client

package
v0.5.1 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Aug 28, 2017 License: Apache-2.0 Imports: 22 Imported by: 0

Documentation

Index

Constants

View Source
const (

	// SignWithAllOldVersions is a sentinel constant for LegacyVersions flag
	SignWithAllOldVersions = -1
)

Variables

This section is empty.

Functions

func DeleteTrustData added in v0.5.1

func DeleteTrustData(baseDir string, gun data.GUN, URL string, rt http.RoundTripper, deleteRemote bool) error

DeleteTrustData removes the trust data stored for this repo in the TUF cache on the client side Note that we will not delete any private key material from local storage

Types

type ErrInvalidLocalRole added in v0.3.0

type ErrInvalidLocalRole struct {
	Role data.RoleName
}

ErrInvalidLocalRole is returned when the client wants to manage a key type that is not permitted

func (ErrInvalidLocalRole) Error added in v0.3.0

func (err ErrInvalidLocalRole) Error() string

type ErrInvalidRemoteRole

type ErrInvalidRemoteRole struct {
	Role data.RoleName
}

ErrInvalidRemoteRole is returned when the server is requested to manage a key type that is not permitted

func (ErrInvalidRemoteRole) Error

func (err ErrInvalidRemoteRole) Error() string

type ErrNoSuchTarget added in v0.5.1

type ErrNoSuchTarget string

ErrNoSuchTarget is returned when no valid trust data is found.

func (ErrNoSuchTarget) Error added in v0.5.1

func (f ErrNoSuchTarget) Error() string

type ErrRepoNotInitialized

type ErrRepoNotInitialized struct{}

ErrRepoNotInitialized is returned when trying to publish an uninitialized notary repository

func (ErrRepoNotInitialized) Error

func (err ErrRepoNotInitialized) Error() string

type ErrRepositoryNotExist

type ErrRepositoryNotExist struct {
	// contains filtered or unexported fields
}

ErrRepositoryNotExist is returned when an action is taken on a remote repository that doesn't exist

func (ErrRepositoryNotExist) Error

func (err ErrRepositoryNotExist) Error() string

type NotaryRepository

type NotaryRepository struct {
	CryptoService signed.CryptoService

	LegacyVersions int // number of versions back to fetch roots to sign with
	// contains filtered or unexported fields
}

NotaryRepository stores all the information needed to operate on a notary repository.

func NewFileCachedNotaryRepository added in v0.5.0

func NewFileCachedNotaryRepository(baseDir string, gun data.GUN, baseURL string, rt http.RoundTripper,
	retriever notary.PassRetriever, trustPinning trustpinning.TrustPinConfig) (
	*NotaryRepository, error)

NewFileCachedNotaryRepository is a wrapper for NewNotaryRepository that initializes a file cache from the provided repository, local config information and a crypto service. It also retrieves the remote store associated to the base directory under where all the trust files will be stored and the specified GUN.

In case of a nil RoundTripper, a default offline store is used instead.

func NewNotaryRepository

func NewNotaryRepository(baseDir string, gun data.GUN, baseURL string, remoteStore store.RemoteStore, cache store.MetadataStore,
	trustPinning trustpinning.TrustPinConfig, cryptoService signed.CryptoService, cl changelist.Changelist) (
	*NotaryRepository, error)

NewNotaryRepository is the base method that returns a new notary repository. It takes the base directory under where all the trust files will be stored (This is normally defaults to "~/.notary" or "~/.docker/trust" when enabling docker content trust). It expects an initialized cache. In case of a nil remote store, a default offline store is used.

func (*NotaryRepository) AddDelegation

func (r *NotaryRepository) AddDelegation(name data.RoleName, delegationKeys []data.PublicKey, paths []string) error

AddDelegation creates changelist entries to add provided delegation public keys and paths. This method composes AddDelegationRoleAndKeys and AddDelegationPaths (each creates one changelist if called).

func (*NotaryRepository) AddDelegationPaths

func (r *NotaryRepository) AddDelegationPaths(name data.RoleName, paths []string) error

AddDelegationPaths creates a changelist entry to add provided paths to an existing delegation. This method cannot create a new delegation itself because the role must meet the key threshold upon creation.

func (*NotaryRepository) AddDelegationRoleAndKeys

func (r *NotaryRepository) AddDelegationRoleAndKeys(name data.RoleName, delegationKeys []data.PublicKey) error

AddDelegationRoleAndKeys creates a changelist entry to add provided delegation public keys. This method is the simplest way to create a new delegation, because the delegation must have at least one key upon creation to be valid since we will reject the changelist while validating the threshold.

func (*NotaryRepository) AddTarget

func (r *NotaryRepository) AddTarget(target *Target, roles ...data.RoleName) error

AddTarget creates new changelist entries to add a target to the given roles in the repository when the changelist gets applied at publish time. If roles are unspecified, the default role is "targets"

func (*NotaryRepository) ClearDelegationPaths

func (r *NotaryRepository) ClearDelegationPaths(name data.RoleName) error

ClearDelegationPaths creates a changelist entry to remove all paths from an existing delegation.

func (*NotaryRepository) GetAllTargetMetadataByName added in v0.4.0

func (r *NotaryRepository) GetAllTargetMetadataByName(name string) ([]TargetSignedStruct, error)

GetAllTargetMetadataByName searches the entire delegation role tree to find the specified target by name for all roles, and returns a list of TargetSignedStructs for each time it finds the specified target. If given an empty string for a target name, it will return back all targets signed into the repository in every role

func (*NotaryRepository) GetChangelist

func (r *NotaryRepository) GetChangelist() (changelist.Changelist, error)

GetChangelist returns the list of the repository's unpublished changes

func (*NotaryRepository) GetDelegationRoles

func (r *NotaryRepository) GetDelegationRoles() ([]data.Role, error)

GetDelegationRoles returns the keys and roles of the repository's delegations Also converts key IDs to canonical key IDs to keep consistent with signing prompts

func (*NotaryRepository) GetGUN added in v0.5.1

func (r *NotaryRepository) GetGUN() data.GUN

GetGUN is a getter for the GUN object from a NotaryRepository

func (*NotaryRepository) GetTargetByName

func (r *NotaryRepository) GetTargetByName(name string, roles ...data.RoleName) (*TargetWithRole, error)

GetTargetByName returns a target by the given name. If no roles are passed it uses the targets role and does a search of the entire delegation graph, finding the first entry in a breadth first search of the delegations. If roles are passed, they should be passed in descending priority and the target entry found in the subtree of the highest priority role will be returned. See the IMPORTANT section on ListTargets above. Those roles also apply here.

func (*NotaryRepository) Initialize

func (r *NotaryRepository) Initialize(rootKeyIDs []string, serverManagedRoles ...data.RoleName) error

Initialize creates a new repository by using rootKey as the root Key for the TUF repository. The server must be reachable (and is asked to generate a timestamp key and possibly other serverManagedRoles), but the created repository result is only stored on local disk, not published to the server. To do that, use r.Publish() eventually.

func (*NotaryRepository) InitializeWithCertificate added in v0.5.1

func (r *NotaryRepository) InitializeWithCertificate(rootKeyIDs []string, rootCerts []data.PublicKey,
	nRepo *NotaryRepository, serverManagedRoles ...data.RoleName) error

InitializeWithCertificate initializes the repository with root keys and their corresponding certificates

func (*NotaryRepository) ListRoles

func (r *NotaryRepository) ListRoles() ([]RoleWithSignatures, error)

ListRoles returns a list of RoleWithSignatures objects for this repo This represents the latest metadata for each role in this repo

func (*NotaryRepository) ListTargets

func (r *NotaryRepository) ListTargets(roles ...data.RoleName) ([]*TargetWithRole, error)

ListTargets lists all targets for the current repository. The list of roles should be passed in order from highest to lowest priority.

IMPORTANT: if you pass a set of roles such as [ "targets/a", "targets/x" "targets/a/b" ], even though "targets/a/b" is part of the "targets/a" subtree its entries will be strictly shadowed by those in other parts of the "targets/a" subtree and also the "targets/x" subtree, as we will defer parsing it until we explicitly reach it in our iteration of the provided list of roles.

func (*NotaryRepository) Publish

func (r *NotaryRepository) Publish() error

Publish pushes the local changes in signed material to the remote notary-server Conceptually it performs an operation similar to a `git rebase`

func (*NotaryRepository) RemoveDelegationKeys

func (r *NotaryRepository) RemoveDelegationKeys(name data.RoleName, keyIDs []string) error

RemoveDelegationKeys creates a changelist entry to remove provided keys from an existing delegation. When this changelist is applied, if the specified keys are the only keys left in the role, the role itself will be deleted in its entirety. It can also delete a key from all delegations under a parent using a name with a wildcard at the end.

func (*NotaryRepository) RemoveDelegationKeysAndPaths

func (r *NotaryRepository) RemoveDelegationKeysAndPaths(name data.RoleName, keyIDs, paths []string) error

RemoveDelegationKeysAndPaths creates changelist entries to remove provided delegation key IDs and paths. This method composes RemoveDelegationPaths and RemoveDelegationKeys (each creates one changelist if called).

func (*NotaryRepository) RemoveDelegationPaths

func (r *NotaryRepository) RemoveDelegationPaths(name data.RoleName, paths []string) error

RemoveDelegationPaths creates a changelist entry to remove provided paths from an existing delegation.

func (*NotaryRepository) RemoveDelegationRole

func (r *NotaryRepository) RemoveDelegationRole(name data.RoleName) error

RemoveDelegationRole creates a changelist to remove all paths and keys from a role, and delete the role in its entirety.

func (*NotaryRepository) RemoveTarget

func (r *NotaryRepository) RemoveTarget(targetName string, roles ...data.RoleName) error

RemoveTarget creates new changelist entries to remove a target from the given roles in the repository when the changelist gets applied at publish time. If roles are unspecified, the default role is "target".

func (*NotaryRepository) RotateKey

func (r *NotaryRepository) RotateKey(role data.RoleName, serverManagesKey bool, keyList []string) error

RotateKey removes all existing keys associated with the role. If no keys are specified in keyList, then this creates and adds one new key or delegates managing the key to the server. If key(s) are specified by keyList, then they are used for signing the role. These changes are staged in a changelist until publish is called.

func (*NotaryRepository) Update

func (r *NotaryRepository) Update(forWrite bool) error

Update bootstraps a trust anchor (root.json) before updating all the metadata from the repo.

func (*NotaryRepository) Witness added in v0.4.0

func (r *NotaryRepository) Witness(roles ...data.RoleName) ([]data.RoleName, error)

Witness creates change objects to witness (i.e. re-sign) the given roles on the next publish. One change is created per role

type RoleWithSignatures

type RoleWithSignatures struct {
	Signatures []data.Signature
	data.Role
}

RoleWithSignatures is a Role with its associated signatures

type TUFClient added in v0.4.0

type TUFClient struct {
	// contains filtered or unexported fields
}

TUFClient is a usability wrapper around a raw TUF repo

func NewTUFClient added in v0.4.0

func NewTUFClient(oldBuilder, newBuilder tuf.RepoBuilder, remote store.RemoteStore, cache store.MetadataStore) *TUFClient

NewTUFClient initialized a TUFClient with the given repo, remote source of content, and cache

func (*TUFClient) Update added in v0.4.0

func (c *TUFClient) Update() (*tuf.Repo, *tuf.Repo, error)

Update performs an update to the TUF repo as defined by the TUF spec

type Target

type Target struct {
	Name   string                    // the name of the target
	Hashes data.Hashes               // the hash of the target
	Length int64                     // the size in bytes of the target
	Custom *canonicaljson.RawMessage // the custom data provided to describe the file at TARGETPATH
}

Target represents a simplified version of the data TUF operates on, so external applications don't have to depend on TUF data types.

func NewTarget

func NewTarget(targetName, targetPath string, targetCustom *canonicaljson.RawMessage) (*Target, error)

NewTarget is a helper method that returns a Target

type TargetSignedStruct added in v0.4.0

type TargetSignedStruct struct {
	Role       data.DelegationRole
	Target     Target
	Signatures []data.Signature
}

TargetSignedStruct is a struct that contains a Target, the role it was found in, and the list of signatures for that role

type TargetWithRole

type TargetWithRole struct {
	Target
	Role data.RoleName
}

TargetWithRole represents a Target that exists in a particular role - this is produced by ListTargets and GetTargetByName

Directories

Path Synopsis

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL