func TestImageRemoveSignature(t *testing.T) { adminClient, userClient, image := testSetupImageSignatureTest(t, testUserName) makeUserAnImageSigner(adminClient, userClient, testUserName) // create some signatures sigData := []struct { sigName string content string }{ {"a", "binaryblob"}, {"b", "security without obscurity"}, {"c", "distrust and caution are the parents of security"}, {"d", "he who sacrifices freedom for security deserves neither"}, } for i, d := range sigData { name, err := imageapi.JoinImageSignatureName(image.Name, d.sigName) if err != nil { t.Fatalf("creating signature %d: unexpected error: %v", i, err) } signature := imageapi.ImageSignature{ ObjectMeta: kapi.ObjectMeta{ Name: name, }, Type: "unknown", Content: []byte(d.content), } _, err = userClient.ImageSignatures().Create(&signature) if err != nil { t.Fatalf("creating signature %d: unexpected error: %v", i, err) } } image, err := userClient.Images().Get(image.Name) if err != nil { t.Fatalf("unexpected error: %v", err) } if len(image.Signatures) != 4 { t.Fatalf("expected 4 signatures, not %d", len(image.Signatures)) } // try to delete blob that does not exist err = userClient.ImageSignatures().Delete(image.Name + "@doesnotexist") if !kerrors.IsNotFound(err) { t.Fatalf("expected not found error, not: %#+v", err) } // try to delete blob with missing signature name err = userClient.ImageSignatures().Delete(image.Name + "@") if !kerrors.IsBadRequest(err) { t.Fatalf("expected bad request, not: %#+v", err) } // delete the first err = userClient.ImageSignatures().Delete(image.Name + "@" + sigData[0].sigName) if err != nil { t.Fatalf("unexpected error: %v", err) } // try to delete it once more err = userClient.ImageSignatures().Delete(image.Name + "@" + sigData[0].sigName) if err == nil { t.Fatalf("unexpected nont error") } else if !kerrors.IsNotFound(err) { t.Errorf("expected not found error, not: %#+v", err) } // delete the one in the middle err = userClient.ImageSignatures().Delete(image.Name + "@" + sigData[2].sigName) if err != nil { t.Fatalf("unexpected error: %v", err) } if image, err = userClient.Images().Get(image.Name); err != nil { t.Fatalf("unexpected error: %v", err) } else if len(image.Signatures) != 2 { t.Fatalf("expected 2 signatures, not %d", len(image.Signatures)) } // delete the one at the end err = userClient.ImageSignatures().Delete(image.Name + "@" + sigData[3].sigName) if err != nil { t.Fatalf("unexpected error: %v", err) } // delete the last one err = userClient.ImageSignatures().Delete(image.Name + "@" + sigData[1].sigName) if err != nil { t.Fatalf("unexpected error: %v", err) } if image, err = userClient.Images().Get(image.Name); err != nil { t.Fatalf("unexpected error: %v", err) } else if len(image.Signatures) != 0 { t.Fatalf("expected 2 signatures, not %d", len(image.Signatures)) } }
func TestImageAddSignature(t *testing.T) { adminClient, userClient, image := testSetupImageSignatureTest(t, testUserName) if len(image.Signatures) != 0 { t.Fatalf("expected empty signatures, not: %s", diff.ObjectDiff(image.Signatures, []imageapi.ImageSignature{})) } // add some dummy signature signature := imageapi.ImageSignature{ Type: "unknown", Content: []byte("binaryblob"), } sigName, err := imageapi.JoinImageSignatureName(image.Name, "signaturename") if err != nil { t.Fatalf("unexpected error: %v", err) } signature.Name = sigName created, err := userClient.ImageSignatures().Create(&signature) if err == nil { t.Fatalf("unexpected success updating image signatures") } if !kerrors.IsForbidden(err) { t.Fatalf("expected forbidden error, not: %v", err) } makeUserAnImageSigner(adminClient, userClient, testUserName) // try to create the signature again created, err = userClient.ImageSignatures().Create(&signature) if err != nil { t.Fatalf("unexpected error: %v", err) } image, err = adminClient.Images().Get(image.Name) if err != nil { t.Fatalf("unexpected error: %v", err) } if len(image.Signatures) != 1 { t.Fatalf("unexpected number of signatures in created image (%d != %d)", len(image.Signatures), 1) } for _, sig := range []*imageapi.ImageSignature{created, &image.Signatures[0]} { if sig.Name != sigName || sig.Type != "unknown" || !bytes.Equal(sig.Content, []byte("binaryblob")) || len(sig.Conditions) != 0 { t.Errorf("unexpected signature received: %#+v", sig) } } compareSignatures(t, image.Signatures[0], *created) // try to create the signature yet again created, err = userClient.ImageSignatures().Create(&signature) if !kerrors.IsAlreadyExists(err) { t.Fatalf("expected already exists error, not: %v", err) } // try to create a signature with different name but the same conent newName, err := imageapi.JoinImageSignatureName(image.Name, "newone") if err != nil { t.Fatalf("unexpected error: %v", err) } signature.Name = newName created, err = userClient.ImageSignatures().Create(&signature) if !kerrors.IsAlreadyExists(err) { t.Fatalf("expected already exists error, not: %v", err) } // try to create a signature with the same name but different content signature.Name = sigName signature.Content = []byte("different") _, err = userClient.ImageSignatures().Create(&signature) if !kerrors.IsAlreadyExists(err) { t.Fatalf("expected already exists error, not: %v", err) } }