centersl/docker-docs
1
0
Fork 0
mirror of https://github.com/docker/docs.git synced 2026-03-31 00:08:55 +07:00
Code Issues Packages Projects Releases Wiki Activity
1,566 Commits 54 Branches 28 Tags
4898d252ee16d7a49635efe656fa69397e90d770
Commit Graph

386 Commits

Author SHA1 Message Date
Ying Li
44cccbb4db Make all key rotations publish immediately, not just remote key rotations 
Signed-off-by: Ying Li <ying.li@docker.com>
 2016-03-15 18:35:30 -07:00
Ying Li
fa5edc40af Publish only the key rotation changes after a remote key rotation 
Signed-off-by: Ying Li <ying.li@docker.com>
 2016-03-15 18:17:27 -07:00
Ying Li
4e5e2f386a Clean up yubikeys between each cmd/notary/keys_test.go test 
Signed-off-by: Ying Li <ying.li@docker.com>
 2016-03-15 18:17:27 -07:00
Ying Li
b6c4840231 Update comments, and publish in the CLI after remote key rotation 
Signed-off-by: Ying Li <ying.li@docker.com>
 2016-03-15 18:17:27 -07:00
Ying Li
e3716f0be9 Change the CLI for rotate key to require a role type 
Signed-off-by: Ying Li <ying.li@docker.com>
 2016-03-15 18:17:27 -07:00
Ying Li
07b9f504e4 Update the CLI and client to no longer reject remote timestamp rotations. 
Signed-off-by: Ying Li <ying.li@docker.com>
 2016-03-15 18:17:27 -07:00
Ying Li
e25746dac3 Use a CacheControlHandler that wraps other handlers instead 
Signed-off-by: Ying Li <ying.li@docker.com>
 2016-03-14 17:19:13 -07:00
Ying Li
84f5ed28d2 Move the configuration parsing for notary-server to its own file 
Signed-off-by: Ying Li <ying.li@docker.com>
 2016-03-14 17:18:18 -07:00
Ying Li
e1397f4b03 Use updated-at for last modification date for getting current metadata 
Signed-off-by: Ying Li <ying.li@docker.com>
 2016-03-14 17:18:18 -07:00
Ying Li
329b47d253 Parse for cache control options in the server config file 
Signed-off-by: Ying Li <ying.li@docker.com>
 2016-03-14 17:18:18 -07:00
Ying Li
8768c12901 Return the creation date for GetChecksum and GetCurrent from the server database store. 
Signed-off-by: Ying Li <ying.li@docker.com>
 2016-03-14 17:18:18 -07:00
HuKeping
95ed108c12 [PATCH 5/8] Add sha512 check on CLI command 
Include:
- verify

Signed-off-by: Hu Keping <hukeping@huawei.com>
 2016-03-11 10:44:49 +08:00
Ying Li
c720c56a70 Move all imports of sqlite3 to tests only 
Signed-off-by: Ying Li <ying.li@docker.com>
 2016-03-01 14:56:53 -05:00
HuKeping
08c0da745f Drop the actions 
All the other code would not have to know about the exact auth mechanism.

Use "readOnly", we can just include "pull" when readonly is true,
and "push", "pull" when readonly is false.

Signed-off-by: Hu Keping <hukeping@huawei.com>
 2016-02-27 10:26:23 +08:00
HuKeping
af5ee13d8a Bugfix: the actions should not always be pull and push 
The similiar fix in docker daemon:
- https://github.com/docker/docker/pull/20382

Signed-off-by: Hu Keping <hukeping@huawei.com>
 2016-02-26 10:25:50 +08:00
Riyaz Faizullabhoy
596a362a36 print IDs instead of key itself 
Signed-off-by: Riyaz Faizullabhoy <riyaz.faizullabhoy@docker.com>
 2016-02-24 11:18:33 -08:00
Riyaz Faizullabhoy
36c33e6732 Update integration test to exclude yubikeys from importing/exporting non-root 
Signed-off-by: Riyaz Faizullabhoy <riyaz.faizullabhoy@docker.com>
 2016-02-16 17:10:28 -08:00
Riyaz Faizullabhoy
27c8737bdc refactor ImportRoleKey, simplify integration test code, update constants 
Signed-off-by: Riyaz Faizullabhoy <riyaz.faizullabhoy@docker.com>
 2016-02-08 13:40:02 -08:00
Riyaz Faizullabhoy
0fdb2d1891 update positive tests 
Signed-off-by: Riyaz Faizullabhoy <riyaz.faizullabhoy@docker.com>
 2016-02-08 13:40:02 -08:00
Riyaz Faizullabhoy
c66584989e add checks to CLI command for role and gun 
Signed-off-by: Riyaz Faizullabhoy <riyaz.faizullabhoy@docker.com>
 2016-02-08 13:38:42 -08:00
Riyaz Faizullabhoy
caa9581bcc add tests, consts and fixup 
Signed-off-by: Riyaz Faizullabhoy <riyaz.faizullabhoy@docker.com>
 2016-02-08 13:38:42 -08:00
Riyaz Faizullabhoy
690fcb96da rework import key 
Signed-off-by: Riyaz Faizullabhoy <riyaz.faizullabhoy@docker.com>
 2016-02-08 13:38:42 -08:00
Riyaz Faizullabhoy
12fd5aa246 rework export key 
Signed-off-by: Riyaz Faizullabhoy <riyaz.faizullabhoy@docker.com>
 2016-02-08 13:38:42 -08:00
Diogo Mónica
3b3026c121 Merge pull request #542 from docker/passwd-nonroot 
add non-root passwd functionality
 2016-02-08 10:21:38 -08:00
Ying Li
77cc1a0028 Add tests for the TLS command line flags in notary. 
Signed-off-by: Ying Li <ying.li@docker.com>
 2016-02-04 17:24:26 -08:00
Ying Li
60ee270a2b Use docker/go-connections/tlsconfig to set up TLS for notary client/server/signer 
This adds some command line flags and configuration for the notary client:
--tlscacert
--tlscert
--tlskey

This enables the notary client to do mutual authentication with the notary server.

Signed-off-by: Ying Li <ying.li@docker.com>
 2016-02-04 14:02:35 -08:00
Riyaz Faizullabhoy
1c4d02455b add non-root passwd functionality 
Signed-off-by: Riyaz Faizullabhoy <riyaz.faizullabhoy@docker.com>
 2016-02-04 11:20:11 -08:00
Riyaz Faizullabhoy
f654216b06 sort paths, more tests with all paths 
Signed-off-by: Riyaz Faizullabhoy <riyaz.faizullabhoy@docker.com>
 2016-02-03 16:46:08 -08:00
Riyaz Faizullabhoy
7d2b174098 adding more complex paths to test 
Signed-off-by: Riyaz Faizullabhoy <riyaz.faizullabhoy@docker.com>
 2016-02-03 16:30:39 -08:00
Riyaz Faizullabhoy
f6c703e44d Rename to ClearAllPaths, add comment for delegationAdd 
Signed-off-by: Riyaz Faizullabhoy <riyaz.faizullabhoy@docker.com>
 2016-02-03 15:48:54 -08:00
Riyaz Faizullabhoy
bac2d78b9d Adds --all-paths flag (requires new TUF delegation key for removes), also print <all paths> in addition to "" on CLI 
Signed-off-by: Riyaz Faizullabhoy <riyaz.faizullabhoy@docker.com>
 2016-02-03 15:46:03 -08:00
Riyaz Faizullabhoy
6ffde51d89 Ensure empty string path is properly handled, make default for adding delegation 
Signed-off-by: Riyaz Faizullabhoy <riyaz.faizullabhoy@docker.com>
 2016-02-03 15:31:26 -08:00
Ying Li
718002acea Add some more tests for notary CLI 
Signed-off-by: Ying Li <ying.li@docker.com>
 2016-02-03 13:21:32 -08:00
Ying Li
d67a7e128c Refactor the notary command line to not use global mutable state, and to not exit on error. 
This way we can test the command more easily (we want to test the error, as opposed to
just killing the test).

Signed-off-by: Ying Li <ying.li@docker.com>
 2016-02-03 12:01:16 -08:00
Riyaz Faizullabhoy
70ee4f8670 PoC broken down client api for delegations 
Signed-off-by: Riyaz Faizullabhoy <riyaz.faizullabhoy@docker.com>
 2016-02-02 17:01:35 -08:00
HuKeping
5e088ee4dc Stop logging out critical info of database 
The signer will print out the user name and password of the database
which could cause security problem.

The server side is OK.

Signed-off-by: Hu Keping <hukeping@huawei.com>
 2016-02-02 20:02:08 +08:00
HuKeping
9f19815b08 Comments: rework some comments 
Make the error log message different from the following
`subtle.ConstantTimeCompare()` in the same function.

Signed-off-by: Hu Keping <hukeping@huawei.com>
 2016-02-01 09:45:56 +08:00
Diogo Mónica
3eac9a8185 Merge pull request #516 from docker/canonical-key-id 
use only canonical IDs for display on delegation CLI commands,
 2016-01-29 16:43:25 -08:00
Diogo Mónica
564f8d06d3 Merge pull request #515 from docker/roles-for-targets 
Roles for targets via notary CLI
 2016-01-29 16:08:29 -08:00
Riyaz Faizullabhoy
a16e6b58b5 use only canonical IDs for display on delegation CLI commands, translate to TUF key IDs for metadata usage under the hood 
Signed-off-by: Riyaz Faizullabhoy <riyaz.faizullabhoy@docker.com>
 2016-01-29 16:00:42 -08:00
Diogo Mónica
32d9cd7c4a Merge pull request #485 from docker/passphrase-change 
passwd command and tests
 2016-01-28 17:35:44 -08:00
Riyaz Faizullabhoy
cd7274f1b9 Add additional tests with different delegation key format using role PEM header 
Signed-off-by: Riyaz Faizullabhoy <riyaz.faizullabhoy@docker.com>
 2016-01-28 15:49:09 -08:00
Riyaz Faizullabhoy
9c59af1397 passwd command and tests 
Signed-off-by: Riyaz Faizullabhoy <riyaz.faizullabhoy@docker.com>
 2016-01-28 10:36:05 -08:00
Riyaz Faizullabhoy
2964e8c6f4 add integration test for adding/listing/removing targets from roles 
Signed-off-by: Riyaz Faizullabhoy <riyaz.faizullabhoy@docker.com>
 2016-01-28 10:20:27 -08:00
Riyaz Faizullabhoy
bb9ef929de Add --roles flags to targets commands 
Signed-off-by: Riyaz Faizullabhoy <riyaz.faizullabhoy@docker.com>
 2016-01-28 09:59:04 -08:00
HuKeping
6b31789fe5 Tiny refactor: to keep code style consistent 
The other CLI commands about tuf are all begin with cmdTufXXX
which I think `verify` should be the same too.

Signed-off-by: Hu Keping <hukeping@huawei.com>
 2016-01-28 20:13:39 +08:00
Riyaz Faizullabhoy
83c5ed255b Add check for RSA key len before adding 
Signed-off-by: Riyaz Faizullabhoy <riyaz.faizullabhoy@docker.com>
 2016-01-26 23:27:06 -08:00
Diogo Mónica
7eb86f7a64 Merge pull request #493 from docker/delegation-cli-text 
delegations CLI UX improvements
 2016-01-26 15:32:20 -08:00
Jessica Frazelle
a64db12c04 change url from jfrazelle/go to docker/go 
Signed-off-by: Jessica Frazelle <acidburn@docker.com>
 2016-01-26 08:43:38 -08:00
Riyaz Faizullabhoy
774b66c9fe delegations CLI UX improvements 
Signed-off-by: Riyaz Faizullabhoy <riyaz.faizullabhoy@docker.com>
 2016-01-25 16:14:02 -08:00