Support clean up the source key and certificate generated by Notation

[FeynmanZhou]

What is the areas you would like to add the new feature to?

Notation CLI

Is your feature request related to a problem?

notation key delete can only remove the key from the signing key list and notation cert delete can only remove the self-signed certificate from the trust store. This is by design since Notation doesn't support signing with local keys and managing local keys.

Per discussion in #606 (comment) and another issue #604 , users want to delete the source key and certificate generated by notation cert generate-test in a convenient way.

What solution do you propose?

Providing a flag --cleanup to notation cert generate-test to allow users to delete the specified source key and certificate generated by notation cert generate-test. This flag is only used to delete the test key and self-signed certificate. The keys and certificates that are not generated by Notation will not be able to be deleted with this flag.

For example, delete a source key and cert generated by notation cert generate-test "wabbit-networks.io":

$ notation cert generate-test --cleanup wabbit-networks.io
Deleted <key_name> and <cert_name> 

What alternatives have you considered?

N/A

Any additional context?

No response

[patrickzheng200]

Will take this one. @yizha1 @FeynmanZhou Do we want it in 1.0 or after 1.0?

[patrickzheng200]

@FeynmanZhou By reading through your issue description, I have the following question:
One could run notation cert generate-test for multiple times and each time with a different key name. Should notation cert generate-test --cleanup delete all of those keys/certs? Or notation cert generate-test --cleanup <name> requires a name argument so that each time only one key/cert specified by the user is deleted?

[FeynmanZhou]

@patrickzheng200 It's in v1.0.0. This cleanup flag is used to delete the specified source key/cert. We need to add an argument <name> when using this flag. I will update the Notation CLI Spec with this new flag.

[patrickzheng200]

@patrickzheng200 This cleanup flag is used to delete the specified source key/cert. We need to add an argument <name> when using this flag. I will update the Notation CLI Spec with this new flag.

I see. So, each time we run with flag --cleanup, we only delete 1 key/cert. Then my follow up question would be:
Since signingkeys.json is just a file, the user can manually add contents to it, for example:

{
    "default": "alpine2",
    "keys": [
        {
            "name": "alpine",                     <-------- a test key created by `notation cert generate-test`
            "keyPath": "notation/localkeys/alpine.key",
            "certPath": "notation/localkeys/alpine.crt"
        },
        {
            "name": "alpine2",                  <-------- a test key manually inserted into the file by the user
            "keyPath": "notation/localkeys/alpine2.key",
            "certPath": "notation/localkeys/alpine2.crt"
        }
    ]
}

Given the file above, what is our expected result after running notation cert generate-test --cleanup alpine2?

[FeynmanZhou]

IMO, adding key and cert to signingkey.json manually is not a regular manipulation although technically it is allowed. Given the case above, I think notation cert generate-test --cleanup alpine2 should be able to remove the key alpine2 from signingkeys.json and delete the source key and cert locally. Is it complicated to implement this alpine2 case in v1.0.0?

[patrickzheng200]

IMO, adding key and cert to signingkey.json manually is not a regular manipulation although technically it is allowed. Given the case above, I think notation cert generate-test --cleanup alpine2 should be able to remove the key alpine2 from signingkeys.json and delete the source key and cert locally. Is it complicated to implement this alpine2 case in v1.0.0?

Yeah, that makes sense. To confirm, the command notation cert generate-test --cleanup <name> is able to delete any key/cert as long as it's not an external key. The command would go to the paths (keyPath, certPath) defined in the signingkeys.json and delete them from the paths. Also, it would delete the corresponding certificate from the trust store.

[yizha1]

Just to confirm:

notation cert generate-test <name> will do

• create a local key file and certificate file
  • add entry in signingkeys.json
  • create files under {NOTATION_CONFIG}/localkeys
• add key to signing key list
• add cert to trust store

notation cert generate-test --cleanup <name> will clean up everything created in the above steps, right?

[FeynmanZhou]

@yizha1 Right.