forked from openshift/origin
-
Notifications
You must be signed in to change notification settings - Fork 0
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Fix and re-enable test/extended/images/signatures.go
- Use docker:// instead of atomic:, as recommended back in openshift#21782 (comment) openshift#21782 (comment) - Then re-enable the test Signed-off-by: Miloslav Trmač <[email protected]>
- Loading branch information
Showing
1 changed file
with
8 additions
and
6 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
|
|
@@ -22,7 +22,6 @@ var _ = g.Describe("[sig-imageregistry][Serial][Suite:openshift/registry/serial] | |
| ) | ||
|
|
||
| g.It("can push a signed image to openshift registry and verify it", func() { | ||
| g.Skip("disable because containers/image: https://github.com/containers/image/pull/570") | ||
| g.By("building a signer image that knows how to sign images") | ||
| output, err := oc.Run("create").Args("-f", signerBuildFixture).Output() | ||
| if err != nil { | ||
|
|
@@ -83,24 +82,27 @@ var _ = g.Describe("[sig-imageregistry][Serial][Suite:openshift/registry/serial] | |
| o.Expect(err).NotTo(o.HaveOccurred()) | ||
| o.Expect(out).To(o.ContainSubstring("keyring `/var/lib/origin/gnupg/secring.gpg' created")) | ||
|
|
||
| // Create kubeconfig for skopeo | ||
| // Create kubeconfig for oc | ||
| g.By("logging as a test user") | ||
| out, err = pod.Exec("oc login https://$KUBERNETES_SERVICE_HOST:$KUBERNETES_SERVICE_PORT --token=" + token + " --certificate-authority=/run/secrets/kubernetes.io/serviceaccount/ca.crt") | ||
| o.Expect(err).NotTo(o.HaveOccurred()) | ||
| o.Expect(out).To(o.ContainSubstring("Logged in")) | ||
|
|
||
| // Sign and copy the memcached image into target image stream tag | ||
| // TODO: Fix skopeo to pickup the Kubernetes environment variables (remove the $KUBERNETES_MASTER) | ||
| g.By("signing the memcached:latest image and pushing it into openshift registry") | ||
| out, err = pod.Exec(strings.Join([]string{ | ||
| "KUBERNETES_MASTER=https://$KUBERNETES_SERVICE_HOST:$KUBERNETES_SERVICE_PORT", | ||
| "GNUPGHOME=/var/lib/origin/gnupg", | ||
| "skopeo", "--debug", "copy", "--sign-by", "[email protected]", | ||
| "skopeo", "--debug", | ||
| // Disable the default-docker: file sigstore default in /etc/containers/registries.d, so that the X-Registry-Supports-Signatures protocol is used. | ||
| // Newer versions of Skopeo default to X-R-S-S if present, this test (as of 2020-02) uses skopeo-0.1.40-11.el7_8.x86_64, which defaults to sigstore. | ||
| "--registries.d", "/this/does/not/exist", | ||
|
|
||
| "copy", "--sign-by", "[email protected]", | ||
| "--dest-creds=" + user + ":" + token, | ||
| // TODO: test with this turned to true as well | ||
| "--dest-tls-verify=false", | ||
| "docker://docker.io/library/memcached:latest", | ||
| "atomic:" + signedImage, | ||
| "docker://" + signedImage, | ||
| }, " ")) | ||
| fmt.Fprintf(g.GinkgoWriter, "output: %s\n", out) | ||
| o.Expect(err).NotTo(o.HaveOccurred()) | ||
|
|
||