mobi/moby
1
0
Fork 0
mirror of https://github.com/moby/moby.git synced 2025-07-30 18:23:29 +03:00
Code Activity

Add trust tests for Docker create, run, push, and pull

Browse Source 
Created date util function

Signed-off-by: Nathan McCauley <nathan.mccauley@docker.com>
This commit is contained in:
Nathan McCauley
2015-07-22 09:14:48 -07:00
committed by Derek McGowan
parent 356b07c896
commit 1406cb35fd
5 changed files with 292 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

50
integration-cli/docker_cli_pull_test.go
View File

@ -4,6 +4,7 @@ import (
"fmt"
"os/exec"
"strings"
"time"
"github.com/go-check/check"
)
@ -216,3 +217,52 @@ func (s *DockerTrustSuite) TestUntrustedPull(c *check.C) {
c.Fatalf("Missing expected output on trusted pull:\n%s", out)
}
}
func (s *DockerTrustSuite) TestPullWhenCertExpired(c *check.C) {
repoName := fmt.Sprintf("%v/dockercli/trusted:latest", privateRegistryURL)
// tag the image and upload it to the private registry
dockerCmd(c, "tag", "busybox", repoName)
pushCmd := exec.Command(dockerBinary, "push", repoName)
s.trustedCmd(pushCmd)
out, _, err := runCommandWithOutput(pushCmd)
if err != nil {
c.Fatalf("Error running trusted push: %s\n%s", err, out)
}
if !strings.Contains(string(out), "Signing and pushing trust metadata") {
c.Fatalf("Missing expected output on trusted push:\n%s", out)
}
dockerCmd(c, "rmi", repoName)
// Certificates have 10 years of expiration
elevenYearsFromNow := time.Now().Add(time.Hour * 24 * 365 * 11)
runAtDifferentDate(elevenYearsFromNow, func() {
// Try pull
pullCmd := exec.Command(dockerBinary, "pull", repoName)
s.trustedCmd(pullCmd)
out, _, err = runCommandWithOutput(pullCmd)
if err == nil {
c.Fatalf("Error running trusted pull in the distant future: %s\n%s", err, out)
}
if !strings.Contains(string(out), "could not validate the path to a trusted root") {
c.Fatalf("Missing expected output on trusted pull in the distant future:\n%s", out)
}
})
runAtDifferentDate(elevenYearsFromNow, func() {
// Try pull
pullCmd := exec.Command(dockerBinary, "pull", "--untrusted", repoName)
s.trustedCmd(pullCmd)
out, _, err = runCommandWithOutput(pullCmd)
if err != nil {
c.Fatalf("Error running untrusted pull in the distant future: %s\n%s", err, out)
}
if !strings.Contains(string(out), "Status: Downloaded") {
c.Fatalf("Missing expected output on untrusted pull in the distant future:\n%s", out)
}
})
}