mirror of https://github.com/docker/docs.git
Revert "Implement new (notary cert rotate) command."
This reverts commit 684c17867740e77460f2940d3d76023f7a9647ed, and extra cert rotate test changes Signed-off-by: Ying Li <ying.li@docker.com>
This commit is contained in:
Ying Li
parent
160ea2bc54
commit
54d1cb1855
|
|
@ -25,12 +25,6 @@ var cmdCertListTemplate = usageTemplate{
|
|||
Long: "Lists root certificates known to notary.",
|
||||
}
|
||||
|
||||
var cmdCertRotateTemplate = &usageTemplate{
|
||||
Use: "rotate [ GUN ]",
|
||||
Short: "Rotate certificates for a role.",
|
||||
Long: "Generates new certificates for the given role (without replacing the root key).",
|
||||
}
|
||||
|
||||
var cmdCertRemoveTemplate = usageTemplate{
|
||||
Use: "remove [ certID ]",
|
||||
Short: "Removes the certificate with the given cert ID.",
|
||||
|
|
@ -50,7 +44,6 @@ type certCommander struct {
|
|||
func (c *certCommander) GetCommand() *cobra.Command {
|
||||
cmd := cmdCertTemplate.ToCommand(nil)
|
||||
cmd.AddCommand(cmdCertListTemplate.ToCommand(c.certList))
|
||||
cmd.AddCommand(cmdCertRotateTemplate.ToCommand(c.certRotate))
|
||||
|
||||
cmdCertRemove := cmdCertRemoveTemplate.ToCommand(c.certRemove)
|
||||
cmdCertRemove.Flags().StringVarP(
|
||||
|
|
@ -166,51 +159,6 @@ func (c *certCommander) certRemove(cmd *cobra.Command, args []string) error {
|
|||
return nil
|
||||
}
|
||||
|
||||
// certRotate replaces a certificate with a new version
|
||||
func (c *certCommander) certRotate(cmd *cobra.Command, args []string) error {
|
||||
if len(args) != 1 {
|
||||
cmd.Usage()
|
||||
return fmt.Errorf("Must specify a GUN")
|
||||
}
|
||||
|
||||
gun := args[0]
|
||||
config, err := c.configGetter()
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
|
||||
rt, err := getTransport(config, gun, false)
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
nRepo, err := notaryclient.NewNotaryRepository(config.GetString("trust_dir"), gun, getRemoteTrustServer(config), rt, c.retriever)
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
|
||||
certs, err := nRepo.ListRootCerts()
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
|
||||
for _, cert := range certs {
|
||||
err := nRepo.RotateRootCert(cert)
|
||||
if err != nil {
|
||||
id, err := trustmanager.FingerprintCert(cert)
|
||||
if err != nil {
|
||||
return fmt.Errorf("Could not fingerprint certificate: %v", err)
|
||||
}
|
||||
return fmt.Errorf("Error rotating certificate %s: %s", id, err)
|
||||
}
|
||||
}
|
||||
|
||||
cmd.Printf(
|
||||
"Rotation of the following certificates into repository \"%s\" staged for next publish.\n",
|
||||
gun)
|
||||
prettyPrintCerts(certs, cmd.Out())
|
||||
return nil
|
||||
}
|
||||
|
||||
func (c *certCommander) certList(cmd *cobra.Command, args []string) error {
|
||||
if len(args) > 0 {
|
||||
cmd.Usage()
|
||||
|
|
|
|||
|
|
@ -1379,75 +1379,6 @@ func TestClientKeyPassphraseChange(t *testing.T) {
|
|||
require.Equal(t, rootID, rootIDs[0])
|
||||
}
|
||||
|
||||
func TestCertRotate(t *testing.T) {
|
||||
logrus.SetLevel(logrus.DebugLevel)
|
||||
// -- setup --
|
||||
setUp(t)
|
||||
|
||||
authorTempDir := tempDirWithConfig(t, "{}")
|
||||
defer os.RemoveAll(authorTempDir)
|
||||
userTempDir := tempDirWithConfig(t, "{}")
|
||||
defer os.RemoveAll(userTempDir)
|
||||
|
||||
server := setupServer()
|
||||
defer server.Close()
|
||||
|
||||
// init repo
|
||||
_, err := runCommand(t, authorTempDir, "-s", server.URL, "init", "gun")
|
||||
require.NoError(t, err)
|
||||
certs := assertNumCerts(t, authorTempDir, 1)
|
||||
oldCertID := strings.Fields(certs[0])[1]
|
||||
|
||||
// publish repo
|
||||
_, err = runCommand(t, authorTempDir, "-s", server.URL, "publish", "gun")
|
||||
require.NoError(t, err)
|
||||
|
||||
// init user
|
||||
_, err = runCommand(t, userTempDir, "-s", server.URL, "list", "gun")
|
||||
require.NoError(t, err)
|
||||
certs = assertNumCerts(t, userTempDir, 1)
|
||||
require.Equal(t, oldCertID, strings.Fields(certs[0])[1])
|
||||
|
||||
// schedule root cert rotation
|
||||
output, err := runCommand(t, authorTempDir, "-s", server.URL, "cert", "rotate", "gun")
|
||||
require.NoError(t, err)
|
||||
require.Contains(t, output, oldCertID)
|
||||
|
||||
// check status - see target
|
||||
output, err = runCommand(t, authorTempDir, "status", "gun")
|
||||
require.NoError(t, err)
|
||||
require.Contains(t, output, "root")
|
||||
|
||||
// publish repo
|
||||
_, err = runCommand(t, authorTempDir, "-s", server.URL, "publish", "gun")
|
||||
require.NoError(t, err)
|
||||
|
||||
// check status - no targets
|
||||
output, err = runCommand(t, authorTempDir, "status", "gun")
|
||||
require.NoError(t, err)
|
||||
require.Contains(t, output, "No unpublished changes for gun")
|
||||
|
||||
// check the other user can use the updated repo
|
||||
_, err = runCommand(t, userTempDir, "-s", server.URL, "list", "gun")
|
||||
require.NoError(t, err)
|
||||
|
||||
// See the comment in TestRotateRootCert for why we need to cause two refreshes
|
||||
// to see the updated certificate.
|
||||
_, err = runCommand(t, authorTempDir, "-s", server.URL, "list", "gun")
|
||||
require.NoError(t, err)
|
||||
certs = assertNumCerts(t, authorTempDir, 1)
|
||||
_, err = runCommand(t, authorTempDir, "-s", server.URL, "list", "gun")
|
||||
require.NoError(t, err)
|
||||
certs = assertNumCerts(t, authorTempDir, 1)
|
||||
newCertID := strings.Fields(certs[0])[1]
|
||||
require.NotEqual(t, oldCertID, newCertID)
|
||||
|
||||
_, err = runCommand(t, userTempDir, "-s", server.URL, "list", "gun")
|
||||
require.NoError(t, err)
|
||||
certs = assertNumCerts(t, userTempDir, 1)
|
||||
require.Equal(t, newCertID, strings.Fields(certs[0])[1])
|
||||
}
|
||||
|
||||
func tempDirWithConfig(t *testing.T, config string) string {
|
||||
tempDir, err := ioutil.TempDir("", "repo")
|
||||
require.NoError(t, err)
|
||||
|
|
|
|||
Loading…
Reference in New Issue