Notation CLI baseline #83
Merged
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This is a joint commit of - Shiwei Zhang - Steve Lasker - Aviral Takkar Signed-off-by: Shiwei Zhang <shizh@microsoft.com>
Signed-off-by: Steve Lasker <stevenlasker@hotmail.com>
Signed-off-by: Steve Lasker <stevenlasker@hotmail.com>
Signed-off-by: Steve Lasker <stevenlasker@hotmail.com>
Signed-off-by: Shiwei Zhang <shizh@microsoft.com>
Signed-off-by: Steve Lasker <stevenlasker@hotmail.com>
Signed-off-by: Steve Lasker <stevenlasker@hotmail.com>
Signed-off-by: Steve Lasker <stevenlasker@hotmail.com>
Based on our [Notary v2 call this week](https://hackmd.io/_vrqBGAOSUC_VWvFzWruZw?view), we agreed to merge this into a `prototype-1` branch. This will give us a baseline to which we can open issues and submit new PRs.
Signed-off-by: Steve Lasker <stevenlasker@hotmail.com>
Signed-off-by: Steve Lasker <stevenlasker@hotmail.com>
Signed-off-by: Steve Lasker <stevenlasker@hotmail.com>
Signed-off-by: Steve Lasker <stevenlasker@hotmail.com>
Signed-off-by: Steve Lasker <stevenlasker@hotmail.com>
Signed-off-by: Steve Lasker <stevenlasker@hotmail.com>
Distribution options for persistence & discovery Renaming the PR and file to capture the design discussions. As this fork represents a prototype, we'll merge this in, clearing the root README.md for the current implementation.
Signed-off-by: Steve Lasker <stevenlasker@hotmail.com>
Signed-off-by: Steve Lasker <stevenlasker@hotmail.com>
Signed-off-by: Steve Lasker <stevenlasker@hotmail.com>
Signed-off-by: Steve Lasker <stevenlasker@hotmail.com>
Signed-off-by: Steve Lasker <stevenlasker@hotmail.com>
Signed-off-by: Steve Lasker <stevenlasker@hotmail.com>
Prototype 2 Demo Script
Signed-off-by: Shiwei Zhang <shizh@microsoft.com>
Signed-off-by: Shiwei Zhang <shizh@microsoft.com>
Signed-off-by: Shiwei Zhang <shizh@microsoft.com>
Signed-off-by: Shiwei Zhang <shizh@microsoft.com>
Signed-off-by: Shiwei Zhang <shizh@microsoft.com>
Signed-off-by: Shiwei Zhang <shizh@microsoft.com>
Signed-off-by: Shiwei Zhang <shizh@microsoft.com>
Signed-off-by: Shiwei Zhang <shizh@microsoft.com>
Signed-off-by: Shiwei Zhang <shizh@microsoft.com>
mnltejaswini
reviewed
Sep 8, 2021
| return ocispec.Descriptor{}, err | ||
| } | ||
| insecure := config.IsRegistryInsecure(ref.Registry) | ||
| if host, _, _ := net.SplitHostPort(ref.Registry); host == "localhost" { |
mnltejaswini
reviewed
Sep 8, 2021
| } | ||
|
|
||
| insecure := config.IsRegistryInsecure(hostname) | ||
| if host, _, _ := net.SplitHostPort(hostname); host == "localhost" { |
There was a problem hiding this comment.
maybe worth having it as util for determining insecure property from hostname
There was a problem hiding this comment.
Can we create an issue to track, and merge?
|
Per the notation call today, we've agreed to merge this as a baseline to create issues and continue iterations. |
Signed-off-by: Shiwei Zhang <shizh@microsoft.com>
There was a problem hiding this comment.
Some high-level comments:
- For better readability, we need to add some documentation for packages and exported names.
- We should also add unit tests. At minimum we need test which exercises positive scenario(successful signing and verification) to avoid breaking changes.
- The Commit history doesn't look right; also, can we please update the commit message?
- We need better error messages
- The cli should exit with proper exit code(non zero for failures) Ref
- The package structure should be reorganized for better readability.
cmd
|->docker-generate --> contains cmd to generates docker artifact
|->docker-notation -->
|->crypto --> not a cli file but a implementation of signer and verifier; shouldn’t be inside cmd
|->docker --> contains docker related helper method; shouldn’t be inside cmd
|->notation --> contains docker pull,push,etc commands
internal
|->docker --> it’s a cli helper; should go to cmd
|->io
|->os
|->version --> it’s a cli helper; should go to cmd
pkg --> What's the difference between internal and pkg?
|->cache --> contains signature related methods; why its named cache?
|->config --> contains user config
|->docker --> Docker related helper to get image; should this go to registry?
|->registry --> Docker related helper
Tracking issue #93
Signed-off-by: Shiwei Zhang <shizh@microsoft.com>
Closed
Signed-off-by: Shiwei Zhang <shizh@microsoft.com>
Signed-off-by: Shiwei Zhang <shizh@microsoft.com>
Signed-off-by: Shiwei Zhang <shizh@microsoft.com>
Signed-off-by: Shiwei Zhang <shizh@microsoft.com>
Signed-off-by: Shiwei Zhang <shizh@microsoft.com>
| @@ -0,0 +1,40 @@ | |||
| package crypto | |||
There was a problem hiding this comment.
should service.go be added as default implementation in notation-lib?
Comment on lines
+12
to
+17
| passwordFlag = &cli.StringFlag{ | ||
| Name: "password", | ||
| Aliases: []string{"p"}, | ||
| Usage: "password for generic remote access", | ||
| EnvVars: []string{"NOTATION_PASSWORD"}, | ||
| } |
There was a problem hiding this comment.
Taking password from cli in plain text is a security risk as its visible while typing and can be seen in shell history.
Comment on lines
+12
to
+14
| VerificationCertificates VerificationCertificates `json:"verificationCerts"` | ||
| SigningKeys SigningKeys `json:"signingKeys,omitempty"` | ||
| InsecureRegistries []string `json:"insecureRegistries"` |
There was a problem hiding this comment.
instead of exporting types can we export routines so that underlying implementation can be changed without affecting callers.
17 tasks
sajayantony
approved these changes
Sep 15, 2021
There was a problem hiding this comment.
As per morning call we will have issues tracking things called out above by @mnltejaswini @priteshbandi and others.
NiazFK
approved these changes
Sep 15, 2021
This was referenced Aug 4, 2022
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Notation CLI alpha based on notaryproject/notation-go#5 and the prototype-2 branch.
This PR is an accumulated contribution.
Related PRs: