Improve the insecure registry test cases

* Remove the mybuns-with-img-ref and use an image reference in mybuns so
  that it's a more complete test case.
* Use mybuns in the airgap test instead of mybuns-with-img-ref.
* Install the mybuns bundle in the airgap test so that we know that what
  we relocated still runs. I am running it without its dependencies to
  keep things simple for now but long term, after we rewrite dependencies,
  understanding how to move bundles with deps across an airgap is
  something we need to document, add regression tests for, etc.
* Add plain http test case to the airgap test that doesn't require using
  --insecure-registry or a registry alias.

Signed-off-by: Carolyn Van Slyck <[email protected]>

magefile.go

@@ -221,9 +221,7 @@ func TestUnit() {
 
 // Run smoke tests to quickly check if Porter is broken
 func TestSmoke() error {
-	mg.Deps(copySchema, TryRegisterLocalHostAlias)
-
-	mg.Deps(docker.RestartDockerRegistry)
+	mg.Deps(copySchema, TryRegisterLocalHostAlias, docker.RestartDockerRegistry)
 
 	// Only do verbose output of tests when called with `mage -v TestSmoke`
 	v := ""

pkg/cnab/config-adapter/testdata/mybuns.bundle.json

@@ -9,6 +9,13 @@
       "image": "localhost:5000/mybuns:332dd75c541511a27fc332bdcd049d5b"
     }
   ],
+  "images": {
+    "whalesayd": {
+      "imageType": "docker",
+      "image": "carolynvs/whalesayd:latest",
+      "description": "Whalesay as a service"
+    }
+  },
   "actions": {
     "boom": {
       "modifies": true,
@@ -181,7 +188,7 @@
           "version": "v1.2.3"
         }
       },
-      "manifest": "IyBUaGlzIGlzIGEgdGVzdCBidW5kbGUgdGhhdCBtYWtlcyBubyBsb2dpY2FsIHNlbnNlLCBidXQgaXQgZG9lcyBleGVyY2lzZSBsb3RzIG9mIGRpZmZlcmVudCBidW5kbGUgZmVhdHVyZXMKCnNjaGVtYVZlcnNpb246IDEuMC4wCm5hbWU6IG15YnVucwp2ZXJzaW9uOiAwLjEuMgpkZXNjcmlwdGlvbjogIkEgdmVyeSB0aG9yb3VnaCB0ZXN0IGJ1bmRsZSIKcmVnaXN0cnk6IGxvY2FsaG9zdDo1MDAwCmRvY2tlcmZpbGU6IERvY2tlcmZpbGUudG1wbAoKcmVxdWlyZWQ6CiAgLSBkb2NrZXIKCmNyZWRlbnRpYWxzOgogIC0gbmFtZTogdXNlcm5hbWUKICAgIGRlc2NyaXB0aW9uOiAiVGhlIG5hbWUgeW91IHdhbnQgb24gdGhlIGF1ZGl0IGxvZyIKICAgIGVudjogVVNFUk5BTUUKCnBhcmFtZXRlcnM6CiAgLSBuYW1lOiBsb2dfbGV2ZWwKICAgIGRlc2NyaXB0aW9uOiAiSG93IHVuaGVscGZ1bCB3b3VsZCB5b3UgbGlrZSB0aGUgbG9ncyB0byBiZT8iCiAgICB0eXBlOiBpbnRlZ2VyCiAgICBtaW5pbXVtOiAxCiAgICBtYXhpbXVtOiAxMQogICAgZGVmYXVsdDogNQogIC0gbmFtZTogcGFzc3dvcmQKICAgIGRlc2NyaXB0aW9uOiAiVGhlIHN1cGVyIHNlY3JldCBkYXRhIgogICAgdHlwZTogc3RyaW5nCiAgICBkZWZhdWx0OiAiZGVmYXV0bC1zZWNyZXQiCiAgICBzZW5zaXRpdmU6IHRydWUKICAtIG5hbWU6IGNoYW9zX21vbmtleQogICAgZGVzY3JpcHRpb246ICJTZXQgdG8gdHJ1ZSB0byBtYWtlIHRoZSBidW5kbGUgZmFpbCIKICAgIHR5cGU6IGJvb2xlYW4KICAgIGRlZmF1bHQ6IGZhbHNlCiAgLSBuYW1lOiBjZmcKICAgIGRlc2NyaXB0aW9uOiAiQSBqc29uIGNvbmZpZyBmaWxlIgogICAgdHlwZTogZmlsZQogICAgZGVmYXVsdDogJycKICAgIHBhdGg6IGJ1bmNmZy5qc29uCgpvdXRwdXRzOgogIC0gbmFtZTogbXlsb2dzCiAgICBhcHBseVRvOgogICAgICAtIGluc3RhbGwKICAgICAgLSB1cGdyYWRlCiAgLSBuYW1lOiByZXN1bHQKICAgIGFwcGx5VG86CiAgICAgIC0gaW5zdGFsbAogICAgICAtIHVwZ3JhZGUKICAgIHNlbnNpdGl2ZTogdHJ1ZQoKc3RhdGU6CiAgLSBuYW1lOiBtYWdpY19maWxlCiAgICBwYXRoOiBtYWdpYy50eHQKCmRlcGVuZGVuY2llczoKICByZXF1aXJlczoKICAgIC0gbmFtZTogZGIKICAgICAgYnVuZGxlOgogICAgICAgIHJlZmVyZW5jZTogImxvY2FsaG9zdDo1MDAwL215ZGI6djAuMS4wIgogICAgICBwYXJhbWV0ZXJzOgogICAgICAgIGRhdGFiYXNlOiBiaWdkYgoKbWl4aW5zOgogIC0gZXhlYwoKY3VzdG9tQWN0aW9uczoKICBkcnktcnVuOgogICAgZGVzY3JpcHRpb246ICJNYWtlIHN1cmUgaXQgd2lsbCB3b3JrIGJlZm9yZSB5b3UgcnVuIGl0IgogICAgc3RhdGVsZXNzOiB0cnVlCiAgICBtb2RpZmllczogZmFsc2UKICBzdGF0dXM6CiAgICBkZXNjcmlwdGlvbjogIlByaW50IHRoZSBpbnN0YWxsYXRpb24gc3RhdHVzIgogICAgc3RhdGVsZXNzOiBmYWxzZQogICAgbW9kaWZpZXM6IGZhbHNlCgppbnN0YWxsOgogIC0gZXhlYzoKICAgICAgZGVzY3JpcHRpb246ICJDaGVjayB0aGUgZG9ja2VyIHNvY2tldCIKICAgICAgY29tbWFuZDogc3RhdAogICAgICBhcmd1bWVudHM6CiAgICAgICAgLSAvdmFyL3J1bi9kb2NrZXIuc29jawogIC0gZXhlYzoKICAgICAgZGVzY3JpcHRpb246ICJMZXQncyBtYWtlIHNvbWUgbWFnaWMiCiAgICAgIGNvbW1hbmQ6IC4vaGVscGVycy5zaAogICAgICBhcmd1bWVudHM6CiAgICAgICAgLSBtYWtlTWFnaWMKICAgICAgICAtICIkeyBidW5kbGUuY3JlZGVudGlhbHMudXNlcm5hbWUgfSBpcyBhIHVuaWNvcm4gd2l0aCAkeyBidW5kbGUucGFyYW1ldGVycy5wYXNzd29yZCB9IHNlY3JldC4iCiAgLSBleGVjOgogICAgICBkZXNjcmlwdGlvbjogImluc3RhbGwiCiAgICAgIGNvbW1hbmQ6IC4vaGVscGVycy5zaAogICAgICBhcmd1bWVudHM6CiAgICAgICAgLSBpbnN0YWxsCiAgICAgIG91dHB1dHM6CiAgICAgICAgLSBuYW1lOiBteWxvZ3MKICAgICAgICAgIHJlZ2V4OiAiKC4qKSIKICAtIGV4ZWM6CiAgICAgIGRlc2NyaXB0aW9uOiAicm9sbCB0aGUgZGljZSB3aXRoIHlvdXIgY2hhb3MgbW9ua2V5IgogICAgICBjb21tYW5kOiAuL2hlbHBlcnMuc2gKICAgICAgYXJndW1lbnRzOgogICAgICAgIC0gY2hhb3NfbW9ua2V5CiAgICAgICAgLSAkeyBidW5kbGUucGFyYW1ldGVycy5jaGFvc19tb25rZXkgfQogICAgICBvdXRwdXRzOgogICAgICAgIC0gbmFtZTogcmVzdWx0CiAgICAgICAgICByZWdleDogIiguKikiCgoKZHJ5LXJ1bjoKICAtIGV4ZWM6CiAgICAgIGRlc2NyaXB0aW9uOiAiQ2hlY2sgc29tZSB0aGluZ3MiCiAgICAgIGNvbW1hbmQ6IGVjaG8KICAgICAgYXJndW1lbnRzOgogICAgICAgIC0gIkFsbCBjbGVhciEiCgpzdGF0dXM6CiAgLSBleGVjOgogICAgICBkZXNjcmlwdGlvbjogIlByaW50IGNvbmZpZyIKICAgICAgY29tbWFuZDogY2F0CiAgICAgIGFyZ3VtZW50czoKICAgICAgICAtICR7IGJ1bmRsZS5wYXJhbWV0ZXJzLmNmZyB9CiAgLSBleGVjOgogICAgICBkZXNjcmlwdGlvbjogIlByaW50IG1hZ2ljIgogICAgICBjb21tYW5kOiBjYXQKICAgICAgYXJndW1lbnRzOgogICAgICAgIC0gbWFnaWMudHh0Cgpib29tOgogIC0gZXhlYzoKICAgICAgZGVzY3JpcHRpb246ICJtb2RpZnkgdGhlIGJ1bmRsZSBpbiB1bmtub3dhYmxlIHdheXMiCiAgICAgIGNvbW1hbmQ6IGVjaG8KICAgICAgYXJndW1lbnRzOgogICAgICAgIC0gIllPTE8iCgp1cGdyYWRlOgogIC0gZXhlYzoKICAgICAgZGVzY3JpcHRpb246ICJFbnN1cmUgbWFnaWMiCiAgICAgIGNvbW1hbmQ6IC4vaGVscGVycy5zaAogICAgICBhcmd1bWVudHM6CiAgICAgICAgLSBlbnN1cmVNYWdpYwogIC0gZXhlYzoKICAgICAgZGVzY3JpcHRpb246ICJ1cGdyYWRlIgogICAgICBjb21tYW5kOiAuL2hlbHBlcnMuc2gKICAgICAgYXJndW1lbnRzOgogICAgICAgIC0gdXBncmFkZQogICAgICBvdXRwdXRzOgogICAgICAgIC0gbmFtZTogbXlsb2dzCiAgICAgICAgICByZWdleDogIiguKikiCiAgLSBleGVjOgogICAgICBkZXNjcmlwdGlvbjogInJvbGwgdGhlIGRpY2Ugd2l0aCB5b3VyIGNoYW9zIG1vbmtleSIKICAgICAgY29tbWFuZDogLi9oZWxwZXJzLnNoCiAgICAgIGFyZ3VtZW50czoKICAgICAgICAtIGNoYW9zX21vbmtleQogICAgICAgIC0gJHsgYnVuZGxlLnBhcmFtZXRlcnMuY2hhb3NfbW9ua2V5IH0KICAgICAgb3V0cHV0czoKICAgICAgICAtIG5hbWU6IHJlc3VsdAogICAgICAgICAgcmVnZXg6ICIoLiopIgoKdW5pbnN0YWxsOgogIC0gZXhlYzoKICAgICAgZGVzY3JpcHRpb246ICJFbnN1cmUgTWFnaWMiCiAgICAgIGNvbW1hbmQ6IC4vaGVscGVycy5zaAogICAgICBhcmd1bWVudHM6CiAgICAgICAgLSBlbnN1cmVNYWdpYwogIC0gZXhlYzoKICAgICAgZGVzY3JpcHRpb246ICJ1bmluc3RhbGwiCiAgICAgIGNvbW1hbmQ6IC4vaGVscGVycy5zaAogICAgICBhcmd1bWVudHM6CiAgICAgICAgLSB1bmluc3RhbGwKICAtIGV4ZWM6CiAgICAgIGRlc2NyaXB0aW9uOiAicm9sbCB0aGUgZGljZSB3aXRoIHlvdXIgY2hhb3MgbW9ua2V5IgogICAgICBjb21tYW5kOiAuL2hlbHBlcnMuc2gKICAgICAgYXJndW1lbnRzOgogICAgICAgIC0gY2hhb3NfbW9ua2V5CiAgICAgICAgLSAkeyBidW5kbGUucGFyYW1ldGVycy5jaGFvc19tb25rZXkgfQo=",
+      "manifest": "IyBUaGlzIGlzIGEgdGVzdCBidW5kbGUgdGhhdCBtYWtlcyBubyBsb2dpY2FsIHNlbnNlLCBidXQgaXQgZG9lcyBleGVyY2lzZSBsb3RzIG9mIGRpZmZlcmVudCBidW5kbGUgZmVhdHVyZXMKCnNjaGVtYVZlcnNpb246IDEuMC4wCm5hbWU6IG15YnVucwp2ZXJzaW9uOiAwLjEuMgpkZXNjcmlwdGlvbjogIkEgdmVyeSB0aG9yb3VnaCB0ZXN0IGJ1bmRsZSIKcmVnaXN0cnk6IGxvY2FsaG9zdDo1MDAwCmRvY2tlcmZpbGU6IERvY2tlcmZpbGUudG1wbAoKcmVxdWlyZWQ6CiAgLSBkb2NrZXIKCmNyZWRlbnRpYWxzOgogIC0gbmFtZTogdXNlcm5hbWUKICAgIGRlc2NyaXB0aW9uOiAiVGhlIG5hbWUgeW91IHdhbnQgb24gdGhlIGF1ZGl0IGxvZyIKICAgIGVudjogVVNFUk5BTUUKCnBhcmFtZXRlcnM6CiAgLSBuYW1lOiBsb2dfbGV2ZWwKICAgIGRlc2NyaXB0aW9uOiAiSG93IHVuaGVscGZ1bCB3b3VsZCB5b3UgbGlrZSB0aGUgbG9ncyB0byBiZT8iCiAgICB0eXBlOiBpbnRlZ2VyCiAgICBtaW5pbXVtOiAxCiAgICBtYXhpbXVtOiAxMQogICAgZGVmYXVsdDogNQogIC0gbmFtZTogcGFzc3dvcmQKICAgIGRlc2NyaXB0aW9uOiAiVGhlIHN1cGVyIHNlY3JldCBkYXRhIgogICAgdHlwZTogc3RyaW5nCiAgICBkZWZhdWx0OiAiZGVmYXV0bC1zZWNyZXQiCiAgICBzZW5zaXRpdmU6IHRydWUKICAtIG5hbWU6IGNoYW9zX21vbmtleQogICAgZGVzY3JpcHRpb246ICJTZXQgdG8gdHJ1ZSB0byBtYWtlIHRoZSBidW5kbGUgZmFpbCIKICAgIHR5cGU6IGJvb2xlYW4KICAgIGRlZmF1bHQ6IGZhbHNlCiAgLSBuYW1lOiBjZmcKICAgIGRlc2NyaXB0aW9uOiAiQSBqc29uIGNvbmZpZyBmaWxlIgogICAgdHlwZTogZmlsZQogICAgZGVmYXVsdDogJycKICAgIHBhdGg6IGJ1bmNmZy5qc29uCgpvdXRwdXRzOgogIC0gbmFtZTogbXlsb2dzCiAgICBhcHBseVRvOgogICAgICAtIGluc3RhbGwKICAgICAgLSB1cGdyYWRlCiAgLSBuYW1lOiByZXN1bHQKICAgIGFwcGx5VG86CiAgICAgIC0gaW5zdGFsbAogICAgICAtIHVwZ3JhZGUKICAgIHNlbnNpdGl2ZTogdHJ1ZQoKc3RhdGU6CiAgLSBuYW1lOiBtYWdpY19maWxlCiAgICBwYXRoOiBtYWdpYy50eHQKCmRlcGVuZGVuY2llczoKICByZXF1aXJlczoKICAgIC0gbmFtZTogZGIKICAgICAgYnVuZGxlOgogICAgICAgIHJlZmVyZW5jZTogImxvY2FsaG9zdDo1MDAwL215ZGI6djAuMS4wIgogICAgICBwYXJhbWV0ZXJzOgogICAgICAgIGRhdGFiYXNlOiBiaWdkYgoKaW1hZ2VzOgogIHdoYWxlc2F5ZDoKICAgIGRlc2NyaXB0aW9uOiAiV2hhbGVzYXkgYXMgYSBzZXJ2aWNlIgogICAgaW1hZ2VUeXBlOiAiZG9ja2VyIgogICAgcmVwb3NpdG9yeTogY2Fyb2x5bnZzL3doYWxlc2F5ZAogICAgdGFnOiAibGF0ZXN0IgoKbWl4aW5zOgogIC0gZXhlYwoKY3VzdG9tQWN0aW9uczoKICBkcnktcnVuOgogICAgZGVzY3JpcHRpb246ICJNYWtlIHN1cmUgaXQgd2lsbCB3b3JrIGJlZm9yZSB5b3UgcnVuIGl0IgogICAgc3RhdGVsZXNzOiB0cnVlCiAgICBtb2RpZmllczogZmFsc2UKICBzdGF0dXM6CiAgICBkZXNjcmlwdGlvbjogIlByaW50IHRoZSBpbnN0YWxsYXRpb24gc3RhdHVzIgogICAgc3RhdGVsZXNzOiBmYWxzZQogICAgbW9kaWZpZXM6IGZhbHNlCgppbnN0YWxsOgogIC0gZXhlYzoKICAgICAgZGVzY3JpcHRpb246ICJDaGVjayB0aGUgZG9ja2VyIHNvY2tldCIKICAgICAgY29tbWFuZDogc3RhdAogICAgICBhcmd1bWVudHM6CiAgICAgICAgLSAvdmFyL3J1bi9kb2NrZXIuc29jawogIC0gZXhlYzoKICAgICAgZGVzY3JpcHRpb246ICJMZXQncyBtYWtlIHNvbWUgbWFnaWMiCiAgICAgIGNvbW1hbmQ6IC4vaGVscGVycy5zaAogICAgICBhcmd1bWVudHM6CiAgICAgICAgLSBtYWtlTWFnaWMKICAgICAgICAtICIkeyBidW5kbGUuY3JlZGVudGlhbHMudXNlcm5hbWUgfSBpcyBhIHVuaWNvcm4gd2l0aCAkeyBidW5kbGUucGFyYW1ldGVycy5wYXNzd29yZCB9IHNlY3JldC4iCiAgLSBleGVjOgogICAgICBkZXNjcmlwdGlvbjogImluc3RhbGwiCiAgICAgIGNvbW1hbmQ6IC4vaGVscGVycy5zaAogICAgICBhcmd1bWVudHM6CiAgICAgICAgLSBpbnN0YWxsCiAgICAgIG91dHB1dHM6CiAgICAgICAgLSBuYW1lOiBteWxvZ3MKICAgICAgICAgIHJlZ2V4OiAiKC4qKSIKICAtIGV4ZWM6CiAgICAgIGRlc2NyaXB0aW9uOiAicm9sbCB0aGUgZGljZSB3aXRoIHlvdXIgY2hhb3MgbW9ua2V5IgogICAgICBjb21tYW5kOiAuL2hlbHBlcnMuc2gKICAgICAgYXJndW1lbnRzOgogICAgICAgIC0gY2hhb3NfbW9ua2V5CiAgICAgICAgLSAkeyBidW5kbGUucGFyYW1ldGVycy5jaGFvc19tb25rZXkgfQogICAgICBvdXRwdXRzOgogICAgICAgIC0gbmFtZTogcmVzdWx0CiAgICAgICAgICByZWdleDogIiguKikiCgpkcnktcnVuOgogIC0gZXhlYzoKICAgICAgZGVzY3JpcHRpb246ICJDaGVjayBzb21lIHRoaW5ncyIKICAgICAgY29tbWFuZDogZWNobwogICAgICBhcmd1bWVudHM6CiAgICAgICAgLSAiQWxsIGNsZWFyISIKCnN0YXR1czoKICAtIGV4ZWM6CiAgICAgIGRlc2NyaXB0aW9uOiAiUHJpbnQgY29uZmlnIgogICAgICBjb21tYW5kOiBjYXQKICAgICAgYXJndW1lbnRzOgogICAgICAgIC0gJHsgYnVuZGxlLnBhcmFtZXRlcnMuY2ZnIH0KICAtIGV4ZWM6CiAgICAgIGRlc2NyaXB0aW9uOiAiUHJpbnQgbWFnaWMiCiAgICAgIGNvbW1hbmQ6IGNhdAogICAgICBhcmd1bWVudHM6CiAgICAgICAgLSBtYWdpYy50eHQKCmJvb206CiAgLSBleGVjOgogICAgICBkZXNjcmlwdGlvbjogIm1vZGlmeSB0aGUgYnVuZGxlIGluIHVua25vd2FibGUgd2F5cyIKICAgICAgY29tbWFuZDogZWNobwogICAgICBhcmd1bWVudHM6CiAgICAgICAgLSAiWU9MTyIKCnVwZ3JhZGU6CiAgLSBleGVjOgogICAgICBkZXNjcmlwdGlvbjogIkVuc3VyZSBtYWdpYyIKICAgICAgY29tbWFuZDogLi9oZWxwZXJzLnNoCiAgICAgIGFyZ3VtZW50czoKICAgICAgICAtIGVuc3VyZU1hZ2ljCiAgLSBleGVjOgogICAgICBkZXNjcmlwdGlvbjogInVwZ3JhZGUiCiAgICAgIGNvbW1hbmQ6IC4vaGVscGVycy5zaAogICAgICBhcmd1bWVudHM6CiAgICAgICAgLSB1cGdyYWRlCiAgICAgIG91dHB1dHM6CiAgICAgICAgLSBuYW1lOiBteWxvZ3MKICAgICAgICAgIHJlZ2V4OiAiKC4qKSIKICAtIGV4ZWM6CiAgICAgIGRlc2NyaXB0aW9uOiAicm9sbCB0aGUgZGljZSB3aXRoIHlvdXIgY2hhb3MgbW9ua2V5IgogICAgICBjb21tYW5kOiAuL2hlbHBlcnMuc2gKICAgICAgYXJndW1lbnRzOgogICAgICAgIC0gY2hhb3NfbW9ua2V5CiAgICAgICAgLSAkeyBidW5kbGUucGFyYW1ldGVycy5jaGFvc19tb25rZXkgfQogICAgICBvdXRwdXRzOgogICAgICAgIC0gbmFtZTogcmVzdWx0CiAgICAgICAgICByZWdleDogIiguKikiCgp1bmluc3RhbGw6CiAgLSBleGVjOgogICAgICBkZXNjcmlwdGlvbjogIkVuc3VyZSBNYWdpYyIKICAgICAgY29tbWFuZDogLi9oZWxwZXJzLnNoCiAgICAgIGFyZ3VtZW50czoKICAgICAgICAtIGVuc3VyZU1hZ2ljCiAgLSBleGVjOgogICAgICBkZXNjcmlwdGlvbjogInVuaW5zdGFsbCIKICAgICAgY29tbWFuZDogLi9oZWxwZXJzLnNoCiAgICAgIGFyZ3VtZW50czoKICAgICAgICAtIHVuaW5zdGFsbAogIC0gZXhlYzoKICAgICAgZGVzY3JpcHRpb246ICJyb2xsIHRoZSBkaWNlIHdpdGggeW91ciBjaGFvcyBtb25rZXkiCiAgICAgIGNvbW1hbmQ6IC4vaGVscGVycy5zaAogICAgICBhcmd1bWVudHM6CiAgICAgICAgLSBjaGFvc19tb25rZXkKICAgICAgICAtICR7IGJ1bmRsZS5wYXJhbWV0ZXJzLmNoYW9zX21vbmtleSB9Cg==",
       "version": "",
       "commit": ""
     },

pkg/yaml/yq.go

@@ -106,7 +106,17 @@ func (e *Editor) SetValue(path string, value string) error {
 	cmd := yqlib.UpdateCommand{Command: "update", Path: path, Value: parsedValue, Overwrite: true}
 	err := e.yq.Update(e.node, cmd, true)
 	if err != nil {
-		return fmt.Errorf("could not update manifest path %q with value %q: %w", path, value, err)
+		return fmt.Errorf("could not update path %q with value %q: %w", path, value, err)
+	}
+
+	return nil
+}
+
+func (e *Editor) DeleteNode(path string) error {
+	cmd := yqlib.UpdateCommand{Command: "delete", Path: path}
+	err := e.yq.Update(e.node, cmd, true)
+	if err != nil {
+		return fmt.Errorf("could not delete path %q: %w", path, err)
 	}
 
 	return nil

tests/smoke/airgap_test.go

@@ -12,7 +12,6 @@ import (
 	"get.porter.sh/porter/pkg/yaml"
 	"get.porter.sh/porter/tests/testdata"
 	"get.porter.sh/porter/tests/tester"
-	"github.com/carolynvs/magex/mgx"
 	"github.com/carolynvs/magex/shx"
 	"github.com/cnabio/cnab-go/bundle/loader"
 	"github.com/cnabio/cnab-go/packager"
@@ -24,15 +23,31 @@ import (
 // and that it works without referencing the old environment/images.
 // This also validates a lot of our insecure/unsecure registry configurations.
 func TestAirgappedEnvironment(t *testing.T) {
-	testcases := []bool{true, false}
-	for _, useTLS := range testcases {
-		t.Run(fmt.Sprintf("tls %v", useTLS), func(t *testing.T) {
+	testcases := []struct {
+		name     string
+		useTLS   bool
+		useAlias bool
+		insecure bool
+	}{
+		// Validate we "just work" with an unsecured registry on localhost, just like docker does, without specifying --insecure-registry
+		{name: "plain http, no alias", useTLS: false, useAlias: false, insecure: true},
+		// Validate we can connect to plain http when we can't detect that it's loopback/localhost as long as --insecure-registry is specified
+		// We do not support docker's extra automagic where it resolves the host and treats it like localhost. You have to specify --insecure-registry with a custom hostname
+		{name: "plain http, use alias", useTLS: false, useAlias: true},
+		// Validate that --insecure-registry works with self-signed certificates
+		{name: "untrusted tls, no alias", useTLS: false, useAlias: true},
+	}
+	for _, tc := range testcases {
+		t.Run(tc.name, func(t *testing.T) {
+			insecureFlag := fmt.Sprintf("--insecure-registry=%t", tc.insecure)
+
 			test, err := tester.NewTest(t)
 			defer test.Close()
 			require.NoError(t, err, "test setup failed")
+			test.Chdir(test.TestDir)
 
 			// Start a temporary insecure test registry
-			reg1 := test.StartTestRegistry(tester.TestRegistryOptions{UseTLS: useTLS})
+			reg1 := test.StartTestRegistry(tester.TestRegistryOptions{UseTLS: tc.useTLS, UseAlias: tc.useAlias})
 
 			// Publish referenced image to the insecure registry
 			// This helps test that we can publish a bundle that references images from multiple registries
@@ -48,51 +63,60 @@ func TestAirgappedEnvironment(t *testing.T) {
 			localRefWithDigest := fmt.Sprintf("%s@%s", localRegRepo, digest)
 
 			// Start a second insecure test registry
-			reg2 := test.StartTestRegistry(tester.TestRegistryOptions{UseTLS: useTLS})
+			reg2 := test.StartTestRegistry(tester.TestRegistryOptions{UseTLS: tc.useTLS, UseAlias: tc.useAlias})
 
 			// Edit the bundle so that it's referencing the image on the temporary registry
 			// make sure the referenced image is not in local image cache
 			shx.RunV("docker", "rmi", localRegRef)
-			originTestBun := filepath.Join(test.RepoRoot, fmt.Sprintf("tests/testdata/%s/porter.yaml", testdata.MyBunsWithImgReference))
-			testBun := filepath.Join(test.TestDir, "mybuns-img-reference.yaml")
-			mgx.Must(shx.Copy(originTestBun, testBun))
-			test.EditYaml(testBun, func(yq *yaml.Editor) error {
+			err = shx.Copy(filepath.Join(test.RepoRoot, fmt.Sprintf("tests/testdata/%s/*", testdata.MyBuns)), test.TestDir)
+			require.NoError(t, err, "failed to copy test bundle")
+			test.EditYaml(filepath.Join(test.TestDir, "porter.yaml"), func(yq *yaml.Editor) error {
+				// Remove the bundle's dependencies to simplify installation
+				if err := yq.DeleteNode("dependencies"); err != nil {
+					return err
+				}
+
+				// Reference our copy of the whalesayd image
 				return yq.SetValue("images.whalesayd.repository", fmt.Sprintf("%s/whalesayd", reg1))
 			})
 
 			// Publish a test bundle that references the image from the temp registry, and push to another insecure registry
-			test.RequirePorter("publish", "--file", "mybuns-img-reference.yaml", "--dir", test.TestDir, "--registry", reg2.String(), "--insecure-registry")
+			test.RequirePorter("publish", "--registry", reg2.String(), insecureFlag)
+
+			// Stop the original registry, this ensures that we are relying 100% on the copy of the bundle in the second registry
 			reg1.Close()
-			origRef := fmt.Sprintf("%s/%s:%s", reg2, testdata.MyBunsWithImgReference, "v0.1.0")
-			newRef := fmt.Sprintf("%s/%s-second:%s", reg2, testdata.MyBunsWithImgReference, "v0.2.0")
 
 			//
 			// Try out the two ways to move a bundle between registries:
 			// 1. Copy the bundle from one registry to the other directly
 			//
-			test.RequirePorter("copy", "--source", origRef, "--destination", newRef, "--insecure-registry")
+			origRef := fmt.Sprintf("%s/%s:%s", reg2, testdata.MyBuns, "v0.1.2")
+			newRef := fmt.Sprintf("%s/%s-second:%s", reg2, testdata.MyBuns, "v0.2.0")
+			test.RequirePorter("copy", "--source", origRef, "--destination", newRef, insecureFlag)
 
 			//
 			// 2. Use archive + publish to copy the bundle from one registry to the other
 			//
-
-			// Archive the bundle, it should not attempt to hit the first registry
 			archiveFilePath := filepath.Join(test.TestDir, "archive-test.tgz")
-			test.RequirePorter("archive", archiveFilePath, "--reference", origRef, "--insecure-registry")
+			test.RequirePorter("archive", archiveFilePath, "--reference", origRef, insecureFlag)
 			relocMap := getRelocationMap(test, archiveFilePath)
-			require.Equal(test.T, fmt.Sprintf("%s/mybun-with-img-reference@sha256:499f71eec2e3bd78f26c268bbf5b2a65f73b96216fac4a89b86b5ebf115527b6", reg2), relocMap[localRefWithDigest], "expected the relocation entry for the image to be the new published location")
+			require.Equal(test.T, fmt.Sprintf("%s/mybuns@sha256:499f71eec2e3bd78f26c268bbf5b2a65f73b96216fac4a89b86b5ebf115527b6", reg2), relocMap[localRefWithDigest], "expected the relocation entry for the image to be the new published location")
 
 			// Publish from the archived bundle to a new repository on the second registry
-			test.RequirePorter("publish", "--archive", archiveFilePath, "-r", newRef, "--insecure-registry")
+			test.RequirePorter("publish", "--archive", archiveFilePath, "-r", newRef, insecureFlag)
 			archiveFilePath2 := filepath.Join(test.TestDir, "archive-test2.tgz")
 
 			// Archive from the new location on the second registry
-			test.RequirePorter("archive", archiveFilePath2, "--reference", newRef, "--insecure-registry")
+			test.RequirePorter("archive", archiveFilePath2, "--reference", newRef, insecureFlag)
 			relocMap2 := getRelocationMap(test, archiveFilePath2)
-			require.Equal(test.T, fmt.Sprintf("%s/mybun-with-img-reference-second@sha256:499f71eec2e3bd78f26c268bbf5b2a65f73b96216fac4a89b86b5ebf115527b6", reg2), relocMap2[localRefWithDigest], "expected the relocation entry for the image to be the new published location")
+			require.Equal(test.T, fmt.Sprintf("%s/mybuns-second@sha256:499f71eec2e3bd78f26c268bbf5b2a65f73b96216fac4a89b86b5ebf115527b6", reg2), relocMap2[localRefWithDigest], "expected the relocation entry for the image to be the new published location")
 
 			// Validate that we can pull the bundle from the new location
 			test.RequirePorter("explain", newRef)
+
+			// Validate that we can install from the new location
+			test.ApplyTestBundlePrerequisites()
+			test.RequirePorter("install", "-r", newRef, insecureFlag, "-c=mybuns", "-p=mybuns")
 		})
 	}
 }

tests/testdata/helpers.go

@@ -12,7 +12,4 @@ const (
 
 	// MyDbRef is the full reference to the mydb test bundle.
 	MyDbRef = "localhost:5000/mydb:v0.1.0"
-
-	// MyBunsWithImgReference is the test bundle that contains image reference.
-	MyBunsWithImgReference = "mybun-with-img-reference"
 )

tests/testdata/mybuns/porter.yaml

@@ -60,6 +60,13 @@ dependencies:
       parameters:
         database: bigdb
 
+images:
+  whalesayd:
+    description: "Whalesay as a service"
+    imageType: "docker"
+    repository: carolynvs/whalesayd
+    tag: "latest"
+
 mixins:
   - exec
 
@@ -103,7 +110,6 @@ install:
         - name: result
           regex: "(.*)"
 
-
 dry-run:
   - exec:
       description: "Check some things"