trust: move signer and key commands down one level

Signed-off-by: Riyaz Faizullabhoy <riyaz.faizullabhoy@docker.com>
2017-10-09 10:44:52 -07:00 · 2017-10-09 10:44:52 -07:00 · 532d223db4
parent 4e797eaa04
commit 532d223db4
12 changed files with 94 additions and 52 deletions
--- a/cli/command/trust/cmd.go
+++ b/cli/command/trust/cmd.go
@ -18,10 +18,8 @@ func NewTrustCommand(dockerCli command.Cli) *cobra.Command {
 		newViewCommand(dockerCli),
 		newRevokeCommand(dockerCli),
 		newSignCommand(dockerCli),
-		newKeyGenerateCommand(dockerCli),
-		newKeyLoadCommand(dockerCli),
-		newSignerAddCommand(dockerCli),
-		newSignerRemoveCommand(dockerCli),
+		newTrustKeyCommand(dockerCli),
+		newTrustSignerCommand(dockerCli),
 	)
 	return cmd
 }
--- a/cli/command/trust/key.go
+++ b/cli/command/trust/key.go
@ -0,0 +1,22 @@
+package trust
+
+import (
+	"github.com/docker/cli/cli"
+	"github.com/docker/cli/cli/command"
+	"github.com/spf13/cobra"
+)
+
+// newTrustKeyCommand returns a cobra command for `trust key` subcommands
+func newTrustKeyCommand(dockerCli command.Streams) *cobra.Command {
+	cmd := &cobra.Command{
+		Use:   "key",
+		Short: "Manage keys for signing Docker images (experimental)",
+		Args:  cli.NoArgs,
+		RunE:  command.ShowHelp(dockerCli.Err()),
+	}
+	cmd.AddCommand(
+		newKeyGenerateCommand(dockerCli),
+		newKeyLoadCommand(dockerCli),
+	)
+	return cmd
+}
--- a/cli/command/trust/key_generate.go
+++ b/cli/command/trust/key_generate.go
@ -21,7 +21,7 @@ import (

 func newKeyGenerateCommand(dockerCli command.Streams) *cobra.Command {
 	cmd := &cobra.Command{
-		Use:   "key-generate NAME [NAME...]",
+		Use:   "generate NAME [NAME...]",
 		Short: "Generate and load a signing key-pair",
 		Args:  cli.ExactArgs(1),
 		RunE: func(cmd *cobra.Command, args []string) error {
--- a/cli/command/trust/key_load.go
+++ b/cli/command/trust/key_load.go
@ -28,7 +28,7 @@ type keyLoadOptions struct {
 func newKeyLoadCommand(dockerCli command.Streams) *cobra.Command {
 	var options keyLoadOptions
 	cmd := &cobra.Command{
-		Use:   "key-load [OPTIONS] KEY",
+		Use:   "load [OPTIONS] KEY",
 		Short: "Load a private key file for signing",
 		Args:  cli.ExactArgs(1),
 		RunE: func(cmd *cobra.Command, args []string) error {
@ -79,7 +79,7 @@ func loadPrivKeyFromPath(privKeyImporters []utils.Importer, keyPath, keyName str
 		return err
 	}
 	if _, _, err := tufutils.ExtractPrivateKeyAttributes(keyBytes); err != nil {
-		return fmt.Errorf("provided file %s is not a supported private key - to add a signer's public key use docker trust signer-add", keyPath)
+		return fmt.Errorf("provided file %s is not a supported private key - to add a signer's public key use docker trust signer add", keyPath)
 	}
 	// Rewind the file pointer
 	if _, err := from.Seek(0, 0); err != nil {
--- a/cli/command/trust/key_load_test.go
+++ b/cli/command/trust/key_load_test.go
@ -204,5 +204,5 @@ func TestLoadPubKeyFailure(t *testing.T) {
 	// import the key to our keyStorageDir - it should fail
 	err = loadPrivKeyFromPath(privKeyImporters, pubKeyFilepath, "signer", cannedPasswordRetriever)
 	assert.Error(t, err)
-	assert.Contains(t, fmt.Sprintf("provided file %s is not a supported private key - to add a signer's public key use docker trust signer-add", pubKeyFilepath), err.Error())
+	assert.Contains(t, fmt.Sprintf("provided file %s is not a supported private key - to add a signer's public key use docker trust signer add", pubKeyFilepath), err.Error())
 }
--- a/cli/command/trust/signer.go
+++ b/cli/command/trust/signer.go
@ -0,0 +1,22 @@
+package trust
+
+import (
+	"github.com/docker/cli/cli"
+	"github.com/docker/cli/cli/command"
+	"github.com/spf13/cobra"
+)
+
+// newTrustSignerCommand returns a cobra command for `trust signer` subcommands
+func newTrustSignerCommand(dockerCli command.Cli) *cobra.Command {
+	cmd := &cobra.Command{
+		Use:   "signer",
+		Short: "Manage entities who can sign Docker images (experimental)",
+		Args:  cli.NoArgs,
+		RunE:  command.ShowHelp(dockerCli.Err()),
+	}
+	cmd.AddCommand(
+		newSignerAddCommand(dockerCli),
+		newSignerRemoveCommand(dockerCli),
+	)
+	return cmd
+}
--- a/cli/command/trust/signer_add.go
+++ b/cli/command/trust/signer_add.go
@ -30,7 +30,7 @@ type signerAddOptions struct {
 func newSignerAddCommand(dockerCli command.Cli) *cobra.Command {
 	var options signerAddOptions
 	cmd := &cobra.Command{
-		Use:   "signer-add [OPTIONS] NAME IMAGE [IMAGE...] ",
+		Use:   "add [OPTIONS] NAME IMAGE [IMAGE...] ",
 		Short: "Add a signer",
 		Args:  cli.RequiresMinArgs(2),
 		RunE: func(cmd *cobra.Command, args []string) error {
--- a/cli/command/trust/signer_remove.go
+++ b/cli/command/trust/signer_remove.go
@ -23,7 +23,7 @@ type signerRemoveOptions struct {
 func newSignerRemoveCommand(dockerCli command.Cli) *cobra.Command {
 	options := signerRemoveOptions{}
 	cmd := &cobra.Command{
-		Use:   "signer-remove [OPTIONS] NAME IMAGE [IMAGE...]",
+		Use:   "remove [OPTIONS] NAME IMAGE [IMAGE...]",
 		Short: "Remove a signer",
 		Args:  cli.RequiresMinArgs(2),
 		RunE: func(cmd *cobra.Command, args []string) error {
--- a/docs/reference/commandline/trust_key_generate.md
+++ b/docs/reference/commandline/trust_key_generate.md
@ -1,6 +1,6 @@
 ---
-title: "key-generate"
-description: "The key-generate command description and usage"
+title: "key generate"
+description: "The key generate command description and usage"
 keywords: "Key, notary, trust"
 ---

@ -13,10 +13,10 @@ keywords: "Key, notary, trust"
     will be rejected.
 -->

-# trust key-generate
+# trust key generate

 ```markdown
-Usage:  docker trust key-generate NAME
+Usage:  docker trust key generate NAME

 Generate and load a signing key-pair

@ -24,17 +24,17 @@ Generate and load a signing key-pair

 ## Description

-`docker trust key-generate` generates a key-pair to be used with signing,
+`docker trust key generate` generates a key-pair to be used with signing,
 and loads the private key into the local docker trust keystore.

-`docker trust key-generate` is currently experimental.
+`docker trust key generate` is currently experimental.

 ## Examples

 ### Generate a key-pair

 ```bash
-$ docker trust key-generate alice
+$ docker trust key generate alice

 Generating key for alice...
 Enter passphrase for new alice key with ID 17acf3c:
@ -49,4 +49,4 @@ The private signing key is encrypted by the passphrase and loaded into the docke
 All passphrase requests to sign with the key will be referred to by the provided `NAME`.

 The public key component `alice.pub` will be available in the current working directory, and can
-be used directly by `docker trust signer-add`.
+be used directly by `docker trust signer add`.
--- a/docs/reference/commandline/trust_key_load.md
+++ b/docs/reference/commandline/trust_key_load.md
@ -1,6 +1,6 @@
 ---
-title: "key-load"
-description: "The key-load command description and usage"
+title: "key load"
+description: "The key load command description and usage"
 keywords: "Key, notary, trust"
 ---

@ -13,10 +13,10 @@ keywords: "Key, notary, trust"
     will be rejected.
 -->

-# trust key-load
+# trust key load

 ```markdown
-Usage:  docker trust key-load [OPTIONS] KEY 
+Usage:  docker trust key load [OPTIONS] KEY

 Load a signing key

@ -24,9 +24,9 @@ Load a signing key

 ## Description

-`docker trust key-load` adds private keys to the local docker trust keystore. To add a signer to a repository use `docker trust signer-add`.
+`docker trust key load` adds private keys to the local docker trust keystore. To add a signer to a repository use `docker trust signer add`.

-`docker trust key-load` is currently experimental.
+`docker trust key load` is currently experimental.

 ## Examples

@ -35,7 +35,7 @@ Load a signing key
 For a private key `alice.pem` with permissions `-rw-------`

 ```bash
-$ docker trust key-load alice.pem
+$ docker trust key load alice.pem

 Loading key from "alice.pem"...
 Enter passphrase for new signer key with ID f8097df: 
@ -46,7 +46,7 @@ Successfully imported key from alice.pem
 to specify a name use the `--name` flag

 ```bash
-$ docker trust key-load --name alice-key alice.pem
+$ docker trust key load --name alice-key alice.pem

 Loading key from "alice.pem"...
 Enter passphrase for new alice-key key with ID f8097df: 
--- a/docs/reference/commandline/trust_signer_add.md
+++ b/docs/reference/commandline/trust_signer_add.md
@ -1,6 +1,6 @@
 ---
-title: "signer-add"
-description: "The signer-add command description and usage"
+title: "signer add"
+description: "The signer add command description and usage"
 keywords: "signer, notary, trust"
 ---

@ -13,10 +13,10 @@ keywords: "signer, notary, trust"
     will be rejected.
 -->

-# trust signer-add
+# trust signer add

 ```markdown
-Usage:  docker trust signer-add [OPTIONS] NAME IMAGE [IMAGE...]
+Usage:  docker trust signer add [OPTIONS] NAME IMAGE [IMAGE...]

 Add a signer to one or more repositories

@ -24,9 +24,9 @@ Add a signer to one or more repositories

 ## Description

-`docker trust signer-add` adds signers to signed repositories.
+`docker trust signer add` adds signers to signed repositories.

-`docker trust signer-add` is currently experimental.
+`docker trust signer add` is currently experimental.

 ## Examples

@ -50,10 +50,10 @@ Repository Key:	642692c14c9fc399da523a5f4e24fe306a0a6ee1cc79a10e4555b3c6ab02f71e
 Root Key:	3cb2228f6561e58f46dbc4cda4fcaff9d5ef22e865a94636f82450d1d2234949
 ```

-Add `alice` with `docker trust signer-add`:
+Add `alice` with `docker trust signer add`:

 ```bash
-$ docker trust signer-add alice example/trust-demo --key alice.crt
+$ docker trust signer add alice example/trust-demo --key alice.crt
  
  Adding signer "alice" to example/trust-demo...
  Enter passphrase for repository key with ID 642692c: 
@ -81,7 +81,7 @@ Root Key:	3cb2228f6561e58f46dbc4cda4fcaff9d5ef22e865a94636f82450d1d2234949

 ## Initialize a new repo and add a signer

-When adding a signer on a repo for the first time, `docker trust signer-add` sets up a new repo if it doesn't exist.
+When adding a signer on a repo for the first time, `docker trust signer add` sets up a new repo if it doesn't exist.

 ```bash
 $ docker trust inspect example/trust-demo
@ -89,7 +89,7 @@ No signatures or cannot access example/trust-demo
 ```

 ```bash
-$ docker trust signer-add alice example/trust-demo --key alice.crt
+$ docker trust signer add alice example/trust-demo --key alice.crt
 Initializing signed repository for example/trust-demo...
 Enter passphrase for root key with ID 748121c: 
 Enter passphrase for new repository key with ID 95b9e55: 
@ -149,10 +149,10 @@ Administrative keys for example/trust-demo2:
 Repository Key:	ece554f14c9fc399da523a5f4e24fe306a0a6ee1cc79a10e4553d2ab20a8d9268
 Root Key:	3cb2228f6561e58f46dbc4cda4fcaff9d5ef22e865a94636f82450d1d2234949
 ```
-Add `alice` to both repositories with a single `docker trust signer-add` command:
+Add `alice` to both repositories with a single `docker trust signer add` command:

 ```bash
-$ docker trust signer-add alice example/trust-demo example/trust-demo2 -k alice.crt
+$ docker trust signer add alice example/trust-demo example/trust-demo2 -k alice.crt

 Adding signer "alice" to example/trust-demo...
 Enter passphrase for repository key with ID 95b9e55: 
@ -197,10 +197,10 @@ Root Key:	3cb2228f6561e58f46dbc4cda4fcaff9d5ef22e865a94636f82450d1d2234949
 ```


-`docker trust signer-add` adds signers to repositories on a best effort basis, so it will continue to add the signer to subsequent repositories if one attempt fails:
+`docker trust signer add` adds signers to repositories on a best effort basis, so it will continue to add the signer to subsequent repositories if one attempt fails:

 ```bash
-$ docker trust signer-add alice example/unauthorized example/authorized -k alice.crt
+$ docker trust signer add alice example/unauthorized example/authorized -k alice.crt

 Adding signer "alice" to example/unauthorized...
 you are not authorized to perform this operation: server returned 401.
--- a/docs/reference/commandline/trust_signer_remove.md
+++ b/docs/reference/commandline/trust_signer_remove.md
@ -1,6 +1,6 @@
 ---
-title: "signer-remove"
-description: "The signer-remove command description and usage"
+title: "signer remove"
+description: "The signer remove command description and usage"
 keywords: "signer, notary, trust"
 ---

@ -13,10 +13,10 @@ keywords: "signer, notary, trust"
     will be rejected.
 -->

-# trust signer-remove
+# trust signer remove

 ```markdown
-Usage:  docker trust signer-remove [OPTIONS] NAME IMAGE [IMAGE...]
+Usage:  docker trust signer remove [OPTIONS] NAME IMAGE [IMAGE...]

 Remove a signer from one or more repositories

@ -24,9 +24,9 @@ Remove a signer from one or more repositories

 ## Description

-`docker trust signer-remove` removes signers from signed repositories.
+`docker trust signer remove` removes signers from signed repositories.

-`docker trust signer-remove` is currently experimental.
+`docker trust signer remove` is currently experimental.

 ## Examples

@ -51,10 +51,10 @@ Repository Key:	ecc457614c9fc399da523a5f4e24fe306a0a6ee1cc79a10e4555b3c6ab02f71e
 Root Key:	3cb2228f6561e58f46dbc4cda4fcaff9d5ef22e865a94636f82450d1d2234949
 ```

-Remove `alice` with `docker trust signer-remove`:
+Remove `alice` with `docker trust signer remove`:

 ```bash
-$ docker trust signer-remove alice example/trust-demo
+$ docker trust signer remove alice example/trust-demo
  Enter passphrase for repository key with ID 642692c: 
  Successfully removed alice from example/trust-demo

@ -112,10 +112,10 @@ Administrative keys for example/trust-demo2:
 Repository Key:	ece554f14c9fc399da523a5f4e24fe306a0a6ee1cc79a10e4553d2ab20a8d9268
 Root Key:	3cb2228f6561e58f46dbc4cda4fcaff9d5ef22e865a94636f82450d1d2234949
 ```
-Remove `alice` from both images with a single `docker trust signer-remove` command:
+Remove `alice` from both images with a single `docker trust signer remove` command:

 ```bash
-$ docker trust signer-remove alice example/trust-demo example/trust-demo2
+$ docker trust signer remove alice example/trust-demo example/trust-demo2
 Enter passphrase for repository key with ID 95b9e55: 
 Successfully removed alice from example/trust-demo
 Enter passphrase for repository key with ID ece554f: 
@ -151,10 +151,10 @@ Repository Key:	ece554f14c9fc399da523a5f4e24fe306a0a6ee1cc79a10e4553d2ab20a8d926
 Root Key:	3cb2228f6561e58f46dbc4cda4fcaff9d5ef22e865a94636f82450d1d2234949
 ```

-`docker trust signer-remove` removes signers to repositories on a best effort basis, so it will continue to remove the signer from subsequent repositories if one attempt fails:
+`docker trust signer remove` removes signers to repositories on a best effort basis, so it will continue to remove the signer from subsequent repositories if one attempt fails:

 ```bash
-$ docker trust signer-remove alice example/unauthorized example/authorized
+$ docker trust signer remove alice example/unauthorized example/authorized

 Removing signer "alice" from image example/unauthorized...
 No signer alice for image example/unauthorized