diff --git a/cli/command/trust/cmd.go b/cli/command/trust/cmd.go index 94b0b5bb9c..cb8408d1e7 100644 --- a/cli/command/trust/cmd.go +++ b/cli/command/trust/cmd.go @@ -18,10 +18,8 @@ func NewTrustCommand(dockerCli command.Cli) *cobra.Command { newViewCommand(dockerCli), newRevokeCommand(dockerCli), newSignCommand(dockerCli), - newKeyGenerateCommand(dockerCli), - newKeyLoadCommand(dockerCli), - newSignerAddCommand(dockerCli), - newSignerRemoveCommand(dockerCli), + newTrustKeyCommand(dockerCli), + newTrustSignerCommand(dockerCli), ) return cmd } diff --git a/cli/command/trust/key.go b/cli/command/trust/key.go new file mode 100644 index 0000000000..b24a34c38a --- /dev/null +++ b/cli/command/trust/key.go @@ -0,0 +1,22 @@ +package trust + +import ( + "github.com/docker/cli/cli" + "github.com/docker/cli/cli/command" + "github.com/spf13/cobra" +) + +// newTrustKeyCommand returns a cobra command for `trust key` subcommands +func newTrustKeyCommand(dockerCli command.Streams) *cobra.Command { + cmd := &cobra.Command{ + Use: "key", + Short: "Manage keys for signing Docker images (experimental)", + Args: cli.NoArgs, + RunE: command.ShowHelp(dockerCli.Err()), + } + cmd.AddCommand( + newKeyGenerateCommand(dockerCli), + newKeyLoadCommand(dockerCli), + ) + return cmd +} diff --git a/cli/command/trust/key_generate.go b/cli/command/trust/key_generate.go index 449aeb4e13..c0473f18c2 100644 --- a/cli/command/trust/key_generate.go +++ b/cli/command/trust/key_generate.go @@ -21,7 +21,7 @@ import ( func newKeyGenerateCommand(dockerCli command.Streams) *cobra.Command { cmd := &cobra.Command{ - Use: "key-generate NAME [NAME...]", + Use: "generate NAME [NAME...]", Short: "Generate and load a signing key-pair", Args: cli.ExactArgs(1), RunE: func(cmd *cobra.Command, args []string) error { diff --git a/cli/command/trust/key_load.go b/cli/command/trust/key_load.go index 22fa585803..9d8ec915c4 100644 --- a/cli/command/trust/key_load.go +++ b/cli/command/trust/key_load.go @@ -28,7 +28,7 @@ type keyLoadOptions struct { func newKeyLoadCommand(dockerCli command.Streams) *cobra.Command { var options keyLoadOptions cmd := &cobra.Command{ - Use: "key-load [OPTIONS] KEY", + Use: "load [OPTIONS] KEY", Short: "Load a private key file for signing", Args: cli.ExactArgs(1), RunE: func(cmd *cobra.Command, args []string) error { @@ -79,7 +79,7 @@ func loadPrivKeyFromPath(privKeyImporters []utils.Importer, keyPath, keyName str return err } if _, _, err := tufutils.ExtractPrivateKeyAttributes(keyBytes); err != nil { - return fmt.Errorf("provided file %s is not a supported private key - to add a signer's public key use docker trust signer-add", keyPath) + return fmt.Errorf("provided file %s is not a supported private key - to add a signer's public key use docker trust signer add", keyPath) } // Rewind the file pointer if _, err := from.Seek(0, 0); err != nil { diff --git a/cli/command/trust/key_load_test.go b/cli/command/trust/key_load_test.go index ed878e5e79..86d773d1e2 100644 --- a/cli/command/trust/key_load_test.go +++ b/cli/command/trust/key_load_test.go @@ -204,5 +204,5 @@ func TestLoadPubKeyFailure(t *testing.T) { // import the key to our keyStorageDir - it should fail err = loadPrivKeyFromPath(privKeyImporters, pubKeyFilepath, "signer", cannedPasswordRetriever) assert.Error(t, err) - assert.Contains(t, fmt.Sprintf("provided file %s is not a supported private key - to add a signer's public key use docker trust signer-add", pubKeyFilepath), err.Error()) + assert.Contains(t, fmt.Sprintf("provided file %s is not a supported private key - to add a signer's public key use docker trust signer add", pubKeyFilepath), err.Error()) } diff --git a/cli/command/trust/signer.go b/cli/command/trust/signer.go new file mode 100644 index 0000000000..c0111ef3f3 --- /dev/null +++ b/cli/command/trust/signer.go @@ -0,0 +1,22 @@ +package trust + +import ( + "github.com/docker/cli/cli" + "github.com/docker/cli/cli/command" + "github.com/spf13/cobra" +) + +// newTrustSignerCommand returns a cobra command for `trust signer` subcommands +func newTrustSignerCommand(dockerCli command.Cli) *cobra.Command { + cmd := &cobra.Command{ + Use: "signer", + Short: "Manage entities who can sign Docker images (experimental)", + Args: cli.NoArgs, + RunE: command.ShowHelp(dockerCli.Err()), + } + cmd.AddCommand( + newSignerAddCommand(dockerCli), + newSignerRemoveCommand(dockerCli), + ) + return cmd +} diff --git a/cli/command/trust/signer_add.go b/cli/command/trust/signer_add.go index 159cce6757..6393371821 100644 --- a/cli/command/trust/signer_add.go +++ b/cli/command/trust/signer_add.go @@ -30,7 +30,7 @@ type signerAddOptions struct { func newSignerAddCommand(dockerCli command.Cli) *cobra.Command { var options signerAddOptions cmd := &cobra.Command{ - Use: "signer-add [OPTIONS] NAME IMAGE [IMAGE...] ", + Use: "add [OPTIONS] NAME IMAGE [IMAGE...] ", Short: "Add a signer", Args: cli.RequiresMinArgs(2), RunE: func(cmd *cobra.Command, args []string) error { diff --git a/cli/command/trust/signer_remove.go b/cli/command/trust/signer_remove.go index 6045b591dd..590cff8944 100644 --- a/cli/command/trust/signer_remove.go +++ b/cli/command/trust/signer_remove.go @@ -23,7 +23,7 @@ type signerRemoveOptions struct { func newSignerRemoveCommand(dockerCli command.Cli) *cobra.Command { options := signerRemoveOptions{} cmd := &cobra.Command{ - Use: "signer-remove [OPTIONS] NAME IMAGE [IMAGE...]", + Use: "remove [OPTIONS] NAME IMAGE [IMAGE...]", Short: "Remove a signer", Args: cli.RequiresMinArgs(2), RunE: func(cmd *cobra.Command, args []string) error { diff --git a/docs/reference/commandline/trust_key_generate.md b/docs/reference/commandline/trust_key_generate.md index 1bd8f1632b..811b4e7763 100644 --- a/docs/reference/commandline/trust_key_generate.md +++ b/docs/reference/commandline/trust_key_generate.md @@ -1,6 +1,6 @@ --- -title: "key-generate" -description: "The key-generate command description and usage" +title: "key generate" +description: "The key generate command description and usage" keywords: "Key, notary, trust" --- @@ -13,10 +13,10 @@ keywords: "Key, notary, trust" will be rejected. --> -# trust key-generate +# trust key generate ```markdown -Usage: docker trust key-generate NAME +Usage: docker trust key generate NAME Generate and load a signing key-pair @@ -24,17 +24,17 @@ Generate and load a signing key-pair ## Description -`docker trust key-generate` generates a key-pair to be used with signing, +`docker trust key generate` generates a key-pair to be used with signing, and loads the private key into the local docker trust keystore. -`docker trust key-generate` is currently experimental. +`docker trust key generate` is currently experimental. ## Examples ### Generate a key-pair ```bash -$ docker trust key-generate alice +$ docker trust key generate alice Generating key for alice... Enter passphrase for new alice key with ID 17acf3c: @@ -49,4 +49,4 @@ The private signing key is encrypted by the passphrase and loaded into the docke All passphrase requests to sign with the key will be referred to by the provided `NAME`. The public key component `alice.pub` will be available in the current working directory, and can -be used directly by `docker trust signer-add`. +be used directly by `docker trust signer add`. diff --git a/docs/reference/commandline/trust_key_load.md b/docs/reference/commandline/trust_key_load.md index 69123c04d1..f1c3d05ab8 100644 --- a/docs/reference/commandline/trust_key_load.md +++ b/docs/reference/commandline/trust_key_load.md @@ -1,6 +1,6 @@ --- -title: "key-load" -description: "The key-load command description and usage" +title: "key load" +description: "The key load command description and usage" keywords: "Key, notary, trust" --- @@ -13,10 +13,10 @@ keywords: "Key, notary, trust" will be rejected. --> -# trust key-load +# trust key load ```markdown -Usage: docker trust key-load [OPTIONS] KEY +Usage: docker trust key load [OPTIONS] KEY Load a signing key @@ -24,9 +24,9 @@ Load a signing key ## Description -`docker trust key-load` adds private keys to the local docker trust keystore. To add a signer to a repository use `docker trust signer-add`. +`docker trust key load` adds private keys to the local docker trust keystore. To add a signer to a repository use `docker trust signer add`. -`docker trust key-load` is currently experimental. +`docker trust key load` is currently experimental. ## Examples @@ -35,7 +35,7 @@ Load a signing key For a private key `alice.pem` with permissions `-rw-------` ```bash -$ docker trust key-load alice.pem +$ docker trust key load alice.pem Loading key from "alice.pem"... Enter passphrase for new signer key with ID f8097df: @@ -46,7 +46,7 @@ Successfully imported key from alice.pem to specify a name use the `--name` flag ```bash -$ docker trust key-load --name alice-key alice.pem +$ docker trust key load --name alice-key alice.pem Loading key from "alice.pem"... Enter passphrase for new alice-key key with ID f8097df: diff --git a/docs/reference/commandline/trust_signer_add.md b/docs/reference/commandline/trust_signer_add.md index 9a63c56930..cb5ca77faf 100644 --- a/docs/reference/commandline/trust_signer_add.md +++ b/docs/reference/commandline/trust_signer_add.md @@ -1,6 +1,6 @@ --- -title: "signer-add" -description: "The signer-add command description and usage" +title: "signer add" +description: "The signer add command description and usage" keywords: "signer, notary, trust" --- @@ -13,10 +13,10 @@ keywords: "signer, notary, trust" will be rejected. --> -# trust signer-add +# trust signer add ```markdown -Usage: docker trust signer-add [OPTIONS] NAME IMAGE [IMAGE...] +Usage: docker trust signer add [OPTIONS] NAME IMAGE [IMAGE...] Add a signer to one or more repositories @@ -24,9 +24,9 @@ Add a signer to one or more repositories ## Description -`docker trust signer-add` adds signers to signed repositories. +`docker trust signer add` adds signers to signed repositories. -`docker trust signer-add` is currently experimental. +`docker trust signer add` is currently experimental. ## Examples @@ -50,10 +50,10 @@ Repository Key: 642692c14c9fc399da523a5f4e24fe306a0a6ee1cc79a10e4555b3c6ab02f71e Root Key: 3cb2228f6561e58f46dbc4cda4fcaff9d5ef22e865a94636f82450d1d2234949 ``` -Add `alice` with `docker trust signer-add`: +Add `alice` with `docker trust signer add`: ```bash -$ docker trust signer-add alice example/trust-demo --key alice.crt +$ docker trust signer add alice example/trust-demo --key alice.crt Adding signer "alice" to example/trust-demo... Enter passphrase for repository key with ID 642692c: @@ -81,7 +81,7 @@ Root Key: 3cb2228f6561e58f46dbc4cda4fcaff9d5ef22e865a94636f82450d1d2234949 ## Initialize a new repo and add a signer -When adding a signer on a repo for the first time, `docker trust signer-add` sets up a new repo if it doesn't exist. +When adding a signer on a repo for the first time, `docker trust signer add` sets up a new repo if it doesn't exist. ```bash $ docker trust inspect example/trust-demo @@ -89,7 +89,7 @@ No signatures or cannot access example/trust-demo ``` ```bash -$ docker trust signer-add alice example/trust-demo --key alice.crt +$ docker trust signer add alice example/trust-demo --key alice.crt Initializing signed repository for example/trust-demo... Enter passphrase for root key with ID 748121c: Enter passphrase for new repository key with ID 95b9e55: @@ -149,10 +149,10 @@ Administrative keys for example/trust-demo2: Repository Key: ece554f14c9fc399da523a5f4e24fe306a0a6ee1cc79a10e4553d2ab20a8d9268 Root Key: 3cb2228f6561e58f46dbc4cda4fcaff9d5ef22e865a94636f82450d1d2234949 ``` -Add `alice` to both repositories with a single `docker trust signer-add` command: +Add `alice` to both repositories with a single `docker trust signer add` command: ```bash -$ docker trust signer-add alice example/trust-demo example/trust-demo2 -k alice.crt +$ docker trust signer add alice example/trust-demo example/trust-demo2 -k alice.crt Adding signer "alice" to example/trust-demo... Enter passphrase for repository key with ID 95b9e55: @@ -197,10 +197,10 @@ Root Key: 3cb2228f6561e58f46dbc4cda4fcaff9d5ef22e865a94636f82450d1d2234949 ``` -`docker trust signer-add` adds signers to repositories on a best effort basis, so it will continue to add the signer to subsequent repositories if one attempt fails: +`docker trust signer add` adds signers to repositories on a best effort basis, so it will continue to add the signer to subsequent repositories if one attempt fails: ```bash -$ docker trust signer-add alice example/unauthorized example/authorized -k alice.crt +$ docker trust signer add alice example/unauthorized example/authorized -k alice.crt Adding signer "alice" to example/unauthorized... you are not authorized to perform this operation: server returned 401. diff --git a/docs/reference/commandline/trust_signer_remove.md b/docs/reference/commandline/trust_signer_remove.md index 386fccbdb6..3da59a3c28 100644 --- a/docs/reference/commandline/trust_signer_remove.md +++ b/docs/reference/commandline/trust_signer_remove.md @@ -1,6 +1,6 @@ --- -title: "signer-remove" -description: "The signer-remove command description and usage" +title: "signer remove" +description: "The signer remove command description and usage" keywords: "signer, notary, trust" --- @@ -13,10 +13,10 @@ keywords: "signer, notary, trust" will be rejected. --> -# trust signer-remove +# trust signer remove ```markdown -Usage: docker trust signer-remove [OPTIONS] NAME IMAGE [IMAGE...] +Usage: docker trust signer remove [OPTIONS] NAME IMAGE [IMAGE...] Remove a signer from one or more repositories @@ -24,9 +24,9 @@ Remove a signer from one or more repositories ## Description -`docker trust signer-remove` removes signers from signed repositories. +`docker trust signer remove` removes signers from signed repositories. -`docker trust signer-remove` is currently experimental. +`docker trust signer remove` is currently experimental. ## Examples @@ -51,10 +51,10 @@ Repository Key: ecc457614c9fc399da523a5f4e24fe306a0a6ee1cc79a10e4555b3c6ab02f71e Root Key: 3cb2228f6561e58f46dbc4cda4fcaff9d5ef22e865a94636f82450d1d2234949 ``` -Remove `alice` with `docker trust signer-remove`: +Remove `alice` with `docker trust signer remove`: ```bash -$ docker trust signer-remove alice example/trust-demo +$ docker trust signer remove alice example/trust-demo Enter passphrase for repository key with ID 642692c: Successfully removed alice from example/trust-demo @@ -112,10 +112,10 @@ Administrative keys for example/trust-demo2: Repository Key: ece554f14c9fc399da523a5f4e24fe306a0a6ee1cc79a10e4553d2ab20a8d9268 Root Key: 3cb2228f6561e58f46dbc4cda4fcaff9d5ef22e865a94636f82450d1d2234949 ``` -Remove `alice` from both images with a single `docker trust signer-remove` command: +Remove `alice` from both images with a single `docker trust signer remove` command: ```bash -$ docker trust signer-remove alice example/trust-demo example/trust-demo2 +$ docker trust signer remove alice example/trust-demo example/trust-demo2 Enter passphrase for repository key with ID 95b9e55: Successfully removed alice from example/trust-demo Enter passphrase for repository key with ID ece554f: @@ -151,10 +151,10 @@ Repository Key: ece554f14c9fc399da523a5f4e24fe306a0a6ee1cc79a10e4553d2ab20a8d926 Root Key: 3cb2228f6561e58f46dbc4cda4fcaff9d5ef22e865a94636f82450d1d2234949 ``` -`docker trust signer-remove` removes signers to repositories on a best effort basis, so it will continue to remove the signer from subsequent repositories if one attempt fails: +`docker trust signer remove` removes signers to repositories on a best effort basis, so it will continue to remove the signer from subsequent repositories if one attempt fails: ```bash -$ docker trust signer-remove alice example/unauthorized example/authorized +$ docker trust signer remove alice example/unauthorized example/authorized Removing signer "alice" from image example/unauthorized... No signer alice for image example/unauthorized