Skip to content

Commit

Permalink
move tuf.Client beside NotaryRepository
Browse files Browse the repository at this point in the history
rough witness implementation
Signed-off-by: David Lawrence <[email protected]> (github: endophage)
  • Loading branch information
David Lawrence committed Jul 26, 2016
1 parent 3e07391 commit 5cecf3b
Show file tree
Hide file tree
Showing 12 changed files with 183 additions and 113 deletions.
1 change: 1 addition & 0 deletions client/changelist/change.go
Original file line number Diff line number Diff line change
Expand Up @@ -23,6 +23,7 @@ const (
TypeRootRole = "role"
TypeTargetsTarget = "target"
TypeTargetsDelegation = "delegation"
TypeWitness = "witness"
)

// TUFChange represents a change to a TUF repo
Expand Down
17 changes: 9 additions & 8 deletions client/client.go
Original file line number Diff line number Diff line change
Expand Up @@ -20,7 +20,6 @@ import (
"github.com/docker/notary/trustmanager"
"github.com/docker/notary/trustpinning"
"github.com/docker/notary/tuf"
tufclient "github.com/docker/notary/tuf/client"
"github.com/docker/notary/tuf/data"
"github.com/docker/notary/tuf/signed"
"github.com/docker/notary/tuf/utils"
Expand Down Expand Up @@ -85,6 +84,7 @@ type NotaryRepository struct {
fileStore store.MetadataStore
CryptoService signed.CryptoService
tufRepo *tuf.Repo
invalid *tuf.Repo // known data that was parsable but deemed invalid
roundTrip http.RoundTripper
trustPinning trustpinning.TrustPinConfig
}
Expand Down Expand Up @@ -608,7 +608,7 @@ func (r *NotaryRepository) publish(cl changelist.Changelist) error {
}
}
// apply the changelist to the repo
if err := applyChangelist(r.tufRepo, cl); err != nil {
if err := applyChangelist(r.tufRepo, r.invalid, cl); err != nil {
logrus.Debug("Error applying changelist")
return err
}
Expand Down Expand Up @@ -706,7 +706,7 @@ func (r *NotaryRepository) bootstrapRepo() error {
}
}

tufRepo, err := b.Finish()
tufRepo, _, err := b.Finish()
if err == nil {
r.tufRepo = tufRepo
}
Expand Down Expand Up @@ -779,7 +779,7 @@ func (r *NotaryRepository) Update(forWrite bool) error {
}
return err
}
repo, err := c.Update()
repo, invalid, err := c.Update()
if err != nil {
// notFound.Resource may include a checksum so when the role is root,
// it will be root or root.<checksum>. Therefore best we can
Expand All @@ -792,6 +792,7 @@ func (r *NotaryRepository) Update(forWrite bool) error {
// we can be assured if we are at this stage that the repo we built is good
// no need to test the following function call for an error as it will always be fine should the repo be good- it is!
r.tufRepo = repo
r.invalid = invalid
warnRolesNearExpiry(repo)
return nil
}
Expand All @@ -803,16 +804,16 @@ func (r *NotaryRepository) Update(forWrite bool) error {
// and return an error if the remote repository errors.
//
// Populates a tuf.RepoBuilder with this root metadata (only use
// tufclient.Client.Update to load the rest).
// TUFClient.Update to load the rest).
//
// Fails if the remote server is reachable and does not know the repo
// (i.e. before the first r.Publish()), in which case the error is
// store.ErrMetaNotFound, or if the root metadata (from whichever source is used)
// is not trusted.
//
// Returns a tufclient.Client for the remote server, which may not be actually
// Returns a TUFClient for the remote server, which may not be actually
// operational (if the URL is invalid but a root.json is cached).
func (r *NotaryRepository) bootstrapClient(checkInitialized bool) (*tufclient.Client, error) {
func (r *NotaryRepository) bootstrapClient(checkInitialized bool) (*TUFClient, error) {
minVersion := 1
// the old root on disk should not be validated against any trust pinning configuration
// because if we have an old root, it itself is the thing that pins trust
Expand Down Expand Up @@ -879,7 +880,7 @@ func (r *NotaryRepository) bootstrapClient(checkInitialized bool) (*tufclient.Cl
return nil, ErrRepoNotInitialized{}
}

return tufclient.NewClient(oldBuilder, newBuilder, remote, r.fileStore), nil
return NewTUFClient(oldBuilder, newBuilder, remote, r.fileStore), nil
}

// RotateKey removes all existing keys associated with the role, and either
Expand Down
36 changes: 18 additions & 18 deletions client/client_test.go
Original file line number Diff line number Diff line change
Expand Up @@ -1202,7 +1202,7 @@ func testListTarget(t *testing.T, rootType string) {
require.NoError(t, err, "could not open changelist")

// apply the changelist to the repo
err = applyChangelist(repo.tufRepo, cl)
err = applyChangelist(repo.tufRepo, nil, cl)
require.NoError(t, err, "could not apply changelist")

fakeServerData(t, repo, mux, keys)
Expand Down Expand Up @@ -1280,7 +1280,7 @@ func testListTargetWithDelegates(t *testing.T, rootType string) {
require.NoError(t, err, "could not open changelist")

// apply the changelist to the repo, then clear it
err = applyChangelist(repo.tufRepo, cl)
err = applyChangelist(repo.tufRepo, nil, cl)
require.NoError(t, err, "could not apply changelist")
require.NoError(t, cl.Clear(""))

Expand All @@ -1305,7 +1305,7 @@ func testListTargetWithDelegates(t *testing.T, rootType string) {
filepath.Join(repo.baseDir, "tuf", filepath.FromSlash(repo.gun), "changelist"))
require.NoError(t, err, "could not open changelist")
// apply the changelist to the repo
err = applyChangelist(repo.tufRepo, cl)
err = applyChangelist(repo.tufRepo, nil, cl)
require.NoError(t, err, "could not apply changelist")
// check the changelist was applied
_, ok = repo.tufRepo.Targets["targets/level1/level2"].Signed.Targets["level2"]
Expand Down Expand Up @@ -1430,7 +1430,7 @@ func TestListTargetRestrictsDelegationPaths(t *testing.T) {
require.NoError(t, err, "could not open changelist")

// apply the changelist to the repo
err = applyChangelist(repo.tufRepo, cl)
err = applyChangelist(repo.tufRepo, nil, cl)
require.NoError(t, err, "could not apply changelist")

require.NoError(t, cl.Clear(""))
Expand All @@ -1452,7 +1452,7 @@ func TestListTargetRestrictsDelegationPaths(t *testing.T) {
require.NoError(t, err, "could not open changelist")

// apply the changelist to the repo
err = applyChangelist(repo.tufRepo, cl)
err = applyChangelist(repo.tufRepo, nil, cl)
require.NoError(t, err, "could not apply changelist")

fakeServerData(t, repo, mux, keys)
Expand Down Expand Up @@ -2929,7 +2929,7 @@ func TestAddDelegationChangefileApplicable(t *testing.T) {
require.Len(t, changes, 2)

// ensure that it can be applied correctly
err = applyTargetsChange(repo.tufRepo, changes[0])
err = applyTargetsChange(repo.tufRepo, nil, changes[0])
require.NoError(t, err)

targetRole := repo.tufRepo.Targets[data.CanonicalTargetsRole]
Expand Down Expand Up @@ -3006,8 +3006,8 @@ func TestRemoveDelegationChangefileApplicable(t *testing.T) {
require.NoError(t, repo.AddDelegation("targets/a", []data.PublicKey{rootPubKey}, []string{""}))
changes := getChanges(t, repo)
require.Len(t, changes, 2)
require.NoError(t, applyTargetsChange(repo.tufRepo, changes[0]))
require.NoError(t, applyTargetsChange(repo.tufRepo, changes[1]))
require.NoError(t, applyTargetsChange(repo.tufRepo, nil, changes[0]))
require.NoError(t, applyTargetsChange(repo.tufRepo, nil, changes[1]))

targetRole := repo.tufRepo.Targets[data.CanonicalTargetsRole]
require.Len(t, targetRole.Signed.Delegations.Roles, 1)
Expand All @@ -3019,7 +3019,7 @@ func TestRemoveDelegationChangefileApplicable(t *testing.T) {
require.NoError(t, repo.RemoveDelegationKeys("targets/a", []string{rootKeyCanonicalID}))
changes = getChanges(t, repo)
require.Len(t, changes, 3)
require.NoError(t, applyTargetsChange(repo.tufRepo, changes[2]))
require.NoError(t, applyTargetsChange(repo.tufRepo, nil, changes[2]))

targetRole = repo.tufRepo.Targets[data.CanonicalTargetsRole]
require.Empty(t, targetRole.Signed.Delegations.Roles)
Expand All @@ -3042,14 +3042,14 @@ func TestClearAllPathsDelegationChangefileApplicable(t *testing.T) {
require.NoError(t, repo.AddDelegation("targets/a", []data.PublicKey{rootPubKey}, []string{"abc,123,xyz,path"}))
changes := getChanges(t, repo)
require.Len(t, changes, 2)
require.NoError(t, applyTargetsChange(repo.tufRepo, changes[0]))
require.NoError(t, applyTargetsChange(repo.tufRepo, changes[1]))
require.NoError(t, applyTargetsChange(repo.tufRepo, nil, changes[0]))
require.NoError(t, applyTargetsChange(repo.tufRepo, nil, changes[1]))

// now clear paths it
require.NoError(t, repo.ClearDelegationPaths("targets/a"))
changes = getChanges(t, repo)
require.Len(t, changes, 3)
require.NoError(t, applyTargetsChange(repo.tufRepo, changes[2]))
require.NoError(t, applyTargetsChange(repo.tufRepo, nil, changes[2]))

delgRoles := repo.tufRepo.Targets[data.CanonicalTargetsRole].Signed.Delegations.Roles
require.Len(t, delgRoles, 1)
Expand Down Expand Up @@ -3086,7 +3086,7 @@ func TestFullAddDelegationChangefileApplicable(t *testing.T) {

changes := getChanges(t, repo)
require.Len(t, changes, 1)
require.NoError(t, applyTargetsChange(repo.tufRepo, changes[0]))
require.NoError(t, applyTargetsChange(repo.tufRepo, nil, changes[0]))

delgRoles := repo.tufRepo.Targets[data.CanonicalTargetsRole].Signed.Delegations.Roles
require.Len(t, delgRoles, 1)
Expand Down Expand Up @@ -3117,8 +3117,8 @@ func TestFullRemoveDelegationChangefileApplicable(t *testing.T) {
require.NoError(t, repo.AddDelegation(delegationName, []data.PublicKey{rootPubKey, key2}, []string{"abc", "123"}))
changes := getChanges(t, repo)
require.Len(t, changes, 2)
require.NoError(t, applyTargetsChange(repo.tufRepo, changes[0]))
require.NoError(t, applyTargetsChange(repo.tufRepo, changes[1]))
require.NoError(t, applyTargetsChange(repo.tufRepo, nil, changes[0]))
require.NoError(t, applyTargetsChange(repo.tufRepo, nil, changes[1]))

targetRole := repo.tufRepo.Targets[data.CanonicalTargetsRole]
require.Len(t, targetRole.Signed.Delegations.Roles, 1)
Expand All @@ -3136,7 +3136,7 @@ func TestFullRemoveDelegationChangefileApplicable(t *testing.T) {

changes = getChanges(t, repo)
require.Len(t, changes, 3)
require.NoError(t, applyTargetsChange(repo.tufRepo, changes[2]))
require.NoError(t, applyTargetsChange(repo.tufRepo, nil, changes[2]))

delgRoles := repo.tufRepo.Targets[data.CanonicalTargetsRole].Signed.Delegations.Roles
require.Len(t, delgRoles, 1)
Expand Down Expand Up @@ -3558,7 +3558,7 @@ func TestGetAllTargetInfo(t *testing.T) {
require.NoError(t, err, "could not open changelist")

// apply the changelist to the repo, then clear it
err = applyChangelist(repo.tufRepo, cl)
err = applyChangelist(repo.tufRepo, nil, cl)
require.NoError(t, err, "could not apply changelist")
require.NoError(t, cl.Clear(""))

Expand All @@ -3583,7 +3583,7 @@ func TestGetAllTargetInfo(t *testing.T) {
filepath.Join(repo.baseDir, "tuf", filepath.FromSlash(repo.gun), "changelist"))
require.NoError(t, err, "could not open changelist")
// apply the changelist to the repo
err = applyChangelist(repo.tufRepo, cl)
err = applyChangelist(repo.tufRepo, nil, cl)
require.NoError(t, err, "could not apply changelist")
// check the changelist was applied
_, ok = repo.tufRepo.Targets["targets/level1/level2"].Signed.Targets["level2"]
Expand Down
8 changes: 5 additions & 3 deletions client/helpers.go
Original file line number Diff line number Diff line change
Expand Up @@ -30,7 +30,7 @@ func getRemoteStore(baseURL, gun string, rt http.RoundTripper) (store.RemoteStor
return s, err
}

func applyChangelist(repo *tuf.Repo, cl changelist.Changelist) error {
func applyChangelist(repo *tuf.Repo, invalid *tuf.Repo, cl changelist.Changelist) error {
it, err := cl.NewIterator()
if err != nil {
return err
Expand All @@ -44,7 +44,7 @@ func applyChangelist(repo *tuf.Repo, cl changelist.Changelist) error {
isDel := data.IsDelegation(c.Scope())
switch {
case c.Scope() == changelist.ScopeTargets || isDel:
err = applyTargetsChange(repo, c)
err = applyTargetsChange(repo, invalid, c)
case c.Scope() == changelist.ScopeRoot:
err = applyRootChange(repo, c)
default:
Expand All @@ -59,12 +59,14 @@ func applyChangelist(repo *tuf.Repo, cl changelist.Changelist) error {
return nil
}

func applyTargetsChange(repo *tuf.Repo, c changelist.Change) error {
func applyTargetsChange(repo *tuf.Repo, invalid *tuf.Repo, c changelist.Change) error {
switch c.Type() {
case changelist.TypeTargetsTarget:
return changeTargetMeta(repo, c)
case changelist.TypeTargetsDelegation:
return changeTargetsDelegation(repo, c)
case changelist.TypeWitness:
return witnessTargets(repo, invalid, c.Scope())
default:
return fmt.Errorf("only target meta and delegations changes supported")
}
Expand Down
Loading

0 comments on commit 5cecf3b

Please sign in to comment.