diff options
Diffstat (limited to 'test')
| -rw-r--r-- | test/e2e/trust_test.go | 29 | ||||
| -rw-r--r-- | test/system/750-trust.bats | 46 | ||||
| -rw-r--r-- | test/trust_set_test.json | 8 |
3 files changed, 58 insertions, 25 deletions
diff --git a/test/e2e/trust_test.go b/test/e2e/trust_test.go index 251fdbf77..d17e34e9c 100644 --- a/test/e2e/trust_test.go +++ b/test/e2e/trust_test.go @@ -39,7 +39,7 @@ var _ = Describe("Podman trust", func() { }) It("podman image trust show", func() { - session := podmanTest.Podman([]string{"image", "trust", "show", "--registrypath", filepath.Join(INTEGRATION_ROOT, "test"), "--policypath", filepath.Join(INTEGRATION_ROOT, "test/policy.json")}) + session := podmanTest.Podman([]string{"image", "trust", "show", "-n", "--registrypath", filepath.Join(INTEGRATION_ROOT, "test"), "--policypath", filepath.Join(INTEGRATION_ROOT, "test/policy.json")}) session.WaitWithDefaultTimeout() Expect(session).Should(Exit(0)) outArray := session.OutputToStringArray() @@ -47,21 +47,18 @@ var _ = Describe("Podman trust", func() { // Repository order is not guaranteed. So, check that // all expected lines appear in output; we also check total number of lines, so that handles all of them. - Expect(string(session.Out.Contents())).To(MatchRegexp(`(?m)^default\s+accept\s*$`)) - Expect(string(session.Out.Contents())).To(MatchRegexp(`(?m)^docker.io/library/hello-world\s+reject\s*$`)) - Expect(string(session.Out.Contents())).To(MatchRegexp(`(?m)^registry.access.redhat.com\s+signedBy\s+security@redhat.com, security@redhat.com\s+https://access.redhat.com/webassets/docker/content/sigstore\s*$`)) + Expect(string(session.Out.Contents())).To(MatchRegexp(`(?m)^all\s+default\s+accept\s*$`)) + Expect(string(session.Out.Contents())).To(MatchRegexp(`(?m)^repository\s+docker.io/library/hello-world\s+reject\s*$`)) + Expect(string(session.Out.Contents())).To(MatchRegexp(`(?m)^repository\s+registry.access.redhat.com\s+signed\s+security@redhat.com, security@redhat.com\s+https://access.redhat.com/webassets/docker/content/sigstore\s*$`)) }) It("podman image trust set", func() { - path, err := os.Getwd() - if err != nil { - os.Exit(1) - } - session := podmanTest.Podman([]string{"image", "trust", "set", "--policypath", filepath.Join(filepath.Dir(path), "trust_set_test.json"), "-t", "accept", "default"}) + policyJSON := filepath.Join(podmanTest.TempDir, "trust_set_test.json") + session := podmanTest.Podman([]string{"image", "trust", "set", "--policypath", policyJSON, "-t", "accept", "default"}) session.WaitWithDefaultTimeout() Expect(session).Should(Exit(0)) var teststruct map[string][]map[string]string - policyContent, err := ioutil.ReadFile(filepath.Join(filepath.Dir(path), "trust_set_test.json")) + policyContent, err := ioutil.ReadFile(policyJSON) if err != nil { os.Exit(1) } @@ -88,25 +85,23 @@ var _ = Describe("Podman trust", func() { } Expect(repoMap).To(Equal(map[string][]map[string]string{ "* (default)": {{ + "type": "accept", + "transport": "all", "name": "* (default)", "repo_name": "default", - "sigstore": "", - "transport": "", - "type": "accept", }}, "docker.io/library/hello-world": {{ + "transport": "repository", "name": "docker.io/library/hello-world", "repo_name": "docker.io/library/hello-world", - "sigstore": "", - "transport": "", "type": "reject", }}, "registry.access.redhat.com": {{ + "transport": "repository", "name": "registry.access.redhat.com", "repo_name": "registry.access.redhat.com", "sigstore": "https://access.redhat.com/webassets/docker/content/sigstore", - "transport": "", - "type": "signedBy", + "type": "signed", "gpg_id": "security@redhat.com, security@redhat.com", }}, })) diff --git a/test/system/750-trust.bats b/test/system/750-trust.bats new file mode 100644 index 000000000..f06df35e7 --- /dev/null +++ b/test/system/750-trust.bats @@ -0,0 +1,46 @@ +#!/usr/bin/env bats -*- bats -*- +# +# tests for podman image trust +# + +load helpers + +@test "podman image trust set" { + skip_if_remote "trust only works locally" + policypath=$PODMAN_TMPDIR/policy.json + run_podman 125 image trust set --policypath=$policypath --type=bogus default + is "$output" "Error: invalid choice: bogus.*" "error from --type=bogus" + + run_podman image trust set --policypath=$policypath --type=accept default + run_podman image trust show --policypath=$policypath + is "$output" ".*all *default *accept" "default policy should be accept" + + run_podman image trust set --policypath=$policypath --type=reject default + run_podman image trust show --policypath=$policypath + is "$output" ".*all *default *reject" "default policy should be reject" + + run_podman image trust set --policypath=$policypath --type=reject docker.io + run_podman image trust show --policypath=$policypath + is "$output" ".*all *default *reject" "default policy should still be reject" + is "$output" ".*repository *docker.io *reject" "docker.io should also be reject" + + run_podman image trust show --policypath=$policypath --json + subset=$(jq -r '.[0] | .repo_name, .type' <<<"$output" | fmt) + is "$subset" "default reject" "--json also shows default" + subset=$(jq -r '.[1] | .repo_name, .type' <<<"$output" | fmt) + is "$subset" "docker.io reject" "--json also shows docker.io" + + run_podman image trust set --policypath=$policypath --type=accept docker.io + run_podman image trust show --policypath=$policypath --json + subset=$(jq -r '.[0] | .repo_name, .type' <<<"$output" | fmt) + is "$subset" "default reject" "--json, default is still reject" + subset=$(jq -r '.[1] | .repo_name, .type' <<<"$output" | fmt) + is "$subset" "docker.io accept" "--json, docker.io should now be accept" + + run cat $policypath + policy=$output + run_podman image trust show --policypath=$policypath --raw + is "$output" "$policy" "output should show match content of policy.json" +} + +# vim: filetype=sh diff --git a/test/trust_set_test.json b/test/trust_set_test.json deleted file mode 100644 index f1fdf779c..000000000 --- a/test/trust_set_test.json +++ /dev/null @@ -1,8 +0,0 @@ -{ - "default": [ - { - "type": "insecureAcceptAnything" - } - ], - "transports": null -} |