mirror of
https://github.com/docker/docs.git
synced 2026-04-12 06:19:22 +07:00
83d0d8657f
+ Ref https://github.com/docker/notary/issues/144 + Create ChangeIterator interface + Implement ChangeIterator interface for memChangeList + Implement ChangeIterator interface for fileChangeList + Add iterator test case to changelist_test + Add iterator test case to file_changelist_test + Change func applyChangelist to use iterator per PR comment + Remove redundant defer statement in file_changelist_test.go (PR comment) + Change Next error check to simple array bounds check (PR comment) + Add negative unit test cases to increase code coverage Signed-off-by: David Williamson <david.williamson@docker.com>
115 lines
2.6 KiB
Go
115 lines
2.6 KiB
Go
package client
|
|
|
|
import (
|
|
"encoding/json"
|
|
"net/http"
|
|
"time"
|
|
|
|
"github.com/Sirupsen/logrus"
|
|
"github.com/docker/notary/client/changelist"
|
|
"github.com/endophage/gotuf"
|
|
"github.com/endophage/gotuf/data"
|
|
"github.com/endophage/gotuf/keys"
|
|
"github.com/endophage/gotuf/store"
|
|
)
|
|
|
|
// Use this to initialize remote HTTPStores from the config settings
|
|
func getRemoteStore(baseURL, gun string, rt http.RoundTripper) (store.RemoteStore, error) {
|
|
return store.NewHTTPStore(
|
|
baseURL+"/v2/"+gun+"/_trust/tuf/",
|
|
"",
|
|
"json",
|
|
"",
|
|
"key",
|
|
rt,
|
|
)
|
|
}
|
|
|
|
func applyChangelist(repo *tuf.TufRepo, cl changelist.Changelist) error {
|
|
it, err := cl.NewIterator()
|
|
if err != nil {
|
|
return err
|
|
}
|
|
index := 0
|
|
for it.HasNext() {
|
|
c, err := it.Next()
|
|
if err != nil {
|
|
return err
|
|
}
|
|
switch c.Scope() {
|
|
case changelist.ScopeTargets:
|
|
err := applyTargetsChange(repo, c)
|
|
if err != nil {
|
|
return err
|
|
}
|
|
default:
|
|
logrus.Debug("scope not supported: ", c.Scope())
|
|
}
|
|
index++
|
|
}
|
|
logrus.Debugf("applied %d change(s)", index)
|
|
return nil
|
|
}
|
|
|
|
func applyTargetsChange(repo *tuf.TufRepo, c changelist.Change) error {
|
|
var err error
|
|
switch c.Action() {
|
|
case changelist.ActionCreate:
|
|
logrus.Debug("changelist add: ", c.Path())
|
|
meta := &data.FileMeta{}
|
|
err = json.Unmarshal(c.Content(), meta)
|
|
if err != nil {
|
|
return err
|
|
}
|
|
files := data.Files{c.Path(): *meta}
|
|
_, err = repo.AddTargets(c.Scope(), files)
|
|
case changelist.ActionDelete:
|
|
logrus.Debug("changelist remove: ", c.Path())
|
|
err = repo.RemoveTargets(c.Scope(), c.Path())
|
|
default:
|
|
logrus.Debug("action not yet supported: ", c.Action())
|
|
}
|
|
if err != nil {
|
|
return err
|
|
}
|
|
return nil
|
|
}
|
|
|
|
func nearExpiry(r *data.SignedRoot) bool {
|
|
plus6mo := time.Now().AddDate(0, 6, 0)
|
|
return r.Signed.Expires.Before(plus6mo)
|
|
}
|
|
|
|
func initRoles(kdb *keys.KeyDB, rootKey, targetsKey, snapshotKey, timestampKey data.PublicKey) error {
|
|
rootRole, err := data.NewRole("root", 1, []string{rootKey.ID()}, nil, nil)
|
|
if err != nil {
|
|
return err
|
|
}
|
|
targetsRole, err := data.NewRole("targets", 1, []string{targetsKey.ID()}, nil, nil)
|
|
if err != nil {
|
|
return err
|
|
}
|
|
snapshotRole, err := data.NewRole("snapshot", 1, []string{snapshotKey.ID()}, nil, nil)
|
|
if err != nil {
|
|
return err
|
|
}
|
|
timestampRole, err := data.NewRole("timestamp", 1, []string{timestampKey.ID()}, nil, nil)
|
|
if err != nil {
|
|
return err
|
|
}
|
|
|
|
if err := kdb.AddRole(rootRole); err != nil {
|
|
return err
|
|
}
|
|
if err := kdb.AddRole(targetsRole); err != nil {
|
|
return err
|
|
}
|
|
if err := kdb.AddRole(snapshotRole); err != nil {
|
|
return err
|
|
}
|
|
if err := kdb.AddRole(timestampRole); err != nil {
|
|
return err
|
|
}
|
|
return nil
|
|
}
|