Commit Graph

151 Commits

Author SHA1 Message Date
Ying Li f8c42e4cbf NotaryRepository.Update now just returns an error, rather than a client
an error, because we don't actually use the client anymore.

Signed-off-by: Ying Li <ying.li@docker.com>
2016-04-06 14:08:08 -07:00
David Lawrence bfee37d471 update top level Signed.Signed to be a *json.RawMessage
Signed-off-by: David Lawrence <david.lawrence@docker.com> (github: endophage)
2016-03-18 16:18:53 -07:00
Riyaz Faizullabhoy 9ecd899e25 Removing key import and gun from cryptoservice
Signed-off-by: Riyaz Faizullabhoy <riyaz.faizullabhoy@docker.com>
2016-03-18 11:31:03 -07:00
Riyaz Faizullabhoy 2a37590ea6 update interface and comments
Signed-off-by: Riyaz Faizullabhoy <riyaz.faizullabhoy@docker.com>
2016-03-18 11:06:37 -07:00
Riyaz Faizullabhoy 95af5d4800 try cleaning up removekey, debugging tests
Signed-off-by: Riyaz Faizullabhoy <riyaz.faizullabhoy@docker.com>
2016-03-18 11:04:00 -07:00
Riyaz Faizullabhoy 351b247aec add tests for initial keystore state, and after removing and adding
Signed-off-by: Riyaz Faizullabhoy <riyaz.faizullabhoy@docker.com>
2016-03-18 11:03:11 -07:00
Riyaz Faizullabhoy 83f7c758ca Remove delegation role fallback when applying targets changes
Signed-off-by: Riyaz Faizullabhoy <riyaz.faizullabhoy@docker.com>
2016-03-16 15:12:11 -07:00
Ying Li 44cccbb4db Make all key rotations publish immediately, not just remote key rotations
Signed-off-by: Ying Li <ying.li@docker.com>
2016-03-15 18:35:30 -07:00
Ying Li fa5edc40af Publish only the key rotation changes after a remote key rotation
Signed-off-by: Ying Li <ying.li@docker.com>
2016-03-15 18:17:27 -07:00
Ying Li b6c4840231 Update comments, and publish in the CLI after remote key rotation
Signed-off-by: Ying Li <ying.li@docker.com>
2016-03-15 18:17:27 -07:00
Ying Li e3716f0be9 Change the CLI for rotate key to require a role type
Signed-off-by: Ying Li <ying.li@docker.com>
2016-03-15 18:17:27 -07:00
Ying Li 07b9f504e4 Update the CLI and client to no longer reject remote timestamp rotations.
Signed-off-by: Ying Li <ying.li@docker.com>
2016-03-15 18:17:27 -07:00
Ying Li 4022e97b08 Use 'require' instead of 'assert' in client and TUF client tests
Signed-off-by: Ying Li <ying.li@docker.com>
2016-03-15 13:52:48 -07:00
Ying Li e25746dac3 Use a CacheControlHandler that wraps other handlers instead
Signed-off-by: Ying Li <ying.li@docker.com>
2016-03-14 17:19:13 -07:00
Riyaz Faizullabhoy bde878cdb6 changing API for updating delegations
Signed-off-by: Riyaz Faizullabhoy <riyaz.faizullabhoy@docker.com>
2016-02-23 11:57:08 -08:00
Riyaz Faizullabhoy 729bb88537 addressing review comments
Signed-off-by: Riyaz Faizullabhoy <riyaz.faizullabhoy@docker.com>
2016-02-23 11:55:31 -08:00
Riyaz Faizullabhoy 06e34e825a walk for updating/creating delegations, validate changes to paths
Signed-off-by: Riyaz Faizullabhoy <riyaz.faizullabhoy@docker.com>
2016-02-23 11:55:31 -08:00
David Lawrence 1db128778d completely removing KeyDB
Signed-off-by: David Lawrence <david.lawrence@docker.com> (github: endophage)
2016-02-16 21:11:13 -08:00
Riyaz Faizullabhoy 9c84547853 Add tests against old style changes and clear paths
Signed-off-by: Riyaz Faizullabhoy <riyaz.faizullabhoy@docker.com>
2016-02-02 17:01:35 -08:00
Riyaz Faizullabhoy 70ee4f8670 PoC broken down client api for delegations
Signed-off-by: Riyaz Faizullabhoy <riyaz.faizullabhoy@docker.com>
2016-02-02 17:01:35 -08:00
David Lawrence 637a2331d4 client side of consistent downloads
Signed-off-by: David Lawrence <david.lawrence@docker.com> (github: endophage)
2016-01-29 16:52:58 -08:00
Riyaz Faizullabhoy a16e6b58b5 use only canonical IDs for display on delegation CLI commands, translate to TUF key IDs for metadata usage under the hood
Signed-off-by: Riyaz Faizullabhoy <riyaz.faizullabhoy@docker.com>
2016-01-29 16:00:42 -08:00
Jessica Frazelle a64db12c04
change url from jfrazelle/go to docker/go
Signed-off-by: Jessica Frazelle <acidburn@docker.com>
2016-01-26 08:43:38 -08:00
Riyaz Faizullabhoy 25a1e9aed7 change to ListRoles, and GetAllLoadedRoles
Signed-off-by: Riyaz Faizullabhoy <riyaz.faizullabhoy@docker.com>
2016-01-20 15:58:55 -08:00
Riyaz Faizullabhoy a052d9e105 client library for retrieving keys and signatures for all roles
Signed-off-by: Riyaz Faizullabhoy <riyaz.faizullabhoy@docker.com>
2016-01-20 12:00:09 -08:00
Ying Li 6f2e851b29 Merge pull request #479 from docker/remove_to_lower
Do not lowercase role names when adding a change
2016-01-19 16:22:41 -08:00
Ying Li a3b9a5543f Do not lowercase role names when adding a change
Signed-off-by: Ying Li <ying.li@docker.com>
2016-01-19 14:32:00 -08:00
Ying Li cf0bb5a9be Merge pull request #440 from docker/diogo-cli-adding-delegations
delegation command for notary-cli
2016-01-19 13:54:56 -08:00
Riyaz Faizullabhoy ca67f1e71a client library deletion functionality, and integration into remove cert
CLI

Signed-off-by: Riyaz Faizullabhoy <riyaz.faizullabhoy@docker.com>
2016-01-19 11:18:33 -08:00
Riyaz Faizullabhoy 138d6cea09 Add, remove, and list delegation command. TUF changelist action change
for deletions (force vs. individual items)
Signed-off-by: Riyaz Faizullabhoy <riyaz.faizullabhoy@docker.com>
2016-01-18 16:24:45 -08:00
Ying Li 877d47bb5c Add tests to ensure you can just drop a key in tuf_key and use it for signing.
This is important for user keys, which do not necessarily need to be under a GUN,
and may have a role other than one of the canonical roles (e.g. "user" role).

Signed-off-by: Ying Li <ying.li@docker.com>
2016-01-15 18:54:41 -08:00
David Lawrence c0fb05584e fixing incorrect comments
Signed-off-by: David Lawrence <david.lawrence@docker.com> (github: endophage)
2016-01-15 11:30:32 -08:00
David Lawrence 9e80ad8158 remove certs.NewManager function
Signed-off-by: David Lawrence <david.lawrence@docker.com> (github: endophage)
2016-01-15 11:30:32 -08:00
David Lawrence a8b21cafe0 CertManager is completely removed
Signed-off-by: David Lawrence <david.lawrence@docker.com> (github: endophage)
2016-01-15 11:30:32 -08:00
Ying Li c65fc03ef9 Update test to make x509 keys start a day in the past.
Signed-off-by: Ying Li <ying.li@docker.com>
2016-01-14 14:15:38 -08:00
Ying Li b74f1835b7 Ensure that we do not unnecessarily re-sign/serialize a root.json file on publish
Adds additional tests to ensure that keys aren't unnecessarily created on error,
and that only the required keys to sign are used.

Signed-off-by: Ying Li <ying.li@docker.com>
2016-01-14 10:51:24 -08:00
David Lawrence a60f228189 fixing use of require vs assert
Signed-off-by: David Lawrence <david.lawrence@docker.com> (github: endophage)
2016-01-13 15:59:33 -08:00
Diogo Mónica 26d3f3f92b Merge pull request #413 from endophage/fix_root_download
fixing bootstrapClient to prefer cached root
2016-01-13 15:48:39 -08:00
David Lawrence 06d23e14c9 add test for invalid remote URL
add offline store for use when we can't initialize a remote store
Signed-off-by: David Lawrence <david.lawrence@docker.com> (github: endophage)
2016-01-13 15:26:57 -08:00
Ying Li cf4b77b760 Revert "switching out to consistently use canonical json for all marshalling of TUF data"
This reverts commit f417c834c4.

Signed-off-by: Ying Li <ying.li@docker.com>
2016-01-08 14:53:09 -08:00
David Lawrence 5ced01a262 add test to confirm bootstrapClient with a bad URL errors
Signed-off-by: David Lawrence <david.lawrence@docker.com> (github: endophage)
2016-01-08 09:03:27 -08:00
David Lawrence 11795a4573 rename data.ValidRoles to data.BaseRoles
Signed-off-by: David Lawrence <david.lawrence@docker.com> (github: endophage)
2016-01-07 17:38:52 -08:00
David Lawrence d52dbde683 removing the ability to configure role names. It adds a lot of complexity without adding much value. If somebody wants custom role names they can implement it at the display level
Signed-off-by: David Lawrence <david.lawrence@docker.com> (github: endophage)
2016-01-07 17:38:05 -08:00
Ying Li c1c0ccf4be Combine bootstrapClient and tuf/client's Client.Update into NotaryRepository.Update.
- it is easier to understand what's going on in the online functions of NotaryRepository
- we can test NotaryRepository.Update independently (although it'd be nice to have some way
  of ensuring that the actual public functions of NotaryRepository like ListTargets,
  GetTargetByName, and Publish actually calls Update.
- distinct error if the remote repo doesn't exist.

This also stops wrapping signed.ErrExpired in client.ErrExpired, and just passes
signed.ErrExpired on directly.

Signed-off-by: Ying Li <ying.li@docker.com>
2016-01-07 16:58:46 -08:00
David Lawrence f417c834c4 switching out to consistently use canonical json for all marshalling of TUF data
Signed-off-by: David Lawrence <david.lawrence@docker.com> (github: endophage)
2016-01-06 11:15:27 -08:00
Ying Li 61bbf7be49 Change ListTargetes and GetTargetsByName to return TargetWithRole.
This object has both the target and the role in which the target was found.

Signed-off-by: Ying Li <ying.li@docker.com>
2016-01-04 17:15:44 -08:00
Ying Li 2f2a0b9c9f Display the role when listing targets using the Notary CLI.
Signed-off-by: Ying Li <ying.li@docker.com>
2016-01-04 15:20:06 -08:00
Ying Li ecd96c8218 Fix potential infinite loop in tuf/Client.TargetMeta
Signed-off-by: Ying Li <ying.li@docker.com>
2016-01-04 10:50:35 -08:00
Ying Li 9252d9d892 Update client.Target to include a RoleName, so we know where the target is when listed.
Signed-off-by: Ying Li <ying.li@docker.com>
2016-01-04 10:49:54 -08:00
Diogo Mónica ffca6fb522 Merge pull request #388 from docker/cleanup
Rebased cleanup/remove PEM headers
2015-12-23 11:36:25 -08:00