cli/command/trust: add testPassRetriever helper
Add a basic helper to provide the equivalent of passphrase.ConstantRetriever with a fixed passphrase for testing. Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
This commit is contained in:
Sebastiaan van Stijn
parent
1d8f87a2fb
commit
791bdf7b3c
@ -47,3 +47,9 @@ func getOrGenerateRootKeyAndInitRepo(notaryRepo client.Repository) error {
|
||||
}
|
||||
return notaryRepo.Initialize([]string{rootKey.ID()}, data.CanonicalSnapshotRole)
|
||||
}
|
||||
|
||||
const testPass = "password"
|
||||
|
||||
func testPassRetriever(string, string, bool, int) (string, bool, error) {
|
||||
return testPass, false, nil
|
||||
}
|
||||
|
||||
@ -11,7 +11,6 @@ import (
|
||||
"github.com/docker/cli/cli/config"
|
||||
"github.com/docker/cli/internal/test"
|
||||
"github.com/theupdateframework/notary"
|
||||
"github.com/theupdateframework/notary/passphrase"
|
||||
"github.com/theupdateframework/notary/trustmanager"
|
||||
tufutils "github.com/theupdateframework/notary/tuf/utils"
|
||||
"gotest.tools/v3/assert"
|
||||
@ -51,11 +50,9 @@ func TestGenerateKeySuccess(t *testing.T) {
|
||||
pubKeyCWD := t.TempDir()
|
||||
privKeyStorageDir := t.TempDir()
|
||||
|
||||
const testPass = "password"
|
||||
cannedPasswordRetriever := passphrase.ConstantRetriever(testPass)
|
||||
// generate a single key
|
||||
keyName := "alice"
|
||||
privKeyFileStore, err := trustmanager.NewKeyFileStore(privKeyStorageDir, cannedPasswordRetriever)
|
||||
privKeyFileStore, err := trustmanager.NewKeyFileStore(privKeyStorageDir, testPassRetriever)
|
||||
assert.NilError(t, err)
|
||||
|
||||
pubKeyPEM, err := generateKeyAndOutputPubPEM(keyName, privKeyFileStore)
|
||||
|
||||
@ -12,7 +12,6 @@ import (
|
||||
"github.com/docker/cli/cli/config"
|
||||
"github.com/docker/cli/internal/test"
|
||||
"github.com/theupdateframework/notary"
|
||||
"github.com/theupdateframework/notary/passphrase"
|
||||
"github.com/theupdateframework/notary/storage"
|
||||
"github.com/theupdateframework/notary/trustmanager"
|
||||
tufutils "github.com/theupdateframework/notary/tuf/utils"
|
||||
@ -122,8 +121,6 @@ func TestLoadKeyFromPath(t *testing.T) {
|
||||
|
||||
keyStorageDir := t.TempDir()
|
||||
|
||||
const passwd = "password"
|
||||
cannedPasswordRetriever := passphrase.ConstantRetriever(passwd)
|
||||
keyFileStore, err := storage.NewPrivateKeyFileStorage(keyStorageDir, notary.KeyExtension)
|
||||
assert.NilError(t, err)
|
||||
privKeyImporters := []trustmanager.Importer{keyFileStore}
|
||||
@ -133,7 +130,7 @@ func TestLoadKeyFromPath(t *testing.T) {
|
||||
assert.NilError(t, err)
|
||||
|
||||
// import the key to our keyStorageDir
|
||||
assert.Check(t, loadPrivKeyBytesToStore(privKeyBytes, privKeyImporters, privKeyFilepath, "signer-name", cannedPasswordRetriever))
|
||||
assert.Check(t, loadPrivKeyBytesToStore(privKeyBytes, privKeyImporters, privKeyFilepath, "signer-name", testPassRetriever))
|
||||
|
||||
// check that the appropriate ~/<trust_dir>/private/<key_id>.key file exists
|
||||
expectedImportKeyPath := filepath.Join(keyStorageDir, notary.PrivDir, keyID+"."+notary.KeyExtension)
|
||||
@ -151,7 +148,7 @@ func TestLoadKeyFromPath(t *testing.T) {
|
||||
// assert encrypted header
|
||||
assert.Check(t, is.Equal("ENCRYPTED PRIVATE KEY", keyPEM.Type))
|
||||
|
||||
decryptedKey, err := tufutils.ParsePKCS8ToTufKey(keyPEM.Bytes, []byte(passwd))
|
||||
decryptedKey, err := tufutils.ParsePKCS8ToTufKey(keyPEM.Bytes, []byte(testPass))
|
||||
assert.NilError(t, err)
|
||||
fixturePEM, _ := pem.Decode(keyBytes)
|
||||
assert.Check(t, is.DeepEqual(fixturePEM.Bytes, decryptedKey.Private()))
|
||||
@ -213,8 +210,6 @@ func TestLoadPubKeyFailure(t *testing.T) {
|
||||
assert.NilError(t, os.WriteFile(pubKeyFilepath, pubKeyFixture, notary.PrivNoExecPerms))
|
||||
keyStorageDir := t.TempDir()
|
||||
|
||||
const passwd = "password"
|
||||
cannedPasswordRetriever := passphrase.ConstantRetriever(passwd)
|
||||
keyFileStore, err := storage.NewPrivateKeyFileStorage(keyStorageDir, notary.KeyExtension)
|
||||
assert.NilError(t, err)
|
||||
privKeyImporters := []trustmanager.Importer{keyFileStore}
|
||||
@ -223,7 +218,7 @@ func TestLoadPubKeyFailure(t *testing.T) {
|
||||
assert.NilError(t, err)
|
||||
|
||||
// import the key to our keyStorageDir - it should fail
|
||||
err = loadPrivKeyBytesToStore(pubKeyBytes, privKeyImporters, pubKeyFilepath, "signer-name", cannedPasswordRetriever)
|
||||
err = loadPrivKeyBytesToStore(pubKeyBytes, privKeyImporters, pubKeyFilepath, "signer-name", testPassRetriever)
|
||||
expected := fmt.Sprintf("provided file %s is not a supported private key - to add a signer's public key use docker trust signer add", pubKeyFilepath)
|
||||
assert.Error(t, err, expected)
|
||||
}
|
||||
|
||||
@ -14,7 +14,6 @@ import (
|
||||
"github.com/theupdateframework/notary"
|
||||
"github.com/theupdateframework/notary/client"
|
||||
"github.com/theupdateframework/notary/client/changelist"
|
||||
"github.com/theupdateframework/notary/passphrase"
|
||||
"github.com/theupdateframework/notary/trustpinning"
|
||||
"github.com/theupdateframework/notary/tuf/data"
|
||||
"gotest.tools/v3/assert"
|
||||
@ -22,8 +21,6 @@ import (
|
||||
"gotest.tools/v3/skip"
|
||||
)
|
||||
|
||||
const passwd = "password"
|
||||
|
||||
func TestTrustSignCommandErrors(t *testing.T) {
|
||||
testCases := []struct {
|
||||
name string
|
||||
@ -83,7 +80,7 @@ func TestTrustSignCommandOfflineErrors(t *testing.T) {
|
||||
}
|
||||
|
||||
func TestGetOrGenerateNotaryKey(t *testing.T) {
|
||||
notaryRepo, err := client.NewFileCachedRepository(t.TempDir(), "gun", "https://localhost", nil, passphrase.ConstantRetriever(passwd), trustpinning.TrustPinConfig{})
|
||||
notaryRepo, err := client.NewFileCachedRepository(t.TempDir(), "gun", "https://localhost", nil, testPassRetriever, trustpinning.TrustPinConfig{})
|
||||
assert.NilError(t, err)
|
||||
|
||||
// repo is empty, try making a root key
|
||||
@ -126,7 +123,7 @@ func TestGetOrGenerateNotaryKey(t *testing.T) {
|
||||
func TestAddStageSigners(t *testing.T) {
|
||||
skip.If(t, runtime.GOOS == "windows", "FIXME: not supported currently")
|
||||
|
||||
notaryRepo, err := client.NewFileCachedRepository(t.TempDir(), "gun", "https://localhost", nil, passphrase.ConstantRetriever(passwd), trustpinning.TrustPinConfig{})
|
||||
notaryRepo, err := client.NewFileCachedRepository(t.TempDir(), "gun", "https://localhost", nil, testPassRetriever, trustpinning.TrustPinConfig{})
|
||||
assert.NilError(t, err)
|
||||
|
||||
// stage targets/user
|
||||
@ -207,7 +204,7 @@ func TestAddStageSigners(t *testing.T) {
|
||||
}
|
||||
|
||||
func TestGetSignedManifestHashAndSize(t *testing.T) {
|
||||
notaryRepo, err := client.NewFileCachedRepository(t.TempDir(), "gun", "https://localhost", nil, passphrase.ConstantRetriever(passwd), trustpinning.TrustPinConfig{})
|
||||
notaryRepo, err := client.NewFileCachedRepository(t.TempDir(), "gun", "https://localhost", nil, testPassRetriever, trustpinning.TrustPinConfig{})
|
||||
assert.NilError(t, err)
|
||||
_, _, err = getSignedManifestHashAndSize(notaryRepo, "test")
|
||||
assert.Error(t, err, "client is offline")
|
||||
@ -229,7 +226,7 @@ func TestGetReleasedTargetHashAndSize(t *testing.T) {
|
||||
}
|
||||
|
||||
func TestCreateTarget(t *testing.T) {
|
||||
notaryRepo, err := client.NewFileCachedRepository(t.TempDir(), "gun", "https://localhost", nil, passphrase.ConstantRetriever(passwd), trustpinning.TrustPinConfig{})
|
||||
notaryRepo, err := client.NewFileCachedRepository(t.TempDir(), "gun", "https://localhost", nil, testPassRetriever, trustpinning.TrustPinConfig{})
|
||||
assert.NilError(t, err)
|
||||
_, err = createTarget(notaryRepo, "")
|
||||
assert.Error(t, err, "no tag specified")
|
||||
@ -238,7 +235,7 @@ func TestCreateTarget(t *testing.T) {
|
||||
}
|
||||
|
||||
func TestGetExistingSignatureInfoForReleasedTag(t *testing.T) {
|
||||
notaryRepo, err := client.NewFileCachedRepository(t.TempDir(), "gun", "https://localhost", nil, passphrase.ConstantRetriever(passwd), trustpinning.TrustPinConfig{})
|
||||
notaryRepo, err := client.NewFileCachedRepository(t.TempDir(), "gun", "https://localhost", nil, testPassRetriever, trustpinning.TrustPinConfig{})
|
||||
assert.NilError(t, err)
|
||||
_, err = getExistingSignatureInfoForReleasedTag(notaryRepo, "test")
|
||||
assert.Error(t, err, "client is offline")
|
||||
@ -267,7 +264,7 @@ func TestSignCommandChangeListIsCleanedOnError(t *testing.T) {
|
||||
err := cmd.Execute()
|
||||
assert.Assert(t, err != nil)
|
||||
|
||||
notaryRepo, err := client.NewFileCachedRepository(tmpDir, "docker.io/library/ubuntu", "https://localhost", nil, passphrase.ConstantRetriever(passwd), trustpinning.TrustPinConfig{})
|
||||
notaryRepo, err := client.NewFileCachedRepository(tmpDir, "docker.io/library/ubuntu", "https://localhost", nil, testPassRetriever, trustpinning.TrustPinConfig{})
|
||||
assert.NilError(t, err)
|
||||
cl, err := notaryRepo.GetChangelist()
|
||||
assert.NilError(t, err)
|
||||
|
||||
Loading…
x
Reference in New Issue
Block a user