docker
/
docs
mirror of https://github.com/docker/docs.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

minor cleanup of filestore initialization 

Signed-off-by: David Lawrence <david.lawrence@docker.com> (github: endophage)
This commit is contained in:
David Lawrence 2016-04-14 13:46:11 -07:00
parent 358add6075
commit 31f02ec0f7
6 changed files with 29 additions and 60 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

43
trustmanager/filestore.go
View File

@ -15,14 +15,12 @@ type SimpleFileStore struct {
perms os.FileMode perms os.FileMode
} }
// NewSimpleFileStore creates a directory with 755 permissions // NewFileStore creates a fully configurable file store
func NewSimpleFileStore(baseDir string, fileExt string) (*SimpleFileStore, error) { func NewFileStore(baseDir, fileExt string, perms os.FileMode) (*SimpleFileStore, error) {
baseDir = filepath.Clean(baseDir) baseDir = filepath.Clean(baseDir)
if err := createDirectory(baseDir, perms); err != nil {
if err := CreateDirectory(baseDir); err != nil {
return nil, err return nil, err
} }
if !strings.HasPrefix(fileExt, ".") { if !strings.HasPrefix(fileExt, ".") {
fileExt = "." + fileExt fileExt = "." + fileExt
} }
@ -30,25 +28,20 @@ func NewSimpleFileStore(baseDir string, fileExt string) (*SimpleFileStore, error
return &SimpleFileStore{ return &SimpleFileStore{
baseDir: baseDir, baseDir: baseDir,
fileExt: fileExt, fileExt: fileExt,
perms: visible, perms: perms,
}, nil }, nil
} }
// NewPrivateSimpleFileStore creates a directory with 700 permissions // NewSimpleFileStore is a convenience wrapper to create a world readable,
func NewPrivateSimpleFileStore(baseDir string, fileExt string) (*SimpleFileStore, error) { // owner writeable filestore
if err := CreatePrivateDirectory(baseDir); err != nil { func NewSimpleFileStore(baseDir, fileExt string) (*SimpleFileStore, error) {
return nil, err return NewFileStore(baseDir, fileExt, visible)
} }
if !strings.HasPrefix(fileExt, ".") { // NewPrivateSimpleFileStore is a wrapper to create an owner readable/writeable
fileExt = "." + fileExt // _only_ filestore
} func NewPrivateSimpleFileStore(baseDir, fileExt string) (*SimpleFileStore, error) {
return NewFileStore(baseDir, fileExt, private)
return &SimpleFileStore{
baseDir: baseDir,
fileExt: fileExt,
perms: private,
}, nil
} }
// Add writes data to a file with a given name // Add writes data to a file with a given name
@ -170,16 +163,6 @@ func (f *SimpleFileStore) BaseDir() string {
return f.baseDir return f.baseDir
} }
// CreateDirectory uses createDirectory to create a chmod 755 Directory
func CreateDirectory(dir string) error {
return createDirectory(dir, visible)
}
// CreatePrivateDirectory uses createDirectory to create a chmod 700 Directory
func CreatePrivateDirectory(dir string) error {
return createDirectory(dir, private)
}
// createDirectory receives a string of the path to a directory. // createDirectory receives a string of the path to a directory.
// It does not support passing files, so the caller has to remove // It does not support passing files, so the caller has to remove
// the filename by doing filepath.Dir(full_path_to_file) // the filename by doing filepath.Dir(full_path_to_file)

6
trustmanager/filestore_test.go
View File

@ -282,7 +282,7 @@ func TestCreateDirectory(t *testing.T) {
dirPath := filepath.Join(tempBaseDir, testDir) dirPath := filepath.Join(tempBaseDir, testDir)
// Call createDirectory // Call createDirectory
CreateDirectory(dirPath) createDirectory(dirPath, visible)
// Check to see if file exists // Check to see if file exists
fi, err := os.Stat(dirPath) fi, err := os.Stat(dirPath)
@ -306,7 +306,7 @@ func TestCreatePrivateDirectory(t *testing.T) {
dirPath := filepath.Join(tempBaseDir, testDir) dirPath := filepath.Join(tempBaseDir, testDir)
// Call createDirectory // Call createDirectory
CreatePrivateDirectory(dirPath) createDirectory(dirPath, private)
// Check to see if file exists // Check to see if file exists
fi, err := os.Stat(dirPath) fi, err := os.Stat(dirPath)
@ -366,7 +366,7 @@ func TestFileStoreConsistency(t *testing.T) {
file2Path := "path/file2" file2Path := "path/file2"
file3Path := "long/path/file3" file3Path := "long/path/file3"
for _, s := range []LimitedFileStore{s, s2} { for _, s := range []Storage{s, s2} {
s.Add(file1Path, file1Data) s.Add(file1Path, file1Data)
s.Add(file2Path, file2Data) s.Add(file2Path, file2Data)
s.Add(file3Path, file3Data) s.Add(file3Path, file3Data)

14
trustmanager/keyfilestore.go
View File

@ -62,7 +62,7 @@ func NewKeyFileStore(baseDir string, passphraseRetriever passphrase.Retriever) (
return keyStore, nil return keyStore, nil
} }
func generateKeyInfoMap(s LimitedFileStore) map[string]KeyInfo { func generateKeyInfoMap(s Storage) map[string]KeyInfo {
keyInfoMap := make(map[string]KeyInfo) keyInfoMap := make(map[string]KeyInfo)
for _, keyPath := range s.ListFiles() { for _, keyPath := range s.ListFiles() {
d, err := s.Get(keyPath) d, err := s.Get(keyPath)
@ -309,7 +309,7 @@ func KeyInfoFromPEM(pemBytes []byte, filename string) (string, KeyInfo, error) {
return keyID, KeyInfo{Gun: gun, Role: role}, nil return keyID, KeyInfo{Gun: gun, Role: role}, nil
} }
func addKey(s LimitedFileStore, passphraseRetriever passphrase.Retriever, cachedKeys map[string]*cachedKey, name, role string, privKey data.PrivateKey) error { func addKey(s Storage, passphraseRetriever passphrase.Retriever, cachedKeys map[string]*cachedKey, name, role string, privKey data.PrivateKey) error {
var ( var (
chosenPassphrase string chosenPassphrase string
@ -338,7 +338,7 @@ func addKey(s LimitedFileStore, passphraseRetriever passphrase.Retriever, cached
// both in the newer format PEM headers, and also in the legacy filename // both in the newer format PEM headers, and also in the legacy filename
// format. It returns: the role, whether it was found in the legacy format // format. It returns: the role, whether it was found in the legacy format
// (true == legacy), and an error // (true == legacy), and an error
func getKeyRole(s LimitedFileStore, keyID string) (string, bool, error) { func getKeyRole(s Storage, keyID string) (string, bool, error) {
name := strings.TrimSpace(strings.TrimSuffix(filepath.Base(keyID), filepath.Ext(keyID))) name := strings.TrimSpace(strings.TrimSuffix(filepath.Base(keyID), filepath.Ext(keyID)))
for _, file := range s.ListFiles() { for _, file := range s.ListFiles() {
@ -365,7 +365,7 @@ func getKeyRole(s LimitedFileStore, keyID string) (string, bool, error) {
} }
// GetKey returns the PrivateKey given a KeyID // GetKey returns the PrivateKey given a KeyID
func getKey(s LimitedFileStore, passphraseRetriever passphrase.Retriever, cachedKeys map[string]*cachedKey, name string) (data.PrivateKey, string, error) { func getKey(s Storage, passphraseRetriever passphrase.Retriever, cachedKeys map[string]*cachedKey, name string) (data.PrivateKey, string, error) {
cachedKeyEntry, ok := cachedKeys[name] cachedKeyEntry, ok := cachedKeys[name]
if ok { if ok {
return cachedKeyEntry.key, cachedKeyEntry.alias, nil return cachedKeyEntry.key, cachedKeyEntry.alias, nil
@ -389,7 +389,7 @@ func getKey(s LimitedFileStore, passphraseRetriever passphrase.Retriever, cached
} }
// RemoveKey removes the key from the keyfilestore // RemoveKey removes the key from the keyfilestore
func removeKey(s LimitedFileStore, cachedKeys map[string]*cachedKey, name string) error { func removeKey(s Storage, cachedKeys map[string]*cachedKey, name string) error {
role, legacy, err := getKeyRole(s, name) role, legacy, err := getKeyRole(s, name)
if err != nil { if err != nil {
return err return err
@ -419,7 +419,7 @@ func getSubdir(alias string) string {
// Given a key ID, gets the bytes and alias belonging to that key if the key // Given a key ID, gets the bytes and alias belonging to that key if the key
// exists // exists
func getRawKey(s LimitedFileStore, name string) ([]byte, string, error) { func getRawKey(s Storage, name string) ([]byte, string, error) {
role, legacy, err := getKeyRole(s, name) role, legacy, err := getKeyRole(s, name)
if err != nil { if err != nil {
return nil, "", err return nil, "", err
@ -475,7 +475,7 @@ func GetPasswdDecryptBytes(passphraseRetriever passphrase.Retriever, pemBytes []
return privKey, passwd, nil return privKey, passwd, nil
} }
func encryptAndAddKey(s LimitedFileStore, passwd string, cachedKeys map[string]*cachedKey, name, role string, privKey data.PrivateKey) error { func encryptAndAddKey(s Storage, passwd string, cachedKeys map[string]*cachedKey, name, role string, privKey data.PrivateKey) error {
var ( var (
pemPrivKey []byte pemPrivKey []byte

2
trustmanager/memorystore.go
View File

@ -5,7 +5,7 @@ import (
"sync" "sync"
) )
// MemoryFileStore is an implementation of LimitedFileStore that keeps // MemoryFileStore is an implementation of Storage that keeps
// the contents in memory. // the contents in memory.
type MemoryFileStore struct { type MemoryFileStore struct {
sync.Mutex sync.Mutex

16
trustmanager/store.go
View File

@ -17,8 +17,8 @@ var (
ErrPathOutsideStore = errors.New("path outside file store") ErrPathOutsideStore = errors.New("path outside file store")
) )
// LimitedFileStore implements the bare bones primitives (no hierarchy) // Storage implements the bare bones primitives (no hierarchy)
type LimitedFileStore interface { type Storage interface {
// Add writes a file to the specified location, returning an error if this // Add writes a file to the specified location, returning an error if this
// is not possible (reasons may include permissions errors). The path is cleaned // is not possible (reasons may include permissions errors). The path is cleaned
// before being made absolute against the store's base dir. // before being made absolute against the store's base dir.
@ -37,16 +37,6 @@ type LimitedFileStore interface {
// ListFiles returns a list of paths relative to the base directory of the // ListFiles returns a list of paths relative to the base directory of the
// filestore. Any of these paths must be retrievable via the // filestore. Any of these paths must be retrievable via the
// LimitedFileStore.Get method. // Storage.Get method.
ListFiles() []string ListFiles() []string
} }
// FileStore is the interface for full-featured FileStores
type FileStore interface {
LimitedFileStore
RemoveDir(directoryName string) error
GetPath(fileName string) (string, error)
ListDir(directoryName string) []string
BaseDir() string
}

8
trustmanager/x509filestore.go
View File

@ -15,7 +15,7 @@ type X509FileStore struct {
fileMap map[CertID]string fileMap map[CertID]string
fingerprintMap map[CertID]*x509.Certificate fingerprintMap map[CertID]*x509.Certificate
nameMap map[string][]CertID nameMap map[string][]CertID
fileStore FileStore fileStore Storage
} }
// NewX509FileStore returns a new X509FileStore. // NewX509FileStore returns a new X509FileStore.
@ -88,11 +88,7 @@ func (s *X509FileStore) addNamedCert(cert *x509.Certificate) error {
certBytes := CertToPEM(cert) certBytes := CertToPEM(cert)
// Save the file to disk if not already there. // Save the file to disk if not already there.
filePath, err := s.fileStore.GetPath(fileName) if _, err = s.fileStore.Get(fileName); os.IsNotExist(err) {
if err != nil {
return err
}
if _, err := os.Stat(filePath); os.IsNotExist(err) {
if err := s.fileStore.Add(fileName, certBytes); err != nil { if err := s.fileStore.Add(fileName, certBytes); err != nil {
return err return err
} }