diff --git a/cli/command/trust/cmd.go b/cli/command/trust/cmd.go index d1be0b59ad..3d184ee2e4 100644 --- a/cli/command/trust/cmd.go +++ b/cli/command/trust/cmd.go @@ -15,7 +15,7 @@ func NewTrustCommand(dockerCli command.Cli) *cobra.Command { RunE: command.ShowHelp(dockerCli.Err()), } cmd.AddCommand( - newInspectCommand(dockerCli), + newViewCommand(dockerCli), newRevokeCommand(dockerCli), newSignCommand(dockerCli), ) diff --git a/cli/command/trust/testdata/trust-inspect-full-repo-with-signers.golden b/cli/command/trust/testdata/trust-inspect-full-repo-with-signers.golden index 2486f02660..7e73f06726 100644 --- a/cli/command/trust/testdata/trust-inspect-full-repo-with-signers.golden +++ b/cli/command/trust/testdata/trust-inspect-full-repo-with-signers.golden @@ -3,7 +3,7 @@ blue 626c75652d646967657374 alice green 677265656e2d646967657374 (Repo Admin) red 7265642d646967657374 alice, bob -List of signers and their keys: +List of signers and their keys for signed-repo: SIGNER KEYS alice A diff --git a/cli/command/trust/testdata/trust-inspect-unsigned-tag-with-signers.golden b/cli/command/trust/testdata/trust-inspect-unsigned-tag-with-signers.golden index 25732066e5..c00a9feecf 100644 --- a/cli/command/trust/testdata/trust-inspect-unsigned-tag-with-signers.golden +++ b/cli/command/trust/testdata/trust-inspect-unsigned-tag-with-signers.golden @@ -2,7 +2,7 @@ No signatures for signed-repo:unsigned -List of signers and their keys: +List of signers and their keys for signed-repo: SIGNER KEYS alice A diff --git a/cli/command/trust/inspect.go b/cli/command/trust/view.go similarity index 97% rename from cli/command/trust/inspect.go rename to cli/command/trust/view.go index f634d75970..18d07585eb 100644 --- a/cli/command/trust/inspect.go +++ b/cli/command/trust/view.go @@ -47,9 +47,9 @@ func (tagComparator trustTagRowList) Swap(i, j int) { tagComparator[i], tagComparator[j] = tagComparator[j], tagComparator[i] } -func newInspectCommand(dockerCli command.Cli) *cobra.Command { +func newViewCommand(dockerCli command.Cli) *cobra.Command { cmd := &cobra.Command{ - Use: "inspect [OPTIONS] IMAGE[:TAG]", + Use: "view [OPTIONS] IMAGE[:TAG]", Short: "Display detailed information about keys and signatures", Args: cli.ExactArgs(1), RunE: func(cmd *cobra.Command, args []string) error { @@ -112,7 +112,7 @@ func lookupTrustInfo(cli command.Cli, remote string) error { // If we do not have additional signers, do not display if len(signerRoleToKeyIDs) > 0 { - fmt.Fprintf(cli.Out(), "\nList of signers and their keys:\n\n") + fmt.Fprintf(cli.Out(), "\nList of signers and their keys for %s:\n\n", strings.Split(remote, ":")[0]) printSignerInfo(cli.Out(), signerRoleToKeyIDs) } diff --git a/cli/command/trust/inspect_test.go b/cli/command/trust/view_test.go similarity index 98% rename from cli/command/trust/inspect_test.go rename to cli/command/trust/view_test.go index 97705ecd9b..c75680043a 100644 --- a/cli/command/trust/inspect_test.go +++ b/cli/command/trust/view_test.go @@ -47,7 +47,7 @@ func TestTrustInspectCommandErrors(t *testing.T) { }, } for _, tc := range testCases { - cmd := newInspectCommand( + cmd := newViewCommand( test.NewFakeCli(&fakeClient{})) cmd.SetArgs(tc.args) cmd.SetOutput(ioutil.Discard) @@ -58,14 +58,14 @@ func TestTrustInspectCommandErrors(t *testing.T) { func TestTrustInspectCommandOfflineErrors(t *testing.T) { cli := test.NewFakeCli(&fakeClient{}) cli.SetNotaryClient(getOfflineNotaryRepository) - cmd := newInspectCommand(cli) + cmd := newViewCommand(cli) cmd.SetArgs([]string{"nonexistent-reg-name.io/image"}) cmd.SetOutput(ioutil.Discard) testutil.ErrorContains(t, cmd.Execute(), "No signatures or cannot access nonexistent-reg-name.io/image") cli = test.NewFakeCli(&fakeClient{}) cli.SetNotaryClient(getOfflineNotaryRepository) - cmd = newInspectCommand(cli) + cmd = newViewCommand(cli) cmd.SetArgs([]string{"nonexistent-reg-name.io/image:tag"}) cmd.SetOutput(ioutil.Discard) testutil.ErrorContains(t, cmd.Execute(), "No signatures or cannot access nonexistent-reg-name.io/image") @@ -74,14 +74,14 @@ func TestTrustInspectCommandOfflineErrors(t *testing.T) { func TestTrustInspectCommandUninitializedErrors(t *testing.T) { cli := test.NewFakeCli(&fakeClient{}) cli.SetNotaryClient(getUninitializedNotaryRepository) - cmd := newInspectCommand(cli) + cmd := newViewCommand(cli) cmd.SetArgs([]string{"reg/unsigned-img"}) cmd.SetOutput(ioutil.Discard) testutil.ErrorContains(t, cmd.Execute(), "No signatures or cannot access reg/unsigned-img") cli = test.NewFakeCli(&fakeClient{}) cli.SetNotaryClient(getUninitializedNotaryRepository) - cmd = newInspectCommand(cli) + cmd = newViewCommand(cli) cmd.SetArgs([]string{"reg/unsigned-img:tag"}) cmd.SetOutput(ioutil.Discard) testutil.ErrorContains(t, cmd.Execute(), "No signatures or cannot access reg/unsigned-img:tag") @@ -90,7 +90,7 @@ func TestTrustInspectCommandUninitializedErrors(t *testing.T) { func TestTrustInspectCommandEmptyNotaryRepoErrors(t *testing.T) { cli := test.NewFakeCli(&fakeClient{}) cli.SetNotaryClient(getEmptyTargetsNotaryRepository) - cmd := newInspectCommand(cli) + cmd := newViewCommand(cli) cmd.SetArgs([]string{"reg/img:unsigned-tag"}) cmd.SetOutput(ioutil.Discard) assert.NoError(t, cmd.Execute()) @@ -99,7 +99,7 @@ func TestTrustInspectCommandEmptyNotaryRepoErrors(t *testing.T) { cli = test.NewFakeCli(&fakeClient{}) cli.SetNotaryClient(getEmptyTargetsNotaryRepository) - cmd = newInspectCommand(cli) + cmd = newViewCommand(cli) cmd.SetArgs([]string{"reg/img"}) cmd.SetOutput(ioutil.Discard) assert.NoError(t, cmd.Execute()) @@ -110,7 +110,7 @@ func TestTrustInspectCommandEmptyNotaryRepoErrors(t *testing.T) { func TestTrustInspectCommandFullRepoWithoutSigners(t *testing.T) { cli := test.NewFakeCli(&fakeClient{}) cli.SetNotaryClient(getLoadedWithNoSignersNotaryRepository) - cmd := newInspectCommand(cli) + cmd := newViewCommand(cli) cmd.SetArgs([]string{"signed-repo"}) assert.NoError(t, cmd.Execute()) @@ -120,7 +120,7 @@ func TestTrustInspectCommandFullRepoWithoutSigners(t *testing.T) { func TestTrustInspectCommandOneTagWithoutSigners(t *testing.T) { cli := test.NewFakeCli(&fakeClient{}) cli.SetNotaryClient(getLoadedWithNoSignersNotaryRepository) - cmd := newInspectCommand(cli) + cmd := newViewCommand(cli) cmd.SetArgs([]string{"signed-repo:green"}) assert.NoError(t, cmd.Execute()) @@ -130,7 +130,7 @@ func TestTrustInspectCommandOneTagWithoutSigners(t *testing.T) { func TestTrustInspectCommandFullRepoWithSigners(t *testing.T) { cli := test.NewFakeCli(&fakeClient{}) cli.SetNotaryClient(getLoadedNotaryRepository) - cmd := newInspectCommand(cli) + cmd := newViewCommand(cli) cmd.SetArgs([]string{"signed-repo"}) assert.NoError(t, cmd.Execute()) @@ -140,7 +140,7 @@ func TestTrustInspectCommandFullRepoWithSigners(t *testing.T) { func TestTrustInspectCommandUnsignedTagInSignedRepo(t *testing.T) { cli := test.NewFakeCli(&fakeClient{}) cli.SetNotaryClient(getLoadedNotaryRepository) - cmd := newInspectCommand(cli) + cmd := newViewCommand(cli) cmd.SetArgs([]string{"signed-repo:unsigned"}) assert.NoError(t, cmd.Execute()) diff --git a/docs/reference/commandline/trust_revoke.md b/docs/reference/commandline/trust_revoke.md index 904c4767ed..58b9d9df55 100644 --- a/docs/reference/commandline/trust_revoke.md +++ b/docs/reference/commandline/trust_revoke.md @@ -37,12 +37,12 @@ Here's an example of a repo with two signed tags: ```bash -$ docker trust inspect example/trust-demo +$ docker trust view example/trust-demo SIGNED TAG DIGEST SIGNERS red 852cc04935f930a857b630edc4ed6131e91b22073bcc216698842e44f64d2943 alice blue f1c38dbaeeb473c36716f6494d803fbfbe9d8a76916f7c0093f227821e378197 alice, bob -List of signers and their keys: +List of signers and their keys for example/trust-demo: SIGNER KEYS alice 05e87edcaecb @@ -64,11 +64,11 @@ Successfully deleted signature for example/trust-demo:red After revocation, the tag is removed from the list of released tags: ```bash -$ docker trust inspect example/trust-demo +$ docker trust view example/trust-demo SIGNED TAG DIGEST SIGNERS blue f1c38dbaeeb473c36716f6494d803fbfbe9d8a76916f7c0093f227821e378197 alice, bob -List of signers and their keys: +List of signers and their keys for example/trust-demo: SIGNER KEYS alice 05e87edcaecb @@ -84,12 +84,12 @@ Root Key: 3cb2228f6561e58f46dbc4cda4fcaff9d5ef22e865a94636f82450d1d2234949 When no tag is specified, `docker trust` revokes all signatures that you have a signing key for. ```bash -$ docker trust inspect example/trust-demo +$ docker trust view example/trust-demo SIGNED TAG DIGEST SIGNERS red 852cc04935f930a857b630edc4ed6131e91b22073bcc216698842e44f64d2943 alice blue f1c38dbaeeb473c36716f6494d803fbfbe9d8a76916f7c0093f227821e378197 alice, bob -List of signers and their keys: +List of signers and their keys for example/trust-demo: SIGNER KEYS alice 05e87edcaecb @@ -112,12 +112,12 @@ Successfully deleted signature for example/trust-demo All tags that have `alice`'s signature on them are removed from the list of released tags: ```bash -$ docker trust inspect example/trust-demo +$ docker trust view example/trust-demo No signatures for example/trust-demo -List of signers and their keys: +List of signers and their keys for example/trust-demo: SIGNER KEYS alice 05e87edcaecb diff --git a/docs/reference/commandline/trust_sign.md b/docs/reference/commandline/trust_sign.md index 51a3428015..a4bbbd5cfa 100644 --- a/docs/reference/commandline/trust_sign.md +++ b/docs/reference/commandline/trust_sign.md @@ -33,7 +33,7 @@ Sign an image Given an image: ```bash -$ docker trust inspect example/trust-demo +$ docker trust view example/trust-demo SIGNED TAG DIGEST SIGNERS v1 c24134c079c35e698060beabe110bb83ab285d0d978de7d92fed2c8c83570a41 (Repo Admin) @@ -61,10 +61,10 @@ Enter passphrase for repository key with ID 36d4c36: Successfully signed "docker.io/example/trust-demo":v2 ``` -`docker trust inspect` lists the new signature: +`docker trust view` lists the new signature: ```bash -$ docker trust inspect example/trust-demo +$ docker trust view example/trust-demo SIGNED TAG DIGEST SIGNERS v1 c24134c079c35e698060beabe110bb83ab285d0d978de7d92fed2c8c83570a41 (Repo Admin) v2 8f6f460abf0436922df7eb06d28b3cdf733d2cac1a185456c26debbff0839c56 (Repo Admin) @@ -79,12 +79,12 @@ Root Key: 246d360f7c53a9021ee7d4259e3c5692f3f1f7ad4737b1ea8c7b8da741ad980b Given an image: ```bash -$ docker trust inspect example/trust-demo +$ docker trust view example/trust-demo No signatures for example/trust-demo -List of signers and their keys: +List of signers and their keys for example/trust-demo: SIGNER KEYS alice 05e87edcaecb @@ -112,14 +112,14 @@ Enter passphrase for delegation key with ID 27d42a8: Successfully signed "docker.io/example/trust-demo":v1 ``` -`docker trust inspect` lists the new signature: +`docker trust view` lists the new signature: ```bash -$ docker trust inspect example/trust-demo +$ docker trust view example/trust-demo SIGNED TAG DIGEST SIGNERS v1 74d4bfa917d55d53c7df3d2ab20a8d926874d61c3da5ef6de15dd2654fc467c4 alice -List of signers and their keys: +List of signers and their keys for example/trust-demo: SIGNER KEYS alice 05e87edcaecb @@ -135,7 +135,7 @@ Root Key: 3cb2228f6561e58f46dbc4cda4fcaff9d5ef22e865a94636f82450d1d2234949 When signing an image on a repo for the first time, `docker trust sign` sets up new keys before signing the image. ```bash -$ docker trust inspect example/trust-demo +$ docker trust view example/trust-demo No signatures or cannot access example/trust-demo ``` @@ -164,11 +164,11 @@ Successfully signed "docker.io/example/trust-demo":v1 ``` ```bash -$ docker trust inspect example/trust-demo +$ docker trust view example/trust-demo SIGNED TAG DIGEST SIGNERS v1 8f6f460abf0436922df7eb06d28b3cdf733d2cac1a185456c26debbff0839c56 alice -List of signers and their keys: +List of signers and their keys for example/trust-demo: SIGNER KEYS alice 6d52b29d940f diff --git a/docs/reference/commandline/trust_inspect.md b/docs/reference/commandline/trust_view.md similarity index 85% rename from docs/reference/commandline/trust_inspect.md rename to docs/reference/commandline/trust_view.md index 54c40455ee..f64c2a2dd6 100644 --- a/docs/reference/commandline/trust_inspect.md +++ b/docs/reference/commandline/trust_view.md @@ -1,7 +1,7 @@ --- -title: "trust inspect" -description: "The inspect command description and usage" -keywords: "inspect, notary, trust" +title: "trust view" +description: "The view command description and usage" +keywords: "view, notary, trust" --- -# trust inspect +# trust view ```markdown -Usage: docker trust inspect [OPTIONS] IMAGE[:TAG] +Usage: docker trust view [OPTIONS] IMAGE[:TAG] Display detailed information about keys and signatures @@ -24,11 +24,11 @@ Display detailed information about keys and signatures ## Description -`docker trust inspect` provides detailed information on signed repositories. +`docker trust view` provides detailed information on signed repositories. This includes all image tags that are signed, who signed them, and who can sign new tags. -By default, `docker trust inspect` renders results in a table. +By default, `docker trust view` renders results in a table. ## Examples @@ -37,7 +37,7 @@ By default, `docker trust inspect` renders results in a table. ```bash -$ docker trust inspect alpine:latest +$ docker trust view alpine:latest SIGNED TAG DIGEST SIGNERS latest 1072e499f3f655a032e88542330cf75b02e7bdf673278f701d7ba61629ee3ebe (Repo Admin) @@ -51,10 +51,10 @@ The `SIGNED TAG` is the signed image tag with a unique content-addressable `DIGE The administrative keys listed specify the root key of trust, as well as the administrative repository key. These keys are responsible for modifying signers, and rotating keys for the signed repository. -If signers are set up for the repository via other `docker trust` commands, `docker trust inspect` displays them appropriately as a `SIGNER` and specify their `KEYS`: +If signers are set up for the repository via other `docker trust` commands, `docker trust view` displays them appropriately as a `SIGNER` and specify their `KEYS`: ```bash -$ docker trust inspect my-image:purple +$ docker trust view my-image:purple SIGNED TAG DIGEST SIGNERS purple 941d3dba358621ce3c41ef67b47cf80f701ff80cdf46b5cc86587eaebfe45557 alice, bob, carol @@ -70,17 +70,17 @@ Repository Key: 27df2c8187e7543345c2e0bf3a1262e0bc63a72754e9a7395eac3f747ec23a44 Root Key: 40b66ccc8b176be8c7d365a17f3e046d1c3494e053dd57cfeacfe2e19c4f8e8f ``` -If the image tag is unsigned or unavailable, `docker trust inspect` does not display any signed tags. +If the image tag is unsigned or unavailable, `docker trust view` does not display any signed tags. ```bash -$ docker trust inspect unsigned-img +$ docker trust view unsigned-img No signatures or cannot access unsigned-img ``` -However, if other tags are signed in the same image repository, `docker trust inspect` reports relevant key information. +However, if other tags are signed in the same image repository, `docker trust view` reports relevant key information. ```bash -$ docker trust inspect alpine:unsigned +$ docker trust view alpine:unsigned No signatures for alpine:unsigned @@ -93,7 +93,7 @@ Root Key: a2489bcac7a79aa67b19b96c4a3bf0c675ffdf00c6d2fabe1a5df1115e80adce ### Get details about signatures for all image tags in a repository ```bash -$ docker trust inspect alpine +$ docker trust view alpine SIGNED TAG DIGEST SIGNERS 2.6 9ace551613070689a12857d62c30ef0daa9a376107ec0fff0e34786cedb3399b (Repo Admin) 2.7 9f08005dff552038f0ad2f46b8e65ff3d25641747d3912e3ea8da6785046561a (Repo Admin) @@ -114,7 +114,7 @@ Root Key: a2489bcac7a79aa67b19b96c4a3bf0c675ffdf00c6d2fabe1a5df1115e80adce Here's an example with signers that are set up by `docker trust` commands: ```bash -$ docker trust inspect my-image +$ docker trust view my-image SIGNED TAG DIGEST SIGNERS red 852cc04935f930a857b630edc4ed6131e91b22073bcc216698842e44f64d2943 alice blue f1c38dbaeeb473c36716f6494d803fbfbe9d8a76916f7c0093f227821e378197 alice, bob @@ -123,7 +123,7 @@ yellow 9cc65fc3126790e683d1b92f307a71f48f75fa7dd47a7b03145a123eaf0b purple 941d3dba358621ce3c41ef67b47cf80f701ff80cdf46b5cc86587eaebfe45557 alice, bob, carol orange d6c271baa6d271bcc24ef1cbd65abf39123c17d2e83455bdab545a1a9093fc1c alice -List of signers and their keys: +List of signers and their keys for my-image: SIGNER KEYS alice 47caae5b3e61, a85aab9d20a4