image-rs: fix integration test

Signed-off-by: Xynnn007 <[email protected]>

image-rs/tests/common/mod.rs

@@ -5,7 +5,6 @@
 //
 
 use anyhow::Result;
-use image_rs::image::IMAGE_SECURITY_CONFIG_DIR;
 use std::path::Path;
 use tokio::process::{Child, Command};
 
@@ -123,11 +122,3 @@ pub fn umount_bundle(bundle_dir: &tempfile::TempDir) {
     let rootfs_path = bundle_dir.path().join("rootfs");
     nix::mount::umount(&rootfs_path).expect("failed to umount rootfs");
 }
-
-pub async fn clean_configs() -> Result<()> {
-    if Path::new(IMAGE_SECURITY_CONFIG_DIR).exists() {
-        tokio::fs::remove_dir_all(IMAGE_SECURITY_CONFIG_DIR).await?;
-    }
-
-    Ok(())
-}

image-rs/tests/credential.rs

@@ -6,7 +6,7 @@
 pub mod common;
 
 #[cfg(all(
-    feature = "getresource",
+    feature = "kbs",
     any(feature = "keywrap-ttrpc", feature = "keywrap-grpc")
 ))]
 #[rstest::rstest]
@@ -22,23 +22,16 @@ async fn test_use_credential(#[case] image_ref: &str, #[case] auth_file_uri: &st
         .await
         .expect("Failed to start confidential data hub!");
 
-    // clean former test files, which is needed to prevent
-    // lint from warning dead code.
-    common::clean_configs()
-        .await
-        .expect("Delete configs failed.");
-
     let work_dir = tempfile::tempdir().unwrap();
 
     // a new client for every pulling, avoid effection
     // of cache of old client.
-    let mut image_client = image_rs::image::ImageClient::new(work_dir.path().to_path_buf());
-
-    // enable container auth
-    image_client.config.auth = true;
-
-    // set credential file uri
-    image_client.config.file_paths.auth_file = auth_file_uri.into();
+    let mut image_client = image_rs::builder::ClientBuilder::default()
+        .authenticated_registry_credentials_uri(auth_file_uri.to_string())
+        .work_dir(work_dir.into_path())
+        .build()
+        .await
+        .unwrap();
 
     let bundle_dir = tempfile::tempdir().unwrap();
 

image-rs/tests/image_decryption.rs

@@ -9,23 +9,15 @@
 pub mod common;
 
 /// Ocicrypt-rs config for grpc
-#[cfg(all(
-    feature = "getresource",
-    feature = "encryption",
-    feature = "keywrap-grpc"
-))]
+#[cfg(all(feature = "kbs", feature = "encryption", feature = "keywrap-grpc"))]
 const OCICRYPT_CONFIG: &str = "test_data/ocicrypt_keyprovider_grpc.conf";
 
 /// Ocicrypt-rs config for ttrpc
-#[cfg(all(
-    feature = "getresource",
-    feature = "encryption",
-    feature = "keywrap-ttrpc"
-))]
+#[cfg(all(feature = "kbs", feature = "encryption", feature = "keywrap-ttrpc"))]
 const OCICRYPT_CONFIG: &str = "test_data/ocicrypt_keyprovider_ttrpc.conf";
 
 #[cfg(all(
-    feature = "getresource",
+    feature = "kbs",
     feature = "encryption",
     any(feature = "keywrap-ttrpc", feature = "keywrap-grpc")
 ))]
@@ -52,11 +44,6 @@ async fn test_decrypt_layers(#[case] image: &str) {
     let work_dir = tempfile::tempdir().unwrap();
     let bundle_dir = tempfile::tempdir().unwrap();
 
-    // clean former test files, which is needed to prevent
-    // lint from warning dead code.
-    common::clean_configs()
-        .await
-        .expect("Delete configs failed.");
     let mut image_client = image_rs::image::ImageClient::new(work_dir.path().to_path_buf());
     if cfg!(feature = "snapshot-overlayfs") {
         image_client

image-rs/tests/signature_verification.rs

@@ -102,13 +102,13 @@ const _TESTS_XRSS: [_TestItem; _TEST_ITEMS_XRSS] = [
 ];
 
 #[cfg(all(
-    feature = "getresource",
+    feature = "kbs",
     any(feature = "keywrap-ttrpc", feature = "keywrap-grpc")
 ))]
 const POLICY_URI: &str = "kbs:///default/security-policy/test";
 
 #[cfg(all(
-    feature = "getresource",
+    feature = "kbs",
     any(feature = "keywrap-ttrpc", feature = "keywrap-grpc")
 ))]
 const SIGSTORE_CONFIG_URI: &str = "kbs:///default/sigstore-config/test";
@@ -117,7 +117,7 @@ const SIGSTORE_CONFIG_URI: &str = "kbs:///default/sigstore-config/test";
 /// uses cosign (type: sigstoreSigned), even if the image being pulled is not signed using cosign.
 /// https://github.com/confidential-containers/guest-components/blob/main/attestation-agent/kbc/src/sample_kbc/policy.json
 #[cfg(all(
-    feature = "getresource",
+    feature = "kbs",
     any(feature = "keywrap-ttrpc", feature = "keywrap-grpc")
 ))]
 #[tokio::test]
@@ -128,7 +128,7 @@ async fn signature_verification() {
 
 #[cfg(all(
     feature = "signature-simple-xrss",
-    feature = "getresource",
+    feature = "kbs",
     any(feature = "keywrap-ttrpc", feature = "keywrap-grpc")
 ))]
 #[tokio::test]
@@ -157,7 +157,7 @@ async fn signature_verification_xrss() {
 }
 
 #[cfg(all(
-    feature = "getresource",
+    feature = "kbs",
     any(feature = "keywrap-ttrpc", feature = "keywrap-grpc")
 ))]
 async fn do_signature_verification_tests(
@@ -177,29 +177,19 @@ async fn do_signature_verification_tests(
             test_auth_info = &None;
         }
 
-        // clean former test files
-        common::clean_configs()
-            .await
-            .expect("Delete configs failed.");
-
         // Init tempdirs
         let work_dir = tempfile::tempdir().unwrap();
 
-        // a new client for every pulling, avoid effection
-        // of cache of old client.
-        let mut image_client = image_rs::image::ImageClient::new(work_dir.path().to_path_buf());
-
-        // enable signature verification
-        image_client.config.security_validate = true;
-
-        // set the image security policy
-        image_client.config.file_paths.policy_path = POLICY_URI.into();
+        let mut client_builder = image_rs::builder::ClientBuilder::default()
+            .image_security_policy_uri(POLICY_URI.to_string())
+            .work_dir(work_dir.into_path());
 
         #[cfg(feature = "signature-simple")]
         {
-            image_client.config.file_paths.sigstore_config = SIGSTORE_CONFIG_URI.into();
+            client_builder = client_builder.sigstore_config_uri(SIGSTORE_CONFIG_URI.into());
         }
 
+        let mut image_client = client_builder.build().await.unwrap();
         let bundle_dir = tempfile::tempdir().unwrap();
 
         let _res = image_client