def test_trust_gpg_email_id(self): args = self.Args() testobj = Trust(policy_filename=os.path.join(FIXTURE_DIR, "show_policy.json")) testobj.atomic_config = util.get_atomic_config(atomic_config=os.path.join(FIXTURE_DIR, "atomic.conf")) testobj.set_args(args) actual = testobj.get_gpg_id(args.pubkeys) self.assertEqual("*****@*****.**", actual)
def TrustDelete(self, registry, sigstoretype): trust = Trust() args = self.Args() args.sigstoretype = sigstoretype args.registry = registry trust.set_args(args) trust.delete()
def test_trust_gpg_email_id(self): args = self.Args() testobj = Trust( policy_filename=os.path.join(FIXTURE_DIR, "show_policy.json")) testobj.atomic_config = util.get_atomic_config( atomic_config=os.path.join(FIXTURE_DIR, "atomic.conf")) testobj.set_args(args) actual = testobj.get_gpg_id(args.pubkeys) self.assertEqual("*****@*****.**", actual)
def test_setup_default_policy(self): args = self.Args() args.sigstoretype = "web" testobj = Trust() testobj.set_args(args) with open(os.path.join(FIXTURE_DIR, "default_policy.json"), "r") as default: policy_default = json.load(default) policy_default = testobj.check_policy(policy_default, "docker") policy_expected = {"default": [{"type": "insecureAcceptAnything"}], "transports": {"docker": {}}} self.assertEqual(policy_default, policy_expected)
def TrustAdd(self, registry, trusttype, pubkeys, keytype, sigstore, sigstoretype): trust = Trust() args = self.Args() args.registry = registry args.pubkeys = pubkeys args.keytype = keytype args.trust_type = trusttype args.sigstoretype = sigstoretype args.sigstore = sigstore trust.set_args(args) trust.add()
def test_trust_show(self): args = self.Args() testobj = Trust(policy_filename=os.path.join(FIXTURE_DIR, "show_policy.json")) testobj.atomic_config = util.get_atomic_config(atomic_config=os.path.join(FIXTURE_DIR, "atomic.conf")) testobj.set_args(args) with self.captured_output() as (out, _): testobj.show() with open(os.path.join(FIXTURE_DIR, "show_policy.output"), "r") as f: expected = f.read() actual = out.getvalue() self.assertEqual(expected, actual)
def test_add_trust_keys(self): args = self.Args() args.sigstore = None testobj = Trust(policy_filename = TEST_POLICY) testobj.atomic_config = util.get_atomic_config(atomic_config = os.path.join(FIXTURE_DIR, "atomic.conf")) testobj.set_args(args) testobj.add() with open(testobj.policy_filename, 'r') as f: d = json.load(f) self.assertEqual(d["transports"]["atomic"]["docker.io"][0]["keyPath"], os.path.join(FIXTURE_DIR, "key1.pub"))
def test_add_reject_type(self): args = self.Args() args.trust_type = "reject" args.sigstoretype = "web" args.pubkeys = [] args.registry = "registry.example.com/foo" testobj = Trust(policy_filename=TEST_POLICY) testobj.atomic_config = util.get_atomic_config(atomic_config=os.path.join(FIXTURE_DIR, "atomic.conf")) testobj.set_args(args) testobj.add() with open(testobj.policy_filename, "r") as f: d = json.load(f) self.assertEqual(d["transports"]["docker"][args.registry][0]["type"], args.trust_type)
def test_trust_show(self): args = self.Args() testobj = Trust( policy_filename=os.path.join(FIXTURE_DIR, "show_policy.json")) testobj.atomic_config = util.get_atomic_config( atomic_config=os.path.join(FIXTURE_DIR, "atomic.conf")) testobj.set_args(args) with self.captured_output() as (out, _): testobj.show() with open(os.path.join(FIXTURE_DIR, "show_policy.output"), 'r') as f: expected = f.read() actual = out.getvalue() self.assertEqual(expected, actual)
def test_delete_trust(self): args = self.Args() args.pubkeys = [] args.sigstoretype = "web" args.registry = "registry.example.com/foo" args.pubkeys = None testobj = Trust(policy_filename=TEST_POLICY) testobj.atomic_config = util.get_atomic_config(atomic_config=os.path.join(FIXTURE_DIR, "atomic.conf")) testobj.set_args(args) testobj.delete() with open(testobj.policy_filename, "r") as f: d = json.load(f) self.assertNotIn(args.registry, d["transports"]["docker"])
def test_add_trust_keys(self): args = self.Args() args.sigstore = None testobj = Trust(policy_filename=TEST_POLICY) testobj.atomic_config = util.get_atomic_config( atomic_config=os.path.join(FIXTURE_DIR, "atomic.conf")) testobj.set_args(args) testobj.add() with open(testobj.policy_filename, 'r') as f: d = json.load(f) self.assertEqual( d["transports"]["atomic"]["docker.io"][0]["keyPath"], os.path.join(FIXTURE_DIR, "key1.pub"))
def test_delete_trust(self): args = self.Args() args.pubkeys = [] args.sigstoretype = "web" args.registry = "registry.example.com/foo" args.pubkeys = None testobj = Trust(policy_filename=TEST_POLICY) testobj.atomic_config = util.get_atomic_config( atomic_config=os.path.join(FIXTURE_DIR, "atomic.conf")) testobj.set_args(args) testobj.delete() with open(testobj.policy_filename, 'r') as f: d = json.load(f) self.assertNotIn(args.registry, d["transports"]["docker"])
def test_add_reject_type(self): args = self.Args() args.trust_type = "reject" args.sigstoretype = "web" args.pubkeys = [] args.registry = "registry.example.com/foo" testobj = Trust(policy_filename=TEST_POLICY) testobj.atomic_config = util.get_atomic_config( atomic_config=os.path.join(FIXTURE_DIR, "atomic.conf")) testobj.set_args(args) testobj.add() with open(testobj.policy_filename, 'r') as f: d = json.load(f) self.assertEqual( d["transports"]["docker"][args.registry][0]["type"], args.trust_type)
def test_setup_default_policy(self): args = self.Args() args.sigstoretype = "web" testobj = Trust() testobj.set_args(args) with open(os.path.join(FIXTURE_DIR, "default_policy.json"), 'r') as default: policy_default = json.load(default) policy_default = testobj.check_policy(policy_default, "docker") policy_expected = { "default": [{ "type": "insecureAcceptAnything" }], "transports": { "docker": {} } } self.assertEqual(policy_default, policy_expected)
def pull_image(self, image, pull_args): # Add this when atomic registry is incorporated. # if self.args.reg_type == "atomic": # pull_uri = 'atomic:' # else: # pull_uri = 'docker://' img_obj = self._make_remote_image(image) fq_name = img_obj.fq_name insecure = True if util.is_insecure_registry(self.d.info()['RegistryConfig'], util.strip_port(img_obj.registry)) else False # This needs to be re-enabled with Aaron's help trust = Trust() trust.set_args(pull_args) trust.discover_sigstore(fq_name) util.write_out("Pulling {} ...".format(fq_name)) util.skopeo_copy("docker://{}".format(fq_name), "docker-daemon:{}".format(image), debug=pull_args.debug, insecure=insecure, policy_filename=pull_args.policy_filename)
def pull_image(self, image, pull_args): # Add this when atomic registry is incorporated. # if self.args.reg_type == "atomic": # pull_uri = 'atomic:' # else: # pull_uri = 'docker://' img_obj = self._make_remote_image(image) fq_name = img_obj.fq_name insecure = True if util.is_insecure_registry( self.d.info()['RegistryConfig'], util.strip_port( img_obj.registry)) else False # This needs to be re-enabled with Aaron's help trust = Trust() trust.set_args(pull_args) trust.discover_sigstore(fq_name) util.write_out("Pulling {} ...".format(fq_name)) util.skopeo_copy("docker://{}".format(fq_name), "docker-daemon:{}".format(image), debug=pull_args.debug, insecure=insecure, policy_filename=pull_args.policy_filename)
def TrustShow(self): trust = Trust() args = self.Args() trust.set_args(args) return json.dumps(trust.show_json())
def TrustDefaultPolicy(self, default_policy): trust = Trust() args = self.Args() args.default_policy = default_policy trust.set_args(args) return trust.modify_default()