From 7f9052972d7adb4daf840722a81663b9be4102e5 Mon Sep 17 00:00:00 2001 From: Lisca Ana-Roberta <55219463+aokirisaki@users.noreply.github.com> Date: Thu, 20 Oct 2022 19:35:24 +0300 Subject: [PATCH] fix: zli images show if signed instead of signature (#886) Signed-off-by: Lisca Ana-Roberta --- pkg/cli/cve_cmd_test.go | 34 ++--- pkg/cli/image_cmd_test.go | 223 ++++++++++++++++++++++++------ pkg/cli/searcher.go | 4 +- pkg/cli/service.go | 16 ++- pkg/extensions/search/resolver.go | 9 +- 5 files changed, 217 insertions(+), 69 deletions(-) diff --git a/pkg/cli/cve_cmd_test.go b/pkg/cli/cve_cmd_test.go index cd693d24..5144f23a 100644 --- a/pkg/cli/cve_cmd_test.go +++ b/pkg/cli/cve_cmd_test.go @@ -181,7 +181,7 @@ func TestSearchCVECmd(t *testing.T) { So(err, ShouldBeNil) space := regexp.MustCompile(`\s+`) str := space.ReplaceAllString(buff.String(), " ") - So(strings.TrimSpace(str), ShouldEqual, "IMAGE NAME TAG DIGEST SIZE dummyImageName tag DigestsA 123kB") + So(strings.TrimSpace(str), ShouldEqual, "IMAGE NAME TAG DIGEST SIGNED SIZE dummyImageName tag DigestsA false 123kB") Convey("using shorthand", func() { args := []string{"cvetest", "-I", "dummyImageName", "--cve-id", "aCVEID", "--url", "someURL"} buff := bytes.NewBufferString("") @@ -195,7 +195,7 @@ func TestSearchCVECmd(t *testing.T) { So(err, ShouldBeNil) space := regexp.MustCompile(`\s+`) str := space.ReplaceAllString(buff.String(), " ") - So(strings.TrimSpace(str), ShouldEqual, "IMAGE NAME TAG DIGEST SIZE dummyImageName tag DigestsA 123kB") + So(strings.TrimSpace(str), ShouldEqual, "IMAGE NAME TAG DIGEST SIGNED SIZE dummyImageName tag DigestsA false 123kB") }) }) @@ -279,7 +279,7 @@ func TestSearchCVECmd(t *testing.T) { err := cveCmd.Execute() space := regexp.MustCompile(`\s+`) str := space.ReplaceAllString(buff.String(), " ") - So(strings.TrimSpace(str), ShouldEqual, "IMAGE NAME TAG DIGEST SIZE anImage tag DigestsA 123kB") + So(strings.TrimSpace(str), ShouldEqual, "IMAGE NAME TAG DIGEST SIGNED SIZE anImage tag DigestsA false 123kB") So(err, ShouldBeNil) Convey("invalid CVE ID", func() { @@ -324,7 +324,7 @@ func TestSearchCVECmd(t *testing.T) { space := regexp.MustCompile(`\s+`) str := space.ReplaceAllString(buff.String(), " ") So(err, ShouldBeNil) - So(strings.TrimSpace(str), ShouldEqual, "IMAGE NAME TAG DIGEST SIZE fixedImage tag DigestsA 123kB") + So(strings.TrimSpace(str), ShouldEqual, "IMAGE NAME TAG DIGEST SIGNED SIZE fixedImage tag DigestsA false 123kB") Convey("invalid image name", func() { args := []string{"cvetest", "--cve-id", "aCVEID", "--image", "invalidImageName"} @@ -464,7 +464,7 @@ func TestServerCVEResponseGQL(t *testing.T) { str := space.ReplaceAllString(buff.String(), " ") str = strings.TrimSpace(str) So(err, ShouldBeNil) - So(str, ShouldEqual, "IMAGE NAME TAG DIGEST SIZE zot-cve-test 0.0.1 63a795ca 75MB") + So(str, ShouldEqual, "IMAGE NAME TAG DIGEST SIGNED SIZE zot-cve-test 0.0.1 63a795ca false 75MB") Convey("invalid CVE ID", func() { args := []string{"cvetest", "--cve-id", "invalid"} @@ -480,7 +480,7 @@ func TestServerCVEResponseGQL(t *testing.T) { str := space.ReplaceAllString(buff.String(), " ") str = strings.TrimSpace(str) So(err, ShouldBeNil) - So(str, ShouldNotContainSubstring, "IMAGE NAME TAG DIGEST SIZE") + So(str, ShouldNotContainSubstring, "IMAGE NAME TAG DIGEST SIGNED SIZE") }) Convey("invalid output format", func() { @@ -528,7 +528,7 @@ func TestServerCVEResponseGQL(t *testing.T) { str := space.ReplaceAllString(buff.String(), " ") str = strings.TrimSpace(str) So(err, ShouldBeNil) - So(strings.TrimSpace(str), ShouldContainSubstring, "IMAGE NAME TAG DIGEST SIZE") + So(strings.TrimSpace(str), ShouldContainSubstring, "IMAGE NAME TAG DIGEST SIGNED SIZE") }) Convey("random image", func() { @@ -545,7 +545,7 @@ func TestServerCVEResponseGQL(t *testing.T) { str := space.ReplaceAllString(buff.String(), " ") str = strings.TrimSpace(str) So(err, ShouldNotBeNil) - So(strings.TrimSpace(str), ShouldNotContainSubstring, "IMAGE NAME TAG DIGEST SIZE") + So(strings.TrimSpace(str), ShouldNotContainSubstring, "IMAGE NAME TAG DIGEST SIGNED SIZE") }) Convey("invalid image", func() { @@ -562,7 +562,7 @@ func TestServerCVEResponseGQL(t *testing.T) { str := space.ReplaceAllString(buff.String(), " ") str = strings.TrimSpace(str) So(err, ShouldNotBeNil) - So(strings.TrimSpace(str), ShouldNotContainSubstring, "IMAGE NAME TAG DIGEST SIZE") + So(strings.TrimSpace(str), ShouldNotContainSubstring, "IMAGE NAME TAG DIGEST SIGNED SIZE") }) }) @@ -579,7 +579,7 @@ func TestServerCVEResponseGQL(t *testing.T) { space := regexp.MustCompile(`\s+`) str := space.ReplaceAllString(buff.String(), " ") So(err, ShouldBeNil) - So(strings.TrimSpace(str), ShouldEqual, "IMAGE NAME TAG DIGEST SIZE zot-cve-test 0.0.1 63a795ca 75MB") + So(strings.TrimSpace(str), ShouldEqual, "IMAGE NAME TAG DIGEST SIGNED SIZE zot-cve-test 0.0.1 63a795ca false 75MB") Convey("invalid name and CVE ID", func() { args := []string{"cvetest", "--image", "test", "--cve-id", "CVE-20807"} @@ -594,7 +594,7 @@ func TestServerCVEResponseGQL(t *testing.T) { space := regexp.MustCompile(`\s+`) str := space.ReplaceAllString(buff.String(), " ") So(err, ShouldBeNil) - So(strings.TrimSpace(str), ShouldNotContainSubstring, "IMAGE NAME TAG DIGEST SIZE") + So(strings.TrimSpace(str), ShouldNotContainSubstring, "IMAGE NAME TAG SIGNED SIZE") }) Convey("invalid output format", func() { @@ -845,7 +845,7 @@ func TestServerCVEResponse(t *testing.T) { str := space.ReplaceAllString(buff.String(), " ") str = strings.TrimSpace(str) So(err, ShouldBeNil) - So(str, ShouldEqual, "IMAGE NAME TAG DIGEST SIZE zot-cve-test 0.0.1 63a795ca 75MB") + So(str, ShouldEqual, "IMAGE NAME TAG DIGEST SIGNED SIZE zot-cve-test 0.0.1 63a795ca false 75MB") Convey("invalid CVE ID", func() { args := []string{"cvetest", "--cve-id", "invalid"} configPath := makeConfigFile(fmt.Sprintf(`{"configs":[{"_name":"cvetest","url":"%s","showspinner":false}]}`, url)) @@ -860,7 +860,7 @@ func TestServerCVEResponse(t *testing.T) { str := space.ReplaceAllString(buff.String(), " ") str = strings.TrimSpace(str) So(err, ShouldBeNil) - So(str, ShouldNotContainSubstring, "IMAGE NAME TAG DIGEST SIZE") + So(str, ShouldNotContainSubstring, "IMAGE NAME TAG DIGEST SIGNED SIZE") }) }) @@ -893,7 +893,7 @@ func TestServerCVEResponse(t *testing.T) { str := space.ReplaceAllString(buff.String(), " ") str = strings.TrimSpace(str) So(err, ShouldBeNil) - So(strings.TrimSpace(str), ShouldContainSubstring, "IMAGE NAME TAG DIGEST SIZE") + So(strings.TrimSpace(str), ShouldContainSubstring, "IMAGE NAME TAG DIGEST SIGNED SIZE") }) Convey("invalid image", func() { @@ -910,7 +910,7 @@ func TestServerCVEResponse(t *testing.T) { str := space.ReplaceAllString(buff.String(), " ") str = strings.TrimSpace(str) So(err, ShouldNotBeNil) - So(strings.TrimSpace(str), ShouldNotContainSubstring, "IMAGE NAME TAG DIGEST SIZE") + So(strings.TrimSpace(str), ShouldNotContainSubstring, "IMAGE NAME TAG DIGEST SIGNED SIZE") }) }) @@ -927,7 +927,7 @@ func TestServerCVEResponse(t *testing.T) { space := regexp.MustCompile(`\s+`) str := space.ReplaceAllString(buff.String(), " ") So(err, ShouldBeNil) - So(strings.TrimSpace(str), ShouldEqual, "IMAGE NAME TAG DIGEST SIZE zot-cve-test 0.0.1 63a795ca 75MB") + So(strings.TrimSpace(str), ShouldEqual, "IMAGE NAME TAG DIGEST SIGNED SIZE zot-cve-test 0.0.1 63a795ca false 75MB") Convey("invalid name and CVE ID", func() { args := []string{"cvetest", "--image", "test", "--cve-id", "CVE-20807"} configPath := makeConfigFile(fmt.Sprintf(`{"configs":[{"_name":"cvetest","url":"%s","showspinner":false}]}`, url)) @@ -941,7 +941,7 @@ func TestServerCVEResponse(t *testing.T) { space := regexp.MustCompile(`\s+`) str := space.ReplaceAllString(buff.String(), " ") So(err, ShouldBeNil) - So(strings.TrimSpace(str), ShouldNotContainSubstring, "IMAGE NAME TAG DIGEST SIZE") + So(strings.TrimSpace(str), ShouldNotContainSubstring, "IMAGE NAME TAG DIGEST SIGNED SIZE") }) }) } diff --git a/pkg/cli/image_cmd_test.go b/pkg/cli/image_cmd_test.go index a8193071..6a23b8a1 100644 --- a/pkg/cli/image_cmd_test.go +++ b/pkg/cli/image_cmd_test.go @@ -19,6 +19,9 @@ import ( godigest "github.com/opencontainers/go-digest" ispec "github.com/opencontainers/image-spec/specs-go/v1" + "github.com/sigstore/cosign/cmd/cosign/cli/generate" + "github.com/sigstore/cosign/cmd/cosign/cli/options" + "github.com/sigstore/cosign/cmd/cosign/cli/sign" . "github.com/smartystreets/goconvey/convey" "github.com/spf13/cobra" "gopkg.in/resty.v1" @@ -182,7 +185,7 @@ func TestSearchImageCmd(t *testing.T) { err := cmd.Execute() space := regexp.MustCompile(`\s+`) str := space.ReplaceAllString(buff.String(), " ") - So(strings.TrimSpace(str), ShouldEqual, "IMAGE NAME TAG DIGEST SIZE dummyImageName tag DigestsA 123kB") + So(strings.TrimSpace(str), ShouldEqual, "IMAGE NAME TAG DIGEST SIGNED SIZE dummyImageName tag DigestsA false 123kB") So(err, ShouldBeNil) }) @@ -198,7 +201,7 @@ func TestSearchImageCmd(t *testing.T) { err := imageCmd.Execute() space := regexp.MustCompile(`\s+`) str := space.ReplaceAllString(buff.String(), " ") - So(strings.TrimSpace(str), ShouldEqual, "IMAGE NAME TAG DIGEST SIZE dummyImageName tag DigestsA 123kB") + So(strings.TrimSpace(str), ShouldEqual, "IMAGE NAME TAG DIGEST SIGNED SIZE dummyImageName tag DigestsA false 123kB") So(err, ShouldBeNil) Convey("using shorthand", func() { args := []string{"imagetest", "-n", "dummyImageName", "--url", "someUrlImage"} @@ -213,7 +216,7 @@ func TestSearchImageCmd(t *testing.T) { space := regexp.MustCompile(`\s+`) str := space.ReplaceAllString(buff.String(), " ") - So(strings.TrimSpace(str), ShouldEqual, "IMAGE NAME TAG DIGEST SIZE dummyImageName tag DigestsA 123kB") + So(strings.TrimSpace(str), ShouldEqual, "IMAGE NAME TAG DIGEST SIGNED SIZE dummyImageName tag DigestsA false 123kB") So(err, ShouldBeNil) }) }) @@ -230,7 +233,7 @@ func TestSearchImageCmd(t *testing.T) { err := imageCmd.Execute() space := regexp.MustCompile(`\s+`) str := space.ReplaceAllString(buff.String(), " ") - So(strings.TrimSpace(str), ShouldEqual, "IMAGE NAME TAG DIGEST SIZE anImage tag DigestsA 123kB") + So(strings.TrimSpace(str), ShouldEqual, "IMAGE NAME TAG DIGEST SIGNED SIZE anImage tag DigestsA false 123kB") So(err, ShouldBeNil) Convey("invalid URL format", func() { @@ -250,6 +253,134 @@ func TestSearchImageCmd(t *testing.T) { }) } +func TestSignature(t *testing.T) { + Convey("Test from real server", t, func() { + currentWorkingDir, err := os.Getwd() + So(err, ShouldBeNil) + + currentDir := t.TempDir() + err = os.Chdir(currentDir) + So(err, ShouldBeNil) + + port := test.GetFreePort() + url := test.GetBaseURL(port) + conf := config.New() + conf.HTTP.Port = port + defaultVal := true + conf.Extensions = &extconf.ExtensionConfig{ + Search: &extconf.SearchConfig{Enable: &defaultVal}, + } + ctlr := api.NewController(conf) + ctlr.Config.Storage.RootDirectory = currentDir + go func(controller *api.Controller) { + // this blocks + if err := controller.Run(context.Background()); err != nil { + return + } + }(ctlr) + // wait till ready + for { + _, err := resty.R().Get(url) + if err == nil { + break + } + + time.Sleep(100 * time.Millisecond) + } + defer func(controller *api.Controller) { + ctx := context.Background() + _ = controller.Server.Shutdown(ctx) + }(ctlr) + + // create a blob/layer + resp, _ := resty.R().Post(url + "/v2/repo7/blobs/uploads/") + loc := test.Location(url, resp) + + content := []byte("this is a blob5") + digest := godigest.FromBytes(content) + _, _ = resty.R().SetQueryParam("digest", digest.String()). + SetHeader("Content-Type", "application/octet-stream").SetBody(content).Put(loc) + + // upload image config blob + resp, _ = resty.R().Post(url + "/v2/repo7/blobs/uploads/") + loc = test.Location(url, resp) + cblob, cdigest := test.GetImageConfig() + + _, _ = resty.R(). + SetContentLength(true). + SetHeader("Content-Length", fmt.Sprintf("%d", len(cblob))). + SetHeader("Content-Type", "application/octet-stream"). + SetQueryParam("digest", cdigest.String()). + SetBody(cblob). + Put(loc) + + // create a manifest + manifest := ispec.Manifest{ + Config: ispec.Descriptor{ + MediaType: "application/vnd.oci.image.config.v1+json", + Digest: cdigest, + Size: int64(len(cblob)), + }, + Layers: []ispec.Descriptor{ + { + MediaType: "application/vnd.oci.image.layer.v1.tar", + Digest: digest, + Size: int64(len(content)), + }, + }, + } + manifest.SchemaVersion = 2 + + content, err = json.Marshal(manifest) + So(err, ShouldBeNil) + + _, _ = resty.R().SetHeader("Content-Type", "application/vnd.oci.image.manifest.v1+json"). + SetBody(content).Put(url + "/v2/repo7/manifests/test:1.0") + + // content = []byte("this is a blob5") + digest = godigest.FromBytes(content) + + // generate a keypair + if _, err := os.Stat(path.Join(currentDir, "cosign.key")); err != nil { + os.Setenv("COSIGN_PASSWORD", "") + err = generate.GenerateKeyPairCmd(context.TODO(), "", nil) + So(err, ShouldBeNil) + } + + _, err = os.Stat(path.Join(currentDir, "cosign.key")) + So(err, ShouldBeNil) + + // sign the image + err = sign.SignCmd(&options.RootOptions{Verbose: true, Timeout: 1 * time.Minute}, + options.KeyOpts{KeyRef: path.Join(currentDir, "cosign.key"), PassFunc: generate.GetPass}, + options.RegistryOptions{AllowInsecure: true}, + map[string]interface{}{"tag": "test:1.0"}, + []string{fmt.Sprintf("localhost:%s/%s@%s", port, "repo7", digest.String())}, + "", "", true, "", "", "", false, false, "", true) + So(err, ShouldBeNil) + + t.Logf("%s", ctlr.Config.Storage.RootDirectory) + args := []string{"imagetest"} + configPath := makeConfigFile(fmt.Sprintf(`{"configs":[{"_name":"imagetest","url":"%s","showspinner":false}]}`, url)) + defer os.Remove(configPath) + cmd := NewImageCommand(new(searchService)) + buff := &bytes.Buffer{} + cmd.SetOut(buff) + cmd.SetErr(buff) + cmd.SetArgs(args) + err = cmd.Execute() + So(err, ShouldBeNil) + space := regexp.MustCompile(`\s+`) + str := space.ReplaceAllString(buff.String(), " ") + actual := strings.TrimSpace(str) + So(actual, ShouldContainSubstring, "IMAGE NAME TAG DIGEST SIGNED SIZE") + So(actual, ShouldContainSubstring, "repo7 test:1.0 883fc0c5 true") + + err = os.Chdir(currentWorkingDir) + So(err, ShouldBeNil) + }) +} + //nolint:dupl func TestDerivedImageList(t *testing.T) { Convey("Test from real server", t, func() { @@ -303,8 +434,8 @@ func TestDerivedImageList(t *testing.T) { space := regexp.MustCompile(`\s+`) str := space.ReplaceAllString(buff.String(), " ") actual := strings.TrimSpace(str) - So(actual, ShouldContainSubstring, "IMAGE NAME TAG DIGEST SIZE") - So(actual, ShouldContainSubstring, "repo7 test:2.0 883fc0c5 492B") + So(actual, ShouldContainSubstring, "IMAGE NAME TAG DIGEST SIGNED SIZE") + So(actual, ShouldContainSubstring, "repo7 test:2.0 883fc0c5 false 492B") }) Convey("Test derived images fail", func() { @@ -397,8 +528,8 @@ func TestBaseImageList(t *testing.T) { space := regexp.MustCompile(`\s+`) str := space.ReplaceAllString(buff.String(), " ") actual := strings.TrimSpace(str) - So(actual, ShouldContainSubstring, "IMAGE NAME TAG DIGEST SIZE") - So(actual, ShouldContainSubstring, "repo7 test:2.0 883fc0c5 492B") + So(actual, ShouldContainSubstring, "IMAGE NAME TAG DIGEST SIGNED SIZE") + So(actual, ShouldContainSubstring, "repo7 test:2.0 883fc0c5 false 492B") }) Convey("Test base images fail", func() { @@ -594,7 +725,7 @@ func TestOutputFormat(t *testing.T) { err := cmd.Execute() space := regexp.MustCompile(`\s+`) str := space.ReplaceAllString(buff.String(), " ") - So(strings.TrimSpace(str), ShouldEqual, "IMAGE NAME TAG DIGEST SIZE dummyImageName tag DigestsA 123kB") + So(strings.TrimSpace(str), ShouldEqual, "IMAGE NAME TAG DIGEST SIGNED SIZE dummyImageName tag DigestsA false 123kB") So(err, ShouldBeNil) }) @@ -613,7 +744,7 @@ func TestOutputFormat(t *testing.T) { space := regexp.MustCompile(`\s+`) str := space.ReplaceAllString(buff.String(), " ") So(strings.TrimSpace(str), ShouldEqual, `{ "repoName": "dummyImageName", "tag": "tag", `+ - `"configDigest": "", "digest": "DigestsAreReallyLong", "layers": null, "size": "123445" }`) + `"configDigest": "", "digest": "DigestsAreReallyLong", "layers": null, "size": "123445", "isSigned": false }`) So(err, ShouldBeNil) }) @@ -633,7 +764,8 @@ func TestOutputFormat(t *testing.T) { strings.TrimSpace(str), ShouldEqual, `reponame: dummyImageName tag: tag configdigest: "" `+ - `digest: DigestsAreReallyLong layers: [] size: "123445"`, + `digest: DigestsAreReallyLong layers: [] size: "123445" `+ + `issigned: false`, ) So(err, ShouldBeNil) @@ -656,7 +788,8 @@ func TestOutputFormat(t *testing.T) { strings.TrimSpace(str), ShouldEqual, `reponame: dummyImageName tag: tag configdigest: "" `+ - `digest: DigestsAreReallyLong layers: [] size: "123445"`, + `digest: DigestsAreReallyLong layers: [] size: "123445" `+ + `issigned: false`, ) So(err, ShouldBeNil) }) @@ -728,9 +861,9 @@ func TestServerResponseGQL(t *testing.T) { space := regexp.MustCompile(`\s+`) str := space.ReplaceAllString(buff.String(), " ") actual := strings.TrimSpace(str) - So(actual, ShouldContainSubstring, "IMAGE NAME TAG DIGEST SIZE") - So(actual, ShouldContainSubstring, "repo7 test:2.0 883fc0c5 15B") - So(actual, ShouldContainSubstring, "repo7 test:1.0 883fc0c5 15B") + So(actual, ShouldContainSubstring, "IMAGE NAME TAG DIGEST SIGNED SIZE") + So(actual, ShouldContainSubstring, "repo7 test:2.0 883fc0c5 false 15B") + So(actual, ShouldContainSubstring, "repo7 test:1.0 883fc0c5 false 15B") Convey("Test all images invalid output format", func() { args := []string{"imagetest", "-o", "random"} configPath := makeConfigFile(fmt.Sprintf(`{"configs":[{"_name":"imagetest","url":"%s","showspinner":false}]}`, url)) @@ -766,9 +899,9 @@ func TestServerResponseGQL(t *testing.T) { // b8781e88 15B // repo7 test:1.0 a0ca253b b8781e88 15B // b8781e88 15B - So(actual, ShouldContainSubstring, "IMAGE NAME TAG DIGEST CONFIG LAYERS SIZE") - So(actual, ShouldContainSubstring, "repo7 test:2.0 883fc0c5 3a1d2d0c 15B b8781e88 15B") - So(actual, ShouldContainSubstring, "repo7 test:1.0 883fc0c5 3a1d2d0c 15B b8781e88 15B") + So(actual, ShouldContainSubstring, "IMAGE NAME TAG DIGEST CONFIG SIGNED LAYERS SIZE") + So(actual, ShouldContainSubstring, "repo7 test:2.0 883fc0c5 3a1d2d0c false 15B b8781e88 15B") + So(actual, ShouldContainSubstring, "repo7 test:1.0 883fc0c5 3a1d2d0c false 15B b8781e88 15B") }) Convey("Test all images with debug flag", func() { @@ -786,9 +919,9 @@ func TestServerResponseGQL(t *testing.T) { str := space.ReplaceAllString(buff.String(), " ") actual := strings.TrimSpace(str) So(actual, ShouldContainSubstring, "GET") - So(actual, ShouldContainSubstring, "IMAGE NAME TAG DIGEST SIZE") - So(actual, ShouldContainSubstring, "repo7 test:2.0 883fc0c5 15B") - So(actual, ShouldContainSubstring, "repo7 test:1.0 883fc0c5 15B") + So(actual, ShouldContainSubstring, "IMAGE NAME TAG DIGEST SIGNED SIZE") + So(actual, ShouldContainSubstring, "repo7 test:2.0 883fc0c5 false 15B") + So(actual, ShouldContainSubstring, "repo7 test:1.0 883fc0c5 false 15B") }) Convey("Test image by name config url", func() { @@ -805,9 +938,9 @@ func TestServerResponseGQL(t *testing.T) { space := regexp.MustCompile(`\s+`) str := space.ReplaceAllString(buff.String(), " ") actual := strings.TrimSpace(str) - So(actual, ShouldContainSubstring, "IMAGE NAME TAG DIGEST SIZE") - So(actual, ShouldContainSubstring, "repo7 test:2.0 883fc0c5 15B") - So(actual, ShouldContainSubstring, "repo7 test:1.0 883fc0c5 15B") + So(actual, ShouldContainSubstring, "IMAGE NAME TAG DIGEST SIGNED SIZE") + So(actual, ShouldContainSubstring, "repo7 test:2.0 883fc0c5 false 15B") + So(actual, ShouldContainSubstring, "repo7 test:1.0 883fc0c5 false 15B") Convey("with shorthand", func() { args := []string{"imagetest", "-n", "repo7"} @@ -823,9 +956,9 @@ func TestServerResponseGQL(t *testing.T) { space := regexp.MustCompile(`\s+`) str := space.ReplaceAllString(buff.String(), " ") actual := strings.TrimSpace(str) - So(actual, ShouldContainSubstring, "IMAGE NAME TAG DIGEST SIZE") - So(actual, ShouldContainSubstring, "repo7 test:2.0 883fc0c5 15B") - So(actual, ShouldContainSubstring, "repo7 test:1.0 883fc0c5 15B") + So(actual, ShouldContainSubstring, "IMAGE NAME TAG DIGEST SIGNED SIZE") + So(actual, ShouldContainSubstring, "repo7 test:2.0 883fc0c5 false 15B") + So(actual, ShouldContainSubstring, "repo7 test:1.0 883fc0c5 false 15B") }) Convey("invalid output format", func() { @@ -861,9 +994,9 @@ func TestServerResponseGQL(t *testing.T) { // IMAGE NAME TAG DIGEST SIZE // repo7 test:2.0 a0ca253b 15B // repo7 test:1.0 a0ca253b 15B - So(actual, ShouldContainSubstring, "IMAGE NAME TAG DIGEST SIZE") - So(actual, ShouldContainSubstring, "repo7 test:2.0 883fc0c5 15B") - So(actual, ShouldContainSubstring, "repo7 test:1.0 883fc0c5 15B") + So(actual, ShouldContainSubstring, "IMAGE NAME TAG DIGEST SIGNED SIZE") + So(actual, ShouldContainSubstring, "repo7 test:2.0 883fc0c5 false 15B") + So(actual, ShouldContainSubstring, "repo7 test:1.0 883fc0c5 false 15B") Convey("with shorthand", func() { args := []string{"imagetest", "-d", "883fc0c5"} @@ -879,9 +1012,9 @@ func TestServerResponseGQL(t *testing.T) { space := regexp.MustCompile(`\s+`) str := space.ReplaceAllString(buff.String(), " ") actual := strings.TrimSpace(str) - So(actual, ShouldContainSubstring, "IMAGE NAME TAG DIGEST SIZE") - So(actual, ShouldContainSubstring, "repo7 test:2.0 883fc0c5 15B") - So(actual, ShouldContainSubstring, "repo7 test:1.0 883fc0c5 15B") + So(actual, ShouldContainSubstring, "IMAGE NAME TAG DIGEST SIGNED SIZE") + So(actual, ShouldContainSubstring, "repo7 test:2.0 883fc0c5 false 15B") + So(actual, ShouldContainSubstring, "repo7 test:1.0 883fc0c5 false 15B") }) Convey("nonexistent digest", func() { @@ -1001,9 +1134,9 @@ func TestServerResponse(t *testing.T) { space := regexp.MustCompile(`\s+`) str := space.ReplaceAllString(buff.String(), " ") actual := strings.TrimSpace(str) - So(actual, ShouldContainSubstring, "IMAGE NAME TAG DIGEST SIZE") - So(actual, ShouldContainSubstring, "repo7 test:2.0 883fc0c5 15B") - So(actual, ShouldContainSubstring, "repo7 test:1.0 883fc0c5 15B") + So(actual, ShouldContainSubstring, "IMAGE NAME TAG DIGEST SIGNED SIZE") + So(actual, ShouldContainSubstring, "repo7 test:2.0 883fc0c5 false 15B") + So(actual, ShouldContainSubstring, "repo7 test:1.0 883fc0c5 false 15B") }) Convey("Test all images verbose", func() { @@ -1026,9 +1159,9 @@ func TestServerResponse(t *testing.T) { // b8781e88 15B // repo7 test:1.0 a0ca253b b8781e88 15B // b8781e88 15B - So(actual, ShouldContainSubstring, "IMAGE NAME TAG DIGEST CONFIG LAYERS SIZE") - So(actual, ShouldContainSubstring, "repo7 test:2.0 883fc0c5 3a1d2d0c 15B b8781e88 15B") - So(actual, ShouldContainSubstring, "repo7 test:1.0 883fc0c5 3a1d2d0c 15B b8781e88 15B") + So(actual, ShouldContainSubstring, "IMAGE NAME TAG DIGEST CONFIG SIGNED LAYERS SIZE") + So(actual, ShouldContainSubstring, "repo7 test:2.0 883fc0c5 3a1d2d0c false 15B b8781e88 15B") + So(actual, ShouldContainSubstring, "repo7 test:1.0 883fc0c5 3a1d2d0c false 15B b8781e88 15B") }) Convey("Test image by name", func() { @@ -1045,9 +1178,9 @@ func TestServerResponse(t *testing.T) { space := regexp.MustCompile(`\s+`) str := space.ReplaceAllString(buff.String(), " ") actual := strings.TrimSpace(str) - So(actual, ShouldContainSubstring, "IMAGE NAME TAG DIGEST SIZE") - So(actual, ShouldContainSubstring, "repo7 test:2.0 883fc0c5 15B") - So(actual, ShouldContainSubstring, "repo7 test:1.0 883fc0c5 15B") + So(actual, ShouldContainSubstring, "IMAGE NAME TAG DIGEST SIGNED SIZE") + So(actual, ShouldContainSubstring, "repo7 test:2.0 883fc0c5 false 15B") + So(actual, ShouldContainSubstring, "repo7 test:1.0 883fc0c5 false 15B") }) Convey("Test image by digest", func() { @@ -1068,9 +1201,9 @@ func TestServerResponse(t *testing.T) { // IMAGE NAME TAG DIGEST SIZE // repo7 test:2.0 a0ca253b 15B // repo7 test:1.0 a0ca253b 15B - So(actual, ShouldContainSubstring, "IMAGE NAME TAG DIGEST SIZE") - So(actual, ShouldContainSubstring, "repo7 test:2.0 883fc0c5 15B") - So(actual, ShouldContainSubstring, "repo7 test:1.0 883fc0c5 15B") + So(actual, ShouldContainSubstring, "IMAGE NAME TAG DIGEST SIGNED SIZE") + So(actual, ShouldContainSubstring, "repo7 test:2.0 883fc0c5 false 15B") + So(actual, ShouldContainSubstring, "repo7 test:1.0 883fc0c5 false 15B") Convey("nonexistent digest", func() { args := []string{"imagetest", "--digest", "d1g35t"} diff --git a/pkg/cli/searcher.go b/pkg/cli/searcher.go index 1ec4abee..f95fdd99 100644 --- a/pkg/cli/searcher.go +++ b/pkg/cli/searcher.go @@ -700,13 +700,14 @@ func printImageTableHeader(writer io.Writer, verbose bool, maxImageNameLen, maxT table.SetColMinWidth(colTagIndex, tagWidth) table.SetColMinWidth(colDigestIndex, digestWidth) table.SetColMinWidth(colSizeIndex, sizeWidth) + table.SetColMinWidth(colIsSignedIndex, isSignedWidth) if verbose { table.SetColMinWidth(colConfigIndex, configWidth) table.SetColMinWidth(colLayersIndex, layersWidth) } - row := make([]string, 6) //nolint:gomnd + row := make([]string, 7) //nolint:gomnd // adding spaces so that image name and tag columns are aligned // in case the name/tag are fully shown and too long @@ -727,6 +728,7 @@ func printImageTableHeader(writer io.Writer, verbose bool, maxImageNameLen, maxT row[colDigestIndex] = "DIGEST" row[colSizeIndex] = "SIZE" + row[colIsSignedIndex] = "SIGNED" if verbose { row[colConfigIndex] = "CONFIG" diff --git a/pkg/cli/service.go b/pkg/cli/service.go index 34108719..1f9668c8 100644 --- a/pkg/cli/service.go +++ b/pkg/cli/service.go @@ -119,7 +119,7 @@ func (service searchService) getImagesGQL(ctx context.Context, config searchConf imageName string, ) (*imageListStructGQL, error) { query := fmt.Sprintf(`{ImageList(repo: "%s") {`+` - RepoName Tag Digest ConfigDigest Size Layers {Size Digest}} + RepoName Tag Digest ConfigDigest Size Layers {Size Digest} IsSigned} }`, imageName) result := &imageListStructGQL{} @@ -846,6 +846,7 @@ type imageStruct struct { Layers []layer `json:"layers"` Size string `json:"size"` verbose bool + IsSigned bool `json:"isSigned"` } type imageListStructGQL struct { @@ -911,6 +912,7 @@ func (img imageStruct) stringPlainText(maxImgNameLen, maxTagLen int) (string, er table.SetColMinWidth(colDigestIndex, digestWidth) table.SetColMinWidth(colSizeIndex, sizeWidth) + table.SetColMinWidth(colIsSignedIndex, isSignedWidth) if img.verbose { table.SetColMinWidth(colConfigIndex, configWidth) @@ -925,12 +927,14 @@ func (img imageStruct) stringPlainText(maxImgNameLen, maxTagLen int) (string, er imgSize, _ := strconv.ParseUint(img.Size, 10, 64) size := ellipsize(strings.ReplaceAll(humanize.Bytes(imgSize), " ", ""), sizeWidth, ellipsis) config := ellipsize(img.ConfigDigest, configWidth, "") - row := make([]string, 6) //nolint:gomnd + isSigned := img.IsSigned + row := make([]string, 7) //nolint:gomnd row[colImageNameIndex] = imageName row[colTagIndex] = tagName row[colDigestIndex] = digest row[colSizeIndex] = size + row[colIsSignedIndex] = strconv.FormatBool(isSigned) if img.verbose { row[colConfigIndex] = config @@ -945,7 +949,7 @@ func (img imageStruct) stringPlainText(maxImgNameLen, maxTagLen int) (string, er size := ellipsize(strings.ReplaceAll(humanize.Bytes(layerSize), " ", ""), sizeWidth, ellipsis) layerDigest := ellipsize(entry.Digest, digestWidth, "") - layerRow := make([]string, 6) //nolint:gomnd + layerRow := make([]string, 7) //nolint:gomnd layerRow[colImageNameIndex] = "" layerRow[colTagIndex] = "" layerRow[colDigestIndex] = "" @@ -1112,6 +1116,7 @@ const ( tagWidth = 24 digestWidth = 8 sizeWidth = 8 + isSignedWidth = 8 configWidth = 8 layersWidth = 8 ellipsis = "..." @@ -1120,8 +1125,9 @@ const ( colTagIndex = 1 colDigestIndex = 2 colConfigIndex = 3 - colLayersIndex = 4 - colSizeIndex = 5 + colIsSignedIndex = 4 + colLayersIndex = 5 + colSizeIndex = 6 cveIDWidth = 16 cveSeverityWidth = 8 diff --git a/pkg/extensions/search/resolver.go b/pkg/extensions/search/resolver.go index 34f537e3..2d339330 100644 --- a/pkg/extensions/search/resolver.go +++ b/pkg/extensions/search/resolver.go @@ -544,10 +544,17 @@ func (r *queryResolver) getImageList(store storage.ImageStore, imageName string) } isSigned := layoutUtils.CheckManifestSignature(repo, digest) + + tagPrefix := strings.HasPrefix(tag.Name, "sha256-") + tagSuffix := strings.HasSuffix(tag.Name, ".sig") + imageInfo := BuildImageInfo(repo, tag.Name, digest, manifest, imageConfig, isSigned) - results = append(results, imageInfo) + // check if it's an image or a signature + if !tagPrefix && !tagSuffix { + results = append(results, imageInfo) + } } } }