forked from notaryproject/notation
-
Notifications
You must be signed in to change notification settings - Fork 0
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
test: add e2e test cases for flag
--insecure-registry
(notaryprojec…
…t#679) Feature: - add E2E testing TLS support for Github Action environment Test: - added `--insecure-registry` test for sign, verify, inspect, list > **Note** `login` command E2E test cases are not included in the PR because it needs to setup credential store in Github Action and should be done in another PR. Added an issue to track it notaryproject#680 Resolves notaryproject#633 Signed-off-by: Junjie Gao <[email protected]> --------- Signed-off-by: Junjie Gao <[email protected]>
- Loading branch information
Showing
16 changed files
with
376 additions
and
12 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,51 @@ | ||
#!/bin/bash -e | ||
# | ||
# Usage | ||
# For setup: | ||
# 1. source ./scripts/tls.sh | ||
# 2. call create_docker_network | ||
# 3. setup registry with port 5000 in $DOCKER_NETWORK | ||
# 4. call setup_tls reverse proxy | ||
# | ||
# For clean up: | ||
# 1. call clean_up | ||
# 2. clean up registry | ||
# 3. call remove_docker_network | ||
# | ||
# Note: this script needs sudo permission to add TLS certificate to system and | ||
# add domain registry host. | ||
|
||
NGINX_CONTAINER_NAME=nginx | ||
DOMAIN=notation-e2e.registry.io | ||
DOCKER_NETWORK=notation-e2e | ||
|
||
function create_docker_network { | ||
docker network create "$DOCKER_NETWORK" | ||
} | ||
|
||
function remove_docker_network { | ||
docker network rm "$DOCKER_NETWORK" | ||
} | ||
|
||
function setup_tls { | ||
# add domain registry host to /etc/hosts for testing --plain-http feature | ||
echo "127.0.0.1 $DOMAIN" | sudo tee -a /etc/hosts | ||
# add TLS certificate to system | ||
sudo mkdir -p /usr/local/share/ca-certificates/ | ||
sudo cp ./testdata/nginx/notation-e2e.registry.io.crt /usr/local/share/ca-certificates/ | ||
sudo update-ca-certificates | ||
|
||
# start Nginx for TLS | ||
docker run -d -p 80:80 -p 443:443 \ | ||
--network "$DOCKER_NETWORK" \ | ||
--mount type=bind,source="$(pwd)/testdata/nginx/",target=/etc/nginx \ | ||
--name "$NGINX_CONTAINER_NAME" \ | ||
--rm nginx:latest | ||
} | ||
|
||
function clean_up_tls { | ||
docker container stop "$NGINX_CONTAINER_NAME" 1>/dev/null && echo "Nginx stopped" | ||
sudo sed -i "/${NOTATION_E2E_DOMAIN_REGISTRY_HOST}/d" /etc/hosts | ||
sudo rm /usr/local/share/ca-certificates/notation-e2e.registry.io.crt | ||
sudo update-ca-certificates | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,67 @@ | ||
package command | ||
|
||
import ( | ||
. "github.com/notaryproject/notation/test/e2e/internal/notation" | ||
"github.com/notaryproject/notation/test/e2e/internal/utils" | ||
. "github.com/notaryproject/notation/test/e2e/suite/common" | ||
. "github.com/onsi/ginkgo/v2" | ||
) | ||
|
||
var inspectSuccessfully = []string{ | ||
"└── application/vnd.cncf.notary.signature", | ||
"└── sha256:", | ||
"├── media type:", | ||
"├── signature algorithm:", | ||
"├── signed attributes", | ||
"signingTime:", | ||
"signingScheme:", | ||
"├── user defined attributes", | ||
"│ └── (empty)", | ||
"├── unsigned attributes", | ||
"│ └── signingAgent: Notation/", | ||
"├── certificates", | ||
"│ └── SHA256 fingerprint:", | ||
"issued to:", | ||
"issued by:", | ||
"expiry:", | ||
"└── signed artifact", | ||
"media type:", | ||
"digest:", | ||
"size:", | ||
} | ||
|
||
var _ = Describe("notation inspect", func() { | ||
It("all signatures of an image", func() { | ||
Host(BaseOptions(), func(notation *utils.ExecOpts, artifact *Artifact, vhost *utils.VirtualHost) { | ||
notation.Exec("sign", artifact.ReferenceWithDigest()). | ||
MatchKeyWords(SignSuccessfully) | ||
|
||
notation.Exec("inspect", "-d", artifact.ReferenceWithDigest()). | ||
MatchKeyWords(inspectSuccessfully...) | ||
}) | ||
}) | ||
|
||
It("all signatures of an image with TLS", func() { | ||
HostInGithubAction(BaseOptions(), func(notation *utils.ExecOpts, artifact *Artifact, vhost *utils.VirtualHost) { | ||
notation.Exec("sign", artifact.DomainReferenceWithDigest()). | ||
MatchKeyWords(SignSuccessfully) | ||
|
||
notation.Exec("inspect", "-d", artifact.DomainReferenceWithDigest()). | ||
MatchKeyWords(inspectSuccessfully...). | ||
MatchErrKeyWords("https://notation-e2e.registry.io/v2/e2e"). | ||
NoMatchErrKeyWords("http://notation-e2e.registry.io") | ||
}) | ||
}) | ||
|
||
It("all signatures of an image with --insecure-registry flag", func() { | ||
HostInGithubAction(BaseOptions(), func(notation *utils.ExecOpts, artifact *Artifact, vhost *utils.VirtualHost) { | ||
notation.Exec("sign", artifact.DomainReferenceWithDigest()). | ||
MatchKeyWords(SignSuccessfully) | ||
|
||
notation.Exec("inspect", "-d", "--insecure-registry", artifact.DomainReferenceWithDigest()). | ||
MatchKeyWords(inspectSuccessfully...). | ||
MatchErrKeyWords(HTTPRequest). | ||
NoMatchErrKeyWords(HTTPSRequest) | ||
}) | ||
}) | ||
}) |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,53 @@ | ||
package command | ||
|
||
import ( | ||
. "github.com/notaryproject/notation/test/e2e/internal/notation" | ||
"github.com/notaryproject/notation/test/e2e/internal/utils" | ||
. "github.com/notaryproject/notation/test/e2e/suite/common" | ||
. "github.com/onsi/ginkgo/v2" | ||
) | ||
|
||
var _ = Describe("notation list", func() { | ||
It("all signatures of an image", func() { | ||
Host(BaseOptions(), func(notation *utils.ExecOpts, artifact *Artifact, vhost *utils.VirtualHost) { | ||
notation.Exec("sign", artifact.ReferenceWithDigest()). | ||
MatchKeyWords(SignSuccessfully) | ||
|
||
notation.Exec("list", "-d", artifact.ReferenceWithDigest()). | ||
MatchKeyWords( | ||
"└── application/vnd.cncf.notary.signature", | ||
"└── sha256:", | ||
) | ||
}) | ||
}) | ||
|
||
It("all signatures of an image with TLS", func() { | ||
HostInGithubAction(BaseOptions(), func(notation *utils.ExecOpts, artifact *Artifact, vhost *utils.VirtualHost) { | ||
notation.Exec("sign", artifact.DomainReferenceWithDigest()). | ||
MatchKeyWords(SignSuccessfully) | ||
|
||
notation.Exec("list", "-d", artifact.DomainReferenceWithDigest()). | ||
MatchKeyWords( | ||
"└── application/vnd.cncf.notary.signature", | ||
"└── sha256:", | ||
). | ||
MatchErrKeyWords("https://notation-e2e.registry.io/v2/e2e"). | ||
NoMatchErrKeyWords("http://notation-e2e.registry.io") | ||
}) | ||
}) | ||
|
||
It("all signatures of an image with --insecure-registry flag", func() { | ||
HostInGithubAction(BaseOptions(), func(notation *utils.ExecOpts, artifact *Artifact, vhost *utils.VirtualHost) { | ||
notation.Exec("sign", artifact.DomainReferenceWithDigest()). | ||
MatchKeyWords(SignSuccessfully) | ||
|
||
notation.Exec("list", "-d", "--insecure-registry", artifact.DomainReferenceWithDigest()). | ||
MatchKeyWords( | ||
"└── application/vnd.cncf.notary.signature", | ||
"└── sha256:", | ||
). | ||
MatchErrKeyWords(HTTPRequest). | ||
NoMatchErrKeyWords(HTTPSRequest) | ||
}) | ||
}) | ||
}) |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Oops, something went wrong.