f2ec72b5b6
aliases removed from file names
...
Signed-off-by: David Lawrence <david.lawrence@docker.com> (github: endophage)
2015-12-23 09:41:03 -08:00
6d5b8ff54a
add role into PEM headers
...
Signed-off-by: David Lawrence <david.lawrence@docker.com> (github: endophage)
2015-12-23 09:41:03 -08:00
1f329868e8
making filestores consistent so you can Get, Remove, etc... the paths returned by ListFiles
...
Signed-off-by: David Lawrence <david.lawrence@docker.com> (github: endophage)
2015-12-23 09:41:03 -08:00
8f7fddd5d5
breaking up low level storage into logical files
...
Signed-off-by: David Lawrence <david.lawrence@docker.com> (github: endophage)
2015-12-23 09:41:03 -08:00
db9705dd97
Merge pull request #384 from docker/more-client-negative-tests
...
More client writing/publishing negative tests
2015-12-22 16:50:17 -08:00
d1fa795f20
Merge pull request #382 from cyli/passphrase-tests
...
Add basic tests for passphrase retriever to make sure it handles delegations
2015-12-22 16:30:41 -08:00
2900423fa2
Minor error message changes
...
Signed-off-by: Ying Li <ying.li@docker.com>
2015-12-22 16:29:28 -08:00
9ca2200775
Update filestore to first remove existing metadata before setting metadata.
...
This would let it remove corrupt or bad-state metadata.
Signed-off-by: Ying Li <ying.li@docker.com>
2015-12-22 16:29:28 -08:00
332621607e
Add more comments and assertions as per review.
...
Signed-off-by: Ying Li <ying.li@docker.com>
2015-12-22 16:29:28 -08:00
6423c16233
Test pushing an uninitialized repo as well.
...
Signed-off-by: Ying Li <ying.li@docker.com>
2015-12-22 16:29:28 -08:00
ebac6b158a
Refactor tests to cover corrupt root/targets/delegations.
...
Signed-off-by: Ying Li <ying.li@docker.com>
2015-12-22 16:29:28 -08:00
ab97f9e12e
Refactor some of the code to reduce creating temp notary repo directory boilerplate.
...
Signed-off-by: Ying Li <ying.li@docker.com>
2015-12-22 16:23:19 -08:00
d6234e5ef0
Add some simple failure cases where data is corrupt or we can't get server keys.
...
Signed-off-by: Ying Li <ying.li@docker.com>
2015-12-22 16:23:19 -08:00
c1eb344b89
Rotation tests now test reading from other (non-publishing) clients.
...
Signed-off-by: Ying Li <ying.li@docker.com>
2015-12-22 16:23:19 -08:00
8128026459
Merge pull request #385 from docker/client-delegation-write-tests
...
Add more delegation writing/publishing tests.
2015-12-22 16:01:55 -08:00
f794193382
Address review comments (renaming, extra code left in, etc.)
...
Signed-off-by: Ying Li <ying.li@docker.com>
2015-12-22 15:32:05 -08:00
203adfc13c
Add basic tests for passphrase retriever to make sure it handles delegations.
...
Signed-off-by: Ying Li <ying.li@docker.com>
2015-12-22 14:14:10 -08:00
66384edfc3
Add some more publishing tests.
...
Signed-off-by: Ying Li <ying.li@docker.com>
2015-12-22 00:44:50 -08:00
dcef24996e
Add more delegation writing/publishing tests.
...
Signed-off-by: Ying Li <ying.li@docker.com>
2015-12-22 00:23:32 -08:00
340a337c31
Merge pull request #378 from cyli/publish-delegations
...
Publishing delegation changes, and targets to delegations
2015-12-18 17:08:34 -08:00
34055f8cf7
Code cleanups as per review, and after rebasing.
...
Signed-off-by: Ying Li <ying.li@docker.com>
2015-12-18 16:51:48 -08:00
0892ebb13f
Add checks to TUFRepo to fail on updating a target if there are no signing keys.
...
So UpdateDelegation, DeleteDelegation, AddTargets, RemoveTargets now
all check for the role existence, not metadata existence. And they
also check the role's signing keys - there's no point in adding if
we can't sign.
Signed-off-by: Ying Li <ying.li@docker.com>
2015-12-18 16:37:24 -08:00
a1cbe5d43c
Add test for, and fix bug with, publishing a bare repo not sending the targets file.
...
It should always be published the first time, like the root.json.
Signed-off-by: Ying Li <ying.li@docker.com>
2015-12-18 16:37:24 -08:00
c12958af36
Do not sign the actual targets metadata unless it's dirty.
...
Previously we were always signing it, but we can't do that anymore
because then delegated users won't be able to publish ever (they
probably don't have the target key).
Some other related changes: when role keys are rotated, that role
needs to be marked as dirty now in order to be re-signed and
published.
Signed-off-by: Ying Li <ying.li@docker.com>
2015-12-18 16:37:24 -08:00
7592a029ef
Do not create the delegation metadata when the delegation is created.
...
Only create it when a target is added to it, or other delegations
are added to it, or when getting a child delegation.
Signed-off-by: Ying Li <ying.li@docker.com>
2015-12-18 16:37:24 -08:00
f1761afc25
Fallback on the parent role if the role to add a target to doesn't exist.
...
Signed-off-by: Ying Li <ying.li@docker.com>
2015-12-18 16:37:24 -08:00
3ecba24410
When publishing, also publish all the dirty targets roles.
...
This is in addition to the canonical targets role, which always gets
re-signed and publish (we may want to revisit this later).
This makes some tests pass - still need to do fallback of roles
and publishing a created delegation role without necessarily
having the signing key for that role.
Signed-off-by: Ying Li <ying.li@docker.com>
2015-12-18 16:37:24 -08:00
9f04ca66f7
Add tests for publishing targets to delegations, and delegations themselves.
...
This involved a refactor test helper function assertPublishSucceeds to
take roles and expected published-to-roles.
Signed-off-by: Ying Li <ying.li@docker.com>
2015-12-18 16:37:24 -08:00
28128c28af
Merge pull request #379 from endophage/delegated_paths
...
the empty string should be used in delegation Paths to indicate a role can sign everything
2015-12-18 16:29:07 -08:00
d3a54cab25
the empty string should be used in delegation Paths to indicate a role can sign anything
...
Signed-off-by: David Lawrence <david.lawrence@docker.com> (github: endophage)
2015-12-18 16:10:43 -08:00
547a17c96b
Merge pull request #368 from endophage/download_everything
...
download all delegated roles when doing downloadTargets
2015-12-18 12:35:17 -08:00
d49228ad70
fixing copy paste bad var name
...
Signed-off-by: David Lawrence <david.lawrence@docker.com> (github: endophage)
2015-12-18 11:54:01 -08:00
882df3d429
downloadTargets should continue on ErrMissingMeta, not ErrMetaNotFound. ErrMetaNotFoudn will ocurr when we expect to find the data and don't. ErrMissingMeta indicates it's not in the snapshot and that's OK for targets delegations (technically it's OK for the targets role too, indicating simply an empty repository with lazy targets file creation).
...
Signed-off-by: David Lawrence <david.lawrence@docker.com> (github: endophage)
2015-12-18 11:33:50 -08:00
a2a4870512
adding comment about priority ordering and updating test for ListTargets with delegates to hit default no roles passed case
...
Signed-off-by: David Lawrence <david.lawrence@docker.com> (github: endophage)
2015-12-18 11:21:12 -08:00
cde61e4fad
Merge pull request #377 from docker/ensuring-set-meta-creates-parents
...
Ensure that SetMeta creates parent directory first
2015-12-17 22:15:17 -08:00
574b4d543d
updating ListTargets delegate test to check iteration of children and correct (lack of) overwriting.
...
Signed-off-by: David Lawrence <david.lawrence@docker.com> (github: endophage)
2015-12-17 21:28:52 -08:00
849a318580
Ensure that SetMeta creates parent directory first
...
Signed-off-by: Diogo Monica <diogo@docker.com>
2015-12-17 19:38:49 -08:00
016d98c96d
Merge pull request #376 from riyazdf/master
...
add extra validation checks to isDelegation
2015-12-17 18:24:09 -08:00
638b06b36a
add assert to make sure a failed typed stack pop doesn't remove the item from the stack
...
Signed-off-by: David Lawrence <david.lawrence@docker.com> (github: endophage)
2015-12-17 17:40:44 -08:00
ad4c50709f
add additional length and lowercase checks, change regex to explicitly reject empty string, add hyphen char
...
Signed-off-by: Riyaz Faizullabhoy <riyaz.faizullabhoy@docker.com>
2015-12-17 17:31:13 -08:00
9307692b52
reverse priority order or roles for ListTargets and GetTargetsByName
...
Signed-off-by: David Lawrence <david.lawrence@docker.com> (github: endophage)
2015-12-17 16:33:52 -08:00
594049b24f
fixing download to continue if we get ErrMetaNotFound
...
Signed-off-by: David Lawrence <david.lawrence@docker.com> (github: endophage)
2015-12-17 15:53:57 -08:00
2c39fa2214
simplify and clean logic, gofmt
...
Signed-off-by: Riyaz Faizullabhoy <riyaz.faizullabhoy@docker.com>
2015-12-17 15:51:15 -08:00
e82371e687
add extra validation checks to isDelegation
...
Signed-off-by: Riyaz Faizullabhoy <riyaz.faizullabhoy@docker.com>
2015-12-17 15:51:03 -08:00
f72f799806
fixing up ListTargets and GetTargetByName to process prioritized roles more efficiently
...
Signed-off-by: David Lawrence <david.lawrence@docker.com> (github: endophage)
2015-12-17 14:56:05 -08:00
4243b258b3
making GetTargetsByName work with delegations
...
Signed-off-by: David Lawrence <david.lawrence@docker.com> (github: endophage)
2015-12-17 10:46:41 -08:00
4a9ebb8bc8
adding test for ListTargets with delegation
...
Signed-off-by: David Lawrence <david.lawrence@docker.com> (github: endophage)
2015-12-17 10:09:34 -08:00
4694178bbe
download delegation test
...
Signed-off-by: David Lawrence <david.lawrence@docker.com> (github: endophage)
2015-12-17 10:09:34 -08:00
377b72a54f
updating list targets to list across multiple roles
...
Signed-off-by: David Lawrence <david.lawrence@docker.com> (github: endophage)
2015-12-17 10:09:34 -08:00
8f7e7adcef
making stack thread safe
...
Signed-off-by: David Lawrence <david.lawrence@docker.com> (github: endophage)
2015-12-17 10:09:34 -08:00
David Lawrence
Ying Li
Ying Li
David Lawrence
Diogo Monica
Riyaz Faizullabhoy
Riyaz Faizullabhoy