Merge pull request #575 from eiais/local-flag

trust sign: add --local flag
2017-11-07 14:15:53 -05:00 · 2017-11-07 14:15:53 -05:00 · ee0615dc97
parent 025f51ca93 f5a50650d6
commit ee0615dc97
3 changed files with 31 additions and 5 deletions
--- a/cli/command/trust/sign.go
+++ b/cli/command/trust/sign.go
@ -18,19 +18,29 @@ import (
 	"github.com/theupdateframework/notary/tuf/data"
 )
 type signOptions struct {
 	local     bool
 	imageName string
 }
 func newSignCommand(dockerCli command.Cli) *cobra.Command {
 	options := signOptions{}
 	cmd := &cobra.Command{
 		Use:   "sign IMAGE:TAG",
 		Short: "Sign an image",
 		Args:  cli.ExactArgs(1),
 		RunE: func(cmd *cobra.Command, args []string) error {
-			return runSignImage(dockerCli, args[0])
+			options.imageName = args[0]
 			return runSignImage(dockerCli, options)
 		},
 	}
 	flags := cmd.Flags()
 	flags.BoolVar(&options.local, "local", false, "Sign a locally tagged image")
 	return cmd
 }
-func runSignImage(cli command.Cli, imageName string) error {
+func runSignImage(cli command.Cli, options signOptions) error {
 	imageName := options.imageName
 	ctx := context.Background()
 	imgRefAndAuth, err := trust.GetImageReferencesAndAuth(ctx, image.AuthResolver(cli), imageName)
 	if err != nil {
@ -71,13 +81,15 @@ func runSignImage(cli command.Cli, imageName string) error {
 	}
 	requestPrivilege := command.RegistryAuthenticationPrivilegedFunc(cli, imgRefAndAuth.RepoInfo().Index, "push")
 	target, err := createTarget(notaryRepo, imgRefAndAuth.Tag())
-	if err != nil {
+	if err != nil || options.local {
 		switch err := err.(type) {
-		case client.ErrNoSuchTarget, client.ErrRepositoryNotExist:
+		// If the error is nil then the local flag is set
 		case client.ErrNoSuchTarget, client.ErrRepositoryNotExist, nil:
 			// Fail fast if the image doesn't exist locally
 			if err := checkLocalImageExistence(ctx, cli, imageName); err != nil {
 				return err
 			}
 			fmt.Fprintf(cli.Err(), "Signing and pushing trust data for local image %s, may overwrite remote trust data\n", imageName)
 			return image.TrustedPush(ctx, cli, imgRefAndAuth.RepoInfo(), imgRefAndAuth.Reference(), *imgRefAndAuth.AuthConfig(), requestPrivilege)
 		default:
 			return err
--- a/cli/command/trust/sign_test.go
+++ b/cli/command/trust/sign_test.go
@ -296,3 +296,13 @@ func TestSignCommandChangeListIsCleanedOnError(t *testing.T) {
 	require.NoError(t, err)
 	assert.Equal(t, len(cl.List()), 0)
 }
 func TestSignCommandLocalFlag(t *testing.T) {
 	cli := test.NewFakeCli(&fakeClient{})
 	cli.SetNotaryClient(getEmptyTargetsNotaryRepository)
 	cmd := newSignCommand(cli)
 	cmd.SetArgs([]string{"--local", "reg-name.io/image:red"})
 	cmd.SetOutput(ioutil.Discard)
 	testutil.ErrorContains(t, cmd.Execute(), "error during connect: Get /images/reg-name.io/image:red/json: unsupported protocol scheme")
 }
--- a/docs/reference/commandline/trust_sign.md
+++ b/docs/reference/commandline/trust_sign.md
@ -16,10 +16,14 @@ keywords: "sign, notary, trust"
 # trust sign
 ```markdown
-Usage:  docker trust sign IMAGE:TAG
+Usage:  docker trust sign [OPTIONS] IMAGE:TAG
 Sign an image
 Options:
      --help    print usage
      --local   force the signing of a local image
 ```
 ## Description