mirror of
https://github.com/project-zot/zot.git
synced 2025-01-06 22:40:28 -05:00
41b05c60dd
In order to verify signatures, users could upload their certificates and public keys using these routes: -> for public keys: /v2/_zot/ext/mgmt?resource=signatures&tool=cosign -> for certificates: /v2/_zot/ext/mgmt?resource=signatures&tool=notation&truststoreType=ca&truststoreName=name Then the public keys will be stored under $rootdir/_cosign and the certificates will be stored under $rootdir/_notation/truststore/x509/$truststoreType/$truststoreName. Also, for notation case, the "truststores" field of $rootir/_notation/trustpolicy.json file will be updated with a new entry "$truststoreType:$truststoreName". Also based on the uploaded files, the information about the signatures validity will be updated periodically. Signed-off-by: Andreea-Lupu <andreealupu1470@yahoo.com>
54 lines
1.4 KiB
Go
54 lines
1.4 KiB
Go
//go:build !mgmt
|
|
|
|
package extensions_test
|
|
|
|
import (
|
|
"os"
|
|
"testing"
|
|
|
|
. "github.com/smartystreets/goconvey/convey"
|
|
|
|
"zotregistry.io/zot/pkg/api"
|
|
"zotregistry.io/zot/pkg/api/config"
|
|
extconf "zotregistry.io/zot/pkg/extensions/config"
|
|
"zotregistry.io/zot/pkg/test"
|
|
)
|
|
|
|
func TestMgmtExtension(t *testing.T) {
|
|
Convey("periodic signature verification is skipped when binary doesn't include mgmt", t, func() {
|
|
conf := config.New()
|
|
port := test.GetFreePort()
|
|
|
|
globalDir := t.TempDir()
|
|
defaultValue := true
|
|
|
|
logFile, err := os.CreateTemp(globalDir, "zot-log*.txt")
|
|
So(err, ShouldBeNil)
|
|
defer os.Remove(logFile.Name())
|
|
|
|
conf.HTTP.Port = port
|
|
conf.Storage.RootDirectory = globalDir
|
|
conf.Storage.Commit = true
|
|
conf.Extensions = &extconf.ExtensionConfig{}
|
|
conf.Extensions.Mgmt = &extconf.MgmtConfig{
|
|
BaseConfig: extconf.BaseConfig{
|
|
Enable: &defaultValue,
|
|
},
|
|
}
|
|
conf.Log.Level = "warn"
|
|
conf.Log.Output = logFile.Name()
|
|
|
|
ctlr := api.NewController(conf)
|
|
ctlrManager := test.NewControllerManager(ctlr)
|
|
|
|
ctlrManager.StartAndWait(port)
|
|
defer ctlrManager.StopServer()
|
|
|
|
data, err := os.ReadFile(logFile.Name())
|
|
So(err, ShouldBeNil)
|
|
|
|
So(string(data), ShouldContainSubstring,
|
|
"skipping adding to the scheduler a generator for updating signatures validity because "+
|
|
"given binary doesn't include this feature, please build a binary that does so")
|
|
})
|
|
}
|