github/zot
1
0
Fork 0
mirror of https://github.com/project-zot/zot.git synced 2026-06-16 04:17:55 +08:00
Code Issues Packages Projects Releases Wiki Activity

test: Add cosign and notations bats tests (#929)

Browse Source 
Signed-off-by: Nicol Draghici <idraghic@cisco.com>
This commit is contained in:
Nicol
2022-11-01 18:16:14 +02:00
committed by GitHub
parent 2d877aaea1
commit c72b4fb643
2 changed files with 42 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files
test/blackbox/annotations.bats
+35
View File
@@ -89,3 +89,38 @@ function teardown_file() {
[ $(echo "${lines[-1]}" | jq '.data.ImageList[0].Vendor') = '"CentOs"' ]
[ $(echo "${lines[-1]}" | jq '.data.ImageList[0].Licenses') = '"GPLv2"' ]
}
@test "sign/verify with cosign" {
run curl -X POST -H "Content-Type: application/json" --data '{ "query": "{ ImageList(repo: \"annotations\") { RepoName Tag Digest ConfigDigest Size Layers {Size Digest } Vendor Licenses }}"}' http://localhost:8080/v2/_zot/ext/search
[ "$status" -eq 0 ]
[ $(echo "${lines[-1]}" | jq '.data.ImageList[0].RepoName') = '"annotations"' ]
local digest=$(echo "${lines[-1]}" | jq -r '.data.ImageList[0].Digest')
run cosign initialize
[ "$status" -eq 0 ]
run cosign generate-key-pair
[ "$status" -eq 0 ]
run cosign sign --key cosign.key localhost:8080/annotations:latest --yes
[ "$status" -eq 0 ]
run cosign verify --key cosign.pub localhost:8080/annotations:latest
[ "$status" -eq 0 ]
local sigName=$(echo "${lines[-1]}" | jq '.[].critical.image."docker-manifest-digest"')
[ "$status" -eq 0 ]
[[ "$sigName" == *"${digest}"* ]]
}
@test "sign/verify with notation" {
run curl -X POST -H "Content-Type: application/json" --data '{ "query": "{ ImageList(repo: \"annotations\") { RepoName Tag Digest ConfigDigest Size Layers {Size Digest } }}"}' http://localhost:8080/v2/_zot/ext/search
[ "$status" -eq 0 ]
[ $(echo "${lines[-1]}" | jq '.data.ImageList[0].RepoName') = '"annotations"' ]
[ "$status" -eq 0 ]
run notation cert generate-test --trust "notation-sign-test"
[ "$status" -eq 0 ]
run notation sign --key "notation-sign-test" --plain-http localhost:8080/annotations:latest
[ "$status" -eq 0 ]
run notation verify --cert "notation-sign-test" --plain-http localhost:8080/annotations:latest
[ "$status" -eq 0 ]
run notation list --plain-http localhost:8080/annotations:latest
[ "$status" -eq 0 ]
}