1. docker
  2. Commit 8f724a277abc96498dcb6a1b8425abf2b04dbdcc
Browse code

integration-cli: Add integration tests for swarm services + content trust

Signed-off-by: Aaron Lehmann <aaron.lehmann@docker.com>
(cherry picked from commit 62cd3b39f901d14f984f1176ef0844918c145d21)

Aaron Lehmann authored on 2016/12/07 03:57:58
Showing 2 changed files
integration-cli/check_test.go
History View file @ 8f724a2
... ... 
@@ -348,3 +348,36 @@ func (s *DockerTrustSuite) TearDownTest(c *check.C) {
348 348 
 	os.RemoveAll(filepath.Join(cliconfig.ConfigDir(), "trust"))
349 349 
 	s.ds.TearDownTest(c)
350 350 
 }
351 
+
352 
+func init() {
353 
+	ds := &DockerSuite{}
354 
+	check.Suite(&DockerTrustedSwarmSuite{
355 
+		trustSuite: DockerTrustSuite{
356 
+			ds: ds,
357 
+		},
358 
+		swarmSuite: DockerSwarmSuite{
359 
+			ds: ds,
360 
+		},
361 
+	})
362 
+}
363 
+
364 
+type DockerTrustedSwarmSuite struct {
365 
+	swarmSuite DockerSwarmSuite
366 
+	trustSuite DockerTrustSuite
367 
+	reg        *testRegistryV2
368 
+	not        *testNotary
369 
+}
370 
+
371 
+func (s *DockerTrustedSwarmSuite) SetUpTest(c *check.C) {
372 
+	s.swarmSuite.SetUpTest(c)
373 
+	s.trustSuite.SetUpTest(c)
374 
+}
375 
+
376 
+func (s *DockerTrustedSwarmSuite) TearDownTest(c *check.C) {
377 
+	s.trustSuite.TearDownTest(c)
378 
+	s.swarmSuite.TearDownTest(c)
379 
+}
380 
+
381 
+func (s *DockerTrustedSwarmSuite) OnTimeout(c *check.C) {
382 
+	s.swarmSuite.OnTimeout(c)
383 
+}
integration-cli/docker_cli_swarm_test.go
History View file @ 8f724a2
... ... 
@@ -1085,3 +1085,84 @@ func (s *DockerSwarmSuite) TestSwarmNetworkIPAMOptions(c *check.C) {
1085 1085 
 	c.Assert(err, checker.IsNil, check.Commentf(out))
1086 1086 
 	c.Assert(strings.TrimSpace(out), checker.Equals, "map[foo:bar]")
1087 1087 
 }
1088 
+
1089 
+func (s *DockerTrustedSwarmSuite) TestTrustedServiceCreate(c *check.C) {
1090 
+	d := s.swarmSuite.AddDaemon(c, true, true)
1091 
+
1092 
+	// Attempt creating a service from an image that is known to notary.
1093 
+	repoName := s.trustSuite.setupTrustedImage(c, "trusted-pull")
1094 
+
1095 
+	name := "trusted"
1096 
+	serviceCmd := d.command("-D", "service", "create", "--name", name, repoName, "top")
1097 
+	s.trustSuite.trustedCmd(serviceCmd)
1098 
+	out, _, err := runCommandWithOutput(serviceCmd)
1099 
+	c.Assert(err, checker.IsNil, check.Commentf(out))
1100 
+	c.Assert(out, checker.Contains, "resolved image tag to", check.Commentf(out))
1101 
+
1102 
+	out, err = d.Cmd("service", "inspect", "--pretty", name)
1103 
+	c.Assert(err, checker.IsNil, check.Commentf(out))
1104 
+	c.Assert(out, checker.Contains, repoName+"@", check.Commentf(out))
1105 
+
1106 
+	// Try trusted service create on an untrusted tag.
1107 
+
1108 
+	repoName = fmt.Sprintf("%v/untrustedservicecreate/createtest:latest", privateRegistryURL)
1109 
+	// tag the image and upload it to the private registry
1110 
+	dockerCmd(c, "tag", "busybox", repoName)
1111 
+	dockerCmd(c, "push", repoName)
1112 
+	dockerCmd(c, "rmi", repoName)
1113 
+
1114 
+	name = "untrusted"
1115 
+	serviceCmd = d.command("service", "create", "--name", name, repoName, "top")
1116 
+	s.trustSuite.trustedCmd(serviceCmd)
1117 
+	out, _, err = runCommandWithOutput(serviceCmd)
1118 
+
1119 
+	c.Assert(err, check.NotNil, check.Commentf(out))
1120 
+	c.Assert(string(out), checker.Contains, "Error: remote trust data does not exist", check.Commentf(out))
1121 
+
1122 
+	out, err = d.Cmd("service", "inspect", "--pretty", name)
1123 
+	c.Assert(err, checker.NotNil, check.Commentf(out))
1124 
+}
1125 
+
1126 
+func (s *DockerTrustedSwarmSuite) TestTrustedServiceUpdate(c *check.C) {
1127 
+	d := s.swarmSuite.AddDaemon(c, true, true)
1128 
+
1129 
+	// Attempt creating a service from an image that is known to notary.
1130 
+	repoName := s.trustSuite.setupTrustedImage(c, "trusted-pull")
1131 
+
1132 
+	name := "myservice"
1133 
+
1134 
+	// Create a service without content trust
1135 
+	_, err := d.Cmd("service", "create", "--name", name, repoName, "top")
1136 
+	c.Assert(err, checker.IsNil)
1137 
+
1138 
+	out, err := d.Cmd("service", "inspect", "--pretty", name)
1139 
+	c.Assert(err, checker.IsNil, check.Commentf(out))
1140 
+	// Daemon won't insert the digest because this is disabled by
1141 
+	// DOCKER_SERVICE_PREFER_OFFLINE_IMAGE.
1142 
+	c.Assert(out, check.Not(checker.Contains), repoName+"@", check.Commentf(out))
1143 
+
1144 
+	serviceCmd := d.command("-D", "service", "update", "--image", repoName, name)
1145 
+	s.trustSuite.trustedCmd(serviceCmd)
1146 
+	out, _, err = runCommandWithOutput(serviceCmd)
1147 
+	c.Assert(err, checker.IsNil, check.Commentf(out))
1148 
+	c.Assert(out, checker.Contains, "resolved image tag to", check.Commentf(out))
1149 
+
1150 
+	out, err = d.Cmd("service", "inspect", "--pretty", name)
1151 
+	c.Assert(err, checker.IsNil, check.Commentf(out))
1152 
+	c.Assert(out, checker.Contains, repoName+"@", check.Commentf(out))
1153 
+
1154 
+	// Try trusted service update on an untrusted tag.
1155 
+
1156 
+	repoName = fmt.Sprintf("%v/untrustedservicecreate/createtest:latest", privateRegistryURL)
1157 
+	// tag the image and upload it to the private registry
1158 
+	dockerCmd(c, "tag", "busybox", repoName)
1159 
+	dockerCmd(c, "push", repoName)
1160 
+	dockerCmd(c, "rmi", repoName)
1161 
+
1162 
+	serviceCmd = d.command("service", "update", "--image", repoName, name)
1163 
+	s.trustSuite.trustedCmd(serviceCmd)
1164 
+	out, _, err = runCommandWithOutput(serviceCmd)
1165 
+
1166 
+	c.Assert(err, check.NotNil, check.Commentf(out))
1167 
+	c.Assert(string(out), checker.Contains, "Error: remote trust data does not exist", check.Commentf(out))
1168 
+}