From 1e610623644eaff3099f5095645e1b1e62917b9e Mon Sep 17 00:00:00 2001 From: Colleen Murphy Date: Thu, 25 Jan 2024 16:17:08 -0800 Subject: [PATCH] Set rekor env variable in Go test suite Move the setting of SIGSTORE_REKOR_PUBLIC_KEY from the e2e shell script to the Go test suite, so that only the tests that need it have it set and the shell script is doing less setup. Also remove unnecessary instances of os.RemoveAll for temporary directories that the Go testing framework will automatically clean up. Signed-off-by: Colleen Murphy --- test/e2e_test.go | 48 +++++++++++++++++++++++++++++++----------------- test/e2e_test.sh | 3 --- 2 files changed, 31 insertions(+), 20 deletions(-) diff --git a/test/e2e_test.go b/test/e2e_test.go index c67049c61e88..eea0b830015d 100644 --- a/test/e2e_test.go +++ b/test/e2e_test.go @@ -1168,6 +1168,12 @@ func TestRFC3161Timestamp(t *testing.T) { } func TestRekorBundleAndRFC3161Timestamp(t *testing.T) { + td := t.TempDir() + err := downloadAndSetEnv(t, rekorURL+"/api/v1/log/publicKey", env.VariableSigstoreRekorPublicKey.String(), td) + if err != nil { + t.Fatal(err) + } + // TSA server needed to create timestamp viper.Set("timestamp-signer", "memory") viper.Set("timestamp-signer-hash", "sha256") @@ -1197,7 +1203,6 @@ func TestRekorBundleAndRFC3161Timestamp(t *testing.T) { repo, stop := reg(t) defer stop() - td := t.TempDir() imgName := path.Join(repo, "cosign-e2e") @@ -1373,13 +1378,14 @@ func TestMultipleSignatures(t *testing.T) { } func TestSignBlob(t *testing.T) { + td := t.TempDir() + err := downloadAndSetEnv(t, rekorURL+"/api/v1/log/publicKey", env.VariableSigstoreRekorPublicKey.String(), td) + if err != nil { + t.Fatal(err) + } blob := "someblob" td1 := t.TempDir() td2 := t.TempDir() - t.Cleanup(func() { - os.RemoveAll(td1) - os.RemoveAll(td2) - }) bp := filepath.Join(td1, blob) if err := os.WriteFile(bp, []byte(blob), 0644); err != nil { @@ -1430,9 +1436,6 @@ func TestSignBlob(t *testing.T) { func TestSignBlobBundle(t *testing.T) { blob := "someblob" td1 := t.TempDir() - t.Cleanup(func() { - os.RemoveAll(td1) - }) bp := filepath.Join(td1, blob) bundlePath := filepath.Join(td1, "bundle.sig") @@ -1440,6 +1443,11 @@ func TestSignBlobBundle(t *testing.T) { t.Fatal(err) } + err := downloadAndSetEnv(t, rekorURL+"/api/v1/log/publicKey", env.VariableSigstoreRekorPublicKey.String(), td1) + if err != nil { + t.Fatal(err) + } + _, privKeyPath1, pubKeyPath1 := keypair(t, td1) ctx := context.Background() @@ -1481,6 +1489,11 @@ func TestSignBlobBundle(t *testing.T) { } func TestSignBlobRFC3161TimestampBundle(t *testing.T) { + td := t.TempDir() + err := downloadAndSetEnv(t, rekorURL+"/api/v1/log/publicKey", env.VariableSigstoreRekorPublicKey.String(), td) + if err != nil { + t.Fatal(err) + } // TSA server needed to create timestamp viper.Set("timestamp-signer", "memory") viper.Set("timestamp-signer-hash", "sha256") @@ -1489,13 +1502,9 @@ func TestSignBlobRFC3161TimestampBundle(t *testing.T) { t.Cleanup(server.Close) blob := "someblob" - td1 := t.TempDir() - t.Cleanup(func() { - os.RemoveAll(td1) - }) - bp := filepath.Join(td1, blob) - bundlePath := filepath.Join(td1, "bundle.sig") - tsPath := filepath.Join(td1, "rfc3161Timestamp.json") + bp := filepath.Join(td, blob) + bundlePath := filepath.Join(td, "bundle.sig") + tsPath := filepath.Join(td, "rfc3161Timestamp.json") if err := os.WriteFile(bp, []byte(blob), 0644); err != nil { t.Fatal(err) @@ -1521,7 +1530,7 @@ func TestSignBlobRFC3161TimestampBundle(t *testing.T) { t.Fatalf("error writing chain payload to temp file: %v", err) } - _, privKeyPath1, pubKeyPath1 := keypair(t, td1) + _, privKeyPath1, pubKeyPath1 := keypair(t, td) ctx := context.Background() @@ -2461,9 +2470,14 @@ func TestAttestBlobSignVerify(t *testing.T) { } func TestOffline(t *testing.T) { + td := t.TempDir() + err := downloadAndSetEnv(t, rekorURL+"/api/v1/log/publicKey", env.VariableSigstoreRekorPublicKey.String(), td) + if err != nil { + t.Fatal(err) + } + regName, stop := reg(t) defer stop() - td := t.TempDir() img1 := path.Join(regName, "cosign-e2e") diff --git a/test/e2e_test.sh b/test/e2e_test.sh index 9952d8b06472..3c60c76da5e0 100755 --- a/test/e2e_test.sh +++ b/test/e2e_test.sh @@ -86,9 +86,6 @@ cleanup_services() { } trap cleanup_services EXIT -curl http://127.0.0.1:3000/api/v1/log/publicKey > rekor.pub -export SIGSTORE_REKOR_PUBLIC_KEY=$(pwd)/rekor.pub - echo echo "running tests"