test: use loaded image names (#7617)

Signed-off-by: knqyf263 <knqyf263@gmail.com>
aquasecurity · Oct 1, 2024 · d4edeb5 · d4edeb5
1 parent b836232
commit d4edeb5
Show file tree

Hide file tree

Showing 3 changed files with 178 additions and 188 deletions.
diff --git a/integration/docker_engine_test.go b/integration/docker_engine_test.go
@@ -1,19 +1,16 @@
 //go:build integration
-// +build integration
 
 package integration
 
 import (
 	"context"
-	"io"
 	"os"
 	"strings"
 	"testing"
 
+	"github.com/aquasecurity/trivy/internal/testutil"
 	"github.com/aquasecurity/trivy/pkg/types"
 
-	"github.com/docker/docker/api/types/image"
-	"github.com/docker/docker/client"
 	"github.com/stretchr/testify/require"
 )
 
@@ -23,7 +20,6 @@ func TestDockerEngine(t *testing.T) {
 	}
 	tests := []struct {
 		name          string
-		imageTag      string
 		invalidImage  bool
 		ignoreUnfixed bool
 		ignoreStatus  []string
@@ -34,24 +30,21 @@ func TestDockerEngine(t *testing.T) {
 		wantErr       string
 	}{
 		{
-			name:     "alpine:3.9",
-			imageTag: "ghcr.io/aquasecurity/trivy-test-images:alpine-39",
-			input:    "testdata/fixtures/images/alpine-39.tar.gz",
-			golden:   "testdata/alpine-39.json.golden",
+			name:   "alpine:3.9",
+			input:  "testdata/fixtures/images/alpine-39.tar.gz",
+			golden: "testdata/alpine-39.json.golden",
 		},
 		{
 			name: "alpine:3.9, with high and critical severity",
 			severity: []string{
 				"HIGH",
 				"CRITICAL",
 			},
-			imageTag: "ghcr.io/aquasecurity/trivy-test-images:alpine-39",
-			input:    "testdata/fixtures/images/alpine-39.tar.gz",
-			golden:   "testdata/alpine-39-high-critical.json.golden",
+			input:  "testdata/fixtures/images/alpine-39.tar.gz",
+			golden: "testdata/alpine-39-high-critical.json.golden",
 		},
 		{
-			name:     "alpine:3.9, with .trivyignore",
-			imageTag: "ghcr.io/aquasecurity/trivy-test-images:alpine-39",
+			name: "alpine:3.9, with .trivyignore",
 			ignoreIDs: []string{
 				"CVE-2019-1549",
 				"CVE-2019-14697",
@@ -60,167 +53,141 @@ func TestDockerEngine(t *testing.T) {
 			golden: "testdata/alpine-39-ignore-cveids.json.golden",
 		},
 		{
-			name:     "alpine:3.10",
-			imageTag: "ghcr.io/aquasecurity/trivy-test-images:alpine-310",
-			input:    "testdata/fixtures/images/alpine-310.tar.gz",
-			golden:   "testdata/alpine-310.json.golden",
+			name:   "alpine:3.10",
+			input:  "testdata/fixtures/images/alpine-310.tar.gz",
+			golden: "testdata/alpine-310.json.golden",
 		},
 		{
-			name:     "amazonlinux:1",
-			imageTag: "ghcr.io/aquasecurity/trivy-test-images:amazon-1",
-			input:    "testdata/fixtures/images/amazon-1.tar.gz",
-			golden:   "testdata/amazon-1.json.golden",
+			name:   "amazonlinux:1",
+			input:  "testdata/fixtures/images/amazon-1.tar.gz",
+			golden: "testdata/amazon-1.json.golden",
 		},
 		{
-			name:     "amazonlinux:2",
-			imageTag: "ghcr.io/aquasecurity/trivy-test-images:amazon-2",
-			input:    "testdata/fixtures/images/amazon-2.tar.gz",
-			golden:   "testdata/amazon-2.json.golden",
+			name:   "amazonlinux:2",
+			input:  "testdata/fixtures/images/amazon-2.tar.gz",
+			golden: "testdata/amazon-2.json.golden",
 		},
 		{
-			name:     "almalinux 8",
-			imageTag: "ghcr.io/aquasecurity/trivy-test-images:almalinux-8",
-			input:    "testdata/fixtures/images/almalinux-8.tar.gz",
-			golden:   "testdata/almalinux-8.json.golden",
+			name:   "almalinux 8",
+			input:  "testdata/fixtures/images/almalinux-8.tar.gz",
+			golden: "testdata/almalinux-8.json.golden",
 		},
 		{
-			name:     "rocky linux 8",
-			imageTag: "ghcr.io/aquasecurity/trivy-test-images:rockylinux-8",
-			input:    "testdata/fixtures/images/rockylinux-8.tar.gz",
-			golden:   "testdata/rockylinux-8.json.golden",
+			name:   "rocky linux 8",
+			input:  "testdata/fixtures/images/rockylinux-8.tar.gz",
+			golden: "testdata/rockylinux-8.json.golden",
 		},
 		{
-			name:     "centos 6",
-			imageTag: "ghcr.io/aquasecurity/trivy-test-images:centos-6",
-			input:    "testdata/fixtures/images/centos-6.tar.gz",
-			golden:   "testdata/centos-6.json.golden",
+			name:   "centos 6",
+			input:  "testdata/fixtures/images/centos-6.tar.gz",
+			golden: "testdata/centos-6.json.golden",
 		},
 		{
-			name:     "centos 7",
-			imageTag: "ghcr.io/aquasecurity/trivy-test-images:centos-7",
-			input:    "testdata/fixtures/images/centos-7.tar.gz",
-			golden:   "testdata/centos-7.json.golden",
+			name:   "centos 7",
+			input:  "testdata/fixtures/images/centos-7.tar.gz",
+			golden: "testdata/centos-7.json.golden",
 		},
 		{
 			name:          "centos 7, with --ignore-unfixed option",
-			imageTag:      "ghcr.io/aquasecurity/trivy-test-images:centos-7",
 			ignoreUnfixed: true,
 			input:         "testdata/fixtures/images/centos-7.tar.gz",
 			golden:        "testdata/centos-7-ignore-unfixed.json.golden",
 		},
 		{
 			name:         "centos 7, with --ignore-status option",
-			imageTag:     "ghcr.io/aquasecurity/trivy-test-images:centos-7",
 			ignoreStatus: []string{"will_not_fix"},
 			input:        "testdata/fixtures/images/centos-7.tar.gz",
 			golden:       "testdata/centos-7-ignore-unfixed.json.golden",
 		},
 		{
 			name:          "centos 7, with --ignore-unfixed option, with medium severity",
-			imageTag:      "ghcr.io/aquasecurity/trivy-test-images:centos-7",
 			ignoreUnfixed: true,
 			severity:      []string{"MEDIUM"},
 			input:         "testdata/fixtures/images/centos-7.tar.gz",
 			golden:        "testdata/centos-7-medium.json.golden",
 		},
 		{
-			name:     "registry.redhat.io/ubi7",
-			imageTag: "ghcr.io/aquasecurity/trivy-test-images:ubi-7",
-			input:    "testdata/fixtures/images/ubi-7.tar.gz",
-			golden:   "testdata/ubi-7.json.golden",
+			name:   "registry.redhat.io/ubi7",
+			input:  "testdata/fixtures/images/ubi-7.tar.gz",
+			golden: "testdata/ubi-7.json.golden",
 		},
 		{
-			name:     "debian buster/10",
-			imageTag: "ghcr.io/aquasecurity/trivy-test-images:debian-buster",
-			input:    "testdata/fixtures/images/debian-buster.tar.gz",
-			golden:   "testdata/debian-buster.json.golden",
+			name:   "debian buster/10",
+			input:  "testdata/fixtures/images/debian-buster.tar.gz",
+			golden: "testdata/debian-buster.json.golden",
 		},
 		{
 			name:          "debian buster/10, with --ignore-unfixed option",
 			ignoreUnfixed: true,
-			imageTag:      "ghcr.io/aquasecurity/trivy-test-images:debian-buster",
 			input:         "testdata/fixtures/images/debian-buster.tar.gz",
 			golden:        "testdata/debian-buster-ignore-unfixed.json.golden",
 		},
 		{
 			name:         "debian buster/10, with --ignore-status option",
 			ignoreStatus: []string{"affected"},
-			imageTag:     "ghcr.io/aquasecurity/trivy-test-images:debian-buster",
 			input:        "testdata/fixtures/images/debian-buster.tar.gz",
 			golden:       "testdata/debian-buster-ignore-unfixed.json.golden",
 		},
 		{
-			name:     "debian stretch/9",
-			imageTag: "ghcr.io/aquasecurity/trivy-test-images:debian-stretch",
-			input:    "testdata/fixtures/images/debian-stretch.tar.gz",
-			golden:   "testdata/debian-stretch.json.golden",
+			name:   "debian stretch/9",
+			input:  "testdata/fixtures/images/debian-stretch.tar.gz",
+			golden: "testdata/debian-stretch.json.golden",
 		},
 		{
-			name:     "distroless base",
-			imageTag: "ghcr.io/aquasecurity/trivy-test-images:distroless-base",
-			input:    "testdata/fixtures/images/distroless-base.tar.gz",
-			golden:   "testdata/distroless-base.json.golden",
+			name:   "distroless base",
+			input:  "testdata/fixtures/images/distroless-base.tar.gz",
+			golden: "testdata/distroless-base.json.golden",
 		},
 		{
-			name:     "distroless python2.7",
-			imageTag: "ghcr.io/aquasecurity/trivy-test-images:distroless-python27",
-			input:    "testdata/fixtures/images/distroless-python27.tar.gz",
-			golden:   "testdata/distroless-python27.json.golden",
+			name:   "distroless python2.7",
+			input:  "testdata/fixtures/images/distroless-python27.tar.gz",
+			golden: "testdata/distroless-python27.json.golden",
 		},
 		{
-			name:     "oracle linux 8",
-			imageTag: "ghcr.io/aquasecurity/trivy-test-images:oraclelinux-8",
-			input:    "testdata/fixtures/images/oraclelinux-8.tar.gz",
-			golden:   "testdata/oraclelinux-8.json.golden",
+			name:   "oracle linux 8",
+			input:  "testdata/fixtures/images/oraclelinux-8.tar.gz",
+			golden: "testdata/oraclelinux-8.json.golden",
 		},
 		{
-			name:     "ubuntu 18.04",
-			imageTag: "ghcr.io/aquasecurity/trivy-test-images:ubuntu-1804",
-			input:    "testdata/fixtures/images/ubuntu-1804.tar.gz",
-			golden:   "testdata/ubuntu-1804.json.golden",
+			name:   "ubuntu 18.04",
+			input:  "testdata/fixtures/images/ubuntu-1804.tar.gz",
+			golden: "testdata/ubuntu-1804.json.golden",
 		},
 		{
 			name:          "ubuntu 18.04, with --ignore-unfixed option",
-			imageTag:      "ghcr.io/aquasecurity/trivy-test-images:ubuntu-1804",
 			ignoreUnfixed: true,
 			input:         "testdata/fixtures/images/ubuntu-1804.tar.gz",
 			golden:        "testdata/ubuntu-1804-ignore-unfixed.json.golden",
 		},
 		{
-			name:     "opensuse leap 15.1",
-			imageTag: "ghcr.io/aquasecurity/trivy-test-images:opensuse-leap-151",
-			input:    "testdata/fixtures/images/opensuse-leap-151.tar.gz",
-			golden:   "testdata/opensuse-leap-151.json.golden",
+			name:   "opensuse leap 15.1",
+			input:  "testdata/fixtures/images/opensuse-leap-151.tar.gz",
+			golden: "testdata/opensuse-leap-151.json.golden",
 		},
 		{
-			name:     "opensuse tumbleweed",
-			imageTag: "ghcr.io/aquasecurity/trivy-test-images:opensuse-tumbleweed",
-			input:    "testdata/fixtures/images/opensuse-tumbleweed.tar.gz",
-			golden:   "testdata/opensuse-tumbleweed.json.golden",
+			name:   "opensuse tumbleweed",
+			input:  "testdata/fixtures/images/opensuse-tumbleweed.tar.gz",
+			golden: "testdata/opensuse-tumbleweed.json.golden",
 		},
 		{
-			name:     "sle micro rancher 5.4",
-			imageTag: "ghcr.io/aquasecurity/trivy-test-images:sle-micro-rancher-5.4_ndb",
-			input:    "testdata/fixtures/images/sle-micro-rancher-5.4_ndb.tar.gz",
-			golden:   "testdata/sl-micro-rancher5.4.json.golden",
+			name:   "sle micro rancher 5.4",
+			input:  "testdata/fixtures/images/sle-micro-rancher-5.4_ndb.tar.gz",
+			golden: "testdata/sl-micro-rancher5.4.json.golden",
 		},
 		{
-			name:     "photon 3.0",
-			imageTag: "ghcr.io/aquasecurity/trivy-test-images:photon-30",
-			input:    "testdata/fixtures/images/photon-30.tar.gz",
-			golden:   "testdata/photon-30.json.golden",
+			name:   "photon 3.0",
+			input:  "testdata/fixtures/images/photon-30.tar.gz",
+			golden: "testdata/photon-30.json.golden",
 		},
 		{
-			name:     "CBL-Mariner 1.0",
-			imageTag: "ghcr.io/aquasecurity/trivy-test-images:mariner-1.0",
-			input:    "testdata/fixtures/images/mariner-1.0.tar.gz",
-			golden:   "testdata/mariner-1.0.json.golden",
+			name:   "CBL-Mariner 1.0",
+			input:  "testdata/fixtures/images/mariner-1.0.tar.gz",
+			golden: "testdata/mariner-1.0.json.golden",
 		},
 		{
-			name:     "busybox with Cargo.lock",
-			imageTag: "ghcr.io/aquasecurity/trivy-test-images:busybox-with-lockfile",
-			input:    "testdata/fixtures/images/busybox-with-lockfile.tar.gz",
-			golden:   "testdata/busybox-with-lockfile.json.golden",
+			name:   "busybox with Cargo.lock",
+			input:  "testdata/fixtures/images/busybox-with-lockfile.tar.gz",
+			golden: "testdata/busybox-with-lockfile.json.golden",
 		},
 		{
 			name:         "sad path, invalid image",
@@ -239,44 +206,27 @@ func TestDockerEngine(t *testing.T) {
 	ctx := context.Background()
 	defer ctx.Done()
 
-	cli, err := client.NewClientWithOpts(client.FromEnv, client.WithAPIVersionNegotiation())
-	require.NoError(t, err)
+	cli := testutil.NewDockerClient(t)
 
 	for _, tt := range tests {
 		t.Run(tt.name, func(t *testing.T) {
 			if !tt.invalidImage {
 				testfile, err := os.Open(tt.input)
 				require.NoError(t, err, tt.name)
+				defer testfile.Close()
 
-				// ensure image doesnt already exists
-				_, _ = cli.ImageRemove(ctx, tt.input, image.RemoveOptions{
-					Force:         true,
-					PruneChildren: true,
-				})
+				// Ensure image doesn't already exist
+				cli.ImageRemove(t, ctx, tt.input)
 
-				// load image into docker engine
-				res, err := cli.ImageLoad(ctx, testfile, true)
-				require.NoError(t, err, tt.name)
-				if _, err := io.Copy(io.Discard, res.Body); err != nil {
-					require.NoError(t, err, tt.name)
-				}
-				defer res.Body.Close()
+				// Load image into docker engine
+				loadedImage := cli.ImageLoad(t, ctx, tt.input)
 
-				// tag our image to something unique
-				err = cli.ImageTag(ctx, tt.imageTag, tt.input)
+				// Tag our image to something unique
+				err = cli.ImageTag(ctx, loadedImage, tt.input)
 				require.NoError(t, err, tt.name)
 
-				// cleanup
-				t.Cleanup(func() {
-					_, _ = cli.ImageRemove(ctx, tt.input, image.RemoveOptions{
-						Force:         true,
-						PruneChildren: true,
-					})
-					_, _ = cli.ImageRemove(ctx, tt.imageTag, image.RemoveOptions{
-						Force:         true,
-						PruneChildren: true,
-					})
-				})
+				// Cleanup
+				t.Cleanup(func() { cli.ImageRemove(t, ctx, tt.input) })
 			}
 
 			osArgs := []string{
@@ -309,7 +259,7 @@ func TestDockerEngine(t *testing.T) {
 			}
 			if len(tt.ignoreIDs) != 0 {
 				trivyIgnore := ".trivyignore"
-				err = os.WriteFile(trivyIgnore, []byte(strings.Join(tt.ignoreIDs, "\n")), 0444)
+				err := os.WriteFile(trivyIgnore, []byte(strings.Join(tt.ignoreIDs, "\n")), 0444)
 				require.NoError(t, err, "failed to write .trivyignore")
 				defer os.Remove(trivyIgnore)
 			}
@@ -320,7 +270,8 @@ func TestDockerEngine(t *testing.T) {
 				wantErr: tt.wantErr,
 				// Container field was removed in Docker Engine v26.0
 				// cf. https://github.com/docker/cli/blob/v26.1.3/docs/deprecated.md#container-and-containerconfig-fields-in-image-inspect
-				override: overrideFuncs(overrideUID, func(t *testing.T, want, _ *types.Report) {
+				override: overrideFuncs(overrideUID, func(t *testing.T, want, got *types.Report) {
+					got.Metadata.ImageConfig.Container = ""
 					want.Metadata.ImageConfig.Container = ""
 				}),
 			})