We use cookies to ensure you get the best experience on our website
首页 发现 帮助
注册 登录
0ct0pu5
/
moby
1
0
派生 0
文件 工单管理 0 合并请求 0 Wiki
目录树: 349aef06d5
分支列表 标签列表
moby
/
integration-cli
/
docker_cli_push_test.go

docker_cli_push_test.go 13 KB
文件历史 原始文件

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349350351352353354355356357358359360361362363364365366367 
  1. package main
    2. 

  2. 

  3. import (
    4. 

  4. 	"archive/tar"
    5. 

  5. 	"fmt"
    6. 

  6. 	"io/ioutil"
    7. 

  7. 	"os"
    8. 

  8. 	"os/exec"
    9. 

  9. 	"strings"
    10. 

  10. 	"time"
    11. 

  11. 

  12. 	"github.com/go-check/check"
    13. 

  13. )
    14. 

  14. 

  15. // Pushing an image to a private registry.
    16. 

  16. func (s *DockerRegistrySuite) TestPushBusyboxImage(c *check.C) {
    17. 

  17. 	repoName := fmt.Sprintf("%v/dockercli/busybox", privateRegistryURL)
    18. 

  18. 	// tag the image to upload it to the private registry
    19. 

  19. 	dockerCmd(c, "tag", "busybox", repoName)
    20. 

  20. 	// push the image to the registry
    21. 

  21. 	dockerCmd(c, "push", repoName)
    22. 

  22. }
    23. 

  23. 

  24. // pushing an image without a prefix should throw an error
    25. 

  25. func (s *DockerSuite) TestPushUnprefixedRepo(c *check.C) {
    26. 

  26. 	if out, _, err := dockerCmdWithError("push", "busybox"); err == nil {
    27. 

  27. 		c.Fatalf("pushing an unprefixed repo didn't result in a non-zero exit status: %s", out)
    28. 

  28. 	}
    29. 

  29. }
    30. 

  30. 

  31. func (s *DockerRegistrySuite) TestPushUntagged(c *check.C) {
    32. 

  32. 	repoName := fmt.Sprintf("%v/dockercli/busybox", privateRegistryURL)
    33. 

  33. 

  34. 	expected := "Repository does not exist"
    35. 

  35. 	if out, _, err := dockerCmdWithError("push", repoName); err == nil {
    36. 

  36. 		c.Fatalf("pushing the image to the private registry should have failed: output %q", out)
    37. 

  37. 	} else if !strings.Contains(out, expected) {
    38. 

  38. 		c.Fatalf("pushing the image failed with an unexpected message: expected %q, got %q", expected, out)
    39. 

  39. 	}
    40. 

  40. }
    41. 

  41. 

  42. func (s *DockerRegistrySuite) TestPushBadTag(c *check.C) {
    43. 

  43. 	repoName := fmt.Sprintf("%v/dockercli/busybox:latest", privateRegistryURL)
    44. 

  44. 

  45. 	expected := "does not exist"
    46. 

  46. 

  47. 	if out, _, err := dockerCmdWithError("push", repoName); err == nil {
    48. 

  48. 		c.Fatalf("pushing the image to the private registry should have failed: output %q", out)
    49. 

  49. 	} else if !strings.Contains(out, expected) {
    50. 

  50. 		c.Fatalf("pushing the image failed with an unexpected message: expected %q, got %q", expected, out)
    51. 

  51. 	}
    52. 

  52. }
    53. 

  53. 

  54. func (s *DockerRegistrySuite) TestPushMultipleTags(c *check.C) {
    55. 

  55. 	repoName := fmt.Sprintf("%v/dockercli/busybox", privateRegistryURL)
    56. 

  56. 	repoTag1 := fmt.Sprintf("%v/dockercli/busybox:t1", privateRegistryURL)
    57. 

  57. 	repoTag2 := fmt.Sprintf("%v/dockercli/busybox:t2", privateRegistryURL)
    58. 

  58. 	// tag the image and upload it to the private registry
    59. 

  59. 	dockerCmd(c, "tag", "busybox", repoTag1)
    60. 

  60. 

  61. 	dockerCmd(c, "tag", "busybox", repoTag2)
    62. 

  62. 

  63. 	dockerCmd(c, "push", repoName)
    64. 

  64. 

  65. 	// Ensure layer list is equivalent for repoTag1 and repoTag2
    66. 

  66. 	out1, _ := dockerCmd(c, "pull", repoTag1)
    67. 

  67. 	if strings.Contains(out1, "Tag t1 not found") {
    68. 

  68. 		c.Fatalf("Unable to pull pushed image: %s", out1)
    69. 

  69. 	}
    70. 

  70. 	imageAlreadyExists := ": Image already exists"
    71. 

  71. 	var out1Lines []string
    72. 

  72. 	for _, outputLine := range strings.Split(out1, "\n") {
    73. 

  73. 		if strings.Contains(outputLine, imageAlreadyExists) {
    74. 

  74. 			out1Lines = append(out1Lines, outputLine)
    75. 

  75. 		}
    76. 

  76. 	}
    77. 

  77. 

  78. 	out2, _ := dockerCmd(c, "pull", repoTag2)
    79. 

  79. 	if strings.Contains(out2, "Tag t2 not found") {
    80. 

  80. 		c.Fatalf("Unable to pull pushed image: %s", out1)
    81. 

  81. 	}
    82. 

  82. 	var out2Lines []string
    83. 

  83. 	for _, outputLine := range strings.Split(out2, "\n") {
    84. 

  84. 		if strings.Contains(outputLine, imageAlreadyExists) {
    85. 

  85. 			out1Lines = append(out1Lines, outputLine)
    86. 

  86. 		}
    87. 

  87. 	}
    88. 

  88. 

  89. 	if len(out1Lines) != len(out2Lines) {
    90. 

  90. 		c.Fatalf("Mismatched output length:\n%s\n%s", out1, out2)
    91. 

  91. 	}
    92. 

  92. 

  93. 	for i := range out1Lines {
    94. 

  94. 		if out1Lines[i] != out2Lines[i] {
    95. 

  95. 			c.Fatalf("Mismatched output line:\n%s\n%s", out1Lines[i], out2Lines[i])
    96. 

  96. 		}
    97. 

  97. 	}
    98. 

  98. }
    99. 

  99. 

  100. func (s *DockerRegistrySuite) TestPushInterrupt(c *check.C) {
    101. 

  101. 	repoName := fmt.Sprintf("%v/dockercli/busybox", privateRegistryURL)
    102. 

  102. 	// tag the image and upload it to the private registry
    103. 

  103. 	dockerCmd(c, "tag", "busybox", repoName)
    104. 

  104. 

  105. 	pushCmd := exec.Command(dockerBinary, "push", repoName)
    106. 

  106. 	if err := pushCmd.Start(); err != nil {
    107. 

  107. 		c.Fatalf("Failed to start pushing to private registry: %v", err)
    108. 

  108. 	}
    109. 

  109. 

  110. 	// Interrupt push (yes, we have no idea at what point it will get killed).
    111. 

  111. 	time.Sleep(50 * time.Millisecond) // dependent on race condition.
    112. 

  112. 	if err := pushCmd.Process.Kill(); err != nil {
    113. 

  113. 		c.Fatalf("Failed to kill push process: %v", err)
    114. 

  114. 	}
    115. 

  115. 	if out, _, err := dockerCmdWithError("push", repoName); err == nil {
    116. 

  116. 		if !strings.Contains(out, "already in progress") {
    117. 

  117. 			c.Fatalf("Push should be continued on daemon side, but seems ok: %v, %s", err, out)
    118. 

  118. 		}
    119. 

  119. 	}
    120. 

  120. 	// now wait until all this pushes will complete
    121. 

  121. 	// if it failed with timeout - there would be some error,
    122. 

  122. 	// so no logic about it here
    123. 

  123. 	for exec.Command(dockerBinary, "push", repoName).Run() != nil {
    124. 

  124. 	}
    125. 

  125. }
    126. 

  126. 

  127. func (s *DockerRegistrySuite) TestPushEmptyLayer(c *check.C) {
    128. 

  128. 	repoName := fmt.Sprintf("%v/dockercli/emptylayer", privateRegistryURL)
    129. 

  129. 	emptyTarball, err := ioutil.TempFile("", "empty_tarball")
    130. 

  130. 	if err != nil {
    131. 

  131. 		c.Fatalf("Unable to create test file: %v", err)
    132. 

  132. 	}
    133. 

  133. 	tw := tar.NewWriter(emptyTarball)
    134. 

  134. 	err = tw.Close()
    135. 

  135. 	if err != nil {
    136. 

  136. 		c.Fatalf("Error creating empty tarball: %v", err)
    137. 

  137. 	}
    138. 

  138. 	freader, err := os.Open(emptyTarball.Name())
    139. 

  139. 	if err != nil {
    140. 

  140. 		c.Fatalf("Could not open test tarball: %v", err)
    141. 

  141. 	}
    142. 

  142. 

  143. 	importCmd := exec.Command(dockerBinary, "import", "-", repoName)
    144. 

  144. 	importCmd.Stdin = freader
    145. 

  145. 	out, _, err := runCommandWithOutput(importCmd)
    146. 

  146. 	if err != nil {
    147. 

  147. 		c.Errorf("import failed with errors: %v, output: %q", err, out)
    148. 

  148. 	}
    149. 

  149. 

  150. 	// Now verify we can push it
    151. 

  151. 	if out, _, err := dockerCmdWithError("push", repoName); err != nil {
    152. 

  152. 		c.Fatalf("pushing the image to the private registry has failed: %s, %v", out, err)
    153. 

  153. 	}
    154. 

  154. }
    155. 

  155. 

  156. func (s *DockerTrustSuite) TestTrustedPush(c *check.C) {
    157. 

  157. 	repoName := fmt.Sprintf("%v/dockercli/trusted:latest", privateRegistryURL)
    158. 

  158. 	// tag the image and upload it to the private registry
    159. 

  159. 	dockerCmd(c, "tag", "busybox", repoName)
    160. 

  160. 

  161. 	pushCmd := exec.Command(dockerBinary, "push", repoName)
    162. 

  162. 	s.trustedCmd(pushCmd)
    163. 

  163. 	out, _, err := runCommandWithOutput(pushCmd)
    164. 

  164. 	if err != nil {
    165. 

  165. 		c.Fatalf("Error running trusted push: %s\n%s", err, out)
    166. 

  166. 	}
    167. 

  167. 	if !strings.Contains(string(out), "Signing and pushing trust metadata") {
    168. 

  168. 		c.Fatalf("Missing expected output on trusted push:\n%s", out)
    169. 

  169. 	}
    170. 

  170. }
    171. 

  171. 

  172. func (s *DockerTrustSuite) TestTrustedPushWithFaillingServer(c *check.C) {
    173. 

  173. 	repoName := fmt.Sprintf("%v/dockercli/trusted:latest", privateRegistryURL)
    174. 

  174. 	// tag the image and upload it to the private registry
    175. 

  175. 	dockerCmd(c, "tag", "busybox", repoName)
    176. 

  176. 

  177. 	pushCmd := exec.Command(dockerBinary, "push", repoName)
    178. 

  178. 	s.trustedCmdWithServer(pushCmd, "example/")
    179. 

  179. 	out, _, err := runCommandWithOutput(pushCmd)
    180. 

  180. 	if err == nil {
    181. 

  181. 		c.Fatalf("Missing error while running trusted push w/ no server")
    182. 

  182. 	}
    183. 

  183. 

  184. 	if !strings.Contains(string(out), "Error establishing connection to notary repository") {
    185. 

  185. 		c.Fatalf("Missing expected output on trusted push:\n%s", out)
    186. 

  186. 	}
    187. 

  187. }
    188. 

  188. 

  189. func (s *DockerTrustSuite) TestTrustedPushWithoutServerAndUntrusted(c *check.C) {
    190. 

  190. 	repoName := fmt.Sprintf("%v/dockercli/trusted:latest", privateRegistryURL)
    191. 

  191. 	// tag the image and upload it to the private registry
    192. 

  192. 	dockerCmd(c, "tag", "busybox", repoName)
    193. 

  193. 

  194. 	pushCmd := exec.Command(dockerBinary, "push", "--disable-content-trust", repoName)
    195. 

  195. 	s.trustedCmdWithServer(pushCmd, "example/")
    196. 

  196. 	out, _, err := runCommandWithOutput(pushCmd)
    197. 

  197. 	if err != nil {
    198. 

  198. 		c.Fatalf("trusted push with no server and --disable-content-trust failed: %s\n%s", err, out)
    199. 

  199. 	}
    200. 

  200. 

  201. 	if strings.Contains(string(out), "Error establishing connection to notary repository") {
    202. 

  202. 		c.Fatalf("Missing expected output on trusted push with --disable-content-trust:\n%s", out)
    203. 

  203. 	}
    204. 

  204. }
    205. 

  205. 

  206. func (s *DockerTrustSuite) TestTrustedPushWithExistingTag(c *check.C) {
    207. 

  207. 	repoName := fmt.Sprintf("%v/dockercli/trusted:latest", privateRegistryURL)
    208. 

  208. 	// tag the image and upload it to the private registry
    209. 

  209. 	dockerCmd(c, "tag", "busybox", repoName)
    210. 

  210. 	dockerCmd(c, "push", repoName)
    211. 

  211. 

  212. 	pushCmd := exec.Command(dockerBinary, "push", repoName)
    213. 

  213. 	s.trustedCmd(pushCmd)
    214. 

  214. 	out, _, err := runCommandWithOutput(pushCmd)
    215. 

  215. 	if err != nil {
    216. 

  216. 		c.Fatalf("trusted push failed: %s\n%s", err, out)
    217. 

  217. 	}
    218. 

  218. 

  219. 	if !strings.Contains(string(out), "Signing and pushing trust metadata") {
    220. 

  220. 		c.Fatalf("Missing expected output on trusted push with existing tag:\n%s", out)
    221. 

  221. 	}
    222. 

  222. }
    223. 

  223. 

  224. func (s *DockerTrustSuite) TestTrustedPushWithExistingSignedTag(c *check.C) {
    225. 

  225. 	repoName := fmt.Sprintf("%v/dockerclipushpush/trusted:latest", privateRegistryURL)
    226. 

  226. 	// tag the image and upload it to the private registry
    227. 

  227. 	dockerCmd(c, "tag", "busybox", repoName)
    228. 

  228. 

  229. 	// Do a trusted push
    230. 

  230. 	pushCmd := exec.Command(dockerBinary, "push", repoName)
    231. 

  231. 	s.trustedCmd(pushCmd)
    232. 

  232. 	out, _, err := runCommandWithOutput(pushCmd)
    233. 

  233. 	if err != nil {
    234. 

  234. 		c.Fatalf("trusted push failed: %s\n%s", err, out)
    235. 

  235. 	}
    236. 

  236. 

  237. 	if !strings.Contains(string(out), "Signing and pushing trust metadata") {
    238. 

  238. 		c.Fatalf("Missing expected output on trusted push with existing tag:\n%s", out)
    239. 

  239. 	}
    240. 

  240. 

  241. 	// Do another trusted push
    242. 

  242. 	pushCmd = exec.Command(dockerBinary, "push", repoName)
    243. 

  243. 	s.trustedCmd(pushCmd)
    244. 

  244. 	out, _, err = runCommandWithOutput(pushCmd)
    245. 

  245. 	if err != nil {
    246. 

  246. 		c.Fatalf("trusted push failed: %s\n%s", err, out)
    247. 

  247. 	}
    248. 

  248. 

  249. 	if !strings.Contains(string(out), "Signing and pushing trust metadata") {
    250. 

  250. 		c.Fatalf("Missing expected output on trusted push with existing tag:\n%s", out)
    251. 

  251. 	}
    252. 

  252. 

  253. 	dockerCmd(c, "rmi", repoName)
    254. 

  254. 

  255. 	// Try pull to ensure the double push did not break our ability to pull
    256. 

  256. 	pullCmd := exec.Command(dockerBinary, "pull", repoName)
    257. 

  257. 	s.trustedCmd(pullCmd)
    258. 

  258. 	out, _, err = runCommandWithOutput(pullCmd)
    259. 

  259. 	if err != nil {
    260. 

  260. 		c.Fatalf("Error running trusted pull: %s\n%s", err, out)
    261. 

  261. 	}
    262. 

  262. 

  263. 	if !strings.Contains(string(out), "Status: Downloaded") {
    264. 

  264. 		c.Fatalf("Missing expected output on trusted pull with --disable-content-trust:\n%s", out)
    265. 

  265. 	}
    266. 

  266. }
    267. 

  267. 

  268. func (s *DockerTrustSuite) TestTrustedPushWithIncorrectPassphraseForNonRoot(c *check.C) {
    269. 

  269. 	repoName := fmt.Sprintf("%v/dockercliincorretpwd/trusted:latest", privateRegistryURL)
    270. 

  270. 	// tag the image and upload it to the private registry
    271. 

  271. 	dockerCmd(c, "tag", "busybox", repoName)
    272. 

  272. 

  273. 	// Push with default passphrases
    274. 

  274. 	pushCmd := exec.Command(dockerBinary, "push", repoName)
    275. 

  275. 	s.trustedCmd(pushCmd)
    276. 

  276. 	out, _, err := runCommandWithOutput(pushCmd)
    277. 

  277. 	if err != nil {
    278. 

  278. 		c.Fatalf("trusted push failed: %s\n%s", err, out)
    279. 

  279. 	}
    280. 

  280. 

  281. 	if !strings.Contains(string(out), "Signing and pushing trust metadata") {
    282. 

  282. 		c.Fatalf("Missing expected output on trusted push:\n%s", out)
    283. 

  283. 	}
    284. 

  284. 

  285. 	// Push with wrong passphrases
    286. 

  286. 	pushCmd = exec.Command(dockerBinary, "push", repoName)
    287. 

  287. 	s.trustedCmdWithPassphrases(pushCmd, "12345678", "87654321")
    288. 

  288. 	out, _, err = runCommandWithOutput(pushCmd)
    289. 

  289. 	if err == nil {
    290. 

  290. 		c.Fatalf("Error missing from trusted push with short targets passphrase: \n%s", out)
    291. 

  291. 	}
    292. 

  292. 

  293. 	if !strings.Contains(string(out), "password invalid, operation has failed") {
    294. 

  294. 		c.Fatalf("Missing expected output on trusted push with short targets/snapsnot passphrase:\n%s", out)
    295. 

  295. 	}
    296. 

  296. }
    297. 

  297. 

  298. func (s *DockerTrustSuite) TestTrustedPushWithExpiredSnapshot(c *check.C) {
    299. 

  299. 	c.Skip("Currently changes system time, causing instability")
    300. 

  300. 	repoName := fmt.Sprintf("%v/dockercliexpiredsnapshot/trusted:latest", privateRegistryURL)
    301. 

  301. 	// tag the image and upload it to the private registry
    302. 

  302. 	dockerCmd(c, "tag", "busybox", repoName)
    303. 

  303. 

  304. 	// Push with default passphrases
    305. 

  305. 	pushCmd := exec.Command(dockerBinary, "push", repoName)
    306. 

  306. 	s.trustedCmd(pushCmd)
    307. 

  307. 	out, _, err := runCommandWithOutput(pushCmd)
    308. 

  308. 	if err != nil {
    309. 

  309. 		c.Fatalf("trusted push failed: %s\n%s", err, out)
    310. 

  310. 	}
    311. 

  311. 

  312. 	if !strings.Contains(string(out), "Signing and pushing trust metadata") {
    313. 

  313. 		c.Fatalf("Missing expected output on trusted push:\n%s", out)
    314. 

  314. 	}
    315. 

  315. 

  316. 	// Snapshots last for three years. This should be expired
    317. 

  317. 	fourYearsLater := time.Now().Add(time.Hour * 24 * 365 * 4)
    318. 

  318. 

  319. 	runAtDifferentDate(fourYearsLater, func() {
    320. 

  320. 		// Push with wrong passphrases
    321. 

  321. 		pushCmd = exec.Command(dockerBinary, "push", repoName)
    322. 

  322. 		s.trustedCmd(pushCmd)
    323. 

  323. 		out, _, err = runCommandWithOutput(pushCmd)
    324. 

  324. 		if err == nil {
    325. 

  325. 			c.Fatalf("Error missing from trusted push with expired snapshot: \n%s", out)
    326. 

  326. 		}
    327. 

  327. 

  328. 		if !strings.Contains(string(out), "repository out-of-date") {
    329. 

  329. 			c.Fatalf("Missing expected output on trusted push with expired snapshot:\n%s", out)
    330. 

  330. 		}
    331. 

  331. 	})
    332. 

  332. }
    333. 

  333. 

  334. func (s *DockerTrustSuite) TestTrustedPushWithExpiredTimestamp(c *check.C) {
    335. 

  335. 	c.Skip("Currently changes system time, causing instability")
    336. 

  336. 	repoName := fmt.Sprintf("%v/dockercliexpiredtimestamppush/trusted:latest", privateRegistryURL)
    337. 

  337. 	// tag the image and upload it to the private registry
    338. 

  338. 	dockerCmd(c, "tag", "busybox", repoName)
    339. 

  339. 

  340. 	// Push with default passphrases
    341. 

  341. 	pushCmd := exec.Command(dockerBinary, "push", repoName)
    342. 

  342. 	s.trustedCmd(pushCmd)
    343. 

  343. 	out, _, err := runCommandWithOutput(pushCmd)
    344. 

  344. 	if err != nil {
    345. 

  345. 		c.Fatalf("trusted push failed: %s\n%s", err, out)
    346. 

  346. 	}
    347. 

  347. 

  348. 	if !strings.Contains(string(out), "Signing and pushing trust metadata") {
    349. 

  349. 		c.Fatalf("Missing expected output on trusted push:\n%s", out)
    350. 

  350. 	}
    351. 

  351. 

  352. 	// The timestamps expire in two weeks. Lets check three
    353. 

  353. 	threeWeeksLater := time.Now().Add(time.Hour * 24 * 21)
    354. 

  354. 

  355. 	// Should succeed because the server transparently re-signs one
    356. 

  356. 	runAtDifferentDate(threeWeeksLater, func() {
    357. 

  357. 		pushCmd := exec.Command(dockerBinary, "push", repoName)
    358. 

  358. 		s.trustedCmd(pushCmd)
    359. 

  359. 		out, _, err := runCommandWithOutput(pushCmd)
    360. 

  360. 		if err != nil {
    361. 

  361. 			c.Fatalf("Error running trusted push: %s\n%s", err, out)
    362. 

  362. 		}
    363. 

  363. 		if !strings.Contains(string(out), "Signing and pushing trust metadata") {
    364. 

  364. 			c.Fatalf("Missing expected output on trusted push with expired timestamp:\n%s", out)
    365. 

  365. 		}
    366. 

  366. 	})
    367. 

  367. }
    368.

Contact | Legal | Takedown | Status
Self-hosted public services - About
NibbleSpot by 0ct0pu5