We use cookies to ensure you get the best experience on our website
Inicio Explorar Ayuda
Registro Iniciar sesión
0ct0pu5
/
moby
1
0
Fork 0
Archivos Incidencias 0 Pull Requests 0 Wiki
Árbol: 09c4643ce1
Ramas Etiquetas
moby
/
integration-cli
/
docker_cli_push_test.go

docker_cli_push_test.go 14 KB
Histórico Raw

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305 
  1. package main
    2. 

  2. 

  3. import (
    4. 

  4. 	"archive/tar"
    5. 

  5. 	"fmt"
    6. 

  6. 	"io/ioutil"
    7. 

  7. 	"os"
    8. 

  8. 	"os/exec"
    9. 

  9. 	"strings"
    10. 

  10. 	"time"
    11. 

  11. 

  12. 	"github.com/docker/docker/pkg/integration/checker"
    13. 

  13. 	"github.com/go-check/check"
    14. 

  14. )
    15. 

  15. 

  16. // Pushing an image to a private registry.
    17. 

  17. func (s *DockerRegistrySuite) TestPushBusyboxImage(c *check.C) {
    18. 

  18. 	repoName := fmt.Sprintf("%v/dockercli/busybox", privateRegistryURL)
    19. 

  19. 	// tag the image to upload it to the private registry
    20. 

  20. 	dockerCmd(c, "tag", "busybox", repoName)
    21. 

  21. 	// push the image to the registry
    22. 

  22. 	dockerCmd(c, "push", repoName)
    23. 

  23. }
    24. 

  24. 

  25. // pushing an image without a prefix should throw an error
    26. 

  26. func (s *DockerSuite) TestPushUnprefixedRepo(c *check.C) {
    27. 

  27. 	out, _, err := dockerCmdWithError("push", "busybox")
    28. 

  28. 	c.Assert(err, check.NotNil, check.Commentf("pushing an unprefixed repo didn't result in a non-zero exit status: %s", out))
    29. 

  29. }
    30. 

  30. 

  31. func (s *DockerRegistrySuite) TestPushUntagged(c *check.C) {
    32. 

  32. 	repoName := fmt.Sprintf("%v/dockercli/busybox", privateRegistryURL)
    33. 

  33. 	expected := "Repository does not exist"
    34. 

  34. 

  35. 	out, _, err := dockerCmdWithError("push", repoName)
    36. 

  36. 	c.Assert(err, check.NotNil, check.Commentf("pushing the image to the private registry should have failed: output %q", out))
    37. 

  37. 	c.Assert(out, checker.Contains, expected, check.Commentf("pushing the image failed"))
    38. 

  38. }
    39. 

  39. 

  40. func (s *DockerRegistrySuite) TestPushBadTag(c *check.C) {
    41. 

  41. 	repoName := fmt.Sprintf("%v/dockercli/busybox:latest", privateRegistryURL)
    42. 

  42. 	expected := "does not exist"
    43. 

  43. 

  44. 	out, _, err := dockerCmdWithError("push", repoName)
    45. 

  45. 	c.Assert(err, check.NotNil, check.Commentf("pushing the image to the private registry should have failed: output %q", out))
    46. 

  46. 	c.Assert(out, checker.Contains, expected, check.Commentf("pushing the image failed"))
    47. 

  47. }
    48. 

  48. 

  49. func (s *DockerRegistrySuite) TestPushMultipleTags(c *check.C) {
    50. 

  50. 	repoName := fmt.Sprintf("%v/dockercli/busybox", privateRegistryURL)
    51. 

  51. 	repoTag1 := fmt.Sprintf("%v/dockercli/busybox:t1", privateRegistryURL)
    52. 

  52. 	repoTag2 := fmt.Sprintf("%v/dockercli/busybox:t2", privateRegistryURL)
    53. 

  53. 	// tag the image and upload it to the private registry
    54. 

  54. 	dockerCmd(c, "tag", "busybox", repoTag1)
    55. 

  55. 

  56. 	dockerCmd(c, "tag", "busybox", repoTag2)
    57. 

  57. 

  58. 	dockerCmd(c, "push", repoName)
    59. 

  59. 

  60. 	// Ensure layer list is equivalent for repoTag1 and repoTag2
    61. 

  61. 	out1, _ := dockerCmd(c, "pull", repoTag1)
    62. 

  62. 

  63. 	imageAlreadyExists := ": Image already exists"
    64. 

  64. 	var out1Lines []string
    65. 

  65. 	for _, outputLine := range strings.Split(out1, "\n") {
    66. 

  66. 		if strings.Contains(outputLine, imageAlreadyExists) {
    67. 

  67. 			out1Lines = append(out1Lines, outputLine)
    68. 

  68. 		}
    69. 

  69. 	}
    70. 

  70. 

  71. 	out2, _ := dockerCmd(c, "pull", repoTag2)
    72. 

  72. 

  73. 	var out2Lines []string
    74. 

  74. 	for _, outputLine := range strings.Split(out2, "\n") {
    75. 

  75. 		if strings.Contains(outputLine, imageAlreadyExists) {
    76. 

  76. 			out1Lines = append(out1Lines, outputLine)
    77. 

  77. 		}
    78. 

  78. 	}
    79. 

  79. 	c.Assert(out2Lines, checker.HasLen, len(out1Lines))
    80. 

  80. 

  81. 	for i := range out1Lines {
    82. 

  82. 		c.Assert(out1Lines[i], checker.Equals, out2Lines[i])
    83. 

  83. 	}
    84. 

  84. }
    85. 

  85. 

  86. func (s *DockerRegistrySuite) TestPushEmptyLayer(c *check.C) {
    87. 

  87. 	repoName := fmt.Sprintf("%v/dockercli/emptylayer", privateRegistryURL)
    88. 

  88. 	emptyTarball, err := ioutil.TempFile("", "empty_tarball")
    89. 

  89. 	c.Assert(err, check.IsNil, check.Commentf("Unable to create test file"))
    90. 

  90. 

  91. 	tw := tar.NewWriter(emptyTarball)
    92. 

  92. 	err = tw.Close()
    93. 

  93. 	c.Assert(err, check.IsNil, check.Commentf("Error creating empty tarball"))
    94. 

  94. 

  95. 	freader, err := os.Open(emptyTarball.Name())
    96. 

  96. 	c.Assert(err, check.IsNil, check.Commentf("Could not open test tarball"))
    97. 

  97. 

  98. 	importCmd := exec.Command(dockerBinary, "import", "-", repoName)
    99. 

  99. 	importCmd.Stdin = freader
    100. 

  100. 	out, _, err := runCommandWithOutput(importCmd)
    101. 

  101. 	c.Assert(err, check.IsNil, check.Commentf("import failed: %q", out))
    102. 

  102. 

  103. 	// Now verify we can push it
    104. 

  104. 	out, _, err = dockerCmdWithError("push", repoName)
    105. 

  105. 	c.Assert(err, check.IsNil, check.Commentf("pushing the image to the private registry has failed: %s", out))
    106. 

  106. }
    107. 

  107. 

  108. func (s *DockerTrustSuite) TestTrustedPush(c *check.C) {
    109. 

  109. 	repoName := fmt.Sprintf("%v/dockercli/trusted:latest", privateRegistryURL)
    110. 

  110. 	// tag the image and upload it to the private registry
    111. 

  111. 	dockerCmd(c, "tag", "busybox", repoName)
    112. 

  112. 

  113. 	pushCmd := exec.Command(dockerBinary, "push", repoName)
    114. 

  114. 	s.trustedCmd(pushCmd)
    115. 

  115. 	out, _, err := runCommandWithOutput(pushCmd)
    116. 

  116. 	c.Assert(err, check.IsNil, check.Commentf("Error running trusted push: %s\n%s", err, out))
    117. 

  117. 	c.Assert(out, checker.Contains, "Signing and pushing trust metadata", check.Commentf("Missing expected output on trusted push"))
    118. 

  118. }
    119. 

  119. 

  120. func (s *DockerTrustSuite) TestTrustedPushWithEnvPasswords(c *check.C) {
    121. 

  121. 	repoName := fmt.Sprintf("%v/dockercli/trusted:latest", privateRegistryURL)
    122. 

  122. 	// tag the image and upload it to the private registry
    123. 

  123. 	dockerCmd(c, "tag", "busybox", repoName)
    124. 

  124. 

  125. 	pushCmd := exec.Command(dockerBinary, "push", repoName)
    126. 

  126. 	s.trustedCmdWithPassphrases(pushCmd, "12345678", "12345678")
    127. 

  127. 	out, _, err := runCommandWithOutput(pushCmd)
    128. 

  128. 	c.Assert(err, check.IsNil, check.Commentf("Error running trusted push: %s\n%s", err, out))
    129. 

  129. 	c.Assert(out, checker.Contains, "Signing and pushing trust metadata", check.Commentf("Missing expected output on trusted push"))
    130. 

  130. }
    131. 

  131. 

  132. // This test ensures backwards compatibility with old ENV variables. Should be
    133. 

  133. // deprecated by 1.10
    134. 

  134. func (s *DockerTrustSuite) TestTrustedPushWithDeprecatedEnvPasswords(c *check.C) {
    135. 

  135. 	repoName := fmt.Sprintf("%v/dockercli/trusteddeprecated:latest", privateRegistryURL)
    136. 

  136. 	// tag the image and upload it to the private registry
    137. 

  137. 	dockerCmd(c, "tag", "busybox", repoName)
    138. 

  138. 

  139. 	pushCmd := exec.Command(dockerBinary, "push", repoName)
    140. 

  140. 	s.trustedCmdWithDeprecatedEnvPassphrases(pushCmd, "12345678", "12345678")
    141. 

  141. 	out, _, err := runCommandWithOutput(pushCmd)
    142. 

  142. 	c.Assert(err, check.IsNil, check.Commentf("Error running trusted push: %s\n%s", err, out))
    143. 

  143. 	c.Assert(out, checker.Contains, "Signing and pushing trust metadata", check.Commentf("Missing expected output on trusted push"))
    144. 

  144. }
    145. 

  145. 

  146. func (s *DockerTrustSuite) TestTrustedPushWithFailingServer(c *check.C) {
    147. 

  147. 	repoName := fmt.Sprintf("%v/dockercli/trusted:latest", privateRegistryURL)
    148. 

  148. 	// tag the image and upload it to the private registry
    149. 

  149. 	dockerCmd(c, "tag", "busybox", repoName)
    150. 

  150. 

  151. 	pushCmd := exec.Command(dockerBinary, "push", repoName)
    152. 

  152. 	s.trustedCmdWithServer(pushCmd, "https://example.com:81/")
    153. 

  153. 	out, _, err := runCommandWithOutput(pushCmd)
    154. 

  154. 	c.Assert(err, check.NotNil, check.Commentf("Missing error while running trusted push w/ no server"))
    155. 

  155. 	c.Assert(out, checker.Contains, "error contacting notary server", check.Commentf("Missing expected output on trusted push"))
    156. 

  156. }
    157. 

  157. 

  158. func (s *DockerTrustSuite) TestTrustedPushWithoutServerAndUntrusted(c *check.C) {
    159. 

  159. 	repoName := fmt.Sprintf("%v/dockercli/trusted:latest", privateRegistryURL)
    160. 

  160. 	// tag the image and upload it to the private registry
    161. 

  161. 	dockerCmd(c, "tag", "busybox", repoName)
    162. 

  162. 

  163. 	pushCmd := exec.Command(dockerBinary, "push", "--disable-content-trust", repoName)
    164. 

  164. 	s.trustedCmdWithServer(pushCmd, "https://example.com/")
    165. 

  165. 	out, _, err := runCommandWithOutput(pushCmd)
    166. 

  166. 	c.Assert(err, check.IsNil, check.Commentf("trusted push with no server and --disable-content-trust failed: %s\n%s", err, out))
    167. 

  167. 	c.Assert(out, check.Not(checker.Contains), "Error establishing connection to notary repository", check.Commentf("Missing expected output on trusted push with --disable-content-trust:"))
    168. 

  168. }
    169. 

  169. 

  170. func (s *DockerTrustSuite) TestTrustedPushWithExistingTag(c *check.C) {
    171. 

  171. 	repoName := fmt.Sprintf("%v/dockercli/trusted:latest", privateRegistryURL)
    172. 

  172. 	// tag the image and upload it to the private registry
    173. 

  173. 	dockerCmd(c, "tag", "busybox", repoName)
    174. 

  174. 	dockerCmd(c, "push", repoName)
    175. 

  175. 

  176. 	pushCmd := exec.Command(dockerBinary, "push", repoName)
    177. 

  177. 	s.trustedCmd(pushCmd)
    178. 

  178. 	out, _, err := runCommandWithOutput(pushCmd)
    179. 

  179. 	c.Assert(err, check.IsNil, check.Commentf("trusted push failed: %s\n%s", err, out))
    180. 

  180. 	c.Assert(out, checker.Contains, "Signing and pushing trust metadata", check.Commentf("Missing expected output on trusted push with existing tag"))
    181. 

  181. }
    182. 

  182. 

  183. func (s *DockerTrustSuite) TestTrustedPushWithExistingSignedTag(c *check.C) {
    184. 

  184. 	repoName := fmt.Sprintf("%v/dockerclipushpush/trusted:latest", privateRegistryURL)
    185. 

  185. 	// tag the image and upload it to the private registry
    186. 

  186. 	dockerCmd(c, "tag", "busybox", repoName)
    187. 

  187. 

  188. 	// Do a trusted push
    189. 

  189. 	pushCmd := exec.Command(dockerBinary, "push", repoName)
    190. 

  190. 	s.trustedCmd(pushCmd)
    191. 

  191. 	out, _, err := runCommandWithOutput(pushCmd)
    192. 

  192. 	c.Assert(err, check.IsNil, check.Commentf("trusted push failed: %s\n%s", err, out))
    193. 

  193. 	c.Assert(out, checker.Contains, "Signing and pushing trust metadata", check.Commentf("Missing expected output on trusted push with existing tag"))
    194. 

  194. 

  195. 	// Do another trusted push
    196. 

  196. 	pushCmd = exec.Command(dockerBinary, "push", repoName)
    197. 

  197. 	s.trustedCmd(pushCmd)
    198. 

  198. 	out, _, err = runCommandWithOutput(pushCmd)
    199. 

  199. 	c.Assert(err, check.IsNil, check.Commentf("trusted push failed: %s\n%s", err, out))
    200. 

  200. 	c.Assert(out, checker.Contains, "Signing and pushing trust metadata", check.Commentf("Missing expected output on trusted push with existing tag"))
    201. 

  201. 

  202. 	dockerCmd(c, "rmi", repoName)
    203. 

  203. 

  204. 	// Try pull to ensure the double push did not break our ability to pull
    205. 

  205. 	pullCmd := exec.Command(dockerBinary, "pull", repoName)
    206. 

  206. 	s.trustedCmd(pullCmd)
    207. 

  207. 	out, _, err = runCommandWithOutput(pullCmd)
    208. 

  208. 	c.Assert(err, check.IsNil, check.Commentf("Error running trusted pull: %s\n%s", err, out))
    209. 

  209. 	c.Assert(out, checker.Contains, "Status: Downloaded", check.Commentf("Missing expected output on trusted pull with --disable-content-trust"))
    210. 

  210. 

  211. }
    212. 

  212. 

  213. func (s *DockerTrustSuite) TestTrustedPushWithIncorrectPassphraseForNonRoot(c *check.C) {
    214. 

  214. 	repoName := fmt.Sprintf("%v/dockercliincorretpwd/trusted:latest", privateRegistryURL)
    215. 

  215. 	// tag the image and upload it to the private registry
    216. 

  216. 	dockerCmd(c, "tag", "busybox", repoName)
    217. 

  217. 

  218. 	// Push with default passphrases
    219. 

  219. 	pushCmd := exec.Command(dockerBinary, "push", repoName)
    220. 

  220. 	s.trustedCmd(pushCmd)
    221. 

  221. 	out, _, err := runCommandWithOutput(pushCmd)
    222. 

  222. 	c.Assert(err, check.IsNil, check.Commentf("trusted push failed: %s\n%s", err, out))
    223. 

  223. 	c.Assert(out, checker.Contains, "Signing and pushing trust metadata", check.Commentf("Missing expected output on trusted push:\n%s", out))
    224. 

  224. 

  225. 	// Push with wrong passphrases
    226. 

  226. 	pushCmd = exec.Command(dockerBinary, "push", repoName)
    227. 

  227. 	s.trustedCmdWithPassphrases(pushCmd, "12345678", "87654321")
    228. 

  228. 	out, _, err = runCommandWithOutput(pushCmd)
    229. 

  229. 	c.Assert(err, check.NotNil, check.Commentf("Error missing from trusted push with short targets passphrase: \n%s", out))
    230. 

  230. 	c.Assert(out, checker.Contains, "could not find necessary signing keys", check.Commentf("Missing expected output on trusted push with short targets/snapsnot passphrase"))
    231. 

  231. }
    232. 

  232. 

  233. // This test ensures backwards compatibility with old ENV variables. Should be
    234. 

  234. // deprecated by 1.10
    235. 

  235. func (s *DockerTrustSuite) TestTrustedPushWithIncorrectDeprecatedPassphraseForNonRoot(c *check.C) {
    236. 

  236. 	repoName := fmt.Sprintf("%v/dockercliincorretdeprecatedpwd/trusted:latest", privateRegistryURL)
    237. 

  237. 	// tag the image and upload it to the private registry
    238. 

  238. 	dockerCmd(c, "tag", "busybox", repoName)
    239. 

  239. 

  240. 	// Push with default passphrases
    241. 

  241. 	pushCmd := exec.Command(dockerBinary, "push", repoName)
    242. 

  242. 	s.trustedCmd(pushCmd)
    243. 

  243. 	out, _, err := runCommandWithOutput(pushCmd)
    244. 

  244. 	c.Assert(err, check.IsNil, check.Commentf("trusted push failed: %s\n%s", err, out))
    245. 

  245. 	c.Assert(out, checker.Contains, "Signing and pushing trust metadata", check.Commentf("Missing expected output on trusted push"))
    246. 

  246. 

  247. 	// Push with wrong passphrases
    248. 

  248. 	pushCmd = exec.Command(dockerBinary, "push", repoName)
    249. 

  249. 	s.trustedCmdWithDeprecatedEnvPassphrases(pushCmd, "12345678", "87654321")
    250. 

  250. 	out, _, err = runCommandWithOutput(pushCmd)
    251. 

  251. 	c.Assert(err, check.NotNil, check.Commentf("Error missing from trusted push with short targets passphrase: \n%s", out))
    252. 

  252. 	c.Assert(out, checker.Contains, "could not find necessary signing keys", check.Commentf("Missing expected output on trusted push with short targets/snapsnot passphrase"))
    253. 

  253. }
    254. 

  254. 

  255. func (s *DockerTrustSuite) TestTrustedPushWithExpiredSnapshot(c *check.C) {
    256. 

  256. 	c.Skip("Currently changes system time, causing instability")
    257. 

  257. 	repoName := fmt.Sprintf("%v/dockercliexpiredsnapshot/trusted:latest", privateRegistryURL)
    258. 

  258. 	// tag the image and upload it to the private registry
    259. 

  259. 	dockerCmd(c, "tag", "busybox", repoName)
    260. 

  260. 

  261. 	// Push with default passphrases
    262. 

  262. 	pushCmd := exec.Command(dockerBinary, "push", repoName)
    263. 

  263. 	s.trustedCmd(pushCmd)
    264. 

  264. 	out, _, err := runCommandWithOutput(pushCmd)
    265. 

  265. 	c.Assert(err, check.IsNil, check.Commentf("trusted push failed: %s\n%s", err, out))
    266. 

  266. 	c.Assert(out, checker.Contains, "Signing and pushing trust metadata", check.Commentf("Missing expected output on trusted push"))
    267. 

  267. 

  268. 	// Snapshots last for three years. This should be expired
    269. 

  269. 	fourYearsLater := time.Now().Add(time.Hour * 24 * 365 * 4)
    270. 

  270. 

  271. 	runAtDifferentDate(fourYearsLater, func() {
    272. 

  272. 		// Push with wrong passphrases
    273. 

  273. 		pushCmd = exec.Command(dockerBinary, "push", repoName)
    274. 

  274. 		s.trustedCmd(pushCmd)
    275. 

  275. 		out, _, err = runCommandWithOutput(pushCmd)
    276. 

  276. 		c.Assert(err, check.NotNil, check.Commentf("Error missing from trusted push with expired snapshot: \n%s", out))
    277. 

  277. 		c.Assert(out, checker.Contains, "repository out-of-date", check.Commentf("Missing expected output on trusted push with expired snapshot"))
    278. 

  278. 	})
    279. 

  279. }
    280. 

  280. 

  281. func (s *DockerTrustSuite) TestTrustedPushWithExpiredTimestamp(c *check.C) {
    282. 

  282. 	c.Skip("Currently changes system time, causing instability")
    283. 

  283. 	repoName := fmt.Sprintf("%v/dockercliexpiredtimestamppush/trusted:latest", privateRegistryURL)
    284. 

  284. 	// tag the image and upload it to the private registry
    285. 

  285. 	dockerCmd(c, "tag", "busybox", repoName)
    286. 

  286. 

  287. 	// Push with default passphrases
    288. 

  288. 	pushCmd := exec.Command(dockerBinary, "push", repoName)
    289. 

  289. 	s.trustedCmd(pushCmd)
    290. 

  290. 	out, _, err := runCommandWithOutput(pushCmd)
    291. 

  291. 	c.Assert(err, check.IsNil, check.Commentf("trusted push failed: %s\n%s", err, out))
    292. 

  292. 	c.Assert(out, checker.Contains, "Signing and pushing trust metadata", check.Commentf("Missing expected output on trusted push"))
    293. 

  293. 

  294. 	// The timestamps expire in two weeks. Lets check three
    295. 

  295. 	threeWeeksLater := time.Now().Add(time.Hour * 24 * 21)
    296. 

  296. 

  297. 	// Should succeed because the server transparently re-signs one
    298. 

  298. 	runAtDifferentDate(threeWeeksLater, func() {
    299. 

  299. 		pushCmd := exec.Command(dockerBinary, "push", repoName)
    300. 

  300. 		s.trustedCmd(pushCmd)
    301. 

  301. 		out, _, err := runCommandWithOutput(pushCmd)
    302. 

  302. 		c.Assert(err, check.IsNil, check.Commentf("Error running trusted push: %s\n%s", err, out))
    303. 

  303. 		c.Assert(out, checker.Contains, "Signing and pushing trust metadata", check.Commentf("Missing expected output on trusted push with expired timestamp"))
    304. 

  304. 	})
    305. 

  305. }
    306.

Contact | Legal | Takedown | Status
Self-hosted public services - About
NibbleSpot by 0ct0pu5