From 08bc2b79f8ed74cabde5afa510f4f5a6b3050b81 Mon Sep 17 00:00:00 2001 From: ChengyuZhu6 Date: Tue, 6 Feb 2024 11:14:41 +0800 Subject: [PATCH] tests: add encrypted nydus image tests Add encrypted nydus image tests. Signed-off-by: ChengyuZhu6 --- .github/workflows/image_rs_build.yml | 9 +++++---- image-rs/src/pull.rs | 2 +- image-rs/tests/image_decryption.rs | 2 ++ 3 files changed, 8 insertions(+), 5 deletions(-) diff --git a/.github/workflows/image_rs_build.yml b/.github/workflows/image_rs_build.yml index 1d6cef243..d405d7a42 100644 --- a/.github/workflows/image_rs_build.yml +++ b/.github/workflows/image_rs_build.yml @@ -77,6 +77,7 @@ jobs: cargo clippy -p image-rs --all-targets --features=kata-cc-native-tls --no-default-features -- -D warnings cargo clippy -p image-rs --all-targets --features=enclave-cc-cckbc-native-tls --no-default-features -- -D warnings cargo clippy -p image-rs --all-targets --features=kata-cc-native-tls,signature-simple-xrss --no-default-features -- -D warnings + cargo clippy -p image-rs --all-targets --features=kata-cc-native-tls,nydus --no-default-features -- -D warnings - name: Run cargo build uses: actions-rs/cargo@v1 @@ -96,10 +97,6 @@ jobs: # - name: Run cargo test - kata-cc (native-tls version) with keywrap-grpc + keywrap-jwe # run: | # sudo -E PATH=$PATH -s cargo test -p image-rs --no-default-features --features=encryption-openssl,keywrap-grpc,snapshot-overlayfs,signature-cosign-native,signature-simple,getresource,oci-distribution/native-tls,keywrap-jwe - - - name: Run cargo test - nydus - run: | - sudo -E PATH=$PATH -s cargo test -p image-rs --features nydus - name: Run cargo test - kata-cc (rust-tls version) with keywrap-ttrpc (default) + keywrap-jwe run: | @@ -114,3 +111,7 @@ jobs: AUTH_PASSWORD: ${{ secrets.SH_ICR_API_KEY }} run: | sudo -E PATH=$PATH -s cargo test -p image-rs --no-default-features --features=kata-cc-native-tls,keywrap-jwe,signature-simple-xrss + + - name: Run cargo test - kata-cc (native-tls version) with keywrap-ttrpc (default) + keywrap-jwe + nydus + run: | + sudo -E PATH=$PATH -s cargo test -p image-rs --no-default-features --features=kata-cc-native-tls,keywrap-jwe,nydus \ No newline at end of file diff --git a/image-rs/src/pull.rs b/image-rs/src/pull.rs index 5bbb91329..91e601148 100644 --- a/image-rs/src/pull.rs +++ b/image-rs/src/pull.rs @@ -470,7 +470,7 @@ mod tests { for image_url in nydus_images.iter() { let tempdir = tempfile::tempdir().unwrap(); - let image = Reference::try_from((*image_url).clone()).expect("create reference failed"); + let image = Reference::try_from(*image_url).expect("create reference failed"); let mut client = PullClient::new( image, tempdir.path(), diff --git a/image-rs/tests/image_decryption.rs b/image-rs/tests/image_decryption.rs index d9e92a552..d1a448d1e 100644 --- a/image-rs/tests/image_decryption.rs +++ b/image-rs/tests/image_decryption.rs @@ -43,6 +43,8 @@ const OCICRYPT_CONFIG: &str = "test_data/ocicrypt_keyprovider_ttrpc.conf"; #[rstest::rstest] #[case("ghcr.io/confidential-containers/test-container:unencrypted")] #[case("ghcr.io/confidential-containers/test-container:encrypted")] +#[cfg(feature = "nydus")] +#[case("ghcr.io/chengyuzhu6/busybox:encrypted-nydus")] #[tokio::test] #[serial] async fn test_decrypt_layers(#[case] image: &str) {