Merge branch 'master' into feat/pkcs8

notaryproject · May 10, 2017 · 5629a55 · 5629a55
2 parents 5c4e43b + 23eceed
commit 5629a55
Show file tree

Hide file tree

Showing 24 changed files with 1,669 additions and 523 deletions.
diff --git a/CONTRIBUTING.md b/CONTRIBUTING.md
@@ -1,6 +1,6 @@
 # Contributing to notary
 
-## Before reporting an issue...
+## Before reporting an issue...
 
 ### If your problem is with...
 
@@ -26,7 +26,7 @@ By following these simple rules you will get better and faster feedback on your
 
  - search the bugtracker for an already reported issue
 
-### If you found an issue that describes your problem:
+### If you found an issue that describes your problem:
 
  - please read other user comments first, and confirm this is the same issue: a given error condition might be indicative of different problems - you may also find a workaround in the comments
  - please refrain from adding "same thing here" or "+1" comments

diff --git a/client/client.go b/client/client.go
@@ -13,6 +13,7 @@ import (
 	"time"
 
 	"github.com/Sirupsen/logrus"
+	canonicaljson "github.com/docker/go/canonical/json"
 	"github.com/docker/notary"
 	"github.com/docker/notary/client/changelist"
 	"github.com/docker/notary/cryptoservice"
@@ -128,9 +129,10 @@ func (r *NotaryRepository) GetGUN() data.GUN {
 // Target represents a simplified version of the data TUF operates on, so external
 // applications don't have to depend on TUF data types.
 type Target struct {
-	Name   string      // the name of the target
-	Hashes data.Hashes // the hash of the target
-	Length int64       // the size in bytes of the target
+	Name   string                    // the name of the target
+	Hashes data.Hashes               // the hash of the target
+	Length int64                     // the size in bytes of the target
+	Custom *canonicaljson.RawMessage // the custom data provided to describe the file at TARGETPATH
 }
 
 // TargetWithRole represents a Target that exists in a particular role - this is
@@ -141,7 +143,7 @@ type TargetWithRole struct {
 }
 
 // NewTarget is a helper method that returns a Target
-func NewTarget(targetName string, targetPath string) (*Target, error) {
+func NewTarget(targetName, targetPath string, targetCustom *canonicaljson.RawMessage) (*Target, error) {
 	b, err := ioutil.ReadFile(targetPath)
 	if err != nil {
 		return nil, err
@@ -152,7 +154,7 @@ func NewTarget(targetName string, targetPath string) (*Target, error) {
 		return nil, err
 	}
 
-	return &Target{Name: targetName, Hashes: meta.Hashes, Length: meta.Length}, nil
+	return &Target{Name: targetName, Hashes: meta.Hashes, Length: meta.Length, Custom: targetCustom}, nil
 }
 
 func rootCertKey(gun data.GUN, privKey data.PrivateKey) (data.PublicKey, error) {
@@ -360,7 +362,7 @@ func (r *NotaryRepository) AddTarget(target *Target, roles ...data.RoleName) err
 	}
 	logrus.Debugf("Adding target \"%s\" with sha256 \"%x\" and size %d bytes.\n", target.Name, target.Hashes["sha256"], target.Length)
 
-	meta := data.FileMeta{Length: target.Length, Hashes: target.Hashes}
+	meta := data.FileMeta{Length: target.Length, Hashes: target.Hashes, Custom: target.Custom}
 	metaJSON, err := json.Marshal(meta)
 	if err != nil {
 		return err
@@ -417,6 +419,7 @@ func (r *NotaryRepository) ListTargets(roles ...data.RoleName) ([]*TargetWithRol
 						Name:   targetName,
 						Hashes: targetMeta.Hashes,
 						Length: targetMeta.Length,
+						Custom: targetMeta.Custom,
 					},
 					Role: validRole.Name,
 				}
@@ -472,7 +475,7 @@ func (r *NotaryRepository) GetTargetByName(name string, roles ...data.RoleName)
 		}
 		// Check that we didn't error, and that we assigned to our target
 		if err := r.tufRepo.WalkTargets(name, role, getTargetVisitorFunc, skipRoles...); err == nil && foundTarget {
-			return &TargetWithRole{Target: Target{Name: name, Hashes: resultMeta.Hashes, Length: resultMeta.Length}, Role: resultRoleName}, nil
+			return &TargetWithRole{Target: Target{Name: name, Hashes: resultMeta.Hashes, Length: resultMeta.Length, Custom: resultMeta.Custom}, Role: resultRoleName}, nil
 		}
 	}
 	return nil, fmt.Errorf("No trust data for %s", name)
@@ -516,7 +519,7 @@ func (r *NotaryRepository) GetAllTargetMetadataByName(name string) ([]TargetSign
 		for targetName, resultMeta := range targetMetaToAdd {
 			targetInfo := TargetSignedStruct{
 				Role:       validRole,
-				Target:     Target{Name: targetName, Hashes: resultMeta.Hashes, Length: resultMeta.Length},
+				Target:     Target{Name: targetName, Hashes: resultMeta.Hashes, Length: resultMeta.Length, Custom: resultMeta.Custom},
 				Signatures: tgt.Signatures,
 			}
 			targetInfoList = append(targetInfoList, targetInfo)

diff --git a/client/client_test.go b/client/client_test.go
@@ -631,7 +631,13 @@ func testInitRepoPasswordInvalid(t *testing.T, rootType string) {
 
 func addTarget(t *testing.T, repo *NotaryRepository, targetName, targetFile string,
 	roles ...data.RoleName) *Target {
-	target, err := NewTarget(targetName, targetFile)
+	var targetCustom *json.RawMessage
+	return addTargetWithCustom(t, repo, targetName, targetFile, targetCustom, roles...)
+}
+
+func addTargetWithCustom(t *testing.T, repo *NotaryRepository, targetName,
+	targetFile string, targetCustom *json.RawMessage, roles ...data.RoleName) *Target {
+	target, err := NewTarget(targetName, targetFile, targetCustom)
 	require.NoError(t, err, "error creating target")
 	err = repo.AddTarget(target, roles...)
 	require.NoError(t, err, "error adding target")
@@ -815,7 +821,8 @@ func testAddTargetToSpecifiedInvalidRoles(t *testing.T, clearCache bool) {
 	}
 
 	for _, invalidRole := range invalidRoles {
-		target, err := NewTarget("latest", "../fixtures/intermediate-ca.crt")
+		var targetCustom *json.RawMessage
+		target, err := NewTarget("latest", "../fixtures/intermediate-ca.crt", targetCustom)
 		require.NoError(t, err, "error creating target")
 
 		err = repo.AddTarget(target, data.CanonicalTargetsRole, invalidRole)
@@ -877,7 +884,8 @@ func TestAddTargetWithInvalidTarget(t *testing.T) {
 	repo, _ := initializeRepo(t, data.ECDSAKey, "docker.com/notary", ts.URL, false)
 	defer os.RemoveAll(repo.baseDir)
 
-	target, err := NewTarget("latest", "../fixtures/intermediate-ca.crt")
+	var targetCustom *json.RawMessage
+	target, err := NewTarget("latest", "../fixtures/intermediate-ca.crt", targetCustom)
 	require.NoError(t, err, "error creating target")
 
 	// Clear the hashes
@@ -889,7 +897,8 @@ func TestAddTargetWithInvalidTarget(t *testing.T) {
 // to be propagated.
 func TestAddTargetErrorWritingChanges(t *testing.T) {
 	testErrorWritingChangefiles(t, func(repo *NotaryRepository) error {
-		target, err := NewTarget("latest", "../fixtures/intermediate-ca.crt")
+		var targetCustom *json.RawMessage
+		target, err := NewTarget("latest", "../fixtures/intermediate-ca.crt", targetCustom)
 		require.NoError(t, err, "error creating target")
 		return repo.AddTarget(target, data.CanonicalTargetsRole)
 	})
@@ -1192,8 +1201,14 @@ func testListTarget(t *testing.T, rootType string) {
 	// tests need to manually bootstrap timestamp as client doesn't generate it
 	err := repo.tufRepo.InitTimestamp()
 	require.NoError(t, err, "error creating repository: %s", err)
+	var targetCustom json.RawMessage
+	rawTargetCustom := []byte("\"Lorem ipsum dolor sit\"")
+	err = json.Unmarshal(rawTargetCustom, &targetCustom)
+	require.NoError(t, err)
+
+	latestTarget := addTargetWithCustom(t, repo, "latest", "../fixtures/intermediate-ca.crt", &targetCustom)
+	require.Equal(t, targetCustom, *latestTarget.Custom, "Target created does not contain the expected custom data")
 
-	latestTarget := addTarget(t, repo, "latest", "../fixtures/intermediate-ca.crt")
 	currentTarget := addTarget(t, repo, "current", "../fixtures/intermediate-ca.crt")
 
 	// Apply the changelist. Normally, this would be done by Publish

diff --git a/cmd/notary/integration_test.go b/cmd/notary/integration_test.go
@@ -23,8 +23,11 @@ import (
 	"testing"
 	"time"
 
+	"encoding/json"
+
 	"github.com/Sirupsen/logrus"
 	ctxu "github.com/docker/distribution/context"
+	canonicaljson "github.com/docker/go/canonical/json"
 	"github.com/docker/notary"
 	"github.com/docker/notary/client"
 	"github.com/docker/notary/cryptoservice"
@@ -198,8 +201,9 @@ func TestClientTUFInteraction(t *testing.T) {
 	defer os.Remove(tempFile.Name())
 
 	var (
-		output string
-		target = "sdgkadga"
+		output  string
+		target  = "sdgkadga"
+		target2 = "foobar"
 	)
 	// -- tests --
 
@@ -251,6 +255,62 @@ func TestClientTUFInteraction(t *testing.T) {
 	output, err = runCommand(t, tempDir, "-s", server.URL, "list", "gun")
 	require.NoError(t, err)
 	require.False(t, strings.Contains(string(output), target))
+
+	// Test a target with custom data.
+	tempFileForTargetCustom, err := ioutil.TempFile("", "targetCustom")
+	require.NoError(t, err)
+	var customData canonicaljson.RawMessage
+	err = canonicaljson.Unmarshal([]byte("\"Lorem ipsum dolor sit amet, consectetur adipiscing elit\""), &customData)
+	require.NoError(t, err)
+	_, err = tempFileForTargetCustom.Write(customData)
+	require.NoError(t, err)
+	tempFileForTargetCustom.Close()
+	defer os.Remove(tempFileForTargetCustom.Name())
+
+	// add a target
+	_, err = runCommand(t, tempDir, "add", "gun", target2, tempFile.Name(), "--custom", tempFileForTargetCustom.Name())
+	require.NoError(t, err)
+
+	// check status - see target
+	output, err = runCommand(t, tempDir, "status", "gun")
+	require.NoError(t, err)
+	require.Contains(t, output, target2)
+
+	// publish repo
+	_, err = runCommand(t, tempDir, "-s", server.URL, "publish", "gun")
+	require.NoError(t, err)
+
+	// check status - no targets
+	output, err = runCommand(t, tempDir, "status", "gun")
+	require.NoError(t, err)
+	require.False(t, strings.Contains(string(output), target2))
+
+	// list repo - see target
+	output, err = runCommand(t, tempDir, "-s", server.URL, "list", "gun")
+	require.NoError(t, err)
+	require.Contains(t, output, target2)
+
+	// Check the file this was written to to inspect metadata
+	cache, err := nstorage.NewFileStore(
+		filepath.Join(tempDir, "tuf", filepath.FromSlash("gun"), "metadata"),
+		"json",
+	)
+	require.NoError(t, err)
+	rawTargets, err := cache.Get("targets")
+	require.NoError(t, err)
+	parsedTargets := data.SignedTargets{}
+	err = json.Unmarshal(rawTargets, &parsedTargets)
+	require.NoError(t, err)
+	require.Equal(t, *parsedTargets.Signed.Targets[target2].Custom, customData)
+
+	// trigger a lookup error with < 2 args
+	_, err = runCommand(t, tempDir, "-s", server.URL, "lookup", "gun")
+	require.Error(t, err)
+
+	// lookup target and repo - see target
+	output, err = runCommand(t, tempDir, "-s", server.URL, "lookup", "gun", target2)
+	require.NoError(t, err)
+	require.Contains(t, output, target2)
 }
 
 func TestClientDeleteTUFInteraction(t *testing.T) {
@@ -422,6 +482,7 @@ func TestClientTUFAddByHashInteraction(t *testing.T) {
 		target1 = "sdgkadga"
 		target2 = "asdfasdf"
 		target3 = "qwerty"
+		target4 = "foobar"
 	)
 	// -- tests --
 
@@ -541,6 +602,57 @@ func TestClientTUFAddByHashInteraction(t *testing.T) {
 	// publish repo
 	_, err = runCommand(t, tempDir, "-s", server.URL, "publish", "gun")
 	require.NoError(t, err)
+
+	tempFile, err := ioutil.TempFile("", "targetCustom")
+	require.NoError(t, err)
+	var customData canonicaljson.RawMessage
+	err = canonicaljson.Unmarshal([]byte("\"Lorem ipsum dolor sit amet, consectetur adipiscing elit\""), &customData)
+	require.NoError(t, err)
+	_, err = tempFile.Write(customData)
+	require.NoError(t, err)
+	tempFile.Close()
+	defer os.Remove(tempFile.Name())
+
+	// add a target by sha512 and custom data
+	_, err = runCommand(t, tempDir, "addhash", "gun", target4, "3", "--sha512", targetSha512Hex, "--custom", tempFile.Name())
+	require.NoError(t, err)
+
+	// check status - see target
+	output, err = runCommand(t, tempDir, "status", "gun")
+	require.NoError(t, err)
+	require.Contains(t, output, target4)
+
+	// publish repo
+	_, err = runCommand(t, tempDir, "-s", server.URL, "publish", "gun")
+	require.NoError(t, err)
+
+	// check status - no targets
+	output, err = runCommand(t, tempDir, "status", "gun")
+	require.NoError(t, err)
+	require.False(t, strings.Contains(string(output), target4))
+
+	// list repo - see target
+	output, err = runCommand(t, tempDir, "-s", server.URL, "list", "gun")
+	require.NoError(t, err)
+	require.Contains(t, output, target4)
+
+	// Check the file this was written to to inspect metadata
+	cache, err := nstorage.NewFileStore(
+		filepath.Join(tempDir, "tuf", filepath.FromSlash("gun"), "metadata"),
+		"json",
+	)
+	require.NoError(t, err)
+	rawTargets, err := cache.Get("targets")
+	require.NoError(t, err)
+	parsedTargets := data.SignedTargets{}
+	err = json.Unmarshal(rawTargets, &parsedTargets)
+	require.NoError(t, err)
+	require.Equal(t, *parsedTargets.Signed.Targets[target4].Custom, customData)
+
+	// lookup target and repo - see target
+	output, err = runCommand(t, tempDir, "-s", server.URL, "lookup", "gun", target4)
+	require.NoError(t, err)
+	require.Contains(t, output, target4)
 }
 
 // Initialize repo and test delegations commands by adding, listing, and removing delegations