Главная Обзор Помощь
Регистрация Вход
Apq
/
docker-compose
зеркало из https://github.com/docker/compose.git
1
0
Ответвить 0
Файлы Задачи 0 Вики
Дерево: v5.0.0
Ветки Метки
docker-compose
/
pkg
/
e2e
/
publish_test.go

publish_test.go 8.1 KB
Постоянная ссылка История Исходник

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164 
  1. /*
    2. 

  2.    Copyright 2020 Docker Compose CLI authors
    3. 

  3. 

  4.    Licensed under the Apache License, Version 2.0 (the "License");
    5. 

  5.    you may not use this file except in compliance with the License.
    6. 

  6.    You may obtain a copy of the License at
    7. 

  7. 

  8.        http://www.apache.org/licenses/LICENSE-2.0
    9. 

  9. 

  10.    Unless required by applicable law or agreed to in writing, software
    11. 

  11.    distributed under the License is distributed on an "AS IS" BASIS,
    12. 

  12.    WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
    13. 

  13.    See the License for the specific language governing permissions and
    14. 

  14.    limitations under the License.
    15. 

  15. */
    16. 

  16. 

  17. package e2e
    18. 

  18. 

  19. import (
    20. 

  20. 	"fmt"
    21. 

  21. 	"strings"
    22. 

  22. 	"testing"
    23. 

  23. 

  24. 	"gotest.tools/v3/assert"
    25. 

  25. 	"gotest.tools/v3/icmd"
    26. 

  26. )
    27. 

  27. 

  28. func TestPublishChecks(t *testing.T) {
    29. 

  29. 	c := NewParallelCLI(t)
    30. 

  30. 	const projectName = "compose-e2e-explicit-profiles"
    31. 

  31. 

  32. 	t.Run("publish error env_file", func(t *testing.T) {
    33. 

  33. 		res := c.RunDockerComposeCmdNoCheck(t, "-f", "./fixtures/publish/compose-env-file.yml",
    34. 

  34. 			"-p", projectName, "publish", "test/test")
    35. 

  35. 		res.Assert(t, icmd.Expected{ExitCode: 1, Err: `service "serviceA" has env_file declared.
    36. 

  36. To avoid leaking sensitive data,`})
    37. 

  37. 	})
    38. 

  38. 

  39. 	t.Run("publish multiple errors env_file and environment", func(t *testing.T) {
    40. 

  40. 		res := c.RunDockerComposeCmdNoCheck(t, "-f", "./fixtures/publish/compose-multi-env-config.yml",
    41. 

  41. 			"-p", projectName, "publish", "test/test")
    42. 

  42. 		// we don't in which order the services will be loaded, so we can't predict the order of the error messages
    43. 

  43. 		assert.Assert(t, strings.Contains(res.Combined(), `service "serviceB" has env_file declared.`), res.Combined())
    44. 

  44. 		assert.Assert(t, strings.Contains(res.Combined(), `To avoid leaking sensitive data, you must either explicitly allow the sending of environment variables by using the --with-env flag,
    45. 

  45. or remove sensitive data from your Compose configuration
    46. 

  46. `), res.Combined())
    47. 

  47. 	})
    48. 

  48. 

  49. 	t.Run("publish success environment", func(t *testing.T) {
    50. 

  50. 		res := c.RunDockerComposeCmd(t, "-f", "./fixtures/publish/compose-environment.yml",
    51. 

  51. 			"-p", projectName, "publish", "test/test", "--with-env", "-y", "--dry-run")
    52. 

  52. 		assert.Assert(t, strings.Contains(res.Combined(), "test/test publishing"), res.Combined())
    53. 

  53. 		assert.Assert(t, strings.Contains(res.Combined(), "test/test published"), res.Combined())
    54. 

  54. 	})
    55. 

  55. 

  56. 	t.Run("publish success env_file", func(t *testing.T) {
    57. 

  57. 		res := c.RunDockerComposeCmd(t, "-f", "./fixtures/publish/compose-env-file.yml",
    58. 

  58. 			"-p", projectName, "publish", "test/test", "--with-env", "-y", "--dry-run")
    59. 

  59. 		assert.Assert(t, strings.Contains(res.Combined(), "test/test publishing"), res.Combined())
    60. 

  60. 		assert.Assert(t, strings.Contains(res.Combined(), "test/test published"), res.Combined())
    61. 

  61. 	})
    62. 

  62. 

  63. 	t.Run("publish with extends", func(t *testing.T) {
    64. 

  64. 		res := c.RunDockerComposeCmd(t, "-f", "./fixtures/publish/compose-with-extends.yml",
    65. 

  65. 			"-p", projectName, "publish", "test/test", "--dry-run")
    66. 

  66. 		assert.Assert(t, strings.Contains(res.Combined(), "test/test published"), res.Combined())
    67. 

  67. 	})
    68. 

  68. 

  69. 	t.Run("refuse to publish with bind mount", func(t *testing.T) {
    70. 

  70. 		cmd := c.NewDockerComposeCmd(t, "-f", "./fixtures/publish/compose-bind-mount.yml",
    71. 

  71. 			"-p", projectName, "publish", "test/test", "--dry-run")
    72. 

  72. 		cmd.Stdin = strings.NewReader("n\n")
    73. 

  73. 		res := icmd.RunCmd(cmd)
    74. 

  74. 		res.Assert(t, icmd.Expected{ExitCode: 0})
    75. 

  75. 		out := res.Combined()
    76. 

  76. 		assert.Assert(t, strings.Contains(out, "you are about to publish bind mounts declaration within your OCI artifact."), out)
    77. 

  77. 		assert.Assert(t, strings.Contains(out, "e2e/fixtures/publish:/user-data"), out)
    78. 

  78. 		assert.Assert(t, strings.Contains(out, "Are you ok to publish these bind mount declarations?"), out)
    79. 

  79. 		assert.Assert(t, !strings.Contains(out, "serviceA published"), out)
    80. 

  80. 	})
    81. 

  81. 

  82. 	t.Run("publish with bind mount", func(t *testing.T) {
    83. 

  83. 		cmd := c.NewDockerComposeCmd(t, "-f", "./fixtures/publish/compose-bind-mount.yml",
    84. 

  84. 			"-p", projectName, "publish", "test/test", "--dry-run")
    85. 

  85. 		cmd.Stdin = strings.NewReader("y\n")
    86. 

  86. 		res := icmd.RunCmd(cmd)
    87. 

  87. 		res.Assert(t, icmd.Expected{ExitCode: 0})
    88. 

  88. 		assert.Assert(t, strings.Contains(res.Combined(), "you are about to publish bind mounts declaration within your OCI artifact."), res.Combined())
    89. 

  89. 		assert.Assert(t, strings.Contains(res.Combined(), "Are you ok to publish these bind mount declarations?"), res.Combined())
    90. 

  90. 		assert.Assert(t, strings.Contains(res.Combined(), "e2e/fixtures/publish:/user-data"), res.Combined())
    91. 

  91. 		assert.Assert(t, strings.Contains(res.Combined(), "test/test published"), res.Combined())
    92. 

  92. 	})
    93. 

  93. 

  94. 	t.Run("refuse to publish with build section only", func(t *testing.T) {
    95. 

  95. 		res := c.RunDockerComposeCmdNoCheck(t, "-f", "./fixtures/publish/compose-build-only.yml",
    96. 

  96. 			"-p", projectName, "publish", "test/test", "--with-env", "-y", "--dry-run")
    97. 

  97. 		res.Assert(t, icmd.Expected{ExitCode: 1})
    98. 

  98. 		assert.Assert(t, strings.Contains(res.Combined(), "your Compose stack cannot be published as it only contains a build section for service(s):"), res.Combined())
    99. 

  99. 		assert.Assert(t, strings.Contains(res.Combined(), "serviceA"), res.Combined())
    100. 

  100. 		assert.Assert(t, strings.Contains(res.Combined(), "serviceB"), res.Combined())
    101. 

  101. 	})
    102. 

  102. 

  103. 	t.Run("refuse to publish with local include", func(t *testing.T) {
    104. 

  104. 		res := c.RunDockerComposeCmdNoCheck(t, "-f", "./fixtures/publish/compose-local-include.yml",
    105. 

  105. 			"-p", projectName, "publish", "test/test", "--dry-run")
    106. 

  106. 		res.Assert(t, icmd.Expected{ExitCode: 1, Err: "cannot publish compose file with local includes"})
    107. 

  107. 	})
    108. 

  108. 

  109. 	t.Run("detect sensitive data", func(t *testing.T) {
    110. 

  110. 		cmd := c.NewDockerComposeCmd(t, "-f", "./fixtures/publish/compose-sensitive.yml",
    111. 

  111. 			"-p", projectName, "publish", "test/test", "--with-env", "--dry-run")
    112. 

  112. 		cmd.Stdin = strings.NewReader("n\n")
    113. 

  113. 		res := icmd.RunCmd(cmd)
    114. 

  114. 		res.Assert(t, icmd.Expected{ExitCode: 0})
    115. 

  115. 

  116. 		output := res.Combined()
    117. 

  117. 		assert.Assert(t, strings.Contains(output, "you are about to publish sensitive data within your OCI artifact.\n"), output)
    118. 

  118. 		assert.Assert(t, strings.Contains(output, "please double check that you are not leaking sensitive data"), output)
    119. 

  119. 		assert.Assert(t, strings.Contains(output, "AWS Client ID\n\"services.serviceA.environment.AWS_ACCESS_KEY_ID\": A3TX1234567890ABCDEF"), output)
    120. 

  120. 		assert.Assert(t, strings.Contains(output, "AWS Secret Key\n\"services.serviceA.environment.AWS_SECRET_ACCESS_KEY\": aws\"12345+67890/abcdefghijklm+NOPQRSTUVWXYZ+\""), output)
    121. 

  121. 		assert.Assert(t, strings.Contains(output, "Github authentication\n\"GITHUB_TOKEN\": ghp_1234567890abcdefghijklmnopqrstuvwxyz"), output)
    122. 

  122. 		assert.Assert(t, strings.Contains(output, "JSON Web Token\n\"\": eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9."+
    123. 

  123. 			"eyJzdWIiOiIxMjM0NTY3ODkwIiwibmFtZSI6IkpvaG4gRG9lIiwiaWF0IjoxNTE2MjM5MDIyfQ.SflKxwRJSMeKKF2QT4fwpMeJf36POk6yJV_adQssw"), output)
    124. 

  124. 		assert.Assert(t, strings.Contains(output, "Private Key\n\"\": -----BEGIN DSA PRIVATE KEY-----\nwxyz+ABC=\n-----END DSA PRIVATE KEY-----"), output)
    125. 

  125. 	})
    126. 

  126. }
    127. 

  127. 

  128. func TestPublish(t *testing.T) {
    129. 

  129. 	c := NewParallelCLI(t)
    130. 

  130. 	const projectName = "compose-e2e-publish"
    131. 

  131. 	const registryName = projectName + "-registry"
    132. 

  132. 	c.RunDockerCmd(t, "run", "--name", registryName, "-P", "-d", "registry:3")
    133. 

  133. 	port := c.RunDockerCmd(t, "inspect", "--format", `{{ (index (index .NetworkSettings.Ports "5000/tcp") 0).HostPort }}`, registryName).Stdout()
    134. 

  134. 	registry := "localhost:" + strings.TrimSpace(port)
    135. 

  135. 	t.Cleanup(func() {
    136. 

  136. 		c.RunDockerCmd(t, "rm", "--force", registryName)
    137. 

  137. 	})
    138. 

  138. 

  139. 	res := c.RunDockerComposeCmd(t, "-f", "./fixtures/publish/oci/compose.yaml", "-f", "./fixtures/publish/oci/compose-override.yaml",
    140. 

  140. 		"-p", projectName, "publish", "--with-env", "--yes", "--insecure-registry", registry+"/test:test")
    141. 

  141. 	res.Assert(t, icmd.Expected{ExitCode: 0})
    142. 

  142. 

  143. 	// docker exec -it compose-e2e-publish-registry tree /var/lib/registry/docker/registry/v2/
    144. 

  144. 

  145. 	cmd := c.NewDockerComposeCmd(t, "--verbose", "--project-name=oci",
    146. 

  146. 		"--insecure-registry", registry,
    147. 

  147. 		"-f", fmt.Sprintf("oci://%s/test:test", registry), "config")
    148. 

  148. 	res = icmd.RunCmd(cmd, func(cmd *icmd.Cmd) {
    149. 

  149. 		cmd.Env = append(cmd.Env, "XDG_CACHE_HOME="+t.TempDir())
    150. 

  150. 	})
    151. 

  151. 	res.Assert(t, icmd.Expected{ExitCode: 0})
    152. 

  152. 	assert.Equal(t, res.Stdout(), `name: oci
    153. 

  153. services:
    154. 

  154.   app:
    155. 

  155.     environment:
    156. 

  156.       HELLO: WORLD
    157. 

  157.     image: alpine
    158. 

  158.     networks:
    159. 

  159.       default: null
    160. 

  160. networks:
    161. 

  161.   default:
    162. 

  162.     name: oci_default
    163. 

  163. `)
    164. 

  164. }
    165.