diff --git a/cmd/notary/cert.go b/cmd/notary/cert.go index 17273a25ea..2922850d4e 100644 --- a/cmd/notary/cert.go +++ b/cmd/notary/cert.go @@ -25,12 +25,6 @@ var cmdCertListTemplate = usageTemplate{ Long: "Lists root certificates known to notary.", } -var cmdCertRotateTemplate = &usageTemplate{ - Use: "rotate [ GUN ]", - Short: "Rotate certificates for a role.", - Long: "Generates new certificates for the given role (without replacing the root key).", -} - var cmdCertRemoveTemplate = usageTemplate{ Use: "remove [ certID ]", Short: "Removes the certificate with the given cert ID.", @@ -50,7 +44,6 @@ type certCommander struct { func (c *certCommander) GetCommand() *cobra.Command { cmd := cmdCertTemplate.ToCommand(nil) cmd.AddCommand(cmdCertListTemplate.ToCommand(c.certList)) - cmd.AddCommand(cmdCertRotateTemplate.ToCommand(c.certRotate)) cmdCertRemove := cmdCertRemoveTemplate.ToCommand(c.certRemove) cmdCertRemove.Flags().StringVarP( @@ -166,51 +159,6 @@ func (c *certCommander) certRemove(cmd *cobra.Command, args []string) error { return nil } -// certRotate replaces a certificate with a new version -func (c *certCommander) certRotate(cmd *cobra.Command, args []string) error { - if len(args) != 1 { - cmd.Usage() - return fmt.Errorf("Must specify a GUN") - } - - gun := args[0] - config, err := c.configGetter() - if err != nil { - return err - } - - rt, err := getTransport(config, gun, false) - if err != nil { - return err - } - nRepo, err := notaryclient.NewNotaryRepository(config.GetString("trust_dir"), gun, getRemoteTrustServer(config), rt, c.retriever) - if err != nil { - return err - } - - certs, err := nRepo.ListRootCerts() - if err != nil { - return err - } - - for _, cert := range certs { - err := nRepo.RotateRootCert(cert) - if err != nil { - id, err := trustmanager.FingerprintCert(cert) - if err != nil { - return fmt.Errorf("Could not fingerprint certificate: %v", err) - } - return fmt.Errorf("Error rotating certificate %s: %s", id, err) - } - } - - cmd.Printf( - "Rotation of the following certificates into repository \"%s\" staged for next publish.\n", - gun) - prettyPrintCerts(certs, cmd.Out()) - return nil -} - func (c *certCommander) certList(cmd *cobra.Command, args []string) error { if len(args) > 0 { cmd.Usage() diff --git a/cmd/notary/integration_test.go b/cmd/notary/integration_test.go index da4589f838..bbbb250664 100644 --- a/cmd/notary/integration_test.go +++ b/cmd/notary/integration_test.go @@ -1379,75 +1379,6 @@ func TestClientKeyPassphraseChange(t *testing.T) { require.Equal(t, rootID, rootIDs[0]) } -func TestCertRotate(t *testing.T) { - logrus.SetLevel(logrus.DebugLevel) - // -- setup -- - setUp(t) - - authorTempDir := tempDirWithConfig(t, "{}") - defer os.RemoveAll(authorTempDir) - userTempDir := tempDirWithConfig(t, "{}") - defer os.RemoveAll(userTempDir) - - server := setupServer() - defer server.Close() - - // init repo - _, err := runCommand(t, authorTempDir, "-s", server.URL, "init", "gun") - require.NoError(t, err) - certs := assertNumCerts(t, authorTempDir, 1) - oldCertID := strings.Fields(certs[0])[1] - - // publish repo - _, err = runCommand(t, authorTempDir, "-s", server.URL, "publish", "gun") - require.NoError(t, err) - - // init user - _, err = runCommand(t, userTempDir, "-s", server.URL, "list", "gun") - require.NoError(t, err) - certs = assertNumCerts(t, userTempDir, 1) - require.Equal(t, oldCertID, strings.Fields(certs[0])[1]) - - // schedule root cert rotation - output, err := runCommand(t, authorTempDir, "-s", server.URL, "cert", "rotate", "gun") - require.NoError(t, err) - require.Contains(t, output, oldCertID) - - // check status - see target - output, err = runCommand(t, authorTempDir, "status", "gun") - require.NoError(t, err) - require.Contains(t, output, "root") - - // publish repo - _, err = runCommand(t, authorTempDir, "-s", server.URL, "publish", "gun") - require.NoError(t, err) - - // check status - no targets - output, err = runCommand(t, authorTempDir, "status", "gun") - require.NoError(t, err) - require.Contains(t, output, "No unpublished changes for gun") - - // check the other user can use the updated repo - _, err = runCommand(t, userTempDir, "-s", server.URL, "list", "gun") - require.NoError(t, err) - - // See the comment in TestRotateRootCert for why we need to cause two refreshes - // to see the updated certificate. - _, err = runCommand(t, authorTempDir, "-s", server.URL, "list", "gun") - require.NoError(t, err) - certs = assertNumCerts(t, authorTempDir, 1) - _, err = runCommand(t, authorTempDir, "-s", server.URL, "list", "gun") - require.NoError(t, err) - certs = assertNumCerts(t, authorTempDir, 1) - newCertID := strings.Fields(certs[0])[1] - require.NotEqual(t, oldCertID, newCertID) - - _, err = runCommand(t, userTempDir, "-s", server.URL, "list", "gun") - require.NoError(t, err) - certs = assertNumCerts(t, userTempDir, 1) - require.Equal(t, newCertID, strings.Fields(certs[0])[1]) -} - func tempDirWithConfig(t *testing.T, config string) string { tempDir, err := ioutil.TempDir("", "repo") require.NoError(t, err)