Add test for prevention of reusing encrypted layers

This fix modifies the test "commit oci encrypt to registry" to verify that encrypted layers are not reused for a non-encrypted image. see: containers/image#1533 Signed-off-by: Hironori Shiina <shiina.hironori@jp.fujitsu.com>
hshiina · May 4, 2022 · 5a9ba0c · 5a9ba0c
1 parent 83e455f
commit 5a9ba0c
Showing 1 changed file with 4 additions and 0 deletions.
diff --git a/tests/commit.bats b/tests/commit.bats
@@ -229,6 +229,10 @@ load helpers
   # this test, just checks the ability to commit an image to a registry
   # there is no good way to test the details of the image unless with ./buildah pull, test will be in pull.bats
   rm -rf ${TEST_SCRATCH_DIR}/tmp
+
+  # verify that encrypted layers are not cached or reused for an non-encrypted image (See containers/image#1533)
+  run_buildah commit --iidfile /dev/null --tls-verify=false --creds testuser:testpassword $WITH_POLICY_JSON -q $cid docker://localhost:${REGISTRY_PORT}/buildah/busybox_not_encrypted:latest
+  run_buildah from $WITH_POLICY_JSON --tls-verify=false --creds testuser:testpassword docker://localhost:${REGISTRY_PORT}/buildah/busybox_not_encrypted:latest
 }
 
 @test "commit omit-timestamp" {