Skip to content

Commit

Permalink
feat: add notation config environment variable (notaryproject#821)
Browse files Browse the repository at this point in the history
Feat:
- added NOTATION_CONFIG and NOTATION_LIBEXEC environment variables

Test:
- notation sign with NOTATION_LIBEXEC locally
- notation verify with NOTATION_CONFIG locally

Resolves notaryproject#822 
Signed-off-by: Junjie Gao <[email protected]>

---------

Signed-off-by: Junjie Gao <[email protected]>
  • Loading branch information
JeyJeyGao authored Jan 3, 2024
1 parent 0f85752 commit 62587ae
Show file tree
Hide file tree
Showing 3 changed files with 67 additions and 0 deletions.
11 changes: 11 additions & 0 deletions cmd/notation/main.go
Original file line number Diff line number Diff line change
Expand Up @@ -16,6 +16,7 @@ package main
import (
"os"

"github.com/notaryproject/notation-go/dir"
"github.com/notaryproject/notation/cmd/notation/cert"
"github.com/notaryproject/notation/cmd/notation/plugin"
"github.com/notaryproject/notation/cmd/notation/policy"
Expand All @@ -32,6 +33,16 @@ func main() {
// to avoid leaking credentials
os.Unsetenv(defaultUsernameEnv)
os.Unsetenv(defaultPasswordEnv)

// update Notation config directory
if notationConfig := os.Getenv("NOTATION_CONFIG"); notationConfig != "" {
dir.UserConfigDir = notationConfig
}

// update Notation Libexec directory (for plugins)
if notationLibexec := os.Getenv("NOTATION_LIBEXEC"); notationLibexec != "" {
dir.UserLibexecDir = notationLibexec
}
},
}
cmd.AddCommand(
Expand Down
22 changes: 22 additions & 0 deletions test/e2e/suite/command/verify.go
Original file line number Diff line number Diff line change
Expand Up @@ -155,4 +155,26 @@ var _ = Describe("notation verify", func() {
NoMatchErrKeyWords(HTTPSRequest)
})
})

It("incorrect NOTATION_CONFIG path", func() {
Host(BaseOptions(), func(notation *utils.ExecOpts, artifact *Artifact, vhost *utils.VirtualHost) {
notation.Exec("sign", artifact.ReferenceWithDigest()).
MatchKeyWords(SignSuccessfully)

vhost.UpdateEnv(map[string]string{"NOTATION_CONFIG": "/not/exist"})
notation.ExpectFailure().Exec("verify", artifact.ReferenceWithDigest(), "-v").
MatchErrKeyWords("trust policy is not present")
})
})

It("correct NOTATION_CONFIG path", func() {
Host(BaseOptions(), func(notation *utils.ExecOpts, artifact *Artifact, vhost *utils.VirtualHost) {
notation.Exec("sign", artifact.ReferenceWithDigest()).
MatchKeyWords(SignSuccessfully)

vhost.UpdateEnv(map[string]string{"NOTATION_CONFIG": vhost.AbsolutePath(NotationDirName)})
notation.Exec("verify", artifact.ReferenceWithDigest(), "-v").
MatchKeyWords(VerifySuccessfully)
})
})
})
34 changes: 34 additions & 0 deletions test/e2e/suite/plugin/sign.go
Original file line number Diff line number Diff line change
Expand Up @@ -265,4 +265,38 @@ var _ = Describe("notation plugin sign", func() {
Expect(descriptors[0].Annotations).Should(HaveKeyWithValue("k1", "v1"))
})
})

It("incorrect NOTATION_LIBEXEC path", func() {
Host(BaseOptions(), func(notation *utils.ExecOpts, artifact *Artifact, vhost *utils.VirtualHost) {
// setup incorrect NOTATION_LIBEXEC path
vhost.SetOption(AddPlugin(NotationE2EPluginPath))
notation.Exec("key", "add", "plugin-key", "--id", "key1", "--plugin", "e2e-plugin",
"--plugin-config", string(CapabilityEnvelopeGenerator)+"=true",
"--plugin-config", TamperAnnotation+"=k1=v1").
MatchKeyWords("plugin-key")

vhost.UpdateEnv(map[string]string{"NOTATION_LIBEXEC": "/not/exist"})

// run signing
notation.ExpectFailure().Exec("sign", artifact.ReferenceWithDigest(), "--key", "plugin-key", "-d").
MatchErrKeyWords("no such file or directory")
})
})

It("correct NOTATION_LIBEXEC path", func() {
Host(BaseOptions(), func(notation *utils.ExecOpts, artifact *Artifact, vhost *utils.VirtualHost) {
// setup incorrect NOTATION_LIBEXEC path
vhost.SetOption(AddPlugin(NotationE2EPluginPath))
notation.Exec("key", "add", "plugin-key", "--id", "key1", "--plugin", "e2e-plugin",
"--plugin-config", string(CapabilityEnvelopeGenerator)+"=true",
"--plugin-config", TamperAnnotation+"=k1=v1").
MatchKeyWords("plugin-key")

vhost.UpdateEnv(map[string]string{"NOTATION_LIBEXEC": vhost.AbsolutePath(NotationDirName)})

// run signing
notation.Exec("sign", artifact.ReferenceWithDigest(), "--key", "plugin-key", "-d").
MatchKeyWords("Successfully signed")
})
})
})

0 comments on commit 62587ae

Please sign in to comment.