test: use a local registry for remote scanning (#7607)

Signed-off-by: knqyf263 <knqyf263@gmail.com>
2025-12-22 15:16:33 -08:00 · 2024-09-27 14:32:46 +04:00
parent a8fbe46119
commit 9baf658935
3 changed files with 47 additions and 439 deletions
--- a/integration/registry_test.go
+++ b/integration/registry_test.go
@@ -10,7 +10,6 @@ import (
 	"crypto/x509"
 	"encoding/json"
 	"fmt"
-	"github.com/aquasecurity/trivy/pkg/types"
 	"io"
 	"net/http"
 	"net/url"
@@ -18,6 +17,8 @@ import (
 	"path/filepath"
 	"testing"

+	"github.com/aquasecurity/trivy/pkg/types"
+
 	dockercontainer "github.com/docker/docker/api/types/container"
 	"github.com/docker/go-connections/nat"
 	"github.com/google/go-containerregistry/pkg/authn"
@@ -152,32 +153,59 @@ func TestRegistry(t *testing.T) {
 		name      string
 		imageName string
 		imageFile string
+		os        string
 		option    registryOption
 		golden    string
 		wantErr   string
 	}{
 		{
-			name:      "happy path with username/password",
+			name:      "authenticate with username/password",
 			imageName: "alpine:3.10",
 			imageFile: "testdata/fixtures/images/alpine-310.tar.gz",
+			os:        "alpine 3.10.2",
 			option: registryOption{
 				AuthURL:  authURL,
 				Username: authUsername,
 				Password: authPassword,
 			},
-			golden: "testdata/alpine-310-registry.json.golden",
+			golden: "testdata/alpine-310.json.golden",
 		},
 		{
-			name:      "happy path with registry token",
+			name:      "authenticate with registry token",
 			imageName: "alpine:3.10",
 			imageFile: "testdata/fixtures/images/alpine-310.tar.gz",
+			os:        "alpine 3.10.2",
 			option: registryOption{
 				AuthURL:       authURL,
 				Username:      authUsername,
 				Password:      authPassword,
 				RegistryToken: true,
 			},
-			golden: "testdata/alpine-310-registry.json.golden",
+			golden: "testdata/alpine-310.json.golden",
+		},
+		{
+			name:      "amazonlinux 2",
+			imageName: "amazonlinux:2",
+			imageFile: "testdata/fixtures/images/amazon-2.tar.gz",
+			os:        "amazon 2 (Karoo)",
+			option: registryOption{
+				AuthURL:  authURL,
+				Username: authUsername,
+				Password: authPassword,
+			},
+			golden: "testdata/amazon-2.json.golden",
+		},
+		{
+			name:      "debian buster",
+			imageName: "debian:buster",
+			imageFile: "testdata/fixtures/images/debian-buster.tar.gz",
+			os:        "debian 10.1",
+			option: registryOption{
+				AuthURL:  authURL,
+				Username: authUsername,
+				Password: authPassword,
+			},
+			golden: "testdata/debian-buster.json.golden",
 		},
 		{
 			name:      "sad path",
@@ -187,25 +215,25 @@ func TestRegistry(t *testing.T) {
 		},
 	}

-	for _, tc := range tests {
-		t.Run(tc.name, func(t *testing.T) {
-			s := fmt.Sprintf("%s/%s", registryURL.Host, tc.imageName)
+	for _, tt := range tests {
+		t.Run(tt.name, func(t *testing.T) {
+			s := fmt.Sprintf("%s/%s", registryURL.Host, tt.imageName)
 			imageRef, err := name.ParseReference(s)
 			require.NoError(t, err)

 			// Load a test image from the tar file, tag it and push to the test registry.
-			err = replicateImage(imageRef, tc.imageFile, auth)
+			err = replicateImage(imageRef, tt.imageFile, auth)
 			require.NoError(t, err)

-			osArgs, err := scan(t, imageRef, baseDir, tc.golden, tc.option)
+			osArgs, err := scan(t, imageRef, baseDir, tt.option)

 			// Run Trivy
-			runTest(t, osArgs, tc.golden, "", types.FormatJSON, runOptions{
-				wantErr: tc.wantErr,
-				override: overrideFuncs(overrideUID, func(t *testing.T, _, got *types.Report) {
-					got.ArtifactName = tc.imageName
-					for i := range got.Results {
-						got.Results[i].Target = fmt.Sprintf("%s (alpine 3.10.2)", tc.imageName)
+			runTest(t, osArgs, tt.golden, "", types.FormatJSON, runOptions{
+				wantErr: tt.wantErr,
+				override: overrideFuncs(overrideUID, func(t *testing.T, want, got *types.Report) {
+					want.ArtifactName = s
+					for i := range want.Results {
+						want.Results[i].Target = fmt.Sprintf("%s (%s)", s, tt.os)
 					}
 				}),
 			})
@@ -213,7 +241,7 @@ func TestRegistry(t *testing.T) {
 	}
 }

-func scan(t *testing.T, imageRef name.Reference, baseDir, goldenFile string, opt registryOption) ([]string, error) {
+func scan(t *testing.T, imageRef name.Reference, baseDir string, opt registryOption) ([]string, error) {
 	// Set up testing DB
 	cacheDir := initDB(t)

@@ -232,6 +260,8 @@ func scan(t *testing.T, imageRef name.Reference, baseDir, goldenFile string, opt
 		"image",
 		"--format",
 		"json",
+		"--image-src",
+		"remote",
 		"--skip-update",
 		imageRef.Name(),
 	}