Add notary remove signature test case in nightly

1. Update E2E image Dockerfile for adding notary CLI;
2. Add test case of remove notary signature.

Signed-off-by: Danfeng Liu (c) <danfengl@vmware.com>
This commit is contained in:
Danfeng Liu (c) 2019-12-18 10:42:20 +08:00
parent 7ae208cd6c
commit e0db766f97
6 changed files with 72 additions and 11 deletions

View File

@ -62,8 +62,34 @@ RUN wget https://github.com/drone/drone-cli/releases/download/v0.8.3/drone_linux
RUN curl -sSL https://github.com/vmware/govmomi/releases/download/v0.16.0/govc_linux_amd64.gz | gzip -d > /usr/local/bin/govc && \
chmod +x /usr/local/bin/govc
RUN wget https://launchpad.net/ubuntu/+source/wget/1.18-2ubuntu1/+build/10470166/+files/wget_1.18-2ubuntu1_amd64.deb && \
dpkg -i wget_1.18-2ubuntu1_amd64.deb
RUN wget https://get.helm.sh/helm-v2.14.1-linux-386.tar.gz && tar zxvf helm-v2.14.1-linux-386.tar.gz && \
mv linux-386/helm /usr/local/bin/helm && \
helm init --client-only && \
helm plugin install https://github.com/chartmuseum/helm-push
RUN wget https://get.helm.sh/helm-v3.0.0-linux-386.tar.gz && tar zxvf helm-v3.0.0-linux-386.tar.gz && \
mv linux-386/helm /usr/local/bin/helm3 && \
helm3 plugin install https://github.com/chartmuseum/helm-push
RUN wget http://nchc.dl.sourceforge.net/sourceforge/tcl/tcl8.4.11-src.tar.gz && \
tar xfvz tcl8.4.11-src.tar.gz && \
cd tcl8.4.11/unix && \
sed -i "s/relid'/relid/" configure && \
./configure --prefix=/ixdba.net && \
make && \
make install && \
cp -r * ../tools && \
cd .. && \
cp -r tools / && \
cd / && \
wget http://sourceforge.net/projects/expect/files/Expect/5.45/expect5.45.tar.gz && \
tar xzvf expect5.45.tar.gz && \
cd expect5.45 && \
./configure --prefix=/tools --with-tcl=/tools --with-x=no && \
make && \
make install && \
cd /ixdba.net/bin && \
mv expect /usr/local/bin/expect
# Add docker in docker support
# version: docker:1.13-dind

View File

@ -114,6 +114,13 @@ Enable Notary Client
${rc} ${output}= Run And Return Rc And Output ls -la ~/.docker/tls/${notaryServerEndpointNoSubDir}/
Log ${output}
Remove Notary Signature
[Arguments] ${ip} ${image}
${rc} ${output}= Run And Return Rc And Output ./tests/robot-cases/Group0-Util/notary-remove-image-signature.expect ${ip} library ${image}
Log To Console ${output}
Log ${output}
Should Be Equal As Integers ${rc} 0
Prepare
[Arguments] ${with_notary}=true ${with_clair}=true ${with_chartmuseum}=true
${rc} ${output}= Run And Return Rc And Output make prepare -e NOTARYFLAG=${with_notary} CLAIRFLAG=${with_clair} CHARTFLAG=${with_chartmuseum}

View File

@ -98,21 +98,24 @@ Body Of List Helm Charts
Close Browser
Body Of Admin Push Signed Image
[Arguments] ${image} ${with_remove}=${false}
Enable Notary Client
${rc} ${output}= Run And Return Rc And Output docker pull hello-world:latest
Log ${output}
Push image ${ip} ${HARBOR_ADMIN} ${HARBOR_PASSWORD} library hello-world:latest
${rc} ${output}= Run And Return Rc And Output ./tests/robot-cases/Group0-Util/notary-push-image.sh ${ip} ${notaryServerEndpoint}
${rc} ${output}= Run And Return Rc And Output ./tests/robot-cases/Group0-Util/notary-push-image.sh ${ip} library ${image} latest
Log ${output}
Should Be Equal As Integers ${rc} 0
${rc} ${output}= Run And Return Rc And Output curl -u admin:Harbor12345 -s --insecure -H "Content-Type: application/json" -X GET "https://${ip}/api/repositories/library/tomcat/signatures"
${rc} ${output}= Run And Return Rc And Output curl -u admin:Harbor12345 -s --insecure -H "Content-Type: application/json" -X GET "https://${ip}/api/repositories/library/${image}/signatures"
Log To Console ${output}
Should Be Equal As Integers ${rc} 0
Should Contain ${output} sha256
Run Keyword If ${with_remove} == ${true} Remove Notary Signature ${ip} ${image}
Delete A Project Without Sign In Harbor
[Arguments] ${harbor_ip}=${ip} ${username}=${HARBOR_ADMIN} ${password}=${HARBOR_PASSWORD}
${d}= Get Current Date result_format=%m%s

View File

@ -1,16 +1,20 @@
#!/bin/bash
docker pull tomcat:latest
docker pull $3:$4
IP=$1
notaryServerEndpoint=$2
PASSHRASE='Harbor12345'
echo $IP
echo "Notary server endpoint: $notaryServerEndpoint"
mkdir -p /etc/docker/certs.d/$IP/
mkdir -p ~/.docker/tls/$IP:4443/
cp /notary_ca/ca.crt /etc/docker/certs.d/$IP/
cp /notary_ca/ca.crt ~/.docker/tls/$IP:4443/
export DOCKER_CONTENT_TRUST=1
export DOCKER_CONTENT_TRUST_SERVER=https://$notaryServerEndpoint
export DOCKER_CONTENT_TRUST_SERVER=https://$IP:4443
export NOTARY_ROOT_PASSPHRASE=$PASSHRASE
export NOTARY_TARGETS_PASSPHRASE=$PASSHRASE
@ -21,5 +25,5 @@ export DOCKER_CONTENT_TRUST_OFFLINE_PASSPHRASE=$PASSHRASE
export DOCKER_CONTENT_TRUST_TAGGING_PASSPHRASE=$PASSHRASE
docker login -u admin -p Harbor12345 $IP
docker tag tomcat $IP/library/tomcat:latest
docker push $IP/library/tomcat:latest
docker tag $3:$4 $IP/$2/$3:$4
docker push $IP/$2/$3:$4

View File

@ -0,0 +1,18 @@
#!/usr/local/bin/expect
set HOST [lindex $argv 0]
set PROJECT [lindex $argv 1]
set IMAGE [lindex $argv 2]
set timeout 30
spawn notary -s https://$HOST:4443 --tlscacert /notary_ca/ca.crt -d /root/.docker/trust remove -p $HOST/$PROJECT/$IMAGE latest
expect {
"Enter username:" {send "admin\r";exp_continue}
"Enter password:" {send "Harbor12345\r";exp_continue}
"Enter passphrase for targets key with ID*" {send "Harbor12345\r"}
timeout {exit 1}
}
expect eof
exit 0

View File

@ -40,4 +40,7 @@ Test Case - Project Level Policy Content Trust
Close Browser
Test Case - Admin Push Signed Image
Body Of Admin Push Signed Image
Body Of Admin Push Signed Image tomcat
Test Case - Admin Push Signed Image And Remove Signature
Body Of Admin Push Signed Image mariadb with_remove=${true}