Rather than create an SQL DB, then create a gorm BD using the SQL
DB. Also split the Create/Get test into two tests.
Signed-off-by: Ying Li <ying.li@docker.com>
Also, eliminate the timestamp JSON constant and just generate a new
one for the tests.
The client test now also uses KeyFileStore and certs.Manager to
verify the keys and certs on disk, rather than directly manipulating
the files themselves. This way, if the exact implementation of
KeyFileStore or certs.Manager changes, this test won't fail so long
as KeyFileStore and certs.Manager are self-consistent.
Signed-off-by: Ying Li <ying.li@docker.com>
It's no need to keep the `err` after asserting it should be `nil`, and
we can merge these two logs into one I suppose.
Signed-off-by: Hu Keping <hukeping@huawei.com>
The type must either be "local" or "remote". Previously, any invalid
configuration would default to a local signing service, but since
a remote signing service is recommended, the user has to specifically
configure a local signing service. We don't want it to be the
fallback.
Signed-off-by: Ying Li <ying.li@docker.com>
Previously, if it wasn't a remote service, the config parser was
still setting the key algorithm to be whatever was configured.
Now, if we are using a local trust service, the algorithm is always
ED25519.
Also broke the trust parsing into its own function for testing.
Signed-off-by: Ying Li <ying.li@docker.com>
server and signer, and set these to be the default configuration
files when running the images.
Compose specifies the configuration with MySQL.
Signed-off-by: Ying Li <ying.li@docker.com>
The server already supported a memory backend, but now it must be
specified, rather than just being a fallback if no storage is
specified. This also adds a signer backend to signer, which
previously required a MySQL backend.
Thanks @endophage for the excellent suggestion!
Signed-off-by: Ying Li <ying.li@docker.com>
Previously, if a relative path was provided, it was relative to the
current working directory to wherever the binaries were run. Now
it is relative to whatever config file was used.
Signed-off-by: Ying Li <ying.li@docker.com>
This changes the 'addr' parameter of notary-server's config to
'http_addr', so we can add a GRPC server to notary-server if
necessary. This also allows environment variables to override
the notary-server config file entries, as notary-signer already
does.
The bugsnag configuration has also been changed so that the
bugsnag parameters are under the "bugsnag" key.
Signed-off-by: Ying Li <ying.li@docker.com>
Also add bugsnag support to notary-signer.
This also changes the 'server.cert_file' and 'server.key_file'
parameters to 'server.tls_cert_file' and 'server.tls_key_file',
respectively, to match notary-server.
Previously, the default alias, which was under the environment
variable NOTARY_SERVER_DEFAULT_ALIAS is now also available in
the config file in storage.default_alias. The password has
not changed.
Finally, this removes some of the HSM references in notary-signer.
Signed-off-by: Ying Li <ying.li@docker.com>
Also support parameterized allowed backends when parsing for
storage backends, so that a DB backend can be tested.
Signed-off-by: Ying Li <ying.li@docker.com>
This is because the server handles the timestamp key and timestamp signing.
So there can only ever be 1 key. Thanks @mtrmac for pointing this out.
This change also refactors some of the test code somewhat.
Signed-off-by: Ying Li <ying.li@docker.com>
Ying Li
Ying Li
David Lawrence
Jessica Frazelle
David Lawrence
Matt Bentley
HuKeping
Sven Dowideit