We use cookies to ensure you get the best experience on our website
Home Explore Help
Register Sign In
0ct0pu5
/
moby
1
0
Fork 0
Files Issues 0 Pull Requests 0 Wiki
Tree: 1c125f50cf
Branches Tags
moby
/
integration-cli
/
docker_cli_push_test.go

docker_cli_push_test.go 15 KB
History Raw

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326 
  1. package main
    2. 

  2. 

  3. import (
    4. 

  4. 	"archive/tar"
    5. 

  5. 	"fmt"
    6. 

  6. 	"io/ioutil"
    7. 

  7. 	"os"
    8. 

  8. 	"os/exec"
    9. 

  9. 	"strings"
    10. 

  10. 	"time"
    11. 

  11. 

  12. 	"github.com/docker/docker/pkg/integration/checker"
    13. 

  13. 	"github.com/go-check/check"
    14. 

  14. )
    15. 

  15. 

  16. // Pushing an image to a private registry.
    17. 

  17. func (s *DockerRegistrySuite) TestPushBusyboxImage(c *check.C) {
    18. 

  18. 	repoName := fmt.Sprintf("%v/dockercli/busybox", privateRegistryURL)
    19. 

  19. 	// tag the image to upload it to the private registry
    20. 

  20. 	dockerCmd(c, "tag", "busybox", repoName)
    21. 

  21. 	// push the image to the registry
    22. 

  22. 	dockerCmd(c, "push", repoName)
    23. 

  23. }
    24. 

  24. 

  25. // pushing an image without a prefix should throw an error
    26. 

  26. func (s *DockerSuite) TestPushUnprefixedRepo(c *check.C) {
    27. 

  27. 	out, _, err := dockerCmdWithError("push", "busybox")
    28. 

  28. 	c.Assert(err, check.NotNil, check.Commentf("pushing an unprefixed repo didn't result in a non-zero exit status: %s", out))
    29. 

  29. }
    30. 

  30. 

  31. func (s *DockerRegistrySuite) TestPushUntagged(c *check.C) {
    32. 

  32. 	repoName := fmt.Sprintf("%v/dockercli/busybox", privateRegistryURL)
    33. 

  33. 	expected := "Repository does not exist"
    34. 

  34. 

  35. 	out, _, err := dockerCmdWithError("push", repoName)
    36. 

  36. 	c.Assert(err, check.NotNil, check.Commentf("pushing the image to the private registry should have failed: output %q", out))
    37. 

  37. 	c.Assert(out, checker.Contains, expected, check.Commentf("pushing the image failed"))
    38. 

  38. }
    39. 

  39. 

  40. func (s *DockerRegistrySuite) TestPushBadTag(c *check.C) {
    41. 

  41. 	repoName := fmt.Sprintf("%v/dockercli/busybox:latest", privateRegistryURL)
    42. 

  42. 	expected := "does not exist"
    43. 

  43. 

  44. 	out, _, err := dockerCmdWithError("push", repoName)
    45. 

  45. 	c.Assert(err, check.NotNil, check.Commentf("pushing the image to the private registry should have failed: output %q", out))
    46. 

  46. 	c.Assert(out, checker.Contains, expected, check.Commentf("pushing the image failed"))
    47. 

  47. }
    48. 

  48. 

  49. func (s *DockerRegistrySuite) TestPushMultipleTags(c *check.C) {
    50. 

  50. 	repoName := fmt.Sprintf("%v/dockercli/busybox", privateRegistryURL)
    51. 

  51. 	repoTag1 := fmt.Sprintf("%v/dockercli/busybox:t1", privateRegistryURL)
    52. 

  52. 	repoTag2 := fmt.Sprintf("%v/dockercli/busybox:t2", privateRegistryURL)
    53. 

  53. 	// tag the image and upload it to the private registry
    54. 

  54. 	dockerCmd(c, "tag", "busybox", repoTag1)
    55. 

  55. 

  56. 	dockerCmd(c, "tag", "busybox", repoTag2)
    57. 

  57. 

  58. 	dockerCmd(c, "push", repoName)
    59. 

  59. 

  60. 	// Ensure layer list is equivalent for repoTag1 and repoTag2
    61. 

  61. 	out1, _ := dockerCmd(c, "pull", repoTag1)
    62. 

  62. 

  63. 	imageAlreadyExists := ": Image already exists"
    64. 

  64. 	var out1Lines []string
    65. 

  65. 	for _, outputLine := range strings.Split(out1, "\n") {
    66. 

  66. 		if strings.Contains(outputLine, imageAlreadyExists) {
    67. 

  67. 			out1Lines = append(out1Lines, outputLine)
    68. 

  68. 		}
    69. 

  69. 	}
    70. 

  70. 

  71. 	out2, _ := dockerCmd(c, "pull", repoTag2)
    72. 

  72. 

  73. 	var out2Lines []string
    74. 

  74. 	for _, outputLine := range strings.Split(out2, "\n") {
    75. 

  75. 		if strings.Contains(outputLine, imageAlreadyExists) {
    76. 

  76. 			out1Lines = append(out1Lines, outputLine)
    77. 

  77. 		}
    78. 

  78. 	}
    79. 

  79. 	c.Assert(out2Lines, checker.HasLen, len(out1Lines))
    80. 

  80. 

  81. 	for i := range out1Lines {
    82. 

  82. 		c.Assert(out1Lines[i], checker.Equals, out2Lines[i])
    83. 

  83. 	}
    84. 

  84. }
    85. 

  85. 

  86. func (s *DockerRegistrySuite) TestPushEmptyLayer(c *check.C) {
    87. 

  87. 	repoName := fmt.Sprintf("%v/dockercli/emptylayer", privateRegistryURL)
    88. 

  88. 	emptyTarball, err := ioutil.TempFile("", "empty_tarball")
    89. 

  89. 	c.Assert(err, check.IsNil, check.Commentf("Unable to create test file"))
    90. 

  90. 

  91. 	tw := tar.NewWriter(emptyTarball)
    92. 

  92. 	err = tw.Close()
    93. 

  93. 	c.Assert(err, check.IsNil, check.Commentf("Error creating empty tarball"))
    94. 

  94. 

  95. 	freader, err := os.Open(emptyTarball.Name())
    96. 

  96. 	c.Assert(err, check.IsNil, check.Commentf("Could not open test tarball"))
    97. 

  97. 

  98. 	importCmd := exec.Command(dockerBinary, "import", "-", repoName)
    99. 

  99. 	importCmd.Stdin = freader
    100. 

  100. 	out, _, err := runCommandWithOutput(importCmd)
    101. 

  101. 	c.Assert(err, check.IsNil, check.Commentf("import failed: %q", out))
    102. 

  102. 

  103. 	// Now verify we can push it
    104. 

  104. 	out, _, err = dockerCmdWithError("push", repoName)
    105. 

  105. 	c.Assert(err, check.IsNil, check.Commentf("pushing the image to the private registry has failed: %s", out))
    106. 

  106. }
    107. 

  107. 

  108. func (s *DockerTrustSuite) TestTrustedPush(c *check.C) {
    109. 

  109. 	repoName := fmt.Sprintf("%v/dockercli/trusted:latest", privateRegistryURL)
    110. 

  110. 	// tag the image and upload it to the private registry
    111. 

  111. 	dockerCmd(c, "tag", "busybox", repoName)
    112. 

  112. 

  113. 	pushCmd := exec.Command(dockerBinary, "push", repoName)
    114. 

  114. 	s.trustedCmd(pushCmd)
    115. 

  115. 	out, _, err := runCommandWithOutput(pushCmd)
    116. 

  116. 	c.Assert(err, check.IsNil, check.Commentf("Error running trusted push: %s\n%s", err, out))
    117. 

  117. 	c.Assert(out, checker.Contains, "Signing and pushing trust metadata", check.Commentf("Missing expected output on trusted push"))
    118. 

  118. 

  119. 	// Try pull after push
    120. 

  120. 	pullCmd := exec.Command(dockerBinary, "pull", repoName)
    121. 

  121. 	s.trustedCmd(pullCmd)
    122. 

  122. 	out, _, err = runCommandWithOutput(pullCmd)
    123. 

  123. 	c.Assert(err, check.IsNil, check.Commentf(out))
    124. 

  124. 	c.Assert(string(out), checker.Contains, "Status: Downloaded", check.Commentf(out))
    125. 

  125. }
    126. 

  126. 

  127. func (s *DockerTrustSuite) TestTrustedPushWithEnvPasswords(c *check.C) {
    128. 

  128. 	repoName := fmt.Sprintf("%v/dockerclienv/trusted:latest", privateRegistryURL)
    129. 

  129. 	// tag the image and upload it to the private registry
    130. 

  130. 	dockerCmd(c, "tag", "busybox", repoName)
    131. 

  131. 

  132. 	pushCmd := exec.Command(dockerBinary, "push", repoName)
    133. 

  133. 	s.trustedCmdWithPassphrases(pushCmd, "12345678", "12345678")
    134. 

  134. 	out, _, err := runCommandWithOutput(pushCmd)
    135. 

  135. 	c.Assert(err, check.IsNil, check.Commentf("Error running trusted push: %s\n%s", err, out))
    136. 

  136. 	c.Assert(out, checker.Contains, "Signing and pushing trust metadata", check.Commentf("Missing expected output on trusted push"))
    137. 

  137. 

  138. 	// Try pull after push
    139. 

  139. 	pullCmd := exec.Command(dockerBinary, "pull", repoName)
    140. 

  140. 	s.trustedCmd(pullCmd)
    141. 

  141. 	out, _, err = runCommandWithOutput(pullCmd)
    142. 

  142. 	c.Assert(err, check.IsNil, check.Commentf(out))
    143. 

  143. 	c.Assert(string(out), checker.Contains, "Status: Downloaded", check.Commentf(out))
    144. 

  144. }
    145. 

  145. 

  146. // This test ensures backwards compatibility with old ENV variables. Should be
    147. 

  147. // deprecated by 1.10
    148. 

  148. func (s *DockerTrustSuite) TestTrustedPushWithDeprecatedEnvPasswords(c *check.C) {
    149. 

  149. 	repoName := fmt.Sprintf("%v/dockercli/trusteddeprecated:latest", privateRegistryURL)
    150. 

  150. 	// tag the image and upload it to the private registry
    151. 

  151. 	dockerCmd(c, "tag", "busybox", repoName)
    152. 

  152. 

  153. 	pushCmd := exec.Command(dockerBinary, "push", repoName)
    154. 

  154. 	s.trustedCmdWithDeprecatedEnvPassphrases(pushCmd, "12345678", "12345678")
    155. 

  155. 	out, _, err := runCommandWithOutput(pushCmd)
    156. 

  156. 	c.Assert(err, check.IsNil, check.Commentf("Error running trusted push: %s\n%s", err, out))
    157. 

  157. 	c.Assert(out, checker.Contains, "Signing and pushing trust metadata", check.Commentf("Missing expected output on trusted push"))
    158. 

  158. }
    159. 

  159. 

  160. func (s *DockerTrustSuite) TestTrustedPushWithFailingServer(c *check.C) {
    161. 

  161. 	repoName := fmt.Sprintf("%v/dockercli/trusted:latest", privateRegistryURL)
    162. 

  162. 	// tag the image and upload it to the private registry
    163. 

  163. 	dockerCmd(c, "tag", "busybox", repoName)
    164. 

  164. 

  165. 	pushCmd := exec.Command(dockerBinary, "push", repoName)
    166. 

  166. 	s.trustedCmdWithServer(pushCmd, "https://example.com:81/")
    167. 

  167. 	out, _, err := runCommandWithOutput(pushCmd)
    168. 

  168. 	c.Assert(err, check.NotNil, check.Commentf("Missing error while running trusted push w/ no server"))
    169. 

  169. 	c.Assert(out, checker.Contains, "error contacting notary server", check.Commentf("Missing expected output on trusted push"))
    170. 

  170. }
    171. 

  171. 

  172. func (s *DockerTrustSuite) TestTrustedPushWithoutServerAndUntrusted(c *check.C) {
    173. 

  173. 	repoName := fmt.Sprintf("%v/dockercli/trusted:latest", privateRegistryURL)
    174. 

  174. 	// tag the image and upload it to the private registry
    175. 

  175. 	dockerCmd(c, "tag", "busybox", repoName)
    176. 

  176. 

  177. 	pushCmd := exec.Command(dockerBinary, "push", "--disable-content-trust", repoName)
    178. 

  178. 	s.trustedCmdWithServer(pushCmd, "https://example.com/")
    179. 

  179. 	out, _, err := runCommandWithOutput(pushCmd)
    180. 

  180. 	c.Assert(err, check.IsNil, check.Commentf("trusted push with no server and --disable-content-trust failed: %s\n%s", err, out))
    181. 

  181. 	c.Assert(out, check.Not(checker.Contains), "Error establishing connection to notary repository", check.Commentf("Missing expected output on trusted push with --disable-content-trust:"))
    182. 

  182. }
    183. 

  183. 

  184. func (s *DockerTrustSuite) TestTrustedPushWithExistingTag(c *check.C) {
    185. 

  185. 	repoName := fmt.Sprintf("%v/dockerclitag/trusted:latest", privateRegistryURL)
    186. 

  186. 	// tag the image and upload it to the private registry
    187. 

  187. 	dockerCmd(c, "tag", "busybox", repoName)
    188. 

  188. 	dockerCmd(c, "push", repoName)
    189. 

  189. 

  190. 	pushCmd := exec.Command(dockerBinary, "push", repoName)
    191. 

  191. 	s.trustedCmd(pushCmd)
    192. 

  192. 	out, _, err := runCommandWithOutput(pushCmd)
    193. 

  193. 	c.Assert(err, check.IsNil, check.Commentf("trusted push failed: %s\n%s", err, out))
    194. 

  194. 	c.Assert(out, checker.Contains, "Signing and pushing trust metadata", check.Commentf("Missing expected output on trusted push with existing tag"))
    195. 

  195. 

  196. 	// Try pull after push
    197. 

  197. 	pullCmd := exec.Command(dockerBinary, "pull", repoName)
    198. 

  198. 	s.trustedCmd(pullCmd)
    199. 

  199. 	out, _, err = runCommandWithOutput(pullCmd)
    200. 

  200. 	c.Assert(err, check.IsNil, check.Commentf(out))
    201. 

  201. 	c.Assert(string(out), checker.Contains, "Status: Downloaded", check.Commentf(out))
    202. 

  202. }
    203. 

  203. 

  204. func (s *DockerTrustSuite) TestTrustedPushWithExistingSignedTag(c *check.C) {
    205. 

  205. 	repoName := fmt.Sprintf("%v/dockerclipushpush/trusted:latest", privateRegistryURL)
    206. 

  206. 	// tag the image and upload it to the private registry
    207. 

  207. 	dockerCmd(c, "tag", "busybox", repoName)
    208. 

  208. 

  209. 	// Do a trusted push
    210. 

  210. 	pushCmd := exec.Command(dockerBinary, "push", repoName)
    211. 

  211. 	s.trustedCmd(pushCmd)
    212. 

  212. 	out, _, err := runCommandWithOutput(pushCmd)
    213. 

  213. 	c.Assert(err, check.IsNil, check.Commentf("trusted push failed: %s\n%s", err, out))
    214. 

  214. 	c.Assert(out, checker.Contains, "Signing and pushing trust metadata", check.Commentf("Missing expected output on trusted push with existing tag"))
    215. 

  215. 

  216. 	// Do another trusted push
    217. 

  217. 	pushCmd = exec.Command(dockerBinary, "push", repoName)
    218. 

  218. 	s.trustedCmd(pushCmd)
    219. 

  219. 	out, _, err = runCommandWithOutput(pushCmd)
    220. 

  220. 	c.Assert(err, check.IsNil, check.Commentf("trusted push failed: %s\n%s", err, out))
    221. 

  221. 	c.Assert(out, checker.Contains, "Signing and pushing trust metadata", check.Commentf("Missing expected output on trusted push with existing tag"))
    222. 

  222. 

  223. 	dockerCmd(c, "rmi", repoName)
    224. 

  224. 

  225. 	// Try pull to ensure the double push did not break our ability to pull
    226. 

  226. 	pullCmd := exec.Command(dockerBinary, "pull", repoName)
    227. 

  227. 	s.trustedCmd(pullCmd)
    228. 

  228. 	out, _, err = runCommandWithOutput(pullCmd)
    229. 

  229. 	c.Assert(err, check.IsNil, check.Commentf("Error running trusted pull: %s\n%s", err, out))
    230. 

  230. 	c.Assert(out, checker.Contains, "Status: Downloaded", check.Commentf("Missing expected output on trusted pull with --disable-content-trust"))
    231. 

  231. 

  232. }
    233. 

  233. 

  234. func (s *DockerTrustSuite) TestTrustedPushWithIncorrectPassphraseForNonRoot(c *check.C) {
    235. 

  235. 	repoName := fmt.Sprintf("%v/dockercliincorretpwd/trusted:latest", privateRegistryURL)
    236. 

  236. 	// tag the image and upload it to the private registry
    237. 

  237. 	dockerCmd(c, "tag", "busybox", repoName)
    238. 

  238. 

  239. 	// Push with default passphrases
    240. 

  240. 	pushCmd := exec.Command(dockerBinary, "push", repoName)
    241. 

  241. 	s.trustedCmd(pushCmd)
    242. 

  242. 	out, _, err := runCommandWithOutput(pushCmd)
    243. 

  243. 	c.Assert(err, check.IsNil, check.Commentf("trusted push failed: %s\n%s", err, out))
    244. 

  244. 	c.Assert(out, checker.Contains, "Signing and pushing trust metadata", check.Commentf("Missing expected output on trusted push:\n%s", out))
    245. 

  245. 

  246. 	// Push with wrong passphrases
    247. 

  247. 	pushCmd = exec.Command(dockerBinary, "push", repoName)
    248. 

  248. 	s.trustedCmdWithPassphrases(pushCmd, "12345678", "87654321")
    249. 

  249. 	out, _, err = runCommandWithOutput(pushCmd)
    250. 

  250. 	c.Assert(err, check.NotNil, check.Commentf("Error missing from trusted push with short targets passphrase: \n%s", out))
    251. 

  251. 	c.Assert(out, checker.Contains, "could not find necessary signing keys", check.Commentf("Missing expected output on trusted push with short targets/snapsnot passphrase"))
    252. 

  252. }
    253. 

  253. 

  254. // This test ensures backwards compatibility with old ENV variables. Should be
    255. 

  255. // deprecated by 1.10
    256. 

  256. func (s *DockerTrustSuite) TestTrustedPushWithIncorrectDeprecatedPassphraseForNonRoot(c *check.C) {
    257. 

  257. 	repoName := fmt.Sprintf("%v/dockercliincorretdeprecatedpwd/trusted:latest", privateRegistryURL)
    258. 

  258. 	// tag the image and upload it to the private registry
    259. 

  259. 	dockerCmd(c, "tag", "busybox", repoName)
    260. 

  260. 

  261. 	// Push with default passphrases
    262. 

  262. 	pushCmd := exec.Command(dockerBinary, "push", repoName)
    263. 

  263. 	s.trustedCmd(pushCmd)
    264. 

  264. 	out, _, err := runCommandWithOutput(pushCmd)
    265. 

  265. 	c.Assert(err, check.IsNil, check.Commentf("trusted push failed: %s\n%s", err, out))
    266. 

  266. 	c.Assert(out, checker.Contains, "Signing and pushing trust metadata", check.Commentf("Missing expected output on trusted push"))
    267. 

  267. 

  268. 	// Push with wrong passphrases
    269. 

  269. 	pushCmd = exec.Command(dockerBinary, "push", repoName)
    270. 

  270. 	s.trustedCmdWithDeprecatedEnvPassphrases(pushCmd, "12345678", "87654321")
    271. 

  271. 	out, _, err = runCommandWithOutput(pushCmd)
    272. 

  272. 	c.Assert(err, check.NotNil, check.Commentf("Error missing from trusted push with short targets passphrase: \n%s", out))
    273. 

  273. 	c.Assert(out, checker.Contains, "could not find necessary signing keys", check.Commentf("Missing expected output on trusted push with short targets/snapsnot passphrase"))
    274. 

  274. }
    275. 

  275. 

  276. func (s *DockerTrustSuite) TestTrustedPushWithExpiredSnapshot(c *check.C) {
    277. 

  277. 	c.Skip("Currently changes system time, causing instability")
    278. 

  278. 	repoName := fmt.Sprintf("%v/dockercliexpiredsnapshot/trusted:latest", privateRegistryURL)
    279. 

  279. 	// tag the image and upload it to the private registry
    280. 

  280. 	dockerCmd(c, "tag", "busybox", repoName)
    281. 

  281. 

  282. 	// Push with default passphrases
    283. 

  283. 	pushCmd := exec.Command(dockerBinary, "push", repoName)
    284. 

  284. 	s.trustedCmd(pushCmd)
    285. 

  285. 	out, _, err := runCommandWithOutput(pushCmd)
    286. 

  286. 	c.Assert(err, check.IsNil, check.Commentf("trusted push failed: %s\n%s", err, out))
    287. 

  287. 	c.Assert(out, checker.Contains, "Signing and pushing trust metadata", check.Commentf("Missing expected output on trusted push"))
    288. 

  288. 

  289. 	// Snapshots last for three years. This should be expired
    290. 

  290. 	fourYearsLater := time.Now().Add(time.Hour * 24 * 365 * 4)
    291. 

  291. 

  292. 	runAtDifferentDate(fourYearsLater, func() {
    293. 

  293. 		// Push with wrong passphrases
    294. 

  294. 		pushCmd = exec.Command(dockerBinary, "push", repoName)
    295. 

  295. 		s.trustedCmd(pushCmd)
    296. 

  296. 		out, _, err = runCommandWithOutput(pushCmd)
    297. 

  297. 		c.Assert(err, check.NotNil, check.Commentf("Error missing from trusted push with expired snapshot: \n%s", out))
    298. 

  298. 		c.Assert(out, checker.Contains, "repository out-of-date", check.Commentf("Missing expected output on trusted push with expired snapshot"))
    299. 

  299. 	})
    300. 

  300. }
    301. 

  301. 

  302. func (s *DockerTrustSuite) TestTrustedPushWithExpiredTimestamp(c *check.C) {
    303. 

  303. 	c.Skip("Currently changes system time, causing instability")
    304. 

  304. 	repoName := fmt.Sprintf("%v/dockercliexpiredtimestamppush/trusted:latest", privateRegistryURL)
    305. 

  305. 	// tag the image and upload it to the private registry
    306. 

  306. 	dockerCmd(c, "tag", "busybox", repoName)
    307. 

  307. 

  308. 	// Push with default passphrases
    309. 

  309. 	pushCmd := exec.Command(dockerBinary, "push", repoName)
    310. 

  310. 	s.trustedCmd(pushCmd)
    311. 

  311. 	out, _, err := runCommandWithOutput(pushCmd)
    312. 

  312. 	c.Assert(err, check.IsNil, check.Commentf("trusted push failed: %s\n%s", err, out))
    313. 

  313. 	c.Assert(out, checker.Contains, "Signing and pushing trust metadata", check.Commentf("Missing expected output on trusted push"))
    314. 

  314. 

  315. 	// The timestamps expire in two weeks. Lets check three
    316. 

  316. 	threeWeeksLater := time.Now().Add(time.Hour * 24 * 21)
    317. 

  317. 

  318. 	// Should succeed because the server transparently re-signs one
    319. 

  319. 	runAtDifferentDate(threeWeeksLater, func() {
    320. 

  320. 		pushCmd := exec.Command(dockerBinary, "push", repoName)
    321. 

  321. 		s.trustedCmd(pushCmd)
    322. 

  322. 		out, _, err := runCommandWithOutput(pushCmd)
    323. 

  323. 		c.Assert(err, check.IsNil, check.Commentf("Error running trusted push: %s\n%s", err, out))
    324. 

  324. 		c.Assert(out, checker.Contains, "Signing and pushing trust metadata", check.Commentf("Missing expected output on trusted push with expired timestamp"))
    325. 

  325. 	})
    326. 

  326. }
    327.

Contact | Legal | Takedown | Status
Self-hosted public services - About
NibbleSpot by 0ct0pu5