mirror of
https://github.com/project-zot/zot.git
synced 2026-06-16 20:38:08 +08:00
Andreea Lupu
1190 lines
36 KiB
Go
1190 lines
36 KiB
Go
package bolt_test
|
|
|
|
import (
|
|
"context"
|
|
"encoding/json"
|
|
"errors"
|
|
"os"
|
|
"path"
|
|
"testing"
|
|
"time"
|
|
|
|
"github.com/notaryproject/notation-core-go/signature/jws"
|
|
"github.com/notaryproject/notation-go"
|
|
"github.com/notaryproject/notation-go/signer"
|
|
"github.com/opencontainers/go-digest"
|
|
ispec "github.com/opencontainers/image-spec/specs-go/v1"
|
|
. "github.com/smartystreets/goconvey/convey"
|
|
"go.etcd.io/bbolt"
|
|
|
|
"zotregistry.io/zot/pkg/log"
|
|
"zotregistry.io/zot/pkg/meta/bolt"
|
|
"zotregistry.io/zot/pkg/meta/repodb"
|
|
boltdb_wrapper "zotregistry.io/zot/pkg/meta/repodb/boltdb-wrapper"
|
|
"zotregistry.io/zot/pkg/meta/signatures"
|
|
localCtx "zotregistry.io/zot/pkg/requestcontext"
|
|
"zotregistry.io/zot/pkg/test"
|
|
)
|
|
|
|
func TestWrapperErrors(t *testing.T) {
|
|
Convey("Errors", t, func() {
|
|
ctx := context.Background()
|
|
tmpDir := t.TempDir()
|
|
boltDBParams := bolt.DBParameters{RootDir: tmpDir}
|
|
boltDriver, err := bolt.GetBoltDriver(boltDBParams)
|
|
So(err, ShouldBeNil)
|
|
|
|
log := log.NewLogger("debug", "")
|
|
|
|
boltdbWrapper, err := boltdb_wrapper.NewBoltDBWrapper(boltDriver, log)
|
|
So(boltdbWrapper, ShouldNotBeNil)
|
|
So(err, ShouldBeNil)
|
|
|
|
repoMeta := repodb.RepoMetadata{
|
|
Tags: map[string]repodb.Descriptor{},
|
|
Signatures: map[string]repodb.ManifestSignatures{},
|
|
}
|
|
|
|
repoMetaBlob, err := json.Marshal(repoMeta)
|
|
So(err, ShouldBeNil)
|
|
|
|
Convey("GetManifestData", func() {
|
|
err := boltdbWrapper.DB.Update(func(tx *bbolt.Tx) error {
|
|
dataBuck := tx.Bucket([]byte(bolt.ManifestDataBucket))
|
|
|
|
return dataBuck.Put([]byte("digest1"), []byte("wrong json"))
|
|
})
|
|
So(err, ShouldBeNil)
|
|
|
|
_, err = boltdbWrapper.GetManifestData("digest1")
|
|
So(err, ShouldNotBeNil)
|
|
|
|
_, err = boltdbWrapper.GetManifestMeta("repo1", "digest1")
|
|
So(err, ShouldNotBeNil)
|
|
})
|
|
|
|
Convey("SetManifestMeta", func() {
|
|
err := boltdbWrapper.DB.Update(func(tx *bbolt.Tx) error {
|
|
repoBuck := tx.Bucket([]byte(bolt.RepoMetadataBucket))
|
|
dataBuck := tx.Bucket([]byte(bolt.ManifestDataBucket))
|
|
|
|
err := dataBuck.Put([]byte("digest1"), repoMetaBlob)
|
|
if err != nil {
|
|
return err
|
|
}
|
|
|
|
return repoBuck.Put([]byte("repo1"), []byte("wrong json"))
|
|
})
|
|
So(err, ShouldBeNil)
|
|
|
|
err = boltdbWrapper.SetManifestMeta("repo1", "digest1", repodb.ManifestMetadata{})
|
|
So(err, ShouldNotBeNil)
|
|
|
|
_, err = boltdbWrapper.GetManifestMeta("repo1", "digest1")
|
|
So(err, ShouldNotBeNil)
|
|
})
|
|
|
|
Convey("FilterRepos", func() {
|
|
err := boltdbWrapper.DB.Update(func(tx *bbolt.Tx) error {
|
|
buck := tx.Bucket([]byte(bolt.RepoMetadataBucket))
|
|
err := buck.Put([]byte("badRepo"), []byte("bad repo"))
|
|
So(err, ShouldBeNil)
|
|
|
|
return nil
|
|
})
|
|
So(err, ShouldBeNil)
|
|
|
|
_, _, _, _, err = boltdbWrapper.FilterRepos(context.Background(),
|
|
func(repoMeta repodb.RepoMetadata) bool { return true }, repodb.PageInput{})
|
|
So(err, ShouldNotBeNil)
|
|
})
|
|
|
|
Convey("SetReferrer", func() {
|
|
err := boltdbWrapper.DB.Update(func(tx *bbolt.Tx) error {
|
|
repoBuck := tx.Bucket([]byte(bolt.RepoMetadataBucket))
|
|
|
|
return repoBuck.Put([]byte("repo"), []byte("wrong json"))
|
|
})
|
|
So(err, ShouldBeNil)
|
|
|
|
err = boltdbWrapper.SetReferrer("repo", "ref", repodb.ReferrerInfo{})
|
|
So(err, ShouldNotBeNil)
|
|
})
|
|
|
|
Convey("DeleteReferrer", func() {
|
|
Convey("RepoMeta not found", func() {
|
|
err := boltdbWrapper.DeleteReferrer("r", "dig", "dig")
|
|
So(err, ShouldNotBeNil)
|
|
})
|
|
|
|
Convey("bad repo meta blob", func() {
|
|
err := boltdbWrapper.DB.Update(func(tx *bbolt.Tx) error {
|
|
repoBuck := tx.Bucket([]byte(bolt.RepoMetadataBucket))
|
|
|
|
return repoBuck.Put([]byte("repo"), []byte("wrong json"))
|
|
})
|
|
So(err, ShouldBeNil)
|
|
|
|
err = boltdbWrapper.DeleteReferrer("repo", "dig", "dig")
|
|
So(err, ShouldNotBeNil)
|
|
})
|
|
})
|
|
|
|
Convey("SetRepoReference", func() {
|
|
err := boltdbWrapper.DB.Update(func(tx *bbolt.Tx) error {
|
|
repoBuck := tx.Bucket([]byte(bolt.RepoMetadataBucket))
|
|
|
|
return repoBuck.Put([]byte("repo1"), []byte("wrong json"))
|
|
})
|
|
So(err, ShouldBeNil)
|
|
|
|
err = boltdbWrapper.SetRepoReference("repo1", "tag", "digest", ispec.MediaTypeImageManifest)
|
|
So(err, ShouldNotBeNil)
|
|
})
|
|
|
|
Convey("GetRepoMeta", func() {
|
|
err := boltdbWrapper.DB.Update(func(tx *bbolt.Tx) error {
|
|
repoBuck := tx.Bucket([]byte(bolt.RepoMetadataBucket))
|
|
|
|
return repoBuck.Put([]byte("repo1"), []byte("wrong json"))
|
|
})
|
|
So(err, ShouldBeNil)
|
|
|
|
_, err = boltdbWrapper.GetRepoMeta("repo1")
|
|
So(err, ShouldNotBeNil)
|
|
})
|
|
|
|
Convey("DeleteRepoTag", func() {
|
|
err := boltdbWrapper.DB.Update(func(tx *bbolt.Tx) error {
|
|
repoBuck := tx.Bucket([]byte(bolt.RepoMetadataBucket))
|
|
|
|
return repoBuck.Put([]byte("repo1"), []byte("wrong json"))
|
|
})
|
|
So(err, ShouldBeNil)
|
|
|
|
err = boltdbWrapper.DeleteRepoTag("repo1", "tag")
|
|
So(err, ShouldNotBeNil)
|
|
})
|
|
|
|
Convey("GetReferrersInfo", func() {
|
|
_, err = boltdbWrapper.GetReferrersInfo("repo1", "tag", nil)
|
|
So(err, ShouldNotBeNil)
|
|
|
|
err := boltdbWrapper.DB.Update(func(tx *bbolt.Tx) error {
|
|
repoBuck := tx.Bucket([]byte(bolt.RepoMetadataBucket))
|
|
|
|
return repoBuck.Put([]byte("repo1"), []byte("wrong json"))
|
|
})
|
|
So(err, ShouldBeNil)
|
|
|
|
_, err = boltdbWrapper.GetReferrersInfo("repo1", "tag", nil)
|
|
So(err, ShouldNotBeNil)
|
|
})
|
|
|
|
Convey("IncrementRepoStars", func() {
|
|
err := boltdbWrapper.DB.Update(func(tx *bbolt.Tx) error {
|
|
repoBuck := tx.Bucket([]byte(bolt.RepoMetadataBucket))
|
|
|
|
return repoBuck.Put([]byte("repo1"), []byte("wrong json"))
|
|
})
|
|
So(err, ShouldBeNil)
|
|
|
|
err = boltdbWrapper.IncrementRepoStars("repo2")
|
|
So(err, ShouldNotBeNil)
|
|
|
|
err = boltdbWrapper.IncrementRepoStars("repo1")
|
|
So(err, ShouldNotBeNil)
|
|
})
|
|
|
|
Convey("DecrementRepoStars", func() {
|
|
err := boltdbWrapper.DB.Update(func(tx *bbolt.Tx) error {
|
|
repoBuck := tx.Bucket([]byte(bolt.RepoMetadataBucket))
|
|
|
|
return repoBuck.Put([]byte("repo1"), []byte("wrong json"))
|
|
})
|
|
So(err, ShouldBeNil)
|
|
|
|
err = boltdbWrapper.DecrementRepoStars("repo2")
|
|
So(err, ShouldNotBeNil)
|
|
|
|
err = boltdbWrapper.DecrementRepoStars("repo1")
|
|
So(err, ShouldNotBeNil)
|
|
})
|
|
|
|
Convey("GetRepoStars", func() {
|
|
err := boltdbWrapper.DB.Update(func(tx *bbolt.Tx) error {
|
|
repoBuck := tx.Bucket([]byte(bolt.RepoMetadataBucket))
|
|
|
|
return repoBuck.Put([]byte("repo1"), []byte("wrong json"))
|
|
})
|
|
So(err, ShouldBeNil)
|
|
|
|
_, err = boltdbWrapper.GetRepoStars("repo1")
|
|
So(err, ShouldNotBeNil)
|
|
})
|
|
|
|
Convey("GetMultipleRepoMeta", func() {
|
|
err := boltdbWrapper.DB.Update(func(tx *bbolt.Tx) error {
|
|
repoBuck := tx.Bucket([]byte(bolt.RepoMetadataBucket))
|
|
|
|
return repoBuck.Put([]byte("repo1"), []byte("wrong json"))
|
|
})
|
|
So(err, ShouldBeNil)
|
|
|
|
_, err = boltdbWrapper.GetMultipleRepoMeta(context.TODO(), func(repoMeta repodb.RepoMetadata) bool {
|
|
return true
|
|
}, repodb.PageInput{})
|
|
So(err, ShouldNotBeNil)
|
|
})
|
|
|
|
Convey("IncrementImageDownloads", func() {
|
|
err := boltdbWrapper.DB.Update(func(tx *bbolt.Tx) error {
|
|
repoBuck := tx.Bucket([]byte(bolt.RepoMetadataBucket))
|
|
|
|
return repoBuck.Put([]byte("repo1"), []byte("wrong json"))
|
|
})
|
|
So(err, ShouldBeNil)
|
|
|
|
err = boltdbWrapper.IncrementImageDownloads("repo2", "tag")
|
|
So(err, ShouldNotBeNil)
|
|
|
|
err = boltdbWrapper.IncrementImageDownloads("repo1", "tag")
|
|
So(err, ShouldNotBeNil)
|
|
|
|
err = boltdbWrapper.DB.Update(func(tx *bbolt.Tx) error {
|
|
repoBuck := tx.Bucket([]byte(bolt.RepoMetadataBucket))
|
|
|
|
return repoBuck.Put([]byte("repo1"), repoMetaBlob)
|
|
})
|
|
So(err, ShouldBeNil)
|
|
|
|
err = boltdbWrapper.IncrementImageDownloads("repo1", "tag")
|
|
So(err, ShouldNotBeNil)
|
|
})
|
|
|
|
Convey("AddManifestSignature", func() {
|
|
err := boltdbWrapper.DB.Update(func(tx *bbolt.Tx) error {
|
|
repoBuck := tx.Bucket([]byte(bolt.RepoMetadataBucket))
|
|
|
|
return repoBuck.Put([]byte("repo1"), []byte("wrong json"))
|
|
})
|
|
So(err, ShouldBeNil)
|
|
|
|
err = boltdbWrapper.AddManifestSignature("repo1", digest.FromString("dig"),
|
|
repodb.SignatureMetadata{})
|
|
So(err, ShouldNotBeNil)
|
|
|
|
err = boltdbWrapper.DB.Update(func(tx *bbolt.Tx) error {
|
|
repoBuck := tx.Bucket([]byte(bolt.RepoMetadataBucket))
|
|
|
|
return repoBuck.Put([]byte("repo1"), repoMetaBlob)
|
|
})
|
|
So(err, ShouldBeNil)
|
|
|
|
// signatures not found
|
|
err = boltdbWrapper.AddManifestSignature("repo1", digest.FromString("dig"),
|
|
repodb.SignatureMetadata{})
|
|
So(err, ShouldBeNil)
|
|
|
|
//
|
|
err = boltdbWrapper.DB.Update(func(tx *bbolt.Tx) error {
|
|
repoBuck := tx.Bucket([]byte(bolt.RepoMetadataBucket))
|
|
|
|
repoMeta := repodb.RepoMetadata{
|
|
Tags: map[string]repodb.Descriptor{},
|
|
Signatures: map[string]repodb.ManifestSignatures{
|
|
"digest1": {
|
|
"cosgin": {{}},
|
|
},
|
|
"digest2": {
|
|
"notation": {{}},
|
|
},
|
|
},
|
|
}
|
|
|
|
repoMetaBlob, err := json.Marshal(repoMeta)
|
|
So(err, ShouldBeNil)
|
|
|
|
return repoBuck.Put([]byte("repo1"), repoMetaBlob)
|
|
})
|
|
So(err, ShouldBeNil)
|
|
|
|
err = boltdbWrapper.AddManifestSignature("repo1", digest.FromString("dig"),
|
|
repodb.SignatureMetadata{
|
|
SignatureType: "cosign",
|
|
SignatureDigest: "digest1",
|
|
})
|
|
So(err, ShouldBeNil)
|
|
|
|
err = boltdbWrapper.AddManifestSignature("repo1", digest.FromString("dig"),
|
|
repodb.SignatureMetadata{
|
|
SignatureType: "cosign",
|
|
SignatureDigest: "digest2",
|
|
})
|
|
So(err, ShouldBeNil)
|
|
|
|
repoData, err := boltdbWrapper.GetRepoMeta("repo1")
|
|
So(err, ShouldBeNil)
|
|
So(len(repoData.Signatures[string(digest.FromString("dig"))][signatures.CosignSignature]),
|
|
ShouldEqual, 1)
|
|
So(repoData.Signatures[string(digest.FromString("dig"))][signatures.CosignSignature][0].SignatureManifestDigest,
|
|
ShouldEqual, "digest2")
|
|
|
|
err = boltdbWrapper.AddManifestSignature("repo1", digest.FromString("dig"),
|
|
repodb.SignatureMetadata{
|
|
SignatureType: "notation",
|
|
SignatureDigest: "digest2",
|
|
})
|
|
So(err, ShouldBeNil)
|
|
})
|
|
|
|
Convey("DeleteSignature", func() {
|
|
err := boltdbWrapper.DB.Update(func(tx *bbolt.Tx) error {
|
|
repoBuck := tx.Bucket([]byte(bolt.RepoMetadataBucket))
|
|
|
|
return repoBuck.Put([]byte("repo1"), []byte("wrong json"))
|
|
})
|
|
So(err, ShouldBeNil)
|
|
|
|
err = boltdbWrapper.DeleteSignature("repo2", digest.FromString("dig"),
|
|
repodb.SignatureMetadata{})
|
|
So(err, ShouldNotBeNil)
|
|
|
|
err = boltdbWrapper.DeleteSignature("repo1", digest.FromString("dig"),
|
|
repodb.SignatureMetadata{})
|
|
So(err, ShouldNotBeNil)
|
|
|
|
err = boltdbWrapper.DB.Update(func(tx *bbolt.Tx) error {
|
|
repoBuck := tx.Bucket([]byte(bolt.RepoMetadataBucket))
|
|
|
|
repoMeta := repodb.RepoMetadata{
|
|
Tags: map[string]repodb.Descriptor{},
|
|
Signatures: map[string]repodb.ManifestSignatures{
|
|
"digest1": {
|
|
"cosgin": []repodb.SignatureInfo{
|
|
{
|
|
SignatureManifestDigest: "sigDigest1",
|
|
},
|
|
{
|
|
SignatureManifestDigest: "sigDigest2",
|
|
},
|
|
},
|
|
},
|
|
"digest2": {
|
|
"notation": {{}},
|
|
},
|
|
},
|
|
}
|
|
|
|
repoMetaBlob, err := json.Marshal(repoMeta)
|
|
So(err, ShouldBeNil)
|
|
|
|
return repoBuck.Put([]byte("repo1"), repoMetaBlob)
|
|
})
|
|
So(err, ShouldBeNil)
|
|
|
|
err = boltdbWrapper.DeleteSignature("repo1", "digest1",
|
|
repodb.SignatureMetadata{
|
|
SignatureType: "cosgin",
|
|
SignatureDigest: "sigDigest2",
|
|
})
|
|
So(err, ShouldBeNil)
|
|
})
|
|
|
|
Convey("SearchRepos", func() {
|
|
err := boltdbWrapper.DB.Update(func(tx *bbolt.Tx) error {
|
|
repoBuck := tx.Bucket([]byte(bolt.RepoMetadataBucket))
|
|
|
|
return repoBuck.Put([]byte("repo1"), []byte("wrong json"))
|
|
})
|
|
So(err, ShouldBeNil)
|
|
|
|
_, _, _, _, err = boltdbWrapper.SearchRepos(context.Background(), "", repodb.Filter{}, repodb.PageInput{})
|
|
So(err, ShouldNotBeNil)
|
|
|
|
err = boltdbWrapper.DB.Update(func(tx *bbolt.Tx) error {
|
|
repoBuck := tx.Bucket([]byte(bolt.RepoMetadataBucket))
|
|
dataBuck := tx.Bucket([]byte(bolt.ManifestDataBucket))
|
|
|
|
err := dataBuck.Put([]byte("dig1"), []byte("wrong json"))
|
|
if err != nil {
|
|
return err
|
|
}
|
|
|
|
repoMeta := repodb.RepoMetadata{
|
|
Name: "repo1",
|
|
Tags: map[string]repodb.Descriptor{
|
|
"tag1": {Digest: "dig1", MediaType: ispec.MediaTypeImageManifest},
|
|
},
|
|
Signatures: map[string]repodb.ManifestSignatures{},
|
|
}
|
|
repoMetaBlob, err := json.Marshal(repoMeta)
|
|
So(err, ShouldBeNil)
|
|
|
|
err = repoBuck.Put([]byte("repo1"), repoMetaBlob)
|
|
if err != nil {
|
|
return err
|
|
}
|
|
|
|
repoMeta = repodb.RepoMetadata{
|
|
Name: "repo2",
|
|
Tags: map[string]repodb.Descriptor{
|
|
"tag2": {Digest: "dig2", MediaType: ispec.MediaTypeImageManifest},
|
|
},
|
|
Signatures: map[string]repodb.ManifestSignatures{},
|
|
}
|
|
repoMetaBlob, err = json.Marshal(repoMeta)
|
|
So(err, ShouldBeNil)
|
|
|
|
return repoBuck.Put([]byte("repo2"), repoMetaBlob)
|
|
})
|
|
So(err, ShouldBeNil)
|
|
|
|
_, _, _, _, err = boltdbWrapper.SearchRepos(context.Background(), "repo1", repodb.Filter{}, repodb.PageInput{})
|
|
So(err, ShouldNotBeNil)
|
|
|
|
_, _, _, _, err = boltdbWrapper.SearchRepos(context.Background(), "repo2", repodb.Filter{}, repodb.PageInput{})
|
|
So(err, ShouldNotBeNil)
|
|
|
|
err = boltdbWrapper.DB.Update(func(tx *bbolt.Tx) error {
|
|
repoBuck := tx.Bucket([]byte(bolt.RepoMetadataBucket))
|
|
dataBuck := tx.Bucket([]byte(bolt.ManifestDataBucket))
|
|
|
|
manifestMeta := repodb.ManifestMetadata{
|
|
ManifestBlob: []byte("{}"),
|
|
ConfigBlob: []byte("wrong json"),
|
|
Signatures: repodb.ManifestSignatures{},
|
|
}
|
|
|
|
manifestMetaBlob, err := json.Marshal(manifestMeta)
|
|
if err != nil {
|
|
return err
|
|
}
|
|
|
|
err = dataBuck.Put([]byte("dig1"), manifestMetaBlob)
|
|
if err != nil {
|
|
return err
|
|
}
|
|
|
|
repoMeta = repodb.RepoMetadata{
|
|
Name: "repo1",
|
|
Tags: map[string]repodb.Descriptor{
|
|
"tag1": {Digest: "dig1", MediaType: ispec.MediaTypeImageManifest},
|
|
},
|
|
Signatures: map[string]repodb.ManifestSignatures{},
|
|
}
|
|
repoMetaBlob, err = json.Marshal(repoMeta)
|
|
So(err, ShouldBeNil)
|
|
|
|
return repoBuck.Put([]byte("repo1"), repoMetaBlob)
|
|
})
|
|
So(err, ShouldBeNil)
|
|
|
|
_, _, _, _, err = boltdbWrapper.SearchRepos(context.Background(), "repo1", repodb.Filter{}, repodb.PageInput{})
|
|
So(err, ShouldNotBeNil)
|
|
})
|
|
|
|
Convey("Index Errors", func() {
|
|
Convey("Bad index data", func() {
|
|
indexDigest := digest.FromString("indexDigest")
|
|
|
|
err := boltdbWrapper.SetRepoReference("repo", "tag1", indexDigest, ispec.MediaTypeImageIndex) //nolint:contextcheck
|
|
So(err, ShouldBeNil)
|
|
|
|
err = setBadIndexData(boltdbWrapper.DB, indexDigest.String())
|
|
So(err, ShouldBeNil)
|
|
|
|
_, _, _, _, err = boltdbWrapper.SearchRepos(ctx, "", repodb.Filter{}, repodb.PageInput{})
|
|
So(err, ShouldNotBeNil)
|
|
|
|
_, _, _, _, err = boltdbWrapper.SearchTags(ctx, "repo:", repodb.Filter{}, repodb.PageInput{})
|
|
So(err, ShouldNotBeNil)
|
|
})
|
|
|
|
Convey("Bad indexBlob in IndexData", func() {
|
|
indexDigest := digest.FromString("indexDigest")
|
|
|
|
err := boltdbWrapper.SetRepoReference("repo", "tag1", indexDigest, ispec.MediaTypeImageIndex) //nolint:contextcheck
|
|
So(err, ShouldBeNil)
|
|
|
|
err = boltdbWrapper.SetIndexData(indexDigest, repodb.IndexData{
|
|
IndexBlob: []byte("bad json"),
|
|
})
|
|
So(err, ShouldBeNil)
|
|
|
|
_, _, _, _, err = boltdbWrapper.SearchRepos(ctx, "", repodb.Filter{}, repodb.PageInput{})
|
|
So(err, ShouldNotBeNil)
|
|
|
|
_, _, _, _, err = boltdbWrapper.SearchTags(ctx, "repo:", repodb.Filter{}, repodb.PageInput{})
|
|
So(err, ShouldNotBeNil)
|
|
})
|
|
|
|
Convey("Good index data, bad manifest inside index", func() {
|
|
var (
|
|
indexDigest = digest.FromString("indexDigest")
|
|
manifestDigestFromIndex1 = digest.FromString("manifestDigestFromIndex1")
|
|
manifestDigestFromIndex2 = digest.FromString("manifestDigestFromIndex2")
|
|
)
|
|
|
|
err := boltdbWrapper.SetRepoReference("repo", "tag1", indexDigest, ispec.MediaTypeImageIndex) //nolint:contextcheck
|
|
So(err, ShouldBeNil)
|
|
|
|
indexBlob, err := test.GetIndexBlobWithManifests([]digest.Digest{
|
|
manifestDigestFromIndex1, manifestDigestFromIndex2,
|
|
})
|
|
So(err, ShouldBeNil)
|
|
|
|
err = boltdbWrapper.SetIndexData(indexDigest, repodb.IndexData{
|
|
IndexBlob: indexBlob,
|
|
})
|
|
So(err, ShouldBeNil)
|
|
|
|
err = boltdbWrapper.SetManifestData(manifestDigestFromIndex1, repodb.ManifestData{
|
|
ManifestBlob: []byte("Bad Manifest"),
|
|
ConfigBlob: []byte("Bad Manifest"),
|
|
})
|
|
So(err, ShouldBeNil)
|
|
|
|
err = boltdbWrapper.SetManifestData(manifestDigestFromIndex2, repodb.ManifestData{
|
|
ManifestBlob: []byte("Bad Manifest"),
|
|
ConfigBlob: []byte("Bad Manifest"),
|
|
})
|
|
So(err, ShouldBeNil)
|
|
|
|
_, _, _, _, err = boltdbWrapper.SearchRepos(ctx, "", repodb.Filter{}, repodb.PageInput{})
|
|
So(err, ShouldNotBeNil)
|
|
|
|
_, _, _, _, err = boltdbWrapper.SearchTags(ctx, "repo:", repodb.Filter{}, repodb.PageInput{})
|
|
So(err, ShouldNotBeNil)
|
|
})
|
|
})
|
|
|
|
Convey("SearchTags", func() {
|
|
ctx := context.Background()
|
|
|
|
err := boltdbWrapper.DB.Update(func(tx *bbolt.Tx) error {
|
|
repoBuck := tx.Bucket([]byte(bolt.RepoMetadataBucket))
|
|
|
|
return repoBuck.Put([]byte("repo1"), []byte("wrong json"))
|
|
})
|
|
So(err, ShouldBeNil)
|
|
|
|
_, _, _, _, err = boltdbWrapper.SearchTags(ctx, "", repodb.Filter{}, repodb.PageInput{})
|
|
So(err, ShouldNotBeNil)
|
|
|
|
_, _, _, _, err = boltdbWrapper.SearchTags(ctx, "repo1:", repodb.Filter{}, repodb.PageInput{})
|
|
So(err, ShouldNotBeNil)
|
|
|
|
err = boltdbWrapper.DB.Update(func(tx *bbolt.Tx) error {
|
|
repoBuck := tx.Bucket([]byte(bolt.RepoMetadataBucket))
|
|
dataBuck := tx.Bucket([]byte(bolt.ManifestDataBucket))
|
|
|
|
manifestMeta := repodb.ManifestMetadata{
|
|
ManifestBlob: []byte("{}"),
|
|
ConfigBlob: []byte("wrong json"),
|
|
Signatures: repodb.ManifestSignatures{},
|
|
}
|
|
|
|
manifestMetaBlob, err := json.Marshal(manifestMeta)
|
|
if err != nil {
|
|
return err
|
|
}
|
|
|
|
err = dataBuck.Put([]byte("dig1"), manifestMetaBlob)
|
|
if err != nil {
|
|
return err
|
|
}
|
|
|
|
err = dataBuck.Put([]byte("wrongManifestData"), []byte("wrong json"))
|
|
if err != nil {
|
|
return err
|
|
}
|
|
|
|
// manifest data doesn't exist
|
|
repoMeta = repodb.RepoMetadata{
|
|
Name: "repo1",
|
|
Tags: map[string]repodb.Descriptor{
|
|
"tag2": {Digest: "dig2", MediaType: ispec.MediaTypeImageManifest},
|
|
},
|
|
Signatures: map[string]repodb.ManifestSignatures{},
|
|
}
|
|
repoMetaBlob, err = json.Marshal(repoMeta)
|
|
So(err, ShouldBeNil)
|
|
|
|
err = repoBuck.Put([]byte("repo1"), repoMetaBlob)
|
|
if err != nil {
|
|
return err
|
|
}
|
|
|
|
// manifest data is wrong
|
|
repoMeta = repodb.RepoMetadata{
|
|
Name: "repo2",
|
|
Tags: map[string]repodb.Descriptor{
|
|
"tag2": {Digest: "wrongManifestData", MediaType: ispec.MediaTypeImageManifest},
|
|
},
|
|
Signatures: map[string]repodb.ManifestSignatures{},
|
|
}
|
|
repoMetaBlob, err = json.Marshal(repoMeta)
|
|
So(err, ShouldBeNil)
|
|
|
|
err = repoBuck.Put([]byte("repo2"), repoMetaBlob)
|
|
if err != nil {
|
|
return err
|
|
}
|
|
|
|
repoMeta = repodb.RepoMetadata{
|
|
Name: "repo3",
|
|
Tags: map[string]repodb.Descriptor{
|
|
"tag1": {Digest: "dig1", MediaType: ispec.MediaTypeImageManifest},
|
|
},
|
|
Signatures: map[string]repodb.ManifestSignatures{},
|
|
}
|
|
repoMetaBlob, err = json.Marshal(repoMeta)
|
|
So(err, ShouldBeNil)
|
|
|
|
return repoBuck.Put([]byte("repo3"), repoMetaBlob)
|
|
})
|
|
So(err, ShouldBeNil)
|
|
|
|
_, _, _, _, err = boltdbWrapper.SearchTags(ctx, "repo1:", repodb.Filter{}, repodb.PageInput{})
|
|
So(err, ShouldNotBeNil)
|
|
|
|
_, _, _, _, err = boltdbWrapper.SearchTags(ctx, "repo2:", repodb.Filter{}, repodb.PageInput{})
|
|
So(err, ShouldNotBeNil)
|
|
|
|
_, _, _, _, err = boltdbWrapper.SearchTags(ctx, "repo3:", repodb.Filter{}, repodb.PageInput{})
|
|
So(err, ShouldNotBeNil)
|
|
})
|
|
|
|
Convey("FilterTags Index errors", func() {
|
|
Convey("FilterTags bad IndexData", func() {
|
|
indexDigest := digest.FromString("indexDigest")
|
|
|
|
err := boltdbWrapper.SetRepoReference("repo", "tag1", indexDigest, ispec.MediaTypeImageIndex) //nolint:contextcheck
|
|
So(err, ShouldBeNil)
|
|
|
|
err = setBadIndexData(boltdbWrapper.DB, indexDigest.String())
|
|
So(err, ShouldBeNil)
|
|
|
|
_, _, _, _, err = boltdbWrapper.FilterTags(ctx,
|
|
func(repoMeta repodb.RepoMetadata, manifestMeta repodb.ManifestMetadata) bool { return true },
|
|
repodb.PageInput{},
|
|
)
|
|
So(err, ShouldNotBeNil)
|
|
})
|
|
|
|
Convey("FilterTags bad indexBlob in IndexData", func() {
|
|
indexDigest := digest.FromString("indexDigest")
|
|
|
|
err := boltdbWrapper.SetRepoReference("repo", "tag1", indexDigest, ispec.MediaTypeImageIndex) //nolint:contextcheck
|
|
So(err, ShouldBeNil)
|
|
|
|
err = boltdbWrapper.SetIndexData(indexDigest, repodb.IndexData{
|
|
IndexBlob: []byte("bad json"),
|
|
})
|
|
So(err, ShouldBeNil)
|
|
|
|
_, _, _, _, err = boltdbWrapper.FilterTags(ctx,
|
|
func(repoMeta repodb.RepoMetadata, manifestMeta repodb.ManifestMetadata) bool { return true },
|
|
repodb.PageInput{},
|
|
)
|
|
So(err, ShouldNotBeNil)
|
|
})
|
|
|
|
Convey("FilterTags didn't match any index manifest", func() {
|
|
var (
|
|
indexDigest = digest.FromString("indexDigest")
|
|
manifestDigestFromIndex1 = digest.FromString("manifestDigestFromIndex1")
|
|
manifestDigestFromIndex2 = digest.FromString("manifestDigestFromIndex2")
|
|
)
|
|
|
|
err := boltdbWrapper.SetRepoReference("repo", "tag1", indexDigest, ispec.MediaTypeImageIndex) //nolint:contextcheck
|
|
So(err, ShouldBeNil)
|
|
|
|
indexBlob, err := test.GetIndexBlobWithManifests([]digest.Digest{
|
|
manifestDigestFromIndex1, manifestDigestFromIndex2,
|
|
})
|
|
So(err, ShouldBeNil)
|
|
|
|
err = boltdbWrapper.SetIndexData(indexDigest, repodb.IndexData{
|
|
IndexBlob: indexBlob,
|
|
})
|
|
So(err, ShouldBeNil)
|
|
|
|
err = boltdbWrapper.SetManifestData(manifestDigestFromIndex1, repodb.ManifestData{
|
|
ManifestBlob: []byte("{}"),
|
|
ConfigBlob: []byte("{}"),
|
|
})
|
|
So(err, ShouldBeNil)
|
|
|
|
err = boltdbWrapper.SetManifestData(manifestDigestFromIndex2, repodb.ManifestData{
|
|
ManifestBlob: []byte("{}"),
|
|
ConfigBlob: []byte("{}"),
|
|
})
|
|
So(err, ShouldBeNil)
|
|
|
|
_, _, _, _, err = boltdbWrapper.FilterTags(ctx,
|
|
func(repoMeta repodb.RepoMetadata, manifestMeta repodb.ManifestMetadata) bool { return false },
|
|
repodb.PageInput{},
|
|
)
|
|
So(err, ShouldBeNil)
|
|
})
|
|
})
|
|
|
|
Convey("ToggleStarRepo bad context errors", func() {
|
|
authzCtxKey := localCtx.GetContextKey()
|
|
ctx := context.WithValue(context.Background(), authzCtxKey, "bad context")
|
|
|
|
_, err := boltdbWrapper.ToggleStarRepo(ctx, "repo")
|
|
So(err, ShouldNotBeNil)
|
|
})
|
|
|
|
Convey("ToggleStarRepo, getting StarredRepoKey from bucket fails", func() {
|
|
acCtx := localCtx.AccessControlContext{
|
|
ReadGlobPatterns: map[string]bool{
|
|
"repo": true,
|
|
},
|
|
Username: "username",
|
|
}
|
|
authzCtxKey := localCtx.GetContextKey()
|
|
ctx := context.WithValue(context.Background(), authzCtxKey, acCtx)
|
|
|
|
err := boltdbWrapper.DB.Update(func(tx *bbolt.Tx) error {
|
|
userdb, err := tx.CreateBucketIfNotExists([]byte(bolt.UserDataBucket))
|
|
So(err, ShouldBeNil)
|
|
userBucket, err := userdb.CreateBucketIfNotExists([]byte(acCtx.Username))
|
|
So(err, ShouldBeNil)
|
|
|
|
err = userBucket.Put([]byte(bolt.StarredReposKey), []byte("bad array"))
|
|
So(err, ShouldBeNil)
|
|
|
|
return nil
|
|
})
|
|
So(err, ShouldBeNil)
|
|
|
|
_, err = boltdbWrapper.ToggleStarRepo(ctx, "repo")
|
|
So(err, ShouldNotBeNil)
|
|
})
|
|
|
|
Convey("ToggleBookmarkRepo, unmarshal error", func() {
|
|
acCtx := localCtx.AccessControlContext{
|
|
ReadGlobPatterns: map[string]bool{
|
|
"repo": true,
|
|
},
|
|
Username: "username",
|
|
}
|
|
authzCtxKey := localCtx.GetContextKey()
|
|
ctx := context.WithValue(context.Background(), authzCtxKey, acCtx)
|
|
|
|
err := boltdbWrapper.DB.Update(func(tx *bbolt.Tx) error {
|
|
userdb, err := tx.CreateBucketIfNotExists([]byte(bolt.UserDataBucket))
|
|
So(err, ShouldBeNil)
|
|
userBucket, err := userdb.CreateBucketIfNotExists([]byte(acCtx.Username))
|
|
So(err, ShouldBeNil)
|
|
|
|
err = userBucket.Put([]byte(bolt.BookmarkedReposKey), []byte("bad array"))
|
|
So(err, ShouldBeNil)
|
|
|
|
return nil
|
|
})
|
|
So(err, ShouldBeNil)
|
|
|
|
_, err = boltdbWrapper.ToggleBookmarkRepo(ctx, "repo")
|
|
So(err, ShouldNotBeNil)
|
|
})
|
|
|
|
Convey("ToggleStarRepo, no repoMeta found", func() {
|
|
acCtx := localCtx.AccessControlContext{
|
|
ReadGlobPatterns: map[string]bool{
|
|
"repo": true,
|
|
},
|
|
Username: "username",
|
|
}
|
|
authzCtxKey := localCtx.GetContextKey()
|
|
ctx := context.WithValue(context.Background(), authzCtxKey, acCtx)
|
|
|
|
err := boltdbWrapper.DB.Update(func(tx *bbolt.Tx) error {
|
|
repoBuck := tx.Bucket([]byte(bolt.RepoMetadataBucket))
|
|
|
|
err := repoBuck.Put([]byte("repo"), []byte("bad repo"))
|
|
So(err, ShouldBeNil)
|
|
|
|
return nil
|
|
})
|
|
So(err, ShouldBeNil)
|
|
|
|
_, err = boltdbWrapper.ToggleStarRepo(ctx, "repo")
|
|
So(err, ShouldNotBeNil)
|
|
})
|
|
|
|
Convey("ToggleStarRepo, bad repoMeta found", func() {
|
|
acCtx := localCtx.AccessControlContext{
|
|
ReadGlobPatterns: map[string]bool{
|
|
"repo": true,
|
|
},
|
|
Username: "username",
|
|
}
|
|
authzCtxKey := localCtx.GetContextKey()
|
|
ctx := context.WithValue(context.Background(), authzCtxKey, acCtx)
|
|
|
|
_, err = boltdbWrapper.ToggleStarRepo(ctx, "repo")
|
|
So(err, ShouldNotBeNil)
|
|
})
|
|
|
|
Convey("ToggleBookmarkRepo bad context errors", func() {
|
|
authzCtxKey := localCtx.GetContextKey()
|
|
ctx := context.WithValue(context.Background(), authzCtxKey, "bad context")
|
|
|
|
_, err := boltdbWrapper.ToggleBookmarkRepo(ctx, "repo")
|
|
So(err, ShouldNotBeNil)
|
|
})
|
|
|
|
Convey("GetStarredRepos bad context errors", func() {
|
|
authzCtxKey := localCtx.GetContextKey()
|
|
ctx := context.WithValue(context.Background(), authzCtxKey, "bad context")
|
|
|
|
_, err := boltdbWrapper.GetStarredRepos(ctx)
|
|
So(err, ShouldNotBeNil)
|
|
})
|
|
|
|
Convey("GetStarredRepos user data unmarshal error", func() {
|
|
acCtx := localCtx.AccessControlContext{
|
|
ReadGlobPatterns: map[string]bool{
|
|
"repo": true,
|
|
},
|
|
Username: "username",
|
|
}
|
|
authzCtxKey := localCtx.GetContextKey()
|
|
ctx := context.WithValue(context.Background(), authzCtxKey, acCtx)
|
|
|
|
err := boltdbWrapper.DB.Update(func(tx *bbolt.Tx) error {
|
|
userdb, err := tx.CreateBucketIfNotExists([]byte(bolt.UserDataBucket))
|
|
So(err, ShouldBeNil)
|
|
userBucket, err := userdb.CreateBucketIfNotExists([]byte(acCtx.Username))
|
|
So(err, ShouldBeNil)
|
|
|
|
err = userBucket.Put([]byte(bolt.StarredReposKey), []byte("bad array"))
|
|
So(err, ShouldBeNil)
|
|
|
|
return nil
|
|
})
|
|
So(err, ShouldBeNil)
|
|
|
|
_, err = boltdbWrapper.GetStarredRepos(ctx)
|
|
So(err, ShouldNotBeNil)
|
|
})
|
|
|
|
Convey("GetBookmarkedRepos user data unmarshal error", func() {
|
|
acCtx := localCtx.AccessControlContext{
|
|
ReadGlobPatterns: map[string]bool{
|
|
"repo": true,
|
|
},
|
|
Username: "username",
|
|
}
|
|
authzCtxKey := localCtx.GetContextKey()
|
|
ctx := context.WithValue(context.Background(), authzCtxKey, acCtx)
|
|
|
|
err := boltdbWrapper.DB.Update(func(tx *bbolt.Tx) error {
|
|
userdb, err := tx.CreateBucketIfNotExists([]byte(bolt.UserDataBucket))
|
|
So(err, ShouldBeNil)
|
|
userBucket, err := userdb.CreateBucketIfNotExists([]byte(acCtx.Username))
|
|
So(err, ShouldBeNil)
|
|
|
|
err = userBucket.Put([]byte(bolt.BookmarkedReposKey), []byte("bad array"))
|
|
So(err, ShouldBeNil)
|
|
|
|
return nil
|
|
})
|
|
So(err, ShouldBeNil)
|
|
|
|
_, err = boltdbWrapper.GetBookmarkedRepos(ctx)
|
|
So(err, ShouldNotBeNil)
|
|
})
|
|
|
|
Convey("GetBookmarkedRepos bad context errors", func() {
|
|
authzCtxKey := localCtx.GetContextKey()
|
|
ctx := context.WithValue(context.Background(), authzCtxKey, "bad context")
|
|
|
|
_, err := boltdbWrapper.GetBookmarkedRepos(ctx)
|
|
So(err, ShouldNotBeNil)
|
|
})
|
|
|
|
Convey("Unsuported type", func() {
|
|
digest := digest.FromString("digest")
|
|
|
|
err := boltdbWrapper.SetRepoReference("repo", "tag1", digest, "invalid type") //nolint:contextcheck
|
|
So(err, ShouldBeNil)
|
|
|
|
_, _, _, _, err = boltdbWrapper.SearchRepos(ctx, "", repodb.Filter{}, repodb.PageInput{})
|
|
So(err, ShouldBeNil)
|
|
|
|
_, _, _, _, err = boltdbWrapper.SearchTags(ctx, "repo:", repodb.Filter{}, repodb.PageInput{})
|
|
So(err, ShouldBeNil)
|
|
|
|
_, _, _, _, err = boltdbWrapper.FilterTags(
|
|
ctx,
|
|
func(repoMeta repodb.RepoMetadata, manifestMeta repodb.ManifestMetadata) bool { return true },
|
|
repodb.PageInput{},
|
|
)
|
|
So(err, ShouldBeNil)
|
|
})
|
|
|
|
Convey("GetUserRepoMeta unmarshal error", func() {
|
|
acCtx := localCtx.AccessControlContext{
|
|
ReadGlobPatterns: map[string]bool{
|
|
"repo": true,
|
|
},
|
|
Username: "username",
|
|
}
|
|
authzCtxKey := localCtx.GetContextKey()
|
|
ctx := context.WithValue(context.Background(), authzCtxKey, acCtx)
|
|
|
|
err = boltdbWrapper.DB.Update(func(tx *bbolt.Tx) error {
|
|
repoBuck := tx.Bucket([]byte(bolt.RepoMetadataBucket))
|
|
|
|
err := repoBuck.Put([]byte("repo"), []byte("bad repo"))
|
|
So(err, ShouldBeNil)
|
|
|
|
return nil
|
|
})
|
|
So(err, ShouldBeNil)
|
|
|
|
_, err := boltdbWrapper.GetUserRepoMeta(ctx, "repo")
|
|
So(err, ShouldNotBeNil)
|
|
})
|
|
|
|
Convey("UpdateSignaturesValidity", func() {
|
|
Convey("manifestMeta of signed manifest not found", func() {
|
|
err := boltdbWrapper.UpdateSignaturesValidity("repo", digest.FromString("dig"))
|
|
So(err, ShouldBeNil)
|
|
})
|
|
|
|
Convey("repoMeta of signed manifest not found", func() {
|
|
// repo Meta not found
|
|
err := boltdbWrapper.SetManifestData(digest.FromString("dig"), repodb.ManifestData{
|
|
ManifestBlob: []byte("Bad Manifest"),
|
|
ConfigBlob: []byte("Bad Manifest"),
|
|
})
|
|
So(err, ShouldBeNil)
|
|
|
|
err = boltdbWrapper.UpdateSignaturesValidity("repo", digest.FromString("dig"))
|
|
So(err, ShouldNotBeNil)
|
|
})
|
|
|
|
Convey("manifest - bad content", func() {
|
|
err := boltdbWrapper.DB.Update(func(tx *bbolt.Tx) error {
|
|
dataBuck := tx.Bucket([]byte(bolt.ManifestDataBucket))
|
|
|
|
return dataBuck.Put([]byte("digest1"), []byte("wrong json"))
|
|
})
|
|
So(err, ShouldBeNil)
|
|
|
|
err = boltdbWrapper.UpdateSignaturesValidity("repo1", "digest1")
|
|
So(err, ShouldNotBeNil)
|
|
})
|
|
|
|
Convey("index - bad content", func() {
|
|
err := boltdbWrapper.DB.Update(func(tx *bbolt.Tx) error {
|
|
dataBuck := tx.Bucket([]byte(bolt.IndexDataBucket))
|
|
|
|
return dataBuck.Put([]byte("digest1"), []byte("wrong json"))
|
|
})
|
|
So(err, ShouldBeNil)
|
|
|
|
err = boltdbWrapper.UpdateSignaturesValidity("repo1", "digest1")
|
|
So(err, ShouldNotBeNil)
|
|
})
|
|
|
|
Convey("repo - bad content", func() {
|
|
// repo Meta not found
|
|
err := boltdbWrapper.SetManifestData(digest.FromString("dig"), repodb.ManifestData{
|
|
ManifestBlob: []byte("Bad Manifest"),
|
|
ConfigBlob: []byte("Bad Manifest"),
|
|
})
|
|
So(err, ShouldBeNil)
|
|
|
|
err = boltdbWrapper.DB.Update(func(tx *bbolt.Tx) error {
|
|
repoBuck := tx.Bucket([]byte(bolt.RepoMetadataBucket))
|
|
|
|
return repoBuck.Put([]byte("repo1"), []byte("wrong json"))
|
|
})
|
|
So(err, ShouldBeNil)
|
|
|
|
err = boltdbWrapper.UpdateSignaturesValidity("repo1", digest.FromString("dig"))
|
|
So(err, ShouldNotBeNil)
|
|
})
|
|
|
|
Convey("VerifySignature -> untrusted signature", func() {
|
|
err := boltdbWrapper.SetManifestData(digest.FromString("dig"), repodb.ManifestData{
|
|
ManifestBlob: []byte("Bad Manifest"),
|
|
ConfigBlob: []byte("Bad Manifest"),
|
|
})
|
|
So(err, ShouldBeNil)
|
|
|
|
err = boltdbWrapper.DB.Update(func(tx *bbolt.Tx) error {
|
|
repoBuck := tx.Bucket([]byte(bolt.RepoMetadataBucket))
|
|
|
|
return repoBuck.Put([]byte("repo1"), repoMetaBlob)
|
|
})
|
|
So(err, ShouldBeNil)
|
|
|
|
layerInfo := repodb.LayerInfo{LayerDigest: "", LayerContent: []byte{}, SignatureKey: ""}
|
|
|
|
err = boltdbWrapper.AddManifestSignature("repo1", digest.FromString("dig"),
|
|
repodb.SignatureMetadata{
|
|
SignatureType: signatures.CosignSignature,
|
|
SignatureDigest: string(digest.FromString("signature digest")),
|
|
LayersInfo: []repodb.LayerInfo{layerInfo},
|
|
})
|
|
So(err, ShouldBeNil)
|
|
|
|
err = boltdbWrapper.UpdateSignaturesValidity("repo1", digest.FromString("dig"))
|
|
So(err, ShouldBeNil)
|
|
|
|
repoData, err := boltdbWrapper.GetRepoMeta("repo1")
|
|
So(err, ShouldBeNil)
|
|
So(repoData.Signatures[string(digest.FromString("dig"))][signatures.CosignSignature][0].LayersInfo[0].Signer,
|
|
ShouldBeEmpty)
|
|
So(repoData.Signatures[string(digest.FromString("dig"))][signatures.CosignSignature][0].LayersInfo[0].Date,
|
|
ShouldBeZeroValue)
|
|
})
|
|
|
|
Convey("VerifySignature -> trusted signature", func() {
|
|
_, _, manifest, _ := test.GetRandomImageComponents(10)
|
|
manifestContent, _ := json.Marshal(manifest)
|
|
manifestDigest := digest.FromBytes(manifestContent)
|
|
|
|
err := boltdbWrapper.SetManifestData(manifestDigest, repodb.ManifestData{
|
|
ManifestBlob: manifestContent,
|
|
ConfigBlob: []byte("configContent"),
|
|
})
|
|
So(err, ShouldBeNil)
|
|
|
|
err = boltdbWrapper.DB.Update(func(tx *bbolt.Tx) error {
|
|
repoBuck := tx.Bucket([]byte(bolt.RepoMetadataBucket))
|
|
|
|
return repoBuck.Put([]byte("repo"), repoMetaBlob)
|
|
})
|
|
So(err, ShouldBeNil)
|
|
|
|
mediaType := jws.MediaTypeEnvelope
|
|
|
|
signOpts := notation.SignerSignOptions{
|
|
SignatureMediaType: mediaType,
|
|
PluginConfig: map[string]string{},
|
|
ExpiryDuration: 24 * time.Hour,
|
|
}
|
|
|
|
tdir := t.TempDir()
|
|
keyName := "notation-sign-test"
|
|
|
|
test.NotationPathLock.Lock()
|
|
defer test.NotationPathLock.Unlock()
|
|
|
|
test.LoadNotationPath(tdir)
|
|
|
|
err = test.GenerateNotationCerts(tdir, keyName)
|
|
So(err, ShouldBeNil)
|
|
|
|
// getSigner
|
|
var newSigner notation.Signer
|
|
|
|
// ResolveKey
|
|
signingKeys, err := test.LoadNotationSigningkeys(tdir)
|
|
So(err, ShouldBeNil)
|
|
|
|
idx := test.Index(signingKeys.Keys, keyName)
|
|
So(idx, ShouldBeGreaterThanOrEqualTo, 0)
|
|
|
|
key := signingKeys.Keys[idx]
|
|
|
|
if key.X509KeyPair != nil {
|
|
newSigner, err = signer.NewFromFiles(key.X509KeyPair.KeyPath, key.X509KeyPair.CertificatePath)
|
|
So(err, ShouldBeNil)
|
|
}
|
|
|
|
descToSign := ispec.Descriptor{
|
|
MediaType: manifest.MediaType,
|
|
Digest: manifestDigest,
|
|
Size: int64(len(manifestContent)),
|
|
}
|
|
sig, _, err := newSigner.Sign(ctx, descToSign, signOpts)
|
|
So(err, ShouldBeNil)
|
|
|
|
layerInfo := repodb.LayerInfo{
|
|
LayerDigest: string(digest.FromBytes(sig)),
|
|
LayerContent: sig, SignatureKey: mediaType,
|
|
}
|
|
|
|
err = boltdbWrapper.AddManifestSignature("repo", manifestDigest,
|
|
repodb.SignatureMetadata{
|
|
SignatureType: signatures.NotationSignature,
|
|
SignatureDigest: string(digest.FromString("signature digest")),
|
|
LayersInfo: []repodb.LayerInfo{layerInfo},
|
|
})
|
|
So(err, ShouldBeNil)
|
|
|
|
err = signatures.InitNotationDir(tdir)
|
|
So(err, ShouldBeNil)
|
|
|
|
trustpolicyPath := path.Join(tdir, "_notation/trustpolicy.json")
|
|
|
|
if _, err := os.Stat(trustpolicyPath); errors.Is(err, os.ErrNotExist) {
|
|
trustPolicy := `
|
|
{
|
|
"version": "1.0",
|
|
"trustPolicies": [
|
|
{
|
|
"name": "notation-sign-test",
|
|
"registryScopes": [ "*" ],
|
|
"signatureVerification": {
|
|
"level" : "strict"
|
|
},
|
|
"trustStores": ["ca:notation-sign-test"],
|
|
"trustedIdentities": [
|
|
"*"
|
|
]
|
|
}
|
|
]
|
|
}`
|
|
|
|
file, err := os.Create(trustpolicyPath)
|
|
So(err, ShouldBeNil)
|
|
|
|
defer file.Close()
|
|
|
|
_, err = file.WriteString(trustPolicy)
|
|
So(err, ShouldBeNil)
|
|
}
|
|
|
|
truststore := "_notation/truststore/x509/ca/notation-sign-test"
|
|
truststoreSrc := "notation/truststore/x509/ca/notation-sign-test"
|
|
err = os.MkdirAll(path.Join(tdir, truststore), 0o755)
|
|
So(err, ShouldBeNil)
|
|
|
|
err = test.CopyFile(path.Join(tdir, truststoreSrc, "notation-sign-test.crt"),
|
|
path.Join(tdir, truststore, "notation-sign-test.crt"))
|
|
So(err, ShouldBeNil)
|
|
|
|
err = boltdbWrapper.UpdateSignaturesValidity("repo", manifestDigest) //nolint:contextcheck
|
|
So(err, ShouldBeNil)
|
|
|
|
repoData, err := boltdbWrapper.GetRepoMeta("repo")
|
|
So(err, ShouldBeNil)
|
|
So(repoData.Signatures[string(manifestDigest)][signatures.NotationSignature][0].LayersInfo[0].Signer,
|
|
ShouldNotBeEmpty)
|
|
So(repoData.Signatures[string(manifestDigest)][signatures.NotationSignature][0].LayersInfo[0].Date,
|
|
ShouldNotBeZeroValue)
|
|
})
|
|
})
|
|
})
|
|
}
|
|
|
|
func setBadIndexData(dB *bbolt.DB, digest string) error {
|
|
return dB.Update(func(tx *bbolt.Tx) error {
|
|
indexDataBuck := tx.Bucket([]byte(bolt.IndexDataBucket))
|
|
|
|
return indexDataBuck.Put([]byte(digest), []byte("bad json"))
|
|
})
|
|
}
|