trust: add flag --skip-trusted #3812
Conversation
|
@lucab PTAL |
|
This is a work in progress. |
rkt/pubkey/pubkey.go
Outdated
| @@ -110,6 +110,18 @@ func (m *Manager) AddKeys(pkls []string, prefix string, accept AcceptOption) err | |||
| return 8000 errwrap.Wrap(fmt.Errorf("error displaying the key %s", pkl), err) | |||
| } | |||
|
|
|||
| if overwriteTrusted == false { | |||
There was a problem hiding this comment.
Usually we would write if !overwriteTrusted instead of == false.
rkt/pubkey/pubkey.go
Outdated
| } | ||
|
|
||
| if trusted == true { | ||
| log.Printf("Already trusted %q for prefix %q.", pkl, prefix) |
rkt/trust.go
Outdated
| @@ -28,7 +28,7 @@ import ( | |||
|
|
|||
| var ( | |||
| cmdTrust = &cobra.Command{ | |||
| Use: "trust [--prefix=PREFIX] [--insecure-allow-http] [--skip-fingerprint-review] [--root] [PUBKEY ...]", | |||
| Use: "trust [--prefix=PREFIX] [--insecure-allow-http] [--skip-fingerprint-review] [--root] [PUBKEY ...] [--overwrite-trusted]", | |||
There was a problem hiding this comment.
Shouldn't the --overwrite-trusted=... be before the [PUBKEY...]?
I find boolean parameter defaulting to true confusing because just writing --overwrite-trusted would have no effect.
I am not sure how to make things clearer. I overheard other suggestions but they're kind of long:
--disable-overwrite-trusted--prevent-trusted-from-being-overwritten
There was a problem hiding this comment.
Agreed. --disable-overwrite-trusted seems to do a better job of removing the confusion while also keeping the default to truefalse for backwards compatibility.
There was a problem hiding this comment.
On second thoughts how does --dont-overwrite-trusted sound for the name of the flag?
There was a problem hiding this comment.
Another thought, how about --skip-trusted ? It's more concise and also is similar to the --skip-fingerprint-review.
There was a problem hiding this comment.
Ack, I think --skip-trusted is a better choice.
There was a problem hiding this comment.
What about --skip-already-trusted? Too long?
There was a problem hiding this comment.
--skip-already-trusted does feel long. I feel already does not appear to add any additional meaning on --skip-trusted.
There was a problem hiding this comment.
Should we stick with --skip-trusted then?
|
TODO:
|
--skip-trusted is more concise and also similar to other flags that have alredy been implemented. The default for this is `false` ensuring that existing this does not break existing users' configurations.
The test for --skip-trusted=true without a trusted key already being present is failing at the moment. Saving progress to get feedback.
|
@alban I've made changes as suggested and have added tests. However one of the tests I wrote is failing with the error message: I've given this some thought but am unable to understand what could be going wrong. Is there something that I am missing? |
tests/rkt_trust_test.go
Outdated
| @@ -84,4 +84,16 @@ func TestTrust(t *testing.T) { | |||
| t.Logf("Now both images can be executed\n") | |||
| runImage(t, ctx, imageFile, "Hello", false) | |||
| runImage(t, ctx, imageFile2, "Hello", false) | |||
| t.Logf("Skip trusted key (rkt trust --skip-trusted) with trusted key absent\n") | |||
| runRktTrustSkipTrustedTrue(t, ctx, "rkt-prefix.com/my-app", 1, false) | |||
There was a problem hiding this comment.
You pass the parameter alreadyTrusted==false but the key is already trusted from the previous tests (line 67 and line 82). You could do your new test on a different image with a different prefix that is not yet trusted (e.g. imageFile3, see example line 36). The new test would have to be done before the "rkt trust --root".
tests/rkt_tests.go
Outdated
| t.Fatalf("Expected but didn't find %q in %v", expected, err) | ||
| } | ||
| } else { | ||
| assertTrustPrompt(t, prefix, child) |
There was a problem hiding this comment.
In this 'else" branch, the key will already be trusted anyway because "rkt trust" is executed twice in this fuction:
- line 916 with
runRktTrust - line 922 with
spawnOrFail
So assertTrustPrompt will fail
Use a new image file with a unique prefix to ensure that the key being tested is not trusted ahead of time. Also the test for `rkt trust --root` should be the last test.
tests/rkt_trust_test.go
Outdated
| runRktTrustSkipTrustedFalse(t, ctx, "rkt-skip-trusted.com/my-app", 1, false) | ||
|
|
||
| t.Logf("Now the image can be executed\n") | ||
| runImage(t, ctx, imageFile3, "Hello", false) |
There was a problem hiding this comment.
Could you also try to run the image with runImage after each runRktTrustSkipTrusted* and check it has the correct behavior?
For --skip-trusted=false with trusted key not present, we should use a separate image as well.
|
@alban Ping. Updated with latest changes as per review comments. |
Work based on #3756