Skip to content
Merged
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension


Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
132 changes: 132 additions & 0 deletions cmd/notation/cert/cleanupTest.go
Original file line number Diff line number Diff line change
@@ -0,0 +1,132 @@
// Copyright The Notary Project Authors.
// Licensed under the Apache License, Version 2.0 (the "License");
// you may not use this file except in compliance with the License.
// You may obtain a copy of the License at
//
// http://www.apache.org/licenses/LICENSE-2.0
//
// Unless required by applicable law or agreed to in writing, software
// distributed under the License is distributed on an "AS IS" BASIS,
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
// See the License for the specific language governing permissions and
// limitations under the License.

package cert

import (
"errors"
"fmt"
"io/fs"
"os"
"path/filepath"

"github.com/notaryproject/notation-go/config"
"github.com/notaryproject/notation-go/dir"
"github.com/notaryproject/notation/v2/cmd/notation/internal/display"
"github.com/notaryproject/notation/v2/cmd/notation/internal/truststore"
"github.com/spf13/cobra"
)

type certCleanupTestOpts struct {
name string
confirmed bool
}

func certCleanupTestCommand(opts *certCleanupTestOpts) *cobra.Command {
if opts == nil {
opts = &certCleanupTestOpts{}
}
command := &cobra.Command{
Use: "cleanup-test [flags] <common_name>",
Short: `Clean up a test RSA key and its corresponding certificate that were generated using the "generate-test" command.`,
Args: func(cmd *cobra.Command, args []string) error {
if len(args) == 0 {
return errors.New("missing certificate common name")
}
if !truststore.IsValidFileName(args[0]) {
return errors.New("certificate common name must follow [a-zA-Z0-9_.-]+ format")
}
opts.name = args[0]
return nil
},
Long: `Clean up a test RSA key and its corresponding certificate that were generated using the "generate-test" command.

Example - Clean up a test key and corresponding certificate named "wabbit-networks.io":
notation cert cleanup-test wabbit-networks.io
`,
RunE: func(cmd *cobra.Command, args []string) error {
return cleanupTestCert(opts)
},
}
command.Flags().BoolVarP(&opts.confirmed, "yes", "y", false, "do not prompt for confirmation")
return command
}

func cleanupTestCert(opts *certCleanupTestOpts) error {
name := opts.name
relativeKeyPath, relativeCertPath := dir.LocalKeyPath(name)
certPath, _ := dir.ConfigFS().SysPath(relativeCertPath) // err is always nil
certFileName := filepath.Base(certPath)
keyPath, _ := dir.ConfigFS().SysPath(relativeKeyPath) // err is always nil
prompt := fmt.Sprintf(`The test key %s and its corresponding certificate will be cleaned up with the following changes:
- Delete certificate %s.crt from trust store %s of type ca
- Remove key %s from the key list
- Delete key file: %s
- Delete certificate file: %s

Are you sure you want to continue?`, name, name, name, name, keyPath, certPath)
confirmed, err := display.AskForConfirmation(os.Stdin, prompt, opts.confirmed)
if err != nil {
return err
}

Check warning on line 81 in cmd/notation/cert/cleanupTest.go

View check run for this annotation

Codecov / codecov/patch

cmd/notation/cert/cleanupTest.go#L80-L81

Added lines #L80 - L81 were not covered by tests
if !confirmed {
return nil
}

Check warning on line 84 in cmd/notation/cert/cleanupTest.go

View check run for this annotation

Codecov / codecov/patch

cmd/notation/cert/cleanupTest.go#L83-L84

Added lines #L83 - L84 were not covered by tests

// 1. remove from trust store
err = truststore.DeleteCert("ca", name, certFileName, true)
if err != nil {
if !errors.Is(err, fs.ErrNotExist) {
return fmt.Errorf("failed to delete certificate %s from trust store %s of type ca: %w", certFileName, name, err)
}
fmt.Printf("Certificate %s does not exist in trust store %s of type ca\n", certFileName, name)
}

// 2. remove key from signingkeys.json config
exec := func(s *config.SigningKeys) error {
_, err := s.Remove(name)
return err
}
err = config.LoadExecSaveSigningKeys(exec)
if err != nil {
var keyNotFoundError config.KeyNotFoundError
if !errors.As(err, &keyNotFoundError) {
return fmt.Errorf("failed to remove key %s from the key list: %w", name, err)
}
fmt.Printf("Key %s does not exist in the key list\n", name)
} else {
fmt.Printf("Successfully removed key %s from the key list\n", name)
}

// 3. delete key and certificate files from LocalKeyPath
err = os.Remove(keyPath)
if err != nil {
if !errors.Is(err, fs.ErrNotExist) {
return fmt.Errorf("failed to delete key file %s: %w", keyPath, err)
}
fmt.Printf("Key file %s does not exist\n", keyPath)
} else {
fmt.Printf("Successfully deleted key file: %s\n", keyPath)
}
err = os.Remove(certPath)
if err != nil {
if !errors.Is(err, fs.ErrNotExist) {
return fmt.Errorf("failed to delete certificate file %s: %w", certPath, err)
}

Check warning on line 125 in cmd/notation/cert/cleanupTest.go

View check run for this annotation

Codecov / codecov/patch

cmd/notation/cert/cleanupTest.go#L124-L125

Added lines #L124 - L125 were not covered by tests
fmt.Printf("Certificate file %s does not exist\n", certPath)
} else {
fmt.Printf("Successfully deleted certificate file: %s\n", certPath)
}
fmt.Println("Cleanup completed successfully")
return nil
}
47 changes: 47 additions & 0 deletions cmd/notation/cert/cleanup_test.go
Original file line number Diff line number Diff line change
@@ -0,0 +1,47 @@
// Copyright The Notary Project Authors.
// Licensed under the Apache License, Version 2.0 (the "License");
// you may not use this file except in compliance with the License.
// You may obtain a copy of the License at
//
// http://www.apache.org/licenses/LICENSE-2.0
//
// Unless required by applicable law or agreed to in writing, software
// distributed under the License is distributed on an "AS IS" BASIS,
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
// See the License for the specific language governing permissions and
// limitations under the License.

package cert

import (
"reflect"
"testing"
)

func TestCertCleanupCommand(t *testing.T) {
opts := &certCleanupTestOpts{}
cmd := certCleanupTestCommand(opts)
expected := &certCleanupTestOpts{
name: "name",
}
if err := cmd.ParseFlags([]string{
"name"}); err != nil {
t.Fatalf("Parse Flag failed: %v", err)
}
if err := cmd.Args(cmd, cmd.Flags().Args()); err != nil {
t.Fatalf("Parse Args failed: %v", err)
}
if !reflect.DeepEqual(*expected, *opts) {
t.Fatalf("Expect cert generate-test opts: %v, got: %v", expected, opts)
}
}

func TestCertCleanupTestCommand_MissingArgs(t *testing.T) {
cmd := certCleanupTestCommand(nil)
if err := cmd.ParseFlags(nil); err != nil {
t.Fatalf("Parse Flag failed: %v", err)
}
if err := cmd.Args(cmd, cmd.Flags().Args()); err == nil {
t.Fatal("Parse Args expected error, but ok")
}
}
2 changes: 2 additions & 0 deletions cmd/notation/cert/cmd.go
Original file line number Diff line number Diff line change
Expand Up @@ -11,6 +11,7 @@
// See the License for the specific language governing permissions and
// limitations under the License.

// Package cert provides implementation of the `notation certificate` command
package cert

import "github.com/spf13/cobra"
Expand All @@ -29,6 +30,7 @@ func Cmd() *cobra.Command {
certShowCommand(nil),
certDeleteCommand(nil),
certGenerateTestCommand(nil),
certCleanupTestCommand(nil),
)

return command
Expand Down
2 changes: 1 addition & 1 deletion cmd/notation/cert/generateTest.go
Original file line number Diff line number Diff line change
Expand Up @@ -138,7 +138,7 @@ func generateTestCert(opts *certGenerateTestOpts) error {
// write out
fmt.Printf("%s: added to the key list\n", name)
if opts.isDefault {
fmt.Printf("%s: mark as default signing key\n", name)
fmt.Printf("%s: marked as default signing key\n", name)
}
return nil
}
Expand Down
2 changes: 1 addition & 1 deletion cmd/notation/internal/sign/sign_test.go
Original file line number Diff line number Diff line change
Expand Up @@ -177,7 +177,7 @@ func TestGetSignerFailed(t *testing.T) {

t.Run("key not found", func(t *testing.T) {
dir.UserConfigDir = "./testdata/valid_signingkeys"
expectedErrMsg := `signing key not found`
expectedErrMsg := `signing key test2 not found`
opts := &flag.SignerFlagOpts{
Key: "test2",
}
Expand Down
2 changes: 1 addition & 1 deletion cmd/notation/internal/truststore/truststore.go
Original file line number Diff line number Diff line change
Expand Up @@ -190,7 +190,7 @@ func DeleteCert(storeType, namedStore, cert string, confirmed bool) error {
return err
}
// write out on success
fmt.Printf("Successfully deleted %s\n", cert)
fmt.Printf("Successfully deleted %s from trust store %s of type %s\n", cert, namedStore, storeType)
return nil
}

Expand Down
6 changes: 3 additions & 3 deletions go.mod
Original file line number Diff line number Diff line change
Expand Up @@ -3,10 +3,10 @@ module github.com/notaryproject/notation/v2
go 1.24.0

require (
github.com/notaryproject/notation-core-go v1.2.0
github.com/notaryproject/notation-go v1.2.0-beta.1.0.20250310060348-fdcf9cc47604
github.com/notaryproject/notation-core-go v1.2.1-0.20250304022306-ea37e4e6c39a
github.com/notaryproject/notation-go v1.2.0-beta.1.0.20250324062555-fcc1ce32f892
github.com/notaryproject/notation-plugin-framework-go v1.0.0
github.com/notaryproject/tspclient-go v1.0.0
github.com/notaryproject/tspclient-go v1.0.1-0.20250306063739-4f55b14d9f01
github.com/opencontainers/go-digest v1.0.0
github.com/opencontainers/image-spec v1.1.1
github.com/sirupsen/logrus v1.9.3
Expand Down
12 changes: 6 additions & 6 deletions go.sum
Original file line number Diff line number Diff line change
Expand Up @@ -36,14 +36,14 @@ github.com/jcmturner/gokrb5/v8 v8.4.4 h1:x1Sv4HaTpepFkXbt2IkL29DXRf8sOfZXo8eRKh6
github.com/jcmturner/gokrb5/v8 v8.4.4/go.mod h1:1btQEpgT6k+unzCwX1KdWMEwPPkkgBtP+F6aCACiMrs=
github.com/jcmturner/rpc/v2 v2.0.3 h1:7FXXj8Ti1IaVFpSAziCZWNzbNuZmnvw/i6CqLNdWfZY=
github.com/jcmturner/rpc/v2 v2.0.3/go.mod h1:VUJYCIDm3PVOEHw8sgt091/20OJjskO/YJki3ELg/Hc=
github.com/notaryproject/notation-core-go v1.2.0 h1:WElMG9X0YXJhBd0A4VOxLNalTLrTjvqtIAj7JHr5X08=
github.com/notaryproject/notation-core-go v1.2.0/go.mod h1:+y3L1dOs2/ZwJIU5Imo7BBvZ/M3CFjXkydGGdK09EtA=
github.com/notaryproject/notation-go v1.2.0-beta.1.0.20250310060348-fdcf9cc47604 h1:uw65pHgN+NXAqHssmlRJUkcl515AQgMIOdC6tbBHHXE=
github.com/notaryproject/notation-go v1.2.0-beta.1.0.20250310060348-fdcf9cc47604/go.mod h1:NXYZyzIawUSyv+C0Gs8bBYJ1q8a1gy78GEss8fPNZmY=
github.com/notaryproject/notation-core-go v1.2.1-0.20250304022306-ea37e4e6c39a h1:xagHqXDQKyG4hYCzf2yrMxNGdUf1FELEYojY7dZEgP0=
github.com/notaryproject/notation-core-go v1.2.1-0.20250304022306-ea37e4e6c39a/go.mod h1:26/FuY/XSwyGiafPFDOeUJBz+sPsWDpK+Ei4TWtcmTc=
github.com/notaryproject/notation-go v1.2.0-beta.1.0.20250324062555-fcc1ce32f892 h1:2bD9p585QwuFQry03o19yHZzeBJOCSuol6LR64KIfto=
github.com/notaryproject/notation-go v1.2.0-beta.1.0.20250324062555-fcc1ce32f892/go.mod h1:NXYZyzIawUSyv+C0Gs8bBYJ1q8a1gy78GEss8fPNZmY=
github.com/notaryproject/notation-plugin-framework-go v1.0.0 h1:6Qzr7DGXoCgXEQN+1gTZWuJAZvxh3p8Lryjn5FaLzi4=
github.com/notaryproject/notation-plugin-framework-go v1.0.0/go.mod h1:RqWSrTOtEASCrGOEffq0n8pSg2KOgKYiWqFWczRSics=
github.com/notaryproject/tspclient-go v1.0.0 h1:AwQ4x0gX8IHnyiZB1tggpn5NFqHpTEm1SDX8YNv4Dg4=
github.com/notaryproject/tspclient-go v1.0.0/go.mod h1:LGyA/6Kwd2FlM0uk8Vc5il3j0CddbWSHBj/4kxQDbjs=
github.com/notaryproject/tspclient-go v1.0.1-0.20250306063739-4f55b14d9f01 h1:Ay72jBeHKqBFk6TbJWywfwzefN3Ei7Py2OzCiWU/7nk=
github.com/notaryproject/tspclient-go v1.0.1-0.20250306063739-4f55b14d9f01/go.mod h1:3ZJPmpmdwufY23BkS+JPNktOVb5DXJ8Ik5zxvN7h670=
github.com/opencontainers/go-digest v1.0.0 h1:apOUWs51W5PlhuyGyz9FCeeBIOUDA/6nW8Oi/yOhh5U=
github.com/opencontainers/go-digest v1.0.0/go.mod h1:0JzlMkj0TRzQZfJkVvzbP0HBR3IKzErnv2BNG4W4MAM=
github.com/opencontainers/image-spec v1.1.1 h1:y0fUlFfIZhPF1W537XOLg0/fcx6zcHCJwooC2xJA040=
Expand Down
2 changes: 1 addition & 1 deletion specs/cmd/certificate.md
Original file line number Diff line number Diff line change
Expand Up @@ -148,7 +148,7 @@ Usage:
notation certificate cleanup-test [flags] <common_name>

Flags:
-h, --help help for generate-test
-h, --help help for cleanup-test
-y, --yes do not prompt for confirmation
```

Expand Down
4 changes: 3 additions & 1 deletion test/e2e/go.mod
Original file line number Diff line number Diff line change
Expand Up @@ -4,7 +4,7 @@ go 1.24.0

require (
github.com/notaryproject/notation-core-go v1.2.1-0.20250304022306-ea37e4e6c39a
github.com/notaryproject/notation-go v1.2.0-beta.1.0.20250310060348-fdcf9cc47604
github.com/notaryproject/notation-go v1.2.0-beta.1.0.20250324062555-fcc1ce32f892
github.com/onsi/ginkgo/v2 v2.23.3
github.com/onsi/gomega v1.36.3
github.com/opencontainers/image-spec v1.1.1
Expand All @@ -17,11 +17,13 @@ require (
github.com/go-task/slim-sprig/v3 v3.0.0 // indirect
github.com/google/go-cmp v0.7.0 // indirect
github.com/google/pprof v0.0.0-20241210010833-40e02aabc2ad // indirect
github.com/notaryproject/notation-plugin-framework-go v1.0.0 // indirect
github.com/notaryproject/tspclient-go v1.0.1-0.20250306063739-4f55b14d9f01 // indirect
github.com/opencontainers/go-digest v1.0.0 // indirect
github.com/veraison/go-cose v1.3.0 // indirect
github.com/x448/float16 v0.8.4 // indirect
golang.org/x/crypto v0.36.0 // indirect
golang.org/x/mod v0.23.0 // indirect
golang.org/x/net v0.37.0 // indirect
golang.org/x/sync v0.12.0 // indirect
golang.org/x/sys v0.31.0 // indirect
Expand Down
8 changes: 6 additions & 2 deletions test/e2e/go.sum
Original file line number Diff line number Diff line change
Expand Up @@ -12,8 +12,10 @@ github.com/google/pprof v0.0.0-20241210010833-40e02aabc2ad h1:a6HEuzUHeKH6hwfN/Z
github.com/google/pprof v0.0.0-20241210010833-40e02aabc2ad/go.mod h1:vavhavw2zAxS5dIdcRluK6cSGGPlZynqzFM8NdvU144=
github.com/notaryproject/notation-core-go v1.2.1-0.20250304022306-ea37e4e6c39a h1:xagHqXDQKyG4hYCzf2yrMxNGdUf1FELEYojY7dZEgP0=
github.com/notaryproject/notation-core-go v1.2.1-0.20250304022306-ea37e4e6c39a/go.mod h1:26/FuY/XSwyGiafPFDOeUJBz+sPsWDpK+Ei4TWtcmTc=
github.com/notaryproject/notation-go v1.2.0-beta.1.0.20250310060348-fdcf9cc47604 h1:uw65pHgN+NXAqHssmlRJUkcl515AQgMIOdC6tbBHHXE=
github.com/notaryproject/notation-go v1.2.0-beta.1.0.20250310060348-fdcf9cc47604/go.mod h1:NXYZyzIawUSyv+C0Gs8bBYJ1q8a1gy78GEss8fPNZmY=
github.com/notaryproject/notation-go v1.2.0-beta.1.0.20250324062555-fcc1ce32f892 h1:2bD9p585QwuFQry03o19yHZzeBJOCSuol6LR64KIfto=
github.com/notaryproject/notation-go v1.2.0-beta.1.0.20250324062555-fcc1ce32f892/go.mod h1:NXYZyzIawUSyv+C0Gs8bBYJ1q8a1gy78GEss8fPNZmY=
github.com/notaryproject/notation-plugin-framework-go v1.0.0 h1:6Qzr7DGXoCgXEQN+1gTZWuJAZvxh3p8Lryjn5FaLzi4=
github.com/notaryproject/notation-plugin-framework-go v1.0.0/go.mod h1:RqWSrTOtEASCrGOEffq0n8pSg2KOgKYiWqFWczRSics=
github.com/notaryproject/tspclient-go v1.0.1-0.20250306063739-4f55b14d9f01 h1:Ay72jBeHKqBFk6TbJWywfwzefN3Ei7Py2OzCiWU/7nk=
github.com/notaryproject/tspclient-go v1.0.1-0.20250306063739-4f55b14d9f01/go.mod h1:3ZJPmpmdwufY23BkS+JPNktOVb5DXJ8Ik5zxvN7h670=
github.com/onsi/ginkgo/v2 v2.23.3 h1:edHxnszytJ4lD9D5Jjc4tiDkPBZ3siDeJJkUZJJVkp0=
Expand All @@ -34,6 +36,8 @@ github.com/x448/float16 v0.8.4 h1:qLwI1I70+NjRFUR3zs1JPUCgaCXSh3SW62uAKT1mSBM=
github.com/x448/float16 v0.8.4/go.mod h1:14CWIYCyZA/cWjXOioeEpHeN/83MdbZDRQHoFcYsOfg=
golang.org/x/crypto v0.36.0 h1:AnAEvhDddvBdpY+uR+MyHmuZzzNqXSe/GvuDeob5L34=
golang.org/x/crypto v0.36.0/go.mod h1:Y4J0ReaxCR1IMaabaSMugxJES1EpwhBHhv2bDHklZvc=
golang.org/x/mod v0.23.0 h1:Zb7khfcRGKk+kqfxFaP5tZqCnDZMjC5VtUBs87Hr6QM=
golang.org/x/mod v0.23.0/go.mod h1:6SkKJ3Xj0I0BrPOZoBy3bdMptDDU9oJrpohJ3eWZ1fY=
golang.org/x/net v0.37.0 h1:1zLorHbz+LYj7MQlSf1+2tPIIgibq2eL5xkrGk6f+2c=
golang.org/x/net v0.37.0/go.mod h1:ivrbrMbzFq5J41QOQh0siUuly180yBYtLp+CKbEaFx8=
golang.org/x/sync v0.12.0 h1:MHc5BpPuC30uJk597Ri8TV3CNZcTLu6B6z4lJy+g6Jw=
Expand Down
2 changes: 1 addition & 1 deletion test/e2e/plugin/go.mod
Original file line number Diff line number Diff line change
Expand Up @@ -5,7 +5,7 @@ go 1.24.0
require (
github.com/golang-jwt/jwt v3.2.2+incompatible
github.com/notaryproject/notation-core-go v1.2.1-0.20250304022306-ea37e4e6c39a
github.com/notaryproject/notation-go v1.2.0-beta.1.0.20250310060348-fdcf9cc47604
github.com/notaryproject/notation-go v1.2.0-beta.1.0.20250324062555-fcc1ce32f892
github.com/notaryproject/notation-plugin-framework-go v1.0.0
github.com/spf13/cobra v1.9.1
)
Expand Down
4 changes: 2 additions & 2 deletions test/e2e/plugin/go.sum
Original file line number Diff line number Diff line change
Expand Up @@ -40,8 +40,8 @@ github.com/jcmturner/rpc/v2 v2.0.3 h1:7FXXj8Ti1IaVFpSAziCZWNzbNuZmnvw/i6CqLNdWfZ
github.com/jcmturner/rpc/v2 v2.0.3/go.mod h1:VUJYCIDm3PVOEHw8sgt091/20OJjskO/YJki3ELg/Hc=
github.com/notaryproject/notation-core-go v1.2.1-0.20250304022306-ea37e4e6c39a h1:xagHqXDQKyG4hYCzf2yrMxNGdUf1FELEYojY7dZEgP0=
github.com/notaryproject/notation-core-go v1.2.1-0.20250304022306-ea37e4e6c39a/go.mod h1:26/FuY/XSwyGiafPFDOeUJBz+sPsWDpK+Ei4TWtcmTc=
github.com/notaryproject/notation-go v1.2.0-beta.1.0.20250310060348-fdcf9cc47604 h1:uw65pHgN+NXAqHssmlRJUkcl515AQgMIOdC6tbBHHXE=
github.com/notaryproject/notation-go v1.2.0-beta.1.0.20250310060348-fdcf9cc47604/go.mod h1:NXYZyzIawUSyv+C0Gs8bBYJ1q8a1gy78GEss8fPNZmY=
github.com/notaryproject/notation-go v1.2.0-beta.1.0.20250324062555-fcc1ce32f892 h1:2bD9p585QwuFQry03o19yHZzeBJOCSuol6LR64KIfto=
github.com/notaryproject/notation-go v1.2.0-beta.1.0.20250324062555-fcc1ce32f892/go.mod h1:NXYZyzIawUSyv+C0Gs8bBYJ1q8a1gy78GEss8fPNZmY=
github.com/notaryproject/notation-plugin-framework-go v1.0.0 h1:6Qzr7DGXoCgXEQN+1gTZWuJAZvxh3p8Lryjn5FaLzi4=
github.com/notaryproject/notation-plugin-framework-go v1.0.0/go.mod h1:RqWSrTOtEASCrGOEffq0n8pSg2KOgKYiWqFWczRSics=
github.com/notaryproject/tspclient-go v1.0.1-0.20250306063739-4f55b14d9f01 h1:Ay72jBeHKqBFk6TbJWywfwzefN3Ei7Py2OzCiWU/7nk=
Expand Down
2 changes: 1 addition & 1 deletion test/e2e/suite/command/blob/sign.go
Original file line number Diff line number Diff line change
Expand Up @@ -120,7 +120,7 @@ var _ = Describe("notation blob sign", func() {
It("with invalid key", func() {
HostWithBlob(BaseOptions(), func(notation *utils.ExecOpts, blobPath string, vhost *utils.VirtualHost) {
notation.ExpectFailure().Exec("blob", "sign", "--key", "invalid", blobPath).
MatchErrKeyWords("signing key not found")
MatchErrKeyWords("signing key invalid not found")
})
})

Expand Down
Loading
Loading