Browse code
Merge pull request #32740 from vdemeester/integration-trusted-cmd-cli
Use `cli` for trusted related command
Sebastiaan van Stijn authored on 2017/04/23 06:51:12Showing 10 changed files
- integration-cli/docker_cli_build_test.go
- integration-cli/docker_cli_create_test.go
- integration-cli/docker_cli_plugins_test.go
- integration-cli/docker_cli_pull_trusted_test.go
- integration-cli/docker_cli_push_test.go
- integration-cli/docker_cli_run_test.go
- integration-cli/docker_cli_swarm_test.go
- integration-cli/trust_server_test.go
- pkg/testutil/utils.go
- pkg/testutil/utils_test.go
| ... | ... |
@@ -4200,21 +4200,20 @@ func (s *DockerTrustSuite) TestTrustedBuildTagFromReleasesRole(c *check.C) {
|
| 4200 | 4200 |
|
| 4201 | 4201 |
// push a different tag to the releases role |
| 4202 | 4202 |
otherTag := fmt.Sprintf("%s:other", repoName)
|
| 4203 |
- dockerCmd(c, "tag", "busybox", otherTag) |
|
| 4203 |
+ cli.DockerCmd(c, "tag", "busybox", otherTag) |
|
| 4204 | 4204 |
|
| 4205 |
- icmd.RunCmd(icmd.Command(dockerBinary, "push", otherTag), trustedCmd).Assert(c, icmd.Success) |
|
| 4205 |
+ cli.Docker(cli.Args("push", otherTag), trustedCmd).Assert(c, icmd.Success)
|
|
| 4206 | 4206 |
s.assertTargetInRoles(c, repoName, "other", "targets/releases") |
| 4207 | 4207 |
s.assertTargetNotInRoles(c, repoName, "other", "targets") |
| 4208 | 4208 |
|
| 4209 |
- out, status := dockerCmd(c, "rmi", otherTag) |
|
| 4210 |
- c.Assert(status, check.Equals, 0, check.Commentf("docker rmi failed: %s", out))
|
|
| 4209 |
+ cli.DockerCmd(c, "rmi", otherTag) |
|
| 4211 | 4210 |
|
| 4212 | 4211 |
dockerFile := fmt.Sprintf(` |
| 4213 | 4212 |
FROM %s |
| 4214 | 4213 |
RUN [] |
| 4215 | 4214 |
`, otherTag) |
| 4216 | 4215 |
name := "testtrustedbuildreleasesrole" |
| 4217 |
- buildImage(name, trustedBuild, build.WithDockerfile(dockerFile)).Assert(c, icmd.Expected{
|
|
| 4216 |
+ cli.BuildCmd(c, name, trustedCmd, build.WithDockerfile(dockerFile)).Assert(c, icmd.Expected{
|
|
| 4218 | 4217 |
Out: fmt.Sprintf("FROM %s@sha", repoName),
|
| 4219 | 4218 |
}) |
| 4220 | 4219 |
} |
| ... | ... |
@@ -4232,14 +4231,13 @@ func (s *DockerTrustSuite) TestTrustedBuildTagIgnoresOtherDelegationRoles(c *che |
| 4232 | 4232 |
|
| 4233 | 4233 |
// push a different tag to the other role |
| 4234 | 4234 |
otherTag := fmt.Sprintf("%s:other", repoName)
|
| 4235 |
- dockerCmd(c, "tag", "busybox", otherTag) |
|
| 4235 |
+ cli.DockerCmd(c, "tag", "busybox", otherTag) |
|
| 4236 | 4236 |
|
| 4237 |
- icmd.RunCmd(icmd.Command(dockerBinary, "push", otherTag), trustedCmd).Assert(c, icmd.Success) |
|
| 4237 |
+ cli.Docker(cli.Args("push", otherTag), trustedCmd).Assert(c, icmd.Success)
|
|
| 4238 | 4238 |
s.assertTargetInRoles(c, repoName, "other", "targets/other") |
| 4239 | 4239 |
s.assertTargetNotInRoles(c, repoName, "other", "targets") |
| 4240 | 4240 |
|
| 4241 |
- out, status := dockerCmd(c, "rmi", otherTag) |
|
| 4242 |
- c.Assert(status, check.Equals, 0, check.Commentf("docker rmi failed: %s", out))
|
|
| 4241 |
+ cli.DockerCmd(c, "rmi", otherTag) |
|
| 4243 | 4242 |
|
| 4244 | 4243 |
dockerFile := fmt.Sprintf(` |
| 4245 | 4244 |
FROM %s |
| ... | ... |
@@ -4247,7 +4245,7 @@ func (s *DockerTrustSuite) TestTrustedBuildTagIgnoresOtherDelegationRoles(c *che |
| 4247 | 4247 |
`, otherTag) |
| 4248 | 4248 |
|
| 4249 | 4249 |
name := "testtrustedbuildotherrole" |
| 4250 |
- buildImage(name, trustedBuild, build.WithDockerfile(dockerFile)).Assert(c, icmd.Expected{
|
|
| 4250 |
+ cli.Docker(cli.Build(name), trustedCmd, build.WithDockerfile(dockerFile)).Assert(c, icmd.Expected{
|
|
| 4251 | 4251 |
ExitCode: 1, |
| 4252 | 4252 |
}) |
| 4253 | 4253 |
} |
| ... | ... |
@@ -14,7 +14,6 @@ import ( |
| 14 | 14 |
"github.com/docker/docker/integration-cli/cli/build" |
| 15 | 15 |
"github.com/docker/docker/integration-cli/cli/build/fakecontext" |
| 16 | 16 |
"github.com/docker/docker/pkg/stringid" |
| 17 |
- "github.com/docker/docker/pkg/testutil" |
|
| 18 | 17 |
icmd "github.com/docker/docker/pkg/testutil/cmd" |
| 19 | 18 |
"github.com/docker/go-connections/nat" |
| 20 | 19 |
"github.com/go-check/check" |
| ... | ... |
@@ -295,24 +294,23 @@ func (s *DockerTrustSuite) TestTrustedCreate(c *check.C) {
|
| 295 | 295 |
repoName := s.setupTrustedImage(c, "trusted-create") |
| 296 | 296 |
|
| 297 | 297 |
// Try create |
| 298 |
- icmd.RunCmd(icmd.Command(dockerBinary, "create", repoName), trustedCmd).Assert(c, SuccessTagging) |
|
| 299 |
- |
|
| 300 |
- dockerCmd(c, "rmi", repoName) |
|
| 298 |
+ cli.Docker(cli.Args("create", repoName), trustedCmd).Assert(c, SuccessTagging)
|
|
| 299 |
+ cli.DockerCmd(c, "rmi", repoName) |
|
| 301 | 300 |
|
| 302 | 301 |
// Try untrusted create to ensure we pushed the tag to the registry |
| 303 |
- icmd.RunCmd(icmd.Command(dockerBinary, "create", "--disable-content-trust=true", repoName), trustedCmd).Assert(c, SuccessDownloadedOnStderr) |
|
| 302 |
+ cli.Docker(cli.Args("create", "--disable-content-trust=true", repoName)).Assert(c, SuccessDownloadedOnStderr)
|
|
| 304 | 303 |
} |
| 305 | 304 |
|
| 306 | 305 |
func (s *DockerTrustSuite) TestUntrustedCreate(c *check.C) {
|
| 307 | 306 |
repoName := fmt.Sprintf("%v/dockercliuntrusted/createtest", privateRegistryURL)
|
| 308 | 307 |
withTagName := fmt.Sprintf("%s:latest", repoName)
|
| 309 | 308 |
// tag the image and upload it to the private registry |
| 310 |
- dockerCmd(c, "tag", "busybox", withTagName) |
|
| 311 |
- dockerCmd(c, "push", withTagName) |
|
| 312 |
- dockerCmd(c, "rmi", withTagName) |
|
| 309 |
+ cli.DockerCmd(c, "tag", "busybox", withTagName) |
|
| 310 |
+ cli.DockerCmd(c, "push", withTagName) |
|
| 311 |
+ cli.DockerCmd(c, "rmi", withTagName) |
|
| 313 | 312 |
|
| 314 | 313 |
// Try trusted create on untrusted tag |
| 315 |
- icmd.RunCmd(icmd.Command(dockerBinary, "create", withTagName), trustedCmd).Assert(c, icmd.Expected{
|
|
| 314 |
+ cli.Docker(cli.Args("create", withTagName), trustedCmd).Assert(c, icmd.Expected{
|
|
| 316 | 315 |
ExitCode: 1, |
| 317 | 316 |
Err: fmt.Sprintf("does not have trust data for %s", repoName),
|
| 318 | 317 |
}) |
| ... | ... |
@@ -322,36 +320,10 @@ func (s *DockerTrustSuite) TestTrustedIsolatedCreate(c *check.C) {
|
| 322 | 322 |
repoName := s.setupTrustedImage(c, "trusted-isolated-create") |
| 323 | 323 |
|
| 324 | 324 |
// Try create |
| 325 |
- icmd.RunCmd(icmd.Command(dockerBinary, "--config", "/tmp/docker-isolated-create", "create", repoName), trustedCmd).Assert(c, SuccessTagging) |
|
| 325 |
+ cli.Docker(cli.Args("--config", "/tmp/docker-isolated-create", "create", repoName), trustedCmd).Assert(c, SuccessTagging)
|
|
| 326 | 326 |
defer os.RemoveAll("/tmp/docker-isolated-create")
|
| 327 | 327 |
|
| 328 |
- dockerCmd(c, "rmi", repoName) |
|
| 329 |
-} |
|
| 330 |
- |
|
| 331 |
-func (s *DockerTrustSuite) TestCreateWhenCertExpired(c *check.C) {
|
|
| 332 |
- c.Skip("Currently changes system time, causing instability")
|
|
| 333 |
- repoName := s.setupTrustedImage(c, "trusted-create-expired") |
|
| 334 |
- |
|
| 335 |
- // Certificates have 10 years of expiration |
|
| 336 |
- elevenYearsFromNow := time.Now().Add(time.Hour * 24 * 365 * 11) |
|
| 337 |
- |
|
| 338 |
- testutil.RunAtDifferentDate(elevenYearsFromNow, func() {
|
|
| 339 |
- // Try create |
|
| 340 |
- icmd.RunCmd(icmd.Cmd{
|
|
| 341 |
- Command: []string{dockerBinary, "create", repoName},
|
|
| 342 |
- }, trustedCmd).Assert(c, icmd.Expected{
|
|
| 343 |
- ExitCode: 1, |
|
| 344 |
- Err: "could not validate the path to a trusted root", |
|
| 345 |
- }) |
|
| 346 |
- }) |
|
| 347 |
- |
|
| 348 |
- testutil.RunAtDifferentDate(elevenYearsFromNow, func() {
|
|
| 349 |
- // Try create |
|
| 350 |
- result := icmd.RunCmd(icmd.Command(dockerBinary, "create", "--disable-content-trust", repoName), trustedCmd) |
|
| 351 |
- c.Assert(result.Error, check.Not(check.IsNil)) |
|
| 352 |
- c.Assert(string(result.Combined()), checker.Contains, "Status: Downloaded", check.Commentf("Missing expected output on trusted create in the distant future:\n%s", result.Combined()))
|
|
| 353 |
- |
|
| 354 |
- }) |
|
| 328 |
+ cli.DockerCmd(c, "rmi", repoName) |
|
| 355 | 329 |
} |
| 356 | 330 |
|
| 357 | 331 |
func (s *DockerTrustSuite) TestTrustedCreateFromBadTrustServer(c *check.C) {
|
| ... | ... |
@@ -360,16 +332,13 @@ func (s *DockerTrustSuite) TestTrustedCreateFromBadTrustServer(c *check.C) {
|
| 360 | 360 |
c.Assert(err, check.IsNil) |
| 361 | 361 |
|
| 362 | 362 |
// tag the image and upload it to the private registry |
| 363 |
- dockerCmd(c, "tag", "busybox", repoName) |
|
| 364 |
- |
|
| 365 |
- icmd.RunCmd(icmd.Command(dockerBinary, "push", repoName), trustedCmd).Assert(c, SuccessSigningAndPushing) |
|
| 366 |
- |
|
| 367 |
- dockerCmd(c, "rmi", repoName) |
|
| 363 |
+ cli.DockerCmd(c, "tag", "busybox", repoName) |
|
| 364 |
+ cli.Docker(cli.Args("push", repoName), trustedCmd).Assert(c, SuccessSigningAndPushing)
|
|
| 365 |
+ cli.DockerCmd(c, "rmi", repoName) |
|
| 368 | 366 |
|
| 369 | 367 |
// Try create |
| 370 |
- icmd.RunCmd(icmd.Command(dockerBinary, "create", repoName), trustedCmd).Assert(c, SuccessTagging) |
|
| 371 |
- |
|
| 372 |
- dockerCmd(c, "rmi", repoName) |
|
| 368 |
+ cli.Docker(cli.Args("create", repoName), trustedCmd).Assert(c, SuccessTagging)
|
|
| 369 |
+ cli.DockerCmd(c, "rmi", repoName) |
|
| 373 | 370 |
|
| 374 | 371 |
// Kill the notary server, start a new "evil" one. |
| 375 | 372 |
s.not.Close() |
| ... | ... |
@@ -378,13 +347,13 @@ func (s *DockerTrustSuite) TestTrustedCreateFromBadTrustServer(c *check.C) {
|
| 378 | 378 |
|
| 379 | 379 |
// In order to make an evil server, lets re-init a client (with a different trust dir) and push new data. |
| 380 | 380 |
// tag an image and upload it to the private registry |
| 381 |
- dockerCmd(c, "--config", evilLocalConfigDir, "tag", "busybox", repoName) |
|
| 381 |
+ cli.DockerCmd(c, "--config", evilLocalConfigDir, "tag", "busybox", repoName) |
|
| 382 | 382 |
|
| 383 | 383 |
// Push up to the new server |
| 384 |
- icmd.RunCmd(icmd.Command(dockerBinary, "--config", evilLocalConfigDir, "push", repoName), trustedCmd).Assert(c, SuccessSigningAndPushing) |
|
| 384 |
+ cli.Docker(cli.Args("--config", evilLocalConfigDir, "push", repoName), trustedCmd).Assert(c, SuccessSigningAndPushing)
|
|
| 385 | 385 |
|
| 386 | 386 |
// Now, try creating with the original client from this new trust server. This should fail because the new root is invalid. |
| 387 |
- icmd.RunCmd(icmd.Command(dockerBinary, "create", repoName), trustedCmd).Assert(c, icmd.Expected{
|
|
| 387 |
+ cli.Docker(cli.Args("create", repoName), trustedCmd).Assert(c, icmd.Expected{
|
|
| 388 | 388 |
ExitCode: 1, |
| 389 | 389 |
Err: "could not rotate trust to a new trusted root", |
| 390 | 390 |
}) |
| ... | ... |
@@ -8,6 +8,7 @@ import ( |
| 8 | 8 |
"strings" |
| 9 | 9 |
|
| 10 | 10 |
"github.com/docker/docker/integration-cli/checker" |
| 11 |
+ "github.com/docker/docker/integration-cli/cli" |
|
| 11 | 12 |
icmd "github.com/docker/docker/pkg/testutil/cmd" |
| 12 | 13 |
"github.com/go-check/check" |
| 13 | 14 |
) |
| ... | ... |
@@ -304,31 +305,26 @@ func (s *DockerTrustSuite) TestPluginTrustedInstall(c *check.C) {
|
| 304 | 304 |
|
| 305 | 305 |
trustedName := s.setupTrustedplugin(c, pNameWithTag, "trusted-plugin-install") |
| 306 | 306 |
|
| 307 |
- icmd.RunCmd(icmd.Command(dockerBinary, "plugin", "install", "--grant-all-permissions", trustedName), trustedCmd).Assert(c, icmd.Expected{
|
|
| 307 |
+ cli.Docker(cli.Args("plugin", "install", "--grant-all-permissions", trustedName), trustedCmd).Assert(c, icmd.Expected{
|
|
| 308 | 308 |
Out: trustedName, |
| 309 | 309 |
}) |
| 310 | 310 |
|
| 311 |
- out, _, err := dockerCmdWithError("plugin", "ls")
|
|
| 312 |
- c.Assert(err, checker.IsNil) |
|
| 311 |
+ out := cli.DockerCmd(c, "plugin", "ls").Combined() |
|
| 313 | 312 |
c.Assert(out, checker.Contains, "true") |
| 314 | 313 |
|
| 315 |
- out, _, err = dockerCmdWithError("plugin", "disable", trustedName)
|
|
| 316 |
- c.Assert(err, checker.IsNil) |
|
| 314 |
+ out = cli.DockerCmd(c, "plugin", "disable", trustedName).Combined() |
|
| 317 | 315 |
c.Assert(strings.TrimSpace(out), checker.Contains, trustedName) |
| 318 | 316 |
|
| 319 |
- out, _, err = dockerCmdWithError("plugin", "enable", trustedName)
|
|
| 320 |
- c.Assert(err, checker.IsNil) |
|
| 317 |
+ out = cli.DockerCmd(c, "plugin", "enable", trustedName).Combined() |
|
| 321 | 318 |
c.Assert(strings.TrimSpace(out), checker.Contains, trustedName) |
| 322 | 319 |
|
| 323 |
- out, _, err = dockerCmdWithError("plugin", "rm", "-f", trustedName)
|
|
| 324 |
- c.Assert(err, checker.IsNil) |
|
| 320 |
+ out = cli.DockerCmd(c, "plugin", "rm", "-f", trustedName).Combined() |
|
| 325 | 321 |
c.Assert(strings.TrimSpace(out), checker.Contains, trustedName) |
| 326 | 322 |
|
| 327 | 323 |
// Try untrusted pull to ensure we pushed the tag to the registry |
| 328 |
- icmd.RunCmd(icmd.Command(dockerBinary, "plugin", "install", "--disable-content-trust=true", "--grant-all-permissions", trustedName), trustedCmd).Assert(c, SuccessDownloaded) |
|
| 324 |
+ cli.Docker(cli.Args("plugin", "install", "--disable-content-trust=true", "--grant-all-permissions", trustedName), trustedCmd).Assert(c, SuccessDownloaded)
|
|
| 329 | 325 |
|
| 330 |
- out, _, err = dockerCmdWithError("plugin", "ls")
|
|
| 331 |
- c.Assert(err, checker.IsNil) |
|
| 326 |
+ out = cli.DockerCmd(c, "plugin", "ls").Combined() |
|
| 332 | 327 |
c.Assert(out, checker.Contains, "true") |
| 333 | 328 |
|
| 334 | 329 |
} |
| ... | ... |
@@ -338,12 +334,12 @@ func (s *DockerTrustSuite) TestPluginUntrustedInstall(c *check.C) {
|
| 338 | 338 |
|
| 339 | 339 |
pluginName := fmt.Sprintf("%v/dockercliuntrusted/plugintest:latest", privateRegistryURL)
|
| 340 | 340 |
// install locally and push to private registry |
| 341 |
- dockerCmd(c, "plugin", "install", "--grant-all-permissions", "--alias", pluginName, pNameWithTag) |
|
| 342 |
- dockerCmd(c, "plugin", "push", pluginName) |
|
| 343 |
- dockerCmd(c, "plugin", "rm", "-f", pluginName) |
|
| 341 |
+ cli.DockerCmd(c, "plugin", "install", "--grant-all-permissions", "--alias", pluginName, pNameWithTag) |
|
| 342 |
+ cli.DockerCmd(c, "plugin", "push", pluginName) |
|
| 343 |
+ cli.DockerCmd(c, "plugin", "rm", "-f", pluginName) |
|
| 344 | 344 |
|
| 345 | 345 |
// Try trusted install on untrusted plugin |
| 346 |
- icmd.RunCmd(icmd.Command(dockerBinary, "plugin", "install", "--grant-all-permissions", pluginName), trustedCmd).Assert(c, icmd.Expected{
|
|
| 346 |
+ cli.Docker(cli.Args("plugin", "install", "--grant-all-permissions", pluginName), trustedCmd).Assert(c, icmd.Expected{
|
|
| 347 | 347 |
ExitCode: 1, |
| 348 | 348 |
Err: "Error: remote trust data does not exist", |
| 349 | 349 |
}) |
| ... | ... |
@@ -3,11 +3,10 @@ package main |
| 3 | 3 |
import ( |
| 4 | 4 |
"fmt" |
| 5 | 5 |
"io/ioutil" |
| 6 |
- "time" |
|
| 7 | 6 |
|
| 8 | 7 |
"github.com/docker/docker/integration-cli/checker" |
| 8 |
+ "github.com/docker/docker/integration-cli/cli" |
|
| 9 | 9 |
"github.com/docker/docker/integration-cli/cli/build" |
| 10 |
- "github.com/docker/docker/pkg/testutil" |
|
| 11 | 10 |
icmd "github.com/docker/docker/pkg/testutil/cmd" |
| 12 | 11 |
"github.com/go-check/check" |
| 13 | 12 |
) |
| ... | ... |
@@ -16,61 +15,36 @@ func (s *DockerTrustSuite) TestTrustedPull(c *check.C) {
|
| 16 | 16 |
repoName := s.setupTrustedImage(c, "trusted-pull") |
| 17 | 17 |
|
| 18 | 18 |
// Try pull |
| 19 |
- icmd.RunCmd(icmd.Command(dockerBinary, "pull", repoName), trustedCmd).Assert(c, SuccessTagging) |
|
| 19 |
+ cli.Docker(cli.Args("pull", repoName), trustedCmd).Assert(c, SuccessTagging)
|
|
| 20 | 20 |
|
| 21 |
- dockerCmd(c, "rmi", repoName) |
|
| 21 |
+ cli.DockerCmd(c, "rmi", repoName) |
|
| 22 | 22 |
// Try untrusted pull to ensure we pushed the tag to the registry |
| 23 |
- icmd.RunCmd(icmd.Command(dockerBinary, "pull", "--disable-content-trust=true", repoName), trustedCmd).Assert(c, SuccessDownloaded) |
|
| 23 |
+ cli.Docker(cli.Args("pull", "--disable-content-trust=true", repoName), trustedCmd).Assert(c, SuccessDownloaded)
|
|
| 24 | 24 |
} |
| 25 | 25 |
|
| 26 | 26 |
func (s *DockerTrustSuite) TestTrustedIsolatedPull(c *check.C) {
|
| 27 | 27 |
repoName := s.setupTrustedImage(c, "trusted-isolated-pull") |
| 28 | 28 |
|
| 29 | 29 |
// Try pull (run from isolated directory without trust information) |
| 30 |
- icmd.RunCmd(icmd.Command(dockerBinary, "--config", "/tmp/docker-isolated", "pull", repoName), trustedCmd).Assert(c, SuccessTagging) |
|
| 30 |
+ cli.Docker(cli.Args("--config", "/tmp/docker-isolated", "pull", repoName), trustedCmd).Assert(c, SuccessTagging)
|
|
| 31 | 31 |
|
| 32 |
- dockerCmd(c, "rmi", repoName) |
|
| 32 |
+ cli.DockerCmd(c, "rmi", repoName) |
|
| 33 | 33 |
} |
| 34 | 34 |
|
| 35 | 35 |
func (s *DockerTrustSuite) TestUntrustedPull(c *check.C) {
|
| 36 | 36 |
repoName := fmt.Sprintf("%v/dockercliuntrusted/pulltest:latest", privateRegistryURL)
|
| 37 | 37 |
// tag the image and upload it to the private registry |
| 38 |
- dockerCmd(c, "tag", "busybox", repoName) |
|
| 39 |
- dockerCmd(c, "push", repoName) |
|
| 40 |
- dockerCmd(c, "rmi", repoName) |
|
| 38 |
+ cli.DockerCmd(c, "tag", "busybox", repoName) |
|
| 39 |
+ cli.DockerCmd(c, "push", repoName) |
|
| 40 |
+ cli.DockerCmd(c, "rmi", repoName) |
|
| 41 | 41 |
|
| 42 | 42 |
// Try trusted pull on untrusted tag |
| 43 |
- icmd.RunCmd(icmd.Command(dockerBinary, "pull", repoName), trustedCmd).Assert(c, icmd.Expected{
|
|
| 43 |
+ cli.Docker(cli.Args("pull", repoName), trustedCmd).Assert(c, icmd.Expected{
|
|
| 44 | 44 |
ExitCode: 1, |
| 45 | 45 |
Err: "Error: remote trust data does not exist", |
| 46 | 46 |
}) |
| 47 | 47 |
} |
| 48 | 48 |
|
| 49 |
-func (s *DockerTrustSuite) TestPullWhenCertExpired(c *check.C) {
|
|
| 50 |
- c.Skip("Currently changes system time, causing instability")
|
|
| 51 |
- repoName := s.setupTrustedImage(c, "trusted-cert-expired") |
|
| 52 |
- |
|
| 53 |
- // Certificates have 10 years of expiration |
|
| 54 |
- elevenYearsFromNow := time.Now().Add(time.Hour * 24 * 365 * 11) |
|
| 55 |
- |
|
| 56 |
- testutil.RunAtDifferentDate(elevenYearsFromNow, func() {
|
|
| 57 |
- // Try pull |
|
| 58 |
- icmd.RunCmd(icmd.Cmd{
|
|
| 59 |
- Command: []string{dockerBinary, "pull", repoName},
|
|
| 60 |
- }, trustedCmd).Assert(c, icmd.Expected{
|
|
| 61 |
- ExitCode: 1, |
|
| 62 |
- Err: "could not validate the path to a trusted root", |
|
| 63 |
- }) |
|
| 64 |
- }) |
|
| 65 |
- |
|
| 66 |
- testutil.RunAtDifferentDate(elevenYearsFromNow, func() {
|
|
| 67 |
- // Try pull |
|
| 68 |
- icmd.RunCmd(icmd.Cmd{
|
|
| 69 |
- Command: []string{dockerBinary, "pull", "--disable-content-trust", repoName},
|
|
| 70 |
- }, trustedCmd).Assert(c, SuccessDownloaded) |
|
| 71 |
- }) |
|
| 72 |
-} |
|
| 73 |
- |
|
| 74 | 49 |
func (s *DockerTrustSuite) TestTrustedPullFromBadTrustServer(c *check.C) {
|
| 75 | 50 |
repoName := fmt.Sprintf("%v/dockerclievilpull/trusted:latest", privateRegistryURL)
|
| 76 | 51 |
evilLocalConfigDir, err := ioutil.TempDir("", "evil-local-config-dir")
|
| ... | ... |
@@ -79,14 +53,14 @@ func (s *DockerTrustSuite) TestTrustedPullFromBadTrustServer(c *check.C) {
|
| 79 | 79 |
} |
| 80 | 80 |
|
| 81 | 81 |
// tag the image and upload it to the private registry |
| 82 |
- dockerCmd(c, "tag", "busybox", repoName) |
|
| 82 |
+ cli.DockerCmd(c, "tag", "busybox", repoName) |
|
| 83 | 83 |
|
| 84 |
- icmd.RunCmd(icmd.Command(dockerBinary, "push", repoName), trustedCmd).Assert(c, SuccessSigningAndPushing) |
|
| 85 |
- dockerCmd(c, "rmi", repoName) |
|
| 84 |
+ cli.Docker(cli.Args("push", repoName), trustedCmd).Assert(c, SuccessSigningAndPushing)
|
|
| 85 |
+ cli.DockerCmd(c, "rmi", repoName) |
|
| 86 | 86 |
|
| 87 | 87 |
// Try pull |
| 88 |
- icmd.RunCmd(icmd.Command(dockerBinary, "pull", repoName), trustedCmd).Assert(c, SuccessTagging) |
|
| 89 |
- dockerCmd(c, "rmi", repoName) |
|
| 88 |
+ cli.Docker(cli.Args("pull", repoName), trustedCmd).Assert(c, SuccessTagging)
|
|
| 89 |
+ cli.DockerCmd(c, "rmi", repoName) |
|
| 90 | 90 |
|
| 91 | 91 |
// Kill the notary server, start a new "evil" one. |
| 92 | 92 |
s.not.Close() |
| ... | ... |
@@ -96,71 +70,46 @@ func (s *DockerTrustSuite) TestTrustedPullFromBadTrustServer(c *check.C) {
|
| 96 | 96 |
|
| 97 | 97 |
// In order to make an evil server, lets re-init a client (with a different trust dir) and push new data. |
| 98 | 98 |
// tag an image and upload it to the private registry |
| 99 |
- dockerCmd(c, "--config", evilLocalConfigDir, "tag", "busybox", repoName) |
|
| 99 |
+ cli.DockerCmd(c, "--config", evilLocalConfigDir, "tag", "busybox", repoName) |
|
| 100 | 100 |
|
| 101 | 101 |
// Push up to the new server |
| 102 |
- icmd.RunCmd(icmd.Command(dockerBinary, "--config", evilLocalConfigDir, "push", repoName), trustedCmd).Assert(c, SuccessSigningAndPushing) |
|
| 102 |
+ cli.Docker(cli.Args("--config", evilLocalConfigDir, "push", repoName), trustedCmd).Assert(c, SuccessSigningAndPushing)
|
|
| 103 | 103 |
|
| 104 | 104 |
// Now, try pulling with the original client from this new trust server. This should fail because the new root is invalid. |
| 105 |
- icmd.RunCmd(icmd.Command(dockerBinary, "pull", repoName), trustedCmd).Assert(c, icmd.Expected{
|
|
| 105 |
+ cli.Docker(cli.Args("pull", repoName), trustedCmd).Assert(c, icmd.Expected{
|
|
| 106 | 106 |
ExitCode: 1, |
| 107 | 107 |
Err: "could not rotate trust to a new trusted root", |
| 108 | 108 |
}) |
| 109 | 109 |
} |
| 110 | 110 |
|
| 111 |
-func (s *DockerTrustSuite) TestTrustedPullWithExpiredSnapshot(c *check.C) {
|
|
| 112 |
- c.Skip("Currently changes system time, causing instability")
|
|
| 113 |
- repoName := fmt.Sprintf("%v/dockercliexpiredtimestamppull/trusted:latest", privateRegistryURL)
|
|
| 114 |
- // tag the image and upload it to the private registry |
|
| 115 |
- dockerCmd(c, "tag", "busybox", repoName) |
|
| 116 |
- |
|
| 117 |
- // Push with default passphrases |
|
| 118 |
- icmd.RunCmd(icmd.Command(dockerBinary, "push", repoName), trustedCmd).Assert(c, SuccessSigningAndPushing) |
|
| 119 |
- dockerCmd(c, "rmi", repoName) |
|
| 120 |
- |
|
| 121 |
- // Snapshots last for three years. This should be expired |
|
| 122 |
- fourYearsLater := time.Now().Add(time.Hour * 24 * 365 * 4) |
|
| 123 |
- |
|
| 124 |
- testutil.RunAtDifferentDate(fourYearsLater, func() {
|
|
| 125 |
- // Try pull |
|
| 126 |
- icmd.RunCmd(icmd.Cmd{
|
|
| 127 |
- Command: []string{dockerBinary, "pull", repoName},
|
|
| 128 |
- }, trustedCmd).Assert(c, icmd.Expected{
|
|
| 129 |
- ExitCode: 1, |
|
| 130 |
- Err: "repository out-of-date", |
|
| 131 |
- }) |
|
| 132 |
- }) |
|
| 133 |
-} |
|
| 134 |
- |
|
| 135 | 111 |
func (s *DockerTrustSuite) TestTrustedOfflinePull(c *check.C) {
|
| 136 | 112 |
repoName := s.setupTrustedImage(c, "trusted-offline-pull") |
| 137 | 113 |
|
| 138 |
- icmd.RunCmd(icmd.Command(dockerBinary, "pull", repoName), trustedCmdWithServer("https://invalidnotaryserver")).Assert(c, icmd.Expected{
|
|
| 114 |
+ cli.Docker(cli.Args("pull", repoName), trustedCmdWithServer("https://invalidnotaryserver")).Assert(c, icmd.Expected{
|
|
| 139 | 115 |
ExitCode: 1, |
| 140 | 116 |
Err: "error contacting notary server", |
| 141 | 117 |
}) |
| 142 | 118 |
// Do valid trusted pull to warm cache |
| 143 |
- icmd.RunCmd(icmd.Command(dockerBinary, "pull", repoName), trustedCmd).Assert(c, SuccessTagging) |
|
| 144 |
- dockerCmd(c, "rmi", repoName) |
|
| 119 |
+ cli.Docker(cli.Args("pull", repoName), trustedCmd).Assert(c, SuccessTagging)
|
|
| 120 |
+ cli.DockerCmd(c, "rmi", repoName) |
|
| 145 | 121 |
|
| 146 | 122 |
// Try pull again with invalid notary server, should use cache |
| 147 |
- icmd.RunCmd(icmd.Command(dockerBinary, "pull", repoName), trustedCmdWithServer("https://invalidnotaryserver")).Assert(c, SuccessTagging)
|
|
| 123 |
+ cli.Docker(cli.Args("pull", repoName), trustedCmdWithServer("https://invalidnotaryserver")).Assert(c, SuccessTagging)
|
|
| 148 | 124 |
} |
| 149 | 125 |
|
| 150 | 126 |
func (s *DockerTrustSuite) TestTrustedPullDelete(c *check.C) {
|
| 151 | 127 |
repoName := fmt.Sprintf("%v/dockercli/%s:latest", privateRegistryURL, "trusted-pull-delete")
|
| 152 | 128 |
// tag the image and upload it to the private registry |
| 153 |
- buildImageSuccessfully(c, repoName, build.WithDockerfile(` |
|
| 129 |
+ cli.BuildCmd(c, repoName, build.WithDockerfile(` |
|
| 154 | 130 |
FROM busybox |
| 155 | 131 |
CMD echo trustedpulldelete |
| 156 | 132 |
`)) |
| 157 |
- icmd.RunCmd(icmd.Command(dockerBinary, "push", repoName), trustedCmd).Assert(c, SuccessSigningAndPushing) |
|
| 133 |
+ cli.Docker(cli.Args("push", repoName), trustedCmd).Assert(c, SuccessSigningAndPushing)
|
|
| 158 | 134 |
|
| 159 |
- dockerCmd(c, "rmi", repoName) |
|
| 135 |
+ cli.DockerCmd(c, "rmi", repoName) |
|
| 160 | 136 |
|
| 161 | 137 |
// Try pull |
| 162 |
- result := icmd.RunCmd(icmd.Command(dockerBinary, "pull", repoName), trustedCmd) |
|
| 163 |
- result.Assert(c, icmd.Success) |
|
| 138 |
+ result := cli.Docker(cli.Args("pull", repoName), trustedCmd).Assert(c, icmd.Success)
|
|
| 164 | 139 |
|
| 165 | 140 |
matches := digestRegex.FindStringSubmatch(result.Combined()) |
| 166 | 141 |
c.Assert(matches, checker.HasLen, 2, check.Commentf("unable to parse digest from pull output: %s", result.Combined()))
|
| ... | ... |
@@ -174,7 +123,7 @@ func (s *DockerTrustSuite) TestTrustedPullDelete(c *check.C) {
|
| 174 | 174 |
c.Assert(byDigestID, checker.Equals, imageID) |
| 175 | 175 |
|
| 176 | 176 |
// rmi of tag should also remove the digest reference |
| 177 |
- dockerCmd(c, "rmi", repoName) |
|
| 177 |
+ cli.DockerCmd(c, "rmi", repoName) |
|
| 178 | 178 |
|
| 179 | 179 |
_, err := inspectFieldWithError(imageByDigest, "Id") |
| 180 | 180 |
c.Assert(err, checker.NotNil, check.Commentf("digest reference should have been removed"))
|
| ... | ... |
@@ -189,12 +138,12 @@ func (s *DockerTrustSuite) TestTrustedPullReadsFromReleasesRole(c *check.C) {
|
| 189 | 189 |
targetName := fmt.Sprintf("%s:latest", repoName)
|
| 190 | 190 |
|
| 191 | 191 |
// Push with targets first, initializing the repo |
| 192 |
- dockerCmd(c, "tag", "busybox", targetName) |
|
| 193 |
- icmd.RunCmd(icmd.Command(dockerBinary, "push", targetName), trustedCmd).Assert(c, icmd.Success) |
|
| 192 |
+ cli.DockerCmd(c, "tag", "busybox", targetName) |
|
| 193 |
+ cli.Docker(cli.Args("push", targetName), trustedCmd).Assert(c, icmd.Success)
|
|
| 194 | 194 |
s.assertTargetInRoles(c, repoName, "latest", "targets") |
| 195 | 195 |
|
| 196 | 196 |
// Try pull, check we retrieve from targets role |
| 197 |
- icmd.RunCmd(icmd.Command(dockerBinary, "-D", "pull", repoName), trustedCmd).Assert(c, icmd.Expected{
|
|
| 197 |
+ cli.Docker(cli.Args("-D", "pull", repoName), trustedCmd).Assert(c, icmd.Expected{
|
|
| 198 | 198 |
Err: "retrieving target for targets role", |
| 199 | 199 |
}) |
| 200 | 200 |
|
| ... | ... |
@@ -205,21 +154,21 @@ func (s *DockerTrustSuite) TestTrustedPullReadsFromReleasesRole(c *check.C) {
|
| 205 | 205 |
|
| 206 | 206 |
// try a pull, check that we can still pull because we can still read the |
| 207 | 207 |
// old tag in the targets role |
| 208 |
- icmd.RunCmd(icmd.Command(dockerBinary, "-D", "pull", repoName), trustedCmd).Assert(c, icmd.Expected{
|
|
| 208 |
+ cli.Docker(cli.Args("-D", "pull", repoName), trustedCmd).Assert(c, icmd.Expected{
|
|
| 209 | 209 |
Err: "retrieving target for targets role", |
| 210 | 210 |
}) |
| 211 | 211 |
|
| 212 | 212 |
// try a pull -a, check that it succeeds because we can still pull from the |
| 213 | 213 |
// targets role |
| 214 |
- icmd.RunCmd(icmd.Command(dockerBinary, "-D", "pull", "-a", repoName), trustedCmd).Assert(c, icmd.Success) |
|
| 214 |
+ cli.Docker(cli.Args("-D", "pull", "-a", repoName), trustedCmd).Assert(c, icmd.Success)
|
|
| 215 | 215 |
|
| 216 | 216 |
// Push, should sign with targets/releases |
| 217 |
- dockerCmd(c, "tag", "busybox", targetName) |
|
| 218 |
- icmd.RunCmd(icmd.Command(dockerBinary, "push", targetName), trustedCmd).Assert(c, icmd.Success) |
|
| 217 |
+ cli.DockerCmd(c, "tag", "busybox", targetName) |
|
| 218 |
+ cli.Docker(cli.Args("push", targetName), trustedCmd).Assert(c, icmd.Success)
|
|
| 219 | 219 |
s.assertTargetInRoles(c, repoName, "latest", "targets", "targets/releases") |
| 220 | 220 |
|
| 221 | 221 |
// Try pull, check we retrieve from targets/releases role |
| 222 |
- icmd.RunCmd(icmd.Command(dockerBinary, "-D", "pull", repoName), trustedCmd).Assert(c, icmd.Expected{
|
|
| 222 |
+ cli.Docker(cli.Args("-D", "pull", repoName), trustedCmd).Assert(c, icmd.Expected{
|
|
| 223 | 223 |
Err: "retrieving target for targets/releases role", |
| 224 | 224 |
}) |
| 225 | 225 |
|
| ... | ... |
@@ -228,12 +177,12 @@ func (s *DockerTrustSuite) TestTrustedPullReadsFromReleasesRole(c *check.C) {
|
| 228 | 228 |
s.notaryImportKey(c, repoName, "targets/other", s.not.keys[1].Private) |
| 229 | 229 |
s.notaryPublish(c, repoName) |
| 230 | 230 |
|
| 231 |
- dockerCmd(c, "tag", "busybox", targetName) |
|
| 232 |
- icmd.RunCmd(icmd.Command(dockerBinary, "push", targetName), trustedCmd).Assert(c, icmd.Success) |
|
| 231 |
+ cli.DockerCmd(c, "tag", "busybox", targetName) |
|
| 232 |
+ cli.Docker(cli.Args("push", targetName), trustedCmd).Assert(c, icmd.Success)
|
|
| 233 | 233 |
s.assertTargetInRoles(c, repoName, "latest", "targets", "targets/releases", "targets/other") |
| 234 | 234 |
|
| 235 | 235 |
// Try pull, check we retrieve from targets/releases role |
| 236 |
- icmd.RunCmd(icmd.Command(dockerBinary, "-D", "pull", repoName), trustedCmd).Assert(c, icmd.Expected{
|
|
| 236 |
+ cli.Docker(cli.Args("-D", "pull", repoName), trustedCmd).Assert(c, icmd.Expected{
|
|
| 237 | 237 |
Err: "retrieving target for targets/releases role", |
| 238 | 238 |
}) |
| 239 | 239 |
} |
| ... | ... |
@@ -251,22 +200,22 @@ func (s *DockerTrustSuite) TestTrustedPullIgnoresOtherDelegationRoles(c *check.C |
| 251 | 251 |
s.notaryPublish(c, repoName) |
| 252 | 252 |
|
| 253 | 253 |
// Push should write to the delegation role, not targets |
| 254 |
- dockerCmd(c, "tag", "busybox", targetName) |
|
| 255 |
- icmd.RunCmd(icmd.Command(dockerBinary, "push", targetName), trustedCmd).Assert(c, icmd.Success) |
|
| 254 |
+ cli.DockerCmd(c, "tag", "busybox", targetName) |
|
| 255 |
+ cli.Docker(cli.Args("push", targetName), trustedCmd).Assert(c, icmd.Success)
|
|
| 256 | 256 |
s.assertTargetInRoles(c, repoName, "latest", "targets/other") |
| 257 | 257 |
s.assertTargetNotInRoles(c, repoName, "latest", "targets") |
| 258 | 258 |
|
| 259 | 259 |
// Try pull - we should fail, since pull will only pull from the targets/releases |
| 260 | 260 |
// role or the targets role |
| 261 |
- dockerCmd(c, "tag", "busybox", targetName) |
|
| 262 |
- icmd.RunCmd(icmd.Command(dockerBinary, "-D", "pull", repoName), trustedCmd).Assert(c, icmd.Expected{
|
|
| 261 |
+ cli.DockerCmd(c, "tag", "busybox", targetName) |
|
| 262 |
+ cli.Docker(cli.Args("-D", "pull", repoName), trustedCmd).Assert(c, icmd.Expected{
|
|
| 263 | 263 |
ExitCode: 1, |
| 264 | 264 |
Err: "No trust data for", |
| 265 | 265 |
}) |
| 266 | 266 |
|
| 267 | 267 |
// try a pull -a: we should fail since pull will only pull from the targets/releases |
| 268 | 268 |
// role or the targets role |
| 269 |
- icmd.RunCmd(icmd.Command(dockerBinary, "-D", "pull", "-a", repoName), trustedCmd).Assert(c, icmd.Expected{
|
|
| 269 |
+ cli.Docker(cli.Args("-D", "pull", "-a", repoName), trustedCmd).Assert(c, icmd.Expected{
|
|
| 270 | 270 |
ExitCode: 1, |
| 271 | 271 |
Err: "No trusted tags for", |
| 272 | 272 |
}) |
| ... | ... |
@@ -3,6 +3,13 @@ package main |
| 3 | 3 |
import ( |
| 4 | 4 |
"archive/tar" |
| 5 | 5 |
"fmt" |
| 6 |
+ "github.com/docker/distribution/reference" |
|
| 7 |
+ cliconfig "github.com/docker/docker/cli/config" |
|
| 8 |
+ "github.com/docker/docker/integration-cli/checker" |
|
| 9 |
+ "github.com/docker/docker/integration-cli/cli" |
|
| 10 |
+ "github.com/docker/docker/integration-cli/cli/build" |
|
| 11 |
+ icmd "github.com/docker/docker/pkg/testutil/cmd" |
|
| 12 |
+ "github.com/go-check/check" |
|
| 6 | 13 |
"io/ioutil" |
| 7 | 14 |
"net/http" |
| 8 | 15 |
"net/http/httptest" |
| ... | ... |
@@ -10,15 +17,6 @@ import ( |
| 10 | 10 |
"path/filepath" |
| 11 | 11 |
"strings" |
| 12 | 12 |
"sync" |
| 13 |
- "time" |
|
| 14 |
- |
|
| 15 |
- "github.com/docker/distribution/reference" |
|
| 16 |
- cliconfig "github.com/docker/docker/cli/config" |
|
| 17 |
- "github.com/docker/docker/integration-cli/checker" |
|
| 18 |
- "github.com/docker/docker/integration-cli/cli/build" |
|
| 19 |
- "github.com/docker/docker/pkg/testutil" |
|
| 20 |
- icmd "github.com/docker/docker/pkg/testutil/cmd" |
|
| 21 |
- "github.com/go-check/check" |
|
| 22 | 13 |
) |
| 23 | 14 |
|
| 24 | 15 |
// Pushing an image to a private registry. |
| ... | ... |
@@ -285,12 +283,12 @@ func (s *DockerSchema1RegistrySuite) TestCrossRepositoryLayerPushNotSupported(c |
| 285 | 285 |
func (s *DockerTrustSuite) TestTrustedPush(c *check.C) {
|
| 286 | 286 |
repoName := fmt.Sprintf("%v/dockerclitrusted/pushtest:latest", privateRegistryURL)
|
| 287 | 287 |
// tag the image and upload it to the private registry |
| 288 |
- dockerCmd(c, "tag", "busybox", repoName) |
|
| 288 |
+ cli.DockerCmd(c, "tag", "busybox", repoName) |
|
| 289 | 289 |
|
| 290 |
- icmd.RunCmd(icmd.Command(dockerBinary, "push", repoName), trustedCmd).Assert(c, SuccessSigningAndPushing) |
|
| 290 |
+ cli.Docker(cli.Args("push", repoName), trustedCmd).Assert(c, SuccessSigningAndPushing)
|
|
| 291 | 291 |
|
| 292 | 292 |
// Try pull after push |
| 293 |
- icmd.RunCmd(icmd.Command(dockerBinary, "pull", repoName), trustedCmd).Assert(c, icmd.Expected{
|
|
| 293 |
+ cli.Docker(cli.Args("pull", repoName), trustedCmd).Assert(c, icmd.Expected{
|
|
| 294 | 294 |
Out: "Status: Image is up to date", |
| 295 | 295 |
}) |
| 296 | 296 |
|
| ... | ... |
@@ -304,12 +302,12 @@ func (s *DockerTrustSuite) TestTrustedPush(c *check.C) {
|
| 304 | 304 |
func (s *DockerTrustSuite) TestTrustedPushWithEnvPasswords(c *check.C) {
|
| 305 | 305 |
repoName := fmt.Sprintf("%v/dockerclienv/trusted:latest", privateRegistryURL)
|
| 306 | 306 |
// tag the image and upload it to the private registry |
| 307 |
- dockerCmd(c, "tag", "busybox", repoName) |
|
| 307 |
+ cli.DockerCmd(c, "tag", "busybox", repoName) |
|
| 308 | 308 |
|
| 309 |
- icmd.RunCmd(icmd.Command(dockerBinary, "push", repoName), trustedCmdWithPassphrases("12345678", "12345678")).Assert(c, SuccessSigningAndPushing)
|
|
| 309 |
+ cli.Docker(cli.Args("push", repoName), trustedCmdWithPassphrases("12345678", "12345678")).Assert(c, SuccessSigningAndPushing)
|
|
| 310 | 310 |
|
| 311 | 311 |
// Try pull after push |
| 312 |
- icmd.RunCmd(icmd.Command(dockerBinary, "pull", repoName), trustedCmd).Assert(c, icmd.Expected{
|
|
| 312 |
+ cli.Docker(cli.Args("pull", repoName), trustedCmd).Assert(c, icmd.Expected{
|
|
| 313 | 313 |
Out: "Status: Image is up to date", |
| 314 | 314 |
}) |
| 315 | 315 |
} |
| ... | ... |
@@ -317,10 +315,10 @@ func (s *DockerTrustSuite) TestTrustedPushWithEnvPasswords(c *check.C) {
|
| 317 | 317 |
func (s *DockerTrustSuite) TestTrustedPushWithFailingServer(c *check.C) {
|
| 318 | 318 |
repoName := fmt.Sprintf("%v/dockerclitrusted/failingserver:latest", privateRegistryURL)
|
| 319 | 319 |
// tag the image and upload it to the private registry |
| 320 |
- dockerCmd(c, "tag", "busybox", repoName) |
|
| 320 |
+ cli.DockerCmd(c, "tag", "busybox", repoName) |
|
| 321 | 321 |
|
| 322 | 322 |
// Using a name that doesn't resolve to an address makes this test faster |
| 323 |
- icmd.RunCmd(icmd.Command(dockerBinary, "push", repoName), trustedCmdWithServer("https://server.invalid:81/")).Assert(c, icmd.Expected{
|
|
| 323 |
+ cli.Docker(cli.Args("push", repoName), trustedCmdWithServer("https://server.invalid:81/")).Assert(c, icmd.Expected{
|
|
| 324 | 324 |
ExitCode: 1, |
| 325 | 325 |
Err: "error contacting notary server", |
| 326 | 326 |
}) |
| ... | ... |
@@ -329,9 +327,9 @@ func (s *DockerTrustSuite) TestTrustedPushWithFailingServer(c *check.C) {
|
| 329 | 329 |
func (s *DockerTrustSuite) TestTrustedPushWithoutServerAndUntrusted(c *check.C) {
|
| 330 | 330 |
repoName := fmt.Sprintf("%v/dockerclitrusted/trustedandnot:latest", privateRegistryURL)
|
| 331 | 331 |
// tag the image and upload it to the private registry |
| 332 |
- dockerCmd(c, "tag", "busybox", repoName) |
|
| 332 |
+ cli.DockerCmd(c, "tag", "busybox", repoName) |
|
| 333 | 333 |
|
| 334 |
- result := icmd.RunCmd(icmd.Command(dockerBinary, "push", "--disable-content-trust", repoName), trustedCmdWithServer("https://server.invalid:81/"))
|
|
| 334 |
+ result := cli.Docker(cli.Args("push", "--disable-content-trust", repoName), trustedCmdWithServer("https://server.invalid:81/"))
|
|
| 335 | 335 |
result.Assert(c, icmd.Success) |
| 336 | 336 |
c.Assert(result.Combined(), check.Not(checker.Contains), "Error establishing connection to notary repository", check.Commentf("Missing expected output on trusted push with --disable-content-trust:"))
|
| 337 | 337 |
} |
| ... | ... |
@@ -339,13 +337,13 @@ func (s *DockerTrustSuite) TestTrustedPushWithoutServerAndUntrusted(c *check.C) |
| 339 | 339 |
func (s *DockerTrustSuite) TestTrustedPushWithExistingTag(c *check.C) {
|
| 340 | 340 |
repoName := fmt.Sprintf("%v/dockerclitag/trusted:latest", privateRegistryURL)
|
| 341 | 341 |
// tag the image and upload it to the private registry |
| 342 |
- dockerCmd(c, "tag", "busybox", repoName) |
|
| 343 |
- dockerCmd(c, "push", repoName) |
|
| 342 |
+ cli.DockerCmd(c, "tag", "busybox", repoName) |
|
| 343 |
+ cli.DockerCmd(c, "push", repoName) |
|
| 344 | 344 |
|
| 345 |
- icmd.RunCmd(icmd.Command(dockerBinary, "push", repoName), trustedCmd).Assert(c, SuccessSigningAndPushing) |
|
| 345 |
+ cli.Docker(cli.Args("push", repoName), trustedCmd).Assert(c, SuccessSigningAndPushing)
|
|
| 346 | 346 |
|
| 347 | 347 |
// Try pull after push |
| 348 |
- icmd.RunCmd(icmd.Command(dockerBinary, "pull", repoName), trustedCmd).Assert(c, icmd.Expected{
|
|
| 348 |
+ cli.Docker(cli.Args("pull", repoName), trustedCmd).Assert(c, icmd.Expected{
|
|
| 349 | 349 |
Out: "Status: Image is up to date", |
| 350 | 350 |
}) |
| 351 | 351 |
} |
| ... | ... |
@@ -353,76 +351,34 @@ func (s *DockerTrustSuite) TestTrustedPushWithExistingTag(c *check.C) {
|
| 353 | 353 |
func (s *DockerTrustSuite) TestTrustedPushWithExistingSignedTag(c *check.C) {
|
| 354 | 354 |
repoName := fmt.Sprintf("%v/dockerclipushpush/trusted:latest", privateRegistryURL)
|
| 355 | 355 |
// tag the image and upload it to the private registry |
| 356 |
- dockerCmd(c, "tag", "busybox", repoName) |
|
| 356 |
+ cli.DockerCmd(c, "tag", "busybox", repoName) |
|
| 357 | 357 |
|
| 358 | 358 |
// Do a trusted push |
| 359 |
- icmd.RunCmd(icmd.Command(dockerBinary, "push", repoName), trustedCmd).Assert(c, SuccessSigningAndPushing) |
|
| 359 |
+ cli.Docker(cli.Args("push", repoName), trustedCmd).Assert(c, SuccessSigningAndPushing)
|
|
| 360 | 360 |
|
| 361 | 361 |
// Do another trusted push |
| 362 |
- icmd.RunCmd(icmd.Command(dockerBinary, "push", repoName), trustedCmd).Assert(c, SuccessSigningAndPushing) |
|
| 363 |
- dockerCmd(c, "rmi", repoName) |
|
| 362 |
+ cli.Docker(cli.Args("push", repoName), trustedCmd).Assert(c, SuccessSigningAndPushing)
|
|
| 363 |
+ cli.DockerCmd(c, "rmi", repoName) |
|
| 364 | 364 |
|
| 365 | 365 |
// Try pull to ensure the double push did not break our ability to pull |
| 366 |
- icmd.RunCmd(icmd.Command(dockerBinary, "pull", repoName), trustedCmd).Assert(c, SuccessDownloaded) |
|
| 366 |
+ cli.Docker(cli.Args("pull", repoName), trustedCmd).Assert(c, SuccessDownloaded)
|
|
| 367 | 367 |
} |
| 368 | 368 |
|
| 369 | 369 |
func (s *DockerTrustSuite) TestTrustedPushWithIncorrectPassphraseForNonRoot(c *check.C) {
|
| 370 | 370 |
repoName := fmt.Sprintf("%v/dockercliincorretpwd/trusted:latest", privateRegistryURL)
|
| 371 | 371 |
// tag the image and upload it to the private registry |
| 372 |
- dockerCmd(c, "tag", "busybox", repoName) |
|
| 372 |
+ cli.DockerCmd(c, "tag", "busybox", repoName) |
|
| 373 | 373 |
|
| 374 | 374 |
// Push with default passphrases |
| 375 |
- icmd.RunCmd(icmd.Command(dockerBinary, "push", repoName), trustedCmd).Assert(c, SuccessSigningAndPushing) |
|
| 375 |
+ cli.Docker(cli.Args("push", repoName), trustedCmd).Assert(c, SuccessSigningAndPushing)
|
|
| 376 | 376 |
|
| 377 | 377 |
// Push with wrong passphrases |
| 378 |
- icmd.RunCmd(icmd.Command(dockerBinary, "push", repoName), trustedCmdWithPassphrases("12345678", "87654321")).Assert(c, icmd.Expected{
|
|
| 378 |
+ cli.Docker(cli.Args("push", repoName), trustedCmdWithPassphrases("12345678", "87654321")).Assert(c, icmd.Expected{
|
|
| 379 | 379 |
ExitCode: 1, |
| 380 | 380 |
Err: "could not find necessary signing keys", |
| 381 | 381 |
}) |
| 382 | 382 |
} |
| 383 | 383 |
|
| 384 |
-func (s *DockerTrustSuite) TestTrustedPushWithExpiredSnapshot(c *check.C) {
|
|
| 385 |
- c.Skip("Currently changes system time, causing instability")
|
|
| 386 |
- repoName := fmt.Sprintf("%v/dockercliexpiredsnapshot/trusted:latest", privateRegistryURL)
|
|
| 387 |
- // tag the image and upload it to the private registry |
|
| 388 |
- dockerCmd(c, "tag", "busybox", repoName) |
|
| 389 |
- |
|
| 390 |
- // Push with default passphrases |
|
| 391 |
- icmd.RunCmd(icmd.Command(dockerBinary, "push", repoName), trustedCmd).Assert(c, SuccessSigningAndPushing) |
|
| 392 |
- |
|
| 393 |
- // Snapshots last for three years. This should be expired |
|
| 394 |
- fourYearsLater := time.Now().Add(time.Hour * 24 * 365 * 4) |
|
| 395 |
- |
|
| 396 |
- testutil.RunAtDifferentDate(fourYearsLater, func() {
|
|
| 397 |
- // Push with wrong passphrases |
|
| 398 |
- icmd.RunCmd(icmd.Cmd{
|
|
| 399 |
- Command: []string{dockerBinary, "push", repoName},
|
|
| 400 |
- }, trustedCmd).Assert(c, icmd.Expected{
|
|
| 401 |
- ExitCode: 1, |
|
| 402 |
- Err: "repository out-of-date", |
|
| 403 |
- }) |
|
| 404 |
- }) |
|
| 405 |
-} |
|
| 406 |
- |
|
| 407 |
-func (s *DockerTrustSuite) TestTrustedPushWithExpiredTimestamp(c *check.C) {
|
|
| 408 |
- c.Skip("Currently changes system time, causing instability")
|
|
| 409 |
- repoName := fmt.Sprintf("%v/dockercliexpiredtimestamppush/trusted:latest", privateRegistryURL)
|
|
| 410 |
- // tag the image and upload it to the private registry |
|
| 411 |
- dockerCmd(c, "tag", "busybox", repoName) |
|
| 412 |
- |
|
| 413 |
- // Push with default passphrases |
|
| 414 |
- icmd.RunCmd(icmd.Command(dockerBinary, "push", repoName), trustedCmd).Assert(c, SuccessSigningAndPushing) |
|
| 415 |
- |
|
| 416 |
- // The timestamps expire in two weeks. Lets check three |
|
| 417 |
- threeWeeksLater := time.Now().Add(time.Hour * 24 * 21) |
|
| 418 |
- |
|
| 419 |
- // Should succeed because the server transparently re-signs one |
|
| 420 |
- testutil.RunAtDifferentDate(threeWeeksLater, func() {
|
|
| 421 |
- icmd.RunCmd(icmd.Command(dockerBinary, "push", repoName), |
|
| 422 |
- trustedCmd).Assert(c, SuccessSigningAndPushing) |
|
| 423 |
- }) |
|
| 424 |
-} |
|
| 425 |
- |
|
| 426 | 384 |
func (s *DockerTrustSuite) TestTrustedPushWithReleasesDelegationOnly(c *check.C) {
|
| 427 | 385 |
testRequires(c, NotaryHosting) |
| 428 | 386 |
repoName := fmt.Sprintf("%v/dockerclireleasedelegationinitfirst/trusted", privateRegistryURL)
|
| ... | ... |
@@ -434,9 +390,9 @@ func (s *DockerTrustSuite) TestTrustedPushWithReleasesDelegationOnly(c *check.C) |
| 434 | 434 |
s.notaryImportKey(c, repoName, "targets/releases", s.not.keys[0].Private) |
| 435 | 435 |
|
| 436 | 436 |
// tag the image and upload it to the private registry |
| 437 |
- dockerCmd(c, "tag", "busybox", targetName) |
|
| 437 |
+ cli.DockerCmd(c, "tag", "busybox", targetName) |
|
| 438 | 438 |
|
| 439 |
- icmd.RunCmd(icmd.Command(dockerBinary, "push", targetName), trustedCmd).Assert(c, SuccessSigningAndPushing) |
|
| 439 |
+ cli.Docker(cli.Args("push", targetName), trustedCmd).Assert(c, SuccessSigningAndPushing)
|
|
| 440 | 440 |
// check to make sure that the target has been added to targets/releases and not targets |
| 441 | 441 |
s.assertTargetInRoles(c, repoName, "latest", "targets/releases") |
| 442 | 442 |
s.assertTargetNotInRoles(c, repoName, "latest", "targets") |
| ... | ... |
@@ -444,7 +400,7 @@ func (s *DockerTrustSuite) TestTrustedPushWithReleasesDelegationOnly(c *check.C) |
| 444 | 444 |
// Try pull after push |
| 445 | 445 |
os.RemoveAll(filepath.Join(cliconfig.Dir(), "trust")) |
| 446 | 446 |
|
| 447 |
- icmd.RunCmd(icmd.Command(dockerBinary, "pull", targetName), trustedCmd).Assert(c, icmd.Expected{
|
|
| 447 |
+ cli.Docker(cli.Args("pull", targetName), trustedCmd).Assert(c, icmd.Expected{
|
|
| 448 | 448 |
Out: "Status: Image is up to date", |
| 449 | 449 |
}) |
| 450 | 450 |
} |
| ... | ... |
@@ -468,9 +424,9 @@ func (s *DockerTrustSuite) TestTrustedPushSignsAllFirstLevelRolesWeHaveKeysFor(c |
| 468 | 468 |
s.notaryPublish(c, repoName) |
| 469 | 469 |
|
| 470 | 470 |
// tag the image and upload it to the private registry |
| 471 |
- dockerCmd(c, "tag", "busybox", targetName) |
|
| 471 |
+ cli.DockerCmd(c, "tag", "busybox", targetName) |
|
| 472 | 472 |
|
| 473 |
- icmd.RunCmd(icmd.Command(dockerBinary, "push", targetName), trustedCmd).Assert(c, SuccessSigningAndPushing) |
|
| 473 |
+ cli.Docker(cli.Args("push", targetName), trustedCmd).Assert(c, SuccessSigningAndPushing)
|
|
| 474 | 474 |
|
| 475 | 475 |
// check to make sure that the target has been added to targets/role1 and targets/role2, and |
| 476 | 476 |
// not targets (because there are delegations) or targets/role3 (due to missing key) or |
| ... | ... |
@@ -482,7 +438,7 @@ func (s *DockerTrustSuite) TestTrustedPushSignsAllFirstLevelRolesWeHaveKeysFor(c |
| 482 | 482 |
os.RemoveAll(filepath.Join(cliconfig.Dir(), "trust")) |
| 483 | 483 |
|
| 484 | 484 |
// pull should fail because none of these are the releases role |
| 485 |
- icmd.RunCmd(icmd.Command(dockerBinary, "pull", targetName), trustedCmd).Assert(c, icmd.Expected{
|
|
| 485 |
+ cli.Docker(cli.Args("pull", targetName), trustedCmd).Assert(c, icmd.Expected{
|
|
| 486 | 486 |
ExitCode: 1, |
| 487 | 487 |
}) |
| 488 | 488 |
} |
| ... | ... |
@@ -504,9 +460,9 @@ func (s *DockerTrustSuite) TestTrustedPushSignsForRolesWithKeysAndValidPaths(c * |
| 504 | 504 |
s.notaryPublish(c, repoName) |
| 505 | 505 |
|
| 506 | 506 |
// tag the image and upload it to the private registry |
| 507 |
- dockerCmd(c, "tag", "busybox", targetName) |
|
| 507 |
+ cli.DockerCmd(c, "tag", "busybox", targetName) |
|
| 508 | 508 |
|
| 509 |
- icmd.RunCmd(icmd.Command(dockerBinary, "push", targetName), trustedCmd).Assert(c, SuccessSigningAndPushing) |
|
| 509 |
+ cli.Docker(cli.Args("push", targetName), trustedCmd).Assert(c, SuccessSigningAndPushing)
|
|
| 510 | 510 |
|
| 511 | 511 |
// check to make sure that the target has been added to targets/role1 and targets/role4, and |
| 512 | 512 |
// not targets (because there are delegations) or targets/role2 (due to path restrictions) or |
| ... | ... |
@@ -518,7 +474,7 @@ func (s *DockerTrustSuite) TestTrustedPushSignsForRolesWithKeysAndValidPaths(c * |
| 518 | 518 |
os.RemoveAll(filepath.Join(cliconfig.Dir(), "trust")) |
| 519 | 519 |
|
| 520 | 520 |
// pull should fail because none of these are the releases role |
| 521 |
- icmd.RunCmd(icmd.Command(dockerBinary, "pull", targetName), trustedCmd).Assert(c, icmd.Expected{
|
|
| 521 |
+ cli.Docker(cli.Args("pull", targetName), trustedCmd).Assert(c, icmd.Expected{
|
|
| 522 | 522 |
ExitCode: 1, |
| 523 | 523 |
}) |
| 524 | 524 |
} |
| ... | ... |
@@ -534,9 +490,9 @@ func (s *DockerTrustSuite) TestTrustedPushDoesntSignTargetsIfDelegationsExist(c |
| 534 | 534 |
// do not import any delegations key |
| 535 | 535 |
|
| 536 | 536 |
// tag the image and upload it to the private registry |
| 537 |
- dockerCmd(c, "tag", "busybox", targetName) |
|
| 537 |
+ cli.DockerCmd(c, "tag", "busybox", targetName) |
|
| 538 | 538 |
|
| 539 |
- icmd.RunCmd(icmd.Command(dockerBinary, "push", targetName), trustedCmd).Assert(c, icmd.Expected{
|
|
| 539 |
+ cli.Docker(cli.Args("push", targetName), trustedCmd).Assert(c, icmd.Expected{
|
|
| 540 | 540 |
ExitCode: 1, |
| 541 | 541 |
Err: "no valid signing keys", |
| 542 | 542 |
}) |
| ... | ... |
@@ -3165,11 +3165,11 @@ func (s *DockerTrustSuite) TestTrustedRun(c *check.C) {
|
| 3165 | 3165 |
repoName := s.setupTrustedImage(c, "trusted-run") |
| 3166 | 3166 |
|
| 3167 | 3167 |
// Try run |
| 3168 |
- icmd.RunCmd(icmd.Command(dockerBinary, "run", repoName), trustedCmd).Assert(c, SuccessTagging) |
|
| 3169 |
- dockerCmd(c, "rmi", repoName) |
|
| 3168 |
+ cli.Docker(cli.Args("run", repoName), trustedCmd).Assert(c, SuccessTagging)
|
|
| 3169 |
+ cli.DockerCmd(c, "rmi", repoName) |
|
| 3170 | 3170 |
|
| 3171 | 3171 |
// Try untrusted run to ensure we pushed the tag to the registry |
| 3172 |
- icmd.RunCmd(icmd.Command(dockerBinary, "run", "--disable-content-trust=true", repoName), trustedCmd).Assert(c, SuccessDownloadedOnStderr) |
|
| 3172 |
+ cli.Docker(cli.Args("run", "--disable-content-trust=true", repoName), trustedCmd).Assert(c, SuccessDownloadedOnStderr)
|
|
| 3173 | 3173 |
} |
| 3174 | 3174 |
|
| 3175 | 3175 |
func (s *DockerTrustSuite) TestUntrustedRun(c *check.C) {
|
| ... | ... |
@@ -3177,44 +3177,17 @@ func (s *DockerTrustSuite) TestUntrustedRun(c *check.C) {
|
| 3177 | 3177 |
testRequires(c, DaemonIsLinux) |
| 3178 | 3178 |
repoName := fmt.Sprintf("%v/dockercliuntrusted/runtest:latest", privateRegistryURL)
|
| 3179 | 3179 |
// tag the image and upload it to the private registry |
| 3180 |
- dockerCmd(c, "tag", "busybox", repoName) |
|
| 3181 |
- dockerCmd(c, "push", repoName) |
|
| 3182 |
- dockerCmd(c, "rmi", repoName) |
|
| 3180 |
+ cli.DockerCmd(c, "tag", "busybox", repoName) |
|
| 3181 |
+ cli.DockerCmd(c, "push", repoName) |
|
| 3182 |
+ cli.DockerCmd(c, "rmi", repoName) |
|
| 3183 | 3183 |
|
| 3184 | 3184 |
// Try trusted run on untrusted tag |
| 3185 |
- icmd.RunCmd(icmd.Command(dockerBinary, "run", repoName), trustedCmd).Assert(c, icmd.Expected{
|
|
| 3185 |
+ cli.Docker(cli.Args("run", repoName), trustedCmd).Assert(c, icmd.Expected{
|
|
| 3186 | 3186 |
ExitCode: 125, |
| 3187 | 3187 |
Err: "does not have trust data for", |
| 3188 | 3188 |
}) |
| 3189 | 3189 |
} |
| 3190 | 3190 |
|
| 3191 |
-func (s *DockerTrustSuite) TestRunWhenCertExpired(c *check.C) {
|
|
| 3192 |
- // Windows does not support this functionality |
|
| 3193 |
- testRequires(c, DaemonIsLinux) |
|
| 3194 |
- c.Skip("Currently changes system time, causing instability")
|
|
| 3195 |
- repoName := s.setupTrustedImage(c, "trusted-run-expired") |
|
| 3196 |
- |
|
| 3197 |
- // Certificates have 10 years of expiration |
|
| 3198 |
- elevenYearsFromNow := time.Now().Add(time.Hour * 24 * 365 * 11) |
|
| 3199 |
- |
|
| 3200 |
- testutil.RunAtDifferentDate(elevenYearsFromNow, func() {
|
|
| 3201 |
- // Try run |
|
| 3202 |
- icmd.RunCmd(icmd.Cmd{
|
|
| 3203 |
- Command: []string{dockerBinary, "run", repoName},
|
|
| 3204 |
- }, trustedCmd).Assert(c, icmd.Expected{
|
|
| 3205 |
- ExitCode: 1, |
|
| 3206 |
- Err: "could not validate the path to a trusted root", |
|
| 3207 |
- }) |
|
| 3208 |
- }) |
|
| 3209 |
- |
|
| 3210 |
- testutil.RunAtDifferentDate(elevenYearsFromNow, func() {
|
|
| 3211 |
- // Try run |
|
| 3212 |
- icmd.RunCmd(icmd.Cmd{
|
|
| 3213 |
- Command: []string{dockerBinary, "run", "--disable-content-trust", repoName},
|
|
| 3214 |
- }, trustedCmd).Assert(c, SuccessDownloaded) |
|
| 3215 |
- }) |
|
| 3216 |
-} |
|
| 3217 |
- |
|
| 3218 | 3191 |
func (s *DockerTrustSuite) TestTrustedRunFromBadTrustServer(c *check.C) {
|
| 3219 | 3192 |
// Windows does not support this functionality |
| 3220 | 3193 |
testRequires(c, DaemonIsLinux) |
| ... | ... |
@@ -3225,14 +3198,14 @@ func (s *DockerTrustSuite) TestTrustedRunFromBadTrustServer(c *check.C) {
|
| 3225 | 3225 |
} |
| 3226 | 3226 |
|
| 3227 | 3227 |
// tag the image and upload it to the private registry |
| 3228 |
- dockerCmd(c, "tag", "busybox", repoName) |
|
| 3228 |
+ cli.DockerCmd(c, "tag", "busybox", repoName) |
|
| 3229 | 3229 |
|
| 3230 |
- icmd.RunCmd(icmd.Command(dockerBinary, "push", repoName), trustedCmd).Assert(c, SuccessSigningAndPushing) |
|
| 3231 |
- dockerCmd(c, "rmi", repoName) |
|
| 3230 |
+ cli.Docker(cli.Args("push", repoName), trustedCmd).Assert(c, SuccessSigningAndPushing)
|
|
| 3231 |
+ cli.DockerCmd(c, "rmi", repoName) |
|
| 3232 | 3232 |
|
| 3233 | 3233 |
// Try run |
| 3234 |
- icmd.RunCmd(icmd.Command(dockerBinary, "run", repoName), trustedCmd).Assert(c, SuccessTagging) |
|
| 3235 |
- dockerCmd(c, "rmi", repoName) |
|
| 3234 |
+ cli.Docker(cli.Args("run", repoName), trustedCmd).Assert(c, SuccessTagging)
|
|
| 3235 |
+ cli.DockerCmd(c, "rmi", repoName) |
|
| 3236 | 3236 |
|
| 3237 | 3237 |
// Kill the notary server, start a new "evil" one. |
| 3238 | 3238 |
s.not.Close() |
| ... | ... |
@@ -3243,13 +3216,13 @@ func (s *DockerTrustSuite) TestTrustedRunFromBadTrustServer(c *check.C) {
|
| 3243 | 3243 |
|
| 3244 | 3244 |
// In order to make an evil server, lets re-init a client (with a different trust dir) and push new data. |
| 3245 | 3245 |
// tag an image and upload it to the private registry |
| 3246 |
- dockerCmd(c, "--config", evilLocalConfigDir, "tag", "busybox", repoName) |
|
| 3246 |
+ cli.DockerCmd(c, "--config", evilLocalConfigDir, "tag", "busybox", repoName) |
|
| 3247 | 3247 |
|
| 3248 | 3248 |
// Push up to the new server |
| 3249 |
- icmd.RunCmd(icmd.Command(dockerBinary, "--config", evilLocalConfigDir, "push", repoName), trustedCmd).Assert(c, SuccessSigningAndPushing) |
|
| 3249 |
+ cli.Docker(cli.Args("--config", evilLocalConfigDir, "push", repoName), trustedCmd).Assert(c, SuccessSigningAndPushing)
|
|
| 3250 | 3250 |
|
| 3251 | 3251 |
// Now, try running with the original client from this new trust server. This should fail because the new root is invalid. |
| 3252 |
- icmd.RunCmd(icmd.Command(dockerBinary, "run", repoName), trustedCmd).Assert(c, icmd.Expected{
|
|
| 3252 |
+ cli.Docker(cli.Args("run", repoName), trustedCmd).Assert(c, icmd.Expected{
|
|
| 3253 | 3253 |
ExitCode: 125, |
| 3254 | 3254 |
Err: "could not rotate trust to a new trusted root", |
| 3255 | 3255 |
}) |
| ... | ... |
@@ -1539,8 +1539,7 @@ func (s *DockerTrustedSwarmSuite) TestTrustedServiceCreate(c *check.C) {
|
| 1539 | 1539 |
repoName := s.trustSuite.setupTrustedImage(c, "trusted-pull") |
| 1540 | 1540 |
|
| 1541 | 1541 |
name := "trusted" |
| 1542 |
- serviceCmd := d.Command("-D", "service", "create", "--name", name, repoName, "top")
|
|
| 1543 |
- icmd.RunCmd(serviceCmd, trustedCmd).Assert(c, icmd.Expected{
|
|
| 1542 |
+ cli.Docker(cli.Args("-D", "service", "create", "--name", name, repoName, "top"), trustedCmd, cli.Daemon(d.Daemon)).Assert(c, icmd.Expected{
|
|
| 1544 | 1543 |
Err: "resolved image tag to", |
| 1545 | 1544 |
}) |
| 1546 | 1545 |
|
| ... | ... |
@@ -1552,13 +1551,12 @@ func (s *DockerTrustedSwarmSuite) TestTrustedServiceCreate(c *check.C) {
|
| 1552 | 1552 |
|
| 1553 | 1553 |
repoName = fmt.Sprintf("%v/untrustedservicecreate/createtest:latest", privateRegistryURL)
|
| 1554 | 1554 |
// tag the image and upload it to the private registry |
| 1555 |
- dockerCmd(c, "tag", "busybox", repoName) |
|
| 1556 |
- dockerCmd(c, "push", repoName) |
|
| 1557 |
- dockerCmd(c, "rmi", repoName) |
|
| 1555 |
+ cli.DockerCmd(c, "tag", "busybox", repoName) |
|
| 1556 |
+ cli.DockerCmd(c, "push", repoName) |
|
| 1557 |
+ cli.DockerCmd(c, "rmi", repoName) |
|
| 1558 | 1558 |
|
| 1559 | 1559 |
name = "untrusted" |
| 1560 |
- serviceCmd = d.Command("service", "create", "--name", name, repoName, "top")
|
|
| 1561 |
- icmd.RunCmd(serviceCmd, trustedCmd).Assert(c, icmd.Expected{
|
|
| 1560 |
+ cli.Docker(cli.Args("service", "create", "--name", name, repoName, "top"), trustedCmd, cli.Daemon(d.Daemon)).Assert(c, icmd.Expected{
|
|
| 1562 | 1561 |
ExitCode: 1, |
| 1563 | 1562 |
Err: "Error: remote trust data does not exist", |
| 1564 | 1563 |
}) |
| ... | ... |
@@ -1576,34 +1574,31 @@ func (s *DockerTrustedSwarmSuite) TestTrustedServiceUpdate(c *check.C) {
|
| 1576 | 1576 |
name := "myservice" |
| 1577 | 1577 |
|
| 1578 | 1578 |
// Create a service without content trust |
| 1579 |
- _, err := d.Cmd("service", "create", "--name", name, repoName, "top")
|
|
| 1580 |
- c.Assert(err, checker.IsNil) |
|
| 1579 |
+ cli.Docker(cli.Args("service", "create", "--name", name, repoName, "top"), cli.Daemon(d.Daemon)).Assert(c, icmd.Success)
|
|
| 1581 | 1580 |
|
| 1582 |
- out, err := d.Cmd("service", "inspect", "--pretty", name)
|
|
| 1583 |
- c.Assert(err, checker.IsNil, check.Commentf(out)) |
|
| 1581 |
+ result := cli.Docker(cli.Args("service", "inspect", "--pretty", name), cli.Daemon(d.Daemon))
|
|
| 1582 |
+ c.Assert(result.Error, checker.IsNil, check.Commentf(result.Combined())) |
|
| 1584 | 1583 |
// Daemon won't insert the digest because this is disabled by |
| 1585 | 1584 |
// DOCKER_SERVICE_PREFER_OFFLINE_IMAGE. |
| 1586 |
- c.Assert(out, check.Not(checker.Contains), repoName+"@", check.Commentf(out)) |
|
| 1585 |
+ c.Assert(result.Combined(), check.Not(checker.Contains), repoName+"@", check.Commentf(result.Combined())) |
|
| 1587 | 1586 |
|
| 1588 |
- serviceCmd := d.Command("-D", "service", "update", "--image", repoName, name)
|
|
| 1589 |
- icmd.RunCmd(serviceCmd, trustedCmd).Assert(c, icmd.Expected{
|
|
| 1587 |
+ cli.Docker(cli.Args("-D", "service", "update", "--image", repoName, name), trustedCmd, cli.Daemon(d.Daemon)).Assert(c, icmd.Expected{
|
|
| 1590 | 1588 |
Err: "resolved image tag to", |
| 1591 | 1589 |
}) |
| 1592 | 1590 |
|
| 1593 |
- out, err = d.Cmd("service", "inspect", "--pretty", name)
|
|
| 1594 |
- c.Assert(err, checker.IsNil, check.Commentf(out)) |
|
| 1595 |
- c.Assert(out, checker.Contains, repoName+"@", check.Commentf(out)) |
|
| 1591 |
+ cli.Docker(cli.Args("service", "inspect", "--pretty", name), cli.Daemon(d.Daemon)).Assert(c, icmd.Expected{
|
|
| 1592 |
+ Out: repoName + "@", |
|
| 1593 |
+ }) |
|
| 1596 | 1594 |
|
| 1597 | 1595 |
// Try trusted service update on an untrusted tag. |
| 1598 | 1596 |
|
| 1599 | 1597 |
repoName = fmt.Sprintf("%v/untrustedservicecreate/createtest:latest", privateRegistryURL)
|
| 1600 | 1598 |
// tag the image and upload it to the private registry |
| 1601 |
- dockerCmd(c, "tag", "busybox", repoName) |
|
| 1602 |
- dockerCmd(c, "push", repoName) |
|
| 1603 |
- dockerCmd(c, "rmi", repoName) |
|
| 1599 |
+ cli.DockerCmd(c, "tag", "busybox", repoName) |
|
| 1600 |
+ cli.DockerCmd(c, "push", repoName) |
|
| 1601 |
+ cli.DockerCmd(c, "rmi", repoName) |
|
| 1604 | 1602 |
|
| 1605 |
- serviceCmd = d.Command("service", "update", "--image", repoName, name)
|
|
| 1606 |
- icmd.RunCmd(serviceCmd, trustedCmd).Assert(c, icmd.Expected{
|
|
| 1603 |
+ cli.Docker(cli.Args("service", "update", "--image", repoName, name), trustedCmd, cli.Daemon(d.Daemon)).Assert(c, icmd.Expected{
|
|
| 1607 | 1604 |
ExitCode: 1, |
| 1608 | 1605 |
Err: "Error: remote trust data does not exist", |
| 1609 | 1606 |
}) |
| ... | ... |
@@ -13,6 +13,7 @@ import ( |
| 13 | 13 |
|
| 14 | 14 |
cliconfig "github.com/docker/docker/cli/config" |
| 15 | 15 |
"github.com/docker/docker/integration-cli/checker" |
| 16 |
+ "github.com/docker/docker/integration-cli/cli" |
|
| 16 | 17 |
icmd "github.com/docker/docker/pkg/testutil/cmd" |
| 17 | 18 |
"github.com/docker/go-connections/tlsconfig" |
| 18 | 19 |
"github.com/go-check/check" |
| ... | ... |
@@ -47,14 +48,6 @@ var SuccessDownloaded = icmd.Expected{
|
| 47 | 47 |
Out: "Status: Downloaded", |
| 48 | 48 |
} |
| 49 | 49 |
|
| 50 |
-var SuccessTaggingOnStderr = icmd.Expected{
|
|
| 51 |
- Err: "Tagging", |
|
| 52 |
-} |
|
| 53 |
- |
|
| 54 |
-var SuccessSigningAndPushingOnStderr = icmd.Expected{
|
|
| 55 |
- Err: "Signing and pushing trust metadata", |
|
| 56 |
-} |
|
| 57 |
- |
|
| 58 | 50 |
var SuccessDownloadedOnStderr = icmd.Expected{
|
| 59 | 51 |
Err: "Status: Downloaded", |
| 60 | 52 |
} |
| ... | ... |
@@ -190,21 +183,24 @@ func (t *testNotary) Close() {
|
| 190 | 190 |
os.RemoveAll(t.dir) |
| 191 | 191 |
} |
| 192 | 192 |
|
| 193 |
-func trustedCmd(cmd *icmd.Cmd) {
|
|
| 193 |
+func trustedCmd(cmd *icmd.Cmd) func() {
|
|
| 194 | 194 |
pwd := "12345678" |
| 195 | 195 |
cmd.Env = append(cmd.Env, trustEnv(notaryURL, pwd, pwd)...) |
| 196 |
+ return nil |
|
| 196 | 197 |
} |
| 197 | 198 |
|
| 198 |
-func trustedCmdWithServer(server string) func(*icmd.Cmd) {
|
|
| 199 |
- return func(cmd *icmd.Cmd) {
|
|
| 199 |
+func trustedCmdWithServer(server string) func(*icmd.Cmd) func() {
|
|
| 200 |
+ return func(cmd *icmd.Cmd) func() {
|
|
| 200 | 201 |
pwd := "12345678" |
| 201 | 202 |
cmd.Env = append(cmd.Env, trustEnv(server, pwd, pwd)...) |
| 203 |
+ return nil |
|
| 202 | 204 |
} |
| 203 | 205 |
} |
| 204 | 206 |
|
| 205 |
-func trustedCmdWithPassphrases(rootPwd, repositoryPwd string) func(*icmd.Cmd) {
|
|
| 206 |
- return func(cmd *icmd.Cmd) {
|
|
| 207 |
+func trustedCmdWithPassphrases(rootPwd, repositoryPwd string) func(*icmd.Cmd) func() {
|
|
| 208 |
+ return func(cmd *icmd.Cmd) func() {
|
|
| 207 | 209 |
cmd.Env = append(cmd.Env, trustEnv(notaryURL, rootPwd, repositoryPwd)...) |
| 210 |
+ return nil |
|
| 208 | 211 |
} |
| 209 | 212 |
} |
| 210 | 213 |
|
| ... | ... |
@@ -221,28 +217,18 @@ func trustEnv(server, rootPwd, repositoryPwd string) []string {
|
| 221 | 221 |
func (s *DockerTrustSuite) setupTrustedImage(c *check.C, name string) string {
|
| 222 | 222 |
repoName := fmt.Sprintf("%v/dockercli/%s:latest", privateRegistryURL, name)
|
| 223 | 223 |
// tag the image and upload it to the private registry |
| 224 |
- dockerCmd(c, "tag", "busybox", repoName) |
|
| 225 |
- |
|
| 226 |
- icmd.RunCmd(icmd.Command(dockerBinary, "push", repoName), trustedCmd).Assert(c, SuccessSigningAndPushing) |
|
| 227 |
- |
|
| 228 |
- if out, status := dockerCmd(c, "rmi", repoName); status != 0 {
|
|
| 229 |
- c.Fatalf("Error removing image %q\n%s", repoName, out)
|
|
| 230 |
- } |
|
| 231 |
- |
|
| 224 |
+ cli.DockerCmd(c, "tag", "busybox", repoName) |
|
| 225 |
+ cli.Docker(cli.Args("push", repoName), trustedCmd).Assert(c, SuccessSigningAndPushing)
|
|
| 226 |
+ cli.DockerCmd(c, "rmi", repoName) |
|
| 232 | 227 |
return repoName |
| 233 | 228 |
} |
| 234 | 229 |
|
| 235 | 230 |
func (s *DockerTrustSuite) setupTrustedplugin(c *check.C, source, name string) string {
|
| 236 | 231 |
repoName := fmt.Sprintf("%v/dockercli/%s:latest", privateRegistryURL, name)
|
| 237 | 232 |
// tag the image and upload it to the private registry |
| 238 |
- dockerCmd(c, "plugin", "install", "--grant-all-permissions", "--alias", repoName, source) |
|
| 239 |
- |
|
| 240 |
- icmd.RunCmd(icmd.Command(dockerBinary, "plugin", "push", repoName), trustedCmd).Assert(c, SuccessSigningAndPushing) |
|
| 241 |
- |
|
| 242 |
- if out, status := dockerCmd(c, "plugin", "rm", "-f", repoName); status != 0 {
|
|
| 243 |
- c.Fatalf("Error removing plugin %q\n%s", repoName, out)
|
|
| 244 |
- } |
|
| 245 |
- |
|
| 233 |
+ cli.DockerCmd(c, "plugin", "install", "--grant-all-permissions", "--alias", repoName, source) |
|
| 234 |
+ cli.Docker(cli.Args("plugin", "push", repoName), trustedCmd).Assert(c, SuccessSigningAndPushing)
|
|
| 235 |
+ cli.DockerCmd(c, "plugin", "rm", "-f", repoName) |
|
| 246 | 236 |
return repoName |
| 247 | 237 |
} |
| 248 | 238 |
|
| ... | ... |
@@ -16,7 +16,6 @@ import ( |
| 16 | 16 |
|
| 17 | 17 |
"github.com/docker/docker/pkg/stringutils" |
| 18 | 18 |
"github.com/docker/docker/pkg/system" |
| 19 |
- icmd "github.com/docker/docker/pkg/testutil/cmd" |
|
| 20 | 19 |
) |
| 21 | 20 |
|
| 22 | 21 |
// IsKilled process the specified error and returns whether the process was killed or not. |
| ... | ... |
@@ -212,20 +211,6 @@ func (c *ChannelBuffer) ReadTimeout(p []byte, n time.Duration) (int, error) {
|
| 212 | 212 |
} |
| 213 | 213 |
} |
| 214 | 214 |
|
| 215 |
-// RunAtDifferentDate runs the specified function with the given time. |
|
| 216 |
-// It changes the date of the system, which can led to weird behaviors. |
|
| 217 |
-func RunAtDifferentDate(date time.Time, block func()) {
|
|
| 218 |
- // Layout for date. MMDDhhmmYYYY |
|
| 219 |
- const timeLayout = "010203042006" |
|
| 220 |
- // Ensure we bring time back to now |
|
| 221 |
- now := time.Now().Format(timeLayout) |
|
| 222 |
- defer icmd.RunCommand("date", now)
|
|
| 223 |
- |
|
| 224 |
- icmd.RunCommand("date", date.Format(timeLayout))
|
|
| 225 |
- block() |
|
| 226 |
- return |
|
| 227 |
-} |
|
| 228 |
- |
|
| 229 | 215 |
// ReadBody read the specified ReadCloser content and returns it |
| 230 | 216 |
func ReadBody(b io.ReadCloser) ([]byte, error) {
|
| 231 | 217 |
defer b.Close() |
| ... | ... |
@@ -339,25 +339,3 @@ func TestChannelBuffer(t *testing.T) {
|
| 339 | 339 |
t.Fatalf("Expected '%s', got '%s'", expected, string(b))
|
| 340 | 340 |
} |
| 341 | 341 |
} |
| 342 |
- |
|
| 343 |
-// FIXME doesn't work |
|
| 344 |
-// func TestRunAtDifferentDate(t *testing.T) {
|
|
| 345 |
-// var date string |
|
| 346 |
- |
|
| 347 |
-// // Layout for date. MMDDhhmmYYYY |
|
| 348 |
-// const timeLayout = "20060102" |
|
| 349 |
-// expectedDate := "20100201" |
|
| 350 |
-// theDate, err := time.Parse(timeLayout, expectedDate) |
|
| 351 |
-// if err != nil {
|
|
| 352 |
-// t.Fatal(err) |
|
| 353 |
-// } |
|
| 354 |
- |
|
| 355 |
-// RunAtDifferentDate(theDate, func() {
|
|
| 356 |
-// cmd := exec.Command("date", "+%Y%M%d")
|
|
| 357 |
-// out, err := cmd.Output() |
|
| 358 |
-// if err != nil {
|
|
| 359 |
-// t.Fatal(err) |
|
| 360 |
-// } |
|
| 361 |
-// date = string(out) |
|
| 362 |
-// }) |
|
| 363 |
-// } |