceCmd = d.Command("service", "update", "--image", repoName, name)
|
| 1508 |
- s.trustSuite.trustedCmd(serviceCmd) |
|
| 1508 |
+ trustedExecCmd(serviceCmd) |
|
| 1509 | 1509 |
out, _, err = runCommandWithOutput(serviceCmd) |
| 1510 | 1510 |
|
| 1511 | 1511 |
c.Assert(err, check.NotNil, check.Commentf(out)) |
| ... | ... |
@@ -229,7 +229,7 @@ func (s *DockerSuite) TestVolumeCLIRm(c *check.C) {
|
| 229 | 229 |
|
| 230 | 230 |
icmd.RunCommand(dockerBinary, "volume", "rm", "testing").Assert(c, icmd.Expected{
|
| 231 | 231 |
ExitCode: 1, |
| 232 |
- Error: "exit status 1", |
|
| 232 |
+ Error: "exit status 1", |
|
| 233 | 233 |
}) |
| 234 | 234 |
|
| 235 | 235 |
out, _ = dockerCmd(c, "run", "--volumes-from=test", "--name=test2", "busybox", "sh", "-c", "cat /foo/bar") |
| ... | ... |
@@ -13,6 +13,7 @@ import ( |
| 13 | 13 |
|
| 14 | 14 |
cliconfig "github.com/docker/docker/cli/config" |
| 15 | 15 |
"github.com/docker/docker/integration-cli/checker" |
| 16 |
+ icmd "github.com/docker/docker/pkg/testutil/cmd" |
|
| 16 | 17 |
"github.com/docker/go-connections/tlsconfig" |
| 17 | 18 |
"github.com/go-check/check" |
| 18 | 19 |
) |
| ... | ... |
@@ -34,6 +35,30 @@ type testNotary struct {
|
| 34 | 34 |
const notaryHost = "localhost:4443" |
| 35 | 35 |
const notaryURL = "https://" + notaryHost |
| 36 | 36 |
|
| 37 |
+var SuccessTagging = icmd.Expected{
|
|
| 38 |
+ Out: "Tagging", |
|
| 39 |
+} |
|
| 40 |
+ |
|
| 41 |
+var SuccessSigningAndPushing = icmd.Expected{
|
|
| 42 |
+ Out: "Signing and pushing trust metadata", |
|
| 43 |
+} |
|
| 44 |
+ |
|
| 45 |
+var SuccessDownloaded = icmd.Expected{
|
|
| 46 |
+ Out: "Status: Downloaded", |
|
| 47 |
+} |
|
| 48 |
+ |
|
| 49 |
+var SuccessTaggingOnStderr = icmd.Expected{
|
|
| 50 |
+ Err: "Tagging", |
|
| 51 |
+} |
|
| 52 |
+ |
|
| 53 |
+var SuccessSigningAndPushingOnStderr = icmd.Expected{
|
|
| 54 |
+ Err: "Signing and pushing trust metadata", |
|
| 55 |
+} |
|
| 56 |
+ |
|
| 57 |
+var SuccessDownloadedOnStderr = icmd.Expected{
|
|
| 58 |
+ Err: "Status: Downloaded", |
|
| 59 |
+} |
|
| 60 |
+ |
|
| 37 | 61 |
func newTestNotary(c *check.C) (*testNotary, error) {
|
| 38 | 62 |
// generate server config |
| 39 | 63 |
template := `{
|
| ... | ... |
@@ -164,28 +189,38 @@ func (t *testNotary) Close() {
|
| 164 | 164 |
os.RemoveAll(t.dir) |
| 165 | 165 |
} |
| 166 | 166 |
|
| 167 |
-func (s *DockerTrustSuite) trustedCmd(cmd *exec.Cmd) {
|
|
| 167 |
+// Deprecated: used trustedCmd instead |
|
| 168 |
+func trustedExecCmd(cmd *exec.Cmd) {
|
|
| 168 | 169 |
pwd := "12345678" |
| 169 |
- trustCmdEnv(cmd, notaryURL, pwd, pwd) |
|
| 170 |
+ cmd.Env = append(cmd.Env, trustEnv(notaryURL, pwd, pwd)...) |
|
| 170 | 171 |
} |
| 171 | 172 |
|
| 172 |
-func (s *DockerTrustSuite) trustedCmdWithServer(cmd *exec.Cmd, server string) {
|
|
| 173 |
+func trustedCmd(cmd *icmd.Cmd) {
|
|
| 173 | 174 |
pwd := "12345678" |
| 174 |
- trustCmdEnv(cmd, server, pwd, pwd) |
|
| 175 |
+ cmd.Env = append(cmd.Env, trustEnv(notaryURL, pwd, pwd)...) |
|
| 175 | 176 |
} |
| 176 | 177 |
|
| 177 |
-func (s *DockerTrustSuite) trustedCmdWithPassphrases(cmd *exec.Cmd, rootPwd, repositoryPwd string) {
|
|
| 178 |
- trustCmdEnv(cmd, notaryURL, rootPwd, repositoryPwd) |
|
| 178 |
+func trustedCmdWithServer(server string) func(*icmd.Cmd) {
|
|
| 179 |
+ return func(cmd *icmd.Cmd) {
|
|
| 180 |
+ pwd := "12345678" |
|
| 181 |
+ cmd.Env = append(cmd.Env, trustEnv(server, pwd, pwd)...) |
|
| 182 |
+ } |
|
| 179 | 183 |
} |
| 180 | 184 |
|
| 181 |
-func trustCmdEnv(cmd *exec.Cmd, server, rootPwd, repositoryPwd string) {
|
|
| 182 |
- env := []string{
|
|
| 185 |
+func trustedCmdWithPassphrases(rootPwd, repositoryPwd string) func(*icmd.Cmd) {
|
|
| 186 |
+ return func(cmd *icmd.Cmd) {
|
|
| 187 |
+ cmd.Env = append(cmd.Env, trustEnv(notaryURL, rootPwd, repositoryPwd)...) |
|
| 188 |
+ } |
|
| 189 |
+} |
|
| 190 |
+ |
|
| 191 |
+func trustEnv(server, rootPwd, repositoryPwd string) []string {
|
|
| 192 |
+ env := append(os.Environ(), []string{
|
|
| 183 | 193 |
"DOCKER_CONTENT_TRUST=1", |
| 184 | 194 |
fmt.Sprintf("DOCKER_CONTENT_TRUST_SERVER=%s", server),
|
| 185 | 195 |
fmt.Sprintf("DOCKER_CONTENT_TRUST_ROOT_PASSPHRASE=%s", rootPwd),
|
| 186 | 196 |
fmt.Sprintf("DOCKER_CONTENT_TRUST_REPOSITORY_PASSPHRASE=%s", repositoryPwd),
|
| 187 |
- } |
|
| 188 |
- cmd.Env = append(os.Environ(), env...) |
|
| 197 |
+ }...) |
|
| 198 |
+ return env |
|
| 189 | 199 |
} |
| 190 | 200 |
|
| 191 | 201 |
func (s *DockerTrustSuite) setupTrustedImage(c *check.C, name string) string {
|
| ... | ... |
@@ -193,16 +228,7 @@ func (s *DockerTrustSuite) setupTrustedImage(c *check.C, name string) string {
|
| 193 | 193 |
// tag the image and upload it to the private registry |
| 194 | 194 |
dockerCmd(c, "tag", "busybox", repoName) |
| 195 | 195 |
|
| 196 |
- pushCmd := exec.Command(dockerBinary, "push", repoName) |
|
| 197 |
- s.trustedCmd(pushCmd) |
|
| 198 |
- out, _, err := runCommandWithOutput(pushCmd) |
|
| 199 |
- |
|
| 200 |
- if err != nil {
|
|
| 201 |
- c.Fatalf("Error running trusted push: %s\n%s", err, out)
|
|
| 202 |
- } |
|
| 203 |
- if !strings.Contains(string(out), "Signing and pushing trust metadata") {
|
|
| 204 |
- c.Fatalf("Missing expected output on trusted push:\n%s", out)
|
|
| 205 |
- } |
|
| 196 |
+ icmd.RunCmd(icmd.Command(dockerBinary, "push", repoName), trustedCmd).Assert(c, SuccessSigningAndPushing) |
|
| 206 | 197 |
|
| 207 | 198 |
if out, status := dockerCmd(c, "rmi", repoName); status != 0 {
|
| 208 | 199 |
c.Fatalf("Error removing image %q\n%s", repoName, out)
|
| ... | ... |
@@ -216,16 +242,7 @@ func (s *DockerTrustSuite) setupTrustedplugin(c *check.C, source, name string) s |
| 216 | 216 |
// tag the image and upload it to the private registry |
| 217 | 217 |
dockerCmd(c, "plugin", "install", "--grant-all-permissions", "--alias", repoName, source) |
| 218 | 218 |
|
| 219 |
- pushCmd := exec.Command(dockerBinary, "plugin", "push", repoName) |
|
| 220 |
- s.trustedCmd(pushCmd) |
|
| 221 |
- out, _, err := runCommandWithOutput(pushCmd) |
|
| 222 |
- |
|
| 223 |
- if err != nil {
|
|
| 224 |
- c.Fatalf("Error running trusted plugin push: %s\n%s", err, out)
|
|
| 225 |
- } |
|
| 226 |
- if !strings.Contains(string(out), "Signing and pushing trust metadata") {
|
|
| 227 |
- c.Fatalf("Missing expected output on trusted push:\n%s", out)
|
|
| 228 |
- } |
|
| 219 |
+ icmd.RunCmd(icmd.Command(dockerBinary, "plugin", "push", repoName), trustedCmd).Assert(c, SuccessSigningAndPushing) |
|
| 229 | 220 |
|
| 230 | 221 |
if out, status := dockerCmd(c, "plugin", "rm", "-f", repoName); status != 0 {
|
| 231 | 222 |
c.Fatalf("Error removing plugin %q\n%s", repoName, out)
|
| ... | ... |
@@ -13,6 +13,7 @@ func getPrefixAndSlashFromDaemonPlatform() (prefix, slash string) {
|
| 13 | 13 |
} |
| 14 | 14 |
|
| 15 | 15 |
// TODO: update code to call cmd.RunCmd directly, and remove this function |
| 16 |
+// Deprecated: use pkg/testutil/cmd instead |
|
| 16 | 17 |
func runCommandWithOutput(execCmd *exec.Cmd) (string, int, error) {
|
| 17 | 18 |
result := cmd.RunCmd(transformCmd(execCmd)) |
| 18 | 19 |
return result.Combined(), result.ExitCode, result.Error |
| ... | ... |
@@ -215,8 +215,16 @@ type Cmd struct {
|
| 215 | 215 |
Env []string |
| 216 | 216 |
} |
| 217 | 217 |
|
| 218 |
+// Command create a simple Cmd with the specified command and arguments |
|
| 219 |
+func Command(command string, args ...string) Cmd {
|
|
| 220 |
+ return Cmd{Command: append([]string{command}, args...)}
|
|
| 221 |
+} |
|
| 222 |
+ |
|
| 218 | 223 |
// RunCmd runs a command and returns a Result |
| 219 |
-func RunCmd(cmd Cmd) *Result {
|
|
| 224 |
+func RunCmd(cmd Cmd, cmdOperators ...func(*Cmd)) *Result {
|
|
| 225 |
+ for _, op := range cmdOperators {
|
|
| 226 |
+ op(&cmd) |
|
| 227 |
+ } |
|
| 220 | 228 |
result := StartCmd(cmd) |
| 221 | 229 |
if result.Error != nil {
|
| 222 | 230 |
return result |
| ... | ... |
@@ -226,7 +234,7 @@ func RunCmd(cmd Cmd) *Result {
|
| 226 | 226 |
|
| 227 | 227 |
// RunCommand parses a command line and runs it, returning a result |
| 228 | 228 |
func RunCommand(command string, args ...string) *Result {
|
| 229 |
- return RunCmd(Cmd{Command: append([]string{command}, args...)})
|
|
| 229 |
+ return RunCmd(Command(command, args...)) |
|
| 230 | 230 |
} |
| 231 | 231 |
|
| 232 | 232 |
// StartCmd starts a command, but doesn't wait for it to finish |