Add build integration cli tests

Clean up tests to remove duplicate code

Add tests which run pull and create in an isolated configuration directory.
Add build test for untrusted tag

Signed-off-by: Derek McGowan <derek@mcgstyle.net> (github: dmcgowan)

integration-cli/docker_cli_build_test.go

@@ -5328,3 +5328,48 @@ func (s *DockerSuite) TestBuildRUNErrMsg(c *check.C) {
 		c.Fatalf("RUN doesn't have the correct output:\nGot:%s\nExpected:%s", out, exp)
 	}
 }
+
+func (s *DockerTrustSuite) TestTrustedBuild(c *check.C) {
+	repoName := s.setupTrustedImage(c, "trusted-build")
+	dockerFile := fmt.Sprintf(`
+  FROM %s
+  RUN []
+    `, repoName)
+
+	name := "testtrustedbuild"
+
+	buildCmd := buildImageCmd(name, dockerFile, true)
+	s.trustedCmd(buildCmd)
+	out, _, err := runCommandWithOutput(buildCmd)
+	if err != nil {
+		c.Fatalf("Error running trusted build: %s\n%s", err, out)
+	}
+
+	if !strings.Contains(out, fmt.Sprintf("FROM %s@sha", repoName[:len(repoName)-7])) {
+		c.Fatalf("Unexpected output on trusted build:\n%s", out)
+	}
+
+	// Build command does not create untrusted tag
+	//dockerCmd(c, "rmi", repoName)
+}
+
+func (s *DockerTrustSuite) TestTrustedBuildUntrustedTag(c *check.C) {
+	repoName := fmt.Sprintf("%v/dockercli/build-untrusted-tag:latest", privateRegistryURL)
+	dockerFile := fmt.Sprintf(`
+  FROM %s
+  RUN []
+    `, repoName)
+
+	name := "testtrustedbuilduntrustedtag"
+
+	buildCmd := buildImageCmd(name, dockerFile, true)
+	s.trustedCmd(buildCmd)
+	out, _, err := runCommandWithOutput(buildCmd)
+	if err == nil {
+		c.Fatalf("Expected error on trusted build with untrusted tag: %s\n%s", err, out)
+	}
+
+	if !strings.Contains(out, fmt.Sprintf("no trust data available")) {
+		c.Fatalf("Unexpected output on trusted build with untrusted tag:\n%s", out)
+	}
+}

integration-cli/docker_cli_create_test.go

@@ -275,26 +275,12 @@ func (s *DockerSuite) TestCreateModeIpcContainer(c *check.C) {
 }
 
 func (s *DockerTrustSuite) TestTrustedCreate(c *check.C) {
-	repoName := fmt.Sprintf("%v/dockerclicreate/trusted:latest", privateRegistryURL)
-	// tag the image and upload it to the private registry
-	dockerCmd(c, "tag", "busybox", repoName)
-
-	pushCmd := exec.Command(dockerBinary, "push", repoName)
-	s.trustedCmd(pushCmd)
-	out, _, err := runCommandWithOutput(pushCmd)
-	if err != nil {
-		c.Fatalf("Error running trusted push: %s\n%s", err, out)
-	}
-	if !strings.Contains(string(out), "Signing and pushing trust metadata") {
-		c.Fatalf("Missing expected output on trusted push:\n%s", out)
-	}
-
-	dockerCmd(c, "rmi", repoName)
+	repoName := s.setupTrustedImage(c, "trusted-create")
 
 	// Try create
 	createCmd := exec.Command(dockerBinary, "create", repoName)
 	s.trustedCmd(createCmd)
-	out, _, err = runCommandWithOutput(createCmd)
+	out, _, err := runCommandWithOutput(createCmd)
 	if err != nil {
 		c.Fatalf("Error running trusted create: %s\n%s", err, out)
 	}
@@ -338,22 +324,26 @@ func (s *DockerTrustSuite) TestUntrustedCreate(c *check.C) {
 	}
 }
 
-func (s *DockerTrustSuite) TestCreateWhenCertExpired(c *check.C) {
-	repoName := fmt.Sprintf("%v/dockercli/trusted:latest", privateRegistryURL)
-	// tag the image and upload it to the private registry
-	dockerCmd(c, "tag", "busybox", repoName)
+func (s *DockerTrustSuite) TestTrustedIsolatedCreate(c *check.C) {
+	repoName := s.setupTrustedImage(c, "trusted-isolated-create")
 
-	pushCmd := exec.Command(dockerBinary, "push", repoName)
-	s.trustedCmd(pushCmd)
-	out, _, err := runCommandWithOutput(pushCmd)
+	// Try create
+	createCmd := exec.Command(dockerBinary, "--config", "/tmp/docker-isolated-create", "create", repoName)
+	s.trustedCmd(createCmd)
+	out, _, err := runCommandWithOutput(createCmd)
 	if err != nil {
-		c.Fatalf("Error running trusted push: %s\n%s", err, out)
+		c.Fatalf("Error running trusted create: %s\n%s", err, out)
 	}
-	if !strings.Contains(string(out), "Signing and pushing trust metadata") {
+
+	if !strings.Contains(string(out), "Tagging") {
 		c.Fatalf("Missing expected output on trusted push:\n%s", out)
 	}
 
 	dockerCmd(c, "rmi", repoName)
+}
+
+func (s *DockerTrustSuite) TestCreateWhenCertExpired(c *check.C) {
+	repoName := s.setupTrustedImage(c, "trusted-create-expired")
 
 	// Certificates have 10 years of expiration
 	elevenYearsFromNow := time.Now().Add(time.Hour * 24 * 365 * 11)
@@ -362,7 +352,7 @@ func (s *DockerTrustSuite) TestCreateWhenCertExpired(c *check.C) {
 		// Try create
 		createCmd := exec.Command(dockerBinary, "create", repoName)
 		s.trustedCmd(createCmd)
-		out, _, err = runCommandWithOutput(createCmd)
+		out, _, err := runCommandWithOutput(createCmd)
 		if err == nil {
 			c.Fatalf("Error running trusted create in the distant future: %s\n%s", err, out)
 		}
@@ -376,7 +366,7 @@ func (s *DockerTrustSuite) TestCreateWhenCertExpired(c *check.C) {
 		// Try create
 		createCmd := exec.Command(dockerBinary, "create", "--untrusted", repoName)
 		s.trustedCmd(createCmd)
-		out, _, err = runCommandWithOutput(createCmd)
+		out, _, err := runCommandWithOutput(createCmd)
 		if err != nil {
 			c.Fatalf("Error running untrusted create in the distant future: %s\n%s", err, out)
 		}

integration-cli/docker_cli_pull_test.go

@@ -155,26 +155,12 @@ func (s *DockerSuite) TestPullImageWithAllTagFromCentralRegistry(c *check.C) {
 }
 
 func (s *DockerTrustSuite) TestTrustedPull(c *check.C) {
-	repoName := fmt.Sprintf("%v/dockerclipull/trusted:latest", privateRegistryURL)
-	// tag the image and upload it to the private registry
-	dockerCmd(c, "tag", "busybox", repoName)
-
-	pushCmd := exec.Command(dockerBinary, "push", repoName)
-	s.trustedCmd(pushCmd)
-	out, _, err := runCommandWithOutput(pushCmd)
-	if err != nil {
-		c.Fatalf("Error running trusted push: %s\n%s", err, out)
-	}
-	if !strings.Contains(string(out), "Signing and pushing trust metadata") {
-		c.Fatalf("Missing expected output on trusted push:\n%s", out)
-	}
-
-	dockerCmd(c, "rmi", repoName)
+	repoName := s.setupTrustedImage(c, "trusted-pull")
 
 	// Try pull
 	pullCmd := exec.Command(dockerBinary, "pull", repoName)
 	s.trustedCmd(pullCmd)
-	out, _, err = runCommandWithOutput(pullCmd)
+	out, _, err := runCommandWithOutput(pullCmd)
 	if err != nil {
 		c.Fatalf("Error running trusted pull: %s\n%s", err, out)
 	}
@@ -198,6 +184,24 @@ func (s *DockerTrustSuite) TestTrustedPull(c *check.C) {
 	}
 }
 
+func (s *DockerTrustSuite) TestTrustedIsolatedPull(c *check.C) {
+	repoName := s.setupTrustedImage(c, "trusted-isolatd-pull")
+
+	// Try pull (run from isolated directory without trust information)
+	pullCmd := exec.Command(dockerBinary, "--config", "/tmp/docker-isolated", "pull", repoName)
+	s.trustedCmd(pullCmd)
+	out, _, err := runCommandWithOutput(pullCmd)
+	if err != nil {
+		c.Fatalf("Error running trusted pull: %s\n%s", err, out)
+	}
+
+	if !strings.Contains(string(out), "Tagging") {
+		c.Fatalf("Missing expected output on trusted push:\n%s", out)
+	}
+
+	dockerCmd(c, "rmi", repoName)
+}
+
 func (s *DockerTrustSuite) TestUntrustedPull(c *check.C) {
 	repoName := fmt.Sprintf("%v/dockercli/trusted:latest", privateRegistryURL)
 	// tag the image and upload it to the private registry
@@ -219,21 +223,7 @@ func (s *DockerTrustSuite) TestUntrustedPull(c *check.C) {
 }
 
 func (s *DockerTrustSuite) TestPullWhenCertExpired(c *check.C) {
-	repoName := fmt.Sprintf("%v/dockercli/trusted:latest", privateRegistryURL)
-	// tag the image and upload it to the private registry
-	dockerCmd(c, "tag", "busybox", repoName)
-
-	pushCmd := exec.Command(dockerBinary, "push", repoName)
-	s.trustedCmd(pushCmd)
-	out, _, err := runCommandWithOutput(pushCmd)
-	if err != nil {
-		c.Fatalf("Error running trusted push: %s\n%s", err, out)
-	}
-	if !strings.Contains(string(out), "Signing and pushing trust metadata") {
-		c.Fatalf("Missing expected output on trusted push:\n%s", out)
-	}
-
-	dockerCmd(c, "rmi", repoName)
+	repoName := s.setupTrustedImage(c, "trusted-cert-expired")
 
 	// Certificates have 10 years of expiration
 	elevenYearsFromNow := time.Now().Add(time.Hour * 24 * 365 * 11)
@@ -242,7 +232,7 @@ func (s *DockerTrustSuite) TestPullWhenCertExpired(c *check.C) {
 		// Try pull
 		pullCmd := exec.Command(dockerBinary, "pull", repoName)
 		s.trustedCmd(pullCmd)
-		out, _, err = runCommandWithOutput(pullCmd)
+		out, _, err := runCommandWithOutput(pullCmd)
 		if err == nil {
 			c.Fatalf("Error running trusted pull in the distant future: %s\n%s", err, out)
 		}
@@ -256,7 +246,7 @@ func (s *DockerTrustSuite) TestPullWhenCertExpired(c *check.C) {
 		// Try pull
 		pullCmd := exec.Command(dockerBinary, "pull", "--untrusted", repoName)
 		s.trustedCmd(pullCmd)
-		out, _, err = runCommandWithOutput(pullCmd)
+		out, _, err := runCommandWithOutput(pullCmd)
 		if err != nil {
 			c.Fatalf("Error running untrusted pull in the distant future: %s\n%s", err, out)
 		}

integration-cli/docker_cli_push_test.go

@@ -281,7 +281,7 @@ func (s *DockerTrustSuite) TestTrustedPushWithIncorrectPassphraseForNonRoot(c *c
 		c.Fatalf("Error missing from trusted push with short targets passphrase: \n%s", out)
 	}
 
-	if !strings.Contains(string(out), "Password Invalid, operation has failed") {
+	if !strings.Contains(string(out), "password invalid, operation has failed") {
 		c.Fatalf("Missing expected output on trusted push with short targets/snapsnot passphrase:\n%s", out)
 	}
 }

integration-cli/docker_cli_run_test.go

@@ -2549,26 +2549,12 @@ func (s *DockerSuite) TestRunNetworkFilesBindMount(c *check.C) {
 }
 
 func (s *DockerTrustSuite) TestTrustedRun(c *check.C) {
-	repoName := fmt.Sprintf("%v/dockerclirun/trusted:latest", privateRegistryURL)
-	// tag the image and upload it to the private registry
-	dockerCmd(c, "tag", "busybox", repoName)
-
-	pushCmd := exec.Command(dockerBinary, "push", repoName)
-	s.trustedCmd(pushCmd)
-	out, _, err := runCommandWithOutput(pushCmd)
-	if err != nil {
-		c.Fatalf("Error running trusted push: %s\n%s", err, out)
-	}
-	if !strings.Contains(string(out), "Signing and pushing trust metadata") {
-		c.Fatalf("Missing expected output on trusted push:\n%s", out)
-	}
-
-	dockerCmd(c, "rmi", repoName)
+	repoName := s.setupTrustedImage(c, "trusted-run")
 
 	// Try run
 	runCmd := exec.Command(dockerBinary, "run", repoName)
 	s.trustedCmd(runCmd)
-	out, _, err = runCommandWithOutput(runCmd)
+	out, _, err := runCommandWithOutput(runCmd)
 	if err != nil {
 		c.Fatalf("Error running trusted run: %s\n%s\n", err, out)
 	}
@@ -2613,21 +2599,7 @@ func (s *DockerTrustSuite) TestUntrustedRun(c *check.C) {
 }
 
 func (s *DockerTrustSuite) TestRunWhenCertExpired(c *check.C) {
-	repoName := fmt.Sprintf("%v/dockercli/trusted:latest", privateRegistryURL)
-	// tag the image and upload it to the private registry
-	dockerCmd(c, "tag", "busybox", repoName)
-
-	pushCmd := exec.Command(dockerBinary, "push", repoName)
-	s.trustedCmd(pushCmd)
-	out, _, err := runCommandWithOutput(pushCmd)
-	if err != nil {
-		c.Fatalf("Error running trusted push: %s\n%s", err, out)
-	}
-	if !strings.Contains(string(out), "Signing and pushing trust metadata") {
-		c.Fatalf("Missing expected output on trusted push:\n%s", out)
-	}
-
-	dockerCmd(c, "rmi", repoName)
+	repoName := s.setupTrustedImage(c, "trusted-run-expired")
 
 	// Certificates have 10 years of expiration
 	elevenYearsFromNow := time.Now().Add(time.Hour * 24 * 365 * 11)
@@ -2636,7 +2608,7 @@ func (s *DockerTrustSuite) TestRunWhenCertExpired(c *check.C) {
 		// Try run
 		runCmd := exec.Command(dockerBinary, "run", repoName)
 		s.trustedCmd(runCmd)
-		out, _, err = runCommandWithOutput(runCmd)
+		out, _, err := runCommandWithOutput(runCmd)
 		if err == nil {
 			c.Fatalf("Error running trusted run in the distant future: %s\n%s", err, out)
 		}
@@ -2650,7 +2622,7 @@ func (s *DockerTrustSuite) TestRunWhenCertExpired(c *check.C) {
 		// Try run
 		runCmd := exec.Command(dockerBinary, "run", "--untrusted", repoName)
 		s.trustedCmd(runCmd)
-		out, _, err = runCommandWithOutput(runCmd)
+		out, _, err := runCommandWithOutput(runCmd)
 		if err != nil {
 			c.Fatalf("Error running untrusted run in the distant future: %s\n%s", err, out)
 		}

integration-cli/docker_utils.go

@@ -969,14 +969,20 @@ func getContainerState(c *check.C, id string) (int, bool, error) {
 	return exitStatus, running, nil
 }
 
-func buildImageWithOut(name, dockerfile string, useCache bool) (string, string, error) {
-	args := []string{"build", "-t", name}
+func buildImageCmd(name, dockerfile string, useCache bool) *exec.Cmd {
+	args := []string{"-D", "build", "-t", name}
 	if !useCache {
 		args = append(args, "--no-cache")
 	}
 	args = append(args, "-")
 	buildCmd := exec.Command(dockerBinary, args...)
 	buildCmd.Stdin = strings.NewReader(dockerfile)
+	return buildCmd
+
+}
+
+func buildImageWithOut(name, dockerfile string, useCache bool) (string, string, error) {
+	buildCmd := buildImageCmd(name, dockerfile, useCache)
 	out, exitCode, err := runCommandWithOutput(buildCmd)
 	if err != nil || exitCode != 0 {
 		return "", out, fmt.Errorf("failed to build the image: %s", out)
@@ -989,13 +995,7 @@ func buildImageWithOut(name, dockerfile string, useCache bool) (string, string,
 }
 
 func buildImageWithStdoutStderr(name, dockerfile string, useCache bool) (string, string, string, error) {
-	args := []string{"build", "-t", name}
-	if !useCache {
-		args = append(args, "--no-cache")
-	}
-	args = append(args, "-")
-	buildCmd := exec.Command(dockerBinary, args...)
-	buildCmd.Stdin = strings.NewReader(dockerfile)
+	buildCmd := buildImageCmd(name, dockerfile, useCache)
 	stdout, stderr, exitCode, err := runCommandWithStdoutStderr(buildCmd)
 	if err != nil || exitCode != 0 {
 		return "", stdout, stderr, fmt.Errorf("failed to build the image: %s", stdout)

integration-cli/trust_server.go

@@ -8,6 +8,7 @@ import (
 	"os"
 	"os/exec"
 	"path/filepath"
+	"strings"
 	"time"
 
 	"github.com/docker/docker/pkg/tlsconfig"
@@ -107,6 +108,7 @@ func (s *DockerTrustSuite) trustedCmdWithServer(cmd *exec.Cmd, server string) {
 	pwd := "12345678"
 	trustCmdEnv(cmd, server, pwd, pwd, pwd)
 }
+
 func (s *DockerTrustSuite) trustedCmdWithPassphrases(cmd *exec.Cmd, rootPwd, snapshotPwd, targetPwd string) {
 	trustCmdEnv(cmd, s.not.address(), rootPwd, snapshotPwd, targetPwd)
 }
@@ -121,3 +123,25 @@ func trustCmdEnv(cmd *exec.Cmd, server, rootPwd, snapshotPwd, targetPwd string)
 	}
 	cmd.Env = append(os.Environ(), env...)
 }
+
+func (s *DockerTrustSuite) setupTrustedImage(c *check.C, name string) string {
+	repoName := fmt.Sprintf("%v/dockercli/%s:latest", privateRegistryURL, name)
+	// tag the image and upload it to the private registry
+	dockerCmd(c, "tag", "busybox", repoName)
+
+	pushCmd := exec.Command(dockerBinary, "push", repoName)
+	s.trustedCmd(pushCmd)
+	out, _, err := runCommandWithOutput(pushCmd)
+	if err != nil {
+		c.Fatalf("Error running trusted push: %s\n%s", err, out)
+	}
+	if !strings.Contains(string(out), "Signing and pushing trust metadata") {
+		c.Fatalf("Missing expected output on trusted push:\n%s", out)
+	}
+
+	if out, status := dockerCmd(c, "rmi", repoName); status != 0 {
+		c.Fatalf("Error removing image %q\n%s", repoName, out)
+	}
+
+	return repoName
+}