quay/image/docker/test/test_schema1.py

import os
import hashlib
import json

import pytest

from image.docker.schema1 import MalformedSchema1Manifest, DockerSchema1Manifest

@pytest.mark.parametrize('json_data', [
  '',
  '{}',
  """
  {
    "unknown": "key"
  }
  """,
])
def test_malformed_manifests(json_data):
  with pytest.raises(MalformedSchema1Manifest):
    DockerSchema1Manifest(json_data)


MANIFEST_BYTES = json.dumps({
  "name": 'hello-world',
  "tag": "latest",
  "architecture": "amd64",
  "fsLayers": [
    {
      "blobSum": "sha256:cc8567d70002e957612902a8e985ea129d831ebe04057d88fb644857caa45d11"
    },
    {
      "blobSum": "sha256:5f70bf18a086007016e948b04aed3b82103a36bea41755b6cddfaf10ace3c6ef"
    }
  ],
  "history": [
    {
      "v1Compatibility": "{\"id\":\"someid\", \"parent\": \"anotherid\"}"
    },
    {
      "v1Compatibility": "{\"id\":\"anotherid\"}"
    },
  ],
  "schemaVersion": 1,
  "signatures": [
    {
      "header": {
        "jwk": {
          "crv": "P-256",
          "kid": "OD6I:6DRK:JXEJ:KBM4:255X:NSAA:MUSF:E4VM:ZI6W:CUN2:L4Z6:LSF4",
          "kty": "EC",
          "x": "3gAwX48IQ5oaYQAYSxor6rYYc_6yjuLCjtQ9LUakg4A",
          "y": "t72ge6kIA1XOjqjVoEOiPPAURltJFBMGDSQvEGVB010"
        },
        "alg": "ES256"
      },
      "signature": "XREm0L8WNn27Ga_iE_vRnTxVMhhYY0Zst_FfkKopg6gWSoTOZTuW4rK0fg_IqnKkEKlbD83tD46LKEGi5aIVFg",
      "protected": "eyJmb3JtYXRMZW5ndGgiOjY2MjgsImZvcm1hdFRhaWwiOiJDbjAiLCJ0aW1lIjoiMjAxNS0wNC0wOFQxODo1Mjo1OVoifQ"
    }
  ]
})


def test_valid_manifest():
  manifest = DockerSchema1Manifest(MANIFEST_BYTES, validate=False)
  assert len(manifest.signatures) == 1
  assert manifest.namespace == ''
  assert manifest.repo_name == 'hello-world'
  assert manifest.tag == 'latest'
  assert manifest.image_ids == {'someid', 'anotherid'}
  assert manifest.parent_image_ids == {'anotherid'}

  assert len(manifest.layers) == 2

  assert manifest.layers[0].v1_metadata.image_id == 'anotherid'
  assert manifest.layers[0].v1_metadata.parent_image_id is None

  assert manifest.layers[1].v1_metadata.image_id == 'someid'
  assert manifest.layers[1].v1_metadata.parent_image_id == 'anotherid'

  assert manifest.layers[0].compressed_size is None
  assert manifest.layers[1].compressed_size is None

  assert manifest.leaf_layer == manifest.layers[1]
  assert manifest.created_datetime is None

  unsigned = manifest.unsigned()
  assert unsigned.namespace == manifest.namespace
  assert unsigned.repo_name == manifest.repo_name
  assert unsigned.tag == manifest.tag
  assert unsigned.layers == manifest.layers
  assert unsigned.blob_digests == manifest.blob_digests
  assert unsigned.digest != manifest.digest


def test_validate_manifest():
  test_dir = os.path.dirname(os.path.abspath(__file__))
  with open(os.path.join(test_dir, 'validated_manifest.json'), 'r') as f:
    manifest_bytes = f.read()

  manifest = DockerSchema1Manifest(manifest_bytes, validate=True)
  digest = manifest.digest
  assert digest == 'sha256:b5dc4f63fdbd64f34f2314c0747ef81008f9fcddce4edfc3fd0e8ec8b358d571'
  assert manifest.created_datetime


def test_validate_manifest_with_unicode():
  test_dir = os.path.dirname(os.path.abspath(__file__))
  with open(os.path.join(test_dir, 'validated_manifest_with_unicode.json'), 'r') as f:
    manifest_bytes = f.read()

  manifest = DockerSchema1Manifest(manifest_bytes, validate=True)
  digest = manifest.digest
  assert digest == 'sha256:815ecf45716a96b19d54d911e6ace91f78bab26ca0dd299645d9995dacd9f1ef'
  assert manifest.created_datetime


def test_validate_manifest_with_unicode_encoded():
  test_dir = os.path.dirname(os.path.abspath(__file__))
  with open(os.path.join(test_dir, 'manifest_unicode_row.json'), 'r') as f:
    manifest_bytes = json.loads(f.read())[0]['json_data']

  manifest = DockerSchema1Manifest.for_latin1_bytes(manifest_bytes, validate=True)
  digest = manifest.digest
  assert digest == 'sha256:dde3714ce7e23edc6413aa85c0b42792e4f2f79e9ea36afc154d63ff3d04e86c'
  assert manifest.created_datetime