From b4b8288e6eabb6737d0b0a6de87e0474da9cb924 Mon Sep 17 00:00:00 2001 From: Xynnn007 Date: Fri, 6 Sep 2024 17:19:05 +0800 Subject: [PATCH] image-rs: fix integration test Signed-off-by: Xynnn007 --- image-rs/tests/common/mod.rs | 9 ------- image-rs/tests/credential.rs | 21 ++++++----------- image-rs/tests/image_decryption.rs | 19 +++------------ image-rs/tests/signature_verification.rs | 30 ++++++++---------------- 4 files changed, 20 insertions(+), 59 deletions(-) diff --git a/image-rs/tests/common/mod.rs b/image-rs/tests/common/mod.rs index faf9448bc..bf6b15b84 100644 --- a/image-rs/tests/common/mod.rs +++ b/image-rs/tests/common/mod.rs @@ -5,7 +5,6 @@ // use anyhow::Result; -use image_rs::image::IMAGE_SECURITY_CONFIG_DIR; use std::path::Path; use tokio::process::{Child, Command}; @@ -123,11 +122,3 @@ pub fn umount_bundle(bundle_dir: &tempfile::TempDir) { let rootfs_path = bundle_dir.path().join("rootfs"); nix::mount::umount(&rootfs_path).expect("failed to umount rootfs"); } - -pub async fn clean_configs() -> Result<()> { - if Path::new(IMAGE_SECURITY_CONFIG_DIR).exists() { - tokio::fs::remove_dir_all(IMAGE_SECURITY_CONFIG_DIR).await?; - } - - Ok(()) -} diff --git a/image-rs/tests/credential.rs b/image-rs/tests/credential.rs index b102af191..c04e81fe1 100644 --- a/image-rs/tests/credential.rs +++ b/image-rs/tests/credential.rs @@ -6,7 +6,7 @@ pub mod common; #[cfg(all( - feature = "getresource", + feature = "kbs", any(feature = "keywrap-ttrpc", feature = "keywrap-grpc") ))] #[rstest::rstest] @@ -22,23 +22,16 @@ async fn test_use_credential(#[case] image_ref: &str, #[case] auth_file_uri: &st .await .expect("Failed to start confidential data hub!"); - // clean former test files, which is needed to prevent - // lint from warning dead code. - common::clean_configs() - .await - .expect("Delete configs failed."); - let work_dir = tempfile::tempdir().unwrap(); // a new client for every pulling, avoid effection // of cache of old client. - let mut image_client = image_rs::image::ImageClient::new(work_dir.path().to_path_buf()); - - // enable container auth - image_client.config.auth = true; - - // set credential file uri - image_client.config.file_paths.auth_file = auth_file_uri.into(); + let mut image_client = image_rs::builder::ClientBuilder::default() + .authenticated_registry_credentials_uri(auth_file_uri.to_string()) + .work_dir(work_dir.into_path()) + .build() + .await + .unwrap(); let bundle_dir = tempfile::tempdir().unwrap(); diff --git a/image-rs/tests/image_decryption.rs b/image-rs/tests/image_decryption.rs index 6650d099c..d66595e0f 100644 --- a/image-rs/tests/image_decryption.rs +++ b/image-rs/tests/image_decryption.rs @@ -9,23 +9,15 @@ pub mod common; /// Ocicrypt-rs config for grpc -#[cfg(all( - feature = "getresource", - feature = "encryption", - feature = "keywrap-grpc" -))] +#[cfg(all(feature = "kbs", feature = "encryption", feature = "keywrap-grpc"))] const OCICRYPT_CONFIG: &str = "test_data/ocicrypt_keyprovider_grpc.conf"; /// Ocicrypt-rs config for ttrpc -#[cfg(all( - feature = "getresource", - feature = "encryption", - feature = "keywrap-ttrpc" -))] +#[cfg(all(feature = "kbs", feature = "encryption", feature = "keywrap-ttrpc"))] const OCICRYPT_CONFIG: &str = "test_data/ocicrypt_keyprovider_ttrpc.conf"; #[cfg(all( - feature = "getresource", + feature = "kbs", feature = "encryption", any(feature = "keywrap-ttrpc", feature = "keywrap-grpc") ))] @@ -52,11 +44,6 @@ async fn test_decrypt_layers(#[case] image: &str) { let work_dir = tempfile::tempdir().unwrap(); let bundle_dir = tempfile::tempdir().unwrap(); - // clean former test files, which is needed to prevent - // lint from warning dead code. - common::clean_configs() - .await - .expect("Delete configs failed."); let mut image_client = image_rs::image::ImageClient::new(work_dir.path().to_path_buf()); if cfg!(feature = "snapshot-overlayfs") { image_client diff --git a/image-rs/tests/signature_verification.rs b/image-rs/tests/signature_verification.rs index d5e1168cd..839b7f617 100644 --- a/image-rs/tests/signature_verification.rs +++ b/image-rs/tests/signature_verification.rs @@ -102,13 +102,13 @@ const _TESTS_XRSS: [_TestItem; _TEST_ITEMS_XRSS] = [ ]; #[cfg(all( - feature = "getresource", + feature = "kbs", any(feature = "keywrap-ttrpc", feature = "keywrap-grpc") ))] const POLICY_URI: &str = "kbs:///default/security-policy/test"; #[cfg(all( - feature = "getresource", + feature = "kbs", any(feature = "keywrap-ttrpc", feature = "keywrap-grpc") ))] const SIGSTORE_CONFIG_URI: &str = "kbs:///default/sigstore-config/test"; @@ -117,7 +117,7 @@ const SIGSTORE_CONFIG_URI: &str = "kbs:///default/sigstore-config/test"; /// uses cosign (type: sigstoreSigned), even if the image being pulled is not signed using cosign. /// https://github.com/confidential-containers/guest-components/blob/main/attestation-agent/kbc/src/sample_kbc/policy.json #[cfg(all( - feature = "getresource", + feature = "kbs", any(feature = "keywrap-ttrpc", feature = "keywrap-grpc") ))] #[tokio::test] @@ -128,7 +128,7 @@ async fn signature_verification() { #[cfg(all( feature = "signature-simple-xrss", - feature = "getresource", + feature = "kbs", any(feature = "keywrap-ttrpc", feature = "keywrap-grpc") ))] #[tokio::test] @@ -157,7 +157,7 @@ async fn signature_verification_xrss() { } #[cfg(all( - feature = "getresource", + feature = "kbs", any(feature = "keywrap-ttrpc", feature = "keywrap-grpc") ))] async fn do_signature_verification_tests( @@ -177,29 +177,19 @@ async fn do_signature_verification_tests( test_auth_info = &None; } - // clean former test files - common::clean_configs() - .await - .expect("Delete configs failed."); - // Init tempdirs let work_dir = tempfile::tempdir().unwrap(); - // a new client for every pulling, avoid effection - // of cache of old client. - let mut image_client = image_rs::image::ImageClient::new(work_dir.path().to_path_buf()); - - // enable signature verification - image_client.config.security_validate = true; - - // set the image security policy - image_client.config.file_paths.policy_path = POLICY_URI.into(); + let mut client_builder = image_rs::builder::ClientBuilder::default() + .image_security_policy_uri(POLICY_URI.to_string()) + .work_dir(work_dir.into_path()); #[cfg(feature = "signature-simple")] { - image_client.config.file_paths.sigstore_config = SIGSTORE_CONFIG_URI.into(); + client_builder = client_builder.sigstore_config_uri(SIGSTORE_CONFIG_URI.into()); } + let mut image_client = client_builder.build().await.unwrap(); let bundle_dir = tempfile::tempdir().unwrap(); let _res = image_client