docker
/
docs
mirror of https://github.com/docker/docs.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Revert "Implement new (notary cert rotate) command." 

This reverts commit 684c17867740e77460f2940d3d76023f7a9647ed, and extra cert rotate test changes

Signed-off-by: Ying Li <ying.li@docker.com>
This commit is contained in:
Ying Li 2016-04-08 15:03:12 -07:00
parent 160ea2bc54
commit 54d1cb1855
2 changed files with 0 additions and 121 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

52
cmd/notary/cert.go
View File

@ -25,12 +25,6 @@ var cmdCertListTemplate = usageTemplate{
Long: "Lists root certificates known to notary.", Long: "Lists root certificates known to notary.",
} }
var cmdCertRotateTemplate = &usageTemplate{
Use: "rotate [ GUN ]",
Short: "Rotate certificates for a role.",
Long: "Generates new certificates for the given role (without replacing the root key).",
}
var cmdCertRemoveTemplate = usageTemplate{ var cmdCertRemoveTemplate = usageTemplate{
Use: "remove [ certID ]", Use: "remove [ certID ]",
Short: "Removes the certificate with the given cert ID.", Short: "Removes the certificate with the given cert ID.",
@ -50,7 +44,6 @@ type certCommander struct {
func (c *certCommander) GetCommand() *cobra.Command { func (c *certCommander) GetCommand() *cobra.Command {
cmd := cmdCertTemplate.ToCommand(nil) cmd := cmdCertTemplate.ToCommand(nil)
cmd.AddCommand(cmdCertListTemplate.ToCommand(c.certList)) cmd.AddCommand(cmdCertListTemplate.ToCommand(c.certList))
cmd.AddCommand(cmdCertRotateTemplate.ToCommand(c.certRotate))
cmdCertRemove := cmdCertRemoveTemplate.ToCommand(c.certRemove) cmdCertRemove := cmdCertRemoveTemplate.ToCommand(c.certRemove)
cmdCertRemove.Flags().StringVarP( cmdCertRemove.Flags().StringVarP(
@ -166,51 +159,6 @@ func (c *certCommander) certRemove(cmd *cobra.Command, args []string) error {
return nil return nil
} }
// certRotate replaces a certificate with a new version
func (c *certCommander) certRotate(cmd *cobra.Command, args []string) error {
if len(args) != 1 {
cmd.Usage()
return fmt.Errorf("Must specify a GUN")
}
gun := args[0]
config, err := c.configGetter()
if err != nil {
return err
}
rt, err := getTransport(config, gun, false)
if err != nil {
return err
}
nRepo, err := notaryclient.NewNotaryRepository(config.GetString("trust_dir"), gun, getRemoteTrustServer(config), rt, c.retriever)
if err != nil {
return err
}
certs, err := nRepo.ListRootCerts()
if err != nil {
return err
}
for _, cert := range certs {
err := nRepo.RotateRootCert(cert)
if err != nil {
id, err := trustmanager.FingerprintCert(cert)
if err != nil {
return fmt.Errorf("Could not fingerprint certificate: %v", err)
}
return fmt.Errorf("Error rotating certificate %s: %s", id, err)
}
}
cmd.Printf(
"Rotation of the following certificates into repository \"%s\" staged for next publish.\n",
gun)
prettyPrintCerts(certs, cmd.Out())
return nil
}
func (c *certCommander) certList(cmd *cobra.Command, args []string) error { func (c *certCommander) certList(cmd *cobra.Command, args []string) error {
if len(args) > 0 { if len(args) > 0 {
cmd.Usage() cmd.Usage()

69
cmd/notary/integration_test.go
View File

@ -1379,75 +1379,6 @@ func TestClientKeyPassphraseChange(t *testing.T) {
require.Equal(t, rootID, rootIDs[0]) require.Equal(t, rootID, rootIDs[0])
} }
func TestCertRotate(t *testing.T) {
logrus.SetLevel(logrus.DebugLevel)
// -- setup --
setUp(t)
authorTempDir := tempDirWithConfig(t, "{}")
defer os.RemoveAll(authorTempDir)
userTempDir := tempDirWithConfig(t, "{}")
defer os.RemoveAll(userTempDir)
server := setupServer()
defer server.Close()
// init repo
_, err := runCommand(t, authorTempDir, "-s", server.URL, "init", "gun")
require.NoError(t, err)
certs := assertNumCerts(t, authorTempDir, 1)
oldCertID := strings.Fields(certs[0])[1]
// publish repo
_, err = runCommand(t, authorTempDir, "-s", server.URL, "publish", "gun")
require.NoError(t, err)
// init user
_, err = runCommand(t, userTempDir, "-s", server.URL, "list", "gun")
require.NoError(t, err)
certs = assertNumCerts(t, userTempDir, 1)
require.Equal(t, oldCertID, strings.Fields(certs[0])[1])
// schedule root cert rotation
output, err := runCommand(t, authorTempDir, "-s", server.URL, "cert", "rotate", "gun")
require.NoError(t, err)
require.Contains(t, output, oldCertID)
// check status - see target
output, err = runCommand(t, authorTempDir, "status", "gun")
require.NoError(t, err)
require.Contains(t, output, "root")
// publish repo
_, err = runCommand(t, authorTempDir, "-s", server.URL, "publish", "gun")
require.NoError(t, err)
// check status - no targets
output, err = runCommand(t, authorTempDir, "status", "gun")
require.NoError(t, err)
require.Contains(t, output, "No unpublished changes for gun")
// check the other user can use the updated repo
_, err = runCommand(t, userTempDir, "-s", server.URL, "list", "gun")
require.NoError(t, err)
// See the comment in TestRotateRootCert for why we need to cause two refreshes
// to see the updated certificate.
_, err = runCommand(t, authorTempDir, "-s", server.URL, "list", "gun")
require.NoError(t, err)
certs = assertNumCerts(t, authorTempDir, 1)
_, err = runCommand(t, authorTempDir, "-s", server.URL, "list", "gun")
require.NoError(t, err)
certs = assertNumCerts(t, authorTempDir, 1)
newCertID := strings.Fields(certs[0])[1]
require.NotEqual(t, oldCertID, newCertID)
_, err = runCommand(t, userTempDir, "-s", server.URL, "list", "gun")
require.NoError(t, err)
certs = assertNumCerts(t, userTempDir, 1)
require.Equal(t, newCertID, strings.Fields(certs[0])[1])
}
func tempDirWithConfig(t *testing.T, config string) string { func tempDirWithConfig(t *testing.T, config string) string {
tempDir, err := ioutil.TempDir("", "repo") tempDir, err := ioutil.TempDir("", "repo")
require.NoError(t, err) require.NoError(t, err)