trust: define new commands and helpers

Signed-off-by: Riyaz Faizullabhoy <riyaz.faizullabhoy@docker.com>
This commit is contained in:
Riyaz Faizullabhoy 2017-09-26 11:33:54 -07:00
parent f47b1a3c6d
commit 5ab3ae7aba
3 changed files with 21 additions and 4 deletions

View File

@ -18,6 +18,10 @@ func NewTrustCommand(dockerCli command.Cli) *cobra.Command {
newViewCommand(dockerCli),
newRevokeCommand(dockerCli),
newSignCommand(dockerCli),
newKeyGenerateCommand(dockerCli),
newKeyLoadCommand(dockerCli),
newSignerAddCommand(dockerCli),
newSignerRemoveCommand(dockerCli),
)
return cmd
}

View File

@ -9,6 +9,7 @@ import (
)
const releasedRoleName = "Repo Admin"
const releasesRoleTUFName = "targets/releases"
// check if a role name is "released": either targets/releases or targets TUF roles
func isReleasedTarget(role data.RoleName) bool {
@ -31,3 +32,13 @@ func clearChangeList(notaryRepo client.Repository) error {
}
return cl.Clear("")
}
func getOrGenerateRootKeyAndInitRepo(notaryRepo client.Repository) error {
rootKey, err := getOrGenerateNotaryKey(notaryRepo, data.CanonicalRootRole)
if err != nil {
return err
}
// Initialize the notary repository with a remotely managed snapshot
// key
return notaryRepo.Initialize([]string{rootKey.ID()}, data.CanonicalSnapshotRole)
}

View File

@ -43,7 +43,8 @@ var (
ActionsPushAndPull = []string{"pull", "push"}
)
func trustDirectory() string {
// GetTrustDirectory returns the base trust directory name
func GetTrustDirectory() string {
return filepath.Join(cliconfig.Dir(), "trust")
}
@ -172,15 +173,16 @@ func GetNotaryRepository(in io.Reader, out io.Writer, userAgent string, repoInfo
tr := transport.NewTransport(base, modifiers...)
return client.NewFileCachedRepository(
trustDirectory(),
GetTrustDirectory(),
data.GUN(repoInfo.Name.Name()),
server,
tr,
getPassphraseRetriever(in, out),
GetPassphraseRetriever(in, out),
trustpinning.TrustPinConfig{})
}
func getPassphraseRetriever(in io.Reader, out io.Writer) notary.PassRetriever {
// GetPassphraseRetriever returns a passphrase retriever that utilizes Content Trust env vars
func GetPassphraseRetriever(in io.Reader, out io.Writer) notary.PassRetriever {
aliasMap := map[string]string{
"root": "root",
"snapshot": "repository",