trust: define new commands and helpers
Signed-off-by: Riyaz Faizullabhoy <riyaz.faizullabhoy@docker.com>
This commit is contained in:
Riyaz Faizullabhoy
parent
f47b1a3c6d
commit
5ab3ae7aba
@ -18,6 +18,10 @@ func NewTrustCommand(dockerCli command.Cli) *cobra.Command {
|
|||||||
newViewCommand(dockerCli),
|
newViewCommand(dockerCli),
|
||||||
newRevokeCommand(dockerCli),
|
newRevokeCommand(dockerCli),
|
||||||
newSignCommand(dockerCli),
|
newSignCommand(dockerCli),
|
||||||
|
newKeyGenerateCommand(dockerCli),
|
||||||
|
newKeyLoadCommand(dockerCli),
|
||||||
|
newSignerAddCommand(dockerCli),
|
||||||
|
newSignerRemoveCommand(dockerCli),
|
||||||
)
|
)
|
||||||
return cmd
|
return cmd
|
||||||
}
|
}
|
||||||
|
|||||||
@ -9,6 +9,7 @@ import (
|
|||||||
)
|
)
|
||||||
|
|
||||||
const releasedRoleName = "Repo Admin"
|
const releasedRoleName = "Repo Admin"
|
||||||
|
const releasesRoleTUFName = "targets/releases"
|
||||||
|
|
||||||
// check if a role name is "released": either targets/releases or targets TUF roles
|
// check if a role name is "released": either targets/releases or targets TUF roles
|
||||||
func isReleasedTarget(role data.RoleName) bool {
|
func isReleasedTarget(role data.RoleName) bool {
|
||||||
@ -31,3 +32,13 @@ func clearChangeList(notaryRepo client.Repository) error {
|
|||||||
}
|
}
|
||||||
return cl.Clear("")
|
return cl.Clear("")
|
||||||
}
|
}
|
||||||
|
|
||||||
|
func getOrGenerateRootKeyAndInitRepo(notaryRepo client.Repository) error {
|
||||||
|
rootKey, err := getOrGenerateNotaryKey(notaryRepo, data.CanonicalRootRole)
|
||||||
|
if err != nil {
|
||||||
|
return err
|
||||||
|
}
|
||||||
|
// Initialize the notary repository with a remotely managed snapshot
|
||||||
|
// key
|
||||||
|
return notaryRepo.Initialize([]string{rootKey.ID()}, data.CanonicalSnapshotRole)
|
||||||
|
}
|
||||||
|
|||||||
@ -43,7 +43,8 @@ var (
|
|||||||
ActionsPushAndPull = []string{"pull", "push"}
|
ActionsPushAndPull = []string{"pull", "push"}
|
||||||
)
|
)
|
||||||
|
|
||||||
func trustDirectory() string {
|
// GetTrustDirectory returns the base trust directory name
|
||||||
|
func GetTrustDirectory() string {
|
||||||
return filepath.Join(cliconfig.Dir(), "trust")
|
return filepath.Join(cliconfig.Dir(), "trust")
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -172,15 +173,16 @@ func GetNotaryRepository(in io.Reader, out io.Writer, userAgent string, repoInfo
|
|||||||
tr := transport.NewTransport(base, modifiers...)
|
tr := transport.NewTransport(base, modifiers...)
|
||||||
|
|
||||||
return client.NewFileCachedRepository(
|
return client.NewFileCachedRepository(
|
||||||
trustDirectory(),
|
GetTrustDirectory(),
|
||||||
data.GUN(repoInfo.Name.Name()),
|
data.GUN(repoInfo.Name.Name()),
|
||||||
server,
|
server,
|
||||||
tr,
|
tr,
|
||||||
getPassphraseRetriever(in, out),
|
GetPassphraseRetriever(in, out),
|
||||||
trustpinning.TrustPinConfig{})
|
trustpinning.TrustPinConfig{})
|
||||||
}
|
}
|
||||||
|
|
||||||
func getPassphraseRetriever(in io.Reader, out io.Writer) notary.PassRetriever {
|
// GetPassphraseRetriever returns a passphrase retriever that utilizes Content Trust env vars
|
||||||
|
func GetPassphraseRetriever(in io.Reader, out io.Writer) notary.PassRetriever {
|
||||||
aliasMap := map[string]string{
|
aliasMap := map[string]string{
|
||||||
"root": "root",
|
"root": "root",
|
||||||
"snapshot": "repository",
|
"snapshot": "repository",
|
||||||
|
|||||||
Loading…
x
Reference in New Issue
Block a user