We use cookies to ensure you get the best experience on our website
Home Verkennen Help
Registreren Inloggen
0ct0pu5
/
moby
1
0
Vork 0
Bestanden Issues 0 Pull-aanvragen 0 Wiki
Boom: 1c979f7587
Aftakkingen Labels
moby
/
integration-cli
/
docker_cli_push_test.go

docker_cli_push_test.go 17 KB
Geschiedenis Ruwe

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349350351352353354355356357358359360 
  1. package main
    2. 

  2. 

  3. import (
    4. 

  4. 	"archive/tar"
    5. 

  5. 	"fmt"
    6. 

  6. 	"io/ioutil"
    7. 

  7. 	"os"
    8. 

  8. 	"os/exec"
    9. 

  9. 	"path/filepath"
    10. 

  10. 	"strings"
    11. 

  11. 	"time"
    12. 

  12. 

  13. 	"github.com/docker/docker/cliconfig"
    14. 

  14. 	"github.com/docker/docker/pkg/integration/checker"
    15. 

  15. 	"github.com/go-check/check"
    16. 

  16. )
    17. 

  17. 

  18. // Pushing an image to a private registry.
    19. 

  19. func (s *DockerRegistrySuite) TestPushBusyboxImage(c *check.C) {
    20. 

  20. 	repoName := fmt.Sprintf("%v/dockercli/busybox", privateRegistryURL)
    21. 

  21. 	// tag the image to upload it to the private registry
    22. 

  22. 	dockerCmd(c, "tag", "busybox", repoName)
    23. 

  23. 	// push the image to the registry
    24. 

  24. 	dockerCmd(c, "push", repoName)
    25. 

  25. }
    26. 

  26. 

  27. // pushing an image without a prefix should throw an error
    28. 

  28. func (s *DockerSuite) TestPushUnprefixedRepo(c *check.C) {
    29. 

  29. 	out, _, err := dockerCmdWithError("push", "busybox")
    30. 

  30. 	c.Assert(err, check.NotNil, check.Commentf("pushing an unprefixed repo didn't result in a non-zero exit status: %s", out))
    31. 

  31. }
    32. 

  32. 

  33. func (s *DockerRegistrySuite) TestPushUntagged(c *check.C) {
    34. 

  34. 	repoName := fmt.Sprintf("%v/dockercli/busybox", privateRegistryURL)
    35. 

  35. 	expected := "Repository does not exist"
    36. 

  36. 

  37. 	out, _, err := dockerCmdWithError("push", repoName)
    38. 

  38. 	c.Assert(err, check.NotNil, check.Commentf("pushing the image to the private registry should have failed: output %q", out))
    39. 

  39. 	c.Assert(out, checker.Contains, expected, check.Commentf("pushing the image failed"))
    40. 

  40. }
    41. 

  41. 

  42. func (s *DockerRegistrySuite) TestPushBadTag(c *check.C) {
    43. 

  43. 	repoName := fmt.Sprintf("%v/dockercli/busybox:latest", privateRegistryURL)
    44. 

  44. 	expected := "does not exist"
    45. 

  45. 

  46. 	out, _, err := dockerCmdWithError("push", repoName)
    47. 

  47. 	c.Assert(err, check.NotNil, check.Commentf("pushing the image to the private registry should have failed: output %q", out))
    48. 

  48. 	c.Assert(out, checker.Contains, expected, check.Commentf("pushing the image failed"))
    49. 

  49. }
    50. 

  50. 

  51. func (s *DockerRegistrySuite) TestPushMultipleTags(c *check.C) {
    52. 

  52. 	repoName := fmt.Sprintf("%v/dockercli/busybox", privateRegistryURL)
    53. 

  53. 	repoTag1 := fmt.Sprintf("%v/dockercli/busybox:t1", privateRegistryURL)
    54. 

  54. 	repoTag2 := fmt.Sprintf("%v/dockercli/busybox:t2", privateRegistryURL)
    55. 

  55. 	// tag the image and upload it to the private registry
    56. 

  56. 	dockerCmd(c, "tag", "busybox", repoTag1)
    57. 

  57. 

  58. 	dockerCmd(c, "tag", "busybox", repoTag2)
    59. 

  59. 

  60. 	dockerCmd(c, "push", repoName)
    61. 

  61. 

  62. 	// Ensure layer list is equivalent for repoTag1 and repoTag2
    63. 

  63. 	out1, _ := dockerCmd(c, "pull", repoTag1)
    64. 

  64. 

  65. 	imageAlreadyExists := ": Image already exists"
    66. 

  66. 	var out1Lines []string
    67. 

  67. 	for _, outputLine := range strings.Split(out1, "\n") {
    68. 

  68. 		if strings.Contains(outputLine, imageAlreadyExists) {
    69. 

  69. 			out1Lines = append(out1Lines, outputLine)
    70. 

  70. 		}
    71. 

  71. 	}
    72. 

  72. 

  73. 	out2, _ := dockerCmd(c, "pull", repoTag2)
    74. 

  74. 

  75. 	var out2Lines []string
    76. 

  76. 	for _, outputLine := range strings.Split(out2, "\n") {
    77. 

  77. 		if strings.Contains(outputLine, imageAlreadyExists) {
    78. 

  78. 			out1Lines = append(out1Lines, outputLine)
    79. 

  79. 		}
    80. 

  80. 	}
    81. 

  81. 	c.Assert(out2Lines, checker.HasLen, len(out1Lines))
    82. 

  82. 

  83. 	for i := range out1Lines {
    84. 

  84. 		c.Assert(out1Lines[i], checker.Equals, out2Lines[i])
    85. 

  85. 	}
    86. 

  86. }
    87. 

  87. 

  88. func (s *DockerRegistrySuite) TestPushEmptyLayer(c *check.C) {
    89. 

  89. 	repoName := fmt.Sprintf("%v/dockercli/emptylayer", privateRegistryURL)
    90. 

  90. 	emptyTarball, err := ioutil.TempFile("", "empty_tarball")
    91. 

  91. 	c.Assert(err, check.IsNil, check.Commentf("Unable to create test file"))
    92. 

  92. 

  93. 	tw := tar.NewWriter(emptyTarball)
    94. 

  94. 	err = tw.Close()
    95. 

  95. 	c.Assert(err, check.IsNil, check.Commentf("Error creating empty tarball"))
    96. 

  96. 

  97. 	freader, err := os.Open(emptyTarball.Name())
    98. 

  98. 	c.Assert(err, check.IsNil, check.Commentf("Could not open test tarball"))
    99. 

  99. 

  100. 	importCmd := exec.Command(dockerBinary, "import", "-", repoName)
    101. 

  101. 	importCmd.Stdin = freader
    102. 

  102. 	out, _, err := runCommandWithOutput(importCmd)
    103. 

  103. 	c.Assert(err, check.IsNil, check.Commentf("import failed: %q", out))
    104. 

  104. 

  105. 	// Now verify we can push it
    106. 

  106. 	out, _, err = dockerCmdWithError("push", repoName)
    107. 

  107. 	c.Assert(err, check.IsNil, check.Commentf("pushing the image to the private registry has failed: %s", out))
    108. 

  108. }
    109. 

  109. 

  110. func (s *DockerTrustSuite) TestTrustedPush(c *check.C) {
    111. 

  111. 	repoName := fmt.Sprintf("%v/dockercli/trusted:latest", privateRegistryURL)
    112. 

  112. 	// tag the image and upload it to the private registry
    113. 

  113. 	dockerCmd(c, "tag", "busybox", repoName)
    114. 

  114. 

  115. 	pushCmd := exec.Command(dockerBinary, "push", repoName)
    116. 

  116. 	s.trustedCmd(pushCmd)
    117. 

  117. 	out, _, err := runCommandWithOutput(pushCmd)
    118. 

  118. 	c.Assert(err, check.IsNil, check.Commentf("Error running trusted push: %s\n%s", err, out))
    119. 

  119. 	c.Assert(out, checker.Contains, "Signing and pushing trust metadata", check.Commentf("Missing expected output on trusted push"))
    120. 

  120. 

  121. 	// Try pull after push
    122. 

  122. 	pullCmd := exec.Command(dockerBinary, "pull", repoName)
    123. 

  123. 	s.trustedCmd(pullCmd)
    124. 

  124. 	out, _, err = runCommandWithOutput(pullCmd)
    125. 

  125. 	c.Assert(err, check.IsNil, check.Commentf(out))
    126. 

  126. 	c.Assert(string(out), checker.Contains, "Status: Downloaded", check.Commentf(out))
    127. 

  127. }
    128. 

  128. 

  129. func (s *DockerTrustSuite) TestTrustedPushWithEnvPasswords(c *check.C) {
    130. 

  130. 	repoName := fmt.Sprintf("%v/dockerclienv/trusted:latest", privateRegistryURL)
    131. 

  131. 	// tag the image and upload it to the private registry
    132. 

  132. 	dockerCmd(c, "tag", "busybox", repoName)
    133. 

  133. 

  134. 	pushCmd := exec.Command(dockerBinary, "push", repoName)
    135. 

  135. 	s.trustedCmdWithPassphrases(pushCmd, "12345678", "12345678")
    136. 

  136. 	out, _, err := runCommandWithOutput(pushCmd)
    137. 

  137. 	c.Assert(err, check.IsNil, check.Commentf("Error running trusted push: %s\n%s", err, out))
    138. 

  138. 	c.Assert(out, checker.Contains, "Signing and pushing trust metadata", check.Commentf("Missing expected output on trusted push"))
    139. 

  139. 

  140. 	// Try pull after push
    141. 

  141. 	pullCmd := exec.Command(dockerBinary, "pull", repoName)
    142. 

  142. 	s.trustedCmd(pullCmd)
    143. 

  143. 	out, _, err = runCommandWithOutput(pullCmd)
    144. 

  144. 	c.Assert(err, check.IsNil, check.Commentf(out))
    145. 

  145. 	c.Assert(string(out), checker.Contains, "Status: Downloaded", check.Commentf(out))
    146. 

  146. }
    147. 

  147. 

  148. // This test ensures backwards compatibility with old ENV variables. Should be
    149. 

  149. // deprecated by 1.10
    150. 

  150. func (s *DockerTrustSuite) TestTrustedPushWithDeprecatedEnvPasswords(c *check.C) {
    151. 

  151. 	repoName := fmt.Sprintf("%v/dockercli/trusteddeprecated:latest", privateRegistryURL)
    152. 

  152. 	// tag the image and upload it to the private registry
    153. 

  153. 	dockerCmd(c, "tag", "busybox", repoName)
    154. 

  154. 

  155. 	pushCmd := exec.Command(dockerBinary, "push", repoName)
    156. 

  156. 	s.trustedCmdWithDeprecatedEnvPassphrases(pushCmd, "12345678", "12345678")
    157. 

  157. 	out, _, err := runCommandWithOutput(pushCmd)
    158. 

  158. 	c.Assert(err, check.IsNil, check.Commentf("Error running trusted push: %s\n%s", err, out))
    159. 

  159. 	c.Assert(out, checker.Contains, "Signing and pushing trust metadata", check.Commentf("Missing expected output on trusted push"))
    160. 

  160. }
    161. 

  161. 

  162. func (s *DockerTrustSuite) TestTrustedPushWithFailingServer(c *check.C) {
    163. 

  163. 	repoName := fmt.Sprintf("%v/dockercli/trusted:latest", privateRegistryURL)
    164. 

  164. 	// tag the image and upload it to the private registry
    165. 

  165. 	dockerCmd(c, "tag", "busybox", repoName)
    166. 

  166. 

  167. 	pushCmd := exec.Command(dockerBinary, "push", repoName)
    168. 

  168. 	s.trustedCmdWithServer(pushCmd, "https://example.com:81/")
    169. 

  169. 	out, _, err := runCommandWithOutput(pushCmd)
    170. 

  170. 	c.Assert(err, check.NotNil, check.Commentf("Missing error while running trusted push w/ no server"))
    171. 

  171. 	c.Assert(out, checker.Contains, "error contacting notary server", check.Commentf("Missing expected output on trusted push"))
    172. 

  172. }
    173. 

  173. 

  174. func (s *DockerTrustSuite) TestTrustedPushWithoutServerAndUntrusted(c *check.C) {
    175. 

  175. 	repoName := fmt.Sprintf("%v/dockercli/trusted:latest", privateRegistryURL)
    176. 

  176. 	// tag the image and upload it to the private registry
    177. 

  177. 	dockerCmd(c, "tag", "busybox", repoName)
    178. 

  178. 

  179. 	pushCmd := exec.Command(dockerBinary, "push", "--disable-content-trust", repoName)
    180. 

  180. 	s.trustedCmdWithServer(pushCmd, "https://example.com/")
    181. 

  181. 	out, _, err := runCommandWithOutput(pushCmd)
    182. 

  182. 	c.Assert(err, check.IsNil, check.Commentf("trusted push with no server and --disable-content-trust failed: %s\n%s", err, out))
    183. 

  183. 	c.Assert(out, check.Not(checker.Contains), "Error establishing connection to notary repository", check.Commentf("Missing expected output on trusted push with --disable-content-trust:"))
    184. 

  184. }
    185. 

  185. 

  186. func (s *DockerTrustSuite) TestTrustedPushWithExistingTag(c *check.C) {
    187. 

  187. 	repoName := fmt.Sprintf("%v/dockerclitag/trusted:latest", privateRegistryURL)
    188. 

  188. 	// tag the image and upload it to the private registry
    189. 

  189. 	dockerCmd(c, "tag", "busybox", repoName)
    190. 

  190. 	dockerCmd(c, "push", repoName)
    191. 

  191. 

  192. 	pushCmd := exec.Command(dockerBinary, "push", repoName)
    193. 

  193. 	s.trustedCmd(pushCmd)
    194. 

  194. 	out, _, err := runCommandWithOutput(pushCmd)
    195. 

  195. 	c.Assert(err, check.IsNil, check.Commentf("trusted push failed: %s\n%s", err, out))
    196. 

  196. 	c.Assert(out, checker.Contains, "Signing and pushing trust metadata", check.Commentf("Missing expected output on trusted push with existing tag"))
    197. 

  197. 

  198. 	// Try pull after push
    199. 

  199. 	pullCmd := exec.Command(dockerBinary, "pull", repoName)
    200. 

  200. 	s.trustedCmd(pullCmd)
    201. 

  201. 	out, _, err = runCommandWithOutput(pullCmd)
    202. 

  202. 	c.Assert(err, check.IsNil, check.Commentf(out))
    203. 

  203. 	c.Assert(string(out), checker.Contains, "Status: Downloaded", check.Commentf(out))
    204. 

  204. }
    205. 

  205. 

  206. func (s *DockerTrustSuite) TestTrustedPushWithExistingSignedTag(c *check.C) {
    207. 

  207. 	repoName := fmt.Sprintf("%v/dockerclipushpush/trusted:latest", privateRegistryURL)
    208. 

  208. 	// tag the image and upload it to the private registry
    209. 

  209. 	dockerCmd(c, "tag", "busybox", repoName)
    210. 

  210. 

  211. 	// Do a trusted push
    212. 

  212. 	pushCmd := exec.Command(dockerBinary, "push", repoName)
    213. 

  213. 	s.trustedCmd(pushCmd)
    214. 

  214. 	out, _, err := runCommandWithOutput(pushCmd)
    215. 

  215. 	c.Assert(err, check.IsNil, check.Commentf("trusted push failed: %s\n%s", err, out))
    216. 

  216. 	c.Assert(out, checker.Contains, "Signing and pushing trust metadata", check.Commentf("Missing expected output on trusted push with existing tag"))
    217. 

  217. 

  218. 	// Do another trusted push
    219. 

  219. 	pushCmd = exec.Command(dockerBinary, "push", repoName)
    220. 

  220. 	s.trustedCmd(pushCmd)
    221. 

  221. 	out, _, err = runCommandWithOutput(pushCmd)
    222. 

  222. 	c.Assert(err, check.IsNil, check.Commentf("trusted push failed: %s\n%s", err, out))
    223. 

  223. 	c.Assert(out, checker.Contains, "Signing and pushing trust metadata", check.Commentf("Missing expected output on trusted push with existing tag"))
    224. 

  224. 

  225. 	dockerCmd(c, "rmi", repoName)
    226. 

  226. 

  227. 	// Try pull to ensure the double push did not break our ability to pull
    228. 

  228. 	pullCmd := exec.Command(dockerBinary, "pull", repoName)
    229. 

  229. 	s.trustedCmd(pullCmd)
    230. 

  230. 	out, _, err = runCommandWithOutput(pullCmd)
    231. 

  231. 	c.Assert(err, check.IsNil, check.Commentf("Error running trusted pull: %s\n%s", err, out))
    232. 

  232. 	c.Assert(out, checker.Contains, "Status: Downloaded", check.Commentf("Missing expected output on trusted pull with --disable-content-trust"))
    233. 

  233. 

  234. }
    235. 

  235. 

  236. func (s *DockerTrustSuite) TestTrustedPushWithIncorrectPassphraseForNonRoot(c *check.C) {
    237. 

  237. 	repoName := fmt.Sprintf("%v/dockercliincorretpwd/trusted:latest", privateRegistryURL)
    238. 

  238. 	// tag the image and upload it to the private registry
    239. 

  239. 	dockerCmd(c, "tag", "busybox", repoName)
    240. 

  240. 

  241. 	// Push with default passphrases
    242. 

  242. 	pushCmd := exec.Command(dockerBinary, "push", repoName)
    243. 

  243. 	s.trustedCmd(pushCmd)
    244. 

  244. 	out, _, err := runCommandWithOutput(pushCmd)
    245. 

  245. 	c.Assert(err, check.IsNil, check.Commentf("trusted push failed: %s\n%s", err, out))
    246. 

  246. 	c.Assert(out, checker.Contains, "Signing and pushing trust metadata", check.Commentf("Missing expected output on trusted push:\n%s", out))
    247. 

  247. 

  248. 	// Push with wrong passphrases
    249. 

  249. 	pushCmd = exec.Command(dockerBinary, "push", repoName)
    250. 

  250. 	s.trustedCmdWithPassphrases(pushCmd, "12345678", "87654321")
    251. 

  251. 	out, _, err = runCommandWithOutput(pushCmd)
    252. 

  252. 	c.Assert(err, check.NotNil, check.Commentf("Error missing from trusted push with short targets passphrase: \n%s", out))
    253. 

  253. 	c.Assert(out, checker.Contains, "could not find necessary signing keys", check.Commentf("Missing expected output on trusted push with short targets/snapsnot passphrase"))
    254. 

  254. }
    255. 

  255. 

  256. // This test ensures backwards compatibility with old ENV variables. Should be
    257. 

  257. // deprecated by 1.10
    258. 

  258. func (s *DockerTrustSuite) TestTrustedPushWithIncorrectDeprecatedPassphraseForNonRoot(c *check.C) {
    259. 

  259. 	repoName := fmt.Sprintf("%v/dockercliincorretdeprecatedpwd/trusted:latest", privateRegistryURL)
    260. 

  260. 	// tag the image and upload it to the private registry
    261. 

  261. 	dockerCmd(c, "tag", "busybox", repoName)
    262. 

  262. 

  263. 	// Push with default passphrases
    264. 

  264. 	pushCmd := exec.Command(dockerBinary, "push", repoName)
    265. 

  265. 	s.trustedCmd(pushCmd)
    266. 

  266. 	out, _, err := runCommandWithOutput(pushCmd)
    267. 

  267. 	c.Assert(err, check.IsNil, check.Commentf("trusted push failed: %s\n%s", err, out))
    268. 

  268. 	c.Assert(out, checker.Contains, "Signing and pushing trust metadata", check.Commentf("Missing expected output on trusted push"))
    269. 

  269. 

  270. 	// Push with wrong passphrases
    271. 

  271. 	pushCmd = exec.Command(dockerBinary, "push", repoName)
    272. 

  272. 	s.trustedCmdWithDeprecatedEnvPassphrases(pushCmd, "12345678", "87654321")
    273. 

  273. 	out, _, err = runCommandWithOutput(pushCmd)
    274. 

  274. 	c.Assert(err, check.NotNil, check.Commentf("Error missing from trusted push with short targets passphrase: \n%s", out))
    275. 

  275. 	c.Assert(out, checker.Contains, "could not find necessary signing keys", check.Commentf("Missing expected output on trusted push with short targets/snapsnot passphrase"))
    276. 

  276. }
    277. 

  277. 

  278. func (s *DockerTrustSuite) TestTrustedPushWithExpiredSnapshot(c *check.C) {
    279. 

  279. 	c.Skip("Currently changes system time, causing instability")
    280. 

  280. 	repoName := fmt.Sprintf("%v/dockercliexpiredsnapshot/trusted:latest", privateRegistryURL)
    281. 

  281. 	// tag the image and upload it to the private registry
    282. 

  282. 	dockerCmd(c, "tag", "busybox", repoName)
    283. 

  283. 

  284. 	// Push with default passphrases
    285. 

  285. 	pushCmd := exec.Command(dockerBinary, "push", repoName)
    286. 

  286. 	s.trustedCmd(pushCmd)
    287. 

  287. 	out, _, err := runCommandWithOutput(pushCmd)
    288. 

  288. 	c.Assert(err, check.IsNil, check.Commentf("trusted push failed: %s\n%s", err, out))
    289. 

  289. 	c.Assert(out, checker.Contains, "Signing and pushing trust metadata", check.Commentf("Missing expected output on trusted push"))
    290. 

  290. 

  291. 	// Snapshots last for three years. This should be expired
    292. 

  292. 	fourYearsLater := time.Now().Add(time.Hour * 24 * 365 * 4)
    293. 

  293. 

  294. 	runAtDifferentDate(fourYearsLater, func() {
    295. 

  295. 		// Push with wrong passphrases
    296. 

  296. 		pushCmd = exec.Command(dockerBinary, "push", repoName)
    297. 

  297. 		s.trustedCmd(pushCmd)
    298. 

  298. 		out, _, err = runCommandWithOutput(pushCmd)
    299. 

  299. 		c.Assert(err, check.NotNil, check.Commentf("Error missing from trusted push with expired snapshot: \n%s", out))
    300. 

  300. 		c.Assert(out, checker.Contains, "repository out-of-date", check.Commentf("Missing expected output on trusted push with expired snapshot"))
    301. 

  301. 	})
    302. 

  302. }
    303. 

  303. 

  304. func (s *DockerTrustSuite) TestTrustedPushWithExpiredTimestamp(c *check.C) {
    305. 

  305. 	c.Skip("Currently changes system time, causing instability")
    306. 

  306. 	repoName := fmt.Sprintf("%v/dockercliexpiredtimestamppush/trusted:latest", privateRegistryURL)
    307. 

  307. 	// tag the image and upload it to the private registry
    308. 

  308. 	dockerCmd(c, "tag", "busybox", repoName)
    309. 

  309. 

  310. 	// Push with default passphrases
    311. 

  311. 	pushCmd := exec.Command(dockerBinary, "push", repoName)
    312. 

  312. 	s.trustedCmd(pushCmd)
    313. 

  313. 	out, _, err := runCommandWithOutput(pushCmd)
    314. 

  314. 	c.Assert(err, check.IsNil, check.Commentf("trusted push failed: %s\n%s", err, out))
    315. 

  315. 	c.Assert(out, checker.Contains, "Signing and pushing trust metadata", check.Commentf("Missing expected output on trusted push"))
    316. 

  316. 

  317. 	// The timestamps expire in two weeks. Lets check three
    318. 

  318. 	threeWeeksLater := time.Now().Add(time.Hour * 24 * 21)
    319. 

  319. 

  320. 	// Should succeed because the server transparently re-signs one
    321. 

  321. 	runAtDifferentDate(threeWeeksLater, func() {
    322. 

  322. 		pushCmd := exec.Command(dockerBinary, "push", repoName)
    323. 

  323. 		s.trustedCmd(pushCmd)
    324. 

  324. 		out, _, err := runCommandWithOutput(pushCmd)
    325. 

  325. 		c.Assert(err, check.IsNil, check.Commentf("Error running trusted push: %s\n%s", err, out))
    326. 

  326. 		c.Assert(out, checker.Contains, "Signing and pushing trust metadata", check.Commentf("Missing expected output on trusted push with expired timestamp"))
    327. 

  327. 	})
    328. 

  328. }
    329. 

  329. 

  330. func (s *DockerTrustSuite) TestTrustedPushWithReleasesDelegation(c *check.C) {
    331. 

  331. 	repoName := fmt.Sprintf("%v/dockerclireleasedelegation/trusted", privateRegistryURL)
    332. 

  332. 	targetName := fmt.Sprintf("%s:latest", repoName)
    333. 

  333. 	pwd := "12345678"
    334. 

  334. 	s.setupDelegations(c, repoName, pwd)
    335. 

  335. 

  336. 	// tag the image and upload it to the private registry
    337. 

  337. 	dockerCmd(c, "tag", "busybox", targetName)
    338. 

  338. 

  339. 	pushCmd := exec.Command(dockerBinary, "-D", "push", targetName)
    340. 

  340. 	s.trustedCmdWithPassphrases(pushCmd, pwd, pwd)
    341. 

  341. 	out, _, err := runCommandWithOutput(pushCmd)
    342. 

  342. 	c.Assert(err, check.IsNil, check.Commentf("trusted push failed: %s\n%s", err, out))
    343. 

  343. 	c.Assert(out, checker.Contains, "Signing and pushing trust metadata", check.Commentf("Missing expected output on trusted push with existing tag"))
    344. 

  344. 

  345. 	// Try pull after push
    346. 

  346. 	pullCmd := exec.Command(dockerBinary, "pull", targetName)
    347. 

  347. 	s.trustedCmd(pullCmd)
    348. 

  348. 	out, _, err = runCommandWithOutput(pullCmd)
    349. 

  349. 	c.Assert(err, check.IsNil, check.Commentf(out))
    350. 

  350. 	c.Assert(string(out), checker.Contains, "Status: Downloaded", check.Commentf(out))
    351. 

  351. 

  352. 	// check to make sure that the target has been added to targets/releases and not targets
    353. 

  353. 	contents, err := ioutil.ReadFile(filepath.Join(cliconfig.ConfigDir(), "trust/tuf", repoName, "metadata/targets.json"))
    354. 

  354. 	c.Assert(err, check.IsNil, check.Commentf("Unable to read targets metadata"))
    355. 

  355. 	c.Assert(strings.Contains(string(contents), `"latest"`), checker.False, check.Commentf(string(contents)))
    356. 

  356. 

  357. 	contents, err = ioutil.ReadFile(filepath.Join(cliconfig.ConfigDir(), "trust/tuf", repoName, "metadata/targets/releases.json"))
    358. 

  358. 	c.Assert(err, check.IsNil, check.Commentf("Unable to read targets/releases metadata"))
    359. 

  359. 	c.Assert(string(contents), checker.Contains, `"latest"`, check.Commentf(string(contents)))
    360. 

  360. }
    361.

Contact | Legal | Takedown | Status
Self-hosted public services - About
NibbleSpot by 0ct0pu5