diff --git a/Makefile b/Makefile index 9a163add6..acf0f2b91 100644 --- a/Makefile +++ b/Makefile @@ -145,6 +145,8 @@ check-licenses: clean: rm -f bin/z* rm -rf hack + rm -rf test/data/zot-test + rm -rf test/data/zot-cve-test .PHONY: run run: binary test diff --git a/pkg/api/controller_test.go b/pkg/api/controller_test.go index 032902b6f..4a435614b 100644 --- a/pkg/api/controller_test.go +++ b/pkg/api/controller_test.go @@ -2696,15 +2696,18 @@ func TestCrossRepoMount(t *testing.T) { test.WaitTillServerReady(baseURL) params := make(map[string]string) - digest := "sha256:63a795ca90aa6e7cca60941e826810a4cd0a2e73ea02bf458241df2a5c973e29" - dgst := godigest.Digest(digest) + + var manifestDigest godigest.Digest + manifestDigest, _, _ = test.GetOciLayoutDigests("../../test/data/zot-cve-test") + + dgst := manifestDigest name := "zot-cve-test" - params["mount"] = digest + params["mount"] = string(manifestDigest) params["from"] = name client := resty.New() headResponse, err := client.R().SetBasicAuth(username, passphrase). - Head(fmt.Sprintf("%s/v2/%s/blobs/%s", baseURL, name, digest)) + Head(fmt.Sprintf("%s/v2/%s/blobs/%s", baseURL, name, manifestDigest)) So(err, ShouldBeNil) So(headResponse.StatusCode(), ShouldEqual, http.StatusOK) @@ -2729,7 +2732,7 @@ func TestCrossRepoMount(t *testing.T) { // Use correct request // This is correct request but it will return 202 because blob is not present in cache. - params["mount"] = digest + params["mount"] = string(manifestDigest) postResponse, err = client.R(). SetBasicAuth(username, passphrase).SetQueryParams(params). Post(baseURL + "/v2/zot-c-test/blobs/uploads/") @@ -2751,7 +2754,7 @@ func TestCrossRepoMount(t *testing.T) { So(postResponse.StatusCode(), ShouldEqual, http.StatusAccepted) headResponse, err = client.R().SetBasicAuth(username, passphrase). - Head(fmt.Sprintf("%s/v2/zot-cv-test/blobs/%s", baseURL, digest)) + Head(fmt.Sprintf("%s/v2/zot-cv-test/blobs/%s", baseURL, manifestDigest)) So(err, ShouldBeNil) So(headResponse.StatusCode(), ShouldEqual, http.StatusNotFound) @@ -2766,9 +2769,7 @@ func TestCrossRepoMount(t *testing.T) { So(err, ShouldBeNil) So(postResponse.StatusCode(), ShouldEqual, http.StatusNotFound) - digest = "sha256:63a795ca90aa6e7cca60941e826810a4cd0a2e73ea02bf458241df2a5c973e29" - - blob := "63a795ca90aa6e7cca60941e826810a4cd0a2e73ea02bf458241df2a5c973e29" + blob := manifestDigest.Encoded() buf, err := ioutil.ReadFile(path.Join(ctlr.Config.Storage.RootDirectory, "zot-cve-test/blobs/sha256/"+blob)) if err != nil { @@ -2785,7 +2786,7 @@ func TestCrossRepoMount(t *testing.T) { // in cache, now try mount blob request status and it should be 201 because now blob is present in cache // and it should do hard link. - params["mount"] = digest + params["mount"] = string(manifestDigest) postResponse, err = client.R(). SetBasicAuth(username, passphrase).SetQueryParams(params). Post(baseURL + "/v2/zot-mount-test/blobs/uploads/") @@ -2807,7 +2808,7 @@ func TestCrossRepoMount(t *testing.T) { // Now try another mount request and this time it should be from above uploaded repo i.e zot-mount-test // mount request should pass and should return 201. - params["mount"] = digest + params["mount"] = string(manifestDigest) params["from"] = "zot-mount-test" postResponse, err = client.R(). SetBasicAuth(username, passphrase).SetQueryParams(params). @@ -2823,7 +2824,7 @@ func TestCrossRepoMount(t *testing.T) { So(os.SameFile(cacheFi, linkFi), ShouldEqual, true) headResponse, err = client.R().SetBasicAuth(username, passphrase). - Head(fmt.Sprintf("%s/v2/zot-cv-test/blobs/%s", baseURL, digest)) + Head(fmt.Sprintf("%s/v2/zot-cv-test/blobs/%s", baseURL, manifestDigest)) So(err, ShouldBeNil) So(headResponse.StatusCode(), ShouldEqual, http.StatusOK) diff --git a/pkg/extensions/scrub/scrub_test.go b/pkg/extensions/scrub/scrub_test.go index 069b0bb83..ca8477a02 100644 --- a/pkg/extensions/scrub/scrub_test.go +++ b/pkg/extensions/scrub/scrub_test.go @@ -11,6 +11,7 @@ import ( "testing" "time" + "github.com/opencontainers/go-digest" . "github.com/smartystreets/goconvey/convey" "gopkg.in/resty.v1" "zotregistry.io/zot/pkg/api" @@ -111,9 +112,10 @@ func TestScrubExtension(t *testing.T) { if err != nil { panic(err) } + var manifestDigest digest.Digest + manifestDigest, _, _ = test.GetOciLayoutDigests("../../../test/data/zot-test") - err = os.Remove(path.Join(dir, repoName, "blobs/sha256", - "2bacca16b9df395fc855c14ccf50b12b58d35d468b8e7f25758aff90f89bf396")) + err = os.Remove(path.Join(dir, repoName, "blobs/sha256", manifestDigest.Encoded())) if err != nil { panic(err) } diff --git a/pkg/extensions/search/common/common_test.go b/pkg/extensions/search/common/common_test.go index 765ea2b93..ede7cfd02 100644 --- a/pkg/extensions/search/common/common_test.go +++ b/pkg/extensions/search/common/common_test.go @@ -11,6 +11,7 @@ import ( "testing" "time" + "github.com/opencontainers/go-digest" ispec "github.com/opencontainers/image-spec/specs-go/v1" . "github.com/smartystreets/goconvey/convey" "gopkg.in/resty.v1" @@ -271,9 +272,12 @@ func TestLatestTagSearchHTTP(t *testing.T) { panic(err) } + var manifestDigest digest.Digest + var configDigest digest.Digest + manifestDigest, configDigest, _ = GetOciLayoutDigests("../../../../test/data/zot-test") + // Delete config blob and try. - err = os.Remove(path.Join(subRootDir, "zot-test/blobs/sha256", - "adf3bb6cc81f8bd6a9d5233be5f0c1a4f1e3ed1cf5bbdfad7708cc8d4099b741")) + err = os.Remove(path.Join(subRootDir, "zot-test/blobs/sha256", configDigest.Encoded())) if err != nil { panic(err) } @@ -284,7 +288,7 @@ func TestLatestTagSearchHTTP(t *testing.T) { So(resp.StatusCode(), ShouldEqual, 200) err = os.Remove(path.Join(subRootDir, "zot-test/blobs/sha256", - "2bacca16b9df395fc855c14ccf50b12b58d35d468b8e7f25758aff90f89bf396")) + manifestDigest.Encoded())) if err != nil { panic(err) } @@ -294,8 +298,7 @@ func TestLatestTagSearchHTTP(t *testing.T) { So(err, ShouldBeNil) So(resp.StatusCode(), ShouldEqual, 200) - err = os.Remove(path.Join(rootDir, "zot-test/blobs/sha256", - "adf3bb6cc81f8bd6a9d5233be5f0c1a4f1e3ed1cf5bbdfad7708cc8d4099b741")) + err = os.Remove(path.Join(rootDir, "zot-test/blobs/sha256", configDigest.Encoded())) if err != nil { panic(err) } @@ -306,8 +309,7 @@ func TestLatestTagSearchHTTP(t *testing.T) { So(resp.StatusCode(), ShouldEqual, 200) // Delete manifest blob also and try - err = os.Remove(path.Join(rootDir, "zot-test/blobs/sha256", - "2bacca16b9df395fc855c14ccf50b12b58d35d468b8e7f25758aff90f89bf396")) + err = os.Remove(path.Join(rootDir, "zot-test/blobs/sha256", manifestDigest.Encoded())) if err != nil { panic(err) } @@ -405,8 +407,10 @@ func TestExpandedRepoInfo(t *testing.T) { So(len(responseStruct.ExpandedRepoInfo.RepoInfo.Manifests), ShouldNotEqual, 0) So(len(responseStruct.ExpandedRepoInfo.RepoInfo.Manifests[0].Layers), ShouldNotEqual, 0) - err = os.Remove(path.Join(rootDir, "zot-test/blobs/sha256", - "2bacca16b9df395fc855c14ccf50b12b58d35d468b8e7f25758aff90f89bf396")) + var manifestDigest digest.Digest + manifestDigest, _, _ = GetOciLayoutDigests("../../../../test/data/zot-test") + + err = os.Remove(path.Join(rootDir, "zot-test/blobs/sha256", manifestDigest.Encoded())) if err != nil { panic(err) } diff --git a/pkg/extensions/search/digest/digest_test.go b/pkg/extensions/search/digest/digest_test.go index ad2d30333..3f66a73af 100644 --- a/pkg/extensions/search/digest/digest_test.go +++ b/pkg/extensions/search/digest/digest_test.go @@ -12,6 +12,7 @@ import ( "testing" "time" + "github.com/opencontainers/go-digest" . "github.com/smartystreets/goconvey/convey" "gopkg.in/resty.v1" "zotregistry.io/zot/pkg/api" @@ -110,19 +111,29 @@ func testSetup() error { func TestDigestInfo(t *testing.T) { Convey("Test image tag", t, func() { // Search by manifest digest - imageTags, err := digestInfo.GetImageTagsByDigest("zot-cve-test", "63a795ca") + var ( + manifestDigest digest.Digest + configDigest digest.Digest + layerDigest digest.Digest + ) + + manifestDigest, _, layerDigest = GetOciLayoutDigests("../../../../test/data/zot-cve-test") + + imageTags, err := digestInfo.GetImageTagsByDigest("zot-cve-test", string(manifestDigest)) So(err, ShouldBeNil) So(len(imageTags), ShouldEqual, 1) So(*imageTags[0], ShouldEqual, "0.0.1") // Search by config digest - imageTags, err = digestInfo.GetImageTagsByDigest("zot-test", "adf3bb6c") + _, configDigest, _ = GetOciLayoutDigests("../../../../test/data/zot-test") + + imageTags, err = digestInfo.GetImageTagsByDigest("zot-test", string(configDigest)) So(err, ShouldBeNil) So(len(imageTags), ShouldEqual, 1) So(*imageTags[0], ShouldEqual, "0.0.1") // Search by layer digest - imageTags, err = digestInfo.GetImageTagsByDigest("zot-cve-test", "7a0437f0") + imageTags, err = digestInfo.GetImageTagsByDigest("zot-cve-test", string(layerDigest)) So(err, ShouldBeNil) So(len(imageTags), ShouldEqual, 1) So(*imageTags[0], ShouldEqual, "0.0.1") @@ -201,9 +212,12 @@ func TestDigestSearchHTTP(t *testing.T) { So(len(responseStruct.ImgListForDigest.Images[0].Tags), ShouldEqual, 1) // Call should return {"data":{"ImageListForDigest":[{"Name":"zot-test","Tags":["0.0.1"]}]}} - // "2bacca16" should match the manifest of 1 image - resp, err = resty.R().Get(baseURL + constants.ExtSearchPrefix + - "?query={ImageListForDigest(id:\"2bacca16\"){Name%20Tags}}") + var layerDigest digest.Digest + var manifestDigest digest.Digest + manifestDigest, _, layerDigest = GetOciLayoutDigests("../../../../test/data/zot-test") + + resp, err = resty.R().Get(baseURL + constants.ExtSearchPrefix + "?query={ImageListForDigest(id:\"" + + string(layerDigest) + "\"){Name%20Tags}}") So(resp, ShouldNotBeNil) So(err, ShouldBeNil) So(resp.StatusCode(), ShouldEqual, 200) @@ -217,9 +231,10 @@ func TestDigestSearchHTTP(t *testing.T) { So(responseStruct.ImgListForDigest.Images[0].Tags[0], ShouldEqual, "0.0.1") // Call should return {"data":{"ImageListForDigest":[{"Name":"zot-test","Tags":["0.0.1"]}]}} - // "adf3bb6c" should match the config of 1 image + resp, err = resty.R().Get(baseURL + constants.ExtSearchPrefix + - "?query={ImageListForDigest(id:\"adf3bb6c\"){Name%20Tags}}") + "?query={ImageListForDigest(id:\"" + + string(manifestDigest) + "\"){Name%20Tags}}") So(resp, ShouldNotBeNil) So(err, ShouldBeNil) So(resp.StatusCode(), ShouldEqual, 200) @@ -233,9 +248,10 @@ func TestDigestSearchHTTP(t *testing.T) { So(responseStruct.ImgListForDigest.Images[0].Tags[0], ShouldEqual, "0.0.1") // Call should return {"data":{"ImageListForDigest":[{"Name":"zot-cve-test","Tags":["0.0.1"]}]}} - // "7a0437f0" should match the layer of 1 image - resp, err = resty.R().Get(baseURL + constants.ExtSearchPrefix + - "?query={ImageListForDigest(id:\"7a0437f0\"){Name%20Tags}}") + + _, _, layerDigest = GetOciLayoutDigests("../../../../test/data/zot-cve-test") + resp, err = resty.R().Get(baseURL + constants.ExtSearchPrefix + "?query={ImageListForDigest(id:\"" + + string(layerDigest) + "\"){Name%20Tags}}") So(resp, ShouldNotBeNil) So(err, ShouldBeNil) So(resp.StatusCode(), ShouldEqual, 200) diff --git a/pkg/log/log_test.go b/pkg/log/log_test.go index 0e84eee79..e21cdddba 100644 --- a/pkg/log/log_test.go +++ b/pkg/log/log_test.go @@ -325,18 +325,18 @@ func TestLogErrors(t *testing.T) { }) } -func TestAuditLogErrors(t *testing.T) { - Convey("Get error with unknown log level", t, func() { +func TestNewAuditLogger(t *testing.T) { + Convey("Get error with unknown audit log level", t, func() { So(func() { _ = log.NewAuditLogger("invalid", "test.out") }, ShouldPanic) }) - Convey("Get error when opening log file", t, func() { + Convey("Get error when opening audit file", t, func() { dir := t.TempDir() - auditLogPath := path.Join(dir, "auditLogFile") - err := ioutil.WriteFile(auditLogPath, []byte{}, 0o000) + logPath := path.Join(dir, "logFile") + err := ioutil.WriteFile(logPath, []byte{}, 0o000) So(err, ShouldBeNil) So(func() { - _ = log.NewAuditLogger(zerolog.DebugLevel.String(), auditLogPath) + _ = log.NewAuditLogger(zerolog.DebugLevel.String(), logPath) }, ShouldPanic) }) } diff --git a/pkg/storage/storage_fs_test.go b/pkg/storage/storage_fs_test.go index 24c786e1d..80f9dc57a 100644 --- a/pkg/storage/storage_fs_test.go +++ b/pkg/storage/storage_fs_test.go @@ -1108,8 +1108,9 @@ func TestGarbageCollectForImageStore(t *testing.T) { panic(err) } - err = os.Remove(path.Join(dir, repoName, "blobs/sha256", - "2bacca16b9df395fc855c14ccf50b12b58d35d468b8e7f25758aff90f89bf396")) + var manifestDigest godigest.Digest + manifestDigest, _, _ = test.GetOciLayoutDigests("../../test/data/zot-test") + err = os.Remove(path.Join(dir, repoName, "blobs/sha256", manifestDigest.Encoded())) if err != nil { panic(err) } diff --git a/pkg/test/common.go b/pkg/test/common.go index 49aeb7b37..cd4e2dde9 100644 --- a/pkg/test/common.go +++ b/pkg/test/common.go @@ -1,6 +1,7 @@ package test import ( + "context" "crypto/rand" "encoding/json" "fmt" @@ -15,6 +16,7 @@ import ( godigest "github.com/opencontainers/go-digest" imagespec "github.com/opencontainers/image-spec/specs-go/v1" + "github.com/opencontainers/umoci" "github.com/phayes/freeport" "gopkg.in/resty.v1" ) @@ -204,3 +206,54 @@ func GetImageConfig() ([]byte, godigest.Digest) { return configBlobContent, configBlobDigestRaw } + +func GetOciLayoutDigests(imagePath string) (godigest.Digest, godigest.Digest, godigest.Digest) { + var ( + manifestDigest godigest.Digest + configDigest godigest.Digest + layerDigest godigest.Digest + ) + + oci, err := umoci.OpenLayout(imagePath) + if err != nil { + panic(err) + } + + defer oci.Close() + + ctxUmoci := context.Background() + + index, err := oci.GetIndex(ctxUmoci) + if err != nil { + panic(err) + } + + for _, manifest := range index.Manifests { + manifestDigest = manifest.Digest + + manifestBlob, err := oci.GetBlob(ctxUmoci, manifest.Digest) + if err != nil { + panic(err) + } + + manifestBuf, err := ioutil.ReadAll(manifestBlob) + if err != nil { + panic(err) + } + + var manifest imagespec.Manifest + + err = json.Unmarshal(manifestBuf, &manifest) + if err != nil { + panic(err) + } + + configDigest = manifest.Config.Digest + + for _, layer := range manifest.Layers { + layerDigest = layer.Digest + } + } + + return manifestDigest, configDigest, layerDigest +} diff --git a/pkg/test/common_test.go b/pkg/test/common_test.go index e4335d8f2..73be5ae90 100644 --- a/pkg/test/common_test.go +++ b/pkg/test/common_test.go @@ -4,11 +4,13 @@ package test_test import ( + "encoding/json" "io/ioutil" "os" "path" "testing" + ispec "github.com/opencontainers/image-spec/specs-go/v1" . "github.com/smartystreets/goconvey/convey" "zotregistry.io/zot/pkg/test" ) @@ -64,3 +66,59 @@ func TestCopyFiles(t *testing.T) { So(err, ShouldNotBeNil) }) } + +func TestGetOciLayoutDigests(t *testing.T) { + dir := t.TempDir() + + Convey("image path is wrong", t, func() { + So(func() { _, _, _ = test.GetOciLayoutDigests("inexistent-image") }, ShouldPanic) + }) + + Convey("no permissions when getting index", t, func() { + err := test.CopyFiles("../../test/data/zot-test", path.Join(dir, "test-index")) + if err != nil { + panic(err) + } + + err = os.Chmod(path.Join(dir, "test-index", "index.json"), 0o000) + if err != nil { + panic(err) + } + + So(func() { _, _, _ = test.GetOciLayoutDigests(path.Join(dir, "test-index")) }, ShouldPanic) + + err = os.Chmod(path.Join(dir, "test-index", "index.json"), 0o755) + if err != nil { + panic(err) + } + }) + + Convey("can't access manifest digest", t, func() { + err := test.CopyFiles("../../test/data/zot-test", path.Join(dir, "test-manifest")) + if err != nil { + panic(err) + } + + buf, err := ioutil.ReadFile(path.Join(dir, "test-manifest", "index.json")) + if err != nil { + panic(err) + } + + var index ispec.Index + if err := json.Unmarshal(buf, &index); err != nil { + panic(err) + } + + err = os.Chmod(path.Join(dir, "test-manifest", "blobs/sha256", index.Manifests[0].Digest.Encoded()), 0o000) + if err != nil { + panic(err) + } + + So(func() { _, _, _ = test.GetOciLayoutDigests(path.Join(dir, "test-manifest")) }, ShouldPanic) + + err = os.Chmod(path.Join(dir, "test-manifest", "blobs/sha256", index.Manifests[0].Digest.Encoded()), 0o755) + if err != nil { + panic(err) + } + }) +}