Documentation ¶
Index ¶
- type ErrInvalidLocalRole
- type ErrInvalidRemoteRole
- type ErrRepoNotInitialized
- type ErrRepositoryNotExist
- type NotaryRepository
- func (r *NotaryRepository) AddDelegation(name string, delegationKeys []data.PublicKey, paths []string) error
- func (r *NotaryRepository) AddDelegationPaths(name string, paths []string) error
- func (r *NotaryRepository) AddDelegationRoleAndKeys(name string, delegationKeys []data.PublicKey) error
- func (r *NotaryRepository) AddTarget(target *Target, roles ...string) error
- func (r *NotaryRepository) ClearDelegationPaths(name string) error
- func (r *NotaryRepository) DeleteTrustData(deleteRemote bool) error
- func (r *NotaryRepository) GetAllTargetMetadataByName(name string) ([]TargetSignedStruct, error)
- func (r *NotaryRepository) GetChangelist() (changelist.Changelist, error)
- func (r *NotaryRepository) GetDelegationRoles() ([]data.Role, error)
- func (r *NotaryRepository) GetTargetByName(name string, roles ...string) (*TargetWithRole, error)
- func (r *NotaryRepository) Initialize(rootKeyIDs []string, serverManagedRoles ...string) error
- func (r *NotaryRepository) ListRoles() ([]RoleWithSignatures, error)
- func (r *NotaryRepository) ListTargets(roles ...string) ([]*TargetWithRole, error)
- func (r *NotaryRepository) Publish() error
- func (r *NotaryRepository) RemoveDelegationKeys(name string, keyIDs []string) error
- func (r *NotaryRepository) RemoveDelegationKeysAndPaths(name string, keyIDs, paths []string) error
- func (r *NotaryRepository) RemoveDelegationPaths(name string, paths []string) error
- func (r *NotaryRepository) RemoveDelegationRole(name string) error
- func (r *NotaryRepository) RemoveTarget(targetName string, roles ...string) error
- func (r *NotaryRepository) RotateKey(role string, serverManagesKey bool) error
- func (r *NotaryRepository) Update(forWrite bool) error
- func (r *NotaryRepository) Witness(roles ...string) ([]string, error)
- type RoleWithSignatures
- type TUFClient
- type Target
- type TargetSignedStruct
- type TargetWithRole
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
This section is empty.
Types ¶
type ErrInvalidLocalRole ¶ added in v0.3.0
type ErrInvalidLocalRole struct {
Role string
}
ErrInvalidLocalRole is returned when the client wants to manage a key type that is not permitted
func (ErrInvalidLocalRole) Error ¶ added in v0.3.0
func (err ErrInvalidLocalRole) Error() string
type ErrInvalidRemoteRole ¶
type ErrInvalidRemoteRole struct {
Role string
}
ErrInvalidRemoteRole is returned when the server is requested to manage a key type that is not permitted
func (ErrInvalidRemoteRole) Error ¶
func (err ErrInvalidRemoteRole) Error() string
type ErrRepoNotInitialized ¶
type ErrRepoNotInitialized struct{}
ErrRepoNotInitialized is returned when trying to publish an uninitialized notary repository
func (ErrRepoNotInitialized) Error ¶
func (err ErrRepoNotInitialized) Error() string
type ErrRepositoryNotExist ¶
type ErrRepositoryNotExist struct {
// contains filtered or unexported fields
}
ErrRepositoryNotExist is returned when an action is taken on a remote repository that doesn't exist
func (ErrRepositoryNotExist) Error ¶
func (err ErrRepositoryNotExist) Error() string
type NotaryRepository ¶
type NotaryRepository struct { CryptoService signed.CryptoService // contains filtered or unexported fields }
NotaryRepository stores all the information needed to operate on a notary repository.
func NewNotaryRepository ¶
func NewNotaryRepository(baseDir, gun, baseURL string, rt http.RoundTripper, retriever notary.PassRetriever, trustPinning trustpinning.TrustPinConfig) ( *NotaryRepository, error)
NewNotaryRepository is a helper method that returns a new notary repository. It takes the base directory under where all the trust files will be stored (This is normally defaults to "~/.notary" or "~/.docker/trust" when enabling docker content trust).
func (*NotaryRepository) AddDelegation ¶
func (r *NotaryRepository) AddDelegation(name string, delegationKeys []data.PublicKey, paths []string) error
AddDelegation creates changelist entries to add provided delegation public keys and paths. This method composes AddDelegationRoleAndKeys and AddDelegationPaths (each creates one changelist if called).
func (*NotaryRepository) AddDelegationPaths ¶
func (r *NotaryRepository) AddDelegationPaths(name string, paths []string) error
AddDelegationPaths creates a changelist entry to add provided paths to an existing delegation. This method cannot create a new delegation itself because the role must meet the key threshold upon creation.
func (*NotaryRepository) AddDelegationRoleAndKeys ¶
func (r *NotaryRepository) AddDelegationRoleAndKeys(name string, delegationKeys []data.PublicKey) error
AddDelegationRoleAndKeys creates a changelist entry to add provided delegation public keys. This method is the simplest way to create a new delegation, because the delegation must have at least one key upon creation to be valid since we will reject the changelist while validating the threshold.
func (*NotaryRepository) AddTarget ¶
func (r *NotaryRepository) AddTarget(target *Target, roles ...string) error
AddTarget creates new changelist entries to add a target to the given roles in the repository when the changelist gets applied at publish time. If roles are unspecified, the default role is "targets"
func (*NotaryRepository) ClearDelegationPaths ¶
func (r *NotaryRepository) ClearDelegationPaths(name string) error
ClearDelegationPaths creates a changelist entry to remove all paths from an existing delegation.
func (*NotaryRepository) DeleteTrustData ¶
func (r *NotaryRepository) DeleteTrustData(deleteRemote bool) error
DeleteTrustData removes the trust data stored for this repo in the TUF cache on the client side Note that we will not delete any private key material from local storage
func (*NotaryRepository) GetAllTargetMetadataByName ¶ added in v0.4.0
func (r *NotaryRepository) GetAllTargetMetadataByName(name string) ([]TargetSignedStruct, error)
GetAllTargetMetadataByName searches the entire delegation role tree to find the specified target by name for all roles, and returns a list of TargetSignedStructs for each time it finds the specified target. If given an empty string for a target name, it will return back all targets signed into the repository in every role
func (*NotaryRepository) GetChangelist ¶
func (r *NotaryRepository) GetChangelist() (changelist.Changelist, error)
GetChangelist returns the list of the repository's unpublished changes
func (*NotaryRepository) GetDelegationRoles ¶
func (r *NotaryRepository) GetDelegationRoles() ([]data.Role, error)
GetDelegationRoles returns the keys and roles of the repository's delegations Also converts key IDs to canonical key IDs to keep consistent with signing prompts
func (*NotaryRepository) GetTargetByName ¶
func (r *NotaryRepository) GetTargetByName(name string, roles ...string) (*TargetWithRole, error)
GetTargetByName returns a target by the given name. If no roles are passed it uses the targets role and does a search of the entire delegation graph, finding the first entry in a breadth first search of the delegations. If roles are passed, they should be passed in descending priority and the target entry found in the subtree of the highest priority role will be returned. See the IMPORTANT section on ListTargets above. Those roles also apply here.
func (*NotaryRepository) Initialize ¶
func (r *NotaryRepository) Initialize(rootKeyIDs []string, serverManagedRoles ...string) error
Initialize creates a new repository by using rootKey as the root Key for the TUF repository. The server must be reachable (and is asked to generate a timestamp key and possibly other serverManagedRoles), but the created repository result is only stored on local disk, not published to the server. To do that, use r.Publish() eventually.
func (*NotaryRepository) ListRoles ¶
func (r *NotaryRepository) ListRoles() ([]RoleWithSignatures, error)
ListRoles returns a list of RoleWithSignatures objects for this repo This represents the latest metadata for each role in this repo
func (*NotaryRepository) ListTargets ¶
func (r *NotaryRepository) ListTargets(roles ...string) ([]*TargetWithRole, error)
ListTargets lists all targets for the current repository. The list of roles should be passed in order from highest to lowest priority.
IMPORTANT: if you pass a set of roles such as [ "targets/a", "targets/x" "targets/a/b" ], even though "targets/a/b" is part of the "targets/a" subtree its entries will be strictly shadowed by those in other parts of the "targets/a" subtree and also the "targets/x" subtree, as we will defer parsing it until we explicitly reach it in our iteration of the provided list of roles.
func (*NotaryRepository) Publish ¶
func (r *NotaryRepository) Publish() error
Publish pushes the local changes in signed material to the remote notary-server Conceptually it performs an operation similar to a `git rebase`
func (*NotaryRepository) RemoveDelegationKeys ¶
func (r *NotaryRepository) RemoveDelegationKeys(name string, keyIDs []string) error
RemoveDelegationKeys creates a changelist entry to remove provided keys from an existing delegation. When this changelist is applied, if the specified keys are the only keys left in the role, the role itself will be deleted in its entirety. It can also delete a key from all delegations under a parent using a name with a wildcard at the end.
func (*NotaryRepository) RemoveDelegationKeysAndPaths ¶
func (r *NotaryRepository) RemoveDelegationKeysAndPaths(name string, keyIDs, paths []string) error
RemoveDelegationKeysAndPaths creates changelist entries to remove provided delegation key IDs and paths. This method composes RemoveDelegationPaths and RemoveDelegationKeys (each creates one changelist if called).
func (*NotaryRepository) RemoveDelegationPaths ¶
func (r *NotaryRepository) RemoveDelegationPaths(name string, paths []string) error
RemoveDelegationPaths creates a changelist entry to remove provided paths from an existing delegation.
func (*NotaryRepository) RemoveDelegationRole ¶
func (r *NotaryRepository) RemoveDelegationRole(name string) error
RemoveDelegationRole creates a changelist to remove all paths and keys from a role, and delete the role in its entirety.
func (*NotaryRepository) RemoveTarget ¶
func (r *NotaryRepository) RemoveTarget(targetName string, roles ...string) error
RemoveTarget creates new changelist entries to remove a target from the given roles in the repository when the changelist gets applied at publish time. If roles are unspecified, the default role is "target".
func (*NotaryRepository) RotateKey ¶
func (r *NotaryRepository) RotateKey(role string, serverManagesKey bool) error
RotateKey removes all existing keys associated with the role, and either creates and adds one new key or delegates managing the key to the server. These changes are staged in a changelist until publish is called.
func (*NotaryRepository) Update ¶
func (r *NotaryRepository) Update(forWrite bool) error
Update bootstraps a trust anchor (root.json) before updating all the metadata from the repo.
type RoleWithSignatures ¶
RoleWithSignatures is a Role with its associated signatures
type TUFClient ¶ added in v0.4.0
type TUFClient struct {
// contains filtered or unexported fields
}
TUFClient is a usability wrapper around a raw TUF repo
func NewTUFClient ¶ added in v0.4.0
func NewTUFClient(oldBuilder, newBuilder tuf.RepoBuilder, remote store.RemoteStore, cache store.MetadataStore) *TUFClient
NewTUFClient initialized a TUFClient with the given repo, remote source of content, and cache
type Target ¶
type Target struct { Name string // the name of the target Hashes data.Hashes // the hash of the target Length int64 // the size in bytes of the target }
Target represents a simplified version of the data TUF operates on, so external applications don't have to depend on TUF data types.
type TargetSignedStruct ¶ added in v0.4.0
type TargetSignedStruct struct { Role data.DelegationRole Target Target Signatures []data.Signature }
TargetSignedStruct is a struct that contains a Target, the role it was found in, and the list of signatures for that role
type TargetWithRole ¶
TargetWithRole represents a Target that exists in a particular role - this is produced by ListTargets and GetTargetByName