opensource/podman
1
0
Fork 0
mirror of https://github.com/containers/podman.git synced 2025-11-29 01:28:22 +08:00
Code Issues Packages Projects Releases Wiki Activity
Files
e55e128fcd26c673e67768313a8b79ca62842e6d
podman/test/e2e/trust_test.go
Ed Santiago b65ba90df3 e2e: add ginkgo decorators to address flakes 
- trust_test: adding 'Ordered' seems to resolve a very common
  flake. I've tested this for dozens of CI runs, and haven't
  seen the flake recur (normally it fails every few runs).

- exec and search tests: add FlakeAttempts(3). This is a NOP
  under our current CI setup, in which we run ginkgo with
  a global --flake-attempts=3. I am submitting this as an
  optimistic step toward a no-flake-attempts world (#17967)

Fixes: #18358

Signed-off-by: Ed Santiago <santiago@redhat.com>
2023-06-07 07:10:25 -06:00

101 lines
4.0 KiB
Go
Raw Blame History

This file contains ambiguous Unicode characters
This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.
package integration
import (
"encoding/json"
"os"
"path/filepath"
. "github.com/containers/podman/v4/test/utils"
. "github.com/onsi/ginkgo/v2"
. "github.com/onsi/gomega"
. "github.com/onsi/gomega/gexec"
)
// Without Ordered, tests flake with "Getting key identity" (#18358)
var _ = Describe("Podman trust", Ordered, func() {
BeforeEach(func() {
SkipIfRemote("podman-remote does not support image trust")
})
It("podman image trust show", func() {
session := podmanTest.Podman([]string{"image", "trust", "show", "-n", "--registrypath", filepath.Join(INTEGRATION_ROOT, "test"), "--policypath", filepath.Join(INTEGRATION_ROOT, "test/policy.json")})
session.WaitWithDefaultTimeout()
Expect(session).Should(Exit(0))
outArray := session.OutputToStringArray()
Expect(outArray).To(HaveLen(3))
// Repository order is not guaranteed. So, check that
// all expected lines appear in output; we also check total number of lines, so that handles all of them.
Expect(string(session.Out.Contents())).To(MatchRegexp(`(?m)^all\s+default\s+accept\s*$`))
Expect(string(session.Out.Contents())).To(MatchRegexp(`(?m)^repository\s+docker.io/library/hello-world\s+reject\s*$`))
Expect(string(session.Out.Contents())).To(MatchRegexp(`(?m)^repository\s+registry.access.redhat.com\s+signed\s+security@redhat.com, security@redhat.com\s+https://access.redhat.com/webassets/docker/content/sigstore\s*$`))
})
It("podman image trust set", func() {
policyJSON := filepath.Join(podmanTest.TempDir, "trust_set_test.json")
session := podmanTest.Podman([]string{"image", "trust", "set", "--policypath", policyJSON, "-t", "accept", "default"})
session.WaitWithDefaultTimeout()
Expect(session).Should(Exit(0))
var teststruct map[string][]map[string]string
policyContent, err := os.ReadFile(policyJSON)
if err != nil {
os.Exit(1)
}
err = json.Unmarshal(policyContent, &teststruct)
if err != nil {
os.Exit(1)
}
Expect(teststruct["default"][0]).To(HaveKeyWithValue("type", "insecureAcceptAnything"))
})
It("podman image trust show --json", func() {
session := podmanTest.Podman([]string{"image", "trust", "show", "--registrypath", filepath.Join(INTEGRATION_ROOT, "test"), "--policypath", filepath.Join(INTEGRATION_ROOT, "test/policy.json"), "--json"})
session.WaitWithDefaultTimeout()
Expect(session).Should(Exit(0))
Expect(session.OutputToString()).To(BeValidJSON())
var teststruct []map[string]string
err = json.Unmarshal(session.Out.Contents(), &teststruct)
Expect(err).ToNot(HaveOccurred())
Expect(teststruct).To(HaveLen(3))
// To ease comparison, group the unordered array of repos by repo (and we expect only one entry by repo, so order within groups doesnt matter)
repoMap := map[string][]map[string]string{}
for _, e := range teststruct {
key := e["name"]
repoMap[key] = append(repoMap[key], e)
}
Expect(repoMap).To(Equal(map[string][]map[string]string{
"* (default)": {{
"type": "accept",
"transport": "all",
"name": "* (default)",
"repo_name": "default",
}},
"docker.io/library/hello-world": {{
"transport": "repository",
"name": "docker.io/library/hello-world",
"repo_name": "docker.io/library/hello-world",
"type": "reject",
}},
"registry.access.redhat.com": {{
"transport": "repository",
"name": "registry.access.redhat.com",
"repo_name": "registry.access.redhat.com",
"sigstore": "https://access.redhat.com/webassets/docker/content/sigstore",
"type": "signed",
"gpg_id": "security@redhat.com, security@redhat.com",
}},
}))
})
It("podman image trust show --raw", func() {
session := podmanTest.Podman([]string{"image", "trust", "show", "--policypath", filepath.Join(INTEGRATION_ROOT, "test/policy.json"), "--raw"})
session.WaitWithDefaultTimeout()
Expect(session).Should(Exit(0))
contents, err := os.ReadFile(filepath.Join(INTEGRATION_ROOT, "test/policy.json"))
Expect(err).ShouldNot(HaveOccurred())
Expect(session.OutputToString()).To(BeValidJSON())
Expect(string(session.Out.Contents())).To(Equal(string(contents) + "\n"))
})
})
Reference in New Issue View Git Blame Copy Permalink