Ying Li
f8c42e4cbf
NotaryRepository.Update now just returns an error, rather than a client
...
an error, because we don't actually use the client anymore.
Signed-off-by: Ying Li <ying.li@docker.com>
2016-04-06 14:08:08 -07:00
David Lawrence
bfee37d471
update top level Signed.Signed to be a *json.RawMessage
...
Signed-off-by: David Lawrence <david.lawrence@docker.com> (github: endophage)
2016-03-18 16:18:53 -07:00
Riyaz Faizullabhoy
9ecd899e25
Removing key import and gun from cryptoservice
...
Signed-off-by: Riyaz Faizullabhoy <riyaz.faizullabhoy@docker.com>
2016-03-18 11:31:03 -07:00
Riyaz Faizullabhoy
2a37590ea6
update interface and comments
...
Signed-off-by: Riyaz Faizullabhoy <riyaz.faizullabhoy@docker.com>
2016-03-18 11:06:37 -07:00
Riyaz Faizullabhoy
95af5d4800
try cleaning up removekey, debugging tests
...
Signed-off-by: Riyaz Faizullabhoy <riyaz.faizullabhoy@docker.com>
2016-03-18 11:04:00 -07:00
Riyaz Faizullabhoy
351b247aec
add tests for initial keystore state, and after removing and adding
...
Signed-off-by: Riyaz Faizullabhoy <riyaz.faizullabhoy@docker.com>
2016-03-18 11:03:11 -07:00
Riyaz Faizullabhoy
83f7c758ca
Remove delegation role fallback when applying targets changes
...
Signed-off-by: Riyaz Faizullabhoy <riyaz.faizullabhoy@docker.com>
2016-03-16 15:12:11 -07:00
Ying Li
44cccbb4db
Make all key rotations publish immediately, not just remote key rotations
...
Signed-off-by: Ying Li <ying.li@docker.com>
2016-03-15 18:35:30 -07:00
Ying Li
fa5edc40af
Publish only the key rotation changes after a remote key rotation
...
Signed-off-by: Ying Li <ying.li@docker.com>
2016-03-15 18:17:27 -07:00
Ying Li
b6c4840231
Update comments, and publish in the CLI after remote key rotation
...
Signed-off-by: Ying Li <ying.li@docker.com>
2016-03-15 18:17:27 -07:00
Ying Li
e3716f0be9
Change the CLI for rotate key to require a role type
...
Signed-off-by: Ying Li <ying.li@docker.com>
2016-03-15 18:17:27 -07:00
Ying Li
07b9f504e4
Update the CLI and client to no longer reject remote timestamp rotations.
...
Signed-off-by: Ying Li <ying.li@docker.com>
2016-03-15 18:17:27 -07:00
Ying Li
4022e97b08
Use 'require' instead of 'assert' in client and TUF client tests
...
Signed-off-by: Ying Li <ying.li@docker.com>
2016-03-15 13:52:48 -07:00
Ying Li
e25746dac3
Use a CacheControlHandler that wraps other handlers instead
...
Signed-off-by: Ying Li <ying.li@docker.com>
2016-03-14 17:19:13 -07:00
Riyaz Faizullabhoy
bde878cdb6
changing API for updating delegations
...
Signed-off-by: Riyaz Faizullabhoy <riyaz.faizullabhoy@docker.com>
2016-02-23 11:57:08 -08:00
Riyaz Faizullabhoy
729bb88537
addressing review comments
...
Signed-off-by: Riyaz Faizullabhoy <riyaz.faizullabhoy@docker.com>
2016-02-23 11:55:31 -08:00
Riyaz Faizullabhoy
06e34e825a
walk for updating/creating delegations, validate changes to paths
...
Signed-off-by: Riyaz Faizullabhoy <riyaz.faizullabhoy@docker.com>
2016-02-23 11:55:31 -08:00
David Lawrence
1db128778d
completely removing KeyDB
...
Signed-off-by: David Lawrence <david.lawrence@docker.com> (github: endophage)
2016-02-16 21:11:13 -08:00
Riyaz Faizullabhoy
9c84547853
Add tests against old style changes and clear paths
...
Signed-off-by: Riyaz Faizullabhoy <riyaz.faizullabhoy@docker.com>
2016-02-02 17:01:35 -08:00
Riyaz Faizullabhoy
70ee4f8670
PoC broken down client api for delegations
...
Signed-off-by: Riyaz Faizullabhoy <riyaz.faizullabhoy@docker.com>
2016-02-02 17:01:35 -08:00
David Lawrence
637a2331d4
client side of consistent downloads
...
Signed-off-by: David Lawrence <david.lawrence@docker.com> (github: endophage)
2016-01-29 16:52:58 -08:00
Riyaz Faizullabhoy
a16e6b58b5
use only canonical IDs for display on delegation CLI commands, translate to TUF key IDs for metadata usage under the hood
...
Signed-off-by: Riyaz Faizullabhoy <riyaz.faizullabhoy@docker.com>
2016-01-29 16:00:42 -08:00
Jessica Frazelle
a64db12c04
change url from jfrazelle/go to docker/go
...
Signed-off-by: Jessica Frazelle <acidburn@docker.com>
2016-01-26 08:43:38 -08:00
Riyaz Faizullabhoy
25a1e9aed7
change to ListRoles, and GetAllLoadedRoles
...
Signed-off-by: Riyaz Faizullabhoy <riyaz.faizullabhoy@docker.com>
2016-01-20 15:58:55 -08:00
Riyaz Faizullabhoy
a052d9e105
client library for retrieving keys and signatures for all roles
...
Signed-off-by: Riyaz Faizullabhoy <riyaz.faizullabhoy@docker.com>
2016-01-20 12:00:09 -08:00
Ying Li
6f2e851b29
Merge pull request #479 from docker/remove_to_lower
...
Do not lowercase role names when adding a change
2016-01-19 16:22:41 -08:00
Ying Li
a3b9a5543f
Do not lowercase role names when adding a change
...
Signed-off-by: Ying Li <ying.li@docker.com>
2016-01-19 14:32:00 -08:00
Ying Li
cf0bb5a9be
Merge pull request #440 from docker/diogo-cli-adding-delegations
...
delegation command for notary-cli
2016-01-19 13:54:56 -08:00
Riyaz Faizullabhoy
ca67f1e71a
client library deletion functionality, and integration into remove cert
...
CLI
Signed-off-by: Riyaz Faizullabhoy <riyaz.faizullabhoy@docker.com>
2016-01-19 11:18:33 -08:00
Riyaz Faizullabhoy
138d6cea09
Add, remove, and list delegation command. TUF changelist action change
...
for deletions (force vs. individual items)
Signed-off-by: Riyaz Faizullabhoy <riyaz.faizullabhoy@docker.com>
2016-01-18 16:24:45 -08:00
Ying Li
877d47bb5c
Add tests to ensure you can just drop a key in tuf_key and use it for signing.
...
This is important for user keys, which do not necessarily need to be under a GUN,
and may have a role other than one of the canonical roles (e.g. "user" role).
Signed-off-by: Ying Li <ying.li@docker.com>
2016-01-15 18:54:41 -08:00
David Lawrence
c0fb05584e
fixing incorrect comments
...
Signed-off-by: David Lawrence <david.lawrence@docker.com> (github: endophage)
2016-01-15 11:30:32 -08:00
David Lawrence
9e80ad8158
remove certs.NewManager function
...
Signed-off-by: David Lawrence <david.lawrence@docker.com> (github: endophage)
2016-01-15 11:30:32 -08:00
David Lawrence
a8b21cafe0
CertManager is completely removed
...
Signed-off-by: David Lawrence <david.lawrence@docker.com> (github: endophage)
2016-01-15 11:30:32 -08:00
Ying Li
c65fc03ef9
Update test to make x509 keys start a day in the past.
...
Signed-off-by: Ying Li <ying.li@docker.com>
2016-01-14 14:15:38 -08:00
Ying Li
b74f1835b7
Ensure that we do not unnecessarily re-sign/serialize a root.json file on publish
...
Adds additional tests to ensure that keys aren't unnecessarily created on error,
and that only the required keys to sign are used.
Signed-off-by: Ying Li <ying.li@docker.com>
2016-01-14 10:51:24 -08:00
David Lawrence
a60f228189
fixing use of require vs assert
...
Signed-off-by: David Lawrence <david.lawrence@docker.com> (github: endophage)
2016-01-13 15:59:33 -08:00
Diogo Mónica
26d3f3f92b
Merge pull request #413 from endophage/fix_root_download
...
fixing bootstrapClient to prefer cached root
2016-01-13 15:48:39 -08:00
David Lawrence
06d23e14c9
add test for invalid remote URL
...
add offline store for use when we can't initialize a remote store
Signed-off-by: David Lawrence <david.lawrence@docker.com> (github: endophage)
2016-01-13 15:26:57 -08:00
Ying Li
cf4b77b760
Revert "switching out to consistently use canonical json for all marshalling of TUF data"
...
This reverts commit f417c834c4
.
Signed-off-by: Ying Li <ying.li@docker.com>
2016-01-08 14:53:09 -08:00
David Lawrence
5ced01a262
add test to confirm bootstrapClient with a bad URL errors
...
Signed-off-by: David Lawrence <david.lawrence@docker.com> (github: endophage)
2016-01-08 09:03:27 -08:00
David Lawrence
11795a4573
rename data.ValidRoles to data.BaseRoles
...
Signed-off-by: David Lawrence <david.lawrence@docker.com> (github: endophage)
2016-01-07 17:38:52 -08:00
David Lawrence
d52dbde683
removing the ability to configure role names. It adds a lot of complexity without adding much value. If somebody wants custom role names they can implement it at the display level
...
Signed-off-by: David Lawrence <david.lawrence@docker.com> (github: endophage)
2016-01-07 17:38:05 -08:00
Ying Li
c1c0ccf4be
Combine bootstrapClient and tuf/client's Client.Update into NotaryRepository.Update.
...
- it is easier to understand what's going on in the online functions of NotaryRepository
- we can test NotaryRepository.Update independently (although it'd be nice to have some way
of ensuring that the actual public functions of NotaryRepository like ListTargets,
GetTargetByName, and Publish actually calls Update.
- distinct error if the remote repo doesn't exist.
This also stops wrapping signed.ErrExpired in client.ErrExpired, and just passes
signed.ErrExpired on directly.
Signed-off-by: Ying Li <ying.li@docker.com>
2016-01-07 16:58:46 -08:00
David Lawrence
f417c834c4
switching out to consistently use canonical json for all marshalling of TUF data
...
Signed-off-by: David Lawrence <david.lawrence@docker.com> (github: endophage)
2016-01-06 11:15:27 -08:00
Ying Li
61bbf7be49
Change ListTargetes and GetTargetsByName to return TargetWithRole.
...
This object has both the target and the role in which the target was found.
Signed-off-by: Ying Li <ying.li@docker.com>
2016-01-04 17:15:44 -08:00
Ying Li
2f2a0b9c9f
Display the role when listing targets using the Notary CLI.
...
Signed-off-by: Ying Li <ying.li@docker.com>
2016-01-04 15:20:06 -08:00
Ying Li
ecd96c8218
Fix potential infinite loop in tuf/Client.TargetMeta
...
Signed-off-by: Ying Li <ying.li@docker.com>
2016-01-04 10:50:35 -08:00
Ying Li
9252d9d892
Update client.Target to include a RoleName, so we know where the target is when listed.
...
Signed-off-by: Ying Li <ying.li@docker.com>
2016-01-04 10:49:54 -08:00
Diogo Mónica
ffca6fb522
Merge pull request #388 from docker/cleanup
...
Rebased cleanup/remove PEM headers
2015-12-23 11:36:25 -08:00