func compareSignatures(t *testing.T, a, b imageapi.ImageSignature) {
aName := a.Name
a.ObjectMeta = b.ObjectMeta
a.Name = aName
if !reflect.DeepEqual(a, b) {
t.Errorf("created and contained signatures differ: %v", diff.ObjectDiff(a, b))
}
}
func fuzzImageSignature(t *testing.T, signature *api.ImageSignature, seed int64) *api.ImageSignature {
f := apitesting.FuzzerFor(t, v1.SchemeGroupVersion, rand.NewSource(seed))
f.Funcs(
func(j *api.ImageSignature, c fuzz.Continue) {
c.FuzzNoCustom(j)
j.Annotations = make(map[string]string)
j.Labels = make(map[string]string)
j.Conditions = []api.SignatureCondition{}
j.SignedClaims = make(map[string]string)
j.Content = []byte(c.RandString())
for i := 0; i < c.Rand.Intn(3)+2; i++ {
j.Labels[c.RandString()] = c.RandString()
j.Annotations[c.RandString()] = c.RandString()
j.SignedClaims[c.RandString()] = c.RandString()
}
for i := 0; i < c.Rand.Intn(3)+2; i++ {
cond := api.SignatureCondition{}
c.Fuzz(&cond)
j.Conditions = append(j.Conditions, cond)
}
},
)
updated := api.ImageSignature{}
f.Fuzz(&updated)
updated.Namespace = signature.Namespace
updated.Name = signature.Name
j, err := meta.TypeAccessor(signature)
if err != nil {
t.Fatalf("Unexpected error %v for %#v", err, signature)
}
j.SetKind("")
j.SetAPIVersion("")
return &updated
}
func TestImageAddSignature(t *testing.T) {
adminClient, userClient, image := testSetupImageSignatureTest(t, testUserName)
if len(image.Signatures) != 0 {
t.Fatalf("expected empty signatures, not: %s", diff.ObjectDiff(image.Signatures, []imageapi.ImageSignature{}))
}
// add some dummy signature
signature := imageapi.ImageSignature{
Type: "unknown",
Content: []byte("binaryblob"),
}
sigName, err := imageapi.JoinImageSignatureName(image.Name, "signaturename")
if err != nil {
t.Fatalf("unexpected error: %v", err)
}
signature.Name = sigName
created, err := userClient.ImageSignatures().Create(&signature)
if err == nil {
t.Fatalf("unexpected success updating image signatures")
}
if !kerrors.IsForbidden(err) {
t.Fatalf("expected forbidden error, not: %v", err)
}
makeUserAnImageSigner(adminClient, userClient, testUserName)
// try to create the signature again
created, err = userClient.ImageSignatures().Create(&signature)
if err != nil {
t.Fatalf("unexpected error: %v", err)
}
image, err = adminClient.Images().Get(image.Name)
if err != nil {
t.Fatalf("unexpected error: %v", err)
}
if len(image.Signatures) != 1 {
t.Fatalf("unexpected number of signatures in created image (%d != %d)", len(image.Signatures), 1)
}
for _, sig := range []*imageapi.ImageSignature{created, &image.Signatures[0]} {
if sig.Name != sigName || sig.Type != "unknown" ||
!bytes.Equal(sig.Content, []byte("binaryblob")) || len(sig.Conditions) != 0 {
t.Errorf("unexpected signature received: %#+v", sig)
}
}
compareSignatures(t, image.Signatures[0], *created)
// try to create the signature yet again
created, err = userClient.ImageSignatures().Create(&signature)
if !kerrors.IsAlreadyExists(err) {
t.Fatalf("expected already exists error, not: %v", err)
}
// try to create a signature with different name but the same conent
newName, err := imageapi.JoinImageSignatureName(image.Name, "newone")
if err != nil {
t.Fatalf("unexpected error: %v", err)
}
signature.Name = newName
created, err = userClient.ImageSignatures().Create(&signature)
if !kerrors.IsAlreadyExists(err) {
t.Fatalf("expected already exists error, not: %v", err)
}
// try to create a signature with the same name but different content
signature.Name = sigName
signature.Content = []byte("different")
_, err = userClient.ImageSignatures().Create(&signature)
if !kerrors.IsAlreadyExists(err) {
t.Fatalf("expected already exists error, not: %v", err)
}
}
