From 9961d8b0d61fc3bfe2d565a095a2db91bebac86f Mon Sep 17 00:00:00 2001 From: "Danfeng Liu (c)" Date: Wed, 18 Dec 2019 10:42:20 +0800 Subject: [PATCH] O Add notary remove signature test case in nightly 1. Update E2E image Dockerfile for adding notary CLI; 2. Add test case of remove notary signature. Signed-off-by: Danfeng Liu (c) --- tests/e2e-image/Dockerfile | 20 ++++++++++++++++++- tests/resources/Harbor-Util.robot | 7 +++++++ tests/resources/TestCaseBody.robot | 7 +++++-- .../Group0-Util/notary-push-image.sh | 16 +++++++++------ .../notary-remove-image-signature.expect | 18 +++++++++++++++++ tests/robot-cases/Group1-Nightly/Notary.robot | 5 ++++- 6 files changed, 63 insertions(+), 10 deletions(-) create mode 100755 tests/robot-cases/Group0-Util/notary-remove-image-signature.expect diff --git a/tests/e2e-image/Dockerfile b/tests/e2e-image/Dockerfile index f6a48edb7..ca6f6c3cf 100644 --- a/tests/e2e-image/Dockerfile +++ b/tests/e2e-image/Dockerfile @@ -85,7 +85,25 @@ RUN wget https://get.helm.sh/helm-v3.0.0-linux-386.tar.gz && tar zxvf helm-v3.0. mv linux-386/helm /usr/local/bin/helm3 && \ helm3 plugin install https://github.com/chartmuseum/helm-push - +RUN wget http://nchc.dl.sourceforge.net/sourceforge/tcl/tcl8.4.11-src.tar.gz && \ + tar xfvz tcl8.4.11-src.tar.gz && \ + cd tcl8.4.11/unix && \ + sed -i "s/relid'/relid/" configure && \ + ./configure --prefix=/ixdba.net && \ + make && \ + make install && \ + cp -r * ../tools && \ + cd .. && \ + cp -r tools / && \ + cd / && \ + wget http://sourceforge.net/projects/expect/files/Expect/5.45/expect5.45.tar.gz && \ + tar xzvf expect5.45.tar.gz && \ + cd expect5.45 && \ + ./configure --prefix=/tools --with-tcl=/tools --with-x=no && \ + make && \ + make install && \ + cd /ixdba.net/bin && \ + mv expect /usr/local/bin/expect # Add docker in docker support # version: docker:1.13-dind diff --git a/tests/resources/Harbor-Util.robot b/tests/resources/Harbor-Util.robot index fbb9f32df..e6157e5c2 100644 --- a/tests/resources/Harbor-Util.robot +++ b/tests/resources/Harbor-Util.robot @@ -114,6 +114,13 @@ Enable Notary Client ${rc} ${output}= Run And Return Rc And Output ls -la ~/.docker/tls/${notaryServerEndpointNoSubDir}/ Log ${output} +Remove Notary Signature + [Arguments] ${ip} ${image} + ${rc} ${output}= Run And Return Rc And Output ./tests/robot-cases/Group0-Util/notary-remove-image-signature.expect ${ip} library ${image} + Log To Console ${output} + Log ${output} + Should Be Equal As Integers ${rc} 0 + Prepare [Arguments] ${with_notary}=true ${with_clair}=true ${with_chartmuseum}=true ${rc} ${output}= Run And Return Rc And Output make prepare -e NOTARYFLAG=${with_notary} CLAIRFLAG=${with_clair} CHARTFLAG=${with_chartmuseum} diff --git a/tests/resources/TestCaseBody.robot b/tests/resources/TestCaseBody.robot index 6596f1dd8..b98ba40d9 100644 --- a/tests/resources/TestCaseBody.robot +++ b/tests/resources/TestCaseBody.robot @@ -98,21 +98,24 @@ Body Of List Helm Charts Close Browser Body Of Admin Push Signed Image + [Arguments] ${image} ${with_remove}=${false} Enable Notary Client ${rc} ${output}= Run And Return Rc And Output docker pull hello-world:latest Log ${output} Push image ${ip} ${HARBOR_ADMIN} ${HARBOR_PASSWORD} library hello-world:latest - ${rc} ${output}= Run And Return Rc And Output ./tests/robot-cases/Group0-Util/notary-push-image.sh ${ip} ${notaryServerEndpoint} + ${rc} ${output}= Run And Return Rc And Output ./tests/robot-cases/Group0-Util/notary-push-image.sh ${ip} library ${image} latest Log ${output} Should Be Equal As Integers ${rc} 0 - ${rc} ${output}= Run And Return Rc And Output curl -u admin:Harbor12345 -s --insecure -H "Content-Type: application/json" -X GET "https://${ip}/api/repositories/library/tomcat/signatures" + ${rc} ${output}= Run And Return Rc And Output curl -u admin:Harbor12345 -s --insecure -H "Content-Type: application/json" -X GET "https://${ip}/api/repositories/library/${image}/signatures" Log To Console ${output} Should Be Equal As Integers ${rc} 0 Should Contain ${output} sha256 + Run Keyword If ${with_remove} == ${true} Remove Notary Signature ${ip} ${image} + Delete A Project Without Sign In Harbor [Arguments] ${harbor_ip}=${ip} ${username}=${HARBOR_ADMIN} ${password}=${HARBOR_PASSWORD} ${d}= Get Current Date result_format=%m%s diff --git a/tests/robot-cases/Group0-Util/notary-push-image.sh b/tests/robot-cases/Group0-Util/notary-push-image.sh index 4db45e0ee..ef8dc9973 100755 --- a/tests/robot-cases/Group0-Util/notary-push-image.sh +++ b/tests/robot-cases/Group0-Util/notary-push-image.sh @@ -1,16 +1,20 @@ #!/bin/bash -docker pull tomcat:latest +docker pull $3:$4 IP=$1 -notaryServerEndpoint=$2 PASSHRASE='Harbor12345' echo $IP -echo "Notary server endpoint: $notaryServerEndpoint" + +mkdir -p /etc/docker/certs.d/$IP/ +mkdir -p ~/.docker/tls/$IP:4443/ + +cp /notary_ca/ca.crt /etc/docker/certs.d/$IP/ +cp /notary_ca/ca.crt ~/.docker/tls/$IP:4443/ export DOCKER_CONTENT_TRUST=1 -export DOCKER_CONTENT_TRUST_SERVER=https://$notaryServerEndpoint +export DOCKER_CONTENT_TRUST_SERVER=https://$IP:4443 export NOTARY_ROOT_PASSPHRASE=$PASSHRASE export NOTARY_TARGETS_PASSPHRASE=$PASSHRASE @@ -21,5 +25,5 @@ export DOCKER_CONTENT_TRUST_OFFLINE_PASSPHRASE=$PASSHRASE export DOCKER_CONTENT_TRUST_TAGGING_PASSPHRASE=$PASSHRASE docker login -u admin -p Harbor12345 $IP -docker tag tomcat $IP/library/tomcat:latest -docker push $IP/library/tomcat:latest \ No newline at end of file +docker tag $3:$4 $IP/$2/$3:$4 +docker push $IP/$2/$3:$4 diff --git a/tests/robot-cases/Group0-Util/notary-remove-image-signature.expect b/tests/robot-cases/Group0-Util/notary-remove-image-signature.expect new file mode 100755 index 000000000..ff77b85ad --- /dev/null +++ b/tests/robot-cases/Group0-Util/notary-remove-image-signature.expect @@ -0,0 +1,18 @@ +#!/usr/local/bin/expect + +set HOST [lindex $argv 0] +set PROJECT [lindex $argv 1] +set IMAGE [lindex $argv 2] +set timeout 30 + +spawn notary -s https://$HOST:4443 --tlscacert /notary_ca/ca.crt -d /root/.docker/trust remove -p $HOST/$PROJECT/$IMAGE latest + +expect { + "Enter username:" {send "admin\r";exp_continue} + "Enter password:" {send "Harbor12345\r";exp_continue} + "Enter passphrase for targets key with ID*" {send "Harbor12345\r"} + timeout {exit 1} +} +expect eof +exit 0 + diff --git a/tests/robot-cases/Group1-Nightly/Notary.robot b/tests/robot-cases/Group1-Nightly/Notary.robot index bb361e19b..87ef5adde 100644 --- a/tests/robot-cases/Group1-Nightly/Notary.robot +++ b/tests/robot-cases/Group1-Nightly/Notary.robot @@ -40,4 +40,7 @@ Test Case - Project Level Policy Content Trust Close Browser Test Case - Admin Push Signed Image - Body Of Admin Push Signed Image \ No newline at end of file + Body Of Admin Push Signed Image tomcat + +Test Case - Admin Push Signed Image And Remove Signature + Body Of Admin Push Signed Image mariadb with_remove=${true} \ No newline at end of file