From 0bc0e0819439c6277c601e3692ea12876a431baf Mon Sep 17 00:00:00 2001 From: Carolyn Van Slyck Date: Wed, 17 Aug 2022 10:16:10 -0500 Subject: [PATCH] Improve the insecure registry test cases * Remove the mybuns-with-img-ref and use an image reference in mybuns so that it's a more complete test case. * Use mybuns in the airgap test instead of mybuns-with-img-ref. * Install the mybuns bundle in the airgap test so that we know that what we relocated still runs. I am running it without its dependencies to keep things simple for now but long term, after we rewrite dependencies, understanding how to move bundles with deps across an airgap is something we need to document, add regression tests for, etc. * Add plain http test case to the airgap test that doesn't require using --insecure-registry or a registry alias. Signed-off-by: Carolyn Van Slyck --- magefile.go | 4 +- .../testdata/mybuns.bundle.json | 9 ++- pkg/yaml/yq.go | 12 +++- tests/smoke/airgap_test.go | 66 +++++++++++++------ tests/testdata/helpers.go | 3 - .../mybun-with-img-reference/porter.yaml | 24 ------- tests/testdata/mybuns/porter.yaml | 8 ++- tests/tester/helpers.go | 16 +++-- tests/tester/test_registry.go | 12 +++- 9 files changed, 92 insertions(+), 62 deletions(-) delete mode 100644 tests/testdata/mybun-with-img-reference/porter.yaml diff --git a/magefile.go b/magefile.go index d91d54e51..89235d5e0 100644 --- a/magefile.go +++ b/magefile.go @@ -221,9 +221,7 @@ func TestUnit() { // Run smoke tests to quickly check if Porter is broken func TestSmoke() error { - mg.Deps(copySchema, TryRegisterLocalHostAlias) - - mg.Deps(docker.RestartDockerRegistry) + mg.Deps(copySchema, TryRegisterLocalHostAlias, docker.RestartDockerRegistry) // Only do verbose output of tests when called with `mage -v TestSmoke` v := "" diff --git a/pkg/cnab/config-adapter/testdata/mybuns.bundle.json b/pkg/cnab/config-adapter/testdata/mybuns.bundle.json index 289c305fb..ac75ad6fc 100644 --- a/pkg/cnab/config-adapter/testdata/mybuns.bundle.json +++ b/pkg/cnab/config-adapter/testdata/mybuns.bundle.json @@ -9,6 +9,13 @@ "image": "localhost:5000/mybuns:332dd75c541511a27fc332bdcd049d5b" } ], + "images": { + "whalesayd": { + "imageType": "docker", + "image": "carolynvs/whalesayd:latest", + "description": "Whalesay as a service" + } + }, "actions": { "boom": { "modifies": true, @@ -181,7 +188,7 @@ "version": "v1.2.3" } }, - "manifest": "IyBUaGlzIGlzIGEgdGVzdCBidW5kbGUgdGhhdCBtYWtlcyBubyBsb2dpY2FsIHNlbnNlLCBidXQgaXQgZG9lcyBleGVyY2lzZSBsb3RzIG9mIGRpZmZlcmVudCBidW5kbGUgZmVhdHVyZXMKCnNjaGVtYVZlcnNpb246IDEuMC4wCm5hbWU6IG15YnVucwp2ZXJzaW9uOiAwLjEuMgpkZXNjcmlwdGlvbjogIkEgdmVyeSB0aG9yb3VnaCB0ZXN0IGJ1bmRsZSIKcmVnaXN0cnk6IGxvY2FsaG9zdDo1MDAwCmRvY2tlcmZpbGU6IERvY2tlcmZpbGUudG1wbAoKcmVxdWlyZWQ6CiAgLSBkb2NrZXIKCmNyZWRlbnRpYWxzOgogIC0gbmFtZTogdXNlcm5hbWUKICAgIGRlc2NyaXB0aW9uOiAiVGhlIG5hbWUgeW91IHdhbnQgb24gdGhlIGF1ZGl0IGxvZyIKICAgIGVudjogVVNFUk5BTUUKCnBhcmFtZXRlcnM6CiAgLSBuYW1lOiBsb2dfbGV2ZWwKICAgIGRlc2NyaXB0aW9uOiAiSG93IHVuaGVscGZ1bCB3b3VsZCB5b3UgbGlrZSB0aGUgbG9ncyB0byBiZT8iCiAgICB0eXBlOiBpbnRlZ2VyCiAgICBtaW5pbXVtOiAxCiAgICBtYXhpbXVtOiAxMQogICAgZGVmYXVsdDogNQogIC0gbmFtZTogcGFzc3dvcmQKICAgIGRlc2NyaXB0aW9uOiAiVGhlIHN1cGVyIHNlY3JldCBkYXRhIgogICAgdHlwZTogc3RyaW5nCiAgICBkZWZhdWx0OiAiZGVmYXV0bC1zZWNyZXQiCiAgICBzZW5zaXRpdmU6IHRydWUKICAtIG5hbWU6IGNoYW9zX21vbmtleQogICAgZGVzY3JpcHRpb246ICJTZXQgdG8gdHJ1ZSB0byBtYWtlIHRoZSBidW5kbGUgZmFpbCIKICAgIHR5cGU6IGJvb2xlYW4KICAgIGRlZmF1bHQ6IGZhbHNlCiAgLSBuYW1lOiBjZmcKICAgIGRlc2NyaXB0aW9uOiAiQSBqc29uIGNvbmZpZyBmaWxlIgogICAgdHlwZTogZmlsZQogICAgZGVmYXVsdDogJycKICAgIHBhdGg6IGJ1bmNmZy5qc29uCgpvdXRwdXRzOgogIC0gbmFtZTogbXlsb2dzCiAgICBhcHBseVRvOgogICAgICAtIGluc3RhbGwKICAgICAgLSB1cGdyYWRlCiAgLSBuYW1lOiByZXN1bHQKICAgIGFwcGx5VG86CiAgICAgIC0gaW5zdGFsbAogICAgICAtIHVwZ3JhZGUKICAgIHNlbnNpdGl2ZTogdHJ1ZQoKc3RhdGU6CiAgLSBuYW1lOiBtYWdpY19maWxlCiAgICBwYXRoOiBtYWdpYy50eHQKCmRlcGVuZGVuY2llczoKICByZXF1aXJlczoKICAgIC0gbmFtZTogZGIKICAgICAgYnVuZGxlOgogICAgICAgIHJlZmVyZW5jZTogImxvY2FsaG9zdDo1MDAwL215ZGI6djAuMS4wIgogICAgICBwYXJhbWV0ZXJzOgogICAgICAgIGRhdGFiYXNlOiBiaWdkYgoKbWl4aW5zOgogIC0gZXhlYwoKY3VzdG9tQWN0aW9uczoKICBkcnktcnVuOgogICAgZGVzY3JpcHRpb246ICJNYWtlIHN1cmUgaXQgd2lsbCB3b3JrIGJlZm9yZSB5b3UgcnVuIGl0IgogICAgc3RhdGVsZXNzOiB0cnVlCiAgICBtb2RpZmllczogZmFsc2UKICBzdGF0dXM6CiAgICBkZXNjcmlwdGlvbjogIlByaW50IHRoZSBpbnN0YWxsYXRpb24gc3RhdHVzIgogICAgc3RhdGVsZXNzOiBmYWxzZQogICAgbW9kaWZpZXM6IGZhbHNlCgppbnN0YWxsOgogIC0gZXhlYzoKICAgICAgZGVzY3JpcHRpb246ICJDaGVjayB0aGUgZG9ja2VyIHNvY2tldCIKICAgICAgY29tbWFuZDogc3RhdAogICAgICBhcmd1bWVudHM6CiAgICAgICAgLSAvdmFyL3J1bi9kb2NrZXIuc29jawogIC0gZXhlYzoKICAgICAgZGVzY3JpcHRpb246ICJMZXQncyBtYWtlIHNvbWUgbWFnaWMiCiAgICAgIGNvbW1hbmQ6IC4vaGVscGVycy5zaAogICAgICBhcmd1bWVudHM6CiAgICAgICAgLSBtYWtlTWFnaWMKICAgICAgICAtICIkeyBidW5kbGUuY3JlZGVudGlhbHMudXNlcm5hbWUgfSBpcyBhIHVuaWNvcm4gd2l0aCAkeyBidW5kbGUucGFyYW1ldGVycy5wYXNzd29yZCB9IHNlY3JldC4iCiAgLSBleGVjOgogICAgICBkZXNjcmlwdGlvbjogImluc3RhbGwiCiAgICAgIGNvbW1hbmQ6IC4vaGVscGVycy5zaAogICAgICBhcmd1bWVudHM6CiAgICAgICAgLSBpbnN0YWxsCiAgICAgIG91dHB1dHM6CiAgICAgICAgLSBuYW1lOiBteWxvZ3MKICAgICAgICAgIHJlZ2V4OiAiKC4qKSIKICAtIGV4ZWM6CiAgICAgIGRlc2NyaXB0aW9uOiAicm9sbCB0aGUgZGljZSB3aXRoIHlvdXIgY2hhb3MgbW9ua2V5IgogICAgICBjb21tYW5kOiAuL2hlbHBlcnMuc2gKICAgICAgYXJndW1lbnRzOgogICAgICAgIC0gY2hhb3NfbW9ua2V5CiAgICAgICAgLSAkeyBidW5kbGUucGFyYW1ldGVycy5jaGFvc19tb25rZXkgfQogICAgICBvdXRwdXRzOgogICAgICAgIC0gbmFtZTogcmVzdWx0CiAgICAgICAgICByZWdleDogIiguKikiCgoKZHJ5LXJ1bjoKICAtIGV4ZWM6CiAgICAgIGRlc2NyaXB0aW9uOiAiQ2hlY2sgc29tZSB0aGluZ3MiCiAgICAgIGNvbW1hbmQ6IGVjaG8KICAgICAgYXJndW1lbnRzOgogICAgICAgIC0gIkFsbCBjbGVhciEiCgpzdGF0dXM6CiAgLSBleGVjOgogICAgICBkZXNjcmlwdGlvbjogIlByaW50IGNvbmZpZyIKICAgICAgY29tbWFuZDogY2F0CiAgICAgIGFyZ3VtZW50czoKICAgICAgICAtICR7IGJ1bmRsZS5wYXJhbWV0ZXJzLmNmZyB9CiAgLSBleGVjOgogICAgICBkZXNjcmlwdGlvbjogIlByaW50IG1hZ2ljIgogICAgICBjb21tYW5kOiBjYXQKICAgICAgYXJndW1lbnRzOgogICAgICAgIC0gbWFnaWMudHh0Cgpib29tOgogIC0gZXhlYzoKICAgICAgZGVzY3JpcHRpb246ICJtb2RpZnkgdGhlIGJ1bmRsZSBpbiB1bmtub3dhYmxlIHdheXMiCiAgICAgIGNvbW1hbmQ6IGVjaG8KICAgICAgYXJndW1lbnRzOgogICAgICAgIC0gIllPTE8iCgp1cGdyYWRlOgogIC0gZXhlYzoKICAgICAgZGVzY3JpcHRpb246ICJFbnN1cmUgbWFnaWMiCiAgICAgIGNvbW1hbmQ6IC4vaGVscGVycy5zaAogICAgICBhcmd1bWVudHM6CiAgICAgICAgLSBlbnN1cmVNYWdpYwogIC0gZXhlYzoKICAgICAgZGVzY3JpcHRpb246ICJ1cGdyYWRlIgogICAgICBjb21tYW5kOiAuL2hlbHBlcnMuc2gKICAgICAgYXJndW1lbnRzOgogICAgICAgIC0gdXBncmFkZQogICAgICBvdXRwdXRzOgogICAgICAgIC0gbmFtZTogbXlsb2dzCiAgICAgICAgICByZWdleDogIiguKikiCiAgLSBleGVjOgogICAgICBkZXNjcmlwdGlvbjogInJvbGwgdGhlIGRpY2Ugd2l0aCB5b3VyIGNoYW9zIG1vbmtleSIKICAgICAgY29tbWFuZDogLi9oZWxwZXJzLnNoCiAgICAgIGFyZ3VtZW50czoKICAgICAgICAtIGNoYW9zX21vbmtleQogICAgICAgIC0gJHsgYnVuZGxlLnBhcmFtZXRlcnMuY2hhb3NfbW9ua2V5IH0KICAgICAgb3V0cHV0czoKICAgICAgICAtIG5hbWU6IHJlc3VsdAogICAgICAgICAgcmVnZXg6ICIoLiopIgoKdW5pbnN0YWxsOgogIC0gZXhlYzoKICAgICAgZGVzY3JpcHRpb246ICJFbnN1cmUgTWFnaWMiCiAgICAgIGNvbW1hbmQ6IC4vaGVscGVycy5zaAogICAgICBhcmd1bWVudHM6CiAgICAgICAgLSBlbnN1cmVNYWdpYwogIC0gZXhlYzoKICAgICAgZGVzY3JpcHRpb246ICJ1bmluc3RhbGwiCiAgICAgIGNvbW1hbmQ6IC4vaGVscGVycy5zaAogICAgICBhcmd1bWVudHM6CiAgICAgICAgLSB1bmluc3RhbGwKICAtIGV4ZWM6CiAgICAgIGRlc2NyaXB0aW9uOiAicm9sbCB0aGUgZGljZSB3aXRoIHlvdXIgY2hhb3MgbW9ua2V5IgogICAgICBjb21tYW5kOiAuL2hlbHBlcnMuc2gKICAgICAgYXJndW1lbnRzOgogICAgICAgIC0gY2hhb3NfbW9ua2V5CiAgICAgICAgLSAkeyBidW5kbGUucGFyYW1ldGVycy5jaGFvc19tb25rZXkgfQo=", + "manifest": "IyBUaGlzIGlzIGEgdGVzdCBidW5kbGUgdGhhdCBtYWtlcyBubyBsb2dpY2FsIHNlbnNlLCBidXQgaXQgZG9lcyBleGVyY2lzZSBsb3RzIG9mIGRpZmZlcmVudCBidW5kbGUgZmVhdHVyZXMKCnNjaGVtYVZlcnNpb246IDEuMC4wCm5hbWU6IG15YnVucwp2ZXJzaW9uOiAwLjEuMgpkZXNjcmlwdGlvbjogIkEgdmVyeSB0aG9yb3VnaCB0ZXN0IGJ1bmRsZSIKcmVnaXN0cnk6IGxvY2FsaG9zdDo1MDAwCmRvY2tlcmZpbGU6IERvY2tlcmZpbGUudG1wbAoKcmVxdWlyZWQ6CiAgLSBkb2NrZXIKCmNyZWRlbnRpYWxzOgogIC0gbmFtZTogdXNlcm5hbWUKICAgIGRlc2NyaXB0aW9uOiAiVGhlIG5hbWUgeW91IHdhbnQgb24gdGhlIGF1ZGl0IGxvZyIKICAgIGVudjogVVNFUk5BTUUKCnBhcmFtZXRlcnM6CiAgLSBuYW1lOiBsb2dfbGV2ZWwKICAgIGRlc2NyaXB0aW9uOiAiSG93IHVuaGVscGZ1bCB3b3VsZCB5b3UgbGlrZSB0aGUgbG9ncyB0byBiZT8iCiAgICB0eXBlOiBpbnRlZ2VyCiAgICBtaW5pbXVtOiAxCiAgICBtYXhpbXVtOiAxMQogICAgZGVmYXVsdDogNQogIC0gbmFtZTogcGFzc3dvcmQKICAgIGRlc2NyaXB0aW9uOiAiVGhlIHN1cGVyIHNlY3JldCBkYXRhIgogICAgdHlwZTogc3RyaW5nCiAgICBkZWZhdWx0OiAiZGVmYXV0bC1zZWNyZXQiCiAgICBzZW5zaXRpdmU6IHRydWUKICAtIG5hbWU6IGNoYW9zX21vbmtleQogICAgZGVzY3JpcHRpb246ICJTZXQgdG8gdHJ1ZSB0byBtYWtlIHRoZSBidW5kbGUgZmFpbCIKICAgIHR5cGU6IGJvb2xlYW4KICAgIGRlZmF1bHQ6IGZhbHNlCiAgLSBuYW1lOiBjZmcKICAgIGRlc2NyaXB0aW9uOiAiQSBqc29uIGNvbmZpZyBmaWxlIgogICAgdHlwZTogZmlsZQogICAgZGVmYXVsdDogJycKICAgIHBhdGg6IGJ1bmNmZy5qc29uCgpvdXRwdXRzOgogIC0gbmFtZTogbXlsb2dzCiAgICBhcHBseVRvOgogICAgICAtIGluc3RhbGwKICAgICAgLSB1cGdyYWRlCiAgLSBuYW1lOiByZXN1bHQKICAgIGFwcGx5VG86CiAgICAgIC0gaW5zdGFsbAogICAgICAtIHVwZ3JhZGUKICAgIHNlbnNpdGl2ZTogdHJ1ZQoKc3RhdGU6CiAgLSBuYW1lOiBtYWdpY19maWxlCiAgICBwYXRoOiBtYWdpYy50eHQKCmRlcGVuZGVuY2llczoKICByZXF1aXJlczoKICAgIC0gbmFtZTogZGIKICAgICAgYnVuZGxlOgogICAgICAgIHJlZmVyZW5jZTogImxvY2FsaG9zdDo1MDAwL215ZGI6djAuMS4wIgogICAgICBwYXJhbWV0ZXJzOgogICAgICAgIGRhdGFiYXNlOiBiaWdkYgoKaW1hZ2VzOgogIHdoYWxlc2F5ZDoKICAgIGRlc2NyaXB0aW9uOiAiV2hhbGVzYXkgYXMgYSBzZXJ2aWNlIgogICAgaW1hZ2VUeXBlOiAiZG9ja2VyIgogICAgcmVwb3NpdG9yeTogY2Fyb2x5bnZzL3doYWxlc2F5ZAogICAgdGFnOiAibGF0ZXN0IgoKbWl4aW5zOgogIC0gZXhlYwoKY3VzdG9tQWN0aW9uczoKICBkcnktcnVuOgogICAgZGVzY3JpcHRpb246ICJNYWtlIHN1cmUgaXQgd2lsbCB3b3JrIGJlZm9yZSB5b3UgcnVuIGl0IgogICAgc3RhdGVsZXNzOiB0cnVlCiAgICBtb2RpZmllczogZmFsc2UKICBzdGF0dXM6CiAgICBkZXNjcmlwdGlvbjogIlByaW50IHRoZSBpbnN0YWxsYXRpb24gc3RhdHVzIgogICAgc3RhdGVsZXNzOiBmYWxzZQogICAgbW9kaWZpZXM6IGZhbHNlCgppbnN0YWxsOgogIC0gZXhlYzoKICAgICAgZGVzY3JpcHRpb246ICJDaGVjayB0aGUgZG9ja2VyIHNvY2tldCIKICAgICAgY29tbWFuZDogc3RhdAogICAgICBhcmd1bWVudHM6CiAgICAgICAgLSAvdmFyL3J1bi9kb2NrZXIuc29jawogIC0gZXhlYzoKICAgICAgZGVzY3JpcHRpb246ICJMZXQncyBtYWtlIHNvbWUgbWFnaWMiCiAgICAgIGNvbW1hbmQ6IC4vaGVscGVycy5zaAogICAgICBhcmd1bWVudHM6CiAgICAgICAgLSBtYWtlTWFnaWMKICAgICAgICAtICIkeyBidW5kbGUuY3JlZGVudGlhbHMudXNlcm5hbWUgfSBpcyBhIHVuaWNvcm4gd2l0aCAkeyBidW5kbGUucGFyYW1ldGVycy5wYXNzd29yZCB9IHNlY3JldC4iCiAgLSBleGVjOgogICAgICBkZXNjcmlwdGlvbjogImluc3RhbGwiCiAgICAgIGNvbW1hbmQ6IC4vaGVscGVycy5zaAogICAgICBhcmd1bWVudHM6CiAgICAgICAgLSBpbnN0YWxsCiAgICAgIG91dHB1dHM6CiAgICAgICAgLSBuYW1lOiBteWxvZ3MKICAgICAgICAgIHJlZ2V4OiAiKC4qKSIKICAtIGV4ZWM6CiAgICAgIGRlc2NyaXB0aW9uOiAicm9sbCB0aGUgZGljZSB3aXRoIHlvdXIgY2hhb3MgbW9ua2V5IgogICAgICBjb21tYW5kOiAuL2hlbHBlcnMuc2gKICAgICAgYXJndW1lbnRzOgogICAgICAgIC0gY2hhb3NfbW9ua2V5CiAgICAgICAgLSAkeyBidW5kbGUucGFyYW1ldGVycy5jaGFvc19tb25rZXkgfQogICAgICBvdXRwdXRzOgogICAgICAgIC0gbmFtZTogcmVzdWx0CiAgICAgICAgICByZWdleDogIiguKikiCgpkcnktcnVuOgogIC0gZXhlYzoKICAgICAgZGVzY3JpcHRpb246ICJDaGVjayBzb21lIHRoaW5ncyIKICAgICAgY29tbWFuZDogZWNobwogICAgICBhcmd1bWVudHM6CiAgICAgICAgLSAiQWxsIGNsZWFyISIKCnN0YXR1czoKICAtIGV4ZWM6CiAgICAgIGRlc2NyaXB0aW9uOiAiUHJpbnQgY29uZmlnIgogICAgICBjb21tYW5kOiBjYXQKICAgICAgYXJndW1lbnRzOgogICAgICAgIC0gJHsgYnVuZGxlLnBhcmFtZXRlcnMuY2ZnIH0KICAtIGV4ZWM6CiAgICAgIGRlc2NyaXB0aW9uOiAiUHJpbnQgbWFnaWMiCiAgICAgIGNvbW1hbmQ6IGNhdAogICAgICBhcmd1bWVudHM6CiAgICAgICAgLSBtYWdpYy50eHQKCmJvb206CiAgLSBleGVjOgogICAgICBkZXNjcmlwdGlvbjogIm1vZGlmeSB0aGUgYnVuZGxlIGluIHVua25vd2FibGUgd2F5cyIKICAgICAgY29tbWFuZDogZWNobwogICAgICBhcmd1bWVudHM6CiAgICAgICAgLSAiWU9MTyIKCnVwZ3JhZGU6CiAgLSBleGVjOgogICAgICBkZXNjcmlwdGlvbjogIkVuc3VyZSBtYWdpYyIKICAgICAgY29tbWFuZDogLi9oZWxwZXJzLnNoCiAgICAgIGFyZ3VtZW50czoKICAgICAgICAtIGVuc3VyZU1hZ2ljCiAgLSBleGVjOgogICAgICBkZXNjcmlwdGlvbjogInVwZ3JhZGUiCiAgICAgIGNvbW1hbmQ6IC4vaGVscGVycy5zaAogICAgICBhcmd1bWVudHM6CiAgICAgICAgLSB1cGdyYWRlCiAgICAgIG91dHB1dHM6CiAgICAgICAgLSBuYW1lOiBteWxvZ3MKICAgICAgICAgIHJlZ2V4OiAiKC4qKSIKICAtIGV4ZWM6CiAgICAgIGRlc2NyaXB0aW9uOiAicm9sbCB0aGUgZGljZSB3aXRoIHlvdXIgY2hhb3MgbW9ua2V5IgogICAgICBjb21tYW5kOiAuL2hlbHBlcnMuc2gKICAgICAgYXJndW1lbnRzOgogICAgICAgIC0gY2hhb3NfbW9ua2V5CiAgICAgICAgLSAkeyBidW5kbGUucGFyYW1ldGVycy5jaGFvc19tb25rZXkgfQogICAgICBvdXRwdXRzOgogICAgICAgIC0gbmFtZTogcmVzdWx0CiAgICAgICAgICByZWdleDogIiguKikiCgp1bmluc3RhbGw6CiAgLSBleGVjOgogICAgICBkZXNjcmlwdGlvbjogIkVuc3VyZSBNYWdpYyIKICAgICAgY29tbWFuZDogLi9oZWxwZXJzLnNoCiAgICAgIGFyZ3VtZW50czoKICAgICAgICAtIGVuc3VyZU1hZ2ljCiAgLSBleGVjOgogICAgICBkZXNjcmlwdGlvbjogInVuaW5zdGFsbCIKICAgICAgY29tbWFuZDogLi9oZWxwZXJzLnNoCiAgICAgIGFyZ3VtZW50czoKICAgICAgICAtIHVuaW5zdGFsbAogIC0gZXhlYzoKICAgICAgZGVzY3JpcHRpb246ICJyb2xsIHRoZSBkaWNlIHdpdGggeW91ciBjaGFvcyBtb25rZXkiCiAgICAgIGNvbW1hbmQ6IC4vaGVscGVycy5zaAogICAgICBhcmd1bWVudHM6CiAgICAgICAgLSBjaGFvc19tb25rZXkKICAgICAgICAtICR7IGJ1bmRsZS5wYXJhbWV0ZXJzLmNoYW9zX21vbmtleSB9Cg==", "version": "", "commit": "" }, diff --git a/pkg/yaml/yq.go b/pkg/yaml/yq.go index 5fb5ce6ac..d60488535 100644 --- a/pkg/yaml/yq.go +++ b/pkg/yaml/yq.go @@ -106,7 +106,17 @@ func (e *Editor) SetValue(path string, value string) error { cmd := yqlib.UpdateCommand{Command: "update", Path: path, Value: parsedValue, Overwrite: true} err := e.yq.Update(e.node, cmd, true) if err != nil { - return fmt.Errorf("could not update manifest path %q with value %q: %w", path, value, err) + return fmt.Errorf("could not update path %q with value %q: %w", path, value, err) + } + + return nil +} + +func (e *Editor) DeleteNode(path string) error { + cmd := yqlib.UpdateCommand{Command: "delete", Path: path} + err := e.yq.Update(e.node, cmd, true) + if err != nil { + return fmt.Errorf("could not delete path %q: %w", path, err) } return nil diff --git a/tests/smoke/airgap_test.go b/tests/smoke/airgap_test.go index bc869704d..f76c3313b 100644 --- a/tests/smoke/airgap_test.go +++ b/tests/smoke/airgap_test.go @@ -12,7 +12,6 @@ import ( "get.porter.sh/porter/pkg/yaml" "get.porter.sh/porter/tests/testdata" "get.porter.sh/porter/tests/tester" - "github.com/carolynvs/magex/mgx" "github.com/carolynvs/magex/shx" "github.com/cnabio/cnab-go/bundle/loader" "github.com/cnabio/cnab-go/packager" @@ -24,15 +23,31 @@ import ( // and that it works without referencing the old environment/images. // This also validates a lot of our insecure/unsecure registry configurations. func TestAirgappedEnvironment(t *testing.T) { - testcases := []bool{true, false} - for _, useTLS := range testcases { - t.Run(fmt.Sprintf("tls %v", useTLS), func(t *testing.T) { + testcases := []struct { + name string + useTLS bool + useAlias bool + insecure bool + }{ + // Validate we "just work" with an unsecured registry on localhost, just like docker does, without specifying --insecure-registry + {name: "plain http, no alias", useTLS: false, useAlias: false, insecure: false}, + // Validate we can connect to plain http when we can't detect that it's loopback/localhost as long as --insecure-registry is specified + // We do not support docker's extra automagic where it resolves the host and treats it like localhost. You have to specify --insecure-registry with a custom hostname + {name: "plain http, use alias", useTLS: false, useAlias: true, insecure: true}, + // Validate that --insecure-registry works with self-signed certificates + {name: "untrusted tls, no alias", useTLS: false, useAlias: true, insecure: true}, + } + for _, tc := range testcases { + t.Run(tc.name, func(t *testing.T) { + insecureFlag := fmt.Sprintf("--insecure-registry=%t", tc.insecure) + test, err := tester.NewTest(t) defer test.Close() require.NoError(t, err, "test setup failed") + test.Chdir(test.TestDir) // Start a temporary insecure test registry - reg1 := test.StartTestRegistry(tester.TestRegistryOptions{UseTLS: useTLS}) + reg1 := test.StartTestRegistry(tester.TestRegistryOptions{UseTLS: tc.useTLS, UseAlias: tc.useAlias}) // Publish referenced image to the insecure registry // This helps test that we can publish a bundle that references images from multiple registries @@ -48,51 +63,60 @@ func TestAirgappedEnvironment(t *testing.T) { localRefWithDigest := fmt.Sprintf("%s@%s", localRegRepo, digest) // Start a second insecure test registry - reg2 := test.StartTestRegistry(tester.TestRegistryOptions{UseTLS: useTLS}) + reg2 := test.StartTestRegistry(tester.TestRegistryOptions{UseTLS: tc.useTLS, UseAlias: tc.useAlias}) // Edit the bundle so that it's referencing the image on the temporary registry // make sure the referenced image is not in local image cache shx.RunV("docker", "rmi", localRegRef) - originTestBun := filepath.Join(test.RepoRoot, fmt.Sprintf("tests/testdata/%s/porter.yaml", testdata.MyBunsWithImgReference)) - testBun := filepath.Join(test.TestDir, "mybuns-img-reference.yaml") - mgx.Must(shx.Copy(originTestBun, testBun)) - test.EditYaml(testBun, func(yq *yaml.Editor) error { + err = shx.Copy(filepath.Join(test.RepoRoot, fmt.Sprintf("tests/testdata/%s/*", testdata.MyBuns)), test.TestDir) + require.NoError(t, err, "failed to copy test bundle") + test.EditYaml(filepath.Join(test.TestDir, "porter.yaml"), func(yq *yaml.Editor) error { + // Remove the bundle's dependencies to simplify installation + if err := yq.DeleteNode("dependencies"); err != nil { + return err + } + + // Reference our copy of the whalesayd image return yq.SetValue("images.whalesayd.repository", fmt.Sprintf("%s/whalesayd", reg1)) }) // Publish a test bundle that references the image from the temp registry, and push to another insecure registry - test.RequirePorter("publish", "--file", "mybuns-img-reference.yaml", "--dir", test.TestDir, "--registry", reg2.String(), "--insecure-registry") + test.RequirePorter("publish", "--registry", reg2.String(), insecureFlag) + + // Stop the original registry, this ensures that we are relying 100% on the copy of the bundle in the second registry reg1.Close() - origRef := fmt.Sprintf("%s/%s:%s", reg2, testdata.MyBunsWithImgReference, "v0.1.0") - newRef := fmt.Sprintf("%s/%s-second:%s", reg2, testdata.MyBunsWithImgReference, "v0.2.0") // // Try out the two ways to move a bundle between registries: // 1. Copy the bundle from one registry to the other directly // - test.RequirePorter("copy", "--source", origRef, "--destination", newRef, "--insecure-registry") + origRef := fmt.Sprintf("%s/%s:%s", reg2, testdata.MyBuns, "v0.1.2") + newRef := fmt.Sprintf("%s/%s-second:%s", reg2, testdata.MyBuns, "v0.2.0") + test.RequirePorter("copy", "--source", origRef, "--destination", newRef, insecureFlag) // // 2. Use archive + publish to copy the bundle from one registry to the other // - - // Archive the bundle, it should not attempt to hit the first registry archiveFilePath := filepath.Join(test.TestDir, "archive-test.tgz") - test.RequirePorter("archive", archiveFilePath, "--reference", origRef, "--insecure-registry") + test.RequirePorter("archive", archiveFilePath, "--reference", origRef, insecureFlag) relocMap := getRelocationMap(test, archiveFilePath) - require.Equal(test.T, fmt.Sprintf("%s/mybun-with-img-reference@sha256:499f71eec2e3bd78f26c268bbf5b2a65f73b96216fac4a89b86b5ebf115527b6", reg2), relocMap[localRefWithDigest], "expected the relocation entry for the image to be the new published location") + require.Equal(test.T, fmt.Sprintf("%s/mybuns@sha256:499f71eec2e3bd78f26c268bbf5b2a65f73b96216fac4a89b86b5ebf115527b6", reg2), relocMap[localRefWithDigest], "expected the relocation entry for the image to be the new published location") // Publish from the archived bundle to a new repository on the second registry - test.RequirePorter("publish", "--archive", archiveFilePath, "-r", newRef, "--insecure-registry") + test.RequirePorter("publish", "--archive", archiveFilePath, "-r", newRef, insecureFlag) archiveFilePath2 := filepath.Join(test.TestDir, "archive-test2.tgz") // Archive from the new location on the second registry - test.RequirePorter("archive", archiveFilePath2, "--reference", newRef, "--insecure-registry") + test.RequirePorter("archive", archiveFilePath2, "--reference", newRef, insecureFlag) relocMap2 := getRelocationMap(test, archiveFilePath2) - require.Equal(test.T, fmt.Sprintf("%s/mybun-with-img-reference-second@sha256:499f71eec2e3bd78f26c268bbf5b2a65f73b96216fac4a89b86b5ebf115527b6", reg2), relocMap2[localRefWithDigest], "expected the relocation entry for the image to be the new published location") + require.Equal(test.T, fmt.Sprintf("%s/mybuns-second@sha256:499f71eec2e3bd78f26c268bbf5b2a65f73b96216fac4a89b86b5ebf115527b6", reg2), relocMap2[localRefWithDigest], "expected the relocation entry for the image to be the new published location") // Validate that we can pull the bundle from the new location test.RequirePorter("explain", newRef) + + // Validate that we can install from the new location + test.ApplyTestBundlePrerequisites() + test.RequirePorter("install", "-r", newRef, insecureFlag, "-c=mybuns", "-p=mybuns") }) } } diff --git a/tests/testdata/helpers.go b/tests/testdata/helpers.go index b9287eabf..0885349e8 100644 --- a/tests/testdata/helpers.go +++ b/tests/testdata/helpers.go @@ -12,7 +12,4 @@ const ( // MyDbRef is the full reference to the mydb test bundle. MyDbRef = "localhost:5000/mydb:v0.1.0" - - // MyBunsWithImgReference is the test bundle that contains image reference. - MyBunsWithImgReference = "mybun-with-img-reference" ) diff --git a/tests/testdata/mybun-with-img-reference/porter.yaml b/tests/testdata/mybun-with-img-reference/porter.yaml deleted file mode 100644 index 81ec0917f..000000000 --- a/tests/testdata/mybun-with-img-reference/porter.yaml +++ /dev/null @@ -1,24 +0,0 @@ -schemaVersion: 1.0.0-alpha.1 -name: mybun-with-img-reference -version: 0.1.0 -description: "An example Porter configuration that contains image reference" -registry: "localhost:5000" - -images: - whalesayd: - description: "Whalesay as a service" - imageType: "docker" - repository: localhost:5000/whalesayd - tag: "latest" - -mixins: - - exec -install: - - exec: - description: "Install Hello World" -upgrade: - - exec: - description: "World 2.0" -uninstall: - - exec: - description: "Uninstall Hello World" diff --git a/tests/testdata/mybuns/porter.yaml b/tests/testdata/mybuns/porter.yaml index 875099d5d..1ab92f3be 100644 --- a/tests/testdata/mybuns/porter.yaml +++ b/tests/testdata/mybuns/porter.yaml @@ -60,6 +60,13 @@ dependencies: parameters: database: bigdb +images: + whalesayd: + description: "Whalesay as a service" + imageType: "docker" + repository: carolynvs/whalesayd + tag: "latest" + mixins: - exec @@ -103,7 +110,6 @@ install: - name: result regex: "(.*)" - dry-run: - exec: description: "Check some things" diff --git a/tests/tester/helpers.go b/tests/tester/helpers.go index 8b8e36fc8..c605ffb04 100644 --- a/tests/tester/helpers.go +++ b/tests/tester/helpers.go @@ -15,17 +15,21 @@ import ( "github.com/stretchr/testify/require" ) -// PrepareTestBundle ensures that the mybuns test bundle has been built. +// PrepareTestBundle ensures that the mybuns test bundle is ready to use. func (t Tester) PrepareTestBundle() { - // These are environment variables referenced by the mybuns credential set - os.Setenv("USER", "porterci") - os.Setenv("ALT_USER", "porterci2") - // Build and publish an interesting test bundle and its dependency t.MakeTestBundle(testdata.MyDb, testdata.MyDbRef) t.MakeTestBundle(testdata.MyBuns, testdata.MyBunsRef) - // Import a parameter and credential set for the bundle into the global namespace + t.ApplyTestBundlePrerequisites() +} + +// ApplyTestBundlePrerequisites ensures that anything required by the test bundle, mybuns, is ready to use. +func (t Tester) ApplyTestBundlePrerequisites() { + // These are environment variables referenced by the mybuns credential set + os.Setenv("USER", "porterci") + os.Setenv("ALT_USER", "porterci2") + t.RequirePorter("parameters", "apply", filepath.Join(t.RepoRoot, "tests/testdata/params/mybuns.yaml"), "--namespace=") t.RequirePorter("credentials", "apply", filepath.Join(t.RepoRoot, "tests/testdata/creds/mybuns.yaml"), "--namespace=") } diff --git a/tests/tester/test_registry.go b/tests/tester/test_registry.go index 785166c2f..169d49de6 100644 --- a/tests/tester/test_registry.go +++ b/tests/tester/test_registry.go @@ -11,7 +11,7 @@ import ( "github.com/stretchr/testify/require" ) -// TestRegistryHostAlias is the environment variable that contains a pre-configured +// TestRegistryAlias is the environment variable that contains a pre-configured // hostname alias that can be used to access localhost. This environment variable // is only set in on the linux and macos CI agents so that we can test a variant // of communicating with a registry that is unsecured but is not obviously "localhost" or 127.0.0.1. @@ -19,7 +19,12 @@ const TestRegistryAlias = "PORTER_TEST_REGISTRY_ALIAS" // TestRegistryOptions controls how a test registry is run. type TestRegistryOptions struct { + // UseTLS indicates the registry should use http, secured with a self-signed certificate. UseTLS bool + + // UseAlias indicates that when the TestRegistryAlias environment variable is set, + // the registry address use the hostname alias, and not localhost. + UseAlias bool } // TestRegistry is a temporary registry that is stopped when the test completes. @@ -85,7 +90,10 @@ func (t Tester) StartTestRegistry(opts TestRegistryOptions) *TestRegistry { require.NoError(t.T, err, "Could not get the published port of the temporary registry") // Determine if we have a hostname alias set up for the registry - hostname := os.Getenv(TestRegistryAlias) + var hostname string + if opts.UseAlias { + hostname = os.Getenv(TestRegistryAlias) + } if hostname == "" { hostname = "localhost" }