… testing signature reading and writing using the
X-Registry-Supports-Signatures extension, and its
interoperability/equivalence with the atomic: native OpenShift API.
Primarily vendor after merging mtrmac/image:openpgp.
Then update for the SigningMechanism API change.
Also skip signing tests if the GPG mechanism does not support signing.
Also abort some of the tests early instead of trying to use invalid (or
nil) values.
The current master of image-tools does not build with Go 1.6, so keep
using an older release.
Also requires adding a few more dependencies of our updated
dependencies.
We are maintaining code to set up and run registries, including the
fairly complex setup for Atomic Registry, in the integration tests.
This is all useful for experimentation in shell, and the easiest way to
do that is to add a “test” which, after all the set up is done, simply
starts a shell.
This is gated by a build tag, so it does not affect normal test runs.
A possible alternative would be to convert all of the setup code not to
depend on check.C and testing.T, but that would be fairly cumbersome due
to how prevalent c.Logf and c.Assert are throughout the setup code.
Especially the natural replacement of c.Assert with a panic() would be
pretty ugly, and adding real error handling to all of that would make
the code noticeably longer. The build tag and copy&pasting a command
works just as well, at least for now.
(It is not conveniently possible to create a new “main program” which
manually creates a check.C and testing.T just for the purpose of running
the setup code either; check.C can be created given a testing.T, but
testing.T is only created by testing.MainStart, which does not allow us
to submit a non-test method; and testing.MainStart is excluded from the
Go compatibility promise.)
This is primarily to get the signature access docker/distribution API
extension.
To make it work, two updates to the test harness are necessary:
- Change the expected output of (oadm policy add-cluster-role-to-group)
- Don't expect (openshift start master) to create .kubeconfig files
for the registry service.
As of https://github.com/openshift/origin/pull/10830 ,
openshift.local.config/master/openshift-registry.kubeconfig is no longer
autogenerated. Instead, do what (oadm registry) does, creating a
service account and a cluster policy role binding. Then manually create
the necessary certificates and a .kubeconfig instead of using the
service account in a pod.
The integrated registry used to return the original signature unmodified
in 1.3.0-alpha.3; in 1.5.0-alpha-3 it regenerates a new one, so allow that
when comparing the original and copied image.
In order to make sure that we don't create invalid OCI images that are
consistently invalid, add additional checks to ensure that both of the
generated OCI images in the round-trip test are valid according to the
upstream validator.
This commit vendors the following packages (deep breath):
* oci/image-tools@7575a09363, which requires
* oci/image-spec@v1.0.0-rc4 [revendor, but is technically an update
because I couldn't figure out what version was vendored last time]
* oci/runtime-spec@v1.0.0-rc4
* xeipuuv/gojsonschema@6b67b3fab7
* xeipuuv/gojsonreference@e02fc20de9
* xeipuuv/gojsonpointer@e0fe6f6830
* camlistore/go4@7ce08ca145
Signed-off-by: Aleksa Sarai <asarai@suse.de>
This test is just a general smoke test to make sure there are no errors
with skopeo, but also verifying that after passing through several
translation steps an OCI image will remain in fully working order.
Signed-off-by: Aleksa Sarai <asarai@suse.de>
This fixes --version integration test on CentOS, as noticed by
https://github.com/projectatomic/skopeo/pull/91 . The underlying cause
is:
- Makefile builds with -ldflags "-X var=value", while go 1.4.2 only
supports "-X var value". This causes CentOS builds to be built
without the specific commit information
- The --version integration test assumes that commit information will
always follow the version number.
Changing either one of these would fix the build, changing the
integration test has the advantage that we don't have to use the
obsolete -X syntax and suffer warnings on newer Go versions.
This builds from the image-signatures-rest branch for
https://github.com/openshift/origin/pull/9181 .
Testing push, pull, streaming.
Does not test working with the other Docker registries built in
Dockerfile; I will leave that to the author of that code :)
Note that this relies on an internet connection for pulling from the
Docker Hub (which is incidentally tested by that); pushing to no Docker
Registry, neither local nor Hub, is tested by this.
The tests only run in a container because the (oc login) / (docker
login)-like code modifies files in a home directory; the new
SKOPEO_CONTAINER_TESTS environment variable should protect against
accidental non-container runs.
- consumeAndLogOutputs
- assertSkopeoSucceeds
- assertSkopeoFails
- runCommandWithInput
All of these allow running commands as one-liners with no call-site
error handling, making tests much more readable.
Also modifies TestNoNeedAuthToPrivateRegistryV2ImageNotFound to use
check.Matches instead of manual strings.Contains conditions, which is
shorter and more consistent with the assertSkopeo... calls.
Primarily, make it actually work; reading into a non-zero-capacity but
zero-length slice would just return 0, the goroutine would terminate,
and even the producer of the output could fail with EPIPE/SIGPIPE.
Also make the logged output readable, converting it into a string
instead of a series of hexadecimal byte values.
This will be used also by non-signing tests.
No code changes besides removing the initial capital letter in the
function name; this is a separate commit only to make reviewing of
future changes to this function easier.
This will make the output of godoc cleaner, we can't filter out the
subpackage otherwise.
Also copy the needed fixture into the integration subpackage, instead of
referring to it using ../signature/fixtures (and we can't import
signature/fixtures_info-test.go now).
Signed-off-by: Antonio Murdaca <runcom@redhat.com>
