// runCreate is the code that implements the create command.
func runCreate(cmd *cobra.Command, args []string) {
cmd.Printf("Creating User : Name[%s] Email[%s] Pass[%s]\n", create.name, create.email, create.pass)
if create.name == "" && create.email == "" && create.pass == "" {
cmd.Help()
return
}
u, err := auth.NewUser(auth.NUser{
Status: auth.StatusActive,
FullName: create.name,
Email: create.email,
Password: create.pass,
})
if err != nil {
cmd.Println("Creating User : "******"", conn, u); err != nil {
cmd.Println("Creating User : "******"", conn, u, 24*365*time.Hour)
if err != nil {
cmd.Println("Creating User : "******"\nToken: %s\n\n", webTok)
}
func commitContainer(ctx *cobra.Command, args []string) {
if len(args) < 2 {
ErrorExit(ctx, "Needs two arguments to commit <CONTAINER-NAME|ID> to <IMAGE-NAME[:TAG]>")
}
reg, name, tag, err := client.ParseRepositoryName(args[1])
if err != nil {
log.Fatal(err)
}
if reg != "" {
name = reg + "/" + name
}
docker, err := client.NewDockerClient(configPath, hostName, ctx.Out())
if err != nil {
log.Fatal(err)
}
if _, err := docker.CommitContainer(args[0], name, tag, message, author, boolPause); err != nil {
log.Fatal(err)
}
ctx.Printf("Committed %s as %s:%s\n", args[0], name, tag)
}
func (t *tufCommander) tufAdd(cmd *cobra.Command, args []string) error {
if len(args) < 3 {
cmd.Usage()
return fmt.Errorf("Must specify a GUN, target, and path to target data")
}
config, err := t.configGetter()
if err != nil {
return err
}
gun := args[0]
targetName := args[1]
targetPath := args[2]
// no online operations are performed by add so the transport argument
// should be nil
nRepo, err := notaryclient.NewNotaryRepository(
config.GetString("trust_dir"), gun, getRemoteTrustServer(config), nil, t.retriever)
if err != nil {
return err
}
target, err := notaryclient.NewTarget(targetName, targetPath)
if err != nil {
return err
}
// If roles is empty, we default to adding to targets
if err = nRepo.AddTarget(target, t.roles...); err != nil {
return err
}
cmd.Printf(
"Addition of target \"%s\" to repository \"%s\" staged for next publish.\n",
targetName, gun)
return nil
}
func tufAdd(cmd *cobra.Command, args []string) {
if len(args) < 3 {
cmd.Usage()
fatalf("Must specify a GUN, target, and path to target data")
}
parseConfig()
gun := args[0]
targetName := args[1]
targetPath := args[2]
// no online operations are performed by add so the transport argument
// should be nil
nRepo, err := notaryclient.NewNotaryRepository(mainViper.GetString("trust_dir"), gun, getRemoteTrustServer(), nil, retriever)
if err != nil {
fatalf(err.Error())
}
target, err := notaryclient.NewTarget(targetName, targetPath)
if err != nil {
fatalf(err.Error())
}
err = nRepo.AddTarget(target)
if err != nil {
fatalf(err.Error())
}
cmd.Printf(
"Addition of target \"%s\" to repository \"%s\" staged for next publish.\n",
targetName, gun)
}
func publishAndPrintToCLI(cmd *cobra.Command, nRepo *notaryclient.NotaryRepository, gun string) error {
if err := nRepo.Publish(); err != nil {
return err
}
cmd.Printf("Successfully published changes for repository %s\n", gun)
return nil
}
// runIndex issues the command talking to the web service.
func runIndex(cmd *cobra.Command, args []string) error {
cmd.Printf("Ensure Indexes : Name[%s]\n", index.name)
set, err := runGetSet(cmd, index.name)
if err != nil {
return err
}
verb := "PUT"
url := "/v1/index/" + index.name
data, err := json.Marshal(set)
if err != nil {
return err
}
cmd.Printf("\n%s\n\n", string(data))
if _, err := web.Request(cmd, verb, url, bytes.NewBuffer(data)); err != nil {
return err
}
cmd.Println("\n", "Ensure Indexes : Ensured")
return nil
}
// runExecWeb issues the command talking to the web service.
func runExecWeb(cmd *cobra.Command, vars map[string]string) error {
verb := "GET"
url := "/v1/exec/" + exe.name
if len(vars) > 0 {
var i int
for k, v := range vars {
if i == 0 {
url += "?"
} else {
url += "&"
}
i++
url += k + "=" + v
}
}
resp, err := web.Request(cmd, verb, url, nil)
if err != nil {
return err
}
cmd.Printf("\n%s\n\n", resp)
return nil
}
func (t *tufCommander) tufRemove(cmd *cobra.Command, args []string) error {
if len(args) < 2 {
return fmt.Errorf("Must specify a GUN and target")
}
config, err := t.configGetter()
if err != nil {
return err
}
gun := args[0]
targetName := args[1]
trustPin, err := getTrustPinning(config)
if err != nil {
return err
}
// no online operation are performed by remove so the transport argument
// should be nil.
repo, err := notaryclient.NewNotaryRepository(
config.GetString("trust_dir"), gun, getRemoteTrustServer(config), nil, t.retriever, trustPin)
if err != nil {
return err
}
// If roles is empty, we default to removing from targets
if err = repo.RemoveTarget(targetName, t.roles...); err != nil {
return err
}
cmd.Printf("Removal of %s from %s staged for next publish.\n", targetName, gun)
return nil
}
func logoutRegistry(ctx *cobra.Command, args []string) {
reg := client.INDEX_SERVER
if len(args) > 0 {
reg = args[0]
}
config, err := client.LoadConfig(configPath)
if err != nil {
log.Fatal(err)
}
registry, notFound := config.GetRegistry(reg)
if (notFound != nil) || (registry.Credentials == "") {
log.Fatalf("Not logged in to a Docker registry at %s", reg)
}
config.LogoutRegistry(reg)
if err := config.SaveConfig(configPath); err != nil {
log.Fatal(err)
}
ctx.Printf("Removed login credentials for a Docker registry at %s\n\n", reg)
listRegistries(ctx, args)
}
// runStatus is the code that implements the status command.
func runStatus(cmd *cobra.Command, args []string) {
cmd.Printf("Status User : Pid[%s] Email[%s] Active[%v]\n", status.pid, status.email, status.active)
if status.pid == "" && status.email == "" {
cmd.Help()
return
}
db := db.NewMGO()
defer db.CloseMGO()
var publicID string
if status.pid != "" {
publicID = status.pid
} else {
u, err := auth.GetUserByEmail("", db, status.email, false)
if err != nil {
cmd.Println("Status User : "******"", db, publicID, st); err != nil {
cmd.Println("Status User : "******"Status User : Updated")
}
func tagImage(ctx *cobra.Command, args []string) {
if len(args) < 2 {
ErrorExit(ctx, "Needs two arguments <NAME[:TAG]|ID> <NEW-NAME[:TAG]>")
}
reg, name, tag, err := client.ParseRepositoryName(args[1])
if err != nil {
log.Fatal(err)
}
if reg != "" {
name = reg + "/" + name
}
docker, err := client.NewDockerClient(configPath, hostName, ctx.Out())
if err != nil {
log.Fatal(err)
}
if err := docker.TagImage(args[0], name, tag, boolForce); err != nil {
log.Fatal(err)
}
ctx.Printf("Tagged %s as %s:%s\n", args[0], name, tag)
}
// runExecute is the code that implements the execute command.
func runExecute(cmd *cobra.Command, args []string) error {
cmd.Printf("Executing View : Name[%s]\n", execute.viewName)
// Validate the input parameters.
if execute.viewName == "" || execute.itemKey == "" {
return fmt.Errorf("view name and item key must be specified")
}
// Ready the view parameters.
viewParams := wire.ViewParams{
ViewName: execute.viewName,
ItemKey: execute.itemKey,
ResultsCollection: execute.resultsCollection,
BufferLimit: execute.bufferLimit,
}
// Execute the view.
results, err := wire.Execute("", mgoDB, graphDB, &viewParams)
if err != nil {
return err
}
// Prepare the results for printing.
data, err := json.MarshalIndent(results, "", " ")
if err != nil {
return err
}
cmd.Printf("\n%s\n\n", string(data))
cmd.Println("\n", "Executing View : Executed")
return nil
}
func getContainerChanges(ctx *cobra.Command, args []string) {
if len(args) < 1 {
ErrorExit(ctx, "Needs an argument <NAME|ID> to get changes")
}
docker, err := client.NewDockerClient(configPath, hostName, ctx.Out())
if err != nil {
log.Fatal(err)
}
changes, err := docker.GetContainerChanges(args[0])
if err != nil {
log.Fatal(err)
}
for _, change := range changes {
var kind string
switch change.Kind {
case api.CHANGE_TYPE_MODIFY:
kind = "C"
case api.CHANGE_TYPE_ADD:
kind = "A"
case api.CHANGE_TYPE_DELETE:
kind = "D"
}
ctx.Printf("%s %s\n", kind, change.Path)
}
}
func printCert(cmd *cobra.Command, cert *x509.Certificate) {
timeDifference := cert.NotAfter.Sub(time.Now())
certID, err := trustmanager.FingerprintCert(cert)
if err != nil {
fatalf("Could not fingerprint certificate: %v", err)
}
cmd.Printf("%s %s (expires in: %v days)\n", cert.Subject.CommonName, certID, math.Floor(timeDifference.Hours()/24))
}
func (t *tufCommander) tufAddByHash(cmd *cobra.Command, args []string) error {
if len(args) < 3 || t.sha256 == "" && t.sha512 == "" {
cmd.Usage()
return fmt.Errorf("Must specify a GUN, target, byte size of target data, and at least one hash")
}
config, err := t.configGetter()
if err != nil {
return err
}
gun := args[0]
targetName := args[1]
targetSize := args[2]
targetInt64Len, err := strconv.ParseInt(targetSize, 0, 64)
if err != nil {
return err
}
trustPin, err := getTrustPinning(config)
if err != nil {
return err
}
// no online operations are performed by add so the transport argument
// should be nil
nRepo, err := notaryclient.NewFileCachedNotaryRepository(
config.GetString("trust_dir"), gun, getRemoteTrustServer(config), nil, t.retriever, trustPin)
if err != nil {
return err
}
targetHashes, err := getTargetHashes(t)
if err != nil {
return err
}
// Manually construct the target with the given byte size and hashes
target := ¬aryclient.Target{Name: targetName, Hashes: targetHashes, Length: targetInt64Len}
// If roles is empty, we default to adding to targets
if err = nRepo.AddTarget(target, t.roles...); err != nil {
return err
}
// Include the hash algorithms we're using for pretty printing
hashesUsed := []string{}
for hashName := range targetHashes {
hashesUsed = append(hashesUsed, hashName)
}
cmd.Printf(
"Addition of target \"%s\" by %s hash to repository \"%s\" staged for next publish.\n",
targetName, strings.Join(hashesUsed, ", "), gun)
return maybeAutoPublish(cmd, t.autoPublish, gun, config, t.retriever)
}
// runGet issues the command talking to the web service.
func runGet(cmd *cobra.Command, args []string) error {
verb := "GET"
url := "/v1/query/" + get.name
resp, err := web.Request(cmd, verb, url, nil)
if err != nil {
return err
}
cmd.Printf("\n%s\n\n", resp)
return nil
}
func (t *tufCommander) tufStatus(cmd *cobra.Command, args []string) error {
if len(args) < 1 {
cmd.Usage()
return fmt.Errorf("Must specify a GUN")
}
config, err := t.configGetter()
if err != nil {
return err
}
gun := args[0]
trustPin, err := getTrustPinning(config)
if err != nil {
return err
}
nRepo, err := notaryclient.NewFileCachedNotaryRepository(
config.GetString("trust_dir"), gun, getRemoteTrustServer(config), nil, t.retriever, trustPin)
if err != nil {
return err
}
cl, err := nRepo.GetChangelist()
if err != nil {
return err
}
if len(cl.List()) == 0 {
cmd.Printf("No unpublished changes for %s\n", gun)
return nil
}
cmd.Printf("Unpublished changes for %s:\n\n", gun)
tw := initTabWriter(
[]string{"#", "ACTION", "SCOPE", "TYPE", "PATH"},
cmd.Out(),
)
for i, ch := range cl.List() {
fmt.Fprintf(
tw,
fiveItemRow,
fmt.Sprintf("%d", i),
ch.Action(),
ch.Scope(),
ch.Type(),
ch.Path(),
)
}
tw.Flush()
return nil
}
func (k *keyCommander) keysRotate(cmd *cobra.Command, args []string) error {
if len(args) < 2 {
cmd.Usage()
return fmt.Errorf("Must specify a GUN and a key role to rotate")
}
config, err := k.configGetter()
if err != nil {
return err
}
gun := args[0]
rotateKeyRole := args[1]
rt, err := getTransport(config, gun, admin)
if err != nil {
return err
}
trustPin, err := getTrustPinning(config)
if err != nil {
return err
}
nRepo, err := notaryclient.NewFileCachedNotaryRepository(
config.GetString("trust_dir"), gun, getRemoteTrustServer(config),
rt, k.getRetriever(), trustPin)
if err != nil {
return err
}
if rotateKeyRole == data.CanonicalRootRole {
cmd.Print("Warning: you are about to rotate your root key.\n\n" +
"You must use your old key to sign this root rotation. We recommend that\n" +
"you sign all your future root changes with this key as well, so that\n" +
"clients can have a smoother update process. Please do not delete\n" +
"this key after rotating.\n\n" +
"Are you sure you want to proceed? (yes/no) ")
if !askConfirm(k.input) {
fmt.Fprintln(cmd.Out(), "\nAborting action.")
return nil
}
}
if err := nRepo.RotateKey(rotateKeyRole, k.rotateKeyServerManaged); err != nil {
return err
}
cmd.Printf("Successfully rotated %s key for repository %s\n", rotateKeyRole, gun)
return nil
}
// keyPassphraseChange changes the passphrase for a root key's private key based on ID
func (k *keyCommander) keyPassphraseChange(cmd *cobra.Command, args []string) error {
if len(args) < 1 {
cmd.Usage()
return fmt.Errorf("must specify the key ID of the key to change the passphrase of")
}
config, err := k.configGetter()
if err != nil {
return err
}
ks, err := k.getKeyStores(config, true)
if err != nil {
return err
}
keyID := args[0]
// This is an invalid ID
if len(keyID) != notary.Sha256HexSize {
return fmt.Errorf("invalid key ID provided: %s", keyID)
}
// Find the key's GUN by ID, in case it is a non-root key
var keyGUN string
for _, store := range ks {
for keypath := range store.ListKeys() {
if filepath.Base(keypath) == keyID {
keyGUN = filepath.Dir(keypath)
}
}
}
cs := cryptoservice.NewCryptoService(keyGUN, ks...)
privKey, role, err := cs.GetPrivateKey(keyID)
if err != nil {
return fmt.Errorf("could not retrieve local key for key ID provided: %s", keyID)
}
// Must use a different passphrase retriever to avoid caching the
// unlocking passphrase and reusing that.
passChangeRetriever := k.getRetriever()
keyStore, err := trustmanager.NewKeyFileStore(config.GetString("trust_dir"), passChangeRetriever)
err = keyStore.AddKey(filepath.Join(keyGUN, keyID), role, privKey)
if err != nil {
return err
}
cmd.Println("")
cmd.Printf("Successfully updated passphrase for key ID: %s", keyID)
cmd.Println("")
return nil
}
func (t *tufCommander) tufInit(cmd *cobra.Command, args []string) error {
if len(args) < 1 {
cmd.Usage()
return fmt.Errorf("Must specify a GUN")
}
config, err := t.configGetter()
if err != nil {
return err
}
gun := args[0]
rt, err := getTransport(config, gun, false)
if err != nil {
return err
}
trustPin, err := getTrustPinning(config)
if err != nil {
return err
}
nRepo, err := notaryclient.NewNotaryRepository(
config.GetString("trust_dir"), gun, getRemoteTrustServer(config), rt, t.retriever, trustPin)
if err != nil {
return err
}
rootKeyList := nRepo.CryptoService.ListKeys(data.CanonicalRootRole)
var rootKeyID string
if len(rootKeyList) < 1 {
cmd.Println("No root keys found. Generating a new root key...")
rootPublicKey, err := nRepo.CryptoService.Create(data.CanonicalRootRole, "", data.ECDSAKey)
rootKeyID = rootPublicKey.ID()
if err != nil {
return err
}
} else {
// Choses the first root key available, which is initialization specific
// but should return the HW one first.
rootKeyID = rootKeyList[0]
cmd.Printf("Root key found, using: %s\n", rootKeyID)
}
if err = nRepo.Initialize(rootKeyID); err != nil {
return err
}
return nil
}
func tufStatus(cmd *cobra.Command, args []string) {
if len(args) < 1 {
cmd.Usage()
fatalf("Must specify a GUN")
}
parseConfig()
gun := args[0]
nRepo, err := notaryclient.NewNotaryRepository(mainViper.GetString("trust_dir"), gun, getRemoteTrustServer(), nil, retriever)
if err != nil {
fatalf(err.Error())
}
cl, err := nRepo.GetChangelist()
if err != nil {
fatalf(err.Error())
}
if len(cl.List()) == 0 {
cmd.Printf("No unpublished changes for %s\n", gun)
return
}
cmd.Printf("Unpublished changes for %s:\n\n", gun)
cmd.Printf("%-10s%-10s%-12s%s\n", "action", "scope", "type", "path")
cmd.Println("----------------------------------------------------")
for _, ch := range cl.List() {
cmd.Printf("%-10s%-10s%-12s%s\n", ch.Action(), ch.Scope(), ch.Type(), ch.Path())
}
}
// runUpsert is the code that implements the upsert command.
func runUpsert(cmd *cobra.Command, args []string) error {
cmd.Printf("Upserting Items : Path[%s]\n", upsert.path)
if upsert.path == "" {
return fmt.Errorf("path must be provided")
}
file := upsert.path
stat, err := os.Stat(file)
if err != nil {
return err
}
if !stat.IsDir() {
item, err := disk.LoadItem("", file)
if err != nil {
return err
}
if err := runUpsertWeb(cmd, *item); err != nil {
return err
}
cmd.Println("\n", "Upserting Items : Upserted")
return nil
}
f := func(path string) error {
item, err := disk.LoadItem("", path)
if err != nil {
return err
}
if err := runUpsertWeb(cmd, *item); err != nil {
return err
}
return nil
}
if err := disk.LoadDir(file, f); err != nil {
return err
}
cmd.Println("\n", "Upserting Items : Upserted")
return nil
}
// runGet issues the command talking to the web service.
func runGet(cmd *cobra.Command, args []string) error {
verb := "GET"
url := "/v1/pattern"
if get.ptype != "" {
url += "/" + get.ptype
}
resp, err := web.Request(cmd, verb, url, nil)
if err != nil {
return err
}
cmd.Printf("\n%s\n\n", resp)
return nil
}
// runUpsertWeb issues the command talking to the web service.
func runUpsertWeb(cmd *cobra.Command, p pattern.Pattern) error {
verb := "PUT"
url := "/v1/pattern"
data, err := json.Marshal(p)
if err != nil {
return err
}
cmd.Printf("\n%s\n\n", string(data))
if _, err := web.Request(cmd, verb, url, bytes.NewBuffer(data)); err != nil {
return err
}
return nil
}
// runGet issues the command talking to the web service.
func runGet(cmd *cobra.Command, args []string) error {
verb := "GET"
url := "/v1/item"
if get.IDs == "" {
return fmt.Errorf("at least one id required")
}
url += "/" + get.IDs
resp, err := web.Request(cmd, verb, url, nil)
if err != nil {
return err
}
cmd.Printf("\n%s\n\n", resp)
return nil
}
// runUpsertWeb issues the command talking to the web service.
func runUpsertWeb(cmd *cobra.Command, rel relationship.Relationship) error {
verb := "PUT"
url := "/v1/relationship"
data, err := json.Marshal(rel)
if err != nil {
return err
}
cmd.Printf("\n%s\n\n", string(data))
if _, err := web.Request(cmd, verb, url, bytes.NewBuffer(data)); err != nil {
return err
}
return nil
}
func runCreate(cmd *cobra.Command, args []string) error {
if len(args) == 0 {
return errors.New("the name of the new chart is required")
}
cname := args[0]
cmd.Printf("Creating %s\n", cname)
chartname := filepath.Base(cname)
cfile := &chart.Metadata{
Name: chartname,
Description: "A Helm chart for Kubernetes",
Version: "0.1.0",
}
_, err := chartutil.Create(cfile, filepath.Dir(cname))
return err
}
func runPackage(cmd *cobra.Command, args []string) error {
path := "."
if len(args) > 0 {
path = args[0]
} else {
return fmt.Errorf("This command needs at least one argument, the path to the chart.")
}
path, err := filepath.Abs(path)
if err != nil {
return err
}
ch, err := chartutil.LoadDir(path)
if err != nil {
return err
}
if filepath.Base(path) != ch.Metadata.Name {
return fmt.Errorf("directory name (%s) and Chart.yaml name (%s) must match", filepath.Base(path), ch.Metadata.Name)
}
// Save to the current working directory.
cwd, err := os.Getwd()
if err != nil {
return err
}
name, err := chartutil.Save(ch, cwd)
if err == nil && flagDebug {
cmd.Printf("Saved %s to current directory\n", name)
}
// Save to $HELM_HOME/local directory. This is second, because we don't want
// the case where we saved here, but didn't save to the default destination.
if save {
if err := repo.AddChartToLocalRepo(ch, localRepoDirectory()); err != nil {
return err
} else if flagDebug {
cmd.Printf("Saved %s to %s\n", name, localRepoDirectory())
}
}
return err
}
func (k *keyCommander) keysGenerateRootKey(cmd *cobra.Command, args []string) error {
// We require one or no arguments (since we have a default value), but if the
// user passes in more than one argument, we error out.
if len(args) > 1 {
cmd.Usage()
return fmt.Errorf(
"Please provide only one Algorithm as an argument to generate (rsa, ecdsa)")
}
// If no param is given to generate, generates an ecdsa key by default
algorithm := data.ECDSAKey
// If we were provided an argument lets attempt to use it as an algorithm
if len(args) > 0 {
algorithm = args[0]
}
allowedCiphers := map[string]bool{
data.ECDSAKey: true,
data.RSAKey: true,
}
if !allowedCiphers[strings.ToLower(algorithm)] {
return fmt.Errorf("Algorithm not allowed, possible values are: RSA, ECDSA")
}
config, err := k.configGetter()
if err != nil {
return err
}
ks, err := k.getKeyStores(config, true, true)
if err != nil {
return err
}
cs := cryptoservice.NewCryptoService(ks...)
pubKey, err := cs.Create(data.CanonicalRootRole, "", algorithm)
if err != nil {
return fmt.Errorf("Failed to create a new root key: %v", err)
}
cmd.Printf("Generated new %s root key with keyID: %s\n", algorithm, pubKey.ID())
return nil
}
func (t *tufCommander) tufReset(cmd *cobra.Command, args []string) error {
if len(args) < 1 {
cmd.Usage()
return fmt.Errorf("Must specify a GUN")
}
if !t.resetAll && len(t.deleteIdx) < 1 {
cmd.Usage()
return fmt.Errorf("Must specify changes to reset with -n or the --all flag")
}
config, err := t.configGetter()
if err != nil {
return err
}
gun := args[0]
trustPin, err := getTrustPinning(config)
if err != nil {
return err
}
nRepo, err := notaryclient.NewFileCachedNotaryRepository(
config.GetString("trust_dir"), gun, getRemoteTrustServer(config), nil, t.retriever, trustPin)
if err != nil {
return err
}
cl, err := nRepo.GetChangelist()
if err != nil {
return err
}
if t.resetAll {
err = cl.Clear(t.archiveChangelist)
} else {
err = cl.Remove(t.deleteIdx)
}
// If it was a success, print to terminal
if err == nil {
cmd.Printf("Successfully reset specified changes for repository %s\n", gun)
}
return err
}
