diff --git a/copy/manifest_test.go b/copy/manifest_test.go index ea7341ffa..d64a61300 100644 --- a/copy/manifest_test.go +++ b/copy/manifest_test.go @@ -7,6 +7,7 @@ import ( "testing" "github.com/containers/image/v5/docker/reference" + "github.com/containers/image/v5/internal/testing/mocks" "github.com/containers/image/v5/manifest" "github.com/containers/image/v5/types" v1 "github.com/opencontainers/image-spec/specs-go/v1" @@ -198,6 +199,20 @@ func TestDetermineManifestConversion(t *testing.T) { assert.Error(t, err) } +// fakeUnparsedImage is an implementation of types.UnparsedImage which only returns itself as a MIME type in Manifest, +// except that "" means “reading the manifest should fail” +type fakeUnparsedImage struct { + mocks.ForbiddenUnparsedImage + mt string +} + +func (f fakeUnparsedImage) Manifest(ctx context.Context) ([]byte, string, error) { + if f.mt == "" { + return nil, "", errors.New("Manifest() directed to fail") + } + return nil, f.mt, nil +} + func TestIsMultiImage(t *testing.T) { // MIME type is available; more or less a smoke test, other cases are handled in manifest.MIMETypeIsMultiImage for _, c := range []struct { @@ -209,14 +224,14 @@ func TestIsMultiImage(t *testing.T) { {v1.MediaTypeImageManifest, false}, {v1.MediaTypeImageIndex, true}, } { - src := fakeImageSource(c.mt) + src := fakeUnparsedImage{mocks.ForbiddenUnparsedImage{}, c.mt} res, err := isMultiImage(context.Background(), src) require.NoError(t, err) assert.Equal(t, c.expected, res, c.mt) } // Error getting manifest MIME type - src := fakeImageSource("") + src := fakeUnparsedImage{mocks.ForbiddenUnparsedImage{}, ""} _, err := isMultiImage(context.Background(), src) assert.Error(t, err) } diff --git a/internal/image/docker_schema2_test.go b/internal/image/docker_schema2_test.go index d78f5b486..b20c99d4b 100644 --- a/internal/image/docker_schema2_test.go +++ b/internal/image/docker_schema2_test.go @@ -12,6 +12,7 @@ import ( "time" "github.com/containers/image/v5/docker/reference" + "github.com/containers/image/v5/internal/testing/mocks" "github.com/containers/image/v5/manifest" "github.com/containers/image/v5/types" "github.com/opencontainers/go-digest" @@ -21,31 +22,6 @@ import ( "github.com/stretchr/testify/require" ) -// unusedImageSource is used when we don't expect the ImageSource to be used in our tests. -type unusedImageSource struct{} - -func (f unusedImageSource) Reference() types.ImageReference { - panic("Unexpected call to a mock function") -} -func (f unusedImageSource) Close() error { - panic("Unexpected call to a mock function") -} -func (f unusedImageSource) GetManifest(context.Context, *digest.Digest) ([]byte, string, error) { - panic("Unexpected call to a mock function") -} -func (f unusedImageSource) HasThreadSafeGetBlob() bool { - panic("Unexpected call to a mock function") -} -func (f unusedImageSource) GetBlob(context.Context, types.BlobInfo, types.BlobInfoCache) (io.ReadCloser, int64, error) { - panic("Unexpected call to a mock function") -} -func (f unusedImageSource) GetSignatures(context.Context, *digest.Digest) ([][]byte, error) { - panic("Unexpected call to a mock function") -} -func (f unusedImageSource) LayerInfosForCopy(context.Context, *digest.Digest) ([]types.BlobInfo, error) { - panic("Unexpected call to a mock function") -} - func manifestSchema2FromFixture(t *testing.T, src types.ImageSource, fixture string, mustFail bool) genericManifest { manifest, err := os.ReadFile(filepath.Join("fixtures", fixture)) require.NoError(t, err) @@ -96,7 +72,7 @@ func manifestSchema2FromComponentsLikeFixture(configBlob []byte) genericManifest func TestManifestSchema2FromManifest(t *testing.T) { // This just tests that the JSON can be loaded; we test that the parsed // values are correctly returned in tests for the individual getter methods. - _ = manifestSchema2FromFixture(t, unusedImageSource{}, "schema2.json", false) + _ = manifestSchema2FromFixture(t, mocks.ForbiddenImageSource{}, "schema2.json", false) _, err := manifestSchema2FromManifest(nil, []byte{}) assert.Error(t, err) @@ -110,7 +86,7 @@ func TestManifestSchema2FromComponents(t *testing.T) { func TestManifestSchema2Serialize(t *testing.T) { for _, m := range []genericManifest{ - manifestSchema2FromFixture(t, unusedImageSource{}, "schema2.json", false), + manifestSchema2FromFixture(t, mocks.ForbiddenImageSource{}, "schema2.json", false), manifestSchema2FromComponentsLikeFixture(nil), } { serialized, err := m.serialize() @@ -134,7 +110,7 @@ func TestManifestSchema2Serialize(t *testing.T) { func TestManifestSchema2ManifestMIMEType(t *testing.T) { for _, m := range []genericManifest{ - manifestSchema2FromFixture(t, unusedImageSource{}, "schema2.json", false), + manifestSchema2FromFixture(t, mocks.ForbiddenImageSource{}, "schema2.json", false), manifestSchema2FromComponentsLikeFixture(nil), } { assert.Equal(t, manifest.DockerV2Schema2MediaType, m.manifestMIMEType()) @@ -143,7 +119,7 @@ func TestManifestSchema2ManifestMIMEType(t *testing.T) { func TestManifestSchema2ConfigInfo(t *testing.T) { for _, m := range []genericManifest{ - manifestSchema2FromFixture(t, unusedImageSource{}, "schema2.json", false), + manifestSchema2FromFixture(t, mocks.ForbiddenImageSource{}, "schema2.json", false), manifestSchema2FromComponentsLikeFixture(nil), } { assert.Equal(t, types.BlobInfo{ @@ -156,8 +132,8 @@ func TestManifestSchema2ConfigInfo(t *testing.T) { // configBlobImageSource allows testing various GetBlob behaviors in .ConfigBlob() type configBlobImageSource struct { - unusedImageSource // We inherit almost all of the methods, which just panic() - f func(digest digest.Digest) (io.ReadCloser, int64, error) + mocks.ForbiddenImageSource // We inherit almost all of the methods, which just panic() + f func(digest digest.Digest) (io.ReadCloser, int64, error) } func (f configBlobImageSource) GetBlob(ctx context.Context, info types.BlobInfo, _ types.BlobInfoCache) (io.ReadCloser, int64, error) { @@ -197,7 +173,7 @@ func TestManifestSchema2ConfigBlob(t *testing.T) { } { var src types.ImageSource if c.cbISfn != nil { - src = configBlobImageSource{unusedImageSource{}, c.cbISfn} + src = configBlobImageSource{f: c.cbISfn} } else { src = nil } @@ -225,7 +201,7 @@ func TestManifestSchema2ConfigBlob(t *testing.T) { func TestManifestSchema2LayerInfo(t *testing.T) { for _, m := range []genericManifest{ - manifestSchema2FromFixture(t, unusedImageSource{}, "schema2.json", false), + manifestSchema2FromFixture(t, mocks.ForbiddenImageSource{}, "schema2.json", false), manifestSchema2FromComponentsLikeFixture(nil), } { assert.Equal(t, []types.BlobInfo{ @@ -260,7 +236,7 @@ func TestManifestSchema2LayerInfo(t *testing.T) { func TestManifestSchema2EmbeddedDockerReferenceConflicts(t *testing.T) { for _, m := range []genericManifest{ - manifestSchema2FromFixture(t, unusedImageSource{}, "schema2.json", false), + manifestSchema2FromFixture(t, mocks.ForbiddenImageSource{}, "schema2.json", false), manifestSchema2FromComponentsLikeFixture(nil), } { for _, name := range []string{"busybox", "example.com:5555/ns/repo:tag"} { @@ -316,7 +292,7 @@ func TestManifestSchema2Inspect(t *testing.T) { func TestManifestSchema2UpdatedImageNeedsLayerDiffIDs(t *testing.T) { for _, m := range []genericManifest{ - manifestSchema2FromFixture(t, unusedImageSource{}, "schema2.json", false), + manifestSchema2FromFixture(t, mocks.ForbiddenImageSource{}, "schema2.json", false), manifestSchema2FromComponentsLikeFixture(nil), } { assert.False(t, m.UpdatedImageNeedsLayerDiffIDs(types.ManifestUpdateOptions{ @@ -332,38 +308,17 @@ type schema2ImageSource struct { } func (s2is *schema2ImageSource) Reference() types.ImageReference { - return refImageReferenceMock{s2is.ref} + return refImageReferenceMock{ref: s2is.ref} } // refImageReferenceMock is a mock of types.ImageReference which returns itself in DockerReference. -type refImageReferenceMock struct{ reference.Named } - -func (ref refImageReferenceMock) Transport() types.ImageTransport { - panic("unexpected call to a mock function") -} -func (ref refImageReferenceMock) StringWithinTransport() string { - panic("unexpected call to a mock function") +type refImageReferenceMock struct { + mocks.ForbiddenImageReference // We inherit almost all of the methods, which just panic() + ref reference.Named } + func (ref refImageReferenceMock) DockerReference() reference.Named { - return ref.Named -} -func (ref refImageReferenceMock) PolicyConfigurationIdentity() string { - panic("unexpected call to a mock function") -} -func (ref refImageReferenceMock) PolicyConfigurationNamespaces() []string { - panic("unexpected call to a mock function") -} -func (ref refImageReferenceMock) NewImage(ctx context.Context, sys *types.SystemContext) (types.ImageCloser, error) { - panic("unexpected call to a mock function") -} -func (ref refImageReferenceMock) NewImageSource(ctx context.Context, sys *types.SystemContext) (types.ImageSource, error) { - panic("unexpected call to a mock function") -} -func (ref refImageReferenceMock) NewImageDestination(ctx context.Context, sys *types.SystemContext) (types.ImageDestination, error) { - panic("unexpected call to a mock function") -} -func (ref refImageReferenceMock) DeleteImage(ctx context.Context, sys *types.SystemContext) error { - panic("unexpected call to a mock function") + return ref.ref } func newSchema2ImageSource(t *testing.T, dockerRef string) *schema2ImageSource { @@ -389,7 +344,7 @@ type memoryImageDest struct { } func (d *memoryImageDest) Reference() types.ImageReference { - return refImageReferenceMock{d.ref} + return refImageReferenceMock{ref: d.ref} } func (d *memoryImageDest) Close() error { panic("Unexpected call to a mock function") diff --git a/internal/image/oci_test.go b/internal/image/oci_test.go index 5dca7a5fe..bd183f17c 100644 --- a/internal/image/oci_test.go +++ b/internal/image/oci_test.go @@ -11,6 +11,7 @@ import ( "time" "github.com/containers/image/v5/docker/reference" + "github.com/containers/image/v5/internal/testing/mocks" "github.com/containers/image/v5/manifest" "github.com/containers/image/v5/types" "github.com/opencontainers/go-digest" @@ -75,7 +76,7 @@ func manifestOCI1FromComponentsLikeFixture(configBlob []byte) genericManifest { func TestManifestOCI1FromManifest(t *testing.T) { // This just tests that the JSON can be loaded; we test that the parsed // values are correctly returned in tests for the individual getter methods. - _ = manifestOCI1FromFixture(t, unusedImageSource{}, "oci1.json") + _ = manifestOCI1FromFixture(t, mocks.ForbiddenImageSource{}, "oci1.json") _, err := manifestOCI1FromManifest(nil, []byte{}) assert.Error(t, err) @@ -89,7 +90,7 @@ func TestManifestOCI1FromComponents(t *testing.T) { func TestManifestOCI1Serialize(t *testing.T) { for _, m := range []genericManifest{ - manifestOCI1FromFixture(t, unusedImageSource{}, "oci1.json"), + manifestOCI1FromFixture(t, mocks.ForbiddenImageSource{}, "oci1.json"), manifestOCI1FromComponentsLikeFixture(nil), } { serialized, err := m.serialize() @@ -113,7 +114,7 @@ func TestManifestOCI1Serialize(t *testing.T) { func TestManifestOCI1ManifestMIMEType(t *testing.T) { for _, m := range []genericManifest{ - manifestOCI1FromFixture(t, unusedImageSource{}, "oci1.json"), + manifestOCI1FromFixture(t, mocks.ForbiddenImageSource{}, "oci1.json"), manifestOCI1FromComponentsLikeFixture(nil), } { assert.Equal(t, imgspecv1.MediaTypeImageManifest, m.manifestMIMEType()) @@ -122,7 +123,7 @@ func TestManifestOCI1ManifestMIMEType(t *testing.T) { func TestManifestOCI1ConfigInfo(t *testing.T) { for _, m := range []genericManifest{ - manifestOCI1FromFixture(t, unusedImageSource{}, "oci1.json"), + manifestOCI1FromFixture(t, mocks.ForbiddenImageSource{}, "oci1.json"), manifestOCI1FromComponentsLikeFixture(nil), } { assert.Equal(t, types.BlobInfo{ @@ -166,7 +167,7 @@ func TestManifestOCI1ConfigBlob(t *testing.T) { } { var src types.ImageSource if c.cbISfn != nil { - src = configBlobImageSource{unusedImageSource{}, c.cbISfn} + src = configBlobImageSource{f: c.cbISfn} } else { src = nil } @@ -194,7 +195,7 @@ func TestManifestOCI1ConfigBlob(t *testing.T) { func TestManifestOCI1LayerInfo(t *testing.T) { for _, m := range []genericManifest{ - manifestOCI1FromFixture(t, unusedImageSource{}, "oci1.json"), + manifestOCI1FromFixture(t, mocks.ForbiddenImageSource{}, "oci1.json"), manifestOCI1FromComponentsLikeFixture(nil), } { assert.Equal(t, []types.BlobInfo{ @@ -235,7 +236,7 @@ func TestManifestOCI1LayerInfo(t *testing.T) { func TestManifestOCI1EmbeddedDockerReferenceConflicts(t *testing.T) { for _, m := range []genericManifest{ - manifestOCI1FromFixture(t, unusedImageSource{}, "oci1.json"), + manifestOCI1FromFixture(t, mocks.ForbiddenImageSource{}, "oci1.json"), manifestOCI1FromComponentsLikeFixture(nil), } { for _, name := range []string{"busybox", "example.com:5555/ns/repo:tag"} { @@ -291,7 +292,7 @@ func TestManifestOCI1Inspect(t *testing.T) { func TestManifestOCI1UpdatedImageNeedsLayerDiffIDs(t *testing.T) { for _, m := range []genericManifest{ - manifestOCI1FromFixture(t, unusedImageSource{}, "oci1.json"), + manifestOCI1FromFixture(t, mocks.ForbiddenImageSource{}, "oci1.json"), manifestOCI1FromComponentsLikeFixture(nil), } { assert.False(t, m.UpdatedImageNeedsLayerDiffIDs(types.ManifestUpdateOptions{ @@ -307,7 +308,7 @@ type oci1ImageSource struct { } func (OCIis *oci1ImageSource) Reference() types.ImageReference { - return refImageReferenceMock{OCIis.ref} + return refImageReferenceMock{ref: OCIis.ref} } func newOCI1ImageSource(t *testing.T, dockerRef string) *oci1ImageSource { diff --git a/internal/testing/mocks/image_reference.go b/internal/testing/mocks/image_reference.go new file mode 100644 index 000000000..bf01d0047 --- /dev/null +++ b/internal/testing/mocks/image_reference.go @@ -0,0 +1,56 @@ +package mocks + +import ( + "context" + + "github.com/containers/image/v5/docker/reference" + "github.com/containers/image/v5/types" +) + +// ForbiddenImageReference is used when we don’t expect the ImageReference to be used in our tests. +type ForbiddenImageReference struct{} + +// Transport is a mock that panics. +func (ref ForbiddenImageReference) Transport() types.ImageTransport { + panic("unexpected call to a mock function") +} + +// StringWithinTransport is a mock that panics. +func (ref ForbiddenImageReference) StringWithinTransport() string { + panic("unexpected call to a mock function") +} + +// DockerReference is a mock that panics. +func (ref ForbiddenImageReference) DockerReference() reference.Named { + panic("unexpected call to a mock function") +} + +// PolicyConfigurationIdentity is a mock that panics. +func (ref ForbiddenImageReference) PolicyConfigurationIdentity() string { + panic("unexpected call to a mock function") +} + +// PolicyConfigurationNamespaces is a mock that panics. +func (ref ForbiddenImageReference) PolicyConfigurationNamespaces() []string { + panic("unexpected call to a mock function") +} + +// NewImage is a mock that panics. +func (ref ForbiddenImageReference) NewImage(ctx context.Context, sys *types.SystemContext) (types.ImageCloser, error) { + panic("unexpected call to a mock function") +} + +// NewImageSource is a mock that panics. +func (ref ForbiddenImageReference) NewImageSource(ctx context.Context, sys *types.SystemContext) (types.ImageSource, error) { + panic("unexpected call to a mock function") +} + +// NewImageDestination is a mock that panics. +func (ref ForbiddenImageReference) NewImageDestination(ctx context.Context, sys *types.SystemContext) (types.ImageDestination, error) { + panic("unexpected call to a mock function") +} + +// DeleteImage is a mock that panics. +func (ref ForbiddenImageReference) DeleteImage(ctx context.Context, sys *types.SystemContext) error { + panic("unexpected call to a mock function") +} diff --git a/internal/testing/mocks/image_source.go b/internal/testing/mocks/image_source.go new file mode 100644 index 000000000..754f5f176 --- /dev/null +++ b/internal/testing/mocks/image_source.go @@ -0,0 +1,47 @@ +package mocks + +import ( + "context" + "io" + + "github.com/containers/image/v5/types" + "github.com/opencontainers/go-digest" +) + +// ForbiddenImageSource is used when we don't expect the ImageSource to be used in our tests. +type ForbiddenImageSource struct{} + +// Reference is a mock that panics. +func (f ForbiddenImageSource) Reference() types.ImageReference { + panic("Unexpected call to a mock function") +} + +// Close is a mock that panics. +func (f ForbiddenImageSource) Close() error { + panic("Unexpected call to a mock function") +} + +// GetManifest is a mock that panics. +func (f ForbiddenImageSource) GetManifest(context.Context, *digest.Digest) ([]byte, string, error) { + panic("Unexpected call to a mock function") +} + +// GetBlob is a mock that panics. +func (f ForbiddenImageSource) GetBlob(context.Context, types.BlobInfo, types.BlobInfoCache) (io.ReadCloser, int64, error) { + panic("Unexpected call to a mock function") +} + +// HasThreadSafeGetBlob is a mock that panics. +func (f ForbiddenImageSource) HasThreadSafeGetBlob() bool { + panic("Unexpected call to a mock function") +} + +// GetSignatures is a mock that panics. +func (f ForbiddenImageSource) GetSignatures(context.Context, *digest.Digest) ([][]byte, error) { + panic("Unexpected call to a mock function") +} + +// LayerInfosForCopy is a mock that panics. +func (f ForbiddenImageSource) LayerInfosForCopy(context.Context, *digest.Digest) ([]types.BlobInfo, error) { + panic("Unexpected call to a mock function") +} diff --git a/internal/testing/mocks/imagetransport.go b/internal/testing/mocks/image_transport.go similarity index 100% rename from internal/testing/mocks/imagetransport.go rename to internal/testing/mocks/image_transport.go diff --git a/internal/testing/mocks/unparsed_image.go b/internal/testing/mocks/unparsed_image.go new file mode 100644 index 000000000..69551ec57 --- /dev/null +++ b/internal/testing/mocks/unparsed_image.go @@ -0,0 +1,25 @@ +package mocks + +import ( + "context" + + "github.com/containers/image/v5/types" +) + +// ForbiddenUnparsedImage is used when we don't expect the UnparsedImage to be used in our tests. +type ForbiddenUnparsedImage struct{} + +// Reference is a mock that panics. +func (ref ForbiddenUnparsedImage) Reference() types.ImageReference { + panic("unexpected call to a mock function") +} + +// Manifest is a mock that panics. +func (ref ForbiddenUnparsedImage) Manifest(ctx context.Context) ([]byte, string, error) { + panic("unexpected call to a mock function") +} + +// Signatures is a mock that panics. +func (ref ForbiddenUnparsedImage) Signatures(context.Context) ([][]byte, error) { + panic("unexpected call to a mock function") +} diff --git a/signature/policy_eval_signedby_test.go b/signature/policy_eval_signedby_test.go index bc72f1bcd..f6efefda4 100644 --- a/signature/policy_eval_signedby_test.go +++ b/signature/policy_eval_signedby_test.go @@ -18,7 +18,7 @@ import ( func dirImageMock(t *testing.T, dir, dockerReference string) types.UnparsedImage { ref, err := reference.ParseNormalizedNamed(dockerReference) require.NoError(t, err) - return dirImageMockWithRef(t, dir, refImageReferenceMock{ref}) + return dirImageMockWithRef(t, dir, refImageReferenceMock{ref: ref}) } // dirImageMockWithRef returns a types.UnparsedImage for a directory, claiming a specified ref. diff --git a/signature/policy_eval_simple_test.go b/signature/policy_eval_simple_test.go index 1d0c790ae..e2bce36b9 100644 --- a/signature/policy_eval_simple_test.go +++ b/signature/policy_eval_simple_test.go @@ -4,49 +4,30 @@ import ( "context" "testing" - "github.com/containers/image/v5/docker/reference" "github.com/containers/image/v5/internal/testing/mocks" "github.com/containers/image/v5/types" ) // nameOnlyImageMock is a mock of types.UnparsedImage which only allows transports.ImageName to work type nameOnlyImageMock struct { - forbiddenImageMock + mocks.ForbiddenUnparsedImage } func (nameOnlyImageMock) Reference() types.ImageReference { - return nameOnlyImageReferenceMock("== StringWithinTransport mock") + return nameOnlyImageReferenceMock{s: "== StringWithinTransport mock"} } // nameOnlyImageReferenceMock is a mock of types.ImageReference which only allows transports.ImageName to work, returning self. -type nameOnlyImageReferenceMock string +type nameOnlyImageReferenceMock struct { + mocks.ForbiddenImageReference + s string +} func (ref nameOnlyImageReferenceMock) Transport() types.ImageTransport { return mocks.NameImageTransport("== Transport mock") } func (ref nameOnlyImageReferenceMock) StringWithinTransport() string { - return string(ref) -} -func (ref nameOnlyImageReferenceMock) DockerReference() reference.Named { - panic("unexpected call to a mock function") -} -func (ref nameOnlyImageReferenceMock) PolicyConfigurationIdentity() string { - panic("unexpected call to a mock function") -} -func (ref nameOnlyImageReferenceMock) PolicyConfigurationNamespaces() []string { - panic("unexpected call to a mock function") -} -func (ref nameOnlyImageReferenceMock) NewImage(ctx context.Context, sys *types.SystemContext) (types.ImageCloser, error) { - panic("unexpected call to a mock function") -} -func (ref nameOnlyImageReferenceMock) NewImageSource(ctx context.Context, sys *types.SystemContext) (types.ImageSource, error) { - panic("unexpected call to a mock function") -} -func (ref nameOnlyImageReferenceMock) NewImageDestination(ctx context.Context, sys *types.SystemContext) (types.ImageDestination, error) { - panic("unexpected call to a mock function") -} -func (ref nameOnlyImageReferenceMock) DeleteImage(ctx context.Context, sys *types.SystemContext) error { - panic("unexpected call to a mock function") + return ref.s } func TestPRInsecureAcceptAnythingIsSignatureAuthorAccepted(t *testing.T) { diff --git a/signature/policy_eval_test.go b/signature/policy_eval_test.go index db86f6f5a..981978471 100644 --- a/signature/policy_eval_test.go +++ b/signature/policy_eval_test.go @@ -69,6 +69,7 @@ func TestPolicyContextNewDestroy(t *testing.T) { // pcImageReferenceMock is a mock of types.ImageReference which returns itself in DockerReference // and handles PolicyConfigurationIdentity and PolicyConfigurationReference consistently. type pcImageReferenceMock struct { + mocks.ForbiddenImageReference transportName string ref reference.Named } @@ -96,18 +97,6 @@ func (ref pcImageReferenceMock) PolicyConfigurationNamespaces() []string { } return policyconfiguration.DockerReferenceNamespaces(ref.ref) } -func (ref pcImageReferenceMock) NewImage(ctx context.Context, sys *types.SystemContext) (types.ImageCloser, error) { - panic("unexpected call to a mock function") -} -func (ref pcImageReferenceMock) NewImageSource(ctx context.Context, sys *types.SystemContext) (types.ImageSource, error) { - panic("unexpected call to a mock function") -} -func (ref pcImageReferenceMock) NewImageDestination(ctx context.Context, sys *types.SystemContext) (types.ImageDestination, error) { - panic("unexpected call to a mock function") -} -func (ref pcImageReferenceMock) DeleteImage(ctx context.Context, sys *types.SystemContext) error { - panic("unexpected call to a mock function") -} func TestPolicyContextRequirementsForImageRefNotRegisteredTransport(t *testing.T) { transports.Delete("docker") @@ -134,7 +123,7 @@ func TestPolicyContextRequirementsForImageRefNotRegisteredTransport(t *testing.T require.NoError(t, err) ref, err := reference.ParseNormalizedNamed("registry.access.redhat.com/rhel7:latest") require.NoError(t, err) - reqs := pc.requirementsForImageRef(pcImageReferenceMock{"docker", ref}) + reqs := pc.requirementsForImageRef(pcImageReferenceMock{transportName: "docker", ref: ref}) assert.True(t, &(reqs[0]) == &(pr[0])) assert.True(t, len(reqs) == len(pr)) @@ -203,7 +192,7 @@ func TestPolicyContextRequirementsForImageRef(t *testing.T) { ref, err := reference.ParseNormalizedNamed(c.input) require.NoError(t, err) - reqs := pc.requirementsForImageRef(pcImageReferenceMock{c.inputTransport, ref}) + reqs := pc.requirementsForImageRef(pcImageReferenceMock{transportName: c.inputTransport, ref: ref}) comment := fmt.Sprintf("case %s:%s: %#v", c.inputTransport, c.input, reqs[0]) // Do not use assert.Equal, which would do a deep contents comparison; we want to compare // the pointers. Also, == does not work on slices; so test that the slices start at the @@ -217,7 +206,7 @@ func TestPolicyContextRequirementsForImageRef(t *testing.T) { func pcImageMock(t *testing.T, dir, dockerReference string) types.UnparsedImage { ref, err := reference.ParseNormalizedNamed(dockerReference) require.NoError(t, err) - return dirImageMockWithRef(t, dir, pcImageReferenceMock{"docker", ref}) + return dirImageMockWithRef(t, dir, pcImageReferenceMock{transportName: "docker", ref: ref}) } func TestPolicyContextGetSignaturesWithAcceptedAuthor(t *testing.T) { diff --git a/signature/policy_reference_match_test.go b/signature/policy_reference_match_test.go index a610911bf..92fb227a6 100644 --- a/signature/policy_reference_match_test.go +++ b/signature/policy_reference_match_test.go @@ -1,7 +1,6 @@ package signature import ( - "context" "fmt" "testing" @@ -29,13 +28,13 @@ func TestParseImageAndDockerReference(t *testing.T) { // Success ref, err := reference.ParseNormalizedNamed(ok1) require.NoError(t, err) - r1, r2, err := parseImageAndDockerReference(refImageMock{ref}, ok2) + r1, r2, err := parseImageAndDockerReference(refImageMock{ref: ref}, ok2) require.NoError(t, err) assert.Equal(t, ok1, reference.FamiliarString(r1)) assert.Equal(t, ok2, reference.FamiliarString(r2)) // Unidentified images are rejected. - _, _, err = parseImageAndDockerReference(refImageMock{nil}, ok2) + _, _, err = parseImageAndDockerReference(refImageMock{ref: nil}, ok2) require.Error(t, err) assert.IsType(t, PolicyRequirementError(""), err) @@ -47,68 +46,44 @@ func TestParseImageAndDockerReference(t *testing.T) { } { ref, err := reference.ParseNormalizedNamed(refs[0]) if err == nil { - _, _, err := parseImageAndDockerReference(refImageMock{ref}, refs[1]) + _, _, err := parseImageAndDockerReference(refImageMock{ref: ref}, refs[1]) assert.Error(t, err) } } } // refImageMock is a mock of types.UnparsedImage which returns itself in Reference().DockerReference. -type refImageMock struct{ reference.Named } +type refImageMock struct { + mocks.ForbiddenUnparsedImage + ref reference.Named +} func (ref refImageMock) Reference() types.ImageReference { - return refImageReferenceMock(ref) -} -func (ref refImageMock) Close() error { - panic("unexpected call to a mock function") -} -func (ref refImageMock) Manifest(ctx context.Context) ([]byte, string, error) { - panic("unexpected call to a mock function") -} -func (ref refImageMock) Signatures(context.Context) ([][]byte, error) { - panic("unexpected call to a mock function") -} -func (ref refImageMock) LayerInfosForCopy(ctx context.Context) ([]types.BlobInfo, error) { - panic("unexpected call to a mock function") + return refImageReferenceMock{ref: ref.ref} } // refImageReferenceMock is a mock of types.ImageReference which returns itself in DockerReference. -type refImageReferenceMock struct{ reference.Named } +type refImageReferenceMock struct { + mocks.ForbiddenImageReference + ref reference.Named +} func (ref refImageReferenceMock) Transport() types.ImageTransport { // We use this in error messages, so sady we must return something. But right now we do so only when DockerReference is nil, so restrict to that. - if ref.Named == nil { + if ref.ref == nil { return mocks.NameImageTransport("== Transport mock") } panic("unexpected call to a mock function") } func (ref refImageReferenceMock) StringWithinTransport() string { // We use this in error messages, so sadly we must return something. But right now we do so only when DockerReference is nil, so restrict to that. - if ref.Named == nil { + if ref.ref == nil { return "== StringWithinTransport for an image with no Docker support" } panic("unexpected call to a mock function") } func (ref refImageReferenceMock) DockerReference() reference.Named { - return ref.Named -} -func (ref refImageReferenceMock) PolicyConfigurationIdentity() string { - panic("unexpected call to a mock function") -} -func (ref refImageReferenceMock) PolicyConfigurationNamespaces() []string { - panic("unexpected call to a mock function") -} -func (ref refImageReferenceMock) NewImage(ctx context.Context, sys *types.SystemContext) (types.ImageCloser, error) { - panic("unexpected call to a mock function") -} -func (ref refImageReferenceMock) NewImageSource(ctx context.Context, sys *types.SystemContext) (types.ImageSource, error) { - panic("unexpected call to a mock function") -} -func (ref refImageReferenceMock) NewImageDestination(ctx context.Context, sys *types.SystemContext) (types.ImageDestination, error) { - panic("unexpected call to a mock function") -} -func (ref refImageReferenceMock) DeleteImage(ctx context.Context, sys *types.SystemContext) error { - panic("unexpected call to a mock function") + return ref.ref } type prmSymmetricTableTest struct { @@ -233,7 +208,7 @@ func testImageAndSig(t *testing.T, prm PolicyReferenceMatch, imageRef, sigRef st // and therefore values refused by reference.ParseNormalizedNamed can not happen in practice. parsedImageRef, err := reference.ParseNormalizedNamed(imageRef) require.NoError(t, err) - res := prm.matchesDockerReference(refImageMock{parsedImageRef}, sigRef) + res := prm.matchesDockerReference(refImageMock{ref: parsedImageRef}, sigRef) assert.Equal(t, result, res, fmt.Sprintf("%s vs. %s", imageRef, sigRef)) } @@ -297,7 +272,7 @@ func TestPRMMatchExactMatchesDockerReference(t *testing.T) { testPossiblyInvalidImageAndSig(t, prm, test.refB, test.refA, test.result) } // Even if they are signed with an empty string as a reference, unidentified images are rejected. - res := prm.matchesDockerReference(refImageMock{nil}, "") + res := prm.matchesDockerReference(refImageMock{ref: nil}, "") assert.False(t, res, `unidentified vs. ""`) } @@ -333,7 +308,7 @@ func TestPRMMatchRepositoryMatchesDockerReference(t *testing.T) { testPossiblyInvalidImageAndSig(t, prm, test.refB, test.refA, test.result) } // Even if they are signed with an empty string as a reference, unidentified images are rejected. - res := prm.matchesDockerReference(refImageMock{nil}, "") + res := prm.matchesDockerReference(refImageMock{ref: nil}, "") assert.False(t, res, `unidentified vs. ""`) } @@ -362,28 +337,9 @@ func TestParseDockerReferences(t *testing.T) { } } -// forbiddenImageMock is a mock of types.UnparsedImage which ensures Reference is not called -type forbiddenImageMock struct{} - -func (ref forbiddenImageMock) Reference() types.ImageReference { - panic("unexpected call to a mock function") -} -func (ref forbiddenImageMock) Close() error { - panic("unexpected call to a mock function") -} -func (ref forbiddenImageMock) Manifest(ctx context.Context) ([]byte, string, error) { - panic("unexpected call to a mock function") -} -func (ref forbiddenImageMock) Signatures(context.Context) ([][]byte, error) { - panic("unexpected call to a mock function") -} -func (ref forbiddenImageMock) LayerInfosForCopy(ctx context.Context) ([]types.BlobInfo, error) { - panic("unexpected call to a mock function") -} - func testExactPRMAndSig(t *testing.T, prmFactory func(string) PolicyReferenceMatch, imageRef, sigRef string, result bool) { prm := prmFactory(imageRef) - res := prm.matchesDockerReference(forbiddenImageMock{}, sigRef) + res := prm.matchesDockerReference(mocks.ForbiddenUnparsedImage{}, sigRef) assert.Equal(t, result, res, fmt.Sprintf("%s vs. %s", imageRef, sigRef)) } @@ -577,7 +533,7 @@ func TestPRMRemapIdentityMatchesDockerReference(t *testing.T) { // Even if they are signed with an empty string as a reference, unidentified images are rejected. prm, err := NewPRMRemapIdentity("docker.io", "docker.io") require.NoError(t, err) - res := prm.matchesDockerReference(refImageMock{nil}, "") + res := prm.matchesDockerReference(refImageMock{ref: nil}, "") assert.False(t, res, `unidentified vs. ""`) // Verify that the behavior is otherwise the same as for prmMatchRepoDigestOrExact: