trust: move signer and key commands down one level

Signed-off-by: Riyaz Faizullabhoy <riyaz.faizullabhoy@docker.com>
This commit is contained in:
Riyaz Faizullabhoy 2017-10-09 10:44:52 -07:00
parent 4e797eaa04
commit 532d223db4
12 changed files with 94 additions and 52 deletions

View File

@ -18,10 +18,8 @@ func NewTrustCommand(dockerCli command.Cli) *cobra.Command {
newViewCommand(dockerCli),
newRevokeCommand(dockerCli),
newSignCommand(dockerCli),
newKeyGenerateCommand(dockerCli),
newKeyLoadCommand(dockerCli),
newSignerAddCommand(dockerCli),
newSignerRemoveCommand(dockerCli),
newTrustKeyCommand(dockerCli),
newTrustSignerCommand(dockerCli),
)
return cmd
}

22
cli/command/trust/key.go Normal file
View File

@ -0,0 +1,22 @@
package trust
import (
"github.com/docker/cli/cli"
"github.com/docker/cli/cli/command"
"github.com/spf13/cobra"
)
// newTrustKeyCommand returns a cobra command for `trust key` subcommands
func newTrustKeyCommand(dockerCli command.Streams) *cobra.Command {
cmd := &cobra.Command{
Use: "key",
Short: "Manage keys for signing Docker images (experimental)",
Args: cli.NoArgs,
RunE: command.ShowHelp(dockerCli.Err()),
}
cmd.AddCommand(
newKeyGenerateCommand(dockerCli),
newKeyLoadCommand(dockerCli),
)
return cmd
}

View File

@ -21,7 +21,7 @@ import (
func newKeyGenerateCommand(dockerCli command.Streams) *cobra.Command {
cmd := &cobra.Command{
Use: "key-generate NAME [NAME...]",
Use: "generate NAME [NAME...]",
Short: "Generate and load a signing key-pair",
Args: cli.ExactArgs(1),
RunE: func(cmd *cobra.Command, args []string) error {

View File

@ -28,7 +28,7 @@ type keyLoadOptions struct {
func newKeyLoadCommand(dockerCli command.Streams) *cobra.Command {
var options keyLoadOptions
cmd := &cobra.Command{
Use: "key-load [OPTIONS] KEY",
Use: "load [OPTIONS] KEY",
Short: "Load a private key file for signing",
Args: cli.ExactArgs(1),
RunE: func(cmd *cobra.Command, args []string) error {
@ -79,7 +79,7 @@ func loadPrivKeyFromPath(privKeyImporters []utils.Importer, keyPath, keyName str
return err
}
if _, _, err := tufutils.ExtractPrivateKeyAttributes(keyBytes); err != nil {
return fmt.Errorf("provided file %s is not a supported private key - to add a signer's public key use docker trust signer-add", keyPath)
return fmt.Errorf("provided file %s is not a supported private key - to add a signer's public key use docker trust signer add", keyPath)
}
// Rewind the file pointer
if _, err := from.Seek(0, 0); err != nil {

View File

@ -204,5 +204,5 @@ func TestLoadPubKeyFailure(t *testing.T) {
// import the key to our keyStorageDir - it should fail
err = loadPrivKeyFromPath(privKeyImporters, pubKeyFilepath, "signer", cannedPasswordRetriever)
assert.Error(t, err)
assert.Contains(t, fmt.Sprintf("provided file %s is not a supported private key - to add a signer's public key use docker trust signer-add", pubKeyFilepath), err.Error())
assert.Contains(t, fmt.Sprintf("provided file %s is not a supported private key - to add a signer's public key use docker trust signer add", pubKeyFilepath), err.Error())
}

View File

@ -0,0 +1,22 @@
package trust
import (
"github.com/docker/cli/cli"
"github.com/docker/cli/cli/command"
"github.com/spf13/cobra"
)
// newTrustSignerCommand returns a cobra command for `trust signer` subcommands
func newTrustSignerCommand(dockerCli command.Cli) *cobra.Command {
cmd := &cobra.Command{
Use: "signer",
Short: "Manage entities who can sign Docker images (experimental)",
Args: cli.NoArgs,
RunE: command.ShowHelp(dockerCli.Err()),
}
cmd.AddCommand(
newSignerAddCommand(dockerCli),
newSignerRemoveCommand(dockerCli),
)
return cmd
}

View File

@ -30,7 +30,7 @@ type signerAddOptions struct {
func newSignerAddCommand(dockerCli command.Cli) *cobra.Command {
var options signerAddOptions
cmd := &cobra.Command{
Use: "signer-add [OPTIONS] NAME IMAGE [IMAGE...] ",
Use: "add [OPTIONS] NAME IMAGE [IMAGE...] ",
Short: "Add a signer",
Args: cli.RequiresMinArgs(2),
RunE: func(cmd *cobra.Command, args []string) error {

View File

@ -23,7 +23,7 @@ type signerRemoveOptions struct {
func newSignerRemoveCommand(dockerCli command.Cli) *cobra.Command {
options := signerRemoveOptions{}
cmd := &cobra.Command{
Use: "signer-remove [OPTIONS] NAME IMAGE [IMAGE...]",
Use: "remove [OPTIONS] NAME IMAGE [IMAGE...]",
Short: "Remove a signer",
Args: cli.RequiresMinArgs(2),
RunE: func(cmd *cobra.Command, args []string) error {

View File

@ -1,6 +1,6 @@
---
title: "key-generate"
description: "The key-generate command description and usage"
title: "key generate"
description: "The key generate command description and usage"
keywords: "Key, notary, trust"
---
@ -13,10 +13,10 @@ keywords: "Key, notary, trust"
will be rejected.
-->
# trust key-generate
# trust key generate
```markdown
Usage: docker trust key-generate NAME
Usage: docker trust key generate NAME
Generate and load a signing key-pair
@ -24,17 +24,17 @@ Generate and load a signing key-pair
## Description
`docker trust key-generate` generates a key-pair to be used with signing,
`docker trust key generate` generates a key-pair to be used with signing,
and loads the private key into the local docker trust keystore.
`docker trust key-generate` is currently experimental.
`docker trust key generate` is currently experimental.
## Examples
### Generate a key-pair
```bash
$ docker trust key-generate alice
$ docker trust key generate alice
Generating key for alice...
Enter passphrase for new alice key with ID 17acf3c:
@ -49,4 +49,4 @@ The private signing key is encrypted by the passphrase and loaded into the docke
All passphrase requests to sign with the key will be referred to by the provided `NAME`.
The public key component `alice.pub` will be available in the current working directory, and can
be used directly by `docker trust signer-add`.
be used directly by `docker trust signer add`.

View File

@ -1,6 +1,6 @@
---
title: "key-load"
description: "The key-load command description and usage"
title: "key load"
description: "The key load command description and usage"
keywords: "Key, notary, trust"
---
@ -13,10 +13,10 @@ keywords: "Key, notary, trust"
will be rejected.
-->
# trust key-load
# trust key load
```markdown
Usage: docker trust key-load [OPTIONS] KEY
Usage: docker trust key load [OPTIONS] KEY
Load a signing key
@ -24,9 +24,9 @@ Load a signing key
## Description
`docker trust key-load` adds private keys to the local docker trust keystore. To add a signer to a repository use `docker trust signer-add`.
`docker trust key load` adds private keys to the local docker trust keystore. To add a signer to a repository use `docker trust signer add`.
`docker trust key-load` is currently experimental.
`docker trust key load` is currently experimental.
## Examples
@ -35,7 +35,7 @@ Load a signing key
For a private key `alice.pem` with permissions `-rw-------`
```bash
$ docker trust key-load alice.pem
$ docker trust key load alice.pem
Loading key from "alice.pem"...
Enter passphrase for new signer key with ID f8097df:
@ -46,7 +46,7 @@ Successfully imported key from alice.pem
to specify a name use the `--name` flag
```bash
$ docker trust key-load --name alice-key alice.pem
$ docker trust key load --name alice-key alice.pem
Loading key from "alice.pem"...
Enter passphrase for new alice-key key with ID f8097df:

View File

@ -1,6 +1,6 @@
---
title: "signer-add"
description: "The signer-add command description and usage"
title: "signer add"
description: "The signer add command description and usage"
keywords: "signer, notary, trust"
---
@ -13,10 +13,10 @@ keywords: "signer, notary, trust"
will be rejected.
-->
# trust signer-add
# trust signer add
```markdown
Usage: docker trust signer-add [OPTIONS] NAME IMAGE [IMAGE...]
Usage: docker trust signer add [OPTIONS] NAME IMAGE [IMAGE...]
Add a signer to one or more repositories
@ -24,9 +24,9 @@ Add a signer to one or more repositories
## Description
`docker trust signer-add` adds signers to signed repositories.
`docker trust signer add` adds signers to signed repositories.
`docker trust signer-add` is currently experimental.
`docker trust signer add` is currently experimental.
## Examples
@ -50,10 +50,10 @@ Repository Key: 642692c14c9fc399da523a5f4e24fe306a0a6ee1cc79a10e4555b3c6ab02f71e
Root Key: 3cb2228f6561e58f46dbc4cda4fcaff9d5ef22e865a94636f82450d1d2234949
```
Add `alice` with `docker trust signer-add`:
Add `alice` with `docker trust signer add`:
```bash
$ docker trust signer-add alice example/trust-demo --key alice.crt
$ docker trust signer add alice example/trust-demo --key alice.crt
Adding signer "alice" to example/trust-demo...
Enter passphrase for repository key with ID 642692c:
@ -81,7 +81,7 @@ Root Key: 3cb2228f6561e58f46dbc4cda4fcaff9d5ef22e865a94636f82450d1d2234949
## Initialize a new repo and add a signer
When adding a signer on a repo for the first time, `docker trust signer-add` sets up a new repo if it doesn't exist.
When adding a signer on a repo for the first time, `docker trust signer add` sets up a new repo if it doesn't exist.
```bash
$ docker trust inspect example/trust-demo
@ -89,7 +89,7 @@ No signatures or cannot access example/trust-demo
```
```bash
$ docker trust signer-add alice example/trust-demo --key alice.crt
$ docker trust signer add alice example/trust-demo --key alice.crt
Initializing signed repository for example/trust-demo...
Enter passphrase for root key with ID 748121c:
Enter passphrase for new repository key with ID 95b9e55:
@ -149,10 +149,10 @@ Administrative keys for example/trust-demo2:
Repository Key: ece554f14c9fc399da523a5f4e24fe306a0a6ee1cc79a10e4553d2ab20a8d9268
Root Key: 3cb2228f6561e58f46dbc4cda4fcaff9d5ef22e865a94636f82450d1d2234949
```
Add `alice` to both repositories with a single `docker trust signer-add` command:
Add `alice` to both repositories with a single `docker trust signer add` command:
```bash
$ docker trust signer-add alice example/trust-demo example/trust-demo2 -k alice.crt
$ docker trust signer add alice example/trust-demo example/trust-demo2 -k alice.crt
Adding signer "alice" to example/trust-demo...
Enter passphrase for repository key with ID 95b9e55:
@ -197,10 +197,10 @@ Root Key: 3cb2228f6561e58f46dbc4cda4fcaff9d5ef22e865a94636f82450d1d2234949
```
`docker trust signer-add` adds signers to repositories on a best effort basis, so it will continue to add the signer to subsequent repositories if one attempt fails:
`docker trust signer add` adds signers to repositories on a best effort basis, so it will continue to add the signer to subsequent repositories if one attempt fails:
```bash
$ docker trust signer-add alice example/unauthorized example/authorized -k alice.crt
$ docker trust signer add alice example/unauthorized example/authorized -k alice.crt
Adding signer "alice" to example/unauthorized...
you are not authorized to perform this operation: server returned 401.

View File

@ -1,6 +1,6 @@
---
title: "signer-remove"
description: "The signer-remove command description and usage"
title: "signer remove"
description: "The signer remove command description and usage"
keywords: "signer, notary, trust"
---
@ -13,10 +13,10 @@ keywords: "signer, notary, trust"
will be rejected.
-->
# trust signer-remove
# trust signer remove
```markdown
Usage: docker trust signer-remove [OPTIONS] NAME IMAGE [IMAGE...]
Usage: docker trust signer remove [OPTIONS] NAME IMAGE [IMAGE...]
Remove a signer from one or more repositories
@ -24,9 +24,9 @@ Remove a signer from one or more repositories
## Description
`docker trust signer-remove` removes signers from signed repositories.
`docker trust signer remove` removes signers from signed repositories.
`docker trust signer-remove` is currently experimental.
`docker trust signer remove` is currently experimental.
## Examples
@ -51,10 +51,10 @@ Repository Key: ecc457614c9fc399da523a5f4e24fe306a0a6ee1cc79a10e4555b3c6ab02f71e
Root Key: 3cb2228f6561e58f46dbc4cda4fcaff9d5ef22e865a94636f82450d1d2234949
```
Remove `alice` with `docker trust signer-remove`:
Remove `alice` with `docker trust signer remove`:
```bash
$ docker trust signer-remove alice example/trust-demo
$ docker trust signer remove alice example/trust-demo
Enter passphrase for repository key with ID 642692c:
Successfully removed alice from example/trust-demo
@ -112,10 +112,10 @@ Administrative keys for example/trust-demo2:
Repository Key: ece554f14c9fc399da523a5f4e24fe306a0a6ee1cc79a10e4553d2ab20a8d9268
Root Key: 3cb2228f6561e58f46dbc4cda4fcaff9d5ef22e865a94636f82450d1d2234949
```
Remove `alice` from both images with a single `docker trust signer-remove` command:
Remove `alice` from both images with a single `docker trust signer remove` command:
```bash
$ docker trust signer-remove alice example/trust-demo example/trust-demo2
$ docker trust signer remove alice example/trust-demo example/trust-demo2
Enter passphrase for repository key with ID 95b9e55:
Successfully removed alice from example/trust-demo
Enter passphrase for repository key with ID ece554f:
@ -151,10 +151,10 @@ Repository Key: ece554f14c9fc399da523a5f4e24fe306a0a6ee1cc79a10e4553d2ab20a8d926
Root Key: 3cb2228f6561e58f46dbc4cda4fcaff9d5ef22e865a94636f82450d1d2234949
```
`docker trust signer-remove` removes signers to repositories on a best effort basis, so it will continue to remove the signer from subsequent repositories if one attempt fails:
`docker trust signer remove` removes signers to repositories on a best effort basis, so it will continue to remove the signer from subsequent repositories if one attempt fails:
```bash
$ docker trust signer-remove alice example/unauthorized example/authorized
$ docker trust signer remove alice example/unauthorized example/authorized
Removing signer "alice" from image example/unauthorized...
No signer alice for image example/unauthorized