Thanks to visit codestin.com
Credit goes to github.com

Skip to content
This repository was archived by the owner on Feb 24, 2020. It is now read-only.

functional tests: Add tests for trust with discovery. #2271

Open
wants to merge 13 commits into
base: master
Choose a base branch
from
Open

functional tests: Add tests for trust with discovery. #2271

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
13 commits
Select commit Hold shift + click to select a range
df859d7
image: Do not bother with fetching keys if there is no signature
krnowak Mar 9, 2016
59e1578
functional tests: Send ac-discovery-pubkeys if a public key is available
krnowak Mar 9, 2016
a30858e
functional tests: Write a Content-Length header
krnowak Mar 11, 2016
ccc6ebd
functional tests: Catch errors when sending files
krnowak Mar 11, 2016
ce20d96
functional tests: Split GPG key review to a separate function
krnowak Mar 9, 2016
07ec204
functional tests: Fix a hang when signing images
krnowak Mar 9, 2016
7fbb54b
functional tests: Keep the info about GPG keys in one place
krnowak Mar 9, 2016
bcaf2d3
functional tests: Split the trust function
krnowak Mar 9, 2016
3edc4f2
functional tests: Strip unnecessary newlines
krnowak Mar 9, 2016
5cf9493
functional tests: Split a function doing image signing
krnowak Mar 10, 2016
4a6d299
functional tests: Add a function getting a tmpdir
krnowak Mar 10, 2016
90566bf
functional tests: Add a third key
krnowak Mar 31, 2016
bf3dc24
functional tests: Add an exhaustive test for trusting keys
krnowak Mar 9, 2016
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
3 changes: 2 additions & 1 deletion rkt/image/namefetcher.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -153,7 +153,6 @@ func (f *nameFetcher) fetch(app *discovery.App, aciURL string, a *asc) (readSeek

func (f *nameFetcher) fetchVerifiedURL(app *discovery.App, u *url.URL, a *asc) (readSeekCloser, *cacheData, error) {
appName := app.Name.String()
f.maybeFetchPubKeys(appName)

o := f.getHTTPOps()
ascFile, retry, err := o.DownloadSignature(a)
Expand All @@ -163,6 +162,7 @@ func (f *nameFetcher) fetchVerifiedURL(app *discovery.App, u *url.URL, a *asc) (
defer func() { maybeClose(ascFile) }()

if !retry {
f.maybeFetchPubKeys(appName)
if err := f.checkIdentity(appName, ascFile); err != nil {
return nil, nil, err
}
Expand All @@ -179,6 +179,7 @@ func (f *nameFetcher) fetchVerifiedURL(app *discovery.App, u *url.URL, a *asc) (
if err != nil {
return nil, nil, err
}
f.maybeFetchPubKeys(appName)
}

if err := f.validate(appName, aciFile, ascFile); err != nil {
Expand Down
31 changes: 31 additions & 0 deletions tests/key3.gpg
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,31 @@
-----BEGIN PGP PUBLIC KEY BLOCK-----
Version: GnuPG v1

mQENBFb9HHABCACuQS7WAUYEu4JNt93uTj3w7BSbk/+c62DovkETzckd5hSMvoJt
Q8aUDb/6xM1wEwXx2v6cKoBYkdHOd1FIVW3Hg/QBF3b+tnb2oMnChbUU9y3Lvt4g
Z59gcTPxNSYp0PNX31Y2Uu+oJwrI2OuzbEbWJZ3ITSdRe6G09t9xRkimufVCr/m9
ub3SgvnDIsBXnPQ/veYSw3bliBknwiYwLnaWoLVgEVwqZC8Qt2udYpCgp990eBY/
qukc5PjZrQ1J6g8RHBrtlpeCrHB3GdvdOtoAfLCqeYxmRd+iOCf2r+iszZRYbrxR
H1GAbZnCzchdwB8QBRcj3pAJ/pClxm90aPj/ABEBAAG0U0tleSBmb3IgdGVzdGlu
ZyBvbmx5IDMgKEtleSBmb3IgdGVzdGluZyBvbmx5IDMpIDxrZXkuZm9yLnRlc3Rp
bmcub25seTNAZXhhbXBsZS5jb20+iQE4BBMBAgAiBQJW/RxwAhsDBgsJCAcDAgYV
CAIJCgsEFgIDAQIeAQIXgAAKCRBvyZLwfVJq1DiMB/9YNHoNOTggpkXHHOtCXi2c
ANEPXOUN2ueBNsj/RDEgvKTbts8S1cYNS0UUF5jXHYpi2R1eTy1NanH+4tyFGAp/
1Jo6B+b1CvLKo03OWDpk/TgDeF8AbQiA2a+BhN58hUF6WHQiqXHiCSAxq0WPXw2T
H8508wCQJG+nEj8a6na4V/UZb8YBKS6xRRNgFjw0V3aSQR7HoPLHd6YgvH5BeuuN
cf4YJb9y7FNj6WUUjFZnCZUqmUOJJJEyLoPNsC/1aRLk+AGyndYP8G8BJGG69tmj
VYFUEqZIDsswY57FfSfBEXxejfZheyFSDGDwwfO6O7xXe74NNNNg5Jtutb2g6G7B
uQENBFb9HHABCACymFxNvJwv+TUumBdctGlvmHet37simFq0uf34Dlrvya+wD6MU
VkUh8E6XUG3v1e19yVqM3oRu057FPqGYbvXj2cfqAyReuIc6EwPwz1m12Ofd4pcj
/XB11oQEAVcJ8EKQs3g0LC1FlEAYkA1P9b7fTK6wFsyo9HIXl0C90qB6LWxnaSPG
sHo3fmKZcFO2MNZwC1BBcNBnn3GN0BbxdJRlpEg/QoSiRxNvuVykFxClI8hjMQWl
tQUWXB2lYEi8Qke6SFyu12SFavTuCwzo0dR9khjT8MQGXE5vvNN3qXrxz7bQ0PTX
dsoP3eDeqrL74JgtrLtb7k1dVkrN/J+K6VdVABEBAAGJAR8EGAECAAkFAlb9HHAC
GwwACgkQb8mS8H1SatQ6oQf+KjkvEE1/+kEBdew0sI5A1/22X1q81M1xeU2EQ7OS
gmjNAeywl9EuapknmOuoiVPJ+4EJqp3/c5LlSwDglgCOY/IDQef3ox1cfl0G0vT6
xTwLiItTNYqdbmxl1btsfe4oB3spoqG1ANqpldF0z5vAMAkdtHWAQlJ39xakGfgZ
MtiRl6w78NRQO7+OS3uvOqtfvwi8aBEt1ndF4ZvIzYWkQbTJKksZumbRI7ryR2rI
UbEv23a2FjiPlihFEJIDbZvY5JP3mq4yLtAoUoclxdBO0MQgdFD/3b47o+np3qYh
aEd039U45FpIINrGcYIt9S1halPsYiY5JmoLLYu6s13+VQ==
=ryrw
-----END PGP PUBLIC KEY BLOCK-----
Binary file modified tests/pubring.gpg
View file
Open in desktop
Binary file not shown.
2 changes: 1 addition & 1 deletion tests/rkt_run_pod_manifest_test.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -42,7 +42,7 @@ func stringP(s string) *string {
}

func generatePodManifestFile(t *testing.T, manifest *schema.PodManifest) string {
tmpDir := testutils.GetValueFromEnvOrPanic("FUNCTIONAL_TMP")
tmpDir := getFunctionalTmpDir()
f, err := ioutil.TempFile(tmpDir, "rkt-test-manifest-")
if err != nil {
t.Fatalf("Cannot create tmp pod manifest: %v", err)
Expand Down
88 changes: 67 additions & 21 deletions tests/rkt_tests.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -84,7 +84,7 @@ func patchACI(inputFileName, newFileName string, args ...string) string {
var allArgs []string

actool := testutils.GetValueFromEnvOrPanic("ACTOOL")
tmpDir := testutils.GetValueFromEnvOrPanic("FUNCTIONAL_TMP")
tmpDir := getFunctionalTmpDir()

imagePath, err := filepath.Abs(filepath.Join(tmpDir, newFileName))
if err != nil {
Expand Down Expand Up @@ -152,6 +152,10 @@ func getInspectImagePath() string {
return testutils.GetValueFromEnvOrPanic("RKT_INSPECT_IMAGE")
}

func getFunctionalTmpDir() string {
return testutils.GetValueFromEnvOrPanic("FUNCTIONAL_TMP")
}

func getHashOrPanic(path string) string {
hash, err := getHash(path)
if err != nil {
Expand Down Expand Up @@ -604,29 +608,61 @@ func serverHandler(t *testing.T, server *taas.Server) {
}
}

type gpgkey struct {
fingerprint string
path string
}

var gpgkeys = []*gpgkey{
{
fingerprint: "D9DCEF41",
path: "key1.gpg",
},
{
fingerprint: "585091E3",
path: "key2.gpg",
},
{
fingerprint: "7D526AD4",
path: "key3.gpg",
},
}

func getGPGKey(t *testing.T, keyIndex int) *gpgkey {
realIndex := keyIndex - 1
if realIndex < 0 || len(gpgkeys) <= realIndex {
t.Fatalf("there are only %d keys, requested %dth key", len(gpgkeys), keyIndex)
}
return gpgkeys[realIndex]
}

func runSignImage(t *testing.T, imageFile string, keyIndex int) string {
ascFile := fmt.Sprintf("%s.asc", imageFile)
runSignImageToFile(t, imageFile, ascFile, keyIndex)
return ascFile
}

// keys stored in tests/secring.gpg, tests/pubring.gpg, tests/key1.gpg, tests/key2.gpg
keyFingerprint := ""
switch keyIndex {
case 1:
keyFingerprint = "D9DCEF41"
case 2:
keyFingerprint = "585091E3"
default:
panic("unknown key")
func runSignImageToFile(t *testing.T, imageFile, ascFile string, keyIndex int) {
if err := os.Remove(ascFile); err != nil && !os.IsNotExist(err) {
t.Fatalf("failed to remove the stray asc file %s", ascFile)
}

// keys stored in tests/secring.gpg, tests/pubring.gpg, tests/key1.gpg, tests/key2.gpg
keyFingerprint := getGPGKey(t, keyIndex).fingerprint

cmd := fmt.Sprintf("gpg --no-default-keyring --secret-keyring ./secring.gpg --keyring ./pubring.gpg --default-key %s --output %s --detach-sig %s",
keyFingerprint, ascFile, imageFile)
spawnAndWaitOrFail(t, cmd, 0)
return ascFile
}

func runRktTrust(t *testing.T, ctx *testutils.RktRunCtx, prefix string, keyIndex int) {
key := getGPGKey(t, keyIndex)
runRktTrustKey(t, ctx, prefix, key)
}

func runRktTrustKey(t *testing.T, ctx *testutils.RktRunCtx, prefix string, key *gpgkey) {
var cmd string
keyFile := fmt.Sprintf("key%d.gpg", keyIndex)
keyFile := key.path
if prefix == "" {
cmd = fmt.Sprintf(`%s trust --root %s`, ctx.Cmd(), keyFile)
} else {
Expand All @@ -636,22 +672,32 @@ func runRktTrust(t *testing.T, ctx *testutils.RktRunCtx, prefix string, keyIndex
child := spawnOrFail(t, cmd)
defer waitOrFail(t, child, 0)

runGPGKeyReview(t, child, prefix, true)
}

func runGPGKeyReview(t *testing.T, child *gexpect.ExpectSubprocess, prefix string, accept bool) {
expected := "Are you sure you want to trust this key"
if err := expectWithOutput(child, expected); err != nil {
t.Fatalf("Expected but didn't find %q in %v", expected, err)
}

if err := child.SendLine("yes"); err != nil {
t.Fatalf("Cannot confirm rkt trust: %s", err)
}
if accept {
if err := child.SendLine("yes"); err != nil {
t.Fatalf("Cannot confirm GPG key trust: %v", err)
}

if prefix == "" {
expected = "Added root key at"
if prefix == "" {
expected = "Added root key at"
} else {
expected = fmt.Sprintf("Added key for prefix %q at", prefix)
}
if err := expectWithOutput(child, expected); err != nil {
t.Fatalf("Expected but didn't find %q in %v", expected, err)
}
} else {
expected = fmt.Sprintf(`Added key for prefix "%s" at`, prefix)
}
if err := expectWithOutput(child, expected); err != nil {
t.Fatalf("Expected but didn't find %q in %v", expected, err)
if err := child.SendLine("no"); err != nil {
t.Fatalf("Cannot reject GPG key trust: %v", err)
}
}
}

Expand Down
Loading