3eac9a8185
Merge pull request #516 from docker/canonical-key-id
...
use only canonical IDs for display on delegation CLI commands,
2016-01-29 16:43:25 -08:00
564f8d06d3
Merge pull request #515 from docker/roles-for-targets
...
Roles for targets via notary CLI
2016-01-29 16:08:29 -08:00
a16e6b58b5
use only canonical IDs for display on delegation CLI commands, translate to TUF key IDs for metadata usage under the hood
...
Signed-off-by: Riyaz Faizullabhoy <riyaz.faizullabhoy@docker.com>
2016-01-29 16:00:42 -08:00
32d9cd7c4a
Merge pull request #485 from docker/passphrase-change
...
passwd command and tests
2016-01-28 17:35:44 -08:00
cd7274f1b9
Add additional tests with different delegation key format using role PEM header
...
Signed-off-by: Riyaz Faizullabhoy <riyaz.faizullabhoy@docker.com>
2016-01-28 15:49:09 -08:00
9c59af1397
passwd command and tests
...
Signed-off-by: Riyaz Faizullabhoy <riyaz.faizullabhoy@docker.com>
2016-01-28 10:36:05 -08:00
2964e8c6f4
add integration test for adding/listing/removing targets from roles
...
Signed-off-by: Riyaz Faizullabhoy <riyaz.faizullabhoy@docker.com>
2016-01-28 10:20:27 -08:00
bb9ef929de
Add --roles flags to targets commands
...
Signed-off-by: Riyaz Faizullabhoy <riyaz.faizullabhoy@docker.com>
2016-01-28 09:59:04 -08:00
6b31789fe5
Tiny refactor: to keep code style consistent
...
The other CLI commands about tuf are all begin with cmdTufXXX
which I think `verify` should be the same too.
Signed-off-by: Hu Keping <hukeping@huawei.com>
2016-01-28 20:13:39 +08:00
83c5ed255b
Add check for RSA key len before adding
...
Signed-off-by: Riyaz Faizullabhoy <riyaz.faizullabhoy@docker.com>
2016-01-26 23:27:06 -08:00
7eb86f7a64
Merge pull request #493 from docker/delegation-cli-text
...
delegations CLI UX improvements
2016-01-26 15:32:20 -08:00
a64db12c04
change url from jfrazelle/go to docker/go
...
Signed-off-by: Jessica Frazelle <acidburn@docker.com>
2016-01-26 08:43:38 -08:00
774b66c9fe
delegations CLI UX improvements
...
Signed-off-by: Riyaz Faizullabhoy <riyaz.faizullabhoy@docker.com>
2016-01-25 16:14:02 -08:00
12d3eb49ae
Change default log level to fatal, change verbose to error level and add
...
debug flag for debug level
Signed-off-by: Riyaz Faizullabhoy <riyaz.faizullabhoy@docker.com>
2016-01-25 16:13:42 -08:00
b51d1e8cf8
Root is always on disk unless restored from backup.
...
(In which case if Yubikey is available, it will only be on the Yubikey and not on disk.)
Signed-off-by: Ying Li <ying.li@docker.com>
2016-01-25 13:37:39 -08:00
6389c8cf75
tokenAuth should also 'succeed' if we get a 401, which will result in attempting futher authentication later
...
Signed-off-by: David Lawrence <david.lawrence@docker.com> (github: endophage)
2016-01-21 11:44:00 -08:00
33fee1d356
test for returning nil roundtripper from tokenAuth
...
Signed-off-by: David Lawrence <david.lawrence@docker.com> (github: endophage)
2016-01-19 15:47:12 -08:00
46682b71eb
if we can't connect to the server when setting up, return a nil roundtripper. Check roundtripper when initializing HTTPStore and substitute an OfflineStore if it is nil.
...
Signed-off-by: David Lawrence <david.lawrence@docker.com> (github: endophage)
2016-01-19 14:34:50 -08:00
cf0bb5a9be
Merge pull request #440 from docker/diogo-cli-adding-delegations
...
delegation command for notary-cli
2016-01-19 13:54:56 -08:00
ca67f1e71a
client library deletion functionality, and integration into remove cert
...
CLI
Signed-off-by: Riyaz Faizullabhoy <riyaz.faizullabhoy@docker.com>
2016-01-19 11:18:33 -08:00
138d6cea09
Add, remove, and list delegation command. TUF changelist action change
...
for deletions (force vs. individual items)
Signed-off-by: Riyaz Faizullabhoy <riyaz.faizullabhoy@docker.com>
2016-01-18 16:24:45 -08:00
dd0223f7cf
Fix pretty-print keys to not print "." if there is no GUN.
...
Signed-off-by: Ying Li <ying.li@docker.com>
2016-01-15 18:54:47 -08:00
c0fb05584e
fixing incorrect comments
...
Signed-off-by: David Lawrence <david.lawrence@docker.com> (github: endophage)
2016-01-15 11:30:32 -08:00
9e80ad8158
remove certs.NewManager function
...
Signed-off-by: David Lawrence <david.lawrence@docker.com> (github: endophage)
2016-01-15 11:30:32 -08:00
48ecd8d2cb
some cleanup of certs code
...
Signed-off-by: David Lawrence <david.lawrence@docker.com> (github: endophage)
2016-01-15 11:30:32 -08:00
27278428ec
Remove extraneous "fake" from the notary CLI integration tests.
...
Signed-off-by: Ying Li <ying.li@docker.com>
2016-01-14 09:56:37 -08:00
4dc8299de5
Fix bug where the yubikey store was not prioritized over the filestore
...
in a client repo.
Also, fix a test with exporting/importing all keys - because a key
that is imported into the yubikey is also backed up on disk, when exporting
all keys, it also gets exported.
Signed-off-by: Ying Li <ying.li@docker.com>
2016-01-13 18:19:48 -08:00
89f250c253
when doing getTransport readOnly needs to be false for a key rotation as write permissions are required to retrieve keys
...
Signed-off-by: David Lawrence <david.lawrence@docker.com> (github: endophage)
2016-01-11 17:25:23 -08:00
61bbf7be49
Change ListTargetes and GetTargetsByName to return TargetWithRole.
...
This object has both the target and the role in which the target was found.
Signed-off-by: Ying Li <ying.li@docker.com>
2016-01-04 17:15:44 -08:00
2f2a0b9c9f
Display the role when listing targets using the Notary CLI.
...
Signed-off-by: Ying Li <ying.li@docker.com>
2016-01-04 15:20:06 -08:00
f2ec72b5b6
aliases removed from file names
...
Signed-off-by: David Lawrence <david.lawrence@docker.com> (github: endophage)
2015-12-23 09:41:03 -08:00
6d5b8ff54a
add role into PEM headers
...
Signed-off-by: David Lawrence <david.lawrence@docker.com> (github: endophage)
2015-12-23 09:41:03 -08:00
377b72a54f
updating list targets to list across multiple roles
...
Signed-off-by: David Lawrence <david.lawrence@docker.com> (github: endophage)
2015-12-17 10:09:34 -08:00
63f48791c3
Fix docstring for 'key-type' parameter on key rotate.
...
Signed-off-by: Ying Li <ying.li@docker.com>
2015-12-15 10:18:58 -08:00
ca1623e17b
Update CLI rotate key command to optionally rotate a single key.
...
This makes it possible to delegate snapshots key management to the
server, and to reclaim the responsibility.
Signed-off-by: Ying Li <ying.li@docker.com>
2015-12-14 17:17:23 -08:00
2ce0232972
Refactor notary CLI keys cmds to use less globally mutable state.
...
This way we can test the command functions more easily.
Signed-off-by: Ying Li <ying.li@docker.com>
2015-12-14 17:17:23 -08:00
3c6335c572
Explicitly supply validity times to certificate generation
...
Add explicit startTime and endTime parameters to
cryptoservice.GenerateCertificate and trustmanager.NewCertificate.
trustmanager.NewCertificate as a low-level data manipulation function
should not be hard-coding policy (10-year expiration); that policy
belongs to its callers, or one more level higher to callers of
cryptoservice.GenerateCertificate.
These places hard-coding policy now also have an explict comment to
that effect.
In addition to conceptual cleanliness, this will allow writing tests
of certificate expiry by generating appropriate expired or nearly-expired
certificates.
Tests which don't care about the policy much will continue to use the
just added cryptoservice.GenerateTestingCertificate.
Signed-off-by: Miloslav Trmač <mitr@redhat.com>
2015-12-09 20:02:10 +01:00
35b104beee
Move all the pretty-print functions to their own file in cmd/notary.
...
Also add tests for pretty-printing and sorting targets.
Signed-off-by: Ying Li <ying.li@docker.com>
2015-11-30 16:35:53 -08:00
1670b69a18
Pretty-print certificates from the notary CLI command `notary cert list`
...
Signed-off-by: Ying Li <ying.li@docker.com>
2015-11-30 16:35:53 -08:00
dbcb56b3bf
Renamed keystoremanager to certs, and KeyStoreManager to Manager.
...
Since it no longer depends upon KeyStore, nor does it manipulate keys
in any way.
Signed-off-by: Ying Li <ying.li@docker.com>
2015-11-23 17:19:26 -05:00
378888f6d7
Merge pull request #295 from docker/no-stderr-for-cmds
...
Set the default output for all cobra commands to be STDOUT
2015-11-15 13:12:36 +01:00
d0b3bd2860
headers were still printing when no targets were found
...
Signed-off-by: David Lawrence <david.lawrence@docker.com> (github: endophage)
2015-11-15 02:48:33 -08:00
238ee32c78
Set the default output for all cobra commands to be STDOUT
...
Signed-off-by: Ying Li <ying.li@docker.com>
2015-11-15 02:46:29 -08:00
04941d90a0
Merge pull request #289 from endophage/pretty_print_targets
...
pretty printing targets
2015-11-15 11:32:02 +01:00
e638f0a4d6
Merge pull request #285 from docker/delete-key-is-back
...
Add an interactive command to delete a key from any keystore.
2015-11-15 11:31:41 +01:00
0d7df87805
Add an interactive command to delete a key from any keystore.
...
This lists any matching keys, and requires the user to pick which one
to choose, if there is more than 1 matching key. Also requires the
user to confirm before deleting.
Signed-off-by: Ying Li <ying.li@docker.com>
2015-11-14 14:17:08 -08:00
0088d16bba
pretty printing targets
...
Signed-off-by: David Lawrence <david.lawrence@docker.com> (github: endophage)
2015-11-14 10:21:08 -08:00
53626b6fe6
Merge pull request #284 from docker/key-command-renaming
...
Rename command line options from export/import key to backup/restore.
2015-11-14 13:49:53 +01:00
cb6fd71848
Rename command line options from export/import key to backup/restore.
...
import-root/export-root have been renamed to import/export.
Signed-off-by: Ying Li <ying.li@docker.com>
2015-11-14 02:33:36 -08:00
daa844079f
Merge pull request #279 from docker/pretty-print
...
Pretty print output of `notary key list`.
2015-11-14 10:55:33 +01:00
Diogo Mónica