Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

notation policy init command is necessary for user experiences #653

Open
patrickzheng200 opened this issue Apr 27, 2023 · 2 comments
Open

notation policy init command is necessary for user experiences #653

patrickzheng200 opened this issue Apr 27, 2023 · 2 comments
Labels
enhancement New feature or request UX User experience changes
Milestone
Future

Comments

@patrickzheng200
Copy link
Contributor

What is the areas you would like to add the new feature to?

Notation CLI

Is your feature request related to a problem?

In version 1.0.0-rc.4, notation policy only supports import and show. Thus, to use notation CLI for artifact verification, a beginner has to follow the workflow below:

  1. Search for an example of notation trust policy either from specs or online docs.
  2. Create a trust policy file, copy and paste the example they found from step 1 into it.
  3. Change the values of the trust policy based on user's needs.
  4. Call notation policy import <path-of-the-file-from-step3> to actually configure Notation trust policy. Errors are highly possible because steps 1~3 are completed manually by the user.
  5. Set up trust store based on trust policy with notation cert add.
  6. Finally start doing verification with notation verify.

The workflow above is not user friendly and error prone. IMO, learning cost for a new user of Notation is too high.

What solution do you propose?

Introduce notation policy init command. The command should prompt step by step with detailed descriptions on each field of the trust policy and ask users to type in values accordingly. On success, the command gathers answers from the user and configure Notation's trust policy within a single command.
For example,

provide "name" of your trust policy statement [Required]: <user-input>
provide "registryScopes" of your trust policy statement, it is an array of fully qualified repository URIs of the artifacts, valid examples "["registry.hello-world.io/software/hello-world"]", "["*"]" [Required]: <user-input>
...

Now, the workflow for a beginner using Notation verification becomes:

  1. Call notation policy init
  2. Call notation cert add
  3. Call notation verify

What alternatives have you considered?

An alternative could be:
notation policy init creates a default trustpolicy.json for the user.
If the user needs a more formal trust policy configuration, then they could do notation policy show, change trust policy fields, and notation policy import to update the default trustpolicy.json.

Any additional context?

No response
@patrickzheng200 patrickzheng200 added enhancement New feature or request UX User experience changes labels Apr 27, 2023
@yizha1 yizha1 added the triage Need to triage label Apr 27, 2023
@FeynmanZhou
Copy link
Member

Thanks for proposing notation policy init. We need to update the CLI spec to define the experience.

@Two-Hearts
Copy link
Contributor

/cc: @shizhMSFT

@yizha1 yizha1 added this to the 1.1.0 milestone Jul 25, 2023
@yizha1 yizha1 removed the triage Need to triage label Jul 25, 2023
@yizha1 yizha1 mentioned this issue Jul 25, 2023
Open
This was referenced Sep 5, 2023
Closed
Closed
@FeynmanZhou FeynmanZhou mentioned this issue Sep 20, 2023
Open
@yizha1 yizha1 modified the milestones: 1.1.0, 1.2.0 Nov 23, 2023
@yizha1 yizha1 modified the milestones: 1.2.0, 1.3.0 Mar 26, 2024
@yizha1 yizha1 modified the milestones: 1.3.0, Future Dec 3, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
enhancement New feature or request UX User experience changes
Projects
Notary Project Planning Board
Status: Todo
Milestone
Future
Development

No branches or pull requests
4 participants
@FeynmanZhou @patrickzheng200 @yizha1 @Two-Hearts