Skip to content

Commit

Permalink
image-rs: fix integration test
Browse files Browse the repository at this point in the history
Signed-off-by: Xynnn007 <[email protected]>
  • Loading branch information
Xynnn007 committed Sep 6, 2024
1 parent d8dd359 commit b4b8288
Show file tree
Hide file tree
Showing 4 changed files with 20 additions and 59 deletions.
9 changes: 0 additions & 9 deletions image-rs/tests/common/mod.rs
Original file line number Diff line number Diff line change
Expand Up @@ -5,7 +5,6 @@
//

use anyhow::Result;
use image_rs::image::IMAGE_SECURITY_CONFIG_DIR;
use std::path::Path;
use tokio::process::{Child, Command};

Expand Down Expand Up @@ -123,11 +122,3 @@ pub fn umount_bundle(bundle_dir: &tempfile::TempDir) {
let rootfs_path = bundle_dir.path().join("rootfs");
nix::mount::umount(&rootfs_path).expect("failed to umount rootfs");
}

pub async fn clean_configs() -> Result<()> {
if Path::new(IMAGE_SECURITY_CONFIG_DIR).exists() {
tokio::fs::remove_dir_all(IMAGE_SECURITY_CONFIG_DIR).await?;
}

Ok(())
}
21 changes: 7 additions & 14 deletions image-rs/tests/credential.rs
Original file line number Diff line number Diff line change
Expand Up @@ -6,7 +6,7 @@
pub mod common;

#[cfg(all(
feature = "getresource",
feature = "kbs",
any(feature = "keywrap-ttrpc", feature = "keywrap-grpc")
))]
#[rstest::rstest]
Expand All @@ -22,23 +22,16 @@ async fn test_use_credential(#[case] image_ref: &str, #[case] auth_file_uri: &st
.await
.expect("Failed to start confidential data hub!");

// clean former test files, which is needed to prevent
// lint from warning dead code.
common::clean_configs()
.await
.expect("Delete configs failed.");

let work_dir = tempfile::tempdir().unwrap();

// a new client for every pulling, avoid effection
// of cache of old client.
let mut image_client = image_rs::image::ImageClient::new(work_dir.path().to_path_buf());

// enable container auth
image_client.config.auth = true;

// set credential file uri
image_client.config.file_paths.auth_file = auth_file_uri.into();
let mut image_client = image_rs::builder::ClientBuilder::default()
.authenticated_registry_credentials_uri(auth_file_uri.to_string())
.work_dir(work_dir.into_path())
.build()
.await
.unwrap();

let bundle_dir = tempfile::tempdir().unwrap();

Expand Down
19 changes: 3 additions & 16 deletions image-rs/tests/image_decryption.rs
Original file line number Diff line number Diff line change
Expand Up @@ -9,23 +9,15 @@
pub mod common;

/// Ocicrypt-rs config for grpc
#[cfg(all(
feature = "getresource",
feature = "encryption",
feature = "keywrap-grpc"
))]
#[cfg(all(feature = "kbs", feature = "encryption", feature = "keywrap-grpc"))]
const OCICRYPT_CONFIG: &str = "test_data/ocicrypt_keyprovider_grpc.conf";

/// Ocicrypt-rs config for ttrpc
#[cfg(all(
feature = "getresource",
feature = "encryption",
feature = "keywrap-ttrpc"
))]
#[cfg(all(feature = "kbs", feature = "encryption", feature = "keywrap-ttrpc"))]
const OCICRYPT_CONFIG: &str = "test_data/ocicrypt_keyprovider_ttrpc.conf";

#[cfg(all(
feature = "getresource",
feature = "kbs",
feature = "encryption",
any(feature = "keywrap-ttrpc", feature = "keywrap-grpc")
))]
Expand All @@ -52,11 +44,6 @@ async fn test_decrypt_layers(#[case] image: &str) {
let work_dir = tempfile::tempdir().unwrap();
let bundle_dir = tempfile::tempdir().unwrap();

// clean former test files, which is needed to prevent
// lint from warning dead code.
common::clean_configs()
.await
.expect("Delete configs failed.");
let mut image_client = image_rs::image::ImageClient::new(work_dir.path().to_path_buf());
if cfg!(feature = "snapshot-overlayfs") {
image_client
Expand Down
30 changes: 10 additions & 20 deletions image-rs/tests/signature_verification.rs
Original file line number Diff line number Diff line change
Expand Up @@ -102,13 +102,13 @@ const _TESTS_XRSS: [_TestItem; _TEST_ITEMS_XRSS] = [
];

#[cfg(all(
feature = "getresource",
feature = "kbs",
any(feature = "keywrap-ttrpc", feature = "keywrap-grpc")
))]
const POLICY_URI: &str = "kbs:///default/security-policy/test";

#[cfg(all(
feature = "getresource",
feature = "kbs",
any(feature = "keywrap-ttrpc", feature = "keywrap-grpc")
))]
const SIGSTORE_CONFIG_URI: &str = "kbs:///default/sigstore-config/test";
Expand All @@ -117,7 +117,7 @@ const SIGSTORE_CONFIG_URI: &str = "kbs:///default/sigstore-config/test";
/// uses cosign (type: sigstoreSigned), even if the image being pulled is not signed using cosign.
/// https://github.com/confidential-containers/guest-components/blob/main/attestation-agent/kbc/src/sample_kbc/policy.json
#[cfg(all(
feature = "getresource",
feature = "kbs",
any(feature = "keywrap-ttrpc", feature = "keywrap-grpc")
))]
#[tokio::test]
Expand All @@ -128,7 +128,7 @@ async fn signature_verification() {

#[cfg(all(
feature = "signature-simple-xrss",
feature = "getresource",
feature = "kbs",
any(feature = "keywrap-ttrpc", feature = "keywrap-grpc")
))]
#[tokio::test]
Expand Down Expand Up @@ -157,7 +157,7 @@ async fn signature_verification_xrss() {
}

#[cfg(all(
feature = "getresource",
feature = "kbs",
any(feature = "keywrap-ttrpc", feature = "keywrap-grpc")
))]
async fn do_signature_verification_tests(
Expand All @@ -177,29 +177,19 @@ async fn do_signature_verification_tests(
test_auth_info = &None;
}

// clean former test files
common::clean_configs()
.await
.expect("Delete configs failed.");

// Init tempdirs
let work_dir = tempfile::tempdir().unwrap();

// a new client for every pulling, avoid effection
// of cache of old client.
let mut image_client = image_rs::image::ImageClient::new(work_dir.path().to_path_buf());

// enable signature verification
image_client.config.security_validate = true;

// set the image security policy
image_client.config.file_paths.policy_path = POLICY_URI.into();
let mut client_builder = image_rs::builder::ClientBuilder::default()
.image_security_policy_uri(POLICY_URI.to_string())
.work_dir(work_dir.into_path());

#[cfg(feature = "signature-simple")]
{
image_client.config.file_paths.sigstore_config = SIGSTORE_CONFIG_URI.into();
client_builder = client_builder.sigstore_config_uri(SIGSTORE_CONFIG_URI.into());
}

let mut image_client = client_builder.build().await.unwrap();
let bundle_dir = tempfile::tempdir().unwrap();

let _res = image_client
Expand Down

0 comments on commit b4b8288

Please sign in to comment.