2 files changed, 47 insertions, 0 deletions

diff --git a/test/system/750-trust.bats b/test/system/750-trust.bats
new file mode 100644
index 000000000..f06df35e7
--- /dev/null
+++ b/test/system/750-trust.bats
@@ -0,0 +1,46 @@
+#!/usr/bin/env bats   -*- bats -*-
+#
+# tests for podman image trust
+#
+
+load helpers
+
+@test "podman image trust set" {
+      skip_if_remote "trust only works locally"
+      policypath=$PODMAN_TMPDIR/policy.json
+      run_podman 125 image trust set --policypath=$policypath --type=bogus default
+      is "$output" "Error: invalid choice: bogus.*" "error from --type=bogus"
+
+      run_podman image trust set --policypath=$policypath --type=accept default
+      run_podman image trust show --policypath=$policypath
+      is "$output" ".*all  *default  *accept" "default policy should be accept"
+
+      run_podman image trust set --policypath=$policypath --type=reject default
+      run_podman image trust show --policypath=$policypath
+      is "$output" ".*all  *default  *reject" "default policy should be reject"
+
+      run_podman image trust set --policypath=$policypath --type=reject docker.io
+      run_podman image trust show --policypath=$policypath
+      is "$output" ".*all  *default  *reject" "default policy should still be reject"
+      is "$output" ".*repository  *docker.io  *reject" "docker.io should also be reject"
+
+      run_podman image trust show --policypath=$policypath --json
+      subset=$(jq -r '.[0] | .repo_name, .type' <<<"$output" | fmt)
+      is "$subset" "default reject" "--json also shows default"
+      subset=$(jq -r '.[1] | .repo_name, .type' <<<"$output" | fmt)
+      is "$subset" "docker.io reject" "--json also shows docker.io"
+
+      run_podman image trust set --policypath=$policypath --type=accept docker.io
+      run_podman image trust show --policypath=$policypath --json
+      subset=$(jq -r '.[0] | .repo_name, .type' <<<"$output" | fmt)
+      is "$subset" "default reject" "--json, default is still reject"
+      subset=$(jq -r '.[1] | .repo_name, .type' <<<"$output" | fmt)
+      is "$subset" "docker.io accept" "--json, docker.io should now be accept"
+
+      run cat $policypath
+      policy=$output
+      run_podman image trust show --policypath=$policypath --raw
+      is "$output" "$policy" "output should show match content of policy.json"
+}
+
+# vim: filetype=sh
diff --git a/test/system/helpers.bash b/test/system/helpers.bash
index ee5f73867..221315b97 100644
--- a/test/system/helpers.bash
+++ b/test/system/helpers.bash
@@ -108,6 +108,7 @@ function basic_teardown() {
     echo "# [teardown]" >&2
     run_podman '?' pod rm -t 0 --all --force --ignore
     run_podman '?'     rm -t 0 --all --force --ignore
+    run_podman '?' network prune --force
 
     command rm -rf $PODMAN_TMPDIR
 }