centersl/docker-docs
1
0
Fork 0
mirror of https://github.com/docker/docs.git synced 2026-04-12 06:19:22 +07:00
Code Issues Packages Projects Releases Wiki Activity
1,416 Commits 57 Branches 28 Tags
5867409a460e778030d0f33ec63eba115f8588c8
Commit Graph

363 Commits

Author SHA1 Message Date
Diogo Mónica
3b3026c121 Merge pull request #542 from docker/passwd-nonroot 
add non-root passwd functionality
 2016-02-08 10:21:38 -08:00
Ying Li
77cc1a0028 Add tests for the TLS command line flags in notary. 
Signed-off-by: Ying Li <ying.li@docker.com>
 2016-02-04 17:24:26 -08:00
Ying Li
60ee270a2b Use docker/go-connections/tlsconfig to set up TLS for notary client/server/signer 
This adds some command line flags and configuration for the notary client:
--tlscacert
--tlscert
--tlskey

This enables the notary client to do mutual authentication with the notary server.

Signed-off-by: Ying Li <ying.li@docker.com>
 2016-02-04 14:02:35 -08:00
Riyaz Faizullabhoy
1c4d02455b add non-root passwd functionality 
Signed-off-by: Riyaz Faizullabhoy <riyaz.faizullabhoy@docker.com>
 2016-02-04 11:20:11 -08:00
Riyaz Faizullabhoy
f654216b06 sort paths, more tests with all paths 
Signed-off-by: Riyaz Faizullabhoy <riyaz.faizullabhoy@docker.com>
 2016-02-03 16:46:08 -08:00
Riyaz Faizullabhoy
7d2b174098 adding more complex paths to test 
Signed-off-by: Riyaz Faizullabhoy <riyaz.faizullabhoy@docker.com>
 2016-02-03 16:30:39 -08:00
Riyaz Faizullabhoy
f6c703e44d Rename to ClearAllPaths, add comment for delegationAdd 
Signed-off-by: Riyaz Faizullabhoy <riyaz.faizullabhoy@docker.com>
 2016-02-03 15:48:54 -08:00
Riyaz Faizullabhoy
bac2d78b9d Adds --all-paths flag (requires new TUF delegation key for removes), also print <all paths> in addition to "" on CLI 
Signed-off-by: Riyaz Faizullabhoy <riyaz.faizullabhoy@docker.com>
 2016-02-03 15:46:03 -08:00
Riyaz Faizullabhoy
6ffde51d89 Ensure empty string path is properly handled, make default for adding delegation 
Signed-off-by: Riyaz Faizullabhoy <riyaz.faizullabhoy@docker.com>
 2016-02-03 15:31:26 -08:00
Ying Li
718002acea Add some more tests for notary CLI 
Signed-off-by: Ying Li <ying.li@docker.com>
 2016-02-03 13:21:32 -08:00
Ying Li
d67a7e128c Refactor the notary command line to not use global mutable state, and to not exit on error. 
This way we can test the command more easily (we want to test the error, as opposed to
just killing the test).

Signed-off-by: Ying Li <ying.li@docker.com>
 2016-02-03 12:01:16 -08:00
Riyaz Faizullabhoy
70ee4f8670 PoC broken down client api for delegations 
Signed-off-by: Riyaz Faizullabhoy <riyaz.faizullabhoy@docker.com>
 2016-02-02 17:01:35 -08:00
HuKeping
5e088ee4dc Stop logging out critical info of database 
The signer will print out the user name and password of the database
which could cause security problem.

The server side is OK.

Signed-off-by: Hu Keping <hukeping@huawei.com>
 2016-02-02 20:02:08 +08:00
HuKeping
9f19815b08 Comments: rework some comments 
Make the error log message different from the following
`subtle.ConstantTimeCompare()` in the same function.

Signed-off-by: Hu Keping <hukeping@huawei.com>
 2016-02-01 09:45:56 +08:00
Diogo Mónica
3eac9a8185 Merge pull request #516 from docker/canonical-key-id 
use only canonical IDs for display on delegation CLI commands,
 2016-01-29 16:43:25 -08:00
Diogo Mónica
564f8d06d3 Merge pull request #515 from docker/roles-for-targets 
Roles for targets via notary CLI
 2016-01-29 16:08:29 -08:00
Riyaz Faizullabhoy
a16e6b58b5 use only canonical IDs for display on delegation CLI commands, translate to TUF key IDs for metadata usage under the hood 
Signed-off-by: Riyaz Faizullabhoy <riyaz.faizullabhoy@docker.com>
 2016-01-29 16:00:42 -08:00
Diogo Mónica
32d9cd7c4a Merge pull request #485 from docker/passphrase-change 
passwd command and tests
 2016-01-28 17:35:44 -08:00
Riyaz Faizullabhoy
cd7274f1b9 Add additional tests with different delegation key format using role PEM header 
Signed-off-by: Riyaz Faizullabhoy <riyaz.faizullabhoy@docker.com>
 2016-01-28 15:49:09 -08:00
Riyaz Faizullabhoy
9c59af1397 passwd command and tests 
Signed-off-by: Riyaz Faizullabhoy <riyaz.faizullabhoy@docker.com>
 2016-01-28 10:36:05 -08:00
Riyaz Faizullabhoy
2964e8c6f4 add integration test for adding/listing/removing targets from roles 
Signed-off-by: Riyaz Faizullabhoy <riyaz.faizullabhoy@docker.com>
 2016-01-28 10:20:27 -08:00
Riyaz Faizullabhoy
bb9ef929de Add --roles flags to targets commands 
Signed-off-by: Riyaz Faizullabhoy <riyaz.faizullabhoy@docker.com>
 2016-01-28 09:59:04 -08:00
HuKeping
6b31789fe5 Tiny refactor: to keep code style consistent 
The other CLI commands about tuf are all begin with cmdTufXXX
which I think `verify` should be the same too.

Signed-off-by: Hu Keping <hukeping@huawei.com>
 2016-01-28 20:13:39 +08:00
Riyaz Faizullabhoy
83c5ed255b Add check for RSA key len before adding 
Signed-off-by: Riyaz Faizullabhoy <riyaz.faizullabhoy@docker.com>
 2016-01-26 23:27:06 -08:00
Diogo Mónica
7eb86f7a64 Merge pull request #493 from docker/delegation-cli-text 
delegations CLI UX improvements
 2016-01-26 15:32:20 -08:00
Jessica Frazelle
a64db12c04 change url from jfrazelle/go to docker/go 
Signed-off-by: Jessica Frazelle <acidburn@docker.com>
 2016-01-26 08:43:38 -08:00
Riyaz Faizullabhoy
774b66c9fe delegations CLI UX improvements 
Signed-off-by: Riyaz Faizullabhoy <riyaz.faizullabhoy@docker.com>
 2016-01-25 16:14:02 -08:00
Riyaz Faizullabhoy
12d3eb49ae Change default log level to fatal, change verbose to error level and add 
debug flag for debug level

Signed-off-by: Riyaz Faizullabhoy <riyaz.faizullabhoy@docker.com>
 2016-01-25 16:13:42 -08:00
Ying Li
b51d1e8cf8 Root is always on disk unless restored from backup. 
(In which case if Yubikey is available, it will only be on the Yubikey and not on disk.)

Signed-off-by: Ying Li <ying.li@docker.com>
 2016-01-25 13:37:39 -08:00
David Lawrence
6389c8cf75 tokenAuth should also 'succeed' if we get a 401, which will result in attempting futher authentication later 
Signed-off-by: David Lawrence <david.lawrence@docker.com> (github: endophage)
 2016-01-21 11:44:00 -08:00
David Lawrence
33fee1d356 test for returning nil roundtripper from tokenAuth 
Signed-off-by: David Lawrence <david.lawrence@docker.com> (github: endophage)
 2016-01-19 15:47:12 -08:00
David Lawrence
46682b71eb if we can't connect to the server when setting up, return a nil roundtripper. Check roundtripper when initializing HTTPStore and substitute an OfflineStore if it is nil. 
Signed-off-by: David Lawrence <david.lawrence@docker.com> (github: endophage)
 2016-01-19 14:34:50 -08:00
Ying Li
cf0bb5a9be Merge pull request #440 from docker/diogo-cli-adding-delegations 
delegation command for notary-cli
 2016-01-19 13:54:56 -08:00
Riyaz Faizullabhoy
ca67f1e71a client library deletion functionality, and integration into remove cert 
CLI

Signed-off-by: Riyaz Faizullabhoy <riyaz.faizullabhoy@docker.com>
 2016-01-19 11:18:33 -08:00
Riyaz Faizullabhoy
138d6cea09 Add, remove, and list delegation command. TUF changelist action change 
for deletions (force vs. individual items)
Signed-off-by: Riyaz Faizullabhoy <riyaz.faizullabhoy@docker.com>
 2016-01-18 16:24:45 -08:00
Ying Li
dd0223f7cf Fix pretty-print keys to not print "." if there is no GUN. 
Signed-off-by: Ying Li <ying.li@docker.com>
 2016-01-15 18:54:47 -08:00
David Lawrence
c0fb05584e fixing incorrect comments 
Signed-off-by: David Lawrence <david.lawrence@docker.com> (github: endophage)
 2016-01-15 11:30:32 -08:00
David Lawrence
9e80ad8158 remove certs.NewManager function 
Signed-off-by: David Lawrence <david.lawrence@docker.com> (github: endophage)
 2016-01-15 11:30:32 -08:00
David Lawrence
48ecd8d2cb some cleanup of certs code 
Signed-off-by: David Lawrence <david.lawrence@docker.com> (github: endophage)
 2016-01-15 11:30:32 -08:00
Ying Li
27278428ec Remove extraneous "fake" from the notary CLI integration tests. 
Signed-off-by: Ying Li <ying.li@docker.com>
 2016-01-14 09:56:37 -08:00
Ying Li
4dc8299de5 Fix bug where the yubikey store was not prioritized over the filestore 
in a client repo.

Also, fix a test with exporting/importing all keys - because a key
that is imported into the yubikey is also backed up on disk, when exporting
all keys, it also gets exported.

Signed-off-by: Ying Li <ying.li@docker.com>
 2016-01-13 18:19:48 -08:00
David Lawrence
89f250c253 when doing getTransport readOnly needs to be false for a key rotation as write permissions are required to retrieve keys 
Signed-off-by: David Lawrence <david.lawrence@docker.com> (github: endophage)
 2016-01-11 17:25:23 -08:00
David Lawrence
b56372a1d8 using JSON logging format for notary server and signer for easier integration with backend metrics platforms 
Signed-off-by: David Lawrence <david.lawrence@docker.com> (github: endophage)
 2016-01-06 17:09:38 -08:00
Ying Li
61bbf7be49 Change ListTargetes and GetTargetsByName to return TargetWithRole. 
This object has both the target and the role in which the target was found.

Signed-off-by: Ying Li <ying.li@docker.com>
 2016-01-04 17:15:44 -08:00
Ying Li
2f2a0b9c9f Display the role when listing targets using the Notary CLI. 
Signed-off-by: Ying Li <ying.li@docker.com>
 2016-01-04 15:20:06 -08:00
David Lawrence
f2ec72b5b6 aliases removed from file names 
Signed-off-by: David Lawrence <david.lawrence@docker.com> (github: endophage)
 2015-12-23 09:41:03 -08:00
David Lawrence
6d5b8ff54a add role into PEM headers 
Signed-off-by: David Lawrence <david.lawrence@docker.com> (github: endophage)
 2015-12-23 09:41:03 -08:00
David Lawrence
377b72a54f updating list targets to list across multiple roles 
Signed-off-by: David Lawrence <david.lawrence@docker.com> (github: endophage)
 2015-12-17 10:09:34 -08:00
Ying Li
20c557a10b Merge pull request #291 from docker/server-docs 
Server and signer docs
 2015-12-15 13:26:08 -08:00
Ying Li
63f48791c3 Fix docstring for 'key-type' parameter on key rotate. 
Signed-off-by: Ying Li <ying.li@docker.com>
 2015-12-15 10:18:58 -08:00