Browse code
Add test for incorrect nonroot passphrase
Fix failing tests for create, push, and pull
Signed-off-by: Diogo Monica <diogo@docker.com>
Diogo Monica authored on 2015/07/23 03:39:35Showing 3 changed files
- integration-cli/docker_cli_create_test.go
- integration-cli/docker_cli_pull_test.go
- integration-cli/docker_cli_push_test.go
| ... | ... |
@@ -8,9 +8,10 @@ import ( |
| 8 | 8 |
"strings" |
| 9 | 9 |
"time" |
| 10 | 10 |
|
| 11 |
+ "os/exec" |
|
| 12 |
+ |
|
| 11 | 13 |
"github.com/docker/docker/pkg/nat" |
| 12 | 14 |
"github.com/go-check/check" |
| 13 |
- "os/exec" |
|
| 14 | 15 |
) |
| 15 | 16 |
|
| 16 | 17 |
// Make sure we can create a simple container with some args |
| ... | ... |
@@ -274,7 +275,7 @@ func (s *DockerSuite) TestCreateModeIpcContainer(c *check.C) {
|
| 274 | 274 |
} |
| 275 | 275 |
|
| 276 | 276 |
func (s *DockerTrustSuite) TestTrustedCreate(c *check.C) {
|
| 277 |
- repoName := fmt.Sprintf("%v/dockercli/trusted:latest", privateRegistryURL)
|
|
| 277 |
+ repoName := fmt.Sprintf("%v/dockerclicreate/trusted:latest", privateRegistryURL)
|
|
| 278 | 278 |
// tag the image and upload it to the private registry |
| 279 | 279 |
dockerCmd(c, "tag", "busybox", repoName) |
| 280 | 280 |
|
| ... | ... |
@@ -155,7 +155,7 @@ func (s *DockerSuite) TestPullImageWithAllTagFromCentralRegistry(c *check.C) {
|
| 155 | 155 |
} |
| 156 | 156 |
|
| 157 | 157 |
func (s *DockerTrustSuite) TestTrustedPull(c *check.C) {
|
| 158 |
- repoName := fmt.Sprintf("%v/dockercli/trusted:latest", privateRegistryURL)
|
|
| 158 |
+ repoName := fmt.Sprintf("%v/dockerclipull/trusted:latest", privateRegistryURL)
|
|
| 159 | 159 |
// tag the image and upload it to the private registry |
| 160 | 160 |
dockerCmd(c, "tag", "busybox", repoName) |
| 161 | 161 |
|
| ... | ... |
@@ -160,7 +160,7 @@ func (s *DockerTrustSuite) TestTrustedPush(c *check.C) {
|
| 160 | 160 |
} |
| 161 | 161 |
} |
| 162 | 162 |
|
| 163 |
-func (s *DockerTrustSuite) TestTrustedPushWithoutServer(c *check.C) {
|
|
| 163 |
+func (s *DockerTrustSuite) TestTrustedPushWithFaillingServer(c *check.C) {
|
|
| 164 | 164 |
repoName := fmt.Sprintf("%v/dockercli/trusted:latest", privateRegistryURL)
|
| 165 | 165 |
// tag the image and upload it to the private registry |
| 166 | 166 |
dockerCmd(c, "tag", "busybox", repoName) |
| ... | ... |
@@ -212,56 +212,76 @@ func (s *DockerTrustSuite) TestTrustedPushWithExistingTag(c *check.C) {
|
| 212 | 212 |
} |
| 213 | 213 |
} |
| 214 | 214 |
|
| 215 |
-func (s *DockerTrustSuite) TestTrustedPushWithShortRootPassphrase(c *check.C) {
|
|
| 216 |
- repoName := fmt.Sprintf("%v/dockercli/trusted:latest", privateRegistryURL)
|
|
| 215 |
+func (s *DockerTrustSuite) TestTrustedPushWithExistingSignedTag(c *check.C) {
|
|
| 216 |
+ repoName := fmt.Sprintf("%v/dockerclipushpush/trusted:latest", privateRegistryURL)
|
|
| 217 | 217 |
// tag the image and upload it to the private registry |
| 218 | 218 |
dockerCmd(c, "tag", "busybox", repoName) |
| 219 | 219 |
|
| 220 |
+ // Do a trusted push |
|
| 220 | 221 |
pushCmd := exec.Command(dockerBinary, "push", repoName) |
| 221 |
- s.trustedCmdWithPassphrases(pushCmd, "rootPwd", "", "") |
|
| 222 |
+ s.trustedCmd(pushCmd) |
|
| 222 | 223 |
out, _, err := runCommandWithOutput(pushCmd) |
| 223 |
- if err == nil {
|
|
| 224 |
- c.Fatalf("Error missing from trusted push with short root passphrase")
|
|
| 224 |
+ if err != nil {
|
|
| 225 |
+ c.Fatalf("trusted push failed: %s\n%s", err, out)
|
|
| 225 | 226 |
} |
| 226 | 227 |
|
| 227 |
- if !strings.Contains(string(out), "tuf: insufficient signatures for Cryptoservice") {
|
|
| 228 |
- c.Fatalf("Missing expected output on trusted push with short root passphrase:\n%s", out)
|
|
| 228 |
+ if !strings.Contains(string(out), "Signing and pushing trust metadata") {
|
|
| 229 |
+ c.Fatalf("Missing expected output on trusted push with existing tag:\n%s", out)
|
|
| 229 | 230 |
} |
| 230 |
-} |
|
| 231 |
- |
|
| 232 |
-func (s *DockerTrustSuite) TestTrustedPushWithIncorrectRootPassphrase(c *check.C) {
|
|
| 233 |
- repoName := fmt.Sprintf("%v/dockercli/trusted:latest", privateRegistryURL)
|
|
| 234 |
- // tag the image and upload it to the private registry |
|
| 235 |
- dockerCmd(c, "tag", "busybox", repoName) |
|
| 236 | 231 |
|
| 237 |
- // Push with default passphrase |
|
| 238 |
- pushCmd := exec.Command(dockerBinary, "push", "--untrusted", repoName) |
|
| 232 |
+ // Do another trusted push |
|
| 233 |
+ pushCmd = exec.Command(dockerBinary, "push", repoName) |
|
| 239 | 234 |
s.trustedCmd(pushCmd) |
| 240 |
- out, _, _ := runCommandWithOutput(pushCmd) |
|
| 241 |
- fmt.Println("OUTPUT: ", out)
|
|
| 235 |
+ out, _, err = runCommandWithOutput(pushCmd) |
|
| 236 |
+ if err != nil {
|
|
| 237 |
+ c.Fatalf("trusted push failed: %s\n%s", err, out)
|
|
| 238 |
+ } |
|
| 242 | 239 |
|
| 243 |
- // Push with incorrect passphrase |
|
| 244 |
- pushCmd = exec.Command(dockerBinary, "push", "--untrusted", repoName) |
|
| 245 |
- s.trustedCmd(pushCmd) |
|
| 246 |
- // s.trustedCmdWithPassphrases(pushCmd, "87654321", "", "") |
|
| 247 |
- out, _, _ = runCommandWithOutput(pushCmd) |
|
| 248 |
- fmt.Println("OUTPUT2:", out)
|
|
| 249 |
- //c.Fail() |
|
| 240 |
+ if !strings.Contains(string(out), "Signing and pushing trust metadata") {
|
|
| 241 |
+ c.Fatalf("Missing expected output on trusted push with existing tag:\n%s", out)
|
|
| 242 |
+ } |
|
| 243 |
+ |
|
| 244 |
+ dockerCmd(c, "rmi", repoName) |
|
| 245 |
+ |
|
| 246 |
+ // Try pull to ensure the double push did not break our ability to pull |
|
| 247 |
+ pullCmd := exec.Command(dockerBinary, "pull", repoName) |
|
| 248 |
+ s.trustedCmd(pullCmd) |
|
| 249 |
+ out, _, err = runCommandWithOutput(pullCmd) |
|
| 250 |
+ if err != nil {
|
|
| 251 |
+ c.Fatalf("Error running trusted pull: %s\n%s", err, out)
|
|
| 252 |
+ } |
|
| 253 |
+ |
|
| 254 |
+ if !strings.Contains(string(out), "Status: Downloaded") {
|
|
| 255 |
+ c.Fatalf("Missing expected output on trusted pull with --untrusted:\n%s", out)
|
|
| 256 |
+ } |
|
| 250 | 257 |
} |
| 251 | 258 |
|
| 252 |
-func (s *DockerTrustSuite) TestTrustedPushWithShortPassphraseForNonRoot(c *check.C) {
|
|
| 253 |
- repoName := fmt.Sprintf("%v/dockercli/trusted:latest", privateRegistryURL)
|
|
| 259 |
+func (s *DockerTrustSuite) TestTrustedPushWithIncorrectPassphraseForNonRoot(c *check.C) {
|
|
| 260 |
+ repoName := fmt.Sprintf("%v/dockercliincorretpwd/trusted:latest", privateRegistryURL)
|
|
| 254 | 261 |
// tag the image and upload it to the private registry |
| 255 | 262 |
dockerCmd(c, "tag", "busybox", repoName) |
| 256 | 263 |
|
| 264 |
+ // Push with default passphrases |
|
| 257 | 265 |
pushCmd := exec.Command(dockerBinary, "push", repoName) |
| 258 |
- s.trustedCmdWithPassphrases(pushCmd, "12345678", "short", "short") |
|
| 266 |
+ s.trustedCmd(pushCmd) |
|
| 259 | 267 |
out, _, err := runCommandWithOutput(pushCmd) |
| 268 |
+ if err != nil {
|
|
| 269 |
+ c.Fatalf("trusted push failed: %s\n%s", err, out)
|
|
| 270 |
+ } |
|
| 271 |
+ |
|
| 272 |
+ if !strings.Contains(string(out), "Signing and pushing trust metadata") {
|
|
| 273 |
+ c.Fatalf("Missing expected output on trusted push:\n%s", out)
|
|
| 274 |
+ } |
|
| 275 |
+ |
|
| 276 |
+ // Push with wrong passphrases |
|
| 277 |
+ pushCmd = exec.Command(dockerBinary, "push", repoName) |
|
| 278 |
+ s.trustedCmdWithPassphrases(pushCmd, "12345678", "87654321", "87654321") |
|
| 279 |
+ out, _, err = runCommandWithOutput(pushCmd) |
|
| 260 | 280 |
if err == nil {
|
| 261 |
- c.Fatalf("Error missing from trusted push with short targets passphrase")
|
|
| 281 |
+ c.Fatalf("Error missing from trusted push with short targets passphrase: \n%s", out)
|
|
| 262 | 282 |
} |
| 263 | 283 |
|
| 264 |
- if !strings.Contains(string(out), "tuf: insufficient signatures for Cryptoservice") {
|
|
| 284 |
+ if !strings.Contains(string(out), "Password Invalid, operation has failed") {
|
|
| 265 | 285 |
c.Fatalf("Missing expected output on trusted push with short targets/snapsnot passphrase:\n%s", out)
|
| 266 | 286 |
} |
| 267 | 287 |
} |