Fix tests of podman image trust --raw and --json

Instead using the OS-wide system default policy, use the one in this repo, and adjust the expected results (as well as making the test stricter). Signed-off-by: Miloslav Trmač <mitr@redhat.com>
2025-06-19 08:09:12 +08:00 · 2021-10-21 22:32:34 +02:00
parent 53ff49237b
commit adee084d65
1 changed files with 36 additions and 8 deletions
--- a/test/e2e/trust_test.go
+++ b/test/e2e/trust_test.go
@ -73,24 +73,52 @@ var _ = Describe("Podman trust", func() {
 	})

 	It("podman image trust show --json", func() {
-		session := podmanTest.Podman([]string{"image", "trust", "show", "--json"})
+		session := podmanTest.Podman([]string{"image", "trust", "show", "--registrypath", filepath.Join(INTEGRATION_ROOT, "test"), "--policypath", filepath.Join(INTEGRATION_ROOT, "test/policy.json"), "--json"})
 		session.WaitWithDefaultTimeout()
 		Expect(session).Should(Exit(0))
 		Expect(session.IsJSONOutputValid()).To(BeTrue())
 		var teststruct []map[string]string
 		json.Unmarshal(session.Out.Contents(), &teststruct)
-		Expect(teststruct[0]["name"]).To(Equal("* (default)"))
-		Expect(teststruct[0]["repo_name"]).To(Equal("default"))
-		Expect(teststruct[0]["type"]).To(Equal("accept"))
-		Expect(teststruct[1]["type"]).To(Equal("insecureAcceptAnything"))
+		Expect(len(teststruct)).To(Equal(3))
+		// To ease comparison, group the unordered array of repos by repo (and we expect only one entry by repo, so order within groups doesn’t matter)
+		repoMap := map[string][]map[string]string{}
+		for _, e := range teststruct {
+			key := e["name"]
+			repoMap[key] = append(repoMap[key], e)
+		}
+		Expect(repoMap).To(Equal(map[string][]map[string]string{
+			"* (default)": {{
+				"name":      "* (default)",
+				"repo_name": "default",
+				"sigstore":  "",
+				"transport": "",
+				"type":      "accept",
+			}},
+			"docker.io/library/hello-world": {{
+				"name":      "docker.io/library/hello-world",
+				"repo_name": "docker.io/library/hello-world",
+				"sigstore":  "",
+				"transport": "",
+				"type":      "reject",
+			}},
+			"registry.access.redhat.com": {{
+				"name":      "registry.access.redhat.com",
+				"repo_name": "registry.access.redhat.com",
+				"sigstore":  "https://access.redhat.com/webassets/docker/content/sigstore",
+				"transport": "",
+				"type":      "signedBy",
+				"gpg_id":    "security@redhat.com, security@redhat.com",
+			}},
+		}))
 	})

 	It("podman image trust show --raw", func() {
-		session := podmanTest.Podman([]string{"image", "trust", "show", "--raw"})
+		session := podmanTest.Podman([]string{"image", "trust", "show", "--policypath", filepath.Join(INTEGRATION_ROOT, "test/policy.json"), "--raw"})
 		session.WaitWithDefaultTimeout()
 		Expect(session).Should(Exit(0))
+		contents, err := ioutil.ReadFile(filepath.Join(INTEGRATION_ROOT, "test/policy.json"))
+		Expect(err).ShouldNot(HaveOccurred())
 		Expect(session.IsJSONOutputValid()).To(BeTrue())
-		Expect(session.OutputToString()).To(ContainSubstring("default"))
-		Expect(session.OutputToString()).To(ContainSubstring("insecureAcceptAnything"))
+		Expect(string(session.Out.Contents())).To(Equal(string(contents) + "\n"))
 	})
 })