docker
/
docs
mirror of https://github.com/docker/docs.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Fix bug with keystore not getting assigned in the signer in the DB case. 

Thanks @endophage!

Signed-off-by: Ying Li <ying.li@docker.com>
This commit is contained in:
Ying Li 2015-11-30 16:41:07 -08:00
parent 56e8d864ce
commit 7153dc7463
2 changed files with 35 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
cmd/notary-signer/main.go
View File

@ -100,14 +100,15 @@ func setUpCryptoservices(configuration *viper.Viper, allowedBackends []string) (
} }
logrus.Debugf("Using %s DB: %s", storeConfig.Backend, storeConfig.Source) logrus.Debugf("Using %s DB: %s", storeConfig.Backend, storeConfig.Source)
keyStore, err := keydbstore.NewKeyDBStore( dbStore, err := keydbstore.NewKeyDBStore(
passphraseRetriever, defaultAlias, storeConfig.Backend, dbSQL) passphraseRetriever, defaultAlias, storeConfig.Backend, dbSQL)
if err != nil { if err != nil {
return nil, fmt.Errorf("failed to create a new keydbstore: %v", err) return nil, fmt.Errorf("failed to create a new keydbstore: %v", err)
} }
health.RegisterPeriodicFunc( health.RegisterPeriodicFunc(
"DB operational", keyStore.HealthCheck, time.Second*60) "DB operational", dbStore.HealthCheck, time.Second*60)
keyStore = dbStore
} }
cryptoService := cryptoservice.NewCryptoService("", keyStore) cryptoService := cryptoservice.NewCryptoService("", keyStore)

32
cmd/notary-signer/main_test.go
View File

@ -11,8 +11,11 @@ import (
"testing" "testing"
"github.com/docker/notary/signer" "github.com/docker/notary/signer"
"github.com/docker/notary/signer/keydbstore"
"github.com/docker/notary/tuf/data" "github.com/docker/notary/tuf/data"
"github.com/docker/notary/utils" "github.com/docker/notary/utils"
"github.com/jinzhu/gorm"
_ "github.com/mattn/go-sqlite3"
"github.com/spf13/viper" "github.com/spf13/viper"
"github.com/stretchr/testify/assert" "github.com/stretchr/testify/assert"
) )
@ -120,6 +123,17 @@ func TestSetupCryptoServicesDBStoreSuccess(t *testing.T) {
tmpFile.Close() tmpFile.Close()
defer os.Remove(tmpFile.Name()) defer os.Remove(tmpFile.Name())
// Ensure that the private_key table exists
db, err := gorm.Open("sqlite3", tmpFile.Name())
assert.NoError(t, err)
var (
gormKey = keydbstore.GormPrivateKey{}
count int
)
db.CreateTable(&gormKey)
db.Model(&gormKey).Count(&count)
assert.Equal(t, 0, count)
cryptoServices, err := setUpCryptoservices( cryptoServices, err := setUpCryptoservices(
configure(fmt.Sprintf( configure(fmt.Sprintf(
`{"storage": {"backend": "%s", "db_url": "%s"}, `{"storage": {"backend": "%s", "db_url": "%s"},
@ -136,6 +150,16 @@ func TestSetupCryptoServicesDBStoreSuccess(t *testing.T) {
assert.True(t, ok) assert.True(t, ok)
assert.Equal(t, edService, ecService) assert.Equal(t, edService, ecService)
// since the keystores are not exposed by CryptoService, try creating
// a key and seeing if it is in the sqlite DB.
os.Setenv("NOTARY_SIGNER_TIMESTAMP", "password")
defer os.Unsetenv("NOTARY_SIGNER_TIMESTAMP")
_, err = ecService.Create("timestamp", data.ECDSAKey)
assert.NoError(t, err)
db.Model(&gormKey).Count(&count)
assert.Equal(t, 1, count)
} }
// If a memory backend is specified, then a default alias is not needed, and // If a memory backend is specified, then a default alias is not needed, and
@ -155,6 +179,14 @@ func TestSetupCryptoServicesMemoryStore(t *testing.T) {
assert.True(t, ok) assert.True(t, ok)
assert.Equal(t, edService, ecService) assert.Equal(t, edService, ecService)
// since the keystores are not exposed by CryptoService, try creating
// and getting the key
pubKey, err := ecService.Create("", data.ECDSAKey)
assert.NoError(t, err)
privKey, _, err := ecService.GetPrivateKey(pubKey.ID())
assert.NoError(t, err)
assert.NotNil(t, privKey)
} }
func TestSetupHTTPServer(t *testing.T) { func TestSetupHTTPServer(t *testing.T) {