containers
/
automation-tests
mirror of https://github.com/containers/automation-tests.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Use types.SystemContext in NewImage* 

... instead of Docker-specific certPath and tlsVerify.

Also invert the sense of tlsVerify to make the default secure.

Signed-off-by: Miloslav Trmač <mitr@redhat.com>
This commit is contained in:
Miloslav Trmač 2016-08-11 20:06:17 +02:00
parent 8f0c70e494
commit 151faebaba
21 changed files with 81 additions and 76 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

20
image/directory/directory_test.go
View File

@ -15,7 +15,7 @@ func TestDestinationReference(t *testing.T) {
ref, tmpDir := refToTempDir(t)
defer os.RemoveAll(tmpDir)
dest, err := ref.NewImageDestination("", true)
dest, err := ref.NewImageDestination(nil)
require.NoError(t, err)
ref2 := dest.Reference()
assert.Equal(t, tmpDir, ref2.StringWithinTransport())
@ -26,12 +26,12 @@ func TestGetPutManifest(t *testing.T) {
defer os.RemoveAll(tmpDir)
man := []byte("test-manifest")
dest, err := ref.NewImageDestination("", true)
dest, err := ref.NewImageDestination(nil)
require.NoError(t, err)
err = dest.PutManifest(man)
assert.NoError(t, err)
src, err := ref.NewImageSource("", true)
src, err := ref.NewImageSource(nil)
require.NoError(t, err)
m, mt, err := src.GetManifest(nil)
assert.NoError(t, err)
@ -45,12 +45,12 @@ func TestGetPutBlob(t *testing.T) {
digest := "digest-test"
blob := []byte("test-blob")
dest, err := ref.NewImageDestination("", true)
dest, err := ref.NewImageDestination(nil)
require.NoError(t, err)
err = dest.PutBlob(digest, bytes.NewReader(blob))
assert.NoError(t, err)
src, err := ref.NewImageSource("", true)
src, err := ref.NewImageSource(nil)
require.NoError(t, err)
rc, size, err := src.GetBlob(digest)
assert.NoError(t, err)
@ -96,7 +96,7 @@ func TestPutBlobDigestFailure(t *testing.T) {
return 0, fmt.Errorf(digestErrorString)
})
dest, err := ref.NewImageDestination("", true)
dest, err := ref.NewImageDestination(nil)
require.NoError(t, err)
err = dest.PutBlob(blobDigest, reader)
assert.Error(t, err)
@ -111,7 +111,7 @@ func TestGetPutSignatures(t *testing.T) {
ref, tmpDir := refToTempDir(t)
defer os.RemoveAll(tmpDir)
dest, err := ref.NewImageDestination("", true)
dest, err := ref.NewImageDestination(nil)
require.NoError(t, err)
signatures := [][]byte{
[]byte("sig1"),
@ -120,7 +120,7 @@ func TestGetPutSignatures(t *testing.T) {
err = dest.PutSignatures(signatures)
assert.NoError(t, err)
src, err := ref.NewImageSource("", true)
src, err := ref.NewImageSource(nil)
require.NoError(t, err)
sigs, err := src.GetSignatures()
assert.NoError(t, err)
@ -131,7 +131,7 @@ func TestDelete(t *testing.T) {
ref, tmpDir := refToTempDir(t)
defer os.RemoveAll(tmpDir)
src, err := ref.NewImageSource("", true)
src, err := ref.NewImageSource(nil)
require.NoError(t, err)
err = src.Delete()
assert.Error(t, err)
@ -141,7 +141,7 @@ func TestSourceReference(t *testing.T) {
ref, tmpDir := refToTempDir(t)
defer os.RemoveAll(tmpDir)
src, err := ref.NewImageSource("", true)
src, err := ref.NewImageSource(nil)
require.NoError(t, err)
ref2 := src.Reference()
assert.Equal(t, tmpDir, ref2.StringWithinTransport())

6
image/directory/directory_transport.go
View File

@ -128,18 +128,18 @@ func (ref dirReference) PolicyConfigurationNamespaces() []string {
}
// NewImage returns a types.Image for this reference.
func (ref dirReference) NewImage(certPath string, tlsVerify bool) (types.Image, error) {
func (ref dirReference) NewImage(ctx *types.SystemContext) (types.Image, error) {
src := newImageSource(ref)
return image.FromSource(src, nil), nil
}
// NewImageSource returns a types.ImageSource for this reference.
func (ref dirReference) NewImageSource(certPath string, tlsVerify bool) (types.ImageSource, error) {
func (ref dirReference) NewImageSource(ctx *types.SystemContext) (types.ImageSource, error) {
return newImageSource(ref), nil
}
// NewImageDestination returns a types.ImageDestination for this reference.
func (ref dirReference) NewImageDestination(certPath string, tlsVerify bool) (types.ImageDestination, error) {
func (ref dirReference) NewImageDestination(ctx *types.SystemContext) (types.ImageDestination, error) {
return newImageDestination(ref), nil
}

6
image/directory/directory_transport_test.go
View File

@ -149,21 +149,21 @@ func TestReferencePolicyConfigurationNamespaces(t *testing.T) {
func TestReferenceNewImage(t *testing.T) {
ref, tmpDir := refToTempDir(t)
defer os.RemoveAll(tmpDir)
_, err := ref.NewImage("/this/doesn't/exist", true)
_, err := ref.NewImage(nil)
assert.NoError(t, err)
}
func TestReferenceNewImageSource(t *testing.T) {
ref, tmpDir := refToTempDir(t)
defer os.RemoveAll(tmpDir)
_, err := ref.NewImageSource("/this/doesn't/exist", true)
_, err := ref.NewImageSource(nil)
assert.NoError(t, err)
}
func TestReferenceNewImageDestination(t *testing.T) {
ref, tmpDir := refToTempDir(t)
defer os.RemoveAll(tmpDir)
_, err := ref.NewImageDestination("/this/doesn't/exist", true)
_, err := ref.NewImageDestination(nil)
assert.NoError(t, err)
}

2
image/doc.go
View File

@ -13,7 +13,7 @@
// if err != nil {
// panic(err)
// }
// img, err := ref.NewImage("", true)
// img, err := ref.NewImage(nil)
// if err != nil {
// panic(err)
// }

11
image/docker/docker_client.go
View File

@ -14,6 +14,7 @@ import (
"time"
"github.com/Sirupsen/logrus"
"github.com/containers/image/types"
"github.com/docker/docker/pkg/homedir"
)
@ -44,7 +45,7 @@ type dockerClient struct {
}
// newDockerClient returns a new dockerClient instance for refHostname (a host a specified in the Docker image reference, not canonicalized to dockerRegistry)
func newDockerClient(refHostname, certPath string, tlsVerify bool) (*dockerClient, error) {
func newDockerClient(ctx *types.SystemContext, refHostname string) (*dockerClient, error) {
var registry string
if refHostname == dockerHostname {
registry = dockerRegistry
@ -56,17 +57,17 @@ func newDockerClient(refHostname, certPath string, tlsVerify bool) (*dockerClien
return nil, err
}
var tr *http.Transport
if certPath != "" || !tlsVerify {
if ctx != nil && (ctx.DockerCertPath != "" || ctx.DockerInsecureSkipTLSVerify) {
tlsc := &tls.Config{}
if certPath != "" {
cert, err := tls.LoadX509KeyPair(filepath.Join(certPath, "cert.pem"), filepath.Join(certPath, "key.pem"))
if ctx.DockerCertPath != "" {
cert, err := tls.LoadX509KeyPair(filepath.Join(ctx.DockerCertPath, "cert.pem"), filepath.Join(ctx.DockerCertPath, "key.pem"))
if err != nil {
return nil, fmt.Errorf("Error loading x509 key pair: %s", err)
}
tlsc.Certificates = append(tlsc.Certificates, cert)
}
tlsc.InsecureSkipVerify = !tlsVerify
tlsc.InsecureSkipVerify = ctx.DockerInsecureSkipTLSVerify
tr = &http.Transport{
TLSClientConfig: tlsc,
}

4
image/docker/docker_image.go
View File

@ -18,8 +18,8 @@ type Image struct {
// newImage returns a new Image interface type after setting up
// a client to the registry hosting the given image.
func newImage(ref dockerReference, certPath string, tlsVerify bool) (types.Image, error) {
s, err := newImageSource(ref, certPath, tlsVerify)
func newImage(ctx *types.SystemContext, ref dockerReference) (types.Image, error) {
s, err := newImageSource(ctx, ref)
if err != nil {
return nil, err
}

6
image/docker/docker_image_dest.go
View File

@ -17,9 +17,9 @@ type dockerImageDestination struct {
c *dockerClient
}
// newImageDestination creates a new ImageDestination for the specified image reference and connection specification.
func newImageDestination(ref dockerReference, certPath string, tlsVerify bool) (types.ImageDestination, error) {
c, err := newDockerClient(ref.ref.Hostname(), certPath, tlsVerify)
// newImageDestination creates a new ImageDestination for the specified image reference.
func newImageDestination(ctx *types.SystemContext, ref dockerReference) (types.ImageDestination, error) {
c, err := newDockerClient(ctx, ref.ref.Hostname())
if err != nil {
return nil, err
}

6
image/docker/docker_image_src.go
View File

@ -27,9 +27,9 @@ type dockerImageSource struct {
c *dockerClient
}
// newImageSource creates a new ImageSource for the specified image reference and connection specification.
func newImageSource(ref dockerReference, certPath string, tlsVerify bool) (*dockerImageSource, error) {
c, err := newDockerClient(ref.ref.Hostname(), certPath, tlsVerify)
// newImageSource creates a new ImageSource for the specified image reference.
func newImageSource(ctx *types.SystemContext, ref dockerReference) (*dockerImageSource, error) {
c, err := newDockerClient(ctx, ref.ref.Hostname())
if err != nil {
return nil, err
}

12
image/docker/docker_transport.go
View File

@ -116,18 +116,18 @@ func (ref dockerReference) PolicyConfigurationNamespaces() []string {
}
// NewImage returns a types.Image for this reference.
func (ref dockerReference) NewImage(certPath string, tlsVerify bool) (types.Image, error) {
return newImage(ref, certPath, tlsVerify)
func (ref dockerReference) NewImage(ctx *types.SystemContext) (types.Image, error) {
return newImage(ctx, ref)
}
// NewImageSource returns a types.ImageSource for this reference.
func (ref dockerReference) NewImageSource(certPath string, tlsVerify bool) (types.ImageSource, error) {
return newImageSource(ref, certPath, tlsVerify)
func (ref dockerReference) NewImageSource(ctx *types.SystemContext) (types.ImageSource, error) {
return newImageSource(ctx, ref)
}
// NewImageDestination returns a types.ImageDestination for this reference.
func (ref dockerReference) NewImageDestination(certPath string, tlsVerify bool) (types.ImageDestination, error) {
return newImageDestination(ref, certPath, tlsVerify)
func (ref dockerReference) NewImageDestination(ctx *types.SystemContext) (types.ImageDestination, error) {
return newImageDestination(ctx, ref)
}
// tagOrDigest returns a tag or digest from the reference.

6
image/docker/docker_transport_test.go
View File

@ -160,21 +160,21 @@ func TestReferencePolicyConfigurationNamespaces(t *testing.T) {
func TestReferenceNewImage(t *testing.T) {
ref, err := ParseReference("//busybox")
require.NoError(t, err)
_, err = ref.NewImage("", true)
_, err = ref.NewImage(nil)
assert.NoError(t, err)
}
func TestReferenceNewImageSource(t *testing.T) {
ref, err := ParseReference("//busybox")
require.NoError(t, err)
_, err = ref.NewImageSource("", true)
_, err = ref.NewImageSource(nil)
assert.NoError(t, err)
}
func TestReferenceNewImageDestination(t *testing.T) {
ref, err := ParseReference("//busybox")
require.NoError(t, err)
_, err = ref.NewImageDestination("", true)
_, err = ref.NewImageDestination(nil)
assert.NoError(t, err)
}

2
image/oci/oci_dest_test.go
View File

@ -44,7 +44,7 @@ func TestPutBlobDigestFailure(t *testing.T) {
return 0, fmt.Errorf(digestErrorString)
})
dest, err := ref.NewImageDestination("", true)
dest, err := ref.NewImageDestination(nil)
require.NoError(t, err)
err = dest.PutBlob(blobDigest, reader)
assert.Error(t, err)

6
image/oci/oci_transport.go
View File

@ -165,17 +165,17 @@ func (ref ociReference) PolicyConfigurationNamespaces() []string {
}
// NewImage returns a types.Image for this reference.
func (ref ociReference) NewImage(certPath string, tlsVerify bool) (types.Image, error) {
func (ref ociReference) NewImage(ctx *types.SystemContext) (types.Image, error) {
return nil, errors.New("Full Image support not implemented for oci: image names")
}
// NewImageSource returns a types.ImageSource for this reference.
func (ref ociReference) NewImageSource(certPath string, tlsVerify bool) (types.ImageSource, error) {
func (ref ociReference) NewImageSource(ctx *types.SystemContext) (types.ImageSource, error) {
return nil, errors.New("Reading images not implemented for oci: image names")
}
// NewImageDestination returns a types.ImageDestination for this reference.
func (ref ociReference) NewImageDestination(certPath string, tlsVerify bool) (types.ImageDestination, error) {
func (ref ociReference) NewImageDestination(ctx *types.SystemContext) (types.ImageDestination, error) {
return newImageDestination(ref), nil
}

6
image/oci/oci_transport_test.go
View File

@ -205,21 +205,21 @@ func TestReferencePolicyConfigurationNamespaces(t *testing.T) {
func TestReferenceNewImage(t *testing.T) {
ref, tmpDir := refToTempOCI(t)
defer os.RemoveAll(tmpDir)
_, err := ref.NewImage("/this/doesn't/exist", true)
_, err := ref.NewImage(nil)
assert.Error(t, err)
}
func TestReferenceNewImageSource(t *testing.T) {
ref, tmpDir := refToTempOCI(t)
defer os.RemoveAll(tmpDir)
_, err := ref.NewImageSource("/this/doesn't/exist", true)
_, err := ref.NewImageSource(nil)
assert.Error(t, err)
}
func TestReferenceNewImageDestination(t *testing.T) {
ref, tmpDir := refToTempOCI(t)
defer os.RemoveAll(tmpDir)
_, err := ref.NewImageDestination("/this/doesn't/exist", true)
_, err := ref.NewImageDestination(nil)
assert.NoError(t, err)
}

20
image/openshift/openshift.go
View File

@ -171,24 +171,22 @@ func (c *openshiftClient) dockerRegistryHostPart() string {
type openshiftImageSource struct {
client *openshiftClient
// Values specific to this image
certPath string // Only for parseDockerImageSource
tlsVerify bool // Only for parseDockerImageSource
ctx *types.SystemContext
// State
docker types.ImageSource // The Docker Registry endpoint, or nil if not resolved yet
imageStreamImageName string // Resolved image identifier, or "" if not known yet
}
// newImageSource creates a new ImageSource for the specified reference and connection specification.
func newImageSource(ref openshiftReference, certPath string, tlsVerify bool) (types.ImageSource, error) {
// newImageSource creates a new ImageSource for the specified reference.
func newImageSource(ctx *types.SystemContext, ref openshiftReference) (types.ImageSource, error) {
client, err := newOpenshiftClient(ref)
if err != nil {
return nil, err
}
return &openshiftImageSource{
client: client,
certPath: certPath,
tlsVerify: tlsVerify,
client: client,
ctx: ctx,
}, nil
}
@ -270,7 +268,7 @@ func (s *openshiftImageSource) ensureImageIsResolved() error {
if err != nil {
return err
}
d, err := dockerRef.NewImageSource(s.certPath, s.tlsVerify)
d, err := dockerRef.NewImageSource(s.ctx)
if err != nil {
return err
}
@ -286,8 +284,8 @@ type openshiftImageDestination struct {
imageStreamImageName string // "" if not yet known
}
// newImageDestination creates a new ImageDestination for the specified reference and connection specification.
func newImageDestination(ref openshiftReference, certPath string, tlsVerify bool) (types.ImageDestination, error) {
// newImageDestination creates a new ImageDestination for the specified reference.
func newImageDestination(ctx *types.SystemContext, ref openshiftReference) (types.ImageDestination, error) {
client, err := newOpenshiftClient(ref)
if err != nil {
return nil, err
@ -301,7 +299,7 @@ func newImageDestination(ref openshiftReference, certPath string, tlsVerify bool
if err != nil {
return nil, err
}
docker, err := dockerRef.NewImageDestination(certPath, tlsVerify)
docker, err := dockerRef.NewImageDestination(ctx)
if err != nil {
return nil, err
}

10
image/openshift/openshift_transport.go
View File

@ -154,16 +154,16 @@ func (ref openshiftReference) PolicyConfigurationNamespaces() []string {
}
// NewImage returns a types.Image for this reference.
func (ref openshiftReference) NewImage(certPath string, tlsVerify bool) (types.Image, error) {
func (ref openshiftReference) NewImage(ctx *types.SystemContext) (types.Image, error) {
return nil, errors.New("Full Image support not implemented for atomic: image names")
}
// NewImageSource returns a types.ImageSource for this reference.
func (ref openshiftReference) NewImageSource(certPath string, tlsVerify bool) (types.ImageSource, error) {
return newImageSource(ref, certPath, tlsVerify)
func (ref openshiftReference) NewImageSource(ctx *types.SystemContext) (types.ImageSource, error) {
return newImageSource(ctx, ref)
}
// NewImageDestination returns a types.ImageDestination for this reference.
func (ref openshiftReference) NewImageDestination(certPath string, tlsVerify bool) (types.ImageDestination, error) {
return newImageDestination(ref, certPath, tlsVerify)
func (ref openshiftReference) NewImageDestination(ctx *types.SystemContext) (types.ImageDestination, error) {
return newImageDestination(ctx, ref)
}

2
image/openshift/openshift_transport_test.go
View File

@ -113,7 +113,7 @@ func TestReferencePolicyConfigurationNamespaces(t *testing.T) {
func TestReferenceNewImage(t *testing.T) {
ref, err := NewReference(testBaseURL, "ns", "stream", "notlatest")
require.NoError(t, err)
_, err = ref.NewImage("", true)
_, err = ref.NewImage(nil)
assert.Error(t, err)
}

2
image/signature/policy_eval_signedby_test.go
View File

@ -25,7 +25,7 @@ func dirImageMock(t *testing.T, dir, dockerReference string) types.Image {
func dirImageMockWithRef(t *testing.T, dir string, ref types.ImageReference) types.Image {
srcRef, err := directory.NewReference(dir)
require.NoError(t, err)
src, err := srcRef.NewImageSource("", true)
src, err := srcRef.NewImageSource(nil)
require.NoError(t, err)
return image.FromSource(&dirImageSourceMock{
ImageSource: src,

6
image/signature/policy_eval_simple_test.go
View File

@ -34,13 +34,13 @@ func (ref nameOnlyImageReferenceMock) PolicyConfigurationIdentity() string {
func (ref nameOnlyImageReferenceMock) PolicyConfigurationNamespaces() []string {
panic("unexpected call to a mock function")
}
func (ref nameOnlyImageReferenceMock) NewImage(certPath string, tlsVerify bool) (types.Image, error) {
func (ref nameOnlyImageReferenceMock) NewImage(ctx *types.SystemContext) (types.Image, error) {
panic("unexpected call to a mock function")
}
func (ref nameOnlyImageReferenceMock) NewImageSource(certPath string, tlsVerify bool) (types.ImageSource, error) {
func (ref nameOnlyImageReferenceMock) NewImageSource(ctx *types.SystemContext) (types.ImageSource, error) {
panic("unexpected call to a mock function")
}
func (ref nameOnlyImageReferenceMock) NewImageDestination(certPath string, tlsVerify bool) (types.ImageDestination, error) {
func (ref nameOnlyImageReferenceMock) NewImageDestination(ctx *types.SystemContext) (types.ImageDestination, error) {
panic("unexpected call to a mock function")
}

6
image/signature/policy_eval_test.go
View File

@ -90,13 +90,13 @@ func (ref pcImageReferenceMock) PolicyConfigurationNamespaces() []string {
}
return policyconfiguration.DockerReferenceNamespaces(ref.ref)
}
func (ref pcImageReferenceMock) NewImage(certPath string, tlsVerify bool) (types.Image, error) {
func (ref pcImageReferenceMock) NewImage(ctx *types.SystemContext) (types.Image, error) {
panic("unexpected call to a mock function")
}
func (ref pcImageReferenceMock) NewImageSource(certPath string, tlsVerify bool) (types.ImageSource, error) {
func (ref pcImageReferenceMock) NewImageSource(ctx *types.SystemContext) (types.ImageSource, error) {
panic("unexpected call to a mock function")
}
func (ref pcImageReferenceMock) NewImageDestination(certPath string, tlsVerify bool) (types.ImageDestination, error) {
func (ref pcImageReferenceMock) NewImageDestination(ctx *types.SystemContext) (types.ImageDestination, error) {
panic("unexpected call to a mock function")
}

6
image/signature/policy_reference_match_test.go
View File

@ -101,13 +101,13 @@ func (ref refImageReferenceMock) PolicyConfigurationIdentity() string {
func (ref refImageReferenceMock) PolicyConfigurationNamespaces() []string {
panic("unexpected call to a mock function")
}
func (ref refImageReferenceMock) NewImage(certPath string, tlsVerify bool) (types.Image, error) {
func (ref refImageReferenceMock) NewImage(ctx *types.SystemContext) (types.Image, error) {
panic("unexpected call to a mock function")
}
func (ref refImageReferenceMock) NewImageSource(certPath string, tlsVerify bool) (types.ImageSource, error) {
func (ref refImageReferenceMock) NewImageSource(ctx *types.SystemContext) (types.ImageSource, error) {
panic("unexpected call to a mock function")
}
func (ref refImageReferenceMock) NewImageDestination(certPath string, tlsVerify bool) (types.ImageDestination, error) {
func (ref refImageReferenceMock) NewImageDestination(ctx *types.SystemContext) (types.ImageDestination, error) {
panic("unexpected call to a mock function")
}

12
image/types/types.go
View File

@ -71,11 +71,11 @@ type ImageReference interface {
PolicyConfigurationNamespaces() []string
// NewImage returns a types.Image for this reference.
NewImage(certPath string, tlsVerify bool) (Image, error)
NewImage(ctx *SystemContext) (Image, error)
// NewImageSource returns a types.ImageSource for this reference.
NewImageSource(certPath string, tlsVerify bool) (ImageSource, error)
NewImageSource(ctx *SystemContext) (ImageSource, error)
// NewImageDestination returns a types.ImageDestination for this reference.
NewImageDestination(certPath string, tlsVerify bool) (ImageDestination, error)
NewImageDestination(ctx *SystemContext) (ImageDestination, error)
}
// ImageSource is a service, possibly remote (= slow), to download components of a single image.
@ -159,6 +159,12 @@ type SystemContext struct {
// Not used for any paths specified by users in config files (even if the location of the config file _was_ affected by it).
// NOTE: This does NOT affect paths starting by $HOME.
RootForImplicitAbsolutePaths string
// === Global configuration overrides ===
// If not "", overrides the system's default path for signature.Policy configuration.
SignaturePolicyPath string
// === docker.Transport overrides ===
DockerCertPath string // If not "", a directory containing "cert.pem" and "key.pem" used when talking to a Docker Registry
DockerInsecureSkipTLSVerify bool
}