doc: update per comments

Signed-off-by: Yi Zha <[email protected]>
notaryproject · Mar 15, 2023 · 77d0790 · 77d0790
1 parent 871c230
commit 77d0790
Showing 1 changed file with 9 additions and 77 deletions.
diff --git a/specs/commandline/policy.md b/specs/commandline/policy.md
@@ -4,7 +4,7 @@
 
 As part of signature verification workflow, users need to configure the trust policies to specify trusted identities that signed the artifacts, and the level of signature verification to use. For more details, see [trust policy specification and examples](https://github.com/notaryproject/notaryproject/blob/v1.0.0-rc.2/specs/trust-store-trust-policy.md#trust-policy).
 
-The `notation policy` command provides a user-friendly way to manage trust policies. It allows users to initialize trust policies with default values, import trust policies from a JSON file, and show trust policies. To get started user can use following sample trust policy. In this sample, there are four policies configured for different requirements:
+The `notation policy` command provides a user-friendly way to manage trust policies. It allows users to import/export trust policies from/to a JSON file, and show trust policies. To get started user can use following sample trust policy. In this sample, there are four policies configured for different requirements:
 
 - The Policy named "wabbit-networks-images" is for verifying images signed by Wabbit Networks and stored in two repositories `registry.acme-rockets.io/software/net-monitor` and `registry.acme-rockets.io/software/net-logger`.
 - Policy named "unsigned-image" is for skipping the verification on unsigned images stored in repository `registry.acme-rockets.io/software/unsigned/net-utils`.
@@ -79,7 +79,6 @@ Usage:
 
 Available Commands:
   import    import trust policies from a JSON file
-  init      initialize trust policies with default values
   show      show trust policies
 
 Flags:
@@ -101,22 +100,6 @@ Flags:
   -v, --verbose   verbose mode
 ```
 
-### notation policy init
-
-```text
-Initialize trust policies with default values
-
-Usage:
-  notation policy init [flags]
-
-Flags:
-  -d, --debug                      debug mode
-      --force                      restore the trust policies to default values. Any existing trust polices will be discarded, never prompt
-  -h, --help                       help for export
-      --trust-store stringArray    specify the trust stores in format "<type>:<name>", e.g. "ca:my_store". If this flag is ignored, a default trust store "ca:default" is used
-  -v, --verbose                    verbose mode
-```
-
 ### notation policy show
 
 ```text
@@ -133,68 +116,27 @@ Flags:
 
 ## Usage
 
-### Initialize trust policies with default values
-
-```shell
-notation policy init
-```
-
-Upon successful execution, trust policies with default values are created and printed out as following. Use command `notation cert add --type ca --store default <cert_file>` to add CA certificates to trust store `ca:default`. If users want to use different trust stores, refer to section [Update trust policies](#update-trust-policies) on how to do the update.
-
-```jsonc
-{
-    "version": "1.0",
-    "trustPolicies": [
-        {
-            "name": "policy-by-init-command",
-            "registryScopes": ["*"],
-            "signatureVerification": {
-                "level": "strict"
-            },
-            "trustStores": ["ca:default"],
-            "trustedIdentities": ["*"]
-        }
-    ]
-}
-
-```
-
-If there are existing trust policies configured and users still run `notation policy init` command, A prompt should be displayed asking for confirmation on whether restoring to default values or not. Use `--force` flag to discard any existing trust policies without prompt.
+### Import trust policies from a JSON file
 
-### Initialize trust policies with specified trust stores
+An example of importing trust policies from a JSON file:
 
-```shell
-notation policy init --ts "ca:my_store" --ts "ca:my_store_2"
+```shell  
+notation policy import ./my_policy.json
 ```
 
-Upon successful execution, trust policies with default values and specified trust stores are created and printed out as following:
-
-```jsonc
-{
-    "version": "1.0",
-    "trustPolicies": [
-        {
-            "name": "policy-by-init-command",
-            "registryScopes": ["*"],
-            "signatureVerification": {
-                "level": "strict"
-            },
-            "trustStores": ["ca:my_store", "ca:my_store_2"],
-            "trustedIdentities": ["*"]
-        }
-    ]
-}
-```
+The trust policies in the JSON file should be validated according to [trust policy properties](https://github.com/notaryproject/notaryproject/blob/v1.0.0-rc.2/specs/trust-store-trust-policy.md#trust-policy-properties). A successful message should be printed out if trust policies are imported successfully. Error logs including the reason should be printed out if the importing fails.
 
 Use `--force` flag to override existing policies without prompt.
 
 ### Show trust policies
 
+Use the following command to show trust policies:
+
 ```shell
 notation policy show
 ```
 
-Upon successful execution, the trust policies are printed out. If trust policies are not configured, users should receive an error message, and a tip to initialize trust policies using command `notation policy init`.
+Upon successful execution, the trust policies are printed out. If trust policies are not configured, users should receive an error message, and a tip to import trust policies from a JSON file.
 
 ### Export trust policies into a JSON file
 
@@ -204,16 +146,6 @@ Users can redirect the output of command `notation policy show` to a JSON file.
 notation policy show > ./trust_policy.json
 ```
 
-### Import trust policies from a JSON file
-
-```shell  
-notation policy import ./my_policy.json
-```
-
-The trust policies in the JSON file will be validated according to [trust policy properties](https://github.com/notaryproject/notaryproject/blob/v1.0.0-rc.2/specs/trust-store-trust-policy.md#trust-policy-properties). A successful message should be printed out if trust policies are imported successfully. Error logs including the reason should be printed out if the importing fails.
-
-Use `--force` flag to override existing policies without prompt.
-
 ### Update trust policies
 
 The steps to update trust policies: