cf4b77b760
Revert "switching out to consistently use canonical json for all marshalling of TUF data"
...
This reverts commit f417c834c4
2016-01-08 14:53:09 -08:00
11795a4573
rename data.ValidRoles to data.BaseRoles
...
Signed-off-by: David Lawrence <david.lawrence@docker.com> (github: endophage)
2016-01-07 17:38:52 -08:00
d52dbde683
removing the ability to configure role names. It adds a lot of complexity without adding much value. If somebody wants custom role names they can implement it at the display level
...
Signed-off-by: David Lawrence <david.lawrence@docker.com> (github: endophage)
2016-01-07 17:38:05 -08:00
c1c0ccf4be
Combine bootstrapClient and tuf/client's Client.Update into NotaryRepository.Update.
...
- it is easier to understand what's going on in the online functions of NotaryRepository
- we can test NotaryRepository.Update independently (although it'd be nice to have some way
of ensuring that the actual public functions of NotaryRepository like ListTargets,
GetTargetByName, and Publish actually calls Update.
- distinct error if the remote repo doesn't exist.
This also stops wrapping signed.ErrExpired in client.ErrExpired, and just passes
signed.ErrExpired on directly.
Signed-off-by: Ying Li <ying.li@docker.com>
2016-01-07 16:58:46 -08:00
f417c834c4
switching out to consistently use canonical json for all marshalling of TUF data
...
Signed-off-by: David Lawrence <david.lawrence@docker.com> (github: endophage)
2016-01-06 11:15:27 -08:00
61bbf7be49
Change ListTargetes and GetTargetsByName to return TargetWithRole.
...
This object has both the target and the role in which the target was found.
Signed-off-by: Ying Li <ying.li@docker.com>
2016-01-04 17:15:44 -08:00
2f2a0b9c9f
Display the role when listing targets using the Notary CLI.
...
Signed-off-by: Ying Li <ying.li@docker.com>
2016-01-04 15:20:06 -08:00
ecd96c8218
Fix potential infinite loop in tuf/Client.TargetMeta
...
Signed-off-by: Ying Li <ying.li@docker.com>
2016-01-04 10:50:35 -08:00
9252d9d892
Update client.Target to include a RoleName, so we know where the target is when listed.
...
Signed-off-by: Ying Li <ying.li@docker.com>
2016-01-04 10:49:54 -08:00
ffca6fb522
Merge pull request #388 from docker/cleanup
...
Rebased cleanup/remove PEM headers
2015-12-23 11:36:25 -08:00
0465365fb6
Return an error if unable to encrypt a key as a valid PEM file
...
Also address review comments and fix semantic conflict after rebase.
Signed-off-by: Ying Li <ying.li@docker.com>
2015-12-23 09:44:51 -08:00
fa788cb2a9
make x509 certs viable as delegated public key object
...
Signed-off-by: David Lawrence <david.lawrence@docker.com> (github: endophage)
2015-12-23 09:41:03 -08:00
e516dd88f2
cleaning up tests by converting t.Fatal to assert.___
...
Signed-off-by: David Lawrence <david.lawrence@docker.com> (github: endophage)
2015-12-23 09:41:03 -08:00
9b0ae29427
ErrRepoNotInitialized test
...
Signed-off-by: Riyaz Faizullabhoy <riyaz.faizullabhoy@docker.com>
2015-12-22 16:53:31 -08:00
332621607e
Add more comments and assertions as per review.
...
Signed-off-by: Ying Li <ying.li@docker.com>
2015-12-22 16:29:28 -08:00
6423c16233
Test pushing an uninitialized repo as well.
...
Signed-off-by: Ying Li <ying.li@docker.com>
2015-12-22 16:29:28 -08:00
ebac6b158a
Refactor tests to cover corrupt root/targets/delegations.
...
Signed-off-by: Ying Li <ying.li@docker.com>
2015-12-22 16:29:28 -08:00
ab97f9e12e
Refactor some of the code to reduce creating temp notary repo directory boilerplate.
...
Signed-off-by: Ying Li <ying.li@docker.com>
2015-12-22 16:23:19 -08:00
d6234e5ef0
Add some simple failure cases where data is corrupt or we can't get server keys.
...
Signed-off-by: Ying Li <ying.li@docker.com>
2015-12-22 16:23:19 -08:00
c1eb344b89
Rotation tests now test reading from other (non-publishing) clients.
...
Signed-off-by: Ying Li <ying.li@docker.com>
2015-12-22 16:23:19 -08:00
f794193382
Address review comments (renaming, extra code left in, etc.)
...
Signed-off-by: Ying Li <ying.li@docker.com>
2015-12-22 15:32:05 -08:00
66384edfc3
Add some more publishing tests.
...
Signed-off-by: Ying Li <ying.li@docker.com>
2015-12-22 00:44:50 -08:00
dcef24996e
Add more delegation writing/publishing tests.
...
Signed-off-by: Ying Li <ying.li@docker.com>
2015-12-22 00:23:32 -08:00
34055f8cf7
Code cleanups as per review, and after rebasing.
...
Signed-off-by: Ying Li <ying.li@docker.com>
2015-12-18 16:51:48 -08:00
a1cbe5d43c
Add test for, and fix bug with, publishing a bare repo not sending the targets file.
...
It should always be published the first time, like the root.json.
Signed-off-by: Ying Li <ying.li@docker.com>
2015-12-18 16:37:24 -08:00
c12958af36
Do not sign the actual targets metadata unless it's dirty.
...
Previously we were always signing it, but we can't do that anymore
because then delegated users won't be able to publish ever (they
probably don't have the target key).
Some other related changes: when role keys are rotated, that role
needs to be marked as dirty now in order to be re-signed and
published.
Signed-off-by: Ying Li <ying.li@docker.com>
2015-12-18 16:37:24 -08:00
f1761afc25
Fallback on the parent role if the role to add a target to doesn't exist.
...
Signed-off-by: Ying Li <ying.li@docker.com>
2015-12-18 16:37:24 -08:00
9f04ca66f7
Add tests for publishing targets to delegations, and delegations themselves.
...
This involved a refactor test helper function assertPublishSucceeds to
take roles and expected published-to-roles.
Signed-off-by: Ying Li <ying.li@docker.com>
2015-12-18 16:37:24 -08:00
d3a54cab25
the empty string should be used in delegation Paths to indicate a role can sign anything
...
Signed-off-by: David Lawrence <david.lawrence@docker.com> (github: endophage)
2015-12-18 16:10:43 -08:00
d49228ad70
fixing copy paste bad var name
...
Signed-off-by: David Lawrence <david.lawrence@docker.com> (github: endophage)
2015-12-18 11:54:01 -08:00
a2a4870512
adding comment about priority ordering and updating test for ListTargets with delegates to hit default no roles passed case
...
Signed-off-by: David Lawrence <david.lawrence@docker.com> (github: endophage)
2015-12-18 11:21:12 -08:00
574b4d543d
updating ListTargets delegate test to check iteration of children and correct (lack of) overwriting.
...
Signed-off-by: David Lawrence <david.lawrence@docker.com> (github: endophage)
2015-12-17 21:28:52 -08:00
9307692b52
reverse priority order or roles for ListTargets and GetTargetsByName
...
Signed-off-by: David Lawrence <david.lawrence@docker.com> (github: endophage)
2015-12-17 16:33:52 -08:00
4243b258b3
making GetTargetsByName work with delegations
...
Signed-off-by: David Lawrence <david.lawrence@docker.com> (github: endophage)
2015-12-17 10:46:41 -08:00
4a9ebb8bc8
adding test for ListTargets with delegation
...
Signed-off-by: David Lawrence <david.lawrence@docker.com> (github: endophage)
2015-12-17 10:09:34 -08:00
377b72a54f
updating list targets to list across multiple roles
...
Signed-off-by: David Lawrence <david.lawrence@docker.com> (github: endophage)
2015-12-17 10:09:34 -08:00
15ad91eea3
Add tests for not being able to write changefiles when changing delegations.
...
This involves refactoring some of the previous write error code.
Signed-off-by: Ying Li <ying.li@docker.com>
2015-12-16 18:29:54 -08:00
c917c0b884
Split AddDelegation test so more more levels
...
Signed-off-by: Ying Li <ying.li@docker.com>
2015-12-16 17:54:50 -08:00
351d5483b7
Implement RemoveDelegation for NotaryRepository.
...
Signed-off-by: Ying Li <ying.li@docker.com>
2015-12-16 16:01:17 -08:00
c72934794a
Implement AddDelegation for NotaryRepository.
...
Signed-off-by: Ying Li <ying.li@docker.com>
2015-12-16 16:00:45 -08:00
0bec06eb9b
RemoveTarget now takes an optional variadic list of roles to remove from.
...
If none are provided, it defaults to the targets role, as before.
Signed-off-by: Ying Li <ying.li@docker.com>
2015-12-16 13:18:40 -08:00
19c49cf7ce
AddTarget now takes an optional variadic list of roles to add target to.
...
If none are provided, it defaults to the targets role, as before.
Signed-off-by: Ying Li <ying.li@docker.com>
2015-12-16 13:18:40 -08:00
2c7e632925
Amend rotation tests to assert old keys are removed after rotation.
...
Signed-off-by: Ying Li <ying.li@docker.com>
2015-12-14 17:44:28 -08:00
8521ea5b6d
Convert NotaryRepository.RotateKeys to RotateKey(role, serverManages bool)
...
This should make it possible to delegate snapshot key management
to the server for existing repos, or switching back to user managing
snapshot keys.
Signed-off-by: Ying Li <ying.li@docker.com>
2015-12-14 17:17:23 -08:00
c0bf1a4a68
Fix semantic merge conflict.
...
Signed-off-by: Ying Li <ying.li@docker.com>
2015-12-11 17:37:29 -08:00
9d2590ffb5
Only allow publishing if there is no snapshot.json, not if it's corrupt
...
or unreadable.
This also modifies tuf/store/filestore to return ErrMetaNotFound if the
metadata file does not exist.
Signed-off-by: Ying Li <ying.li@docker.com>
2015-12-11 15:04:08 -08:00
8b9cc4c3f6
Minor review comment changes:
...
- add a specific error type when the server is requested to manage
an unsupported key type
- variable name change
Signed-off-by: Ying Li <ying.li@docker.com>
2015-12-10 17:16:53 -08:00
5717258931
When publishing, if no snapshot data exists, create it and then try to sign.
...
This supports the case of a user intializing a repo so that the server
signs the snapshot, and then changing their minds and rotating the keys
so that they now sign the snapshot, but all before publishing a single
thing.
Signed-off-by: Ying Li <ying.li@docker.com>
2015-12-10 16:28:20 -08:00
a89bdaa9bf
Just propogate server error if server can't sign snapshot.
...
The errors returned by the server aren't great right now, so it's hard
to try to be clever in synthesizing a signed.ErrNoKeys{}.
Signed-off-by: Ying Li <ying.li@docker.com>
2015-12-10 10:16:39 -08:00
a924ca172f
When initializing a repo, create local keys before getting remote keys.
...
Signed-off-by: Ying Li <ying.li@docker.com>
2015-12-10 10:16:39 -08:00
Ying Li
David Lawrence
Diogo Mónica
Riyaz Faizullabhoy