centersl/docker-docs
1
0
Fork 0
mirror of https://github.com/docker/docs.git synced 2026-04-06 03:08:58 +07:00
Code Issues Packages Projects Releases Wiki Activity
1,347 Commits 56 Branches 28 Tags
befd30e9a4e2d3db0fed29f91c396c474ecfd23a
Commit Graph

272 Commits

Author SHA1 Message Date
Ying Li
befd30e9a4 Add tests for updating if server has metadata corruption such that the checksum was valid. 
Signed-off-by: Ying Li <ying.li@docker.com>
 2016-01-29 11:01:31 -08:00
Ying Li
f8a0e46b6c Add test for when any downloaded metadata has an invalid checksum compared to snapshot or timestamp. 
Signed-off-by: Ying Li <ying.li@docker.com>

Conflicts:
	client/client_update_test.go
 2016-01-29 11:01:31 -08:00
Riyaz Faizullabhoy
41643d4a9c make -1 read up to 100MB of data, use for non-timestamps. Reduce 
timestamp to 1MB max

Signed-off-by: Riyaz Faizullabhoy <riyaz.faizullabhoy@docker.com>
 2016-01-28 10:17:17 -08:00
Riyaz Faizullabhoy
a6159a45d1 ensure filestore GetMeta only returns up to size bytes. Standardize constant for max size 
Signed-off-by: Riyaz Faizullabhoy <riyaz.faizullabhoy@docker.com>
 2016-01-28 10:16:19 -08:00
Jessica Frazelle
a64db12c04 change url from jfrazelle/go to docker/go 
Signed-off-by: Jessica Frazelle <acidburn@docker.com>
 2016-01-26 08:43:38 -08:00
HuKeping
3cd3614de6 Tiny refactor 
Just to keep consistent with the others.

Signed-off-by: Hu Keping <hukeping@huawei.com>
 2016-01-25 15:14:08 +08:00
Diogo Mónica
341bd335f5 Merge pull request #475 from docker/repo-info-lib 
get all current role information for a repo
 2016-01-22 16:31:28 -08:00
Ying Li
499d5a7c0c Add an extra targets/b delegation chain to the tests. 
Also, shorten some of the options (do not specify false, since that's default).

Signed-off-by: Ying Li <ying.li@docker.com>
 2016-01-21 16:34:53 -08:00
Ying Li
e79839b216 Add better error reporting for update tests. 
Signed-off-by: Ying Li <ying.li@docker.com>
 2016-01-21 13:23:30 -08:00
Ying Li
dde9531b4a Fix an error where we get a JSON syntax error on server 404 or 50X. 
We were testing to see if the cached metadata was nil, but we actually
set it to an empty data.Signed object, but didn't always set it to nil
if we failed to get local metadata.

Signed-off-by: Ying Li <ying.li@docker.com>
 2016-01-21 13:23:30 -08:00
Ying Li
36684a3290 Use cached timestamp if we get a 404 when updating timestamp. 
We use the cached timestamp for all other errors, so this makes the
error consistent.  The only special metadata is the root.json, where a 404
signifies that the repository doesn't exist.  Also update the message
when a cached timestamp is used.

Signed-off-by: Ying Li <ying.li@docker.com>
 2016-01-21 13:23:16 -08:00
Riyaz Faizullabhoy
25a1e9aed7 change to ListRoles, and GetAllLoadedRoles 
Signed-off-by: Riyaz Faizullabhoy <riyaz.faizullabhoy@docker.com>
 2016-01-20 15:58:55 -08:00
Ying Li
803205d8bf Update and add tests for what happens if the remote repo 404's or 500's on root.json. 
Signed-off-by: Ying Li <ying.li@docker.com>
 2016-01-20 14:41:54 -08:00
Riyaz Faizullabhoy
a052d9e105 client library for retrieving keys and signatures for all roles 
Signed-off-by: Riyaz Faizullabhoy <riyaz.faizullabhoy@docker.com>
 2016-01-20 12:00:09 -08:00
Diogo Mónica
60e6d254b3 Merge pull request #477 from docker/swizzler 
Update tests while messing up metadata
 2016-01-20 11:05:34 -08:00
Ying Li
df53f51b0b Refactor swizzler to not produce a repo itself, but to just take some initial metadata. 
Updated the testutils/repo.go utility to be able to produce a repository with delegations
and to export metadata from said repo instead.

Signed-off-by: Ying Li <ying.li@docker.com>
 2016-01-20 10:02:14 -08:00
Ying Li
3c72ef762b Merge pull request #482 from docker/random-lint-fix 
Add some comments about the notary constants, and other lint fixes.
 2016-01-19 23:39:11 -08:00
Ying Li
1404aa9dad Remove client update tests for which it seems like the user is actively sabotaging themselves. 
Signed-off-by: Ying Li <ying.li@docker.com>
 2016-01-19 16:32:34 -08:00
Ying Li
edc30ffdb9 Skip the longer client update tests if testing in short mode. 
Signed-off-by: Ying Li <ying.li@docker.com>
 2016-01-19 16:28:52 -08:00
Ying Li
ea0a64eeab Add a few tests for updating when the local repo is corrupt. 
Signed-off-by: Ying Li <ying.li@docker.com>
 2016-01-19 16:28:52 -08:00
Ying Li
6f2e851b29 Merge pull request #479 from docker/remove_to_lower 
Do not lowercase role names when adding a change
 2016-01-19 16:22:41 -08:00
Ying Li
2ff7bf6375 Add some comments about the notary constants, and other lint fixes. 
It seems that `make vet` sometimes disagrees locally vs on CircleCI.  This
just fixes my local `make vet` complaints.

Signed-off-by: Ying Li <ying.li@docker.com>
 2016-01-19 15:55:47 -08:00
Ying Li
a3b9a5543f Do not lowercase role names when adding a change 
Signed-off-by: Ying Li <ying.li@docker.com>
 2016-01-19 14:32:00 -08:00
Ying Li
4f8d28ad7f Add tests for updating replacing corrupted local cache 
Signed-off-by: Ying Li <ying.li@docker.com>
 2016-01-19 14:07:46 -08:00
Ying Li
cf0bb5a9be Merge pull request #440 from docker/diogo-cli-adding-delegations 
delegation command for notary-cli
 2016-01-19 13:54:56 -08:00
Riyaz Faizullabhoy
ca67f1e71a client library deletion functionality, and integration into remove cert 
CLI

Signed-off-by: Riyaz Faizullabhoy <riyaz.faizullabhoy@docker.com>
 2016-01-19 11:18:33 -08:00
Riyaz Faizullabhoy
138d6cea09 Add, remove, and list delegation command. TUF changelist action change 
for deletions (force vs. individual items)
Signed-off-by: Riyaz Faizullabhoy <riyaz.faizullabhoy@docker.com>
 2016-01-18 16:24:45 -08:00
Diogo Mónica
e451f635e8 Merge pull request #471 from docker/test_repo_root_cert 
Change testutils.EmptyRepo() to use a cert as the root.json root key.
 2016-01-18 14:14:06 -08:00
Ying Li
200fefbff8 EmptyRepo needs to take a GUN in order to generate a valid cert. 
Signed-off-by: Ying Li <ying.li@docker.com>
 2016-01-18 10:46:06 -08:00
Ying Li
0bbf979cf4 Change testutils.EmptyRepo() to use a cert as the root.json root key. 
This involves making it use ECDSA keys since we can't generate ED25519 certs.

Signed-off-by: Ying Li <ying.li@docker.com>
 2016-01-15 19:11:17 -08:00
Ying Li
877d47bb5c Add tests to ensure you can just drop a key in tuf_key and use it for signing. 
This is important for user keys, which do not necessarily need to be under a GUN,
and may have a role other than one of the canonical roles (e.g. "user" role).

Signed-off-by: Ying Li <ying.li@docker.com>
 2016-01-15 18:54:41 -08:00
David Lawrence
c0fb05584e fixing incorrect comments 
Signed-off-by: David Lawrence <david.lawrence@docker.com> (github: endophage)
 2016-01-15 11:30:32 -08:00
David Lawrence
9e80ad8158 remove certs.NewManager function 
Signed-off-by: David Lawrence <david.lawrence@docker.com> (github: endophage)
 2016-01-15 11:30:32 -08:00
David Lawrence
a8b21cafe0 CertManager is completely removed 
Signed-off-by: David Lawrence <david.lawrence@docker.com> (github: endophage)
 2016-01-15 11:30:32 -08:00
Ying Li
d4820c5756 Translate ErrMetaNotFound when updating, so long as it's on root, to ErrRepositoryNotExist. 
Signed-off-by: Ying Li <ying.li@docker.com>
 2016-01-14 15:27:11 -08:00
Ying Li
c65fc03ef9 Update test to make x509 keys start a day in the past. 
Signed-off-by: Ying Li <ying.li@docker.com>
 2016-01-14 14:15:38 -08:00
Ying Li
f57f2beb08 Factor marshalling a SignedRoot into JSON into TUF/data/root.go, and 
add an injectable serializer (so we can test JSON marshalling/unmarshalling
error propagation).

Signed-off-by: Ying Li <ying.li@docker.com>
 2016-01-14 10:51:24 -08:00
Ying Li
b74f1835b7 Ensure that we do not unnecessarily re-sign/serialize a root.json file on publish 
Adds additional tests to ensure that keys aren't unnecessarily created on error,
and that only the required keys to sign are used.

Signed-off-by: Ying Li <ying.li@docker.com>
 2016-01-14 10:51:24 -08:00
Ying Li
4dc8299de5 Fix bug where the yubikey store was not prioritized over the filestore 
in a client repo.

Also, fix a test with exporting/importing all keys - because a key
that is imported into the yubikey is also backed up on disk, when exporting
all keys, it also gets exported.

Signed-off-by: Ying Li <ying.li@docker.com>
 2016-01-13 18:19:48 -08:00
David Lawrence
a60f228189 fixing use of require vs assert 
Signed-off-by: David Lawrence <david.lawrence@docker.com> (github: endophage)
 2016-01-13 15:59:33 -08:00
Diogo Mónica
26d3f3f92b Merge pull request #413 from endophage/fix_root_download 
fixing bootstrapClient to prefer cached root
 2016-01-13 15:48:39 -08:00
David Lawrence
06d23e14c9 add test for invalid remote URL 
add offline store for use when we can't initialize a remote store
Signed-off-by: David Lawrence <david.lawrence@docker.com> (github: endophage)
 2016-01-13 15:26:57 -08:00
Ying Li
cf4b77b760 Revert "switching out to consistently use canonical json for all marshalling of TUF data" 
This reverts commit f417c834c4.

Signed-off-by: Ying Li <ying.li@docker.com>
 2016-01-08 14:53:09 -08:00
David Lawrence
5ced01a262 add test to confirm bootstrapClient with a bad URL errors 
Signed-off-by: David Lawrence <david.lawrence@docker.com> (github: endophage)
 2016-01-08 09:03:27 -08:00
David Lawrence
6d72fe7fd1 adding comment to bootstrapClient 
Signed-off-by: David Lawrence <david.lawrence@docker.com> (github: endophage)
 2016-01-08 09:03:27 -08:00
David Lawrence
d11f11748c when we download during bootstrapClient we should save the root to cache 
Signed-off-by: David Lawrence <david.lawrence@docker.com> (github: endophage)
 2016-01-08 09:03:03 -08:00
David Lawrence
762c997104 fixing bootstrapClient to prefer cached root 
Signed-off-by: David Lawrence <david.lawrence@docker.com> (github: endophage)
 2016-01-08 09:03:03 -08:00
David Lawrence
11795a4573 rename data.ValidRoles to data.BaseRoles 
Signed-off-by: David Lawrence <david.lawrence@docker.com> (github: endophage)
 2016-01-07 17:38:52 -08:00
David Lawrence
d52dbde683 removing the ability to configure role names. It adds a lot of complexity without adding much value. If somebody wants custom role names they can implement it at the display level 
Signed-off-by: David Lawrence <david.lawrence@docker.com> (github: endophage)
 2016-01-07 17:38:05 -08:00
Ying Li
c1c0ccf4be Combine bootstrapClient and tuf/client's Client.Update into NotaryRepository.Update. 
- it is easier to understand what's going on in the online functions of NotaryRepository
- we can test NotaryRepository.Update independently (although it'd be nice to have some way
  of ensuring that the actual public functions of NotaryRepository like ListTargets,
  GetTargetByName, and Publish actually calls Update.
- distinct error if the remote repo doesn't exist.

This also stops wrapping signed.ErrExpired in client.ErrExpired, and just passes
signed.ErrExpired on directly.

Signed-off-by: Ying Li <ying.li@docker.com>
 2016-01-07 16:58:46 -08:00