func compareSignatures(t *testing.T, a, b imageapi.ImageSignature) {
	aName := a.Name
	a.ObjectMeta = b.ObjectMeta
	a.Name = aName
	if !reflect.DeepEqual(a, b) {
		t.Errorf("created and contained signatures differ: %v", diff.ObjectDiff(a, b))
	}
}
Example #2
0
func autoConvert_v1_ImageSignature_To_api_ImageSignature(in *ImageSignature, out *image_api.ImageSignature, s conversion.Scope) error {
	out.Type = in.Type
	if err := conversion.Convert_Slice_byte_To_Slice_byte(&in.Content, &out.Content, s); err != nil {
		return err
	}
	if in.Conditions != nil {
		in, out := &in.Conditions, &out.Conditions
		*out = make([]image_api.SignatureCondition, len(*in))
		for i := range *in {
			if err := Convert_v1_SignatureCondition_To_api_SignatureCondition(&(*in)[i], &(*out)[i], s); err != nil {
				return err
			}
		}
	} else {
		out.Conditions = nil
	}
	out.ImageIdentity = in.ImageIdentity
	if in.SignedClaims != nil {
		in, out := &in.SignedClaims, &out.SignedClaims
		*out = make(map[string]string, len(*in))
		for key, val := range *in {
			(*out)[key] = val
		}
	} else {
		out.SignedClaims = nil
	}
	if in.Created != nil {
		in, out := &in.Created, &out.Created
		*out = new(unversioned.Time)
		if err := api.Convert_unversioned_Time_To_unversioned_Time(*in, *out, s); err != nil {
			return err
		}
	} else {
		out.Created = nil
	}
	if in.IssuedBy != nil {
		in, out := &in.IssuedBy, &out.IssuedBy
		*out = new(image_api.SignatureIssuer)
		if err := Convert_v1_SignatureIssuer_To_api_SignatureIssuer(*in, *out, s); err != nil {
			return err
		}
	} else {
		out.IssuedBy = nil
	}
	if in.IssuedTo != nil {
		in, out := &in.IssuedTo, &out.IssuedTo
		*out = new(image_api.SignatureSubject)
		if err := Convert_v1_SignatureSubject_To_api_SignatureSubject(*in, *out, s); err != nil {
			return err
		}
	} else {
		out.IssuedTo = nil
	}
	return nil
}
func autoConvert_v1_ImageSignature_To_api_ImageSignature(in *ImageSignature, out *api.ImageSignature, s conversion.Scope) error {
	if err := api_v1.Convert_v1_ObjectMeta_To_api_ObjectMeta(&in.ObjectMeta, &out.ObjectMeta, s); err != nil {
		return err
	}
	out.Type = in.Type
	out.Content = *(*[]byte)(unsafe.Pointer(&in.Content))
	out.Conditions = *(*[]api.SignatureCondition)(unsafe.Pointer(&in.Conditions))
	out.ImageIdentity = in.ImageIdentity
	out.SignedClaims = *(*map[string]string)(unsafe.Pointer(&in.SignedClaims))
	out.Created = (*unversioned.Time)(unsafe.Pointer(in.Created))
	out.IssuedBy = (*api.SignatureIssuer)(unsafe.Pointer(in.IssuedBy))
	out.IssuedTo = (*api.SignatureSubject)(unsafe.Pointer(in.IssuedTo))
	return nil
}
Example #4
0
func fuzzImageSignature(t *testing.T, signature *api.ImageSignature, seed int64) *api.ImageSignature {
	f := apitesting.FuzzerFor(t, v1.SchemeGroupVersion, rand.NewSource(seed))
	f.Funcs(
		func(j *api.ImageSignature, c fuzz.Continue) {
			c.FuzzNoCustom(j)
			j.Annotations = make(map[string]string)
			j.Labels = make(map[string]string)
			j.Conditions = []api.SignatureCondition{}
			j.SignedClaims = make(map[string]string)

			j.Content = []byte(c.RandString())
			for i := 0; i < c.Rand.Intn(3)+2; i++ {
				j.Labels[c.RandString()] = c.RandString()
				j.Annotations[c.RandString()] = c.RandString()
				j.SignedClaims[c.RandString()] = c.RandString()
			}
			for i := 0; i < c.Rand.Intn(3)+2; i++ {
				cond := api.SignatureCondition{}
				c.Fuzz(&cond)
				j.Conditions = append(j.Conditions, cond)
			}
		},
	)

	updated := api.ImageSignature{}
	f.Fuzz(&updated)
	updated.Namespace = signature.Namespace
	updated.Name = signature.Name

	j, err := meta.TypeAccessor(signature)
	if err != nil {
		t.Fatalf("Unexpected error %v for %#v", err, signature)
	}
	j.SetKind("")
	j.SetAPIVersion("")

	return &updated
}
func autoConvert_v1_ImageSignature_To_api_ImageSignature(in *ImageSignature, out *api.ImageSignature, s conversion.Scope) error {
	if err := pkg_api.Convert_unversioned_TypeMeta_To_unversioned_TypeMeta(&in.TypeMeta, &out.TypeMeta, s); err != nil {
		return err
	}
	if err := api_v1.Convert_v1_ObjectMeta_To_api_ObjectMeta(&in.ObjectMeta, &out.ObjectMeta, s); err != nil {
		return err
	}
	out.Type = in.Type
	if err := conversion.Convert_Slice_byte_To_Slice_byte(&in.Content, &out.Content, s); err != nil {
		return err
	}
	if in.Conditions != nil {
		in, out := &in.Conditions, &out.Conditions
		*out = make([]api.SignatureCondition, len(*in))
		for i := range *in {
			if err := Convert_v1_SignatureCondition_To_api_SignatureCondition(&(*in)[i], &(*out)[i], s); err != nil {
				return err
			}
		}
	} else {
		out.Conditions = nil
	}
	out.ImageIdentity = in.ImageIdentity
	out.SignedClaims = in.SignedClaims
	out.Created = in.Created
	if in.IssuedBy != nil {
		in, out := &in.IssuedBy, &out.IssuedBy
		*out = new(api.SignatureIssuer)
		if err := Convert_v1_SignatureIssuer_To_api_SignatureIssuer(*in, *out, s); err != nil {
			return err
		}
	} else {
		out.IssuedBy = nil
	}
	if in.IssuedTo != nil {
		in, out := &in.IssuedTo, &out.IssuedTo
		*out = new(api.SignatureSubject)
		if err := Convert_v1_SignatureSubject_To_api_SignatureSubject(*in, *out, s); err != nil {
			return err
		}
	} else {
		out.IssuedTo = nil
	}
	return nil
}
func TestImageAddSignature(t *testing.T) {
	adminClient, userClient, image := testSetupImageSignatureTest(t, testUserName)

	if len(image.Signatures) != 0 {
		t.Fatalf("expected empty signatures, not: %s", diff.ObjectDiff(image.Signatures, []imageapi.ImageSignature{}))
	}

	// add some dummy signature
	signature := imageapi.ImageSignature{
		Type:    "unknown",
		Content: []byte("binaryblob"),
	}

	sigName, err := imageapi.JoinImageSignatureName(image.Name, "signaturename")
	if err != nil {
		t.Fatalf("unexpected error: %v", err)
	}
	signature.Name = sigName

	created, err := userClient.ImageSignatures().Create(&signature)
	if err == nil {
		t.Fatalf("unexpected success updating image signatures")
	}
	if !kerrors.IsForbidden(err) {
		t.Fatalf("expected forbidden error, not: %v", err)
	}

	makeUserAnImageSigner(adminClient, userClient, testUserName)

	// try to create the signature again
	created, err = userClient.ImageSignatures().Create(&signature)
	if err != nil {
		t.Fatalf("unexpected error: %v", err)
	}
	image, err = adminClient.Images().Get(image.Name)
	if err != nil {
		t.Fatalf("unexpected error: %v", err)
	}
	if len(image.Signatures) != 1 {
		t.Fatalf("unexpected number of signatures in created image (%d != %d)", len(image.Signatures), 1)
	}
	for _, sig := range []*imageapi.ImageSignature{created, &image.Signatures[0]} {
		if sig.Name != sigName || sig.Type != "unknown" ||
			!bytes.Equal(sig.Content, []byte("binaryblob")) || len(sig.Conditions) != 0 {
			t.Errorf("unexpected signature received: %#+v", sig)
		}
	}
	compareSignatures(t, image.Signatures[0], *created)

	// try to create the signature yet again
	created, err = userClient.ImageSignatures().Create(&signature)
	if !kerrors.IsAlreadyExists(err) {
		t.Fatalf("expected already exists error, not: %v", err)
	}

	// try to create a signature with different name but the same conent
	newName, err := imageapi.JoinImageSignatureName(image.Name, "newone")
	if err != nil {
		t.Fatalf("unexpected error: %v", err)
	}
	signature.Name = newName
	created, err = userClient.ImageSignatures().Create(&signature)
	if !kerrors.IsAlreadyExists(err) {
		t.Fatalf("expected already exists error, not: %v", err)
	}

	// try to create a signature with the same name but different content
	signature.Name = sigName
	signature.Content = []byte("different")
	_, err = userClient.ImageSignatures().Create(&signature)
	if !kerrors.IsAlreadyExists(err) {
		t.Fatalf("expected already exists error, not: %v", err)
	}
}