centersl/docker-docs
1
0
Fork 0
mirror of https://github.com/docker/docs.git synced 2026-04-12 06:19:22 +07:00
Code Issues Packages Projects Releases Wiki Activity
1,355 Commits 57 Branches 28 Tags
564f8d06d3e98de358e10f9518cd3b384d03abfd
Commit Graph

347 Commits

Author SHA1 Message Date
Diogo Mónica
564f8d06d3 Merge pull request #515 from docker/roles-for-targets 
Roles for targets via notary CLI
 2016-01-29 16:08:29 -08:00
Diogo Mónica
32d9cd7c4a Merge pull request #485 from docker/passphrase-change 
passwd command and tests
 2016-01-28 17:35:44 -08:00
Riyaz Faizullabhoy
cd7274f1b9 Add additional tests with different delegation key format using role PEM header 
Signed-off-by: Riyaz Faizullabhoy <riyaz.faizullabhoy@docker.com>
 2016-01-28 15:49:09 -08:00
Riyaz Faizullabhoy
9c59af1397 passwd command and tests 
Signed-off-by: Riyaz Faizullabhoy <riyaz.faizullabhoy@docker.com>
 2016-01-28 10:36:05 -08:00
Riyaz Faizullabhoy
2964e8c6f4 add integration test for adding/listing/removing targets from roles 
Signed-off-by: Riyaz Faizullabhoy <riyaz.faizullabhoy@docker.com>
 2016-01-28 10:20:27 -08:00
Riyaz Faizullabhoy
bb9ef929de Add --roles flags to targets commands 
Signed-off-by: Riyaz Faizullabhoy <riyaz.faizullabhoy@docker.com>
 2016-01-28 09:59:04 -08:00
HuKeping
6b31789fe5 Tiny refactor: to keep code style consistent 
The other CLI commands about tuf are all begin with cmdTufXXX
which I think `verify` should be the same too.

Signed-off-by: Hu Keping <hukeping@huawei.com>
 2016-01-28 20:13:39 +08:00
Riyaz Faizullabhoy
83c5ed255b Add check for RSA key len before adding 
Signed-off-by: Riyaz Faizullabhoy <riyaz.faizullabhoy@docker.com>
 2016-01-26 23:27:06 -08:00
Diogo Mónica
7eb86f7a64 Merge pull request #493 from docker/delegation-cli-text 
delegations CLI UX improvements
 2016-01-26 15:32:20 -08:00
Jessica Frazelle
a64db12c04 change url from jfrazelle/go to docker/go 
Signed-off-by: Jessica Frazelle <acidburn@docker.com>
 2016-01-26 08:43:38 -08:00
Riyaz Faizullabhoy
774b66c9fe delegations CLI UX improvements 
Signed-off-by: Riyaz Faizullabhoy <riyaz.faizullabhoy@docker.com>
 2016-01-25 16:14:02 -08:00
Riyaz Faizullabhoy
12d3eb49ae Change default log level to fatal, change verbose to error level and add 
debug flag for debug level

Signed-off-by: Riyaz Faizullabhoy <riyaz.faizullabhoy@docker.com>
 2016-01-25 16:13:42 -08:00
Ying Li
b51d1e8cf8 Root is always on disk unless restored from backup. 
(In which case if Yubikey is available, it will only be on the Yubikey and not on disk.)

Signed-off-by: Ying Li <ying.li@docker.com>
 2016-01-25 13:37:39 -08:00
David Lawrence
6389c8cf75 tokenAuth should also 'succeed' if we get a 401, which will result in attempting futher authentication later 
Signed-off-by: David Lawrence <david.lawrence@docker.com> (github: endophage)
 2016-01-21 11:44:00 -08:00
David Lawrence
33fee1d356 test for returning nil roundtripper from tokenAuth 
Signed-off-by: David Lawrence <david.lawrence@docker.com> (github: endophage)
 2016-01-19 15:47:12 -08:00
David Lawrence
46682b71eb if we can't connect to the server when setting up, return a nil roundtripper. Check roundtripper when initializing HTTPStore and substitute an OfflineStore if it is nil. 
Signed-off-by: David Lawrence <david.lawrence@docker.com> (github: endophage)
 2016-01-19 14:34:50 -08:00
Ying Li
cf0bb5a9be Merge pull request #440 from docker/diogo-cli-adding-delegations 
delegation command for notary-cli
 2016-01-19 13:54:56 -08:00
Riyaz Faizullabhoy
ca67f1e71a client library deletion functionality, and integration into remove cert 
CLI

Signed-off-by: Riyaz Faizullabhoy <riyaz.faizullabhoy@docker.com>
 2016-01-19 11:18:33 -08:00
Riyaz Faizullabhoy
138d6cea09 Add, remove, and list delegation command. TUF changelist action change 
for deletions (force vs. individual items)
Signed-off-by: Riyaz Faizullabhoy <riyaz.faizullabhoy@docker.com>
 2016-01-18 16:24:45 -08:00
Ying Li
dd0223f7cf Fix pretty-print keys to not print "." if there is no GUN. 
Signed-off-by: Ying Li <ying.li@docker.com>
 2016-01-15 18:54:47 -08:00
David Lawrence
c0fb05584e fixing incorrect comments 
Signed-off-by: David Lawrence <david.lawrence@docker.com> (github: endophage)
 2016-01-15 11:30:32 -08:00
David Lawrence
9e80ad8158 remove certs.NewManager function 
Signed-off-by: David Lawrence <david.lawrence@docker.com> (github: endophage)
 2016-01-15 11:30:32 -08:00
David Lawrence
48ecd8d2cb some cleanup of certs code 
Signed-off-by: David Lawrence <david.lawrence@docker.com> (github: endophage)
 2016-01-15 11:30:32 -08:00
Ying Li
27278428ec Remove extraneous "fake" from the notary CLI integration tests. 
Signed-off-by: Ying Li <ying.li@docker.com>
 2016-01-14 09:56:37 -08:00
Ying Li
4dc8299de5 Fix bug where the yubikey store was not prioritized over the filestore 
in a client repo.

Also, fix a test with exporting/importing all keys - because a key
that is imported into the yubikey is also backed up on disk, when exporting
all keys, it also gets exported.

Signed-off-by: Ying Li <ying.li@docker.com>
 2016-01-13 18:19:48 -08:00
David Lawrence
89f250c253 when doing getTransport readOnly needs to be false for a key rotation as write permissions are required to retrieve keys 
Signed-off-by: David Lawrence <david.lawrence@docker.com> (github: endophage)
 2016-01-11 17:25:23 -08:00
David Lawrence
b56372a1d8 using JSON logging format for notary server and signer for easier integration with backend metrics platforms 
Signed-off-by: David Lawrence <david.lawrence@docker.com> (github: endophage)
 2016-01-06 17:09:38 -08:00
Ying Li
61bbf7be49 Change ListTargetes and GetTargetsByName to return TargetWithRole. 
This object has both the target and the role in which the target was found.

Signed-off-by: Ying Li <ying.li@docker.com>
 2016-01-04 17:15:44 -08:00
Ying Li
2f2a0b9c9f Display the role when listing targets using the Notary CLI. 
Signed-off-by: Ying Li <ying.li@docker.com>
 2016-01-04 15:20:06 -08:00
David Lawrence
f2ec72b5b6 aliases removed from file names 
Signed-off-by: David Lawrence <david.lawrence@docker.com> (github: endophage)
 2015-12-23 09:41:03 -08:00
David Lawrence
6d5b8ff54a add role into PEM headers 
Signed-off-by: David Lawrence <david.lawrence@docker.com> (github: endophage)
 2015-12-23 09:41:03 -08:00
David Lawrence
377b72a54f updating list targets to list across multiple roles 
Signed-off-by: David Lawrence <david.lawrence@docker.com> (github: endophage)
 2015-12-17 10:09:34 -08:00
Ying Li
20c557a10b Merge pull request #291 from docker/server-docs 
Server and signer docs
 2015-12-15 13:26:08 -08:00
Ying Li
63f48791c3 Fix docstring for 'key-type' parameter on key rotate. 
Signed-off-by: Ying Li <ying.li@docker.com>
 2015-12-15 10:18:58 -08:00
Ying Li
ca1623e17b Update CLI rotate key command to optionally rotate a single key. 
This makes it possible to delegate snapshots key management to the
server, and to reclaim the responsibility.

Signed-off-by: Ying Li <ying.li@docker.com>
 2015-12-14 17:17:23 -08:00
Ying Li
2ce0232972 Refactor notary CLI keys cmds to use less globally mutable state. 
This way we can test the command functions more easily.

Signed-off-by: Ying Li <ying.li@docker.com>
 2015-12-14 17:17:23 -08:00
Ying Li
54c7de5bd6 Update the server and signer docs to reflect new code changes. 
Signed-off-by: Ying Li <ying.li@docker.com>
 2015-12-11 12:26:48 -08:00
Ying Li
c77bbee0ef Merge pull request #351 from cyli/better-validation-errors 
Propagate error validations from server to client
 2015-12-10 21:29:57 -08:00
Ying Li
6aa114a49f Fix all instances where 'propagate' was mispelled as 'propogate' 
Signed-off-by: Ying Li <ying.li@docker.com>
 2015-12-10 15:12:05 -08:00
Miloslav Trmač
3c6335c572 Explicitly supply validity times to certificate generation 
Add explicit startTime and endTime parameters to
cryptoservice.GenerateCertificate and trustmanager.NewCertificate.

trustmanager.NewCertificate as a low-level data manipulation function
should not be hard-coding policy (10-year expiration); that policy
belongs to its callers, or one more level higher to callers of
cryptoservice.GenerateCertificate.

These places hard-coding policy now also have an explict comment to
that effect.

In addition to conceptual cleanliness, this will allow writing tests
of certificate expiry by generating appropriate expired or nearly-expired
certificates.

Tests which don't care about the policy much will continue to use the
just added cryptoservice.GenerateTestingCertificate.

Signed-off-by: Miloslav Trmač <mitr@redhat.com>
 2015-12-09 20:02:10 +01:00
HuKeping
639f1e80f0 Use the function to parse viper on server side 
Signed-off-by: Hu Keping <hukeping@huawei.com>
 2015-12-09 09:17:25 +08:00
HuKeping
bfe7316de9 Add a function to parse viper 
None of these `filename`, `ext` or `configPath` should be in `main`,
they are all just for creating a instance of Viper and then nothing.
Do it in a separate function will make the function `main` more readable.

Signed-off-by: Hu Keping <hukeping@huawei.com>
 2015-12-09 09:17:24 +08:00
David Lawrence
3e96684ba1 Merge pull request #338 from cyli/keydbstore-error 
KeyDBStore refactor so that it just directly takes the DB arguments.
 2015-12-07 14:33:01 -08:00
Ying Li
8417f6670b KeyDBStore refactor so that it just directly takes the DB arguments. 
Rather than create an SQL DB, then create a gorm BD using the SQL
DB.  Also split the Create/Get test into two tests.

Signed-off-by: Ying Li <ying.li@docker.com>
 2015-12-04 10:05:31 -08:00
David Lawrence
c2c474b9c6 generalize notary server key storage to be able to handle any role, not just timestamps 
Signed-off-by: David Lawrence <david.lawrence@docker.com> (github: endophage)
 2015-12-03 11:25:45 -08:00
HuKeping
9ad415e0b5 Tiny refactor 
It's no need to keep the `err` after asserting it should be `nil`, and
we can merge these two logs into one I suppose.

Signed-off-by: Hu Keping <hukeping@huawei.com>
 2015-12-02 19:22:56 +08:00
Ying Li
870fe0fd01 Define injected function types for notary-server/main.getTrustService 
Signed-off-by: Ying Li <ying.li@docker.com>
 2015-11-30 17:24:28 -08:00
Ying Li
1dd04d4e5d trust_service is now a required section of the notary-server config. 
The type must either be "local" or "remote".  Previously, any invalid
configuration would default to a local signing service, but since
a remote signing service is recommended, the user has to specifically
configure a local signing service.  We don't want it to be the
fallback.

Signed-off-by: Ying Li <ying.li@docker.com>
 2015-11-30 17:23:53 -08:00
Ying Li
d62ac788a3 Fixed bug parsing trust service info in notary server. 
Previously, if it wasn't a remote service, the config parser was
still setting the key algorithm to be whatever was configured.
Now, if we are using a local trust service, the algorithm is always
ED25519.

Also broke the trust parsing into its own function for testing.

Signed-off-by: Ying Li <ying.li@docker.com>
 2015-11-30 17:22:33 -08:00
David Lawrence
5500c81cd9 Merge pull request #304 from docker/server-signer-config 
Make the server/signer configurations more similar
 2015-11-30 17:06:13 -08:00