command skeletons in place, changelist actions implemented

Signed-off-by: David Lawrence <david.lawrence@docker.com> (github: endophage)
2015-08-04 14:14:15 -07:00 · 2015-08-04 14:14:15 -07:00 · 959d0267ac
parent 83f96997d3
commit 959d0267ac
5 changed files with 180 additions and 9 deletions
--- a/client/changelist/change.go
+++ b/client/changelist/change.go
@ -1,5 +1,9 @@
 package changelist

+import (
+	"github.com/endophage/gotuf/data"
+)
+
 // Scopes for TufChanges are simply the TUF roles.
 // Unfortunately because of targets delegations, we can only
 // cover the base roles.
@ -32,8 +36,8 @@ type TufChange struct {
 }

 type TufRootData struct {
-	Keys     []*data.TUFKey
-	RoleName string
+	Keys     []data.PublicKey `json:"keys"`
+	RoleName string           `json:"role"`
 }

 // NewTufChange initializes a tufChange object
--- a/client/client.go
+++ b/client/client.go
@ -245,6 +245,7 @@ func (r *NotaryRepository) AddTarget(target *Target) error {
 	if err != nil {
 		return err
 	}
+	defer cl.Close()
 	logrus.Debugf("Adding target \"%s\" with sha256 \"%x\" and size %d bytes.\n", target.Name, target.Hashes["sha256"], target.Length)

 	meta := data.FileMeta{Length: target.Length, Hashes: target.Hashes}
@ -258,7 +259,7 @@ func (r *NotaryRepository) AddTarget(target *Target) error {
 	if err != nil {
 		return err
 	}
-	return cl.Close()
+	return nil
 }

 // RemoveTarget creates a new changelist entry to remove a target from the repository
@ -604,3 +605,58 @@ func (r *NotaryRepository) bootstrapClient() (*tufclient.Client, error) {
 		r.fileStore,
 	), nil
 }
+
+// AddKeys adds the specified keyIDs to the role. These changes are
+// staged in a changelist until publish is called.
+func (r *NotaryRepository) AddKeys(role string, keyIDs ...string) error {
+	return r.rootKeyChange(role, changelist.ActionUpdate, keyIDs...)
+}
+
+// RemoveKeys removes the specified keyIDs from the role. These changes
+// are staged in a changelist until publish is called.
+func (r *NotaryRepository) RemoveKeys(role string, keyIDs ...string) error {
+	return r.rootKeyChange(role, changelist.ActionDelete, keyIDs...)
+}
+
+// ReplaceKey removes all existing keys associated with role and adds
+// the keys specified by keyIDs to the role. These changes are staged
+// in a changelist until publish is called.
+func (r *NotaryRepository) ReplaceKeys(role string, keyIDs ...string) error {
+	return r.rootKeyChange(role, changelist.ActionCreate, keyIDs...)
+}
+
+func (r *NotaryRepository) rootKeyChange(role, action string, keyIDs ...string) error {
+	cl, err := changelist.NewFileChangelist(filepath.Join(r.tufRepoPath, "changelist"))
+	if err != nil {
+		return err
+	}
+	defer cl.Close()
+
+	keys := make([]data.PublicKey, 0, len(keyIDs))
+	for _, kID := range keyIDs {
+		logrus.Debug(kID)
+		// get PUBLIC key and append it to keys
+	}
+
+	meta := changelist.TufRootData{
+		RoleName: role,
+		Keys:     keys,
+	}
+	metaJSON, err := json.Marshal(meta)
+	if err != nil {
+		return err
+	}
+
+	c := changelist.NewTufChange(
+		action,
+		changelist.ScopeRoot,
+		changelist.TypeRootRole,
+		role,
+		metaJSON,
+	)
+	err = cl.Add(c)
+	if err != nil {
+		return err
+	}
+	return nil
+}
--- a/client/helpers.go
+++ b/client/helpers.go
@ -7,7 +7,7 @@ import (

 	"github.com/Sirupsen/logrus"
 	"github.com/docker/notary/client/changelist"
-	"github.com/endophage/gotuf"
+	tuf "github.com/endophage/gotuf"
 	"github.com/endophage/gotuf/data"
 	"github.com/endophage/gotuf/keys"
 	"github.com/endophage/gotuf/store"
@ -88,12 +88,12 @@ func applyRootChange(repo *tuf.TufRepo, c changelist.Change) error {
 	return err // might be nil
 }

-func applyRootRoleChange(repo *tufRepo, c changelist.Change) error {
+func applyRootRoleChange(repo *tuf.TufRepo, c changelist.Change) error {
 	switch c.Action() {
 	case changelist.ActionCreate:
 		// replaces all keys for a role
 		d := &changelist.TufRootData{}
-		err := json.Unmarshal(c.Data, d)
+		err := json.Unmarshal(c.Content(), d)
 		if err != nil {
 			return err
 		}
@ -104,7 +104,7 @@ func applyRootRoleChange(repo *tufRepo, c changelist.Change) error {
 	case changelist.ActionUpdate:
 		// adds a key to a role
 		d := &changelist.TufRootData{}
-		err := json.Unmarshal(c.Data, d)
+		err := json.Unmarshal(c.Content(), d)
 		if err != nil {
 			return err
 		}
@ -115,13 +115,13 @@ func applyRootRoleChange(repo *tufRepo, c changelist.Change) error {
 	case changelist.ActionDelete:
 		// removes a key from a role
 		d := &changelist.TufRootData{}
-		err := json.Unmarshal(c.Data, d)
+		err := json.Unmarshal(c.Content(), d)
 		if err != nil {
 			return err
 		}
 		ids := make([]string, 0, len(d.Keys))
 		for _, k := range d.Keys {
-			append(ids, k.ID())
+			ids = append(ids, k.ID())
 		}
 		err = repo.RemoveBaseKeys(d.RoleName, ids...)
 		if err != nil {
--- a/cmd/notary/main.go
+++ b/cmd/notary/main.go
@ -96,6 +96,7 @@ func main() {

 	notaryCmd.AddCommand(cmdKey)
 	notaryCmd.AddCommand(cmdCert)
+	notaryCmd.AddCommand(cmdMeta)
 	notaryCmd.AddCommand(cmdTufInit)
 	cmdTufInit.Flags().StringVarP(&remoteTrustServer, "server", "s", serverURL, "Remote trust server location")
 	notaryCmd.AddCommand(cmdTufList)
--- a/cmd/notary/meta.go
+++ b/cmd/notary/meta.go
@ -0,0 +1,110 @@
+package main
+
+import (
+	"github.com/Sirupsen/logrus"
+	notaryclient "github.com/docker/notary/client"
+	"github.com/spf13/cobra"
+)
+
+func init() {
+	cmdMeta.AddCommand(cmdRoleDisplay)
+	cmdMeta.AddCommand(cmdReplaceKey)
+	cmdMeta.AddCommand(cmdAddKey)
+	cmdMeta.AddCommand(cmdRemoveKey)
+}
+
+var cmdMeta = &cobra.Command{
+	Use:   "meta",
+	Short: "Operates on repository metadata.",
+	Long:  "Operations to manage key usage and delegations within a repository.",
+}
+
+var cmdRoleDisplay = &cobra.Command{
+	Use:   "display [ GUN ] <role>",
+	Short: "Shows metadata about a role",
+	Long:  "Display all metadata about a role including the associated keys, the role name, and the owner name if applicable.",
+	Run:   metaRoleDisplay,
+}
+
+var cmdReplaceKey = &cobra.Command{
+	Use:   "replace [ GUN ] <role>",
+	Short: "Replace all keys for role.",
+	Long:  "Replaces all keys for the given role.",
+	Run:   metaReplaceKey,
+}
+
+var cmdAddKey = &cobra.Command{
+	Use:   "add [ GUN ] <role>",
+	Short: "Add key to role.",
+	Long:  "Adds a key to the given role.",
+	Run:   metaReplaceKey,
+}
+
+var cmdRemoveKey = &cobra.Command{
+	Use:   "remove [ GUN ] <role>",
+	Short: "Remove a key role.",
+	Long:  "Removes a key from the given role.",
+	Run:   metaReplaceKey,
+}
+
+func metaRoleDisplay(cmd *cobra.Command, args []string) {
+	if len(args) < 2 {
+		cmd.Usage()
+		fatalf("must specify a GUN and role")
+	}
+
+	gun := args[0]
+	parseConfig()
+
+	logrus.Debug("Displaying info")
+	_, err := notaryclient.NewNotaryRepository(trustDir, gun, remoteTrustServer, getTransport(), retriever)
+	if err != nil {
+		fatalf(err.Error())
+	}
+}
+
+func metaReplaceKey(cmd *cobra.Command, args []string) {
+	if len(args) < 2 {
+		cmd.Usage()
+		fatalf("must specify a GUN and role")
+	}
+
+	gun := args[0]
+	parseConfig()
+
+	_, err := notaryclient.NewNotaryRepository(trustDir, gun, remoteTrustServer, getTransport(), retriever)
+	if err != nil {
+		fatalf(err.Error())
+	}
+}
+
+func metaAddKey(cmd *cobra.Command, args []string) {
+	if len(args) < 2 {
+		cmd.Usage()
+		fatalf("must specify a GUN and role")
+	}
+
+	gun := args[0]
+	parseConfig()
+
+	_, err := notaryclient.NewNotaryRepository(trustDir, gun, remoteTrustServer, getTransport(), retriever)
+	if err != nil {
+		fatalf(err.Error())
+	}
+
+}
+
+func metaRemoveKey(cmd *cobra.Command, args []string) {
+	if len(args) < 2 {
+		cmd.Usage()
+		fatalf("must specify a GUN and role")
+	}
+
+	gun := args[0]
+	parseConfig()
+
+	_, err := notaryclient.NewNotaryRepository(trustDir, gun, remoteTrustServer, getTransport(), retriever)
+	if err != nil {
+		fatalf(err.Error())
+	}
+}