mirror of
https://github.com/anchore/syft.git
synced 2025-11-17 16:33:21 +01:00
afc0c1acd9
Add source.NewFromRegistry function so that the syft attest command can always explicitly ask for an OCIRegistry provider rather than rely on local daemon detection for image sources. Attestation can not be used where local images loaded in a daemon are the source. Digest values for the layer identification step in attestation can sometimes vary across workstations. This fix makes it so that attest is generating an SBOM for, and attesting to, a source that exists in an OCI registry. It should never load a source from a local user docker/podman daemon. Signed-off-by: Christopher Phillips <christopher.phillips@anchore.com> Co-authored-by: Alex Goodman <alex.goodman@anchore.com>
61 lines
1.5 KiB
Go
61 lines
1.5 KiB
Go
package cli
|
|
|
|
import (
|
|
"strings"
|
|
"testing"
|
|
)
|
|
|
|
func TestAttestCmd(t *testing.T) {
|
|
img := "registry:busybox:latest"
|
|
tests := []struct {
|
|
name string
|
|
args []string
|
|
env map[string]string
|
|
assertions []traitAssertion
|
|
pw string
|
|
}{
|
|
{
|
|
name: "no-args-shows-help",
|
|
args: []string{"attest"},
|
|
assertions: []traitAssertion{
|
|
assertInOutput("an image/directory argument is required"), // specific error that should be shown
|
|
assertInOutput("from a container image as the predicate of an in-toto attestation"), // excerpt from help description
|
|
assertFailingReturnCode,
|
|
},
|
|
pw: "",
|
|
},
|
|
{
|
|
name: "can encode syft.json as the predicate given a password",
|
|
args: []string{"attest", "-o", "json", img},
|
|
assertions: []traitAssertion{
|
|
assertSuccessfulReturnCode,
|
|
},
|
|
pw: "test",
|
|
},
|
|
{
|
|
name: "can encode syft.json as the predicate given a blank password",
|
|
args: []string{"attest", "-o", "json", img},
|
|
assertions: []traitAssertion{
|
|
assertSuccessfulReturnCode,
|
|
},
|
|
pw: "",
|
|
},
|
|
}
|
|
|
|
for _, test := range tests {
|
|
t.Run(test.name, func(t *testing.T) {
|
|
cleanup := setupPKI(t, test.pw)
|
|
defer cleanup()
|
|
cmd, stdout, stderr := runSyft(t, test.env, test.args...)
|
|
for _, traitFn := range test.assertions {
|
|
traitFn(t, stdout, stderr, cmd.ProcessState.ExitCode())
|
|
}
|
|
if t.Failed() {
|
|
t.Log("STDOUT:\n", stdout)
|
|
t.Log("STDERR:\n", stderr)
|
|
t.Log("COMMAND:", strings.Join(cmd.Args, " "))
|
|
}
|
|
})
|
|
}
|
|
}
|