centersl/docker-docs
1
0
Fork 0
mirror of https://github.com/docker/docs.git synced 2026-04-12 06:19:22 +07:00
Code Issues Packages Projects Releases Wiki Activity
1,385 Commits 57 Branches 28 Tags
bac2d78b9ddd34226fc88b64cd23ef9136f808b6
Commit Graph

356 Commits

Author SHA1 Message Date
Riyaz Faizullabhoy
bac2d78b9d Adds --all-paths flag (requires new TUF delegation key for removes), also print <all paths> in addition to "" on CLI 
Signed-off-by: Riyaz Faizullabhoy <riyaz.faizullabhoy@docker.com>
 2016-02-03 15:46:03 -08:00
Riyaz Faizullabhoy
6ffde51d89 Ensure empty string path is properly handled, make default for adding delegation 
Signed-off-by: Riyaz Faizullabhoy <riyaz.faizullabhoy@docker.com>
 2016-02-03 15:31:26 -08:00
Ying Li
718002acea Add some more tests for notary CLI 
Signed-off-by: Ying Li <ying.li@docker.com>
 2016-02-03 13:21:32 -08:00
Ying Li
d67a7e128c Refactor the notary command line to not use global mutable state, and to not exit on error. 
This way we can test the command more easily (we want to test the error, as opposed to
just killing the test).

Signed-off-by: Ying Li <ying.li@docker.com>
 2016-02-03 12:01:16 -08:00
Riyaz Faizullabhoy
70ee4f8670 PoC broken down client api for delegations 
Signed-off-by: Riyaz Faizullabhoy <riyaz.faizullabhoy@docker.com>
 2016-02-02 17:01:35 -08:00
HuKeping
5e088ee4dc Stop logging out critical info of database 
The signer will print out the user name and password of the database
which could cause security problem.

The server side is OK.

Signed-off-by: Hu Keping <hukeping@huawei.com>
 2016-02-02 20:02:08 +08:00
HuKeping
9f19815b08 Comments: rework some comments 
Make the error log message different from the following
`subtle.ConstantTimeCompare()` in the same function.

Signed-off-by: Hu Keping <hukeping@huawei.com>
 2016-02-01 09:45:56 +08:00
Diogo Mónica
3eac9a8185 Merge pull request #516 from docker/canonical-key-id 
use only canonical IDs for display on delegation CLI commands,
 2016-01-29 16:43:25 -08:00
Diogo Mónica
564f8d06d3 Merge pull request #515 from docker/roles-for-targets 
Roles for targets via notary CLI
 2016-01-29 16:08:29 -08:00
Riyaz Faizullabhoy
a16e6b58b5 use only canonical IDs for display on delegation CLI commands, translate to TUF key IDs for metadata usage under the hood 
Signed-off-by: Riyaz Faizullabhoy <riyaz.faizullabhoy@docker.com>
 2016-01-29 16:00:42 -08:00
Diogo Mónica
32d9cd7c4a Merge pull request #485 from docker/passphrase-change 
passwd command and tests
 2016-01-28 17:35:44 -08:00
Riyaz Faizullabhoy
cd7274f1b9 Add additional tests with different delegation key format using role PEM header 
Signed-off-by: Riyaz Faizullabhoy <riyaz.faizullabhoy@docker.com>
 2016-01-28 15:49:09 -08:00
Riyaz Faizullabhoy
9c59af1397 passwd command and tests 
Signed-off-by: Riyaz Faizullabhoy <riyaz.faizullabhoy@docker.com>
 2016-01-28 10:36:05 -08:00
Riyaz Faizullabhoy
2964e8c6f4 add integration test for adding/listing/removing targets from roles 
Signed-off-by: Riyaz Faizullabhoy <riyaz.faizullabhoy@docker.com>
 2016-01-28 10:20:27 -08:00
Riyaz Faizullabhoy
bb9ef929de Add --roles flags to targets commands 
Signed-off-by: Riyaz Faizullabhoy <riyaz.faizullabhoy@docker.com>
 2016-01-28 09:59:04 -08:00
HuKeping
6b31789fe5 Tiny refactor: to keep code style consistent 
The other CLI commands about tuf are all begin with cmdTufXXX
which I think `verify` should be the same too.

Signed-off-by: Hu Keping <hukeping@huawei.com>
 2016-01-28 20:13:39 +08:00
Riyaz Faizullabhoy
83c5ed255b Add check for RSA key len before adding 
Signed-off-by: Riyaz Faizullabhoy <riyaz.faizullabhoy@docker.com>
 2016-01-26 23:27:06 -08:00
Diogo Mónica
7eb86f7a64 Merge pull request #493 from docker/delegation-cli-text 
delegations CLI UX improvements
 2016-01-26 15:32:20 -08:00
Jessica Frazelle
a64db12c04 change url from jfrazelle/go to docker/go 
Signed-off-by: Jessica Frazelle <acidburn@docker.com>
 2016-01-26 08:43:38 -08:00
Riyaz Faizullabhoy
774b66c9fe delegations CLI UX improvements 
Signed-off-by: Riyaz Faizullabhoy <riyaz.faizullabhoy@docker.com>
 2016-01-25 16:14:02 -08:00
Riyaz Faizullabhoy
12d3eb49ae Change default log level to fatal, change verbose to error level and add 
debug flag for debug level

Signed-off-by: Riyaz Faizullabhoy <riyaz.faizullabhoy@docker.com>
 2016-01-25 16:13:42 -08:00
Ying Li
b51d1e8cf8 Root is always on disk unless restored from backup. 
(In which case if Yubikey is available, it will only be on the Yubikey and not on disk.)

Signed-off-by: Ying Li <ying.li@docker.com>
 2016-01-25 13:37:39 -08:00
David Lawrence
6389c8cf75 tokenAuth should also 'succeed' if we get a 401, which will result in attempting futher authentication later 
Signed-off-by: David Lawrence <david.lawrence@docker.com> (github: endophage)
 2016-01-21 11:44:00 -08:00
David Lawrence
33fee1d356 test for returning nil roundtripper from tokenAuth 
Signed-off-by: David Lawrence <david.lawrence@docker.com> (github: endophage)
 2016-01-19 15:47:12 -08:00
David Lawrence
46682b71eb if we can't connect to the server when setting up, return a nil roundtripper. Check roundtripper when initializing HTTPStore and substitute an OfflineStore if it is nil. 
Signed-off-by: David Lawrence <david.lawrence@docker.com> (github: endophage)
 2016-01-19 14:34:50 -08:00
Ying Li
cf0bb5a9be Merge pull request #440 from docker/diogo-cli-adding-delegations 
delegation command for notary-cli
 2016-01-19 13:54:56 -08:00
Riyaz Faizullabhoy
ca67f1e71a client library deletion functionality, and integration into remove cert 
CLI

Signed-off-by: Riyaz Faizullabhoy <riyaz.faizullabhoy@docker.com>
 2016-01-19 11:18:33 -08:00
Riyaz Faizullabhoy
138d6cea09 Add, remove, and list delegation command. TUF changelist action change 
for deletions (force vs. individual items)
Signed-off-by: Riyaz Faizullabhoy <riyaz.faizullabhoy@docker.com>
 2016-01-18 16:24:45 -08:00
Ying Li
dd0223f7cf Fix pretty-print keys to not print "." if there is no GUN. 
Signed-off-by: Ying Li <ying.li@docker.com>
 2016-01-15 18:54:47 -08:00
David Lawrence
c0fb05584e fixing incorrect comments 
Signed-off-by: David Lawrence <david.lawrence@docker.com> (github: endophage)
 2016-01-15 11:30:32 -08:00
David Lawrence
9e80ad8158 remove certs.NewManager function 
Signed-off-by: David Lawrence <david.lawrence@docker.com> (github: endophage)
 2016-01-15 11:30:32 -08:00
David Lawrence
48ecd8d2cb some cleanup of certs code 
Signed-off-by: David Lawrence <david.lawrence@docker.com> (github: endophage)
 2016-01-15 11:30:32 -08:00
Ying Li
27278428ec Remove extraneous "fake" from the notary CLI integration tests. 
Signed-off-by: Ying Li <ying.li@docker.com>
 2016-01-14 09:56:37 -08:00
Ying Li
4dc8299de5 Fix bug where the yubikey store was not prioritized over the filestore 
in a client repo.

Also, fix a test with exporting/importing all keys - because a key
that is imported into the yubikey is also backed up on disk, when exporting
all keys, it also gets exported.

Signed-off-by: Ying Li <ying.li@docker.com>
 2016-01-13 18:19:48 -08:00
David Lawrence
89f250c253 when doing getTransport readOnly needs to be false for a key rotation as write permissions are required to retrieve keys 
Signed-off-by: David Lawrence <david.lawrence@docker.com> (github: endophage)
 2016-01-11 17:25:23 -08:00
David Lawrence
b56372a1d8 using JSON logging format for notary server and signer for easier integration with backend metrics platforms 
Signed-off-by: David Lawrence <david.lawrence@docker.com> (github: endophage)
 2016-01-06 17:09:38 -08:00
Ying Li
61bbf7be49 Change ListTargetes and GetTargetsByName to return TargetWithRole. 
This object has both the target and the role in which the target was found.

Signed-off-by: Ying Li <ying.li@docker.com>
 2016-01-04 17:15:44 -08:00
Ying Li
2f2a0b9c9f Display the role when listing targets using the Notary CLI. 
Signed-off-by: Ying Li <ying.li@docker.com>
 2016-01-04 15:20:06 -08:00
David Lawrence
f2ec72b5b6 aliases removed from file names 
Signed-off-by: David Lawrence <david.lawrence@docker.com> (github: endophage)
 2015-12-23 09:41:03 -08:00
David Lawrence
6d5b8ff54a add role into PEM headers 
Signed-off-by: David Lawrence <david.lawrence@docker.com> (github: endophage)
 2015-12-23 09:41:03 -08:00
David Lawrence
377b72a54f updating list targets to list across multiple roles 
Signed-off-by: David Lawrence <david.lawrence@docker.com> (github: endophage)
 2015-12-17 10:09:34 -08:00
Ying Li
20c557a10b Merge pull request #291 from docker/server-docs 
Server and signer docs
 2015-12-15 13:26:08 -08:00
Ying Li
63f48791c3 Fix docstring for 'key-type' parameter on key rotate. 
Signed-off-by: Ying Li <ying.li@docker.com>
 2015-12-15 10:18:58 -08:00
Ying Li
ca1623e17b Update CLI rotate key command to optionally rotate a single key. 
This makes it possible to delegate snapshots key management to the
server, and to reclaim the responsibility.

Signed-off-by: Ying Li <ying.li@docker.com>
 2015-12-14 17:17:23 -08:00
Ying Li
2ce0232972 Refactor notary CLI keys cmds to use less globally mutable state. 
This way we can test the command functions more easily.

Signed-off-by: Ying Li <ying.li@docker.com>
 2015-12-14 17:17:23 -08:00
Ying Li
54c7de5bd6 Update the server and signer docs to reflect new code changes. 
Signed-off-by: Ying Li <ying.li@docker.com>
 2015-12-11 12:26:48 -08:00
Ying Li
c77bbee0ef Merge pull request #351 from cyli/better-validation-errors 
Propagate error validations from server to client
 2015-12-10 21:29:57 -08:00
Ying Li
6aa114a49f Fix all instances where 'propagate' was mispelled as 'propogate' 
Signed-off-by: Ying Li <ying.li@docker.com>
 2015-12-10 15:12:05 -08:00
Miloslav Trmač
3c6335c572 Explicitly supply validity times to certificate generation 
Add explicit startTime and endTime parameters to
cryptoservice.GenerateCertificate and trustmanager.NewCertificate.

trustmanager.NewCertificate as a low-level data manipulation function
should not be hard-coding policy (10-year expiration); that policy
belongs to its callers, or one more level higher to callers of
cryptoservice.GenerateCertificate.

These places hard-coding policy now also have an explict comment to
that effect.

In addition to conceptual cleanliness, this will allow writing tests
of certificate expiry by generating appropriate expired or nearly-expired
certificates.

Tests which don't care about the policy much will continue to use the
just added cryptoservice.GenerateTestingCertificate.

Signed-off-by: Miloslav Trmač <mitr@redhat.com>
 2015-12-09 20:02:10 +01:00
HuKeping
639f1e80f0 Use the function to parse viper on server side 
Signed-off-by: Hu Keping <hukeping@huawei.com>
 2015-12-09 09:17:25 +08:00