Update trustedCmd to be compatible with testutil/cmd

Signed-off-by: Vincent Demeester <vincent@sbr.pm>

integration-cli/docker_cli_build_test.go

@@ -5433,7 +5433,7 @@ func (s *DockerTrustSuite) TestTrustedBuild(c *check.C) {
 	name := "testtrustedbuild"
 
 	buildCmd := buildImageCmd(name, dockerFile, true)
-	s.trustedCmd(buildCmd)
+	trustedExecCmd(buildCmd)
 	out, _, err := runCommandWithOutput(buildCmd)
 	if err != nil {
 		c.Fatalf("Error running trusted build: %s\n%s", err, out)
@@ -5464,7 +5464,7 @@ func (s *DockerTrustSuite) TestTrustedBuildUntrustedTag(c *check.C) {
 	name := "testtrustedbuilduntrustedtag"
 
 	buildCmd := buildImageCmd(name, dockerFile, true)
-	s.trustedCmd(buildCmd)
+	trustedExecCmd(buildCmd)
 	out, _, err := runCommandWithOutput(buildCmd)
 	if err == nil {
 		c.Fatalf("Expected error on trusted build with untrusted tag: %s\n%s", err, out)
@@ -5527,10 +5527,7 @@ func (s *DockerTrustSuite) TestTrustedBuildTagFromReleasesRole(c *check.C) {
 	otherTag := fmt.Sprintf("%s:other", repoName)
 	dockerCmd(c, "tag", "busybox", otherTag)
 
-	pushCmd := exec.Command(dockerBinary, "push", otherTag)
-	s.trustedCmd(pushCmd)
-	out, _, err := runCommandWithOutput(pushCmd)
-	c.Assert(err, check.IsNil, check.Commentf("Trusted push failed: %s", out))
+	icmd.RunCmd(icmd.Command(dockerBinary, "push", otherTag), trustedCmd).Assert(c, icmd.Success)
 	s.assertTargetInRoles(c, repoName, "other", "targets/releases")
 	s.assertTargetNotInRoles(c, repoName, "other", "targets")
 
@@ -5545,8 +5542,8 @@ func (s *DockerTrustSuite) TestTrustedBuildTagFromReleasesRole(c *check.C) {
 	name := "testtrustedbuildreleasesrole"
 
 	buildCmd := buildImageCmd(name, dockerFile, true)
-	s.trustedCmd(buildCmd)
-	out, _, err = runCommandWithOutput(buildCmd)
+	trustedExecCmd(buildCmd)
+	out, _, err := runCommandWithOutput(buildCmd)
 	c.Assert(err, check.IsNil, check.Commentf("Trusted build failed: %s", out))
 	c.Assert(out, checker.Contains, fmt.Sprintf("FROM %s@sha", repoName))
 }
@@ -5566,10 +5563,7 @@ func (s *DockerTrustSuite) TestTrustedBuildTagIgnoresOtherDelegationRoles(c *che
 	otherTag := fmt.Sprintf("%s:other", repoName)
 	dockerCmd(c, "tag", "busybox", otherTag)
 
-	pushCmd := exec.Command(dockerBinary, "push", otherTag)
-	s.trustedCmd(pushCmd)
-	out, _, err := runCommandWithOutput(pushCmd)
-	c.Assert(err, check.IsNil, check.Commentf("Trusted push failed: %s", out))
+	icmd.RunCmd(icmd.Command(dockerBinary, "push", otherTag), trustedCmd).Assert(c, icmd.Success)
 	s.assertTargetInRoles(c, repoName, "other", "targets/other")
 	s.assertTargetNotInRoles(c, repoName, "other", "targets")
 
@@ -5584,8 +5578,8 @@ func (s *DockerTrustSuite) TestTrustedBuildTagIgnoresOtherDelegationRoles(c *che
 	name := "testtrustedbuildotherrole"
 
 	buildCmd := buildImageCmd(name, dockerFile, true)
-	s.trustedCmd(buildCmd)
-	out, _, err = runCommandWithOutput(buildCmd)
+	trustedExecCmd(buildCmd)
+	out, _, err := runCommandWithOutput(buildCmd)
 	c.Assert(err, check.NotNil, check.Commentf("Trusted build expected to fail: %s", out))
 }
 

integration-cli/docker_cli_build_unix_test.go

@@ -103,7 +103,7 @@ func (s *DockerSuite) TestBuildAddChangeOwnership(c *check.C) {
 
 		icmd.RunCmd(icmd.Cmd{
 			Command: []string{"chown", "daemon:daemon", "foo"},
-			Dir: tmpDir,
+			Dir:     tmpDir,
 		}).Assert(c, icmd.Success)
 
 		if err := ioutil.WriteFile(filepath.Join(tmpDir, "Dockerfile"), []byte(dockerfile), 0644); err != nil {

integration-cli/docker_cli_config_test.go

@@ -5,15 +5,14 @@ import (
 	"net/http"
 	"net/http/httptest"
 	"os"
-	"os/exec"
 	"path/filepath"
 	"runtime"
 
 	"github.com/docker/docker/api"
 	"github.com/docker/docker/dockerversion"
 	"github.com/docker/docker/integration-cli/checker"
-	icmd "github.com/docker/docker/pkg/testutil/cmd"
 	"github.com/docker/docker/pkg/homedir"
+	icmd "github.com/docker/docker/pkg/testutil/cmd"
 	"github.com/go-check/check"
 )
 
@@ -53,7 +52,10 @@ func (s *DockerSuite) TestConfigHTTPHeader(c *check.C) {
 	c.Assert(err, checker.IsNil)
 
 	result := icmd.RunCommand(dockerBinary, "-H="+server.URL[7:], "ps")
-	result.Assert(c, icmd.Success)
+	result.Assert(c, icmd.Expected{
+		ExitCode: 1,
+		Error:    "exit status 1",
+	})
 
 	c.Assert(headers["User-Agent"], checker.NotNil, check.Commentf("Missing User-Agent"))
 
@@ -73,9 +75,9 @@ func (s *DockerSuite) TestConfigDir(c *check.C) {
 	dockerCmd(c, "--config", cDir, "ps")
 
 	// Test with env var too
-	icmd.RunCmd(icm.Cmd{
+	icmd.RunCmd(icmd.Cmd{
 		Command: []string{dockerBinary, "ps"},
-		Env: appendBaseEnv(true, "DOCKER_CONFIG="+cDir),
+		Env:     appendBaseEnv(true, "DOCKER_CONFIG="+cDir),
 	}).Assert(c, icmd.Success)
 
 	// Start a server so we can check to see if the config file was
@@ -100,36 +102,37 @@ func (s *DockerSuite) TestConfigDir(c *check.C) {
 	env := appendBaseEnv(false)
 
 	icmd.RunCmd(icmd.Cmd{
-		Command: []string{dockerBinary, "--config", cDir, "-H="+server.URL[7:], "ps"},
-		Env: env,
-	}).Assert(c, icmd.Exepected{
-		Error: "exit status 1",
+		Command: []string{dockerBinary, "--config", cDir, "-H=" + server.URL[7:], "ps"},
+		Env:     env,
+	}).Assert(c, icmd.Expected{
+		ExitCode: 1,
+		Error:    "exit status 1",
 	})
 	c.Assert(headers["Myheader"], checker.NotNil)
-	c.Assert(headers["Myheader"][0], checker.Equals, "MyValue", check.Commentf("ps3 - Missing header,out:%v", out))
+	c.Assert(headers["Myheader"][0], checker.Equals, "MyValue", check.Commentf("ps3 - Missing header"))
 
 	// Reset headers and try again using env var this time
 	headers = map[string][]string{}
 	icmd.RunCmd(icmd.Cmd{
-		Command: []string{dockerBinary, "--config", cDir, "-H="+server.URL[7:], "ps"},
-		Env: append(env, "DOCKER_CONFIG="+cDir),
-	}).Assert(c, icmd.Exepected{
-		Error: "exit status 1",
+		Command: []string{dockerBinary, "--config", cDir, "-H=" + server.URL[7:], "ps"},
+		Env:     append(env, "DOCKER_CONFIG="+cDir),
+	}).Assert(c, icmd.Expected{
+		ExitCode: 1,
 	})
 	c.Assert(headers["Myheader"], checker.NotNil)
-	c.Assert(headers["Myheader"][0], checker.Equals, "MyValue", check.Commentf("ps4 - Missing header,out:%v", out))
+	c.Assert(headers["Myheader"][0], checker.Equals, "MyValue", check.Commentf("ps4 - Missing header"))
 
 	// FIXME(vdemeester) should be a unit test
 	// Reset headers and make sure flag overrides the env var
 	headers = map[string][]string{}
 	icmd.RunCmd(icmd.Cmd{
-		Command: []string{dockerBinary, "--config", cDir, "-H="+server.URL[7:], "ps"},
-		Env: append(env, "DOCKER_CONFIG=MissingDir"),
-	}).Assert(c, icmd.Exepected{
-		Error: "exit status 1",
+		Command: []string{dockerBinary, "--config", cDir, "-H=" + server.URL[7:], "ps"},
+		Env:     append(env, "DOCKER_CONFIG=MissingDir"),
+	}).Assert(c, icmd.Expected{
+		ExitCode: 1,
 	})
 	c.Assert(headers["Myheader"], checker.NotNil)
-	c.Assert(headers["Myheader"][0], checker.Equals, "MyValue", check.Commentf("ps5 - Missing header,out:%v", out))
+	c.Assert(headers["Myheader"][0], checker.Equals, "MyValue", check.Commentf("ps5 - Missing header"))
 
 	// FIXME(vdemeester) should be a unit test
 	// Reset headers and make sure flag overrides the env var.
@@ -137,11 +140,12 @@ func (s *DockerSuite) TestConfigDir(c *check.C) {
 	// ignore - we don't want to default back to the env var.
 	headers = map[string][]string{}
 	icmd.RunCmd(icmd.Cmd{
-		Command: []string{dockerBinary, "--config", "MissingDir", "-H="+server.URL[7:], "ps"},
-		Env: append(env, "DOCKER_CONFIG="+cDir),
-	}).Assert(c, icmd.Exepected{
-		Error: "exit status 1",
+		Command: []string{dockerBinary, "--config", "MissingDir", "-H=" + server.URL[7:], "ps"},
+		Env:     append(env, "DOCKER_CONFIG="+cDir),
+	}).Assert(c, icmd.Expected{
+		ExitCode: 1,
+		Error:    "exit status 1",
 	})
 
-	c.Assert(headers["Myheader"], checker.IsNil, check.Commentf("ps6 - Headers shouldn't be the expected value,out:%v", out))
+	c.Assert(headers["Myheader"], checker.IsNil, check.Commentf("ps6 - Headers shouldn't be the expected value"))
 }

integration-cli/docker_cli_create_test.go

@@ -3,18 +3,16 @@ package main
 import (
 	"encoding/json"
 	"fmt"
+	"io/ioutil"
 	"os"
 	"reflect"
 	"strings"
 	"time"
 
-	"os/exec"
-
-	"io/ioutil"
-
 	"github.com/docker/docker/integration-cli/checker"
 	"github.com/docker/docker/pkg/stringid"
 	"github.com/docker/docker/pkg/testutil"
+	icmd "github.com/docker/docker/pkg/testutil/cmd"
 	"github.com/docker/go-connections/nat"
 	"github.com/go-check/check"
 )
@@ -302,21 +300,12 @@ func (s *DockerTrustSuite) TestTrustedCreate(c *check.C) {
 	repoName := s.setupTrustedImage(c, "trusted-create")
 
 	// Try create
-	createCmd := exec.Command(dockerBinary, "create", repoName)
-	s.trustedCmd(createCmd)
-	out, _, err := runCommandWithOutput(createCmd)
-	c.Assert(err, check.IsNil)
-	c.Assert(string(out), checker.Contains, "Tagging", check.Commentf("Missing expected output on trusted push:\n%s", out))
+	icmd.RunCmd(icmd.Command(dockerBinary, "create", repoName), trustedCmd).Assert(c, SuccessTagging)
 
 	dockerCmd(c, "rmi", repoName)
 
 	// Try untrusted create to ensure we pushed the tag to the registry
-	createCmd = exec.Command(dockerBinary, "create", "--disable-content-trust=true", repoName)
-	s.trustedCmd(createCmd)
-	out, _, err = runCommandWithOutput(createCmd)
-	c.Assert(err, check.IsNil)
-	c.Assert(string(out), checker.Contains, "Status: Downloaded", check.Commentf("Missing expected output on trusted create with --disable-content-trust:\n%s", out))
-
+	icmd.RunCmd(icmd.Command(dockerBinary, "create", "--disable-content-trust=true", repoName), trustedCmd).Assert(c, SuccessDownloadedOnStderr)
 }
 
 func (s *DockerTrustSuite) TestUntrustedCreate(c *check.C) {
@@ -328,23 +317,17 @@ func (s *DockerTrustSuite) TestUntrustedCreate(c *check.C) {
 	dockerCmd(c, "rmi", withTagName)
 
 	// Try trusted create on untrusted tag
-	createCmd := exec.Command(dockerBinary, "create", withTagName)
-	s.trustedCmd(createCmd)
-	out, _, err := runCommandWithOutput(createCmd)
-	c.Assert(err, check.Not(check.IsNil))
-	c.Assert(string(out), checker.Contains, fmt.Sprintf("does not have trust data for %s", repoName), check.Commentf("Missing expected output on trusted create:\n%s", out))
-
+	icmd.RunCmd(icmd.Command(dockerBinary, "create", withTagName), trustedCmd).Assert(c, icmd.Expected{
+		ExitCode: 1,
+		Err:      fmt.Sprintf("does not have trust data for %s", repoName),
+	})
 }
 
 func (s *DockerTrustSuite) TestTrustedIsolatedCreate(c *check.C) {
 	repoName := s.setupTrustedImage(c, "trusted-isolated-create")
 
 	// Try create
-	createCmd := exec.Command(dockerBinary, "--config", "/tmp/docker-isolated-create", "create", repoName)
-	s.trustedCmd(createCmd)
-	out, _, err := runCommandWithOutput(createCmd)
-	c.Assert(err, check.IsNil)
-	c.Assert(string(out), checker.Contains, "Tagging", check.Commentf("Missing expected output on trusted push:\n%s", out))
+	icmd.RunCmd(icmd.Command(dockerBinary, "--config", "/tmp/docker-isolated-create", "create", repoName), trustedCmd).Assert(c, SuccessTagging)
 
 	dockerCmd(c, "rmi", repoName)
 }
@@ -358,20 +341,19 @@ func (s *DockerTrustSuite) TestCreateWhenCertExpired(c *check.C) {
 
 	testutil.RunAtDifferentDate(elevenYearsFromNow, func() {
 		// Try create
-		createCmd := exec.Command(dockerBinary, "create", repoName)
-		s.trustedCmd(createCmd)
-		out, _, err := runCommandWithOutput(createCmd)
-		c.Assert(err, check.Not(check.IsNil))
-		c.Assert(string(out), checker.Contains, "could not validate the path to a trusted root", check.Commentf("Missing expected output on trusted create in the distant future:\n%s", out))
+		icmd.RunCmd(icmd.Cmd{
+			Command: []string{dockerBinary, "create", repoName},
+		}, trustedCmd).Assert(c, icmd.Expected{
+			ExitCode: 1,
+			Err:      "could not validate the path to a trusted root",
+		})
 	})
 
 	testutil.RunAtDifferentDate(elevenYearsFromNow, func() {
 		// Try create
-		createCmd := exec.Command(dockerBinary, "create", "--disable-content-trust", repoName)
-		s.trustedCmd(createCmd)
-		out, _, err := runCommandWithOutput(createCmd)
-		c.Assert(err, check.Not(check.IsNil))
-		c.Assert(string(out), checker.Contains, "Status: Downloaded", check.Commentf("Missing expected output on trusted create in the distant future:\n%s", out))
+		result := icmd.RunCmd(icmd.Command(dockerBinary, "create", "--disable-content-trust", repoName), trustedCmd)
+		c.Assert(result.Error, check.Not(check.IsNil))
+		c.Assert(string(result.Combined()), checker.Contains, "Status: Downloaded", check.Commentf("Missing expected output on trusted create in the distant future:\n%s", result.Combined()))
 
 	})
 }
@@ -384,20 +366,12 @@ func (s *DockerTrustSuite) TestTrustedCreateFromBadTrustServer(c *check.C) {
 	// tag the image and upload it to the private registry
 	dockerCmd(c, "tag", "busybox", repoName)
 
-	pushCmd := exec.Command(dockerBinary, "push", repoName)
-	s.trustedCmd(pushCmd)
-	out, _, err := runCommandWithOutput(pushCmd)
-	c.Assert(err, check.IsNil)
-	c.Assert(string(out), checker.Contains, "Signing and pushing trust metadata", check.Commentf("Missing expected output on trusted push:\n%s", out))
+	icmd.RunCmd(icmd.Command(dockerBinary, "push", repoName), trustedCmd).Assert(c, SuccessSigningAndPushing)
 
 	dockerCmd(c, "rmi", repoName)
 
 	// Try create
-	createCmd := exec.Command(dockerBinary, "create", repoName)
-	s.trustedCmd(createCmd)
-	out, _, err = runCommandWithOutput(createCmd)
-	c.Assert(err, check.IsNil)
-	c.Assert(string(out), checker.Contains, "Tagging", check.Commentf("Missing expected output on trusted push:\n%s", out))
+	icmd.RunCmd(icmd.Command(dockerBinary, "create", repoName), trustedCmd).Assert(c, SuccessTagging)
 
 	dockerCmd(c, "rmi", repoName)
 
@@ -411,23 +385,13 @@ func (s *DockerTrustSuite) TestTrustedCreateFromBadTrustServer(c *check.C) {
 	dockerCmd(c, "--config", evilLocalConfigDir, "tag", "busybox", repoName)
 
 	// Push up to the new server
-	pushCmd = exec.Command(dockerBinary, "--config", evilLocalConfigDir, "push", repoName)
-	s.trustedCmd(pushCmd)
-	out, _, err = runCommandWithOutput(pushCmd)
-	c.Assert(err, check.IsNil)
-	c.Assert(string(out), checker.Contains, "Signing and pushing trust metadata", check.Commentf("Missing expected output on trusted push:\n%s", out))
+	icmd.RunCmd(icmd.Command(dockerBinary, "--config", evilLocalConfigDir, "push", repoName), trustedCmd).Assert(c, SuccessSigningAndPushing)
 
 	// Now, try creating with the original client from this new trust server. This should fail because the new root is invalid.
-	createCmd = exec.Command(dockerBinary, "create", repoName)
-	s.trustedCmd(createCmd)
-	out, _, err = runCommandWithOutput(createCmd)
-	if err == nil {
-		c.Fatalf("Continuing with cached data even though it's an invalid root rotation: %s\n%s", err, out)
-	}
-	if !strings.Contains(out, "could not rotate trust to a new trusted root") {
-		c.Fatalf("Missing expected output on trusted create:\n%s", out)
-	}
-
+	icmd.RunCmd(icmd.Command(dockerBinary, "create", repoName), trustedCmd).Assert(c, icmd.Expected{
+		ExitCode: 1,
+		Err:      "could not rotate trust to a new trusted root",
+	})
 }
 
 func (s *DockerSuite) TestCreateStopSignal(c *check.C) {

integration-cli/docker_cli_daemon_plugins_test.go

@@ -4,14 +4,13 @@ package main
 
 import (
 	"os"
-	"os/exec"
 	"path/filepath"
 	"strings"
 	"syscall"
 
-	icmd "github.com/docker/docker/pkg/testutil/cmd"
 	"github.com/docker/docker/integration-cli/checker"
 	"github.com/docker/docker/pkg/mount"
+	icmd "github.com/docker/docker/pkg/testutil/cmd"
 	"github.com/go-check/check"
 )
 
@@ -153,7 +152,7 @@ func (s *DockerDaemonSuite) TestDaemonShutdownWithPlugins(c *check.C) {
 
 	icmd.RunCommand("pgrep", "-f", pluginProcessName).Assert(c, icmd.Expected{
 		ExitCode: 1,
-		Error: "exit status 1",
+		Error:    "exit status 1",
 	})
 
 	s.d.Start(c, "--live-restore")

integration-cli/docker_cli_daemon_test.go

@@ -1945,7 +1945,7 @@ func (s *DockerDaemonSuite) TestDaemonRestartWithKilledRunningContainer(t *check
 	}
 
 	// kill the container
-	icmd.RunCommand(ctrBinary, "--address", "unix:///var/run/docker/libcontainerd/docker-containerd.sock", "containers", "kill", cid).Assert(c, icmd.Success)
+	icmd.RunCommand(ctrBinary, "--address", "unix:///var/run/docker/libcontainerd/docker-containerd.sock", "containers", "kill", cid).Assert(t, icmd.Success)
 
 	// Give time to containerd to process the command if we don't
 	// the exit event might be received after we do the inspect

integration-cli/docker_cli_export_import_test.go

@@ -19,8 +19,8 @@ func (s *DockerSuite) TestExportContainerAndImportImage(c *check.C) {
 	out, _ := dockerCmd(c, "export", containerID)
 
 	result := icmd.RunCmd(icmd.Cmd{
-		Command: dockerBinary, "import", "-", "repo/testexp:v1",
-		Stdin: strings.NewReader(out),
+		Command: []string{dockerBinary, "import", "-", "repo/testexp:v1"},
+		Stdin:   strings.NewReader(out),
 	})
 	result.Assert(c, icmd.Success)
 
@@ -41,8 +41,8 @@ func (s *DockerSuite) TestExportContainerWithOutputAndImportImage(c *check.C) {
 	resultCat.Assert(c, icmd.Success)
 
 	result := icmd.RunCmd(icmd.Cmd{
-		Command: dockerBinary, "import", "-", "repo/testexp:v1",
-		Stdin: strings.NewReader(resultCat.Combined()),
+		Command: []string{dockerBinary, "import", "-", "repo/testexp:v1"},
+		Stdin:   strings.NewReader(resultCat.Combined()),
 	})
 	result.Assert(c, icmd.Success)
 

integration-cli/docker_cli_help_test.go

@@ -2,7 +2,6 @@ package main
 
 import (
 	"fmt"
-	"os/exec"
 	"runtime"
 	"strings"
 	"unicode"
@@ -54,8 +53,8 @@ func (s *DockerSuite) TestHelpTextVerify(c *check.C) {
 
 		// Check main help text to make sure its not over 80 chars
 		result := icmd.RunCmd(icmd.Cmd{
-			Command: []stirng{dockerBinary, "help"},
-			Env: newEnvs,
+			Command: []string{dockerBinary, "help"},
+			Env:     newEnvs,
 		})
 		result.Assert(c, icmd.Success)
 		lines := strings.Split(result.Combined(), "\n")

integration-cli/docker_cli_logs_test.go

@@ -8,10 +8,10 @@ import (
 	"strings"
 	"time"
 
-	icmd "github.com/docker/docker/pkg/testutil/cmd"
 	"github.com/docker/docker/integration-cli/checker"
 	"github.com/docker/docker/pkg/jsonlog"
 	"github.com/docker/docker/pkg/testutil"
+	icmd "github.com/docker/docker/pkg/testutil/cmd"
 	"github.com/go-check/check"
 )
 
@@ -190,10 +190,10 @@ func (s *DockerSuite) TestLogsSince(c *check.C) {
 	// Test with default value specified and parameter omitted
 	expected := []string{"log1", "log2", "log3"}
 	for _, cmd := range [][]string{
-		[]string{dockerBinary, "logs", "-t", name},
-		[]string{dockerBinary, "logs", "-t", "--since=0", name},
+		{"logs", "-t", name},
+		{"logs", "-t", "--since=0", name},
 	} {
-		result := icmd.RunCommand(cmd...)
+		result := icmd.RunCommand(dockerBinary, cmd...)
 		result.Assert(c, icmd.Success)
 		for _, v := range expected {
 			c.Assert(result.Combined(), checker.Contains, v)

integration-cli/docker_cli_plugins_test.go

@@ -2,15 +2,14 @@ package main
 
 import (
 	"fmt"
-	"os/exec"
-
-	"github.com/docker/docker/integration-cli/checker"
-	"github.com/go-check/check"
-
 	"io/ioutil"
 	"os"
 	"path/filepath"
 	"strings"
+
+	"github.com/docker/docker/integration-cli/checker"
+	icmd "github.com/docker/docker/pkg/testutil/cmd"
+	"github.com/go-check/check"
 )
 
 var (
@@ -305,15 +304,11 @@ func (s *DockerTrustSuite) TestPluginTrustedInstall(c *check.C) {
 
 	trustedName := s.setupTrustedplugin(c, pNameWithTag, "trusted-plugin-install")
 
-	installCmd := exec.Command(dockerBinary, "plugin", "install", "--grant-all-permissions", trustedName)
-	s.trustedCmd(installCmd)
-	out, _, err := runCommandWithOutput(installCmd)
+	icmd.RunCmd(icmd.Command(dockerBinary, "plugin", "install", "--grant-all-permissions", trustedName), trustedCmd).Assert(c, icmd.Expected{
+		Out: trustedName,
+	})
 
-	c.Assert(strings.TrimSpace(out), checker.Contains, trustedName)
-	c.Assert(err, checker.IsNil)
-	c.Assert(strings.TrimSpace(out), checker.Contains, trustedName)
-
-	out, _, err = dockerCmdWithError("plugin", "ls")
+	out, _, err := dockerCmdWithError("plugin", "ls")
 	c.Assert(err, checker.IsNil)
 	c.Assert(out, checker.Contains, "true")
 
@@ -330,11 +325,7 @@ func (s *DockerTrustSuite) TestPluginTrustedInstall(c *check.C) {
 	c.Assert(strings.TrimSpace(out), checker.Contains, trustedName)
 
 	// Try untrusted pull to ensure we pushed the tag to the registry
-	installCmd = exec.Command(dockerBinary, "plugin", "install", "--disable-content-trust=true", "--grant-all-permissions", trustedName)
-	s.trustedCmd(installCmd)
-	out, _, err = runCommandWithOutput(installCmd)
-	c.Assert(err, check.IsNil, check.Commentf(out))
-	c.Assert(string(out), checker.Contains, "Status: Downloaded", check.Commentf(out))
+	icmd.RunCmd(icmd.Command(dockerBinary, "plugin", "install", "--disable-content-trust=true", "--grant-all-permissions", trustedName), trustedCmd).Assert(c, SuccessDownloaded)
 
 	out, _, err = dockerCmdWithError("plugin", "ls")
 	c.Assert(err, checker.IsNil)
@@ -352,12 +343,10 @@ func (s *DockerTrustSuite) TestPluginUntrustedInstall(c *check.C) {
 	dockerCmd(c, "plugin", "rm", "-f", pluginName)
 
 	// Try trusted install on untrusted plugin
-	installCmd := exec.Command(dockerBinary, "plugin", "install", "--grant-all-permissions", pluginName)
-	s.trustedCmd(installCmd)
-	out, _, err := runCommandWithOutput(installCmd)
-
-	c.Assert(err, check.NotNil, check.Commentf(out))
-	c.Assert(string(out), checker.Contains, "Error: remote trust data does not exist", check.Commentf(out))
+	icmd.RunCmd(icmd.Command(dockerBinary, "plugin", "install", "--grant-all-permissions", pluginName), trustedCmd).Assert(c, icmd.Expected{
+		ExitCode: 1,
+		Err:      "Error: remote trust data does not exist",
+	})
 }
 
 func (s *DockerSuite) TestPluginIDPrefix(c *check.C) {

integration-cli/docker_cli_proxy_test.go

@@ -2,20 +2,19 @@ package main
 
 import (
 	"net"
-	"os/exec"
 	"strings"
 
-	icmd "github.com/docker/docker/pkg/testutil/cmd"
 	"github.com/docker/docker/integration-cli/checker"
+	icmd "github.com/docker/docker/pkg/testutil/cmd"
 	"github.com/go-check/check"
 )
 
 func (s *DockerSuite) TestCLIProxyDisableProxyUnixSock(c *check.C) {
 	testRequires(c, DaemonIsLinux, SameHostDaemon)
 
-	icmd.RunCmd(icm.Cmd{
+	icmd.RunCmd(icmd.Cmd{
 		Command: []string{dockerBinary, "info"},
-		Env: appendBaseEnv(false, "HTTP_PROXY=http://127.0.0.1:9999"),
+		Env:     appendBaseEnv(false, "HTTP_PROXY=http://127.0.0.1:9999"),
 	}).Assert(c, icmd.Success)
 }
 
@@ -42,11 +41,11 @@ func (s *DockerDaemonSuite) TestCLIProxyProxyTCPSock(c *check.C) {
 
 	icmd.RunCmd(icmd.Cmd{
 		Command: []string{dockerBinary, "info"},
-		Env: []string{"DOCKER_HOST=tcp://" + ip + ":2375", "HTTP_PROXY=127.0.0.1:9999"},
-	}).Assert(c, icmd.Expected{Error:"exit status 1", ExitCode: 1})
+		Env:     []string{"DOCKER_HOST=tcp://" + ip + ":2375", "HTTP_PROXY=127.0.0.1:9999"},
+	}).Assert(c, icmd.Expected{Error: "exit status 1", ExitCode: 1})
 	// Test with no_proxy
-	icmd.RunCommand(icmd.Cmd{
+	icmd.RunCmd(icmd.Cmd{
 		Command: []string{dockerBinary, "info"},
-		Env: []string{"DOCKER_HOST=tcp://" + ip + ":2375", "HTTP_PROXY=127.0.0.1:9999", "NO_PROXY="+ip},
+		Env:     []string{"DOCKER_HOST=tcp://" + ip + ":2375", "HTTP_PROXY=127.0.0.1:9999", "NO_PROXY=" + ip},
 	}).Assert(c, icmd.Success)
 }

integration-cli/docker_cli_pull_local_test.go

@@ -5,18 +5,17 @@ import (
 	"fmt"
 	"io/ioutil"
 	"os"
-	"os/exec"
 	"path/filepath"
 	"runtime"
 	"strings"
 
 	"github.com/docker/distribution"
 	"github.com/docker/distribution/digest"
-	icmd "github.com/docker/docker/pkg/testutil/cmd"
 	"github.com/docker/distribution/manifest"
 	"github.com/docker/distribution/manifest/manifestlist"
 	"github.com/docker/distribution/manifest/schema2"
 	"github.com/docker/docker/integration-cli/checker"
+	icmd "github.com/docker/docker/pkg/testutil/cmd"
 	"github.com/go-check/check"
 )
 

integration-cli/docker_cli_pull_trusted_test.go

@@ -3,12 +3,11 @@ package main
 import (
 	"fmt"
 	"io/ioutil"
-	"os/exec"
-	"strings"
 	"time"
 
 	"github.com/docker/docker/integration-cli/checker"
 	"github.com/docker/docker/pkg/testutil"
+	icmd "github.com/docker/docker/pkg/testutil/cmd"
 	"github.com/go-check/check"
 )
 
@@ -16,33 +15,18 @@ func (s *DockerTrustSuite) TestTrustedPull(c *check.C) {
 	repoName := s.setupTrustedImage(c, "trusted-pull")
 
 	// Try pull
-	pullCmd := exec.Command(dockerBinary, "pull", repoName)
-	s.trustedCmd(pullCmd)
-	out, _, err := runCommandWithOutput(pullCmd)
-
-	c.Assert(err, check.IsNil, check.Commentf(out))
-	c.Assert(string(out), checker.Contains, "Tagging", check.Commentf(out))
+	icmd.RunCmd(icmd.Command(dockerBinary, "pull", repoName), trustedCmd).Assert(c, SuccessTagging)
 
 	dockerCmd(c, "rmi", repoName)
 	// Try untrusted pull to ensure we pushed the tag to the registry
-	pullCmd = exec.Command(dockerBinary, "pull", "--disable-content-trust=true", repoName)
-	s.trustedCmd(pullCmd)
-	out, _, err = runCommandWithOutput(pullCmd)
-	c.Assert(err, check.IsNil, check.Commentf(out))
-	c.Assert(string(out), checker.Contains, "Status: Downloaded", check.Commentf(out))
-
+	icmd.RunCmd(icmd.Command(dockerBinary, "pull", "--disable-content-trust=true", repoName), trustedCmd).Assert(c, SuccessDownloaded)
 }
 
 func (s *DockerTrustSuite) TestTrustedIsolatedPull(c *check.C) {
 	repoName := s.setupTrustedImage(c, "trusted-isolated-pull")
 
 	// Try pull (run from isolated directory without trust information)
-	pullCmd := exec.Command(dockerBinary, "--config", "/tmp/docker-isolated", "pull", repoName)
-	s.trustedCmd(pullCmd)
-	out, _, err := runCommandWithOutput(pullCmd)
-
-	c.Assert(err, check.IsNil, check.Commentf(out))
-	c.Assert(string(out), checker.Contains, "Tagging", check.Commentf(string(out)))
+	icmd.RunCmd(icmd.Command(dockerBinary, "--config", "/tmp/docker-isolated", "pull", repoName), trustedCmd).Assert(c, SuccessTagging)
 
 	dockerCmd(c, "rmi", repoName)
 }
@@ -55,12 +39,10 @@ func (s *DockerTrustSuite) TestUntrustedPull(c *check.C) {
 	dockerCmd(c, "rmi", repoName)
 
 	// Try trusted pull on untrusted tag
-	pullCmd := exec.Command(dockerBinary, "pull", repoName)
-	s.trustedCmd(pullCmd)
-	out, _, err := runCommandWithOutput(pullCmd)
-
-	c.Assert(err, check.NotNil, check.Commentf(out))
-	c.Assert(string(out), checker.Contains, "Error: remote trust data does not exist", check.Commentf(out))
+	icmd.RunCmd(icmd.Command(dockerBinary, "pull", repoName), trustedCmd).Assert(c, icmd.Expected{
+		ExitCode: 1,
+		Err:      "Error: remote trust data does not exist",
+	})
 }
 
 func (s *DockerTrustSuite) TestPullWhenCertExpired(c *check.C) {
@@ -72,22 +54,19 @@ func (s *DockerTrustSuite) TestPullWhenCertExpired(c *check.C) {
 
 	testutil.RunAtDifferentDate(elevenYearsFromNow, func() {
 		// Try pull
-		pullCmd := exec.Command(dockerBinary, "pull", repoName)
-		s.trustedCmd(pullCmd)
-		out, _, err := runCommandWithOutput(pullCmd)
-
-		c.Assert(err, check.NotNil, check.Commentf(out))
-		c.Assert(string(out), checker.Contains, "could not validate the path to a trusted root", check.Commentf(out))
+		icmd.RunCmd(icmd.Cmd{
+			Command: []string{dockerBinary, "pull", repoName},
+		}, trustedCmd).Assert(c, icmd.Expected{
+			ExitCode: 1,
+			Err:      "could not validate the path to a trusted root",
+		})
 	})
 
 	testutil.RunAtDifferentDate(elevenYearsFromNow, func() {
 		// Try pull
-		pullCmd := exec.Command(dockerBinary, "pull", "--disable-content-trust", repoName)
-		s.trustedCmd(pullCmd)
-		out, _, err := runCommandWithOutput(pullCmd)
-
-		c.Assert(err, check.IsNil, check.Commentf(out))
-		c.Assert(string(out), checker.Contains, "Status: Downloaded", check.Commentf(out))
+		icmd.RunCmd(icmd.Cmd{
+			Command: []string{dockerBinary, "pull", "--disable-content-trust", repoName},
+		}, trustedCmd).Assert(c, SuccessDownloaded)
 	})
 }
 
@@ -101,21 +80,11 @@ func (s *DockerTrustSuite) TestTrustedPullFromBadTrustServer(c *check.C) {
 	// tag the image and upload it to the private registry
 	dockerCmd(c, "tag", "busybox", repoName)
 
-	pushCmd := exec.Command(dockerBinary, "push", repoName)
-	s.trustedCmd(pushCmd)
-	out, _, err := runCommandWithOutput(pushCmd)
-
-	c.Assert(err, check.IsNil, check.Commentf(out))
-	c.Assert(string(out), checker.Contains, "Signing and pushing trust metadata", check.Commentf(out))
+	icmd.RunCmd(icmd.Command(dockerBinary, "push", repoName), trustedCmd).Assert(c, SuccessSigningAndPushing)
 	dockerCmd(c, "rmi", repoName)
 
 	// Try pull
-	pullCmd := exec.Command(dockerBinary, "pull", repoName)
-	s.trustedCmd(pullCmd)
-	out, _, err = runCommandWithOutput(pullCmd)
-
-	c.Assert(err, check.IsNil, check.Commentf(out))
-	c.Assert(string(out), checker.Contains, "Tagging", check.Commentf(out))
+	icmd.RunCmd(icmd.Command(dockerBinary, "pull", repoName), trustedCmd).Assert(c, SuccessTagging)
 	dockerCmd(c, "rmi", repoName)
 
 	// Kill the notary server, start a new "evil" one.
@@ -129,23 +98,13 @@ func (s *DockerTrustSuite) TestTrustedPullFromBadTrustServer(c *check.C) {
 	dockerCmd(c, "--config", evilLocalConfigDir, "tag", "busybox", repoName)
 
 	// Push up to the new server
-	pushCmd = exec.Command(dockerBinary, "--config", evilLocalConfigDir, "push", repoName)
-	s.trustedCmd(pushCmd)
-	out, _, err = runCommandWithOutput(pushCmd)
-
-	c.Assert(err, check.IsNil, check.Commentf(out))
-	c.Assert(string(out), checker.Contains, "Signing and pushing trust metadata", check.Commentf(out))
+	icmd.RunCmd(icmd.Command(dockerBinary, "--config", evilLocalConfigDir, "push", repoName), trustedCmd).Assert(c, SuccessSigningAndPushing)
 
 	// Now, try pulling with the original client from this new trust server. This should fail because the new root is invalid.
-	pullCmd = exec.Command(dockerBinary, "pull", repoName)
-	s.trustedCmd(pullCmd)
-	out, _, err = runCommandWithOutput(pullCmd)
-	if err == nil {
-		c.Fatalf("Continuing with cached data even though it's an invalid root rotation: %s\n%s", err, out)
-	}
-	if !strings.Contains(out, "could not rotate trust to a new trusted root") {
-		c.Fatalf("Missing expected output on trusted pull:\n%s", out)
-	}
+	icmd.RunCmd(icmd.Command(dockerBinary, "pull", repoName), trustedCmd).Assert(c, icmd.Expected{
+		ExitCode: 1,
+		Err:      "could not rotate trust to a new trusted root",
+	})
 }
 
 func (s *DockerTrustSuite) TestTrustedPullWithExpiredSnapshot(c *check.C) {
@@ -155,13 +114,7 @@ func (s *DockerTrustSuite) TestTrustedPullWithExpiredSnapshot(c *check.C) {
 	dockerCmd(c, "tag", "busybox", repoName)
 
 	// Push with default passphrases
-	pushCmd := exec.Command(dockerBinary, "push", repoName)
-	s.trustedCmd(pushCmd)
-	out, _, err := runCommandWithOutput(pushCmd)
-
-	c.Assert(err, check.IsNil, check.Commentf(out))
-	c.Assert(string(out), checker.Contains, "Signing and pushing trust metadata", check.Commentf(out))
-
+	icmd.RunCmd(icmd.Command(dockerBinary, "push", repoName), trustedCmd).Assert(c, SuccessSigningAndPushing)
 	dockerCmd(c, "rmi", repoName)
 
 	// Snapshots last for three years. This should be expired
@@ -169,41 +122,28 @@ func (s *DockerTrustSuite) TestTrustedPullWithExpiredSnapshot(c *check.C) {
 
 	testutil.RunAtDifferentDate(fourYearsLater, func() {
 		// Try pull
-		pullCmd := exec.Command(dockerBinary, "pull", repoName)
-		s.trustedCmd(pullCmd)
-		out, _, err = runCommandWithOutput(pullCmd)
-
-		c.Assert(err, check.NotNil, check.Commentf("Missing expected error running trusted pull with expired snapshots"))
-		c.Assert(string(out), checker.Contains, "repository out-of-date", check.Commentf(out))
+		icmd.RunCmd(icmd.Cmd{
+			Command: []string{dockerBinary, "pull", repoName},
+		}, trustedCmd).Assert(c, icmd.Expected{
+			ExitCode: 1,
+			Err:      "repository out-of-date",
+		})
 	})
 }
 
 func (s *DockerTrustSuite) TestTrustedOfflinePull(c *check.C) {
 	repoName := s.setupTrustedImage(c, "trusted-offline-pull")
 
-	pullCmd := exec.Command(dockerBinary, "pull", repoName)
-	s.trustedCmdWithServer(pullCmd, "https://invalidnotaryserver")
-	out, _, err := runCommandWithOutput(pullCmd)
-
-	c.Assert(err, check.NotNil, check.Commentf(out))
-	c.Assert(string(out), checker.Contains, "error contacting notary server", check.Commentf(out))
+	icmd.RunCmd(icmd.Command(dockerBinary, "pull", repoName), trustedCmdWithServer("https://invalidnotaryserver")).Assert(c, icmd.Expected{
+		ExitCode: 1,
+		Err:      "error contacting notary server",
+	})
 	// Do valid trusted pull to warm cache
-	pullCmd = exec.Command(dockerBinary, "pull", repoName)
-	s.trustedCmd(pullCmd)
-	out, _, err = runCommandWithOutput(pullCmd)
-
-	c.Assert(err, check.IsNil, check.Commentf(out))
-	c.Assert(string(out), checker.Contains, "Tagging", check.Commentf(out))
-
+	icmd.RunCmd(icmd.Command(dockerBinary, "pull", repoName), trustedCmd).Assert(c, SuccessTagging)
 	dockerCmd(c, "rmi", repoName)
 
 	// Try pull again with invalid notary server, should use cache
-	pullCmd = exec.Command(dockerBinary, "pull", repoName)
-	s.trustedCmdWithServer(pullCmd, "https://invalidnotaryserver")
-	out, _, err = runCommandWithOutput(pullCmd)
-
-	c.Assert(err, check.IsNil, check.Commentf(out))
-	c.Assert(string(out), checker.Contains, "Tagging", check.Commentf(out))
+	icmd.RunCmd(icmd.Command(dockerBinary, "pull", repoName), trustedCmdWithServer("https://invalidnotaryserver")).Assert(c, SuccessTagging)
 }
 
 func (s *DockerTrustSuite) TestTrustedPullDelete(c *check.C) {
@@ -214,29 +154,16 @@ func (s *DockerTrustSuite) TestTrustedPullDelete(c *check.C) {
                     CMD echo trustedpulldelete
                 `, true)
 
-	pushCmd := exec.Command(dockerBinary, "push", repoName)
-	s.trustedCmd(pushCmd)
-	out, _, err := runCommandWithOutput(pushCmd)
-	if err != nil {
-		c.Fatalf("Error running trusted push: %s\n%s", err, out)
-	}
-	if !strings.Contains(string(out), "Signing and pushing trust metadata") {
-		c.Fatalf("Missing expected output on trusted push:\n%s", out)
-	}
+	icmd.RunCmd(icmd.Command(dockerBinary, "push", repoName), trustedCmd).Assert(c, SuccessSigningAndPushing)
 
-	if out, status := dockerCmd(c, "rmi", repoName); status != 0 {
-		c.Fatalf("Error removing image %q\n%s", repoName, out)
-	}
+	dockerCmd(c, "rmi", repoName)
 
 	// Try pull
-	pullCmd := exec.Command(dockerBinary, "pull", repoName)
-	s.trustedCmd(pullCmd)
-	out, _, err = runCommandWithOutput(pullCmd)
+	result := icmd.RunCmd(icmd.Command(dockerBinary, "pull", repoName), trustedCmd)
+	result.Assert(c, icmd.Success)
 
-	c.Assert(err, check.IsNil, check.Commentf(out))
-
-	matches := digestRegex.FindStringSubmatch(out)
-	c.Assert(matches, checker.HasLen, 2, check.Commentf("unable to parse digest from pull output: %s", out))
+	matches := digestRegex.FindStringSubmatch(result.Combined())
+	c.Assert(matches, checker.HasLen, 2, check.Commentf("unable to parse digest from pull output: %s", result.Combined()))
 	pullDigest := matches[1]
 
 	imageID := inspectField(c, repoName, "Id")
@@ -263,18 +190,13 @@ func (s *DockerTrustSuite) TestTrustedPullReadsFromReleasesRole(c *check.C) {
 
 	// Push with targets first, initializing the repo
 	dockerCmd(c, "tag", "busybox", targetName)
-	pushCmd := exec.Command(dockerBinary, "push", targetName)
-	s.trustedCmd(pushCmd)
-	out, _, err := runCommandWithOutput(pushCmd)
-	c.Assert(err, check.IsNil, check.Commentf(out))
+	icmd.RunCmd(icmd.Command(dockerBinary, "push", targetName), trustedCmd).Assert(c, icmd.Success)
 	s.assertTargetInRoles(c, repoName, "latest", "targets")
 
 	// Try pull, check we retrieve from targets role
-	pullCmd := exec.Command(dockerBinary, "-D", "pull", repoName)
-	s.trustedCmd(pullCmd)
-	out, _, err = runCommandWithOutput(pullCmd)
-	c.Assert(err, check.IsNil, check.Commentf(out))
-	c.Assert(out, checker.Contains, "retrieving target for targets role")
+	icmd.RunCmd(icmd.Command(dockerBinary, "-D", "pull", repoName), trustedCmd).Assert(c, icmd.Expected{
+		Err: "retrieving target for targets role",
+	})
 
 	// Now we'll create the releases role, and try pushing and pulling
 	s.notaryCreateDelegation(c, repoName, "targets/releases", s.not.keys[0].Public)
@@ -283,31 +205,23 @@ func (s *DockerTrustSuite) TestTrustedPullReadsFromReleasesRole(c *check.C) {
 
 	// try a pull, check that we can still pull because we can still read the
 	// old tag in the targets role
-	pullCmd = exec.Command(dockerBinary, "-D", "pull", repoName)
-	s.trustedCmd(pullCmd)
-	out, _, err = runCommandWithOutput(pullCmd)
-	c.Assert(err, check.IsNil, check.Commentf(out))
-	c.Assert(out, checker.Contains, "retrieving target for targets role")
+	icmd.RunCmd(icmd.Command(dockerBinary, "-D", "pull", repoName), trustedCmd).Assert(c, icmd.Expected{
+		Err: "retrieving target for targets role",
+	})
 
 	// try a pull -a, check that it succeeds because we can still pull from the
 	// targets role
-	pullCmd = exec.Command(dockerBinary, "-D", "pull", "-a", repoName)
-	s.trustedCmd(pullCmd)
-	out, _, err = runCommandWithOutput(pullCmd)
-	c.Assert(err, check.IsNil, check.Commentf(out))
+	icmd.RunCmd(icmd.Command(dockerBinary, "-D", "pull", "-a", repoName), trustedCmd).Assert(c, icmd.Success)
 
 	// Push, should sign with targets/releases
 	dockerCmd(c, "tag", "busybox", targetName)
-	pushCmd = exec.Command(dockerBinary, "push", targetName)
-	s.trustedCmd(pushCmd)
-	out, _, err = runCommandWithOutput(pushCmd)
+	icmd.RunCmd(icmd.Command(dockerBinary, "push", targetName), trustedCmd).Assert(c, icmd.Success)
 	s.assertTargetInRoles(c, repoName, "latest", "targets", "targets/releases")
 
 	// Try pull, check we retrieve from targets/releases role
-	pullCmd = exec.Command(dockerBinary, "-D", "pull", repoName)
-	s.trustedCmd(pullCmd)
-	out, _, err = runCommandWithOutput(pullCmd)
-	c.Assert(out, checker.Contains, "retrieving target for targets/releases role")
+	icmd.RunCmd(icmd.Command(dockerBinary, "-D", "pull", repoName), trustedCmd).Assert(c, icmd.Expected{
+		Err: "retrieving target for targets/releases role",
+	})
 
 	// Create another delegation that we'll sign with
 	s.notaryCreateDelegation(c, repoName, "targets/other", s.not.keys[1].Public)
@@ -315,16 +229,13 @@ func (s *DockerTrustSuite) TestTrustedPullReadsFromReleasesRole(c *check.C) {
 	s.notaryPublish(c, repoName)
 
 	dockerCmd(c, "tag", "busybox", targetName)
-	pushCmd = exec.Command(dockerBinary, "push", targetName)
-	s.trustedCmd(pushCmd)
-	out, _, err = runCommandWithOutput(pushCmd)
+	icmd.RunCmd(icmd.Command(dockerBinary, "push", targetName), trustedCmd).Assert(c, icmd.Success)
 	s.assertTargetInRoles(c, repoName, "latest", "targets", "targets/releases", "targets/other")
 
 	// Try pull, check we retrieve from targets/releases role
-	pullCmd = exec.Command(dockerBinary, "-D", "pull", repoName)
-	s.trustedCmd(pullCmd)
-	out, _, err = runCommandWithOutput(pullCmd)
-	c.Assert(out, checker.Contains, "retrieving target for targets/releases role")
+	icmd.RunCmd(icmd.Command(dockerBinary, "-D", "pull", repoName), trustedCmd).Assert(c, icmd.Expected{
+		Err: "retrieving target for targets/releases role",
+	})
 }
 
 func (s *DockerTrustSuite) TestTrustedPullIgnoresOtherDelegationRoles(c *check.C) {
@@ -341,26 +252,22 @@ func (s *DockerTrustSuite) TestTrustedPullIgnoresOtherDelegationRoles(c *check.C
 
 	// Push should write to the delegation role, not targets
 	dockerCmd(c, "tag", "busybox", targetName)
-	pushCmd := exec.Command(dockerBinary, "push", targetName)
-	s.trustedCmd(pushCmd)
-	out, _, err := runCommandWithOutput(pushCmd)
-	c.Assert(err, check.IsNil, check.Commentf(out))
+	icmd.RunCmd(icmd.Command(dockerBinary, "push", targetName), trustedCmd).Assert(c, icmd.Success)
 	s.assertTargetInRoles(c, repoName, "latest", "targets/other")
 	s.assertTargetNotInRoles(c, repoName, "latest", "targets")
 
 	// Try pull - we should fail, since pull will only pull from the targets/releases
 	// role or the targets role
-	pullCmd := exec.Command(dockerBinary, "-D", "pull", repoName)
-	s.trustedCmd(pullCmd)
-	out, _, err = runCommandWithOutput(pullCmd)
-	c.Assert(err, check.NotNil, check.Commentf(out))
-	c.Assert(out, checker.Contains, "No trust data for")
+	dockerCmd(c, "tag", "busybox", targetName)
+	icmd.RunCmd(icmd.Command(dockerBinary, "-D", "pull", repoName), trustedCmd).Assert(c, icmd.Expected{
+		ExitCode: 1,
+		Err:      "No trust data for",
+	})
 
 	// try a pull -a: we should fail since pull will only pull from the targets/releases
 	// role or the targets role
-	pullCmd = exec.Command(dockerBinary, "-D", "pull", "-a", repoName)
-	s.trustedCmd(pullCmd)
-	out, _, err = runCommandWithOutput(pullCmd)
-	c.Assert(err, check.NotNil, check.Commentf(out))
-	c.Assert(out, checker.Contains, "No trusted tags for")
+	icmd.RunCmd(icmd.Command(dockerBinary, "-D", "pull", "-a", repoName), trustedCmd).Assert(c, icmd.Expected{
+		ExitCode: 1,
+		Err:      "No trusted tags for",
+	})
 }

integration-cli/docker_cli_push_test.go

@@ -7,17 +7,16 @@ import (
 	"net/http"
 	"net/http/httptest"
 	"os"
-	"os/exec"
 	"path/filepath"
 	"strings"
 	"sync"
 	"time"
 
 	"github.com/docker/distribution/reference"
-	icmd "github.com/docker/docker/pkg/testutil/cmd"
 	cliconfig "github.com/docker/docker/cli/config"
 	"github.com/docker/docker/integration-cli/checker"
 	"github.com/docker/docker/pkg/testutil"
+	icmd "github.com/docker/docker/pkg/testutil/cmd"
 	"github.com/go-check/check"
 )
 
@@ -138,11 +137,11 @@ func testPushEmptyLayer(c *check.C) {
 
 	icmd.RunCmd(icmd.Cmd{
 		Command: []string{dockerBinary, "import", "-", repoName},
-		Stdin: freader,
+		Stdin:   freader,
 	}).Assert(c, icmd.Success)
 
 	// Now verify we can push it
-	out, _, err = dockerCmdWithError("push", repoName)
+	out, _, err := dockerCmdWithError("push", repoName)
 	c.Assert(err, check.IsNil, check.Commentf("pushing the image to the private registry has failed: %s", out))
 }
 
@@ -288,18 +287,12 @@ func (s *DockerTrustSuite) TestTrustedPush(c *check.C) {
 	// tag the image and upload it to the private registry
 	dockerCmd(c, "tag", "busybox", repoName)
 
-	pushCmd := exec.Command(dockerBinary, "push", repoName)
-	s.trustedCmd(pushCmd)
-	out, _, err := runCommandWithOutput(pushCmd)
-	c.Assert(err, check.IsNil, check.Commentf("Error running trusted push: %s\n%s", err, out))
-	c.Assert(out, checker.Contains, "Signing and pushing trust metadata", check.Commentf("Missing expected output on trusted push"))
+	icmd.RunCmd(icmd.Command(dockerBinary, "push", repoName), trustedCmd).Assert(c, SuccessSigningAndPushing)
 
 	// Try pull after push
-	pullCmd := exec.Command(dockerBinary, "pull", repoName)
-	s.trustedCmd(pullCmd)
-	out, _, err = runCommandWithOutput(pullCmd)
-	c.Assert(err, check.IsNil, check.Commentf(out))
-	c.Assert(string(out), checker.Contains, "Status: Image is up to date", check.Commentf(out))
+	icmd.RunCmd(icmd.Command(dockerBinary, "pull", repoName), trustedCmd).Assert(c, icmd.Expected{
+		Out: "Status: Image is up to date",
+	})
 
 	// Assert that we rotated the snapshot key to the server by checking our local keystore
 	contents, err := ioutil.ReadDir(filepath.Join(cliconfig.Dir(), "trust/private/tuf_keys", privateRegistryURL, "dockerclitrusted/pushtest"))
@@ -313,18 +306,12 @@ func (s *DockerTrustSuite) TestTrustedPushWithEnvPasswords(c *check.C) {
 	// tag the image and upload it to the private registry
 	dockerCmd(c, "tag", "busybox", repoName)
 
-	pushCmd := exec.Command(dockerBinary, "push", repoName)
-	s.trustedCmdWithPassphrases(pushCmd, "12345678", "12345678")
-	out, _, err := runCommandWithOutput(pushCmd)
-	c.Assert(err, check.IsNil, check.Commentf("Error running trusted push: %s\n%s", err, out))
-	c.Assert(out, checker.Contains, "Signing and pushing trust metadata", check.Commentf("Missing expected output on trusted push"))
+	icmd.RunCmd(icmd.Command(dockerBinary, "push", repoName), trustedCmdWithPassphrases("12345678", "12345678")).Assert(c, SuccessSigningAndPushing)
 
 	// Try pull after push
-	pullCmd := exec.Command(dockerBinary, "pull", repoName)
-	s.trustedCmd(pullCmd)
-	out, _, err = runCommandWithOutput(pullCmd)
-	c.Assert(err, check.IsNil, check.Commentf(out))
-	c.Assert(string(out), checker.Contains, "Status: Image is up to date", check.Commentf(out))
+	icmd.RunCmd(icmd.Command(dockerBinary, "pull", repoName), trustedCmd).Assert(c, icmd.Expected{
+		Out: "Status: Image is up to date",
+	})
 }
 
 func (s *DockerTrustSuite) TestTrustedPushWithFailingServer(c *check.C) {
@@ -332,12 +319,11 @@ func (s *DockerTrustSuite) TestTrustedPushWithFailingServer(c *check.C) {
 	// tag the image and upload it to the private registry
 	dockerCmd(c, "tag", "busybox", repoName)
 
-	pushCmd := exec.Command(dockerBinary, "push", repoName)
 	// Using a name that doesn't resolve to an address makes this test faster
-	s.trustedCmdWithServer(pushCmd, "https://server.invalid:81/")
-	out, _, err := runCommandWithOutput(pushCmd)
-	c.Assert(err, check.NotNil, check.Commentf("Missing error while running trusted push w/ no server"))
-	c.Assert(out, checker.Contains, "error contacting notary server", check.Commentf("Missing expected output on trusted push"))
+	icmd.RunCmd(icmd.Command(dockerBinary, "push", repoName), trustedCmdWithServer("https://server.invalid:81/")).Assert(c, icmd.Expected{
+		ExitCode: 1,
+		Err:      "error contacting notary server",
+	})
 }
 
 func (s *DockerTrustSuite) TestTrustedPushWithoutServerAndUntrusted(c *check.C) {
@@ -345,12 +331,9 @@ func (s *DockerTrustSuite) TestTrustedPushWithoutServerAndUntrusted(c *check.C)
 	// tag the image and upload it to the private registry
 	dockerCmd(c, "tag", "busybox", repoName)
 
-	pushCmd := exec.Command(dockerBinary, "push", "--disable-content-trust", repoName)
-	// Using a name that doesn't resolve to an address makes this test faster
-	s.trustedCmdWithServer(pushCmd, "https://server.invalid")
-	out, _, err := runCommandWithOutput(pushCmd)
-	c.Assert(err, check.IsNil, check.Commentf("trusted push with no server and --disable-content-trust failed: %s\n%s", err, out))
-	c.Assert(out, check.Not(checker.Contains), "Error establishing connection to notary repository", check.Commentf("Missing expected output on trusted push with --disable-content-trust:"))
+	result := icmd.RunCmd(icmd.Command(dockerBinary, "push", "--disable-content-trust", repoName), trustedCmdWithServer("https://server.invalid:81/"))
+	result.Assert(c, icmd.Success)
+	c.Assert(result.Combined(), check.Not(checker.Contains), "Error establishing connection to notary repository", check.Commentf("Missing expected output on trusted push with --disable-content-trust:"))
 }
 
 func (s *DockerTrustSuite) TestTrustedPushWithExistingTag(c *check.C) {
@@ -359,18 +342,12 @@ func (s *DockerTrustSuite) TestTrustedPushWithExistingTag(c *check.C) {
 	dockerCmd(c, "tag", "busybox", repoName)
 	dockerCmd(c, "push", repoName)
 
-	pushCmd := exec.Command(dockerBinary, "push", repoName)
-	s.trustedCmd(pushCmd)
-	out, _, err := runCommandWithOutput(pushCmd)
-	c.Assert(err, check.IsNil, check.Commentf("trusted push failed: %s\n%s", err, out))
-	c.Assert(out, checker.Contains, "Signing and pushing trust metadata", check.Commentf("Missing expected output on trusted push with existing tag"))
+	icmd.RunCmd(icmd.Command(dockerBinary, "push", repoName), trustedCmd).Assert(c, SuccessSigningAndPushing)
 
 	// Try pull after push
-	pullCmd := exec.Command(dockerBinary, "pull", repoName)
-	s.trustedCmd(pullCmd)
-	out, _, err = runCommandWithOutput(pullCmd)
-	c.Assert(err, check.IsNil, check.Commentf(out))
-	c.Assert(string(out), checker.Contains, "Status: Image is up to date", check.Commentf(out))
+	icmd.RunCmd(icmd.Command(dockerBinary, "pull", repoName), trustedCmd).Assert(c, icmd.Expected{
+		Out: "Status: Image is up to date",
+	})
 }
 
 func (s *DockerTrustSuite) TestTrustedPushWithExistingSignedTag(c *check.C) {
@@ -379,28 +356,14 @@ func (s *DockerTrustSuite) TestTrustedPushWithExistingSignedTag(c *check.C) {
 	dockerCmd(c, "tag", "busybox", repoName)
 
 	// Do a trusted push
-	pushCmd := exec.Command(dockerBinary, "push", repoName)
-	s.trustedCmd(pushCmd)
-	out, _, err := runCommandWithOutput(pushCmd)
-	c.Assert(err, check.IsNil, check.Commentf("trusted push failed: %s\n%s", err, out))
-	c.Assert(out, checker.Contains, "Signing and pushing trust metadata", check.Commentf("Missing expected output on trusted push with existing tag"))
+	icmd.RunCmd(icmd.Command(dockerBinary, "push", repoName), trustedCmd).Assert(c, SuccessSigningAndPushing)
 
 	// Do another trusted push
-	pushCmd = exec.Command(dockerBinary, "push", repoName)
-	s.trustedCmd(pushCmd)
-	out, _, err = runCommandWithOutput(pushCmd)
-	c.Assert(err, check.IsNil, check.Commentf("trusted push failed: %s\n%s", err, out))
-	c.Assert(out, checker.Contains, "Signing and pushing trust metadata", check.Commentf("Missing expected output on trusted push with existing tag"))
-
+	icmd.RunCmd(icmd.Command(dockerBinary, "push", repoName), trustedCmd).Assert(c, SuccessSigningAndPushing)
 	dockerCmd(c, "rmi", repoName)
 
 	// Try pull to ensure the double push did not break our ability to pull
-	pullCmd := exec.Command(dockerBinary, "pull", repoName)
-	s.trustedCmd(pullCmd)
-	out, _, err = runCommandWithOutput(pullCmd)
-	c.Assert(err, check.IsNil, check.Commentf("Error running trusted pull: %s\n%s", err, out))
-	c.Assert(out, checker.Contains, "Status: Downloaded", check.Commentf("Missing expected output on trusted pull with --disable-content-trust"))
-
+	icmd.RunCmd(icmd.Command(dockerBinary, "pull", repoName), trustedCmd).Assert(c, SuccessDownloaded)
 }
 
 func (s *DockerTrustSuite) TestTrustedPushWithIncorrectPassphraseForNonRoot(c *check.C) {
@@ -409,18 +372,13 @@ func (s *DockerTrustSuite) TestTrustedPushWithIncorrectPassphraseForNonRoot(c *c
 	dockerCmd(c, "tag", "busybox", repoName)
 
 	// Push with default passphrases
-	pushCmd := exec.Command(dockerBinary, "push", repoName)
-	s.trustedCmd(pushCmd)
-	out, _, err := runCommandWithOutput(pushCmd)
-	c.Assert(err, check.IsNil, check.Commentf("trusted push failed: %s\n%s", err, out))
-	c.Assert(out, checker.Contains, "Signing and pushing trust metadata", check.Commentf("Missing expected output on trusted push:\n%s", out))
+	icmd.RunCmd(icmd.Command(dockerBinary, "push", repoName), trustedCmd).Assert(c, SuccessSigningAndPushing)
 
 	// Push with wrong passphrases
-	pushCmd = exec.Command(dockerBinary, "push", repoName)
-	s.trustedCmdWithPassphrases(pushCmd, "12345678", "87654321")
-	out, _, err = runCommandWithOutput(pushCmd)
-	c.Assert(err, check.NotNil, check.Commentf("Error missing from trusted push with short targets passphrase: \n%s", out))
-	c.Assert(out, checker.Contains, "could not find necessary signing keys", check.Commentf("Missing expected output on trusted push with short targets/snapsnot passphrase"))
+	icmd.RunCmd(icmd.Command(dockerBinary, "push", repoName), trustedCmdWithPassphrases("12345678", "87654321")).Assert(c, icmd.Expected{
+		ExitCode: 1,
+		Err:      "could not find necessary signing keys",
+	})
 }
 
 func (s *DockerTrustSuite) TestTrustedPushWithExpiredSnapshot(c *check.C) {
@@ -430,22 +388,19 @@ func (s *DockerTrustSuite) TestTrustedPushWithExpiredSnapshot(c *check.C) {
 	dockerCmd(c, "tag", "busybox", repoName)
 
 	// Push with default passphrases
-	pushCmd := exec.Command(dockerBinary, "push", repoName)
-	s.trustedCmd(pushCmd)
-	out, _, err := runCommandWithOutput(pushCmd)
-	c.Assert(err, check.IsNil, check.Commentf("trusted push failed: %s\n%s", err, out))
-	c.Assert(out, checker.Contains, "Signing and pushing trust metadata", check.Commentf("Missing expected output on trusted push"))
+	icmd.RunCmd(icmd.Command(dockerBinary, "push", repoName), trustedCmd).Assert(c, SuccessSigningAndPushing)
 
 	// Snapshots last for three years. This should be expired
 	fourYearsLater := time.Now().Add(time.Hour * 24 * 365 * 4)
 
 	testutil.RunAtDifferentDate(fourYearsLater, func() {
 		// Push with wrong passphrases
-		pushCmd = exec.Command(dockerBinary, "push", repoName)
-		s.trustedCmd(pushCmd)
-		out, _, err = runCommandWithOutput(pushCmd)
-		c.Assert(err, check.NotNil, check.Commentf("Error missing from trusted push with expired snapshot: \n%s", out))
-		c.Assert(out, checker.Contains, "repository out-of-date", check.Commentf("Missing expected output on trusted push with expired snapshot"))
+		icmd.RunCmd(icmd.Cmd{
+			Command: []string{dockerBinary, "push", repoName},
+		}, trustedCmd).Assert(c, icmd.Expected{
+			ExitCode: 1,
+			Err:      "repository out-of-date",
+		})
 	})
 }
 
@@ -456,22 +411,15 @@ func (s *DockerTrustSuite) TestTrustedPushWithExpiredTimestamp(c *check.C) {
 	dockerCmd(c, "tag", "busybox", repoName)
 
 	// Push with default passphrases
-	pushCmd := exec.Command(dockerBinary, "push", repoName)
-	s.trustedCmd(pushCmd)
-	out, _, err := runCommandWithOutput(pushCmd)
-	c.Assert(err, check.IsNil, check.Commentf("trusted push failed: %s\n%s", err, out))
-	c.Assert(out, checker.Contains, "Signing and pushing trust metadata", check.Commentf("Missing expected output on trusted push"))
+	icmd.RunCmd(icmd.Command(dockerBinary, "push", repoName), trustedCmd).Assert(c, SuccessSigningAndPushing)
 
 	// The timestamps expire in two weeks. Lets check three
 	threeWeeksLater := time.Now().Add(time.Hour * 24 * 21)
 
 	// Should succeed because the server transparently re-signs one
 	testutil.RunAtDifferentDate(threeWeeksLater, func() {
-		pushCmd := exec.Command(dockerBinary, "push", repoName)
-		s.trustedCmd(pushCmd)
-		out, _, err := runCommandWithOutput(pushCmd)
-		c.Assert(err, check.IsNil, check.Commentf("Error running trusted push: %s\n%s", err, out))
-		c.Assert(out, checker.Contains, "Signing and pushing trust metadata", check.Commentf("Missing expected output on trusted push with expired timestamp"))
+		icmd.RunCmd(icmd.Command(dockerBinary, "push", repoName),
+			trustedCmd).Assert(c, SuccessSigningAndPushing)
 	})
 }
 
@@ -488,11 +436,7 @@ func (s *DockerTrustSuite) TestTrustedPushWithReleasesDelegationOnly(c *check.C)
 	// tag the image and upload it to the private registry
 	dockerCmd(c, "tag", "busybox", targetName)
 
-	pushCmd := exec.Command(dockerBinary, "push", targetName)
-	s.trustedCmd(pushCmd)
-	out, _, err := runCommandWithOutput(pushCmd)
-	c.Assert(err, check.IsNil, check.Commentf("trusted push failed: %s\n%s", err, out))
-	c.Assert(out, checker.Contains, "Signing and pushing trust metadata", check.Commentf("Missing expected output on trusted push with existing tag"))
+	icmd.RunCmd(icmd.Command(dockerBinary, "push", targetName), trustedCmd).Assert(c, SuccessSigningAndPushing)
 	// check to make sure that the target has been added to targets/releases and not targets
 	s.assertTargetInRoles(c, repoName, "latest", "targets/releases")
 	s.assertTargetNotInRoles(c, repoName, "latest", "targets")
@@ -500,11 +444,9 @@ func (s *DockerTrustSuite) TestTrustedPushWithReleasesDelegationOnly(c *check.C)
 	// Try pull after push
 	os.RemoveAll(filepath.Join(cliconfig.Dir(), "trust"))
 
-	pullCmd := exec.Command(dockerBinary, "pull", targetName)
-	s.trustedCmd(pullCmd)
-	out, _, err = runCommandWithOutput(pullCmd)
-	c.Assert(err, check.IsNil, check.Commentf(out))
-	c.Assert(string(out), checker.Contains, "Status: Image is up to date", check.Commentf(out))
+	icmd.RunCmd(icmd.Command(dockerBinary, "pull", targetName), trustedCmd).Assert(c, icmd.Expected{
+		Out: "Status: Image is up to date",
+	})
 }
 
 func (s *DockerTrustSuite) TestTrustedPushSignsAllFirstLevelRolesWeHaveKeysFor(c *check.C) {
@@ -528,11 +470,7 @@ func (s *DockerTrustSuite) TestTrustedPushSignsAllFirstLevelRolesWeHaveKeysFor(c
 	// tag the image and upload it to the private registry
 	dockerCmd(c, "tag", "busybox", targetName)
 
-	pushCmd := exec.Command(dockerBinary, "push", targetName)
-	s.trustedCmd(pushCmd)
-	out, _, err := runCommandWithOutput(pushCmd)
-	c.Assert(err, check.IsNil, check.Commentf("trusted push failed: %s\n%s", err, out))
-	c.Assert(out, checker.Contains, "Signing and pushing trust metadata", check.Commentf("Missing expected output on trusted push with existing tag"))
+	icmd.RunCmd(icmd.Command(dockerBinary, "push", targetName), trustedCmd).Assert(c, SuccessSigningAndPushing)
 
 	// check to make sure that the target has been added to targets/role1 and targets/role2, and
 	// not targets (because there are delegations) or targets/role3 (due to missing key) or
@@ -544,10 +482,9 @@ func (s *DockerTrustSuite) TestTrustedPushSignsAllFirstLevelRolesWeHaveKeysFor(c
 	os.RemoveAll(filepath.Join(cliconfig.Dir(), "trust"))
 
 	// pull should fail because none of these are the releases role
-	pullCmd := exec.Command(dockerBinary, "pull", targetName)
-	s.trustedCmd(pullCmd)
-	out, _, err = runCommandWithOutput(pullCmd)
-	c.Assert(err, check.NotNil, check.Commentf(out))
+	icmd.RunCmd(icmd.Command(dockerBinary, "pull", targetName), trustedCmd).Assert(c, icmd.Expected{
+		ExitCode: 1,
+	})
 }
 
 func (s *DockerTrustSuite) TestTrustedPushSignsForRolesWithKeysAndValidPaths(c *check.C) {
@@ -569,11 +506,7 @@ func (s *DockerTrustSuite) TestTrustedPushSignsForRolesWithKeysAndValidPaths(c *
 	// tag the image and upload it to the private registry
 	dockerCmd(c, "tag", "busybox", targetName)
 
-	pushCmd := exec.Command(dockerBinary, "push", targetName)
-	s.trustedCmd(pushCmd)
-	out, _, err := runCommandWithOutput(pushCmd)
-	c.Assert(err, check.IsNil, check.Commentf("trusted push failed: %s\n%s", err, out))
-	c.Assert(out, checker.Contains, "Signing and pushing trust metadata", check.Commentf("Missing expected output on trusted push with existing tag"))
+	icmd.RunCmd(icmd.Command(dockerBinary, "push", targetName), trustedCmd).Assert(c, SuccessSigningAndPushing)
 
 	// check to make sure that the target has been added to targets/role1 and targets/role4, and
 	// not targets (because there are delegations) or targets/role2 (due to path restrictions) or
@@ -585,10 +518,9 @@ func (s *DockerTrustSuite) TestTrustedPushSignsForRolesWithKeysAndValidPaths(c *
 	os.RemoveAll(filepath.Join(cliconfig.Dir(), "trust"))
 
 	// pull should fail because none of these are the releases role
-	pullCmd := exec.Command(dockerBinary, "pull", targetName)
-	s.trustedCmd(pullCmd)
-	out, _, err = runCommandWithOutput(pullCmd)
-	c.Assert(err, check.NotNil, check.Commentf(out))
+	icmd.RunCmd(icmd.Command(dockerBinary, "pull", targetName), trustedCmd).Assert(c, icmd.Expected{
+		ExitCode: 1,
+	})
 }
 
 func (s *DockerTrustSuite) TestTrustedPushDoesntSignTargetsIfDelegationsExist(c *check.C) {
@@ -604,13 +536,10 @@ func (s *DockerTrustSuite) TestTrustedPushDoesntSignTargetsIfDelegationsExist(c
 	// tag the image and upload it to the private registry
 	dockerCmd(c, "tag", "busybox", targetName)
 
-	pushCmd := exec.Command(dockerBinary, "push", targetName)
-	s.trustedCmd(pushCmd)
-	out, _, err := runCommandWithOutput(pushCmd)
-	c.Assert(err, check.NotNil, check.Commentf("trusted push succeeded but should have failed:\n%s", out))
-	c.Assert(out, checker.Contains, "no valid signing keys",
-		check.Commentf("Missing expected output on trusted push without keys"))
-
+	icmd.RunCmd(icmd.Command(dockerBinary, "push", targetName), trustedCmd).Assert(c, icmd.Expected{
+		ExitCode: 1,
+		Err:      "no valid signing keys",
+	})
 	s.assertTargetNotInRoles(c, repoName, "latest", "targets", "targets/role1")
 }
 

integration-cli/docker_cli_rmi_test.go

@@ -2,13 +2,12 @@ package main
 
 import (
 	"fmt"
-	"os/exec"
 	"strings"
 	"time"
 
-	icmd "github.com/docker/docker/pkg/testutil/cmd"
 	"github.com/docker/docker/integration-cli/checker"
 	"github.com/docker/docker/pkg/stringid"
+	icmd "github.com/docker/docker/pkg/testutil/cmd"
 	"github.com/go-check/check"
 )
 
@@ -179,7 +178,7 @@ func (s *DockerSuite) TestRmiForceWithExistingContainers(c *check.C) {
 	icmd.RunCmd(icmd.Cmd{
 		Command: []string{dockerBinary, "build", "--no-cache", "-t", image, "-"},
 		Stdin: strings.NewReader(`FROM busybox
-MAINTAINER foo`)
+MAINTAINER foo`),
 	}).Assert(c, icmd.Success)
 
 	dockerCmd(c, "run", "--name", "test-force-rmi", image, "/bin/true")

integration-cli/docker_cli_run_test.go

@@ -865,7 +865,7 @@ func (s *DockerSuite) TestRunEnvironmentErase(c *check.C) {
 
 	result := icmd.RunCmd(icmd.Cmd{
 		Command: []string{dockerBinary, "run", "-e", "FOO", "-e", "HOSTNAME", "busybox", "env"},
-		Env: appendBaseEnd(true),
+		Env:     appendBaseEnv(true),
 	})
 	result.Assert(c, icmd.Success)
 
@@ -897,7 +897,7 @@ func (s *DockerSuite) TestRunEnvironmentOverride(c *check.C) {
 
 	result := icmd.RunCmd(icmd.Cmd{
 		Command: []string{dockerBinary, "run", "-e", "HOSTNAME", "-e", "HOME=/root2", "busybox", "env"},
-		Env: appendBaseEnv(true, "HOSTNAME=bar"),
+		Env:     appendBaseEnv(true, "HOSTNAME=bar"),
 	})
 	result.Assert(c, icmd.Success)
 
@@ -3262,30 +3262,11 @@ func (s *DockerTrustSuite) TestTrustedRun(c *check.C) {
 	repoName := s.setupTrustedImage(c, "trusted-run")
 
 	// Try run
-	runCmd := exec.Command(dockerBinary, "run", repoName)
-	s.trustedCmd(runCmd)
-	out, _, err := runCommandWithOutput(runCmd)
-	if err != nil {
-		c.Fatalf("Error running trusted run: %s\n%s\n", err, out)
-	}
-
-	if !strings.Contains(string(out), "Tagging") {
-		c.Fatalf("Missing expected output on trusted push:\n%s", out)
-	}
-
+	icmd.RunCmd(icmd.Command(dockerBinary, "run", repoName), trustedCmd).Assert(c, SuccessTagging)
 	dockerCmd(c, "rmi", repoName)
 
 	// Try untrusted run to ensure we pushed the tag to the registry
-	runCmd = exec.Command(dockerBinary, "run", "--disable-content-trust=true", repoName)
-	s.trustedCmd(runCmd)
-	out, _, err = runCommandWithOutput(runCmd)
-	if err != nil {
-		c.Fatalf("Error running trusted run: %s\n%s", err, out)
-	}
-
-	if !strings.Contains(string(out), "Status: Downloaded") {
-		c.Fatalf("Missing expected output on trusted run with --disable-content-trust:\n%s", out)
-	}
+	icmd.RunCmd(icmd.Command(dockerBinary, "run", "--disable-content-trust=true", repoName), trustedCmd).Assert(c, SuccessDownloadedOnStderr)
 }
 
 func (s *DockerTrustSuite) TestUntrustedRun(c *check.C) {
@@ -3298,16 +3279,10 @@ func (s *DockerTrustSuite) TestUntrustedRun(c *check.C) {
 	dockerCmd(c, "rmi", repoName)
 
 	// Try trusted run on untrusted tag
-	runCmd := exec.Command(dockerBinary, "run", repoName)
-	s.trustedCmd(runCmd)
-	out, _, err := runCommandWithOutput(runCmd)
-	if err == nil {
-		c.Fatalf("Error expected when running trusted run with:\n%s", out)
-	}
-
-	if !strings.Contains(string(out), "does not have trust data for") {
-		c.Fatalf("Missing expected output on trusted run:\n%s", out)
-	}
+	icmd.RunCmd(icmd.Command(dockerBinary, "run", repoName), trustedCmd).Assert(c, icmd.Expected{
+		ExitCode: 125,
+		Err:      "does not have trust data for",
+	})
 }
 
 func (s *DockerTrustSuite) TestRunWhenCertExpired(c *check.C) {
@@ -3321,30 +3296,19 @@ func (s *DockerTrustSuite) TestRunWhenCertExpired(c *check.C) {
 
 	testutil.RunAtDifferentDate(elevenYearsFromNow, func() {
 		// Try run
-		runCmd := exec.Command(dockerBinary, "run", repoName)
-		s.trustedCmd(runCmd)
-		out, _, err := runCommandWithOutput(runCmd)
-		if err == nil {
-			c.Fatalf("Error running trusted run in the distant future: %s\n%s", err, out)
-		}
-
-		if !strings.Contains(string(out), "could not validate the path to a trusted root") {
-			c.Fatalf("Missing expected output on trusted run in the distant future:\n%s", out)
-		}
+		icmd.RunCmd(icmd.Cmd{
+			Command: []string{dockerBinary, "run", repoName},
+		}, trustedCmd).Assert(c, icmd.Expected{
+			ExitCode: 1,
+			Err:      "could not validate the path to a trusted root",
+		})
 	})
 
 	testutil.RunAtDifferentDate(elevenYearsFromNow, func() {
 		// Try run
-		runCmd := exec.Command(dockerBinary, "run", "--disable-content-trust", repoName)
-		s.trustedCmd(runCmd)
-		out, _, err := runCommandWithOutput(runCmd)
-		if err != nil {
-			c.Fatalf("Error running untrusted run in the distant future: %s\n%s", err, out)
-		}
-
-		if !strings.Contains(string(out), "Status: Downloaded") {
-			c.Fatalf("Missing expected output on untrusted run in the distant future:\n%s", out)
-		}
+		icmd.RunCmd(icmd.Cmd{
+			Command: []string{dockerBinary, "run", "--disable-content-trust", repoName},
+		}, trustedCmd).Assert(c, SuccessDownloaded)
 	})
 }
 
@@ -3360,30 +3324,11 @@ func (s *DockerTrustSuite) TestTrustedRunFromBadTrustServer(c *check.C) {
 	// tag the image and upload it to the private registry
 	dockerCmd(c, "tag", "busybox", repoName)
 
-	pushCmd := exec.Command(dockerBinary, "push", repoName)
-	s.trustedCmd(pushCmd)
-	out, _, err := runCommandWithOutput(pushCmd)
-	if err != nil {
-		c.Fatalf("Error running trusted push: %s\n%s", err, out)
-	}
-	if !strings.Contains(string(out), "Signing and pushing trust metadata") {
-		c.Fatalf("Missing expected output on trusted push:\n%s", out)
-	}
-
+	icmd.RunCmd(icmd.Command(dockerBinary, "push", repoName), trustedCmd).Assert(c, SuccessSigningAndPushing)
 	dockerCmd(c, "rmi", repoName)
 
 	// Try run
-	runCmd := exec.Command(dockerBinary, "run", repoName)
-	s.trustedCmd(runCmd)
-	out, _, err = runCommandWithOutput(runCmd)
-	if err != nil {
-		c.Fatalf("Error running trusted run: %s\n%s", err, out)
-	}
-
-	if !strings.Contains(string(out), "Tagging") {
-		c.Fatalf("Missing expected output on trusted push:\n%s", out)
-	}
-
+	icmd.RunCmd(icmd.Command(dockerBinary, "run", repoName), trustedCmd).Assert(c, SuccessTagging)
 	dockerCmd(c, "rmi", repoName)
 
 	// Kill the notary server, start a new "evil" one.
@@ -3398,27 +3343,13 @@ func (s *DockerTrustSuite) TestTrustedRunFromBadTrustServer(c *check.C) {
 	dockerCmd(c, "--config", evilLocalConfigDir, "tag", "busybox", repoName)
 
 	// Push up to the new server
-	pushCmd = exec.Command(dockerBinary, "--config", evilLocalConfigDir, "push", repoName)
-	s.trustedCmd(pushCmd)
-	out, _, err = runCommandWithOutput(pushCmd)
-	if err != nil {
-		c.Fatalf("Error running trusted push: %s\n%s", err, out)
-	}
-	if !strings.Contains(string(out), "Signing and pushing trust metadata") {
-		c.Fatalf("Missing expected output on trusted push:\n%s", out)
-	}
+	icmd.RunCmd(icmd.Command(dockerBinary, "--config", evilLocalConfigDir, "push", repoName), trustedCmd).Assert(c, SuccessSigningAndPushing)
 
 	// Now, try running with the original client from this new trust server. This should fail because the new root is invalid.
-	runCmd = exec.Command(dockerBinary, "run", repoName)
-	s.trustedCmd(runCmd)
-	out, _, err = runCommandWithOutput(runCmd)
-
-	if err == nil {
-		c.Fatalf("Continuing with cached data even though it's an invalid root rotation: %s\n%s", err, out)
-	}
-	if !strings.Contains(out, "could not rotate trust to a new trusted root") {
-		c.Fatalf("Missing expected output on trusted run:\n%s", out)
-	}
+	icmd.RunCmd(icmd.Command(dockerBinary, "run", repoName), trustedCmd).Assert(c, icmd.Expected{
+		ExitCode: 125,
+		Err:      "could not rotate trust to a new trusted root",
+	})
 }
 
 func (s *DockerSuite) TestPtraceContainerProcsFromHost(c *check.C) {
@@ -4007,7 +3938,7 @@ func (s *DockerSuite) TestRunNonExecutableCmd(c *check.C) {
 	name := "testNonExecutableCmd"
 	icmd.RunCommand(dockerBinary, "run", "--name", name, "busybox", "foo").Assert(c, icmd.Expected{
 		ExitCode: 127,
-		Error: "exit status 127",
+		Error:    "exit status 127",
 	})
 }
 
@@ -4016,7 +3947,7 @@ func (s *DockerSuite) TestRunNonExistingCmd(c *check.C) {
 	name := "testNonExistingCmd"
 	icmd.RunCommand(dockerBinary, "run", "--name", name, "busybox", "/bin/foo").Assert(c, icmd.Expected{
 		ExitCode: 127,
-		Error: "exit status 127",
+		Error:    "exit status 127",
 	})
 }
 
@@ -4031,7 +3962,7 @@ func (s *DockerSuite) TestCmdCannotBeInvoked(c *check.C) {
 	name := "testCmdCannotBeInvoked"
 	icmd.RunCommand(dockerBinary, "run", "--name", name, "busybox", "/etc").Assert(c, icmd.Expected{
 		ExitCode: expected,
-		Error: fmt.Sprintf("exit status %d", expected),
+		Error:    fmt.Sprintf("exit status %d", expected),
 	})
 }
 
@@ -4040,7 +3971,7 @@ func (s *DockerSuite) TestCmdCannotBeInvoked(c *check.C) {
 func (s *DockerSuite) TestRunNonExistingImage(c *check.C) {
 	icmd.RunCommand(dockerBinary, "run", "foo").Assert(c, icmd.Expected{
 		ExitCode: 125,
-		Err: "Unable to find image",
+		Err:      "Unable to find image",
 	})
 }
 
@@ -4049,7 +3980,7 @@ func (s *DockerSuite) TestRunNonExistingImage(c *check.C) {
 func (s *DockerSuite) TestDockerFails(c *check.C) {
 	icmd.RunCommand(dockerBinary, "run", "-foo", "busybox").Assert(c, icmd.Expected{
 		ExitCode: 125,
-		Error: "exit status 125",
+		Error:    "exit status 125",
 	})
 }
 

integration-cli/docker_cli_run_unix_test.go

@@ -909,7 +909,7 @@ func (s *DockerSuite) TestRunSysctls(c *check.C) {
 
 	icmd.RunCommand(dockerBinary, "run", "--sysctl", "kernel.foobar=1", "--name", "test2",
 		"busybox", "cat", "/proc/sys/kernel/foobar").Assert(c, icmd.Expected{
-		ExitCode: 1,
+		ExitCode: 125,
 		Err:      "invalid argument",
 	})
 }
@@ -939,7 +939,7 @@ func (s *DockerSuite) TestRunSeccompProfileDenyUnshare(c *check.C) {
 		"--security-opt", "seccomp="+tmpFile.Name(),
 		"debian:jessie", "unshare", "-p", "-m", "-f", "-r", "mount", "-t", "proc", "none", "/proc").Assert(c, icmd.Expected{
 		ExitCode: 1,
-		Err: "Operation not permitted",
+		Err:      "Operation not permitted",
 	})
 }
 
@@ -973,7 +973,7 @@ func (s *DockerSuite) TestRunSeccompProfileDenyChmod(c *check.C) {
 	icmd.RunCommand(dockerBinary, "run", "--security-opt", "seccomp="+tmpFile.Name(),
 		"busybox", "chmod", "400", "/etc/hostname").Assert(c, icmd.Expected{
 		ExitCode: 1,
-		Err: "Operation not permitted",
+		Err:      "Operation not permitted",
 	})
 }
 
@@ -1011,7 +1011,7 @@ func (s *DockerSuite) TestRunSeccompProfileDenyUnshareUserns(c *check.C) {
 		"--security-opt", "apparmor=unconfined", "--security-opt", "seccomp="+tmpFile.Name(),
 		"debian:jessie", "unshare", "--map-root-user", "--user", "sh", "-c", "whoami").Assert(c, icmd.Expected{
 		ExitCode: 1,
-		Err: "Operation not permitted",
+		Err:      "Operation not permitted",
 	})
 }
 
@@ -1023,7 +1023,7 @@ func (s *DockerSuite) TestRunSeccompProfileDenyCloneUserns(c *check.C) {
 
 	icmd.RunCommand(dockerBinary, "run", "syscall-test", "userns-test", "id").Assert(c, icmd.Expected{
 		ExitCode: 1,
-		Err: "clone failed: Operation not permitted",
+		Err:      "clone failed: Operation not permitted",
 	})
 }
 
@@ -1152,16 +1152,16 @@ func (s *DockerSuite) TestUserNoEffectiveCapabilitiesChown(c *check.C) {
 	ensureSyscallTest(c)
 
 	// test that a root user has default capability CAP_CHOWN
-	dockerCmd("run", "busybox", "chown", "100", "/tmp")
+	dockerCmd(c, "run", "busybox", "chown", "100", "/tmp")
 	// test that non root user does not have default capability CAP_CHOWN
 	icmd.RunCommand(dockerBinary, "run", "--user", "1000:1000", "busybox", "chown", "100", "/tmp").Assert(c, icmd.Expected{
 		ExitCode: 1,
-		Err: "Operation not permitted",
+		Err:      "Operation not permitted",
 	})
 	// test that root user can drop default capability CAP_CHOWN
 	icmd.RunCommand(dockerBinary, "run", "--cap-drop", "chown", "busybox", "chown", "100", "/tmp").Assert(c, icmd.Expected{
 		ExitCode: 1,
-		Err: "Operation not permitted",
+		Err:      "Operation not permitted",
 	})
 }
 
@@ -1170,11 +1170,11 @@ func (s *DockerSuite) TestUserNoEffectiveCapabilitiesDacOverride(c *check.C) {
 	ensureSyscallTest(c)
 
 	// test that a root user has default capability CAP_DAC_OVERRIDE
-	dockerCmd("run", "busybox", "sh", "-c", "echo test > /etc/passwd")
+	dockerCmd(c, "run", "busybox", "sh", "-c", "echo test > /etc/passwd")
 	// test that non root user does not have default capability CAP_DAC_OVERRIDE
 	icmd.RunCommand(dockerBinary, "run", "--user", "1000:1000", "busybox", "sh", "-c", "echo test > /etc/passwd").Assert(c, icmd.Expected{
 		ExitCode: 1,
-		Err: "Permission denied",
+		Err:      "Permission denied",
 	})
 }
 
@@ -1183,11 +1183,11 @@ func (s *DockerSuite) TestUserNoEffectiveCapabilitiesFowner(c *check.C) {
 	ensureSyscallTest(c)
 
 	// test that a root user has default capability CAP_FOWNER
-	dockerCmd("run", "busybox", "chmod", "777", "/etc/passwd")
+	dockerCmd(c, "run", "busybox", "chmod", "777", "/etc/passwd")
 	// test that non root user does not have default capability CAP_FOWNER
 	icmd.RunCommand(dockerBinary, "run", "--user", "1000:1000", "busybox", "chmod", "777", "/etc/passwd").Assert(c, icmd.Expected{
 		ExitCode: 1,
-		Err: "Operation not permitted",
+		Err:      "Operation not permitted",
 	})
 	// TODO test that root user can drop default capability CAP_FOWNER
 }
@@ -1199,16 +1199,16 @@ func (s *DockerSuite) TestUserNoEffectiveCapabilitiesSetuid(c *check.C) {
 	ensureSyscallTest(c)
 
 	// test that a root user has default capability CAP_SETUID
-	dockerCmd("run", "syscall-test", "setuid-test")
+	dockerCmd(c, "run", "syscall-test", "setuid-test")
 	// test that non root user does not have default capability CAP_SETUID
 	icmd.RunCommand(dockerBinary, "run", "--user", "1000:1000", "syscall-test", "setuid-test").Assert(c, icmd.Expected{
 		ExitCode: 1,
-		Err: "Operation not permitted",
+		Err:      "Operation not permitted",
 	})
 	// test that root user can drop default capability CAP_SETUID
 	icmd.RunCommand(dockerBinary, "run", "--cap-drop", "setuid", "syscall-test", "setuid-test").Assert(c, icmd.Expected{
 		ExitCode: 1,
-		Err: "Operation not permitted",
+		Err:      "Operation not permitted",
 	})
 }
 
@@ -1217,16 +1217,16 @@ func (s *DockerSuite) TestUserNoEffectiveCapabilitiesSetgid(c *check.C) {
 	ensureSyscallTest(c)
 
 	// test that a root user has default capability CAP_SETGID
-	dockerCmd("run", "syscall-test", "setgid-test")
+	dockerCmd(c, "run", "syscall-test", "setgid-test")
 	// test that non root user does not have default capability CAP_SETGID
 	icmd.RunCommand(dockerBinary, "run", "--user", "1000:1000", "syscall-test", "setgid-test").Assert(c, icmd.Expected{
 		ExitCode: 1,
-		Err: "Operation not permitted",
+		Err:      "Operation not permitted",
 	})
 	// test that root user can drop default capability CAP_SETGID
 	icmd.RunCommand(dockerBinary, "run", "--cap-drop", "setgid", "syscall-test", "setgid-test").Assert(c, icmd.Expected{
 		ExitCode: 1,
-		Err: "Operation not permitted",
+		Err:      "Operation not permitted",
 	})
 }
 
@@ -1237,16 +1237,16 @@ func (s *DockerSuite) TestUserNoEffectiveCapabilitiesNetBindService(c *check.C)
 	ensureSyscallTest(c)
 
 	// test that a root user has default capability CAP_NET_BIND_SERVICE
-	dockerCmd("run", "syscall-test", "socket-test")
+	dockerCmd(c, "run", "syscall-test", "socket-test")
 	// test that non root user does not have default capability CAP_NET_BIND_SERVICE
 	icmd.RunCommand(dockerBinary, "run", "--user", "1000:1000", "syscall-test", "socket-test").Assert(c, icmd.Expected{
 		ExitCode: 1,
-		Err: "Permission denied",
+		Err:      "Permission denied",
 	})
 	// test that root user can drop default capability CAP_NET_BIND_SERVICE
 	icmd.RunCommand(dockerBinary, "run", "--cap-drop", "net_bind_service", "syscall-test", "socket-test").Assert(c, icmd.Expected{
 		ExitCode: 1,
-		Err: "Permission denied",
+		Err:      "Permission denied",
 	})
 }
 
@@ -1255,16 +1255,16 @@ func (s *DockerSuite) TestUserNoEffectiveCapabilitiesNetRaw(c *check.C) {
 	ensureSyscallTest(c)
 
 	// test that a root user has default capability CAP_NET_RAW
-	dockerCmd("run", "syscall-test", "raw-test")
+	dockerCmd(c, "run", "syscall-test", "raw-test")
 	// test that non root user does not have default capability CAP_NET_RAW
 	icmd.RunCommand(dockerBinary, "run", "--user", "1000:1000", "syscall-test", "raw-test").Assert(c, icmd.Expected{
 		ExitCode: 1,
-		Err: "Operation not permitted",
+		Err:      "Operation not permitted",
 	})
 	// test that root user can drop default capability CAP_NET_RAW
 	icmd.RunCommand(dockerBinary, "run", "--cap-drop", "net_raw", "syscall-test", "raw-test").Assert(c, icmd.Expected{
 		ExitCode: 1,
-		Err: "Operation not permitted",
+		Err:      "Operation not permitted",
 	})
 }
 
@@ -1273,16 +1273,16 @@ func (s *DockerSuite) TestUserNoEffectiveCapabilitiesChroot(c *check.C) {
 	ensureSyscallTest(c)
 
 	// test that a root user has default capability CAP_SYS_CHROOT
-	dockerCmd("run", "busybox", "chroot", "/", "/bin/true")
+	dockerCmd(c, "run", "busybox", "chroot", "/", "/bin/true")
 	// test that non root user does not have default capability CAP_SYS_CHROOT
 	icmd.RunCommand(dockerBinary, "run", "--user", "1000:1000", "busybox", "chroot", "/", "/bin/true").Assert(c, icmd.Expected{
 		ExitCode: 1,
-		Err: "Operation not permitted",
+		Err:      "Operation not permitted",
 	})
 	// test that root user can drop default capability CAP_SYS_CHROOT
 	icmd.RunCommand(dockerBinary, "run", "--cap-drop", "sys_chroot", "busybox", "chroot", "/", "/bin/true").Assert(c, icmd.Expected{
 		ExitCode: 1,
-		Err: "Operation not permitted",
+		Err:      "Operation not permitted",
 	})
 }
 
@@ -1291,17 +1291,17 @@ func (s *DockerSuite) TestUserNoEffectiveCapabilitiesMknod(c *check.C) {
 	ensureSyscallTest(c)
 
 	// test that a root user has default capability CAP_MKNOD
-	dockerCmd("run", "busybox", "mknod", "/tmp/node", "b", "1", "2")
+	dockerCmd(c, "run", "busybox", "mknod", "/tmp/node", "b", "1", "2")
 	// test that non root user does not have default capability CAP_MKNOD
 	// test that root user can drop default capability CAP_SYS_CHROOT
 	icmd.RunCommand(dockerBinary, "run", "--user", "1000:1000", "busybox", "mknod", "/tmp/node", "b", "1", "2").Assert(c, icmd.Expected{
 		ExitCode: 1,
-		Err: "Operation not permitted",
+		Err:      "Operation not permitted",
 	})
 	// test that root user can drop default capability CAP_MKNOD
 	icmd.RunCommand(dockerBinary, "run", "--cap-drop", "mknod", "busybox", "mknod", "/tmp/node", "b", "1", "2").Assert(c, icmd.Expected{
 		ExitCode: 1,
-		Err: "Operation not permitted",
+		Err:      "Operation not permitted",
 	})
 }
 
@@ -1315,13 +1315,13 @@ func (s *DockerSuite) TestRunApparmorProcDirectory(c *check.C) {
 	result := icmd.RunCommand(dockerBinary, "run", "--security-opt", "seccomp=unconfined", "busybox", "chmod", "777", "/proc/1/cgroup")
 	result.Assert(c, icmd.Expected{ExitCode: 1})
 	if !(strings.Contains(result.Combined(), "Permission denied") || strings.Contains(result.Combined(), "Operation not permitted")) {
-		c.Fatalf("expected chmod 777 /proc/1/cgroup to fail, got %s: %v", result.Combined(), err)
+		c.Fatalf("expected chmod 777 /proc/1/cgroup to fail, got %s: %v", result.Combined(), result.Error)
 	}
 
 	result = icmd.RunCommand(dockerBinary, "run", "--security-opt", "seccomp=unconfined", "busybox", "chmod", "777", "/proc/1/attr/current")
 	result.Assert(c, icmd.Expected{ExitCode: 1})
 	if !(strings.Contains(result.Combined(), "Permission denied") || strings.Contains(result.Combined(), "Operation not permitted")) {
-		c.Fatalf("expected chmod 777 /proc/1/attr/current to fail, got %s: %v", result.Combined(), err)
+		c.Fatalf("expected chmod 777 /proc/1/attr/current to fail, got %s: %v", result.Combined(), result.Error)
 	}
 }
 

integration-cli/docker_cli_swarm_test.go

@@ -1439,7 +1439,7 @@ func (s *DockerTrustedSwarmSuite) TestTrustedServiceCreate(c *check.C) {
 
 	name := "trusted"
 	serviceCmd := d.Command("-D", "service", "create", "--name", name, repoName, "top")
-	s.trustSuite.trustedCmd(serviceCmd)
+	trustedExecCmd(serviceCmd)
 	out, _, err := runCommandWithOutput(serviceCmd)
 	c.Assert(err, checker.IsNil, check.Commentf(out))
 	c.Assert(out, checker.Contains, "resolved image tag to", check.Commentf(out))
@@ -1458,7 +1458,7 @@ func (s *DockerTrustedSwarmSuite) TestTrustedServiceCreate(c *check.C) {
 
 	name = "untrusted"
 	serviceCmd = d.Command("service", "create", "--name", name, repoName, "top")
-	s.trustSuite.trustedCmd(serviceCmd)
+	trustedExecCmd(serviceCmd)
 	out, _, err = runCommandWithOutput(serviceCmd)
 
 	c.Assert(err, check.NotNil, check.Commentf(out))
@@ -1487,7 +1487,7 @@ func (s *DockerTrustedSwarmSuite) TestTrustedServiceUpdate(c *check.C) {
 	c.Assert(out, check.Not(checker.Contains), repoName+"@", check.Commentf(out))
 
 	serviceCmd := d.Command("-D", "service", "update", "--image", repoName, name)
-	s.trustSuite.trustedCmd(serviceCmd)
+	trustedExecCmd(serviceCmd)
 	out, _, err = runCommandWithOutput(serviceCmd)
 	c.Assert(err, checker.IsNil, check.Commentf(out))
 	c.Assert(out, checker.Contains, "resolved image tag to", check.Commentf(out))
@@ -1505,7 +1505,7 @@ func (s *DockerTrustedSwarmSuite) TestTrustedServiceUpdate(c *check.C) {
 	dockerCmd(c, "rmi", repoName)
 
 	serviceCmd = d.Command("service", "update", "--image", repoName, name)
-	s.trustSuite.trustedCmd(serviceCmd)
+	trustedExecCmd(serviceCmd)
 	out, _, err = runCommandWithOutput(serviceCmd)
 
 	c.Assert(err, check.NotNil, check.Commentf(out))

integration-cli/docker_cli_volume_test.go

@@ -229,7 +229,7 @@ func (s *DockerSuite) TestVolumeCLIRm(c *check.C) {
 
 	icmd.RunCommand(dockerBinary, "volume", "rm", "testing").Assert(c, icmd.Expected{
 		ExitCode: 1,
-		Error: "exit status 1",
+		Error:    "exit status 1",
 	})
 
 	out, _ = dockerCmd(c, "run", "--volumes-from=test", "--name=test2", "busybox", "sh", "-c", "cat /foo/bar")

integration-cli/docker_cli_wait_test.go

@@ -6,8 +6,8 @@ import (
 	"strings"
 	"time"
 
-	icmd "github.com/docker/docker/pkg/testutil/cmd"
 	"github.com/docker/docker/integration-cli/checker"
+	icmd "github.com/docker/docker/pkg/testutil/cmd"
 	"github.com/go-check/check"
 )
 

integration-cli/trust_server_test.go

@@ -13,6 +13,7 @@ import (
 
 	cliconfig "github.com/docker/docker/cli/config"
 	"github.com/docker/docker/integration-cli/checker"
+	icmd "github.com/docker/docker/pkg/testutil/cmd"
 	"github.com/docker/go-connections/tlsconfig"
 	"github.com/go-check/check"
 )
@@ -34,6 +35,30 @@ type testNotary struct {
 const notaryHost = "localhost:4443"
 const notaryURL = "https://" + notaryHost
 
+var SuccessTagging = icmd.Expected{
+	Out: "Tagging",
+}
+
+var SuccessSigningAndPushing = icmd.Expected{
+	Out: "Signing and pushing trust metadata",
+}
+
+var SuccessDownloaded = icmd.Expected{
+	Out: "Status: Downloaded",
+}
+
+var SuccessTaggingOnStderr = icmd.Expected{
+	Err: "Tagging",
+}
+
+var SuccessSigningAndPushingOnStderr = icmd.Expected{
+	Err: "Signing and pushing trust metadata",
+}
+
+var SuccessDownloadedOnStderr = icmd.Expected{
+	Err: "Status: Downloaded",
+}
+
 func newTestNotary(c *check.C) (*testNotary, error) {
 	// generate server config
 	template := `{
@@ -164,28 +189,38 @@ func (t *testNotary) Close() {
 	os.RemoveAll(t.dir)
 }
 
-func (s *DockerTrustSuite) trustedCmd(cmd *exec.Cmd) {
+// Deprecated: used trustedCmd instead
+func trustedExecCmd(cmd *exec.Cmd) {
 	pwd := "12345678"
-	trustCmdEnv(cmd, notaryURL, pwd, pwd)
+	cmd.Env = append(cmd.Env, trustEnv(notaryURL, pwd, pwd)...)
 }
 
-func (s *DockerTrustSuite) trustedCmdWithServer(cmd *exec.Cmd, server string) {
+func trustedCmd(cmd *icmd.Cmd) {
 	pwd := "12345678"
-	trustCmdEnv(cmd, server, pwd, pwd)
+	cmd.Env = append(cmd.Env, trustEnv(notaryURL, pwd, pwd)...)
 }
 
-func (s *DockerTrustSuite) trustedCmdWithPassphrases(cmd *exec.Cmd, rootPwd, repositoryPwd string) {
-	trustCmdEnv(cmd, notaryURL, rootPwd, repositoryPwd)
+func trustedCmdWithServer(server string) func(*icmd.Cmd) {
+	return func(cmd *icmd.Cmd) {
+		pwd := "12345678"
+		cmd.Env = append(cmd.Env, trustEnv(server, pwd, pwd)...)
+	}
 }
 
-func trustCmdEnv(cmd *exec.Cmd, server, rootPwd, repositoryPwd string) {
-	env := []string{
+func trustedCmdWithPassphrases(rootPwd, repositoryPwd string) func(*icmd.Cmd) {
+	return func(cmd *icmd.Cmd) {
+		cmd.Env = append(cmd.Env, trustEnv(notaryURL, rootPwd, repositoryPwd)...)
+	}
+}
+
+func trustEnv(server, rootPwd, repositoryPwd string) []string {
+	env := append(os.Environ(), []string{
 		"DOCKER_CONTENT_TRUST=1",
 		fmt.Sprintf("DOCKER_CONTENT_TRUST_SERVER=%s", server),
 		fmt.Sprintf("DOCKER_CONTENT_TRUST_ROOT_PASSPHRASE=%s", rootPwd),
 		fmt.Sprintf("DOCKER_CONTENT_TRUST_REPOSITORY_PASSPHRASE=%s", repositoryPwd),
-	}
-	cmd.Env = append(os.Environ(), env...)
+	}...)
+	return env
 }
 
 func (s *DockerTrustSuite) setupTrustedImage(c *check.C, name string) string {
@@ -193,16 +228,7 @@ func (s *DockerTrustSuite) setupTrustedImage(c *check.C, name string) string {
 	// tag the image and upload it to the private registry
 	dockerCmd(c, "tag", "busybox", repoName)
 
-	pushCmd := exec.Command(dockerBinary, "push", repoName)
-	s.trustedCmd(pushCmd)
-	out, _, err := runCommandWithOutput(pushCmd)
-
-	if err != nil {
-		c.Fatalf("Error running trusted push: %s\n%s", err, out)
-	}
-	if !strings.Contains(string(out), "Signing and pushing trust metadata") {
-		c.Fatalf("Missing expected output on trusted push:\n%s", out)
-	}
+	icmd.RunCmd(icmd.Command(dockerBinary, "push", repoName), trustedCmd).Assert(c, SuccessSigningAndPushing)
 
 	if out, status := dockerCmd(c, "rmi", repoName); status != 0 {
 		c.Fatalf("Error removing image %q\n%s", repoName, out)
@@ -216,16 +242,7 @@ func (s *DockerTrustSuite) setupTrustedplugin(c *check.C, source, name string) s
 	// tag the image and upload it to the private registry
 	dockerCmd(c, "plugin", "install", "--grant-all-permissions", "--alias", repoName, source)
 
-	pushCmd := exec.Command(dockerBinary, "plugin", "push", repoName)
-	s.trustedCmd(pushCmd)
-	out, _, err := runCommandWithOutput(pushCmd)
-
-	if err != nil {
-		c.Fatalf("Error running trusted plugin push: %s\n%s", err, out)
-	}
-	if !strings.Contains(string(out), "Signing and pushing trust metadata") {
-		c.Fatalf("Missing expected output on trusted push:\n%s", out)
-	}
+	icmd.RunCmd(icmd.Command(dockerBinary, "plugin", "push", repoName), trustedCmd).Assert(c, SuccessSigningAndPushing)
 
 	if out, status := dockerCmd(c, "plugin", "rm", "-f", repoName); status != 0 {
 		c.Fatalf("Error removing plugin %q\n%s", repoName, out)

integration-cli/utils_test.go

@@ -13,6 +13,7 @@ func getPrefixAndSlashFromDaemonPlatform() (prefix, slash string) {
 }
 
 // TODO: update code to call cmd.RunCmd directly, and remove this function
+// Deprecated: use pkg/testutil/cmd instead
 func runCommandWithOutput(execCmd *exec.Cmd) (string, int, error) {
 	result := cmd.RunCmd(transformCmd(execCmd))
 	return result.Combined(), result.ExitCode, result.Error

pkg/testutil/cmd/command.go

@@ -215,8 +215,16 @@ type Cmd struct {
 	Env     []string
 }
 
+// Command create a simple Cmd with the specified command and arguments
+func Command(command string, args ...string) Cmd {
+	return Cmd{Command: append([]string{command}, args...)}
+}
+
 // RunCmd runs a command and returns a Result
-func RunCmd(cmd Cmd) *Result {
+func RunCmd(cmd Cmd, cmdOperators ...func(*Cmd)) *Result {
+	for _, op := range cmdOperators {
+		op(&cmd)
+	}
 	result := StartCmd(cmd)
 	if result.Error != nil {
 		return result
@@ -226,7 +234,7 @@ func RunCmd(cmd Cmd) *Result {
 
 // RunCommand parses a command line and runs it, returning a result
 func RunCommand(command string, args ...string) *Result {
-	return RunCmd(Cmd{Command: append([]string{command}, args...)})
+	return RunCmd(Command(command, args...))
 }
 
 // StartCmd starts a command, but doesn't wait for it to finish