Infrastructure/zot
0
Fork 0
mirror of https://github.com/project-zot/zot.git synced 2024-12-16 21:56:37 -05:00
Code Issues Activity

test: Add cosign and notations bats tests (#929)

Browse source 
Signed-off-by: Nicol Draghici <idraghic@cisco.com>
This commit is contained in:
Nicol 2022-11-01 18:16:14 +02:00 committed by GitHub
parent 2d877aaea1
commit c72b4fb643
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
2 changed files with 42 additions and 1 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

8
Makefile
View file

@ -12,6 +12,7 @@ STACKER := $(shell which stacker)
GOLINTER := $(TOOLSDIR)/bin/golangci-lint
GOLINTER_VERSION := v1.49.0
NOTATION := $(TOOLSDIR)/bin/notation
COSIGN := $(TOOLSDIR)/bin/cosign
HELM := $(TOOLSDIR)/bin/helm
ORAS := $(TOOLSDIR)/bin/oras
REGCLIENT := $(TOOLSDIR)/bin/regctl
@ -331,6 +332,11 @@ $(STACKER):
curl -fsSL https://github.com/project-stacker/stacker/releases/latest/download/stacker -o $@; \
chmod +x $@
$(COSIGN):
mkdir -p $(TOOLSDIR)/bin
curl -fsSL https://github.com/sigstore/cosign/releases/download/v1.13.0/cosign-linux-amd64 -o $@; \
chmod +x $@
.PHONY: test-annotations
test-annotations: binary check-skopeo $(BATS) $(STACKER)
test-annotations: binary check-skopeo $(BATS) $(STACKER) $(NOTATION) $(COSIGN)
$(BATS) --trace --print-output-on-failure test/blackbox/annotations.bats

35
test/blackbox/annotations.bats
View file

@ -89,3 +89,38 @@ function teardown_file() {
[ $(echo "${lines[-1]}" | jq '.data.ImageList[0].Vendor') = '"CentOs"' ]
[ $(echo "${lines[-1]}" | jq '.data.ImageList[0].Licenses') = '"GPLv2"' ]
}
@test "sign/verify with cosign" {
run curl -X POST -H "Content-Type: application/json" --data '{ "query": "{ ImageList(repo: \"annotations\") { RepoName Tag Digest ConfigDigest Size Layers {Size Digest } Vendor Licenses }}"}' http://localhost:8080/v2/_zot/ext/search
[ "$status" -eq 0 ]
[ $(echo "${lines[-1]}" | jq '.data.ImageList[0].RepoName') = '"annotations"' ]
local digest=$(echo "${lines[-1]}" | jq -r '.data.ImageList[0].Digest')
run cosign initialize
[ "$status" -eq 0 ]
run cosign generate-key-pair
[ "$status" -eq 0 ]
run cosign sign --key cosign.key localhost:8080/annotations:latest --yes
[ "$status" -eq 0 ]
run cosign verify --key cosign.pub localhost:8080/annotations:latest
[ "$status" -eq 0 ]
local sigName=$(echo "${lines[-1]}" | jq '.[].critical.image."docker-manifest-digest"')
[ "$status" -eq 0 ]
[[ "$sigName" == *"${digest}"* ]]
}
@test "sign/verify with notation" {
run curl -X POST -H "Content-Type: application/json" --data '{ "query": "{ ImageList(repo: \"annotations\") { RepoName Tag Digest ConfigDigest Size Layers {Size Digest } }}"}' http://localhost:8080/v2/_zot/ext/search
[ "$status" -eq 0 ]
[ $(echo "${lines[-1]}" | jq '.data.ImageList[0].RepoName') = '"annotations"' ]
[ "$status" -eq 0 ]
run notation cert generate-test --trust "notation-sign-test"
[ "$status" -eq 0 ]
run notation sign --key "notation-sign-test" --plain-http localhost:8080/annotations:latest
[ "$status" -eq 0 ]
run notation verify --cert "notation-sign-test" --plain-http localhost:8080/annotations:latest
[ "$status" -eq 0 ]
run notation list --plain-http localhost:8080/annotations:latest
[ "$status" -eq 0 ]
}