#806 Part 3: Reimplement import export #825
Conversation
endophage
force-pushed
the
reimplement_import_export
branch
2 times, most recently
from
2e34719
to
81e4114
Compare
endophage
changed the title
endophage
force-pushed
the
reimplement_import_export
branch
from
81e4114
to
1c967ee
Compare
| if k.outFile == "" { | ||
| out = cmd.Out() | ||
| } else { | ||
| f, err := os.OpenFile(k.outFile, os.O_TRUNC|os.O_CREATE|os.O_WRONLY, notary.PrivKeyPerms) |
There was a problem hiding this comment.
nit: might be worth explaining the bitwise or over these flags to explain that we're creating a new file in write mode, and possibly truncating
There was a problem hiding this comment.
Actually I'm happy with the usage comment, which explains this at a higher level
endophage
force-pushed
the
reimplement_import_export
branch
from
1c967ee
to
86b916a
Compare
| @@ -159,10 +159,6 @@ var exampleValidCommands = []string{ | |||
| "key list", | |||
| "key rotate repo snapshot", | |||
| "key generate rsa", | |||
| "key backup tempfile.zip", | |||
| "key export e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 backup.pem", | |||
There was a problem hiding this comment.
I think it'd be good to bring back the key import and key export commands here. This just tests for invalid number of arguments, if I remember correctly.
endophage
force-pushed
the
reimplement_import_export
branch
from
86b916a
to
b4bbd1c
Compare
| for block, rest := pem.Decode(data); block != nil; block, rest = pem.Decode(rest) { | ||
| loc, ok := block.Headers["path"] | ||
| if !ok || loc == "" { | ||
| continue // don't know where to copy this key. Skip it. |
There was a problem hiding this comment.
might be worth adding a debug log here in case users get confused why non-notary exported keys can't be imported due to the missing "path" header
|
this cleanup is awesome, thank you for tackling it! I think it'd be good to add some of the following tests around notary repositories:
Also we should open an issue for tracking the delegation "import key" flow - we'll still want a way to easily import a key fresh from openssl (without PEM headers) into a delegation role |
endophage
force-pushed
the
reimplement_import_export
branch
2 times, most recently
from
e82dcf3
to
ce5df78
Compare
endophage
force-pushed
the
reimplement_import_export
branch
2 times, most recently
from
1f99671
to
0c04e1d
Compare
|
|
||
| // NewPrivateSimpleFileStore is a wrapper to create an owner readable/writeable | ||
| // _only_ filestore | ||
| func NewPrivateSimpleFileStore(baseDir, fileExt string) (*FilesystemStore, error) { |
There was a problem hiding this comment.
With the modification of import/export to use NewPrivateKeyFileStorage, I think this constructor is no longer used anywhere else except filestore_test.go, where I don't think permissions are getting checked (we could use one of the other constructors?).
endophage
force-pushed
the
reimplement_import_export
branch
3 times, most recently
from
b21de94
to
e710460
Compare
endophage
force-pushed
the
reimplement_import_export
branch
8 times, most recently
from
1919f33
to
1a1845c
Compare
|
Tons of code changed, I think it's a good choice to just wait it to be merged for myself 😄 |
endophage
force-pushed
the
reimplement_import_export
branch
from
1a1845c
to
6a650a6
Compare
Signed-off-by: David Lawrence <[email protected]> (github: endophage)
Signed-off-by: David Lawrence <[email protected]> (github: endophage)
| var cmdKeyImportTemplate = usageTemplate{ | ||
| Use: "import pemfile [ pemfile ... ]", | ||
| Short: "Imports all keys from all provided .pem files", | ||
| Long: "Imports all keys from all provided .pem files by reading each PEM block from the file and writing that block to a unique object in the local keystore", |
There was a problem hiding this comment.
Do we want to mention that hardware storage is preferred in the long usage description?
endophage
force-pushed
the
reimplement_import_export
branch
from
6a650a6
to
7f60c41
Compare
endophage
force-pushed
the
reimplement_import_export
branch
2 times, most recently
from
269f314
to
b861f8c
Compare
Signed-off-by: David Lawrence <[email protected]> (github: endophage)
endophage
force-pushed
the
reimplement_import_export
branch
from
b861f8c
to
dff7044
Compare
|
I did a quick export - remove keys - re-import - publish test and it worked great 👍 LGTM!! Thank you for all of your hard work on this PR and the parts that preceded it :) If you don't mind, I'd like to file a couple of follow-up issues: importing delegation keys without the |
|
Thank you for all your work on this refactor! LGTM! |
|
@riyazdf goal is to make the |
|
Hi, is there any plan to add new docs for this, I find that I can no longer use the command like |
Depends on #808
Still need to write some tests for the newcmd/notary/keys.gocode. Not sure my parsing of CLI flags is correct.N.B. import will no longer import to a yubikey. More discussion required but I think this needs to be more explicit around when we import to a yubikey, maybe even a separate command, because it hits the key management APIs at a different level.Functionality has been brought up to parity :-)This PR contains parts 1 and 2 which have been closed in favour of merging this PR alone (means only this PR has to be rebased, not all 3)