aboutsummaryrefslogtreecommitdiff
path: root/test
diff options
context:
space:
mode:
Diffstat (limited to 'test')
-rw-r--r--test/e2e/trust_test.go29
-rw-r--r--test/system/750-trust.bats46
-rw-r--r--test/trust_set_test.json8
3 files changed, 58 insertions, 25 deletions
diff --git a/test/e2e/trust_test.go b/test/e2e/trust_test.go
index 251fdbf77..d17e34e9c 100644
--- a/test/e2e/trust_test.go
+++ b/test/e2e/trust_test.go
@@ -39,7 +39,7 @@ var _ = Describe("Podman trust", func() {
})
It("podman image trust show", func() {
- session := podmanTest.Podman([]string{"image", "trust", "show", "--registrypath", filepath.Join(INTEGRATION_ROOT, "test"), "--policypath", filepath.Join(INTEGRATION_ROOT, "test/policy.json")})
+ session := podmanTest.Podman([]string{"image", "trust", "show", "-n", "--registrypath", filepath.Join(INTEGRATION_ROOT, "test"), "--policypath", filepath.Join(INTEGRATION_ROOT, "test/policy.json")})
session.WaitWithDefaultTimeout()
Expect(session).Should(Exit(0))
outArray := session.OutputToStringArray()
@@ -47,21 +47,18 @@ var _ = Describe("Podman trust", func() {
// Repository order is not guaranteed. So, check that
// all expected lines appear in output; we also check total number of lines, so that handles all of them.
- Expect(string(session.Out.Contents())).To(MatchRegexp(`(?m)^default\s+accept\s*$`))
- Expect(string(session.Out.Contents())).To(MatchRegexp(`(?m)^docker.io/library/hello-world\s+reject\s*$`))
- Expect(string(session.Out.Contents())).To(MatchRegexp(`(?m)^registry.access.redhat.com\s+signedBy\s+security@redhat.com, security@redhat.com\s+https://access.redhat.com/webassets/docker/content/sigstore\s*$`))
+ Expect(string(session.Out.Contents())).To(MatchRegexp(`(?m)^all\s+default\s+accept\s*$`))
+ Expect(string(session.Out.Contents())).To(MatchRegexp(`(?m)^repository\s+docker.io/library/hello-world\s+reject\s*$`))
+ Expect(string(session.Out.Contents())).To(MatchRegexp(`(?m)^repository\s+registry.access.redhat.com\s+signed\s+security@redhat.com, security@redhat.com\s+https://access.redhat.com/webassets/docker/content/sigstore\s*$`))
})
It("podman image trust set", func() {
- path, err := os.Getwd()
- if err != nil {
- os.Exit(1)
- }
- session := podmanTest.Podman([]string{"image", "trust", "set", "--policypath", filepath.Join(filepath.Dir(path), "trust_set_test.json"), "-t", "accept", "default"})
+ policyJSON := filepath.Join(podmanTest.TempDir, "trust_set_test.json")
+ session := podmanTest.Podman([]string{"image", "trust", "set", "--policypath", policyJSON, "-t", "accept", "default"})
session.WaitWithDefaultTimeout()
Expect(session).Should(Exit(0))
var teststruct map[string][]map[string]string
- policyContent, err := ioutil.ReadFile(filepath.Join(filepath.Dir(path), "trust_set_test.json"))
+ policyContent, err := ioutil.ReadFile(policyJSON)
if err != nil {
os.Exit(1)
}
@@ -88,25 +85,23 @@ var _ = Describe("Podman trust", func() {
}
Expect(repoMap).To(Equal(map[string][]map[string]string{
"* (default)": {{
+ "type": "accept",
+ "transport": "all",
"name": "* (default)",
"repo_name": "default",
- "sigstore": "",
- "transport": "",
- "type": "accept",
}},
"docker.io/library/hello-world": {{
+ "transport": "repository",
"name": "docker.io/library/hello-world",
"repo_name": "docker.io/library/hello-world",
- "sigstore": "",
- "transport": "",
"type": "reject",
}},
"registry.access.redhat.com": {{
+ "transport": "repository",
"name": "registry.access.redhat.com",
"repo_name": "registry.access.redhat.com",
"sigstore": "https://access.redhat.com/webassets/docker/content/sigstore",
- "transport": "",
- "type": "signedBy",
+ "type": "signed",
"gpg_id": "security@redhat.com, security@redhat.com",
}},
}))
diff --git a/test/system/750-trust.bats b/test/system/750-trust.bats
new file mode 100644
index 000000000..f06df35e7
--- /dev/null
+++ b/test/system/750-trust.bats
@@ -0,0 +1,46 @@
+#!/usr/bin/env bats -*- bats -*-
+#
+# tests for podman image trust
+#
+
+load helpers
+
+@test "podman image trust set" {
+ skip_if_remote "trust only works locally"
+ policypath=$PODMAN_TMPDIR/policy.json
+ run_podman 125 image trust set --policypath=$policypath --type=bogus default
+ is "$output" "Error: invalid choice: bogus.*" "error from --type=bogus"
+
+ run_podman image trust set --policypath=$policypath --type=accept default
+ run_podman image trust show --policypath=$policypath
+ is "$output" ".*all *default *accept" "default policy should be accept"
+
+ run_podman image trust set --policypath=$policypath --type=reject default
+ run_podman image trust show --policypath=$policypath
+ is "$output" ".*all *default *reject" "default policy should be reject"
+
+ run_podman image trust set --policypath=$policypath --type=reject docker.io
+ run_podman image trust show --policypath=$policypath
+ is "$output" ".*all *default *reject" "default policy should still be reject"
+ is "$output" ".*repository *docker.io *reject" "docker.io should also be reject"
+
+ run_podman image trust show --policypath=$policypath --json
+ subset=$(jq -r '.[0] | .repo_name, .type' <<<"$output" | fmt)
+ is "$subset" "default reject" "--json also shows default"
+ subset=$(jq -r '.[1] | .repo_name, .type' <<<"$output" | fmt)
+ is "$subset" "docker.io reject" "--json also shows docker.io"
+
+ run_podman image trust set --policypath=$policypath --type=accept docker.io
+ run_podman image trust show --policypath=$policypath --json
+ subset=$(jq -r '.[0] | .repo_name, .type' <<<"$output" | fmt)
+ is "$subset" "default reject" "--json, default is still reject"
+ subset=$(jq -r '.[1] | .repo_name, .type' <<<"$output" | fmt)
+ is "$subset" "docker.io accept" "--json, docker.io should now be accept"
+
+ run cat $policypath
+ policy=$output
+ run_podman image trust show --policypath=$policypath --raw
+ is "$output" "$policy" "output should show match content of policy.json"
+}
+
+# vim: filetype=sh
diff --git a/test/trust_set_test.json b/test/trust_set_test.json
deleted file mode 100644
index f1fdf779c..000000000
--- a/test/trust_set_test.json
+++ /dev/null
@@ -1,8 +0,0 @@
-{
- "default": [
- {
- "type": "insecureAcceptAnything"
- }
- ],
- "transports": null
-}