docker
/
docs
mirror of https://github.com/docker/docs.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Rename repo.GetRole to repo.GetRoleWithNames and use the Keys data structure more. 

Signed-off-by: Ying Li <ying.li@docker.com>
This commit is contained in:
Ying Li 2016-02-11 09:51:08 -08:00
parent c88461d485
commit ac265186ee
6 changed files with 23 additions and 23 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
server/handlers/validation.go
View File

@ -194,7 +194,7 @@ func loadTargetsFromStore(gun, role string, repo *tuf.Repo, store storage.MetaSt
} }
func generateSnapshot(gun string, repo *tuf.Repo, store storage.MetaStore) (*storage.MetaUpdate, error) { func generateSnapshot(gun string, repo *tuf.Repo, store storage.MetaStore) (*storage.MetaUpdate, error) {
role, err := repo.GetRole(data.CanonicalSnapshotRole) role, err := repo.GetRoleWithKeys(data.CanonicalSnapshotRole)
if err != nil { if err != nil {
return nil, validation.ErrBadRoot{Msg: "root did not include snapshot role"} return nil, validation.ErrBadRoot{Msg: "root did not include snapshot role"}
} }
@ -265,7 +265,7 @@ func validateSnapshot(role string, oldSnap *data.SignedSnapshot, snapUpdate stor
} }
// version specifically gets validated when writing to store to // version specifically gets validated when writing to store to
// better handle race conditions there. // better handle race conditions there.
snapshotRole, err := repo.GetRole(role) snapshotRole, err := repo.GetRoleWithKeys(role)
if err != nil { if err != nil {
return err return err
} }
@ -329,7 +329,7 @@ func validateTargets(role string, roles map[string]storage.MetaUpdate, repo *tuf
} }
// version specifically gets validated when writing to store to // version specifically gets validated when writing to store to
// better handle race conditions there. // better handle race conditions there.
targetsRole, err := repo.GetRole(role) targetsRole, err := repo.GetRoleWithKeys(role)
if err != nil { if err != nil {
return nil, err return nil, err
} }

8
server/handlers/validation_test.go
View File

@ -270,7 +270,7 @@ func TestValidateSnapshotGenerateWithPrev(t *testing.T) {
kdb, repo, cs, err := testutils.EmptyRepo("docker.com/notary") kdb, repo, cs, err := testutils.EmptyRepo("docker.com/notary")
assert.NoError(t, err) assert.NoError(t, err)
store := storage.NewMemStorage() store := storage.NewMemStorage()
snapRole, err := repo.GetRole(data.CanonicalSnapshotRole) snapRole, err := repo.GetRoleWithKeys(data.CanonicalSnapshotRole)
assert.NoError(t, err) assert.NoError(t, err)
for _, k := range snapRole.Keys { for _, k := range snapRole.Keys {
@ -310,7 +310,7 @@ func TestValidateSnapshotGeneratePrevCorrupt(t *testing.T) {
kdb, repo, cs, err := testutils.EmptyRepo("docker.com/notary") kdb, repo, cs, err := testutils.EmptyRepo("docker.com/notary")
assert.NoError(t, err) assert.NoError(t, err)
store := storage.NewMemStorage() store := storage.NewMemStorage()
snapRole, err := repo.GetRole(data.CanonicalSnapshotRole) snapRole, err := repo.GetRoleWithKeys(data.CanonicalSnapshotRole)
assert.NoError(t, err) assert.NoError(t, err)
for _, k := range snapRole.Keys { for _, k := range snapRole.Keys {
@ -340,7 +340,7 @@ func TestValidateSnapshotGenerateNoTargets(t *testing.T) {
kdb, repo, cs, err := testutils.EmptyRepo("docker.com/notary") kdb, repo, cs, err := testutils.EmptyRepo("docker.com/notary")
assert.NoError(t, err) assert.NoError(t, err)
store := storage.NewMemStorage() store := storage.NewMemStorage()
snapRole, err := repo.GetRole(data.CanonicalSnapshotRole) snapRole, err := repo.GetRoleWithKeys(data.CanonicalSnapshotRole)
assert.NoError(t, err) assert.NoError(t, err)
for _, k := range snapRole.Keys { for _, k := range snapRole.Keys {
@ -364,7 +364,7 @@ func TestValidateSnapshotGenerate(t *testing.T) {
kdb, repo, cs, err := testutils.EmptyRepo("docker.com/notary") kdb, repo, cs, err := testutils.EmptyRepo("docker.com/notary")
assert.NoError(t, err) assert.NoError(t, err)
store := storage.NewMemStorage() store := storage.NewMemStorage()
snapRole, err := repo.GetRole(data.CanonicalSnapshotRole) snapRole, err := repo.GetRoleWithKeys(data.CanonicalSnapshotRole)
assert.NoError(t, err) assert.NoError(t, err)
for _, k := range snapRole.Keys { for _, k := range snapRole.Keys {

12
tuf/client/client.go
View File

@ -200,11 +200,11 @@ func (c *Client) downloadRoot() error {
func (c Client) verifyRoot(role string, s *data.Signed, minVersion int) error { func (c Client) verifyRoot(role string, s *data.Signed, minVersion int) error {
// this will confirm that the root has been signed by the old root role // this will confirm that the root has been signed by the old root role
// as c.keysDB contains the root keys we bootstrapped with. // with the root keys we bootstrapped with.
// Still need to determine if there has been a root key update and // Still need to determine if there has been a root key update and
// confirm signature with new root key // confirm signature with new root key
logrus.Debug("verifying root with existing keys") logrus.Debug("verifying root with existing keys")
rootRole, err := c.local.GetRole(role) rootRole, err := c.local.GetRoleWithKeys(role)
if err != nil { if err != nil {
logrus.Debug("no previous root role loaded") logrus.Debug("no previous root role loaded")
return err return err
@ -231,7 +231,7 @@ func (c Client) verifyRoot(role string, s *data.Signed, minVersion int) error {
// TODO(endophage): be more intelligent and only re-verify if we detect // TODO(endophage): be more intelligent and only re-verify if we detect
// there has been a change in root keys // there has been a change in root keys
logrus.Debug("verifying root with updated keys") logrus.Debug("verifying root with updated keys")
rootRole, err = c.local.GetRole(role) rootRole, err = c.local.GetRoleWithKeys(role)
if err != nil { if err != nil {
logrus.Debug("root role with new keys not loaded") logrus.Debug("root role with new keys not loaded")
return err return err
@ -302,7 +302,7 @@ func (c *Client) downloadTimestamp() error {
// verifies that a timestamp is valid, and returned the SignedTimestamp object to add to the tuf repo // verifies that a timestamp is valid, and returned the SignedTimestamp object to add to the tuf repo
func (c *Client) verifyTimestamp(s *data.Signed, minVersion int) (*data.SignedTimestamp, error) { func (c *Client) verifyTimestamp(s *data.Signed, minVersion int) (*data.SignedTimestamp, error) {
timestampRole, err := c.local.GetRole(data.CanonicalTimestampRole) timestampRole, err := c.local.GetRoleWithKeys(data.CanonicalTimestampRole)
if err != nil { if err != nil {
logrus.Debug("no timestamp role loaded") logrus.Debug("no timestamp role loaded")
return nil, err return nil, err
@ -365,7 +365,7 @@ func (c *Client) downloadSnapshot() error {
s = old s = old
} }
snapshotRole, err := c.local.GetRole(role) snapshotRole, err := c.local.GetRoleWithKeys(role)
if err != nil { if err != nil {
logrus.Debug("no snapshot role loaded") logrus.Debug("no snapshot role loaded")
return err return err
@ -508,7 +508,7 @@ func (c Client) getTargetsFile(role string, keyIDs []string, snapshotMeta data.F
s = old s = old
} }
targetsRole, err := c.local.GetRole(role) targetsRole, err := c.local.GetRoleWithKeys(role)
if err != nil { if err != nil {
logrus.Debugf("no %s role loaded", role) logrus.Debugf("no %s role loaded", role)
return nil, err return nil, err

2
tuf/data/roles.go
View File

@ -249,5 +249,5 @@ func subtractStrSlices(orig, remove []string) []string {
// RoleWithKeys is a role that has the signing keys for the role embedded // RoleWithKeys is a role that has the signing keys for the role embedded
type RoleWithKeys struct { type RoleWithKeys struct {
Role Role
Keys map[string]PublicKey Keys Keys
} }

12
tuf/signed/verify_test.go
View File

@ -23,7 +23,7 @@ func TestRoleNoKeys(t *testing.T) {
nil, nil,
) )
assert.NoError(t, err) assert.NoError(t, err)
roleWithKeys := &data.RoleWithKeys{Role: *r, Keys: map[string]data.PublicKey{k.ID(): k}} roleWithKeys := &data.RoleWithKeys{Role: *r, Keys: data.Keys{k.ID(): k}}
meta := &data.SignedCommon{Type: "Root", Version: 1, Expires: data.DefaultExpires("root")} meta := &data.SignedCommon{Type: "Root", Version: 1, Expires: data.DefaultExpires("root")}
@ -47,7 +47,7 @@ func TestNotEnoughSigs(t *testing.T) {
nil, nil,
) )
assert.NoError(t, err) assert.NoError(t, err)
roleWithKeys := &data.RoleWithKeys{Role: *r, Keys: map[string]data.PublicKey{k.ID(): k}} roleWithKeys := &data.RoleWithKeys{Role: *r, Keys: data.Keys{k.ID(): k}}
meta := &data.SignedCommon{Type: "Root", Version: 1, Expires: data.DefaultExpires("root")} meta := &data.SignedCommon{Type: "Root", Version: 1, Expires: data.DefaultExpires("root")}
@ -73,7 +73,7 @@ func TestMoreThanEnoughSigs(t *testing.T) {
nil, nil,
) )
assert.NoError(t, err) assert.NoError(t, err)
roleWithKeys := &data.RoleWithKeys{Role: *r, Keys: map[string]data.PublicKey{k1.ID(): k1, k2.ID(): k2}} roleWithKeys := &data.RoleWithKeys{Role: *r, Keys: data.Keys{k1.ID(): k1, k2.ID(): k2}}
meta := &data.SignedCommon{Type: "Root", Version: 1, Expires: data.DefaultExpires("root")} meta := &data.SignedCommon{Type: "Root", Version: 1, Expires: data.DefaultExpires("root")}
@ -98,7 +98,7 @@ func TestDuplicateSigs(t *testing.T) {
nil, nil,
) )
assert.NoError(t, err) assert.NoError(t, err)
roleWithKeys := &data.RoleWithKeys{Role: *r, Keys: map[string]data.PublicKey{k.ID(): k}} roleWithKeys := &data.RoleWithKeys{Role: *r, Keys: data.Keys{k.ID(): k}}
meta := &data.SignedCommon{Type: "Root", Version: 1, Expires: data.DefaultExpires("root")} meta := &data.SignedCommon{Type: "Root", Version: 1, Expires: data.DefaultExpires("root")}
@ -125,7 +125,7 @@ func TestUnknownKeyBelowThreshold(t *testing.T) {
nil, nil,
) )
assert.NoError(t, err) assert.NoError(t, err)
roleWithKeys := &data.RoleWithKeys{Role: *r, Keys: map[string]data.PublicKey{k.ID(): k, unknown.ID(): unknown}} roleWithKeys := &data.RoleWithKeys{Role: *r, Keys: data.Keys{k.ID(): k, unknown.ID(): unknown}}
meta := &data.SignedCommon{Type: "Root", Version: 1, Expires: data.DefaultExpires("root")} meta := &data.SignedCommon{Type: "Root", Version: 1, Expires: data.DefaultExpires("root")}
@ -209,7 +209,7 @@ func Test(t *testing.T) {
nil, nil,
) )
assert.NoError(t, err) assert.NoError(t, err)
run.roleData = &data.RoleWithKeys{Role: *r, Keys: map[string]data.PublicKey{k.ID(): k}} run.roleData = &data.RoleWithKeys{Role: *r, Keys: data.Keys{k.ID(): k}}
meta := &data.SignedCommon{Type: run.typ, Version: run.ver, Expires: *run.exp} meta := &data.SignedCommon{Type: run.typ, Version: run.ver, Expires: *run.exp}
b, err := json.MarshalCanonical(meta) b, err := json.MarshalCanonical(meta)

6
tuf/tuf.go
View File

@ -772,13 +772,13 @@ func (tr Repo) sign(signedData *data.Signed, role data.Role) (*data.Signed, erro
return signedData, nil return signedData, nil
} }
// GetRole returns a RoleWithKeys object, given a role name. // GetRoleWithKeys returns a RoleWithKeys object, given a role name.
func (tr Repo) GetRole(role string) (*data.RoleWithKeys, error) { func (tr Repo) GetRoleWithKeys(role string) (*data.RoleWithKeys, error) {
roleData := tr.keysDB.GetRole(role) roleData := tr.keysDB.GetRole(role)
if roleData == nil { if roleData == nil {
return nil, ErrNotLoaded{role: role} return nil, ErrNotLoaded{role: role}
} }
keysInRole := make(map[string]data.PublicKey) keysInRole := make(data.Keys)
for _, keyID := range roleData.KeyIDs { for _, keyID := range roleData.KeyIDs {
k := tr.keysDB.GetKey(keyID) k := tr.keysDB.GetKey(keyID)
if k != nil { if k != nil {