Documentation ¶
Index ¶
- type ErrInvalidRemoteRole
- type ErrRepoNotInitialized
- type ErrRepositoryNotExist
- type NotaryRepository
- func (r *NotaryRepository) AddDelegation(name string, threshold int, delegationKeys []data.PublicKey, paths []string) error
- func (r *NotaryRepository) AddTarget(target *Target, roles ...string) error
- func (r *NotaryRepository) GetChangelist() (changelist.Changelist, error)
- func (r *NotaryRepository) GetTargetByName(name string, roles ...string) (*TargetWithRole, error)
- func (r *NotaryRepository) Initialize(rootKeyID string, serverManagedRoles ...string) error
- func (r *NotaryRepository) ListTargets(roles ...string) ([]*TargetWithRole, error)
- func (r *NotaryRepository) Publish() error
- func (r *NotaryRepository) RemoveDelegation(name string) error
- func (r *NotaryRepository) RemoveTarget(targetName string, roles ...string) error
- func (r *NotaryRepository) RotateKey(role string, serverManagesKey bool) error
- func (r *NotaryRepository) Update() (*tufclient.Client, error)
- type Target
- type TargetWithRole
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
This section is empty.
Types ¶
type ErrInvalidRemoteRole ¶
type ErrInvalidRemoteRole struct {
Role string
}
ErrInvalidRemoteRole is returned when the server is requested to manage an unsupported key type
func (ErrInvalidRemoteRole) Error ¶
func (e ErrInvalidRemoteRole) Error() string
type ErrRepoNotInitialized ¶
type ErrRepoNotInitialized struct{}
ErrRepoNotInitialized is returned when trying to publish an uninitialized notary repository
func (ErrRepoNotInitialized) Error ¶
func (err ErrRepoNotInitialized) Error() string
type ErrRepositoryNotExist ¶
type ErrRepositoryNotExist struct {
// contains filtered or unexported fields
}
ErrRepositoryNotExist is returned when an action is taken on a remote repository that doesn't exist
func (ErrRepositoryNotExist) Error ¶
func (err ErrRepositoryNotExist) Error() string
type NotaryRepository ¶
type NotaryRepository struct { CryptoService signed.CryptoService CertManager *certs.Manager // contains filtered or unexported fields }
NotaryRepository stores all the information needed to operate on a notary repository.
func NewNotaryRepository ¶
func NewNotaryRepository(baseDir, gun, baseURL string, rt http.RoundTripper, retriever passphrase.Retriever) ( *NotaryRepository, error)
NewNotaryRepository is a helper method that returns a new notary repository. It takes the base directory under where all the trust files will be stored (usually ~/.docker/trust/).
func (*NotaryRepository) AddDelegation ¶
func (r *NotaryRepository) AddDelegation(name string, threshold int, delegationKeys []data.PublicKey, paths []string) error
AddDelegation creates a new changelist entry to add a delegation to the repository when the changelist gets applied at publish time. This does not do any validation other than checking the name of the delegation to add - all that will happen at publish time.
func (*NotaryRepository) AddTarget ¶
func (r *NotaryRepository) AddTarget(target *Target, roles ...string) error
AddTarget creates new changelist entries to add a target to the given roles in the repository when the changelist gets appied at publish time. If roles are unspecified, the default role is "targets".
func (*NotaryRepository) GetChangelist ¶
func (r *NotaryRepository) GetChangelist() (changelist.Changelist, error)
GetChangelist returns the list of the repository's unpublished changes
func (*NotaryRepository) GetTargetByName ¶
func (r *NotaryRepository) GetTargetByName(name string, roles ...string) (*TargetWithRole, error)
GetTargetByName returns a target given a name. If no roles are passed it uses the targets role and does a search of the entire delegation graph, finding the first entry in a breadth first search of the delegations. If roles are passed, they should be passed in descending priority and the target entry found in the subtree of the highest priority role will be returned See the IMPORTANT section on ListTargets above. Those roles also apply here.
func (*NotaryRepository) Initialize ¶
func (r *NotaryRepository) Initialize(rootKeyID string, serverManagedRoles ...string) error
Initialize creates a new repository by using rootKey as the root Key for the TUF repository.
func (*NotaryRepository) ListTargets ¶
func (r *NotaryRepository) ListTargets(roles ...string) ([]*TargetWithRole, error)
ListTargets lists all targets for the current repository. The list of roles should be passed in order from highest to lowest priority. IMPORTANT: if you pass a set of roles such as [ "targets/a", "targets/x" "targets/a/b" ], even though "targets/a/b" is part of the "targets/a" subtree its entries will be strictly shadowed by those in other parts of the "targets/a" subtree and also the "targets/x" subtree, as we will defer parsing it until we explicitly reach it in our iteration of the provided list of roles.
func (*NotaryRepository) Publish ¶
func (r *NotaryRepository) Publish() error
Publish pushes the local changes in signed material to the remote notary-server Conceptually it performs an operation similar to a `git rebase`
func (*NotaryRepository) RemoveDelegation ¶
func (r *NotaryRepository) RemoveDelegation(name string) error
RemoveDelegation creates a new changelist entry to remove a delegation from the repository when the changelist gets applied at publish time. This does not validate that the delegation exists, since one might exist after applying all changes.
func (*NotaryRepository) RemoveTarget ¶
func (r *NotaryRepository) RemoveTarget(targetName string, roles ...string) error
RemoveTarget creates new changelist entries to remove a target from the given roles in the repository when the changelist gets applied at publish time. If roles are unspecified, the default role is "target".
func (*NotaryRepository) RotateKey ¶
func (r *NotaryRepository) RotateKey(role string, serverManagesKey bool) error
RotateKey removes all existing keys associated with the role, and either creates and adds one new key or delegates managing the key to the server. These changes are staged in a changelist until publish is called.
type Target ¶
type Target struct { Name string // the name of the target Hashes data.Hashes // the hash of the target Length int64 // the size in bytes of the target }
Target represents a simplified version of the data TUF operates on, so external applications don't have to depend on tuf data types.
type TargetWithRole ¶
TargetWithRole represents a Target that exists in a particular role - this is produced by ListTargets and GetTargetByName