Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Handle delegation roles when signing images with notary #568

Merged
merged 2 commits into from
Dec 14, 2020
Merged

Handle delegation roles when signing images with notary #568

merged 2 commits into from
Dec 14, 2020

Conversation

djoyahoy
Copy link
Contributor

@djoyahoy djoyahoy commented Dec 7, 2020

No description provided.

@djoyahoy djoyahoy linked an issue Dec 7, 2020 that may be closed by this pull request
Ensure that the Notary integration works with delegation keys #566
Closed
@djoyahoy djoyahoy marked this pull request as ready for review December 9, 2020 19:33
tylerphelan
tylerphelan reviewed Dec 10, 2020
View reviewed changes
pkg/notary/authenticating_round_tripper.go
@@ -39,28 +41,34 @@ func (a *AuthenticatingRoundTripper) RoundTrip(req *http.Request) (*http.Respons

header := resp.Header.Get("www-authenticate")
parts := strings.SplitN(header, " ", 2)
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

should len(parts) == 2 be checked?

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I'm not checking it here because I assume the response is well formed as Bearer options.... That seems like a fair assumption to me, but I totally hear you.

matthewmcnew
matthewmcnew reviewed Dec 10, 2020
View reviewed changes
docs/image.md
#### Generate Signing Key
To generate a singing key, use the following commands from the [Docker Content Trust](https://docs.docker.com/engine/security/trust/#signing-images-with-docker-content-trust) documentation:
```shell script
% export DOCKER_CONTENT_TRUST_SERVER=<notary-server-url>
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Is there a reason to recommend the docker cli here vs notary?

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Using the docker CLI is significantly easier. I also suspect thats what most users will use.

matthewmcnew
matthewmcnew reviewed Dec 10, 2020
View reviewed changes
pkg/notary/authenticating_round_tripper.go
@@ -103,6 +111,15 @@ func (a *AuthenticatingRoundTripper) RoundTrip(req *http.Request) (*http.Respons
return a.WrappedRoundTripper.RoundTrip(req)
}

func extractBearerOption(kind string, from string) (string, error) {
r := regexp.MustCompile(fmt.Sprintf(`%s="(.*?)"`, kind))
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Interesting evolution here as the result of multiple scopes.

@djoyahoy djoyahoy merged commit ef43954 into master Dec 14, 2020
@djoyahoy djoyahoy deleted the notary-delegation-roles branch December 14, 2020 19:38
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@matthewmcnew matthewmcnew matthewmcnew approved these changes

@tylerphelan tylerphelan tylerphelan approved these changes

@sukhil-suresh sukhil-suresh Awaiting requested review from sukhil-suresh

@tomkennedy513 tomkennedy513 Awaiting requested review from tomkennedy513

@aemengo aemengo Awaiting requested review from aemengo

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Ensure that the Notary integration works with delegation keys
3 participants
@djoyahoy @matthewmcnew @tylerphelan